<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
OK, part of my problem today was that my window was not all the way
open; I found that the wind has blown it partially closed twice
today. I now have pictures of my temporary antenna setup:
<a class="moz-txt-link-freetext" href="http://www.ae7q.net/media/5.9GHz-1.jpg">http://www.ae7q.net/media/5.9GHz-1.jpg</a> and
<a class="moz-txt-link-freetext" href="http://www.ae7q.net/media/5.9GHz-2.jpg">http://www.ae7q.net/media/5.9GHz-2.jpg</a> -- The rope is for
fine-tuning the vertical angle, and the washcloth hung over the
front of the servers is to block the airflow and keep them from
generating low temperature alerts with the window open ...<br>
<br>
I'm now keeping a connection for a reasonable amount of time (10-15
minutes, which was also typical last week), and when lost, it comes
back quickly. The Russian has apparently given up.<br>
<br>
Actually, I had the same quality connection as before when it was
raining hard. Perhaps in your case it's not the rain per se, but
(as you inferred) water loading down the branches and moving them in
your RF path.<br>
<br>
At any rate, my concern is for the future; I don't need anything
blocked now. In a side discussion with someone else, the issue also
arose as to allowing a non-amateur the ability to transmit (ie, the
inbound probe) on amateur frequencies without a license. It's an
interesting legal point.<br>
<br>
<div class="moz-cite-prefix">On 2014-03-17 12:33, Nigel Vander
Houwen wrote:<br>
</div>
<blockquote
cite="mid:6C12C834-2D13-4C58-A51C-3E555C167FA9@k7nvh.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<div>Dean</div>
<div><br>
</div>
<div>Agreed RE: getting the edge firewalls in place. Cory is right
that we don't really want to do it until we have some system in
place for users to update their rules, but not knowing how long
that will be, perhaps I'll bring up with the admins what we
think of having it be manual, and the requests coming via emails
for now.</div>
<div><br>
</div>
<div>Regarding the connection issues, it's been raining the past
couple of days, and coupled with your weaker end signal strength
to begin with, that's what's bumping you. In fact the same thing
happens to my link. I look through some trees, and when it rains
in any significant amount, my link can drop by up to 15db or so
(which at that point I lose connection). I wouldn't be surprised
as today is supposed to be somewhat dryer, that it comes back
today, and then gets lost again as it starts to rain again over
the next few days.</div>
<div><br>
</div>
<div>RE the firewall, if you like I can set up a block at the edge
for you IP now if you prefer, and if so, let me know off list
what services you'd like to keep open if any, which should take
care of your russian friend.</div>
<div><br>
</div>
<div>Nigel K7NVH</div>
<br>
<div>
<div>On Mar 17, 2014, at 12:13 PM, Dean Gibson AE7Q <<a
moz-do-not-send="true" href="mailto:hamwan@ae7q.net">hamwan@ae7q.net</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<meta content="text/html; charset=UTF-8"
http-equiv="Content-Type">
<div bgcolor="#FFFFFF" text="#000000"> Well, I think you are
going to have to do something about outside incoming traffic
fairly soon.<br>
<br>
I run "/interface wireless monitor 0", it usually shows the
last IP address of 195.218.200.205 (Russia). I've got the
default radio firewall enabled, so the only traffic I should
see are unsuccessful port probes (or perhaps ICMP traffic).<br>
<br>
If I run constant pings, when I set the ping interval to one
second, my pings predominate, but with a ping interval of
two seconds or more, the above IP predominates.<br>
<br>
I don't know how much data he's sending, but today I'm
having a hard time <b>keeping any connection</b>. I didn't
have this problem before this past weekend, and I've made no
configuration or location change: This morning, to help
reestablishing a connect, I created a new scan list with
only the Paine sector aimed toward me, and I'm using that to
reduce the delay in reconnections.<br>
<br>
Note that currently I'm not trying to do anything useful;
I've got a poor antenna location (but it did work reasonably
well until today). Hopefully in a day or two, I will have a
better (outside and higher) temporary location.<br>
<br>
If you temporarily give me a different IP address, I can try
that to see if I'm the only one he's pounding on. I doubt
that I am.<br>
<br>
-- Dean<br>
<br>
<div class="moz-cite-prefix">On 2014-03-16 10:05, Cory
(NQ1E) wrote:<br>
</div>
<blockquote
cite="mid:CAGOhXwLXgvhbF1q2i+JDrUSpYixW4=WKFgsRbPk9-vOQn4yW-w@mail.gmail.com"
type="cite">
<div dir="ltr">The current plan is to block all
unsolicited incoming traffic from the internet on the
edge routers before it gets to the RF portions of the
network. However, we don't want to do that until we
have automation in place to maintain those rules and
until we have a self-service way for you to poke holes
in that configuration should you want to allow incoming
traffic from the world to one of your IP addresses. If
you want to block traffic from all sources (including
other hams), then adding firewall rules to your own
device is the correct way to accomplish that.
<div> <br>
</div>
<div>The rules are well established for auto-patches
that connect voice repeaters to the PSTN. Even
incoming telephone calls are allowed as long as they
are "expected" by the ham. Because the parallels
between these systems are fairly clear, the plan above
puts us in the best position to make sure our users
are able to maintain their part 97 compliance.</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Sat, Mar 15, 2014 at 11:25
PM, Dean Gibson AE7Q <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:hamwan@ae7q.net" target="_blank">hamwan@ae7q.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> <small><tt><big>OK,
after seeing the number of "random" IP
addresses hitting the radio from outside the
44.0.0.0 net, I didn't like the fact that
the firewall filters were removed in the web
site's suggested configuration, so I decided
to start from scratch. I learned a couple
things ...</big><br>
<font color="#000099"><br>
</font></tt><font color="#000099"><i><tt># --
Restore the radio to a factory fresh state
--</tt></i><i><tt><br>
</tt></i><i><tt>/system reset</tt></i><i><tt><br>
</tt></i><i><tt><br>
</tt></i><i><tt># === At this point you must
connect via MAC address ===</tt></i><i><tt><br>
</tt></i><i><tt>/user set admin
password="This is not it ..."</tt></i><i><tt><br>
</tt></i><i><tt>/console clear-history</tt></i><i><tt><br>
</tt></i><i><tt>/system identity set
name="CALL-Paine"</tt></i><i><tt><br>
</tt></i><i><tt><br>
</tt></i><i><tt>/ip</tt></i><i><tt><br>
</tt></i><i><tt>dns set
allow-remote-requests=no</tt></i><i><tt><br>
</tt></i><i><tt>address remove [find]</tt></i><i><tt><br>
</tt></i><i><tt><br>
</tt></i><i><tt>/ip firewall mangle</tt></i><i><tt><br>
</tt></i><i><tt>add action=change-mss
chain=output new-mss=1378 protocol=tcp
tcp-flags=syn tcp-mss=!0-1378</tt></i><i><tt><br>
</tt></i><i><tt>add action=change-mss
chain=forward new-mss=1378 protocol=tcp
tcp-flags=syn tcp-mss=!0-1378</tt></i><i><tt><br>
</tt></i><i><tt><br>
</tt></i><i><tt>/ip dhcp-server</tt></i><i><tt><br>
</tt></i><i><tt>remove [find]</tt></i><i><tt><br>
</tt></i><i><tt>network remove [find]</tt></i><i><tt><br>
</tt></i><i><tt><br>
</tt></i><i><tt>/ip dhcp-client</tt></i><i><tt><br>
</tt></i><i><tt>add add-default-route=no
dhcp-options=hostname,clientid disabled=no
interface=ether1 use-peer-dns=no</tt></i><i><tt><br>
</tt></i><i><tt># -- The following is
already configured --</tt></i><i><tt><br>
</tt></i><i><tt>#add add-default-route=yes
dhcp-options=hostname,clientid disabled=no
interface=wlan1</tt></i><i><tt><br>
</tt></i><i><tt><br>
</tt></i><i><tt># -- Do the following if you
need to move the radio to a different
network --</tt></i><i><tt><br>
</tt></i><i><tt>/system shutdown</tt></i><i><tt><br>
</tt></i><i><tt><br>
</tt></i><i><tt># === At this point you can
connect via IP address ===</tt></i><i><tt><br>
</tt></i><i><tt>/system logging</tt></i><i><tt><br>
</tt></i><i><tt>action set remote
bsd-syslog=yes remote=my.lcl.log.svr
remote-port=514
src-address=my.lcl.ether.ip
syslog-facility=local1
syslog-severity=info</tt></i><i><tt><br>
</tt></i></font><i><tt><font color="#000099">add
action=remote disabled=no prefix=""
topics=!debug,!snmp</font><br>
</tt></i></small><br>
<small><big>Note that I have "bsd-syslog" set to
"yes". This <b>appears to be necessary</b>
if you want a remote system to see
"syslog-facility" and "syslog-severity" (the
radio doesn't save/display those settings
otherwise).<br>
</big><i><tt><br>
</tt></i><font color="#000099"><i><tt>/system
ntp client set enabled=yes mode=unicast
primary-ntp=my.lcl.ntp.svr1
secondary-ntp=my.lcl.ntp.svr2</tt></i><i><tt><br>
</tt></i><i><tt><br>
</tt></i><i><tt>/interface wireless </tt></i><i><tt><br>
</tt></i><i><tt>channels add band=5ghz-onlyn
comment="Cell site sector centered at 360
degrees" frequency=5920 list=HamWAN
name="Sector300-060" width=5</tt></i><i><tt><br>
</tt></i><i><tt>channels add band=5ghz-onlyn
comment="Cell site sector centered at 120
degrees" frequency=5905 list=HamWAN
name="Sector060-180" width=5</tt></i><i><tt><br>
</tt></i><i><tt>channels add band=5ghz-onlyn
comment="Cell site sector centered at 240
degrees" frequency=5890 list=HamWAN
name="Sector180-300" width=5</tt></i><i><tt><br>
</tt></i><i><tt>/delay 5</tt></i><i><tt><br>
</tt></i><i><tt>set 0
radio-name="CALL/Location-Paine"</tt></i><i><tt><br>
</tt></i><i><tt>set 0 disabled=no
frequency-mode=superchannel
scan-list=HamWAN ssid=HamWAN
wireless-protocol=nv2</tt></i><i><tt><br>
</tt></i><i><tt><br>
</tt></i><i><tt>/tool dns-update
dns-server=my.lcl.dns.svr key="MD5 key
..." key-name=ddns ttl=3600 zone=<a
moz-do-not-send="true"
href="http://ae7q.net/" target="_blank">ae7q.net</a>
name=hamwan-1 address=my.ham.wan.ip</tt></i><i><tt><br>
</tt></i><i><tt>/console clear-history</tt></i><i><tt><br>
</tt></i><i><tt><br>
</tt></i><i><tt>monitor 0</tt></i></font><i><tt><br>
</tt></i></small><br>
I like my sector names better than just numbers...<br>
<br>
These "scripts" (when altered) can just be pasted
into a command window (otherwise the "/delay 5"
above is not necessary).<br>
<br>
Oh, I can sometimes connect through my CLOSED
window, but that's not reliable enough for
anything useful.<span class="HOEnZb"><font
color="#888888"><br>
<br>
-- Dean<br>
<br>
</font></span></div>
<br>
_______________________________________________<br>
PSDR mailing list<br>
<a moz-do-not-send="true"
href="mailto:PSDR@hamwan.org">PSDR@hamwan.org</a><br>
<a moz-do-not-send="true"
href="http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org"
target="_blank">http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
PSDR mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:PSDR@hamwan.org">PSDR@hamwan.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org">http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org</a>
</pre>
</blockquote>
<br>
</div>
_______________________________________________<br>
PSDR mailing list<br>
<a moz-do-not-send="true" href="mailto:PSDR@hamwan.org">PSDR@hamwan.org</a><br>
<a class="moz-txt-link-freetext"
href="http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org">http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org</a><br>
</blockquote>
</div>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
PSDR mailing list
<a class="moz-txt-link-abbreviated" href="mailto:PSDR@hamwan.org">PSDR@hamwan.org</a>
<a class="moz-txt-link-freetext" href="http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org">http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org</a>
</pre>
</blockquote>
<br>
<br>
</body>
</html>