[Dxspider-support] Spots rejected if connected from local network

Christopher Schlegel sutehk.cs at gmail.com
Mon Mar 24 00:40:11 GMT 2025 

Understood. My network is heavily segmented and firewalled. No network can
talk to another without a set of firewall rules expressly allowing access.
Even if I allowed an entire network in software, everything is setup such
that only my admin devices can initiate connection to other networks.

My nodes are on a DMZ VLAN. The public node has Suricata in IPS mode
running on the host with an additional NIPS running on the router. I get a
chuckle out of seeing the dropped traffic.

Chris, WI3W

On Sun, Mar 23, 2025, 20:07 djk via Dxspider-support <
dxspider-support at tobit.co.uk> wrote:

> No. And I would STRONGLY not do that, unless you could guarantee trusting
> every computer (user) in that network.
> On 24/03/2025 00:03, Christopher Schlegel via Dxspider-support wrote:
>
> I can confirm this works. Updated the variable in my test node WI3W-3.
> Telnet into test node from 192.168.3.172. Spot received on WI3W-2 ...
>
> 23Mar2025 at 23:56:09 (chan) <- I WI3W-3
> PC61^14000.0^T3ST^23-Mar-2025^2356Z^test^WI3W^WI3W-3^24.55.156.90^H30^~
>
> Does the code understand CIDR notation?
>
> Chris, WI3W
>
>
>
> On Sun, Mar 23, 2025, 19:47 Christopher Schlegel <sutehk.cs at gmail.com>
> wrote:
>
>> Andrea, you would have to list the node too, if any spots are done on the
>> local machine.
>>
>> My understanding...
>>
>> Going to test this in a bit.
>>
>> Chris, WI3W
>>
>> On Sun, Mar 23, 2025, 19:46 IZ2LSC via Dxspider-support <
>> dxspider-support at tobit.co.uk> wrote:
>>
>>> So in that array we have to list the private ipaddress of the clients,
>>> not the node.
>>> Cool!
>>>
>>> Thanks, it was not so clear from the documentation.
>>>
>>> andrea
>>>
>>> -->
>>>
>>>
>>> On Sun, Mar 23, 2025 at 11:44 PM djk via Dxspider-support <
>>> dxspider-support at tobit.co.uk> wrote:
>>>
>>>> There is a variable called @main::localhost_names
>>>>
>>>> Which is (perhaps not perfectly named) an array of names/ip addresses
>>>> that are equivalent to a local addressed machine connecting to a
>>>> masquerading node with one leg on the local network and the other on the
>>>> outside world.  If you list all the addresses (including 127.0.0.1) in your
>>>> startup it should all magically work.
>>>>
>>>> set/var @main::localhost_names  qw(192.168.1.111 localhost 127.0.0.1)
>>>>
>>>> Might be a starting point.
>>>>
>>>> Dirk
>>>> On 23/03/2025 21:35, Christopher Schlegel via Dxspider-support wrote:
>>>>
>>>> I did email Dirk directly with the "brick bat". Hopefully he'll have
>>>> some advice.
>>>>
>>>> Chris, WI3W
>>>>
>>>> On Sun, Mar 23, 2025, 17:33 Kin <ea3cv at cronux.net> wrote:
>>>>
>>>>> I ran the same test with build 601 and got the same result.
>>>>>
>>>>> Tomorrow, if I have time, I'll review the code out of curiosity, but
>>>>> I think Dirk already knows what's going on.
>>>>>
>>>>>
>>>>>
>>>>> Kin EA3CV
>>>>>
>>>>>
>>>>>
>>>>> *De:* Dxspider-support <dxspider-support-bounces at tobit.co.uk> *En
>>>>> nombre de *Christopher Schlegel via Dxspider-support
>>>>> *Enviado el:* domingo, 23 de marzo de 2025 15:06
>>>>> *Para:* IZ2LSC <iz2lsc.andrea at gmail.com>
>>>>> *CC:* Christopher Schlegel <sutehk.cs at gmail.com>; The DXSpider
>>>>> Support list <dxspider-support at tobit.co.uk>
>>>>> *Asunto:* Re: [Dxspider-support] Spots rejected if connected from
>>>>> local network
>>>>>
>>>>>
>>>>>
>>>>> Andrea I see your use case and was able to replicate it.
>>>>>
>>>>> As you asked, I connected to WI3W-2 from an internal local address,
>>>>> 192.168.3.172.
>>>>>
>>>>> 23Mar2025 at 13:47:45 (chan) -> D GB7VAX
>>>>> PC61^14000.0^T3ST^23-Mar-2025^1347Z^test^WI3W^WI3W-2^*192.168.3.172*
>>>>> ^H30^~
>>>>>
>>>>> I then tried to connect from an internal address via telnet to the
>>>>> external address of WI3W-2 with the same result. Expected, but worth a shot.
>>>>>
>>>>> 23Mar2025 at 13:57:32 (chan) -> D GB7VAX
>>>>> PC61^14000.0^T3ST^23-Mar-2025^1357Z^test2^WI3W^WI3W-2^192.168.3.172^H30^~
>>>>>
>>>>> This would be a problem for me as well when contesting from home.
>>>>>
>>>>> Chris, WI3W
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Sun, Mar 23, 2025, 09:42 IZ2LSC <iz2lsc.andrea at gmail.com> wrote:
>>>>>
>>>>> Hi Chris,
>>>>>
>>>>> please do not consider izl2sc-55 that is a test note and I am not
>>>>> using it for the purpose of the issue I described here.
>>>>>
>>>>> Can you kindly do this test:
>>>>>
>>>>> Telnet to WI3W-2 using his private address from another PC, It is
>>>>> important that you telnet from another PC using the private address.
>>>>>
>>>>> and send a test spot
>>>>>
>>>>> Look what is the ipaddress in the PC61 that  WI3W-2 send out to the
>>>>> rest of the network
>>>>>
>>>>>
>>>>>
>>>>> This is how mine is received from another node
>>>>>
>>>>> 23Mar2025 at 13:35:43 (pc11) INPUT IZ2LSC-99:
>>>>> PC61^14000.0^IZ2LSC/P^23-Mar-2025^1335Z^test do not
>>>>> consider^IZ2LSC-7^IZ2LSC-99^*192.168.1.111*^H29^~ via: IZ2LSC-99
>>>>> recurse: 0
>>>>>
>>>>>
>>>>>
>>>>> and with the new release this spot will be discarded.
>>>>>
>>>>>
>>>>>
>>>>> Andrea
>>>>>
>>>>>
>>>>>
>>>>> -->
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>> _______________________________________________
>>>> Dxspider-support mailing listDxspider-support at tobit.co.ukhttps://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>>>>
>>>> _______________________________________________
>>>> Dxspider-support mailing list
>>>> Dxspider-support at tobit.co.uk
>>>> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>>>>
>>> _______________________________________________
>>> Dxspider-support mailing list
>>> Dxspider-support at tobit.co.uk
>>> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>>>
>>
> _______________________________________________
> Dxspider-support mailing listDxspider-support at tobit.co.ukhttps://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.tobit.co.uk/pipermail/dxspider-support/attachments/20250323/bafe9423/attachment.htm>

More information about the Dxspider-support mailing list