• UFW and he.net

    From Paul Hayton@3:770/100 to All on Mon Oct 11 19:53:51 2021
    Does anyone have experience in combining these two?

    I run a he.net tunnel that arrives in my LAN on a dedicated Raspberry Pi that acts as the end point of the tunnel. On the Pi I then run radvd across my LAN to assign other devices an IPv6 address.

    I have a Debian buster box that I have assigned a static IPv6 address in the GUI config and from a terminal can ping -6 google.co.nz from the box just fine.

    I can also run BinkD and poll out to an IPv6 address fine also.

    The problem is getting incoming IPv6 connections to BinkD etc. to work.

    I have UFW as the firewall, I have enabled IPv6 in the UFW config settings and added ports like 24554 which when I check the status I can see the port is enabled for both IPv4 and IPv6

    To Action From
    -- ------ ----
    24554/tcp ALLOW Anywhere
    24555/tcp ALLOW Anywhere
    24554/tcp (v6) ALLOW Anywhere (v6)
    24555/tcp (v6) ALLOW Anywhere (v6)

    My router has port forwarding enabled from the WAN to the static IPv4 on the Debian box and certainly for IPv4 traffic all is good.

    I'm stuck as to know why I can't seem to get ports open for my IPv6 address when I have UFW seemingly enabled.

    Now the Pi that acts as the end point of the tunnel has a static IPv4 and IPv6 address perhaps I need to enable something in UFW for that address(ess)?

    I'm also wondering if it's something to do with the tunnel stuff.

    But it feels like I'm 90%+ sorted as I know the Debian box can happily poll outbound BinkD traffic without issue.

    Any help appreciated.

    Best, Paul

    --- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (3:770/100)
  • From Michiel van der Vlist@2:280/5555 to Paul Hayton on Mon Oct 11 12:37:53 2021
    Hello Paul,

    On Monday October 11 2021 19:53, you wrote to All:

    I'm also wondering if it's something to do with the tunnel stuff.

    Did you get my netmail about protocol 41? This what I wrote:

    I just remembered something. When I was using a SixXs tunnel on my windows machine, I ran into the protocol 41 issue. (Protocol 41, not port 41). If you do not run the tunnel endpoint on the main router, you have to make sure the main router passes protocol 41. Either by instructing the firewall in the router to pass it or to ping6 the tunnel starting point every few seconds or so to keep protocol 41 open. The ping must originate from the device running the tunnel endpoint.

    Cheers, Michiel

    --- GoldED+/W32-MSVC 1.1.5-b20170303
    * Origin: he.net certified sage (2:280/5555)
  • From Tommi Koivula@2:221/360 to Paul Hayton on Mon Oct 11 20:18:42 2021
    Hi Paul.

    11 Oct 21 19:53:50, you wrote to All:

    Does anyone have experience in combining these two?

    Well, yes. I have he.net tunnel terminated to a Ubuntu 18.04.6 LTS box.

    To Action From
    -- ------ ----
    24554/tcp ALLOW Anywhere
    24555/tcp ALLOW Anywhere
    24554/tcp (v6) ALLOW Anywhere (v6)
    24555/tcp (v6) ALLOW Anywhere (v6)

    If you think the problem is in UFW, you can turn it off for a while. I think the problem is not there.

    tommi@pin:~$ sudo ufw status|grep 24554
    24554/tcp ALLOW Anywhere
    24554/tcp (v6) ALLOW Anywhere (v6)

    Works for me.

    I think your problem is somehere in your router PI, you should open ports 24554-24555 there as well. But as I'm no linux expert, I dont think I can help much more.

    I'm also wondering if it's something to do with the tunnel stuff.

    Your tunnel is working ok as you can poll out by ipv6.

    'Tommi

    ---
    * Origin: rbb.fidonet.fi (2:221/360)
  • From Tommi Koivula@2:221/360 to Michiel van der Vlist on Mon Oct 11 20:43:30 2021
    Hi Michiel.

    11 Oct 21 12:37:52, you wrote to Paul Hayton:

    I'm also wondering if it's something to do with the tunnel stuff.

    Did you get my netmail about protocol 41?

    His tunnel is working, he can make outbound connections. So the protocal 41 is open to the tunnel endpoint computer. (PI).

    'Tommi

    ---
    * Origin: rbb.fidonet.fi (2:221/360)
  • From Tommi Koivula@2:221/1 to Paul Hayton on Mon Oct 11 21:00:51 2021
    Hi Paul.

    11 Oct 21 20:18, I wrote to you:

    I'm also wondering if it's something to do with the tunnel stuff.

    Your tunnel is working ok as you can poll out by ipv6.

    Yes, I can ping... Something... :)

    tommi@mxo:~$ ping -6 agency.bbs.nz
    PING agency.bbs.nz(2001:470:d:123::200 (2001:470:d:123::200)) 56 data bytes
    64 bytes from 2001:470:d:123::200 (2001:470:d:123::200): icmp_seq=1 ttl=43 time=417 ms
    64 bytes from 2001:470:d:123::200 (2001:470:d:123::200): icmp_seq=2 ttl=43 time=336 ms
    64 bytes from 2001:470:d:123::200 (2001:470:d:123::200): icmp_seq=3 ttl=43 time=336 ms
    64 bytes from 2001:470:d:123::200 (2001:470:d:123::200): icmp_seq=4 ttl=43 time=336 ms
    64 bytes from 2001:470:d:123::200 (2001:470:d:123::200): icmp_seq=5 ttl=43 time=336 ms
    ^C

    'Tommi

    --- GoldED+/LNX 1.1.5-b20210402
    * Origin: nntps://news.fidonet.fi (2:221/1)
  • From Michiel van der Vlist@2:280/5555 to Tommi Koivula on Mon Oct 11 20:29:51 2021
    Hello Tommi,

    On Monday October 11 2021 20:43, you wrote to me:

    Did you get my netmail about protocol 41?

    His tunnel is working, he can make outbound connections. So the
    protocal 41 is open to the tunnel endpoint computer. (PI).

    That outgoing IPv6 works does not automatically imply that it is open for unsollicited incoming protocol 41 packets.


    Cheers, Michiel

    --- GoldED+/W32-MSVC 1.1.5-b20170303
    * Origin: he.net certified sage (2:280/5555)
  • From Michiel van der Vlist@2:280/5555 to Tommi Koivula on Mon Oct 11 23:45:48 2021
    Hello Tommi,

    Monday October 11 2021 20:29, I wrote to you:

    That outgoing IPv6 works does not automatically imply that it is open
    for unsollicited incoming protocol 41 packets.

    This is what I wrote 10 years ago in my Fidonews article titled "A second life for the linksys Part 1"

    === quote ===

    If you get this result your tunnel is working. To enable incoming
    pings however you need to open the firewall for protocol 41. Protocol
    41 is the protocol used for 6in4 tunneling. The firewall of openwrt is
    closed for all unsollicited incoming packets by default. Bij pinging
    out over IPv6, the firewall is opened for protocol 41, and it can be
    pinged from outside, but it closes again after a minute or two. Add
    the following lines to /etc/config/firewall to keep the tunnel open permanently:

    [code]

    # Accept proto 41 so it always reaches the tunnel endpoint

    config rule
    option src wan
    option proto 41
    option target ACCEPT
    [/code]


    === end quote ===



    Cheers, Michiel

    --- GoldED+/W32-MSVC 1.1.5-b20170303
    * Origin: he.net certified sage (2:280/5555)
  • From Paul Hayton@3:770/100 to Tommi Koivula on Tue Oct 12 15:35:25 2021
    On 11 Oct 2021 at 09:00p, Tommi Koivula pondered and said...

    Yes, I can ping... Something... :)

    Thanks, yes I can see IPv6 pings reaching the system running the BinkD server so traffic is getting to the machine concerned... just not it seems to the port via IPv6

    --- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (3:770/100)
  • From Paul Hayton@3:770/100 to Tommi Koivula on Tue Oct 12 15:43:00 2021
    On 11 Oct 2021 at 08:18p, Tommi Koivula pondered and said...

    If you think the problem is in UFW, you can turn it off for a while. I think the problem is not there.

    Yep turned it off and problem remains :(

    I think your problem is somehere in your router PI, you should open ports 24554-24555 there as well. But as I'm no linux expert, I dont think I
    can help much more.

    So look at the Raspberry Pi that acts as the end point of the tunnel?

    The main router connected to the internet does have 24554-24555 open already, and IPv4 traffic coming in via my ISP works OK

    Your tunnel is working ok as you can poll out by ipv6.

    True

    --- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (3:770/100)
  • From Paul Hayton@3:770/100 to Tommi Koivula on Tue Oct 12 15:44:12 2021
    On 11 Oct 2021 at 08:43p, Tommi Koivula pondered and said...

    His tunnel is working, he can make outbound connections. So the protocal 41 is open to the tunnel endpoint computer. (PI).

    I can also ping the Debian box via the Pi endpoint tunnel using IPv6... so I figure things must almost be working as I can reach the system from the internet via IPv6 and the tunnel using ping

    --- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (3:770/100)
  • From Michiel van der Vlist@2:280/5555 to Paul Hayton on Tue Oct 12 10:38:31 2021
    Hello Paul,

    On Tuesday October 12 2021 15:35, you wrote to Tommi Koivula:

    Yes, I can ping... Something... :)

    Thanks, yes I can see IPv6 pings reaching the system running the BinkD server so traffic is getting to the machine concerned... just not it
    seems to the port via IPv6

    It does indeed ping:

    ping agency.bbs.nz

    Ping agency.bbs.nz [2001:470:d:123::200] mit 32 Bytes Daten:

    Antwort von 2001:470:d:123::200: Zeit=335ms
    Antwort von 2001:470:d:123::200: Zeit=333ms
    Antwort von 2001:470:d:123::200: Zeit=337ms
    Antwort von 2001:470:d:123::200: Zeit=419ms

    Ping-Statistik fr 2001:470:d:123::200:
    Pakete: Gesendet = 4, Empfangen = 4, Verloren = 0 (0% Verlust),
    Ca. Zeitangaben in Millisek.:
    Minimum = 333ms, Maximum = 419ms, Mittelwert = 356ms



    So far so good.

    Cheers, Michiel

    --- GoldED+/W32-MSVC 1.1.5-b20170303
    * Origin: he.net certified sage (2:280/5555)
  • From Michiel van der Vlist@2:280/5555 to Paul Hayton on Tue Oct 12 14:29:40 2021
    Hello Paul,

    Tuesday October 12 2021 10:38, I wrote to you:

    So far so good.

    But your binkp server is still not reachable via IPv6. I have one more suggestion. Reread the Fidonews articles I wrote with the title "A second life for the Linksys". I document how to set up a tunnel, route a /64 to the LAN and open ports on an OpenWrt router.

    The setup may be comparable to what you have on your Pi. Maybe if you compare you setting with mine, you will have an "AH Erlebnis".

    For your convenience I have made the articles available here:

    http://www.vlist.eu/downloads/fidonews/myarticles/2ndlflnksys1.art http://www.vlist.eu/downloads/fidonews/myarticles/2ndlflnksys2.art http://www.vlist.eu/downloads/fidonews/myarticles/2ndlflnksys3.art


    Cheers, Michiel

    --- GoldED+/W32-MSVC 1.1.5-b20170303
    * Origin: he.net certified sage (2:280/5555)
  • From Brian Rogers@1:142/103 to Paul Hayton on Tue Oct 12 13:31:00 2021
    Paul Hayton wrote to Tommi Koivula <=-

    On 11 Oct 2021 at 08:43p, Tommi Koivula pondered and said...

    His tunnel is working, he can make outbound connections. So the protocal 41 is open to the tunnel endpoint computer. (PI).

    I can also ping the Debian box via the Pi endpoint tunnel using IPv6...
    so I figure things must almost be working as I can reach the system
    from the internet via IPv6 and the tunnel using ping

    Question:
    Is one native IPv6 and the other endpoint a 6-to-4 tunnel? This *may* be an issue. Using IPv4 as a test would help. I know natively on my access node
    I can not ssh to it using it's tunneled IPs because the MTU doesn't match. If
    I use a direct IP connection there's no issues at all... and again the MTU matches at 1500 not 1480 as a tunneled link would. Could this perhaps be
    an issue? Just thinking out loud :)

    ... MultiMail, the new multi-platform, multi-format offline reader!
    --- MultiMail/Linux v0.52
    * Origin: SBBS - Carnage! 2001:470:8a1e::3 (1:142/103)
  • From Tommi Koivula@2:221/360 to Paul Hayton on Tue Oct 12 21:06:58 2021
    Hi Paul.

    12 Oct 21 15:43:00, you wrote to me:

    I think your problem is somehere in your router PI, you should open ports
    24554-24555 there as well. But as I'm no linux expert, I dont think I
    can help much more.

    So look at the Raspberry Pi that acts as the end point of the tunnel?

    At that PI you should open and/or forward ports. Which OS are you running there?

    The main router connected to the internet does have 24554-24555 open already, and IPv4 traffic coming in via my ISP works OK

    At the main router it is needed only to open protocol 41 from he.net to your PI so that the tunnel works. Anything else on the IPV4 side is irrelevant.

    In my Ubuntu:

    tommi@pin:~$ sudo ufw status|grep ipv6
    Anywhere ALLOW 216.66.84.46/ipv6

    But all this seems to be working at your setup...

    'Tommi

    ---
    * Origin: rbb.fidonet.fi (2:221/360)
  • From Paul Hayton@3:770/100 to Brian Rogers on Wed Oct 13 09:33:32 2021
    On 12 Oct 2021 at 01:31p, Brian Rogers pondered and said...

    Question:
    Is one native IPv6 and the other endpoint a 6-to-4 tunnel? This *may* be an issue. Using IPv4 as a test would help. I know natively on my access

    No native IPv6 here :( I'm only able to access IPv6 because I run the he.net tunnel on the Raspberry Pi. It in turn assigns other devices on my LAN their IPv6 addresses.

    Before I moved to Linux for my HUB things worked fine on Windows for BinkD. So with the settings in the Edgerouter and the settings in the RPi end point for the IPv6 tunnel unchanged, my hunch is that it's something not right in the Debian 10 box I built that now runs the HUB and BBS

    --- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (3:770/100)
  • From Paul Hayton@3:770/100 to Tommi Koivula on Wed Oct 13 09:34:41 2021
    On 12 Oct 2021 at 09:06p, Tommi Koivula pondered and said...

    At that PI you should open and/or forward ports. Which OS are you running there?

    It's an older Pi, not sure.

    At the main router it is needed only to open protocol 41 from he.net to your PI so that the tunnel works. Anything else on the IPV4 side is irrelevant.

    If I can ping to the box that's not enough to know things are OK right? OK will see what I can find.

    --- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (3:770/100)
  • From Paul Hayton@3:770/100 to All on Wed Oct 13 16:43:51 2021
    On 13 Oct 2021 at 09:34a, Paul Hayton pondered and said...

    If I can ping to the box that's not enough to know things are OK right?
    OK will see what I can find.

    I think I figured it out (at last).

    It turns out the Rpi endpoint of my he.net tunnel was missing some FORWARD rules in the ip6tables setting. When I finally dug into that and saw it was missing such a rule for the new static IPv6 I had set for my new Linux box things finally started working.

    If you would like to test

    agency.bbs.nz
    ipv6.agency.bbs.nz

    ports 24554-24556

    I'm hoping all is well now.

    --- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (3:770/100)
  • From Brian Rogers@1:142/103 to Paul Hayton on Tue Oct 12 22:32:00 2021
    Hello Paul;

    Paul Hayton wrote to Brian Rogers <=-

    No native IPv6 here :( I'm only able to access IPv6 because I run the he.net tunnel on the Raspberry Pi. It in turn assigns other devices on
    my LAN their IPv6 addresses.

    Before I moved to Linux for my HUB things worked fine on Windows for BinkD. So with the settings in the Edgerouter and the settings in the
    RPi end point for the IPv6 tunnel unchanged, my hunch is that it's something not right in the Debian 10 box I built that now runs the HUB
    and BBS

    Ok, so by process of elimination, what happens when you shut off ALL your firewalling? Don't forget you probably have one firewall on your router,
    one on your RPi, and one on your Debian box. Insure they're ALL off... test your bink. Turn the one on your router back on, test bink. Eventually if it
    is firewall related you'll find which one it is.

    I write my own firewall so it's simple for me to maintain it. It almost looks like UFW is almost like manually writing iptables rules. If still no go then look at sysctrl.conf. If that's good then look at your routing. You should
    be able to "traceroute6 bbs.n1uro.com". If you can do all that, then I'd look at your bink settings. If everything looks great, then try IPv4 only. This
    will be a hair pulling experience but you'll get it.

    ... What is mind? No matter! What is matter? Never mind! - Homer S.
    --- MultiMail/Linux v0.52
    * Origin: SBBS - Carnage! 2001:470:8a1e::3 (1:142/103)
  • From Brian Rogers@1:142/103 to Paul Hayton on Wed Oct 13 00:14:00 2021
    Hey Paul;

    Paul Hayton wrote to All <=-

    It turns out the Rpi endpoint of my he.net tunnel was missing some
    FORWARD rules in the ip6tables setting. When I finally dug into that
    and saw it was missing such a rule for the new static IPv6 I had set
    for my new Linux box things finally started working.

    If you would like to test

    agency.bbs.nz
    ipv6.agency.bbs.nz

    ports 24554-24556

    n1uro@n1uro:~$ telnet6 ipv6.agency.bbs.nz 24554
    Trying 2001:470:d:123::200...
    Connected to ipv6.agency.bbs.nz.
    Escape character is '^]'.
    ƒ–’.OPT CRAM-MD5-63a15ca50d2db19365e6ebdec75a76eeƒ–’SYS Agency + Risa HUBƒ–’ZYZ Paul Haytonƒ–’LOC Dunedin, New Zealandƒ–’)NDL 115200,TCP,CM,MO,IBN,BINKP,PING,IPv6ƒ–’%TIME Wed, 13 Oct 2021 17:14:26 +1300ƒ–’#VER binkd/1.1a-112/Linux binkp/1.1ƒ–’ƒ–’ 3:57/0@fidonet 3:770/1@fidonet 3:770/0@fidonet 3:772/1@fidonet 3:772/0@fidonet 21:1/100@fsxnet 21:1/3@fsxnet 21:1/2@fsxnet 21:1/1@fsxnet 21:1/0@fsxnet 39:970/0@amiganet 46:3/103@agoranet


    Sorry doesn't work <G>

    --- MultiMail/Linux v0.52
    * Origin: SBBS - Carnage! 2001:470:8a1e::3 (1:142/103)
  • From Brian Rogers@1:142/103 to Paul Hayton on Tue Oct 12 22:32:00 2021
    Hello Paul;

    Paul Hayton wrote to Brian Rogers <=-

    No native IPv6 here :( I'm only able to access IPv6 because I run the he.net tunnel on the Raspberry Pi. It in turn assigns other devices on
    my LAN their IPv6 addresses.

    Before I moved to Linux for my HUB things worked fine on Windows for BinkD. So with the settings in the Edgerouter and the settings in the
    RPi end point for the IPv6 tunnel unchanged, my hunch is that it's something not right in the Debian 10 box I built that now runs the HUB
    and BBS

    Ok, so by process of elimination, what happens when you shut off ALL your firewalling? Don't forget you probably have one firewall on your router,
    one on your RPi, and one on your Debian box. Insure they're ALL off... test your bink. Turn the one on your router back on, test bink. Eventually if it
    is firewall related you'll find which one it is.

    I write my own firewall so it's simple for me to maintain it. It almost looks like UFW is almost like manually writing iptables rules. If still no go then look at sysctrl.conf. If that's good then look at your routing. You should
    be able to "traceroute6 bbs.n1uro.com". If you can do all that, then I'd look at your bink settings. If everything looks great, then try IPv4 only. This
    will be a hair pulling experience but you'll get it.

    ... What is mind? No matter! What is matter? Never mind! - Homer S.
    --- MultiMail/Linux v0.52
    * Origin: SBBS - Carnage! 2001:470:8a1e::3 (1:142/103)
  • From Paul Hayton@3:770/100 to Brian Rogers on Wed Oct 13 18:55:32 2021
    On 13 Oct 2021 at 12:14a, Brian Rogers pondered and said...

    n1uro@n1uro:~$ telnet6 ipv6.agency.bbs.nz 24554
    Trying 2001:470:d:123::200...
    Connected to ipv6.agency.bbs.nz.
    Escape character is '^]'.
    ƒ–’.OPT CRAM-MD5-63a15ca50d2db19365e6ebdec75a76eeƒ–’SYS Agency + Risa HUBƒ–’ZYZ Paul Haytonƒ–’LOC Dunedin, New Zealandƒ–’)NDL 115200,TCP,CM,MO,IBN,BINKP,PING,IPv6ƒ–’%TIME Wed, 13 Oct 2021 17:14:26 +1300ƒ–’#VER binkd/1.1a-112/Linux binkp/1.1ƒ–’ƒ–’ 3:57/0@fidonet

    Phew :)

    --- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (3:770/100)
  • From Paul Hayton@3:770/100 to Brian Rogers on Wed Oct 13 18:56:02 2021
    On 12 Oct 2021 at 10:32p, Brian Rogers pondered and said...

    Ok, so by process of elimination, what happens when you shut off ALL your firewalling? Don't forget you probably have one firewall on your router,

    Curious I ended up getting this message twice from you

    --- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (3:770/100)
  • From Michiel van der Vlist@2:280/5555 to Paul Hayton on Wed Oct 13 10:19:42 2021
    Hello Paul,

    On Wednesday October 13 2021 16:43, you wrote to All:

    If you would like to test

    agency.bbs.nz
    ipv6.agency.bbs.nz

    ports 24554-24556

    10:19 [3940] creating a poll for 3:770/1@fidonet (`d' flavour)
    10:19 [3940] clientmgr started
    + 10:19 [2292] call to 3:770/1@fidonet
    10:19 [2292] trying agency.bbs.nz [2001:470:d:123::200]...
    10:19 [2292] connected
    + 10:19 [2292] outgoing session with agency.bbs.nz:24554 [2001:470:d:123::200] - 10:19 [2292] OPT CRAM-MD5-44b9450679b96b08cfeaf80cf3f0d7ee
    + 10:19 [2292] Remote requests MD mode
    - 10:19 [2292] SYS Agency + Risa HUB
    - 10:19 [2292] ZYZ Paul Hayton
    - 10:19 [2292] LOC Dunedin, New Zealand
    - 10:19 [2292] NDL 115200,TCP,CM,MO,IBN,BINKP,PING,IPv6
    - 10:19 [2292] TIME Wed, 13 Oct 2021 21:19:33 +1300
    - 10:19 [2292] VER binkd/1.1a-112/Linux binkp/1.1
    + 10:19 [2292] addr: 3:57/0@fidonet
    + 10:19 [2292] addr: 3:770/1@fidonet
    + 10:19 [2292] addr: 3:770/0@fidonet

    + 10:20 [3424] call to 3:770/100@fidonet
    10:20 [3424] trying agency.bbs.nz [2001:470:d:123::200]:24555...
    10:20 [3424] connected
    + 10:20 [3424] outgoing session with agency.bbs.nz:24555 [2001:470:d:123::200] - 10:20 [3424] OPT CRAM-MD5-54bde3f52091406db3f66ae058b4f7c3
    + 10:20 [3424] Remote requests MD mode
    - 10:20 [3424] SYS Agency BBS
    - 10:20 [3424] LOC Dunedin, New Zealand
    - 10:20 [3424] ZYZ Avon
    - 10:20 [3424] TIME Wed, 13 Oct 2021 21:20:57 +1300
    - 10:20 [3424] VER Mystic/1.12A47 binkp/1.0
    - 10:20 [3424] BUILD 2021/09/29 13:02:30 Linux/64
    + 10:20 [3424] addr: 46:3/203@agoranet (n/a or busy)
    + 10:20 [3424] addr: 39:970/1@amiganet (n/a or busy)
    + 10:20 [3424] addr: 3:770/100@fidonet

    I'm hoping all is well now.

    It is! Now remove the "ipv4." in "ipv4.agency.bbs.nz" in the nodelist and you are back as a full member of the Fidonet IPv6 club. ;-)


    Cheers, Michiel

    --- GoldED+/W32-MSVC 1.1.5-b20170303
    * Origin: he.net certified sage (2:280/5555)
  • From Tommi Koivula@2:221/1 to Paul Hayton on Wed Oct 13 12:30:04 2021
    On 13.10.2021 6.43, Paul Hayton wrote:

    I think I figured it out (at last).

    It turns out the Rpi endpoint of my he.net tunnel was missing some FORWARD rules in the ip6tables setting. When I finally dug into that and saw it was missing such a rule for the new static IPv6 I had set for my new Linux box things finally started working.

    If you would like to test

    agency.bbs.nz
    ipv6.agency.bbs.nz

    ports 24554-24556

    Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-13 13:28 EEST
    Nmap scan report for ipv6.agency.bbs.nz (2001:470:d:123::200)
    Host is up (0.35s latency).

    PORT STATE SERVICE
    24554/tcp open binkp
    24555/tcp open unknown
    24556/tcp filtered unknown

    Nmap done: 1 IP address (1 host up) scanned in 5.95 seconds

    +1 :)

    'Tommi

    --- Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.2.0
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/1.0)
  • From Brian Rogers@1:142/103 to Paul Hayton on Wed Oct 13 12:59:00 2021
    Hello Paul;

    Paul Hayton wrote to Brian Rogers <=-

    Curious I ended up getting this message twice from you

    I wonder if it's because I had a desktop crash while drafting responses and
    a stale copy was in multimail?

    Was it just this one?

    --- MultiMail/Linux v0.52
    * Origin: SBBS - Carnage! 2001:470:8a1e::3 (1:142/103)
  • From Paul Hayton@3:770/100 to Michiel van der Vlist on Thu Oct 14 17:12:31 2021
    On 13 Oct 2021 at 10:19a, Michiel van der Vlist pondered and said...

    It is! Now remove the "ipv4." in "ipv4.agency.bbs.nz" in the nodelist
    and you are back as a full member of the Fidonet IPv6 club. ;-)

    Doing this now. Cheers. :)

    --- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (3:770/100)
  • From Paul Hayton@3:770/100 to Brian Rogers on Thu Oct 14 17:34:00 2021
    On 13 Oct 2021 at 12:59p, Brian Rogers pondered and said...

    I wonder if it's because I had a desktop crash while drafting responses and a stale copy was in multimail?

    Was it just this one?

    Yep just one reply sent twice, but erm only seen this once ;-)

    --- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (3:770/100)
  • From Brian Rogers@1:142/103 to Paul Hayton on Thu Oct 14 07:28:00 2021
    Hello Paul;

    Paul Hayton wrote to Brian Rogers <=-

    Yep just one reply sent twice, but erm only seen this once ;-)

    It had to have been the desktop crash then. I lost all my good taglines
    too *sigh*

    --- MultiMail/Linux v0.52
    * Origin: SBBS - Carnage! 2001:470:8a1e::3 (1:142/103)
  • From Paul Hayton@3:770/100 to Brian Rogers on Fri Oct 15 19:25:31 2021
    On 14 Oct 2021 at 07:28a, Brian Rogers pondered and said...

    It had to have been the desktop crash then. I lost all my good taglines too *sigh*

    Poop.. sorry to hear :(

    --- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (3:770/100)
  • From Benny Pedersen@2:230/0 to Paul Hayton on Fri Oct 15 07:50:18 2021
    Hello Paul!

    11 Oct 2021 19:53, Paul Hayton wrote to All:

    I'm stuck as to know why I can't seem to get ports open for my IPv6 address when I have UFW seemingly enabled.

    ip6tables -nvL
    ip -6 route show
    ip addr show
    ifconfig

    would be very helpfull info

    if ufw fails, change to shorewall

    But it feels like I'm 90%+ sorted as I know the Debian box can happily poll outbound BinkD traffic without issue.

    ipv4 and ipv6 is 2 firewall rule set imho also in ufw

    one use iptables, and another ip6tables

    Any help appreciated.

    gentoo ? :=)


    Regards Benny

    ... too late to die young :)

    --- Msged/LNX 6.1.2 (Linux/5.14.12-gentoo-dist (x86_64))
    * Origin: gopher://fido.junc.eu/ (2:230/0)
  • From Michiel van der Vlist@2:280/5555 to Paul Hayton on Fri Oct 15 09:45:58 2021
    Hello Paul,

    On Thursday October 14 2021 17:12, you wrote to me:

    It is! Now remove the "ipv4." in "ipv4.agency.bbs.nz" in the
    nodelist and you are back as a full member of the Fidonet IPv6
    club. ;-)

    Doing this now. Cheers. :)

    The change propagated to this friday's Z2 nodelist. :)


    Cheers, Michiel

    --- GoldED+/W32-MSVC 1.1.5-b20170303
    * Origin: he.net certified sage (2:280/5555)
  • From Alexey Vissarionov@2:5020/545 to Benny Pedersen on Fri Oct 15 11:10:00 2021
    Good ${greeting_time}, Benny!

    15 Oct 2021 07:50:18, you wrote to Paul Hayton:

    ifconfig

    Don't use this command for any purpose. Never.


    --
    Alexey V. Vissarionov aka Gremlin from Kremlin
    gremlin.ru!gremlin; +vii-cmiii-ccxxix-lxxix-xlii

    ... that's why I really dislike fools.
    --- /bin/vi
    * Origin: ::1 (2:5020/545)
  • From Paul Hayton@3:770/100 to Michiel van der Vlist on Fri Oct 15 21:43:31 2021
    On 15 Oct 2021 at 09:45a, Michiel van der Vlist pondered and said...

    Doing this now. Cheers. :)

    The change propagated to this friday's Z2 nodelist. :)

    good stuff

    --- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (3:770/100)
  • From Paul Hayton@3:770/100 to Benny Pedersen on Fri Oct 15 21:44:01 2021
    On 15 Oct 2021 at 07:50a, Benny Pedersen pondered and said...

    Hello Paul!

    Hi Benny.

    Thanks for the ideas and tips. I have managed to solve my problem now.
    A good nights sleep awaits.

    --- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (3:770/100)
  • From Benny Pedersen@2:230/0 to Alexey Vissarionov on Fri Oct 15 09:43:24 2021
    Hello Alexey!

    15 Oct 2021 11:10, Alexey Vissarionov wrote to Benny Pedersen:

    ifconfig
    Don't use this command for any purpose. Never.

    i like to know why ?


    Regards Benny

    ... too late to die young :)

    --- Msged/LNX 6.1.2 (Linux/5.14.12-gentoo-dist (x86_64))
    * Origin: gopher://fido.junc.eu/ (2:230/0)
  • From Benny Pedersen@2:230/0 to Paul Hayton on Fri Oct 15 09:45:06 2021
    Hello Paul!

    15 Oct 2021 21:44, Paul Hayton wrote to Benny Pedersen:

    Thanks for the ideas and tips. I have managed to solve my problem now.
    A good nights sleep awaits.

    you did use eth0 for tunnel ? :=)

    while it should be tun0 ?, as i remember my first he.net setup

    no need for me to help others with shorewall then


    Regards Benny

    ... too late to die young :)

    --- Msged/LNX 6.1.2 (Linux/5.14.12-gentoo-dist (x86_64))
    * Origin: gopher://fido.junc.eu/ (2:230/0)
  • From Alexey Vissarionov@2:5020/545 to Benny Pedersen on Sat Oct 16 00:55:00 2021
    Good ${greeting_time}, Benny!

    15 Oct 2021 09:43:24, you wrote to me:

    ifconfig
    Don't use this command for any purpose. Never.
    i like to know why ?

    It uses deprecated API and may leave the kernel network stack in a really unpredictable state.

    I guess you are using iptables instead of ipchains and ipfwadm. Or... ?


    --
    Alexey V. Vissarionov aka Gremlin from Kremlin
    gremlin.ru!gremlin; +vii-cmiii-ccxxix-lxxix-xlii

    ... that's why I really dislike fools.
    --- /bin/vi
    * Origin: ::1 (2:5020/545)
  • From Victor Sudakov@2:5005/49 to Alexey Vissarionov on Sat Oct 16 18:17:18 2021
    Dear Alexey,

    16 Oct 21 00:55, you wrote to Benny Pedersen:

    ifconfig
    Don't use this command for any purpose. Never.
    i like to know why ?

    It uses deprecated API and may leave the kernel network stack in a
    really unpredictable state.

    Using it for viewing (as Benny suggested) is probably safe?

    I've seen some Linux distros however where `ifconfig` is even not available unless you install some legacy package. Thank God, BSD is still a Unix-like system.

    Victor Sudakov, VAS4-RIPE, VAS47-RIPN
    --- GoldED+/BSD 1.1.5-b20170303-b20170303
    * Origin: Ulthar (2:5005/49)
  • From Benny Pedersen@2:230/0 to Alexey Vissarionov on Sat Oct 16 15:02:52 2021
    Hello Alexey!

    16 Oct 2021 00:55, Alexey Vissarionov wrote to Benny Pedersen:

    ifconfig
    Don't use this command for any purpose. Never.
    i like to know why ?

    It uses deprecated API and may leave the kernel network stack in a
    really unpredictable state.

    what kernerl version do you refer to here ?

    and what ifconfig ?

    that is usefull info imho

    I guess you are using iptables instead of ipchains and ipfwadm. Or...
    ?

    or maybe vim ?

    shorewall is my friend


    Regards Benny

    ... too late to die young :)

    --- Msged/LNX 6.1.2 (Linux/5.14.12-gentoo-dist (x86_64))
    * Origin: gopher://fido.junc.eu/ (2:230/0)
  • From Alexey Vissarionov@2:5020/545 to Benny Pedersen on Sun Oct 17 05:05:00 2021
    Good ${greeting_time}, Benny!

    16 Oct 2021 15:02:52, you wrote to me:

    ifconfig
    Don't use this command for any purpose. Never.
    i like to know why ?
    It uses deprecated API and may leave the kernel network stack
    in a really unpredictable state.
    what kernerl version do you refer to here ?

    2.6+

    and what ifconfig ?

    Any.

    that is usefull info imho

    Not really, for over 10 years.

    I guess you are using iptables instead of ipchains and ipfwadm.
    Or... ?
    or maybe vim ? shorewall is my friend

    Very stupid.


    --
    Alexey V. Vissarionov aka Gremlin from Kremlin
    gremlin.ru!gremlin; +vii-cmiii-ccxxix-lxxix-xlii

    ... that's why I really dislike fools.
    --- /bin/vi
    * Origin: ::1 (2:5020/545)
  • From Benny Pedersen@2:230/0 to Alexey Vissarionov on Mon Oct 18 00:00:16 2021
    Hello Alexey!

    17 Oct 2021 05:05, Alexey Vissarionov wrote to Benny Pedersen:

    2.6+

    time to upgrade ?

    and what ifconfig ?
    Any.

    cve then ?

    that is usefull info imho
    Not really, for over 10 years.

    nothing happended in 10 yaers of cve ?

    I guess you are using iptables instead of ipchains and ipfwadm.
    Or... ?
    or maybe vim ? shorewall is my friend

    Very stupid.

    its my choice, learn to live with it


    Regards Benny

    ... too late to die young :)
    --- Msged/LNX 6.1.2 (Linux/5.14.12-gentoo-dist (x86_64))
    * Origin: gopher://fido.junc.eu/ (2:230/0)