#dev (ilita) | Обсуждение разработки I2Pd | i2pd development discussion | http://i2pd.website/

exokientic one "possible" issue that might be left on the table related to mikrotik specific kernel implementation (from mikrotiks RouterOS documentation):

exokientic "Hosts behind a NAT-enabled router do not have true end-to-end connectivity. Therefore some Internet protocols might not work in scenarios with NAT. Services that require the initiation of TCP connection from outside the private network or stateless protocols such as UDP, can be disrupted. "

exokientic okay, I will agree with that...

exokientic next:

exokientic "To overcome these limitations RouterOS includes a number of so-called NAT helpers, that enable NAT traversal for various protocols. When action=srcnat is used instead, connection tracking entries remain and connections can simply resume."

exokientic okay... NAT helpers...???

exokientic so, when action=src-nat it is STILL performing what is defined as a masquerade

exokientic but, using the "STANDARD" masquerade (action=src-nat), when your dynamically assigns WAN IP changes, you have to wait for each currently open link to fail, and then it will initiate a new link using the newly assigned WAN IP

exokientic this -can- sometimes results in connection issues with some types of services (*cough* VoIP *cough*)

exokientic in mikrotik land

exokientic when you choose action = masquerade

exokientic you get a "special" kind of mikrotik masquerade

exokientic that includes "NAT helpers"

exokientic furthermore they elaborate:

exokientic "Though Source NAT and masquerading perform the same fundamental function: mapping one address space into another one, the details differ slightly. Most noticeably, masquerading chooses the source IP address for the outbound packet from the IP bound to the interface through which the packet will exit."

exokientic Now, after reading that sentence like 50 times, I still dont quite understand it, lol

exokientic but, it seems in OpenWRT land, there are similar "connection helpers"

exokientic If I look at the 'postrouting WAN masquerade' rule in the defualt OpenWRT firewall, and tab over to the 'Conntrack Settings' tab, I see that the radio flag for "automatic helper assignment" is checked by defualt

exokientic it has some basic descriptive text:

exokientic "Automatically assign conntrack helpers based on traffic protocol and port"

exokientic sounds alot like mikrotiks NAT-helpers...

exokientic I have a strong suspicion one of the 'drop' rules in the defualt mikrotik firewall table was eating some i2pd packets

exokientic first one was; chain=input connection state=invalid action=drop

exokientic 'drop all invalid input connections'

exokientic Iam not entirely sure what defines a connection as invalid...

exokientic next drop rules

exokientic chain=input in-interface=!LAN action=drop

exokientic !LAN means: anything -other than- LAN

exokientic "drop all not coming from LAN"

exokientic I'm not sure I get the reasoning behind such a rule...

exokientic next drop rule

exokientic chain=forward connection-state=invalid action=drop

exokientic so, same as the first 'drop invalid' ruled, except this one applies to the forward chain as opposed to the input chain

exokientic and, last drop rule:

exokientic chain=forward in-interface=WAN connection-state=new nat-state=dnat action=drop

exokientic "drop all from WAN not DNATed"

exokientic so, essentially, any packet from the WAN that has made it past all the rules (this rule is the last one in the list), and is still looking for someplace to go, will get dropped -unless- it is tagged for dnating

exokientic both drop invalid rules (input and forward) had 10's of thousands of packets attributed to them

exokientic if those were i2p traffic packets, well, that explains the "firewalled" state

exokientic drop all not coming from LAN (input chain) has just about 1 million packets attributed to it

exokientic same deal, if any of that was i2p traffic, well, theres your problem...

exokientic bottom of the list, drop all from WAM not dnated, counter= 0

exokientic so obviousy that wasnt contributing to the issue.... nor does it seem necesary

R4SAS thats why you need to switch to WRT ASAP

R4SAS )))

exokientic ;)

exokientic from mikrotik docs:

exokientic "INVALID - The INVALID state means that the packet can't be identified or that it does not have any state. It is suggested to DROP everything in this state;"

exokientic :O

exokientic I mean... I am still flashing this thing with wrt

exokientic but its a little difficult to "admit defeat" !

exokientic I am fairly certain its "fixed now"

exokientic okay.... ASUS router running OpenWRT plugged back in :D

exokientic time to get dirty with this mikrotik

xadmpp orignal: я вот задался вопросом. irc ilita полность принадлежит команде i2pd за исключением ноды ацетона? только после сообщения "everyone who connected via irc.ilita.i2p: I'll shut down my mirroring destination, in 10 minutes you'll be reconnected to orignal's" я задумался и понял, что твоей ноды я не видел след-но irc.ilita.i2p

xadmpp твоя.

orignal ну а в чем мысль?

orignal irc.ilita.i2p разумеется моя

orignal вчера была проблема с нодой у впс

orignal R4SAS переадресовал этот тоннель на себя

orignal то есть фактически irc.ilita.i2p стал идентичен irc.r4sas.i2p

orignal счас впс починили и вернули обратно

xadmpp понял. смысл просто за все время решил задаться вопросом кому все же принадлежит илита)

orignal и ilita.i2p моя

xadmpp а кто у сети сервисный узел. это по идеи просто отдельный сервак с бд.

orignal у R4SAS-а

orignal nickserv и chanserv

xadmpp ну это просто отдельная нода, да, orignal? ну не сам ретранслятор сообщений как irc.ilita.i2p и два других.

orignal нет он на irc.r4sas.i2p сидит

xadmpp понятно. пересмотрел видео ацетана про ирку и только щяс задался вопросом как это работает.

xadmpp *ацетона

optic hi !

zzz hello

HidUser0 optic: hi

R4SAS блин, опять трехбукву выкинуло

xadmpp R4SAS: ты же опер. пропиши "/msg HostServ ACTIVATE xadmpp" хочу глянуть как это работает(hostserv)

R4SAS ща

xadmpp о, работает

R4SAS угу

R4SAS возможно как то и без аппрува можно сделать,не изучал

R4SAS -!- villain [villain@jesus.was.a.communist]

xadmpp это, похоже, по дефолту аппрув т.к. на другом сервере точно также надо подтверждать

R4SAS обнаружилось что он тоже делал запрос, но не говорил о этом

R4SAS самое забавное - дата создания: Jul 03 11:09:25 2017 UTC

xadmpp давненько

R4SAS можно попробовать переключить на работу без подтверждения

xadmpp R4SAS: OFFER allows you to offer a list of vHosts to the users of your network that they can accept at will without needing an oper to set the vHost. digitalirc.org/wiki/services/hostserv

R4SAS весьма возможно

R4SAS Now postman's irc didn't return leaseset

user_ygg2 Guys and devs from i2p-java, when irc postamn server will work again? Thnx for answer

R4SAS no one know

user_ygg2 ok, thx. That's sh.t

orignal HidUser0 у тебя LinkShow через сокс работает?

HidUser0 я вот тоже удивился, т.к. через http

R4SAS а юзер аген чего стоит?

R4SAS вот тут тебя за задницу и ловит

orignal а почему zzz.i2p отлуп дает?

HidUser0 R4SAS: так юзер агент чистится же

R4SAS значит какой то хедер лишний шлется

orignal я думаю там надо как в http прокси

orignal MYOB 6.66 типа того

R4SAS так прокся должна сама менять

HidUser0 чуть позже посмотрю, какие еще хедеры отправляет

orignal значит у него таки сокс

orignal либо банит по b32

exokientic goooooooood morning i2pd

exokientic openWRT flashed onto this mikrotik router

exokientic :D

exokientic rofl

exokientic network status: firewalled

orignal ask your ISP then

exokientic whew, fixed it >.<

exokientic pointed the port forward rule to my i2pd computers ip

exokientic wow

exokientic 2400 client tunnels

exokientic I "think" i2pd likes this router better...

orignal client or transit?

exokientic definitely client

exokientic ~700 transit tunnels

orignal what do you need 2400 client tuunnels for?

exokientic heya R4SAS; your OpenWRT install (MediaTek MT7621AT chipset)...

exokientic do you have a "switch" menu in your luci web console

exokientic i.e. do you have swconfig installed?

exokientic my isntall seems to be missing swconfig, which is odd considering the MediaTek MT7621AT does have a switch chip...

exokientic okay, furthe reading informs me that swconfig has been deprecated and is now replaced with DSA

exokientic 'distributed switch architecture'

exokientic interesting, my older ASUS openwrt (21.02.1) kernel included swconfig

exokientic bleep bloop

Словесник-Былинник go back to en channel

exokientic hahahaha

Словесник-Былинник lol

exokientic Мой русский немного ржавый, а?

Словесник-Былинник да.. вообще никак :)

exokientic next question :D

exokientic it looks like IPv6 is fully supported/ integrated in the OpenWRT (21.02.1)

exokientic what does the required ipv6 port forwarding rule look like for i2p(d) ipv6 traffic?