• does binkit log failed incoming connections?

    From Dumas Walker@VERT/CAPCITY2 to Digital Man on Tue Mar 31 01:17:49 2020
    I have a new node which is trying to connect to my system using binkp. I am able to connect to his fine, and send/receive mail. His attempted inbounds
    are not showing up on my syslog or even in the terminal window where sbbs is running. He is connecting, per his end.

    Mar 30 20:26:58 Scanning 1:2320/105

    Mar 30 20:26:58 Queued 1 files (588 bytes) to 1:2320/105

    Mar 30 20:26:58 Polling BINKP node 1:2320/105 (Mike Powell) by IPV4

    Mar 30 20:26:58 Connecting to capitolcityonline.net:24554 port 24554

    Mar 30 20:26:58 Connected IPV4 to 67.131.57.133

    Mar 30 20:26:58 Connection lost

    Mar 30 20:26:58 Authorization failed

    Mar 30 20:26:58 Polled 0 nodes

    He is using mystic. Only thing I can figure is that his IPA might be blocked here, but it is not in my ip silent file, and nothing is in my ip.can file. Plus I am not seeing a "blocked" message in the log on on the screen, either. Is there someplace else synchronet stores blocked addresses?

    Thanks!

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Al@VERT to Dumas Walker on Tue Mar 31 01:34:32 2020
    Hello Dumas,

    I have a new node which is trying to connect to my system using binkp.
    I am able to connect to his fine, and send/receive mail. His
    attempted inbounds are not showing up on my syslog or even in the
    terminal window where sbbs is running. He is connecting, per his end.

    I suspect he is not making it to your binkp service.

    Mar 30 20:26:58 Connecting to capitolcityonline.net:24554 port 24554

    Ask your link to take the :24554 off the command line since you are on the default port.

    That's a guess on my part but that :24554 on port 24554 looks suspicious to me.

    Ttyl :-),
    Al

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757.2)
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Digital Man@VERT to Dumas Walker on Tue Mar 31 03:12:57 2020
    Re: does binkit log failed incoming connections?
    By: Dumas Walker to Digital Man on Mon Mar 30 2020 09:17 pm

    I have a new node which is trying to connect to my system using binkp. I am able to connect to his fine, and send/receive mail. His attempted inbounds are not showing up on my syslog or even in the terminal window where sbbs is running. He is connecting, per his end.

    Mar 30 20:26:58 Scanning 1:2320/105

    Mar 30 20:26:58 Queued 1 files (588 bytes) to 1:2320/105

    Mar 30 20:26:58 Polling BINKP node 1:2320/105 (Mike Powell) by IPV4

    Mar 30 20:26:58 Connecting to capitolcityonline.net:24554 port 24554

    Mar 30 20:26:58 Connected IPV4 to 67.131.57.133

    Mar 30 20:26:58 Connection lost

    Mar 30 20:26:58 Authorization failed

    Mar 30 20:26:58 Polled 0 nodes

    He is using mystic. Only thing I can figure is that his IPA might be blocked here, but it is not in my ip silent file, and nothing is in my ip.can file. Plus I am not seeing a "blocked" message in the log on on the screen, either. Is there someplace else synchronet stores blocked addresses?

    Nope. Maybe you have a system firewall or gateway device that is filtering his connectons?

    digital man

    This Is Spinal Tap quote #14:
    The Boston gig has been cancelled. [Don't] worry, it's not a big college town. Norco, CA WX: 56.0°F, 74.0% humidity, 0 mph S wind, 0.00 inches rain/24hrs

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Al@VERT to Dumas Walker on Tue Mar 31 03:26:30 2020
    Hello Dumas,

    I have a new node which is trying to connect to my system using binkp.
    I am able to connect to his fine, and send/receive mail. His
    attempted inbounds are not showing up on my syslog or even in the
    terminal window where sbbs is running. He is connecting, per his end.

    Looks like that to me too.. if I telnet to capitolcityonline.net on port 24554 I connect but immediately get "connection closed by foreign host"

    Ttyl :-),
    Al

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757.2)
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From alterego@VERT/ALTERANT to Al on Tue Mar 31 23:24:56 2020
    Re: does binkit log failed incoming connections?
    By: Al to Dumas Walker on Mon Mar 30 2020 11:26 pm

    Looks like that to me too.. if I telnet to capitolcityonline.net on port 24554 I connect but immediately get "connection closed by foreign host"

    FWIW, I tried it, and it worked for me - I saw the familiar OPT CRAM-MD5-... ...deon


    ... A little inaccuracy sometimes saves tons of explanation.  

    ---
    ■ Synchronet ■ Alterant | an SBBS in Docker on Pi!
  • From Al@VERT to alterego on Tue Mar 31 06:34:56 2020
    Hello alterego,

    Looks like that to me too.. if I telnet to capitolcityonline.net
    on port 24554 I connect but immediately get "connection closed by
    foreign host"

    FWIW, I tried it, and it worked for me - I saw the familiar OPT CRAM-MD5-...
    ...deon

    I was expecting the CRAM-MD5 but I get..


    Trying 67.131.57.133...
    Connected to capitolcityonline.net.
    Escape character is '^]'.
    Connection closed by foreign host.

    I don't know why that happens.

    Ttyl :-),
    Al

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757.2)
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rampage@VERT/SESTAR to Dumas Walker on Tue Mar 31 12:23:39 2020
    Re: does binkit log failed incoming connections?
    By: Dumas Walker to Digital Man on Mon Mar 30 2020 21:17:49


    Mar 30 20:26:58 Connecting to capitolcityonline.net:24554 port 24554

    for some reason, the above doesn't look right... it looks like they have the port tacked onto the end of your domain as well as having the port defined in their record for your system...


    )\/(ark

    ---
    ■ Synchronet ■ The SouthEast Star Mail HUB - SESTAR
  • From Rampage@VERT/SESTAR to Al on Tue Mar 31 12:34:35 2020
    Re: does binkit log failed incoming connections?
    By: Al to Dumas Walker on Mon Mar 30 2020 23:26:30


    I have a new node which is trying to connect to my system
    using binkp. I am able to connect to his fine, and
    send/receive mail. His attempted inbounds are not showing
    up on my syslog or even in the terminal window where sbbs
    is running. He is connecting, per his end.

    Looks like that to me too.. if I telnet to
    capitolcityonline.net on port 24554 I connect but
    immediately get "connection closed by foreign host"

    that seems reasonable since you don't manually send the data required... i set a poll for my binkd and was able to connect without problems... blank lines added to the below to avoid wordwrap hell...

    + 08:27 [17770] call to 1:2320/105@fidonet

    08:27 [17770] trying capcity2.synchro.net [67.131.57.133]...

    08:27 [17770] connected

    + 08:27 [17770] outgoing session with capcity2.synchro.net:24554 [67.131.57.133]

    - 08:27 [17770] OPT CRAM-MD5-112d038a01a74437e3cbb6d8a11d2883 CRYPT

    + 08:27 [17770] Remote requests MD mode

    + 08:27 [17770] Remote requests CRYPT mode

    - 08:27 [17770] SYS Capitol City Online

    - 08:27 [17770] ZYZ Mike Powell

    - 08:27 [17770] LOC Kentucky, USA

    - 08:27 [17770] NDL 115200,TCP,BINKP

    - 08:27 [17770] TIME Tue Mar 31 2020 08:27:54 GMT-0400 (EDT)

    - 08:27 [17770] VER BinkIT/2.30,JSBinkP/1.122,sbbs3.17c/Linux binkp/1.1

    + 08:27 [17770] addr: 1:2320/105@fidonet

    + 08:27 [17770] addr: 1:2320/0@fidonet

    + 08:27 [17770] addr: 21:1/175@fsxnet

    + 08:27 [17770] addr: 42:17/1@sfnet

    + 08:27 [17770] addr: 46:10/121@agoranet

    + 08:27 [17770] addr: 77:1/115@scinet

    + 08:27 [17770] addr: 276:276/0@gtpower

    + 08:27 [17770] addr: 314:314/25@pinet

    + 08:27 [17770] addr: 432:1/120@vkradio

    + 08:27 [17770] addr: 454:1/105@ilink

    + 08:27 [17770] addr: 454:3/105@ilink

    + 08:27 [17770] addr: 618:250/1@micronet

    + 08:27 [17770] addr: 901:1/19@dixie

    + 08:27 [17770] addr: 1337:3/103@tqwnet

    + 08:27 [17770] addr: 637:1/112.8@happynet

    + 08:27 [17770] done (to 1:2320/105@fidonet, OK, S/R: 0/0 (0/0 bytes))

    08:27 [17770] session closed, quitting...

    08:27 [20532] rc(17770)=0



    )\/(ark

    ---
    ■ Synchronet ■ The SouthEast Star Mail HUB - SESTAR
  • From Al@VERT to Rampage on Tue Mar 31 15:47:38 2020
    Hello Rampage,

    I have a new node which is trying to connect to my system
    using binkp. I am able to connect to his fine, and
    send/receive mail. His attempted inbounds are not showing
    up on my syslog or even in the terminal window where sbbs
    is running. He is connecting, per his end.

    Looks like that to me too.. if I telnet to
    capitolcityonline.net on port 24554 I connect but
    immediately get "connection closed by foreign host"

    that seems reasonable since you don't manually send the data
    required... i set a poll for my binkd and was able to connect without problems... blank lines added to the below to avoid wordwrap hell...

    I can't poll capitolcityonline.net with my mailer either.

    I can telnet sestar.synchro.net 24554 and I see the OPT CRAM-MD5 greeting from your mailer. I hit <CTRL> } and then close the connection but I can't telnet or
    binkp into capitolcityonline.net. I suspect a peer block or similar issue but I
    don't know what the block is.

    Ttyl :-),
    Al

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757.2)
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Dumas Walker@VERT/CAPCITY2 to RAMPAGE on Tue Mar 31 21:24:00 2020
    for some reason, the above doesn't look right... it looks like they have the po
    t tacked onto the end of your domain as well as having the port defined in thei
    record for your system...

    It is mystic. I have asked him about that and apparently he includes the
    port on all of his connections. I have never tried using mystic's binkp to connect to a system on the standard port so I am not sure whether he really should or not?


    * SLMR 2.1a * They went that-a-way --->

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Dumas Walker@VERT/CAPCITY2 to DIGITAL MAN on Tue Mar 31 21:29:00 2020
    He is using mystic. Only thing I can figure is that his IPA might be
    blocked here, but it is not in my ip silent file, and nothing is in my
    ip.can file. Plus I am not seeing a "blocked" message in the log on on the >> screen, either. Is there someplace else synchronet stores blocked addresses?

    Nope. Maybe you have a system firewall or gateway device that is filtering his >onnectons?

    Nope it doesn't saved blocked IP address anywhere else, or nope it does not
    log failed binkit connections? :)

    I should not have anything else that does any filtering but will dig around some more. It would help if the logging on his end was more detailed.
    Binkit and binkd give more details than that... you can pretty much tell if
    you are actually reaching the binkd on the other end or not.


    * SLMR 2.1a * My neighbor has a circular driveway. she can't get out.

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Dumas Walker@VERT/CAPCITY2 to AL on Tue Mar 31 21:59:00 2020
    Trying 67.131.57.133...
    Connected to capitolcityonline.net.
    Escape character is '^]'.
    Connection closed by foreign host.

    I don't know why that happens.

    Hmmm... do you happen to remember the time and date that you did that? You
    are on PDT, right? I'd like to check my logs.


    * SLMR 2.1a * >DIODE; What happens to people who don't die young.

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Al@VERT to Dumas Walker on Tue Mar 31 19:34:34 2020
    Hello Dumas,

    Trying 67.131.57.133...
    Connected to capitolcityonline.net.
    Escape character is '^]'.
    Connection closed by foreign host.

    I don't know why that happens.

    Hmmm... do you happen to remember the time and date that you did that?
    You are on PDT, right? I'd like to check my logs.

    I just tried agian with the same result. Is that the right IP address?

    My IP is 104.246.155.40, do you see that in your log?

    My BBBS mailer is similar to Mystics mailer. It just fails and doesn't give any
    indication of why, I don't think it knows why.

    Ttyl :-),
    Al

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757.2)
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Al@VERT to Dumas Walker on Tue Mar 31 19:39:56 2020
    Hello Dumas,

    You are on PDT, right? I'd like to check my logs.

    Yes, that's right. TZUTC -0700

    Ttyl :-),
    Al

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757.2)
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Tony Langdon@VERT to Dumas Walker on Wed Apr 1 22:03:00 2020
    On 03-31-20 17:24, Dumas Walker wrote to RAMPAGE <=-

    for some reason, the above doesn't look right... it looks like they have the
    po
    t tacked onto the end of your domain as well as having the port defined in
    thei
    record for your system...

    It is mystic. I have asked him about that and apparently he includes
    the port on all of his connections. I have never tried using mystic's binkp to connect to a system on the standard port so I am not sure
    whether he really should or not?

    No need to, I only use the port if it's non standard.


    ... I don't have any solution, but I certainly admire the problem.
    === MultiMail/Win v0.51
    --- SBBSecho 3.10-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Dumas Walker@VERT/CAPCITY2 to Al on Wed Apr 1 16:36:09 2020
    Trying 67.131.57.133...

    I just tried agian with the same result. Is that the right IP address?

    Yes, that is the right one.

    My IP is 104.246.155.40, do you see that in your log?

    No it does not. Nothing beginning with 104. is anywhere in my /sbbs/text ip.can or ip silent file. I did add you to my /sbbs/ctrl ipfilter exempt file so we will see what that does if you are willing to try again.

    I am also wondering if I had a "negative" entry into one of the can files if that will also knock a hole open for you.

    I am still at least partially convinced that syncrhonet keeps a list of
    blocked ipas somewhere besides those two can files. It is not my router because Berry can reach my magicka bbs on another machine behind the same router. It is possible there is something odd on this machine besides synchronet. I don't have any servers on it to test that are not synchronet though.

    I am running ubuntu. I did not intentionally set up any type of firewall software, but that does not mean there is not a gremlin on the loose
    somewhere. :)

    My BBBS mailer is similar to Mystics mailer. It just fails and doesn't give any
    indication of why, I don't think it knows why.

    One thing I like about synchronet... it has a lot of configuration that needs doing, but the logging is usually top notch. Makes it easier to find issues, assuming the node you are working with can even get in. :)

    Mike

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Al@VERT to Dumas Walker on Wed Apr 1 19:38:48 2020
    No it does not. Nothing beginning with 104. is anywhere in my /sbbs/text
    ip.can or ip silent file. I did add you to my /sbbs/ctrl ipfilter exempt file
    so we will see what that does if you are willing to try again.

    This is what I got just a minute ago..

    alan@trmb:~$ telnet capitolcityonline.net 24554 Trying 67.131.57.133... Connected to capitolcityonline.net. Escape character is '^]'.
    Connection closed by foreign host.

    So I think I did connect breifly before the connection was closed.

    --- BBBS/Li6 v4.10 Toy-4
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rampage@VERT/SESTAR to Al on Thu Apr 2 10:07:42 2020
    Re: Re: does binkit log failed in
    By: Al to Dumas Walker on Wed Apr 01 2020 15:38:48


    alan@trmb:~$ telnet capitolcityonline.net 24554 Trying 67.131.57.133... Connected to capitolcityonline.net. Escape character is '^]'.
    Connection closed by foreign host.

    So I think I did connect breifly before the connection was closed.

    you did get the SYN packet sent but the remote dropped you for some reason...

    can you try running tcpdump and capturing the session? something like this should work...

    tcpdump -i eth0 -s0 -w cco-%Y%m%d%H%M%S.pcap -G 3600 -C 2 'host your.ip.here or 67.131.57.133'

    make sure you replace 'eth0' with the id of your NIC and 'your.ip.here' with your machine's IP address... any captured traffic will be written to (eg) cc0-20200402055200.pcap... the file will be rotated to a new name starting with 'cc0-' every hour or when it reaches 2 megabytes in size... start tcpdump in a window and let it run...

    in another window, try your test via telnet or trigger a poll via your mailer... when the test is finished, switch back to the tcpdump window and ^C to stop tcpdump... when tcpdump stops, it will tell you how many packets it captured... if it captured none, we need to look a little closer and figure out why... in this case, it is likely that one or both addresses is wrong...

    once you have some packets captured, the .pcap file(s) can be analyzed with a tool like wireshark or even tcpdump itself... i prefer to capture with tcpdump and analyze with wireshark even though both can do both jobs...

    my thinking here is mainly to see if the destination system is the one that is shutting down the connection or if it is maybe an intermediate system... kinda like how some services shut down torrent traffic by detecting it and injecting rejection packets into the stream to cause the transfer to stop... but let's see if we can see what is actually happening first...


    )\/(ark

    ---
    ■ Synchronet ■ The SouthEast Star Mail HUB - SESTAR
  • From Al@VERT to Rampage on Thu Apr 2 09:16:52 2020
    Hello Rampage,

    can you try running tcpdump and capturing the session? something like
    this should work...

    I did and the resulting file is in cco-pcap.zip in your inbound.

    I did telnet capitolcityonline.net 24554, again on port 23, and again on port 7636 and reached his other BBSs login, then I just closed the connection.

    Ttyl :-),
    Al

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rampage@VERT/SESTAR to Al on Thu Apr 2 13:56:33 2020
    Re: does binkit log failed in
    By: Al to Rampage on Thu Apr 02 2020 05:16:52


    can you try running tcpdump and capturing the session? something like
    this should work...

    I did and the resulting file is in cco-pcap.zip in your inbound.

    got it...

    I did telnet capitolcityonline.net 24554,

    here's the analysis of the first connection to his port 24554:

    1 0.000000 192.168.0.10 67.131.57.133 TCP 74 37902 -> 24554 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=225677907 TSecr=0 WS=128

    2 0.106554 67.131.57.133 192.168.0.10 TCP 74 24554 -> 37902 [SYN, ACK] Seq=0 Ack=1 Win=7240 Len=0 MSS=1460 SACK_PERM=1 TSval=3612730178 TSecr=225677907 WS=1

    3 0.106625 192.168.0.10 67.131.57.133 TCP 66 37902 -> 24554 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=225678014 TSecr=3612730178

    above is the 3-way handshake (HS)... this is proper... you can see it goes between your port 37902 and his port 24554...

    4 0.205658 67.131.57.133 192.168.0.10 TCP 66 24554 -> 37902 [FIN, ACK] Seq=1 Ack=1 Win=7240 Len=0 TSval=3612730275 TSecr=225678014

    5 0.205833 192.168.0.10 67.131.57.133 TCP 66 37902 -> 24554 [FIN, ACK] Seq=1 Ack=2 Win=29312 Len=0 TSval=225678113 TSecr=3612730275

    6 0.316962 67.131.57.133 192.168.0.10 TCP 66 24554 -> 37902 [ACK] Seq=2 Ack=2 Win=7239 Len=0 TSval=3612730370 TSecr=225678113

    the 3-way HS is then followed immediately by the connection termination sequence... this is the remote end terminating the connection... the question is why...



    again on port 23,

    this one you can see goes from your port 38602 to his port 23...

    7 5.903464 192.168.0.10 67.131.57.133 TCP 74 38602 -> 23 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=225683811 TSecr=0 WS=128

    8 6.000850 67.131.57.133 192.168.0.10 TCP 74 23 -> 38602 [SYN, ACK] Seq=0 Ack=1 Win=7240 Len=0 MSS=1460 SACK_PERM=1 TSval=3612736072 TSecr=225683811 WS=1

    9 6.000932 192.168.0.10 67.131.57.133 TCP 66 38602 -> 23 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=225683908 TSecr=3612736072

    10 6.004699 192.168.0.10 67.131.57.133 TELNET 90 Telnet Data ...

    here the telnet connection is negotiated... it appears normal as well...

    11 6.103170 67.131.57.133 192.168.0.10 TCP 66 23 -> 38602 [ACK] Seq=1 Ack=25 Win=7216 Len=0 TSval=3612736174 TSecr=225683912

    12 6.109538 67.131.57.133 192.168.0.10 TCP 66 [TCP Dup ACK 11#1] 23 -> 38602 [ACK] Seq=1 Ack=25 Win=7216 Len=0 TSval=3612736174 TSecr=225683912

    13 6.116182 67.131.57.133 192.168.0.10 TCP 66 23 -> 38602 [FIN, ACK] Seq=1 Ack=25 Win=7216 Len=0 TSval=3612736175 TSecr=225683912

    14 6.116250 67.131.57.133 192.168.0.10 TCP 66 23 -> 38602 [RST, ACK] Seq=2 Ack=25 Win=7216 Len=0 TSval=3612736175 TSecr=225683912

    then we're here with the remote sending the terminate signal followed by a ReSeT... effectively closing the connection...


    and again on port 7636 and reached his other BBSs login, then I just closed the connection.

    i'm not going to post the last one but it is good, like the others except that it also includes two packets carrying the opening screen data from the server to your system... it is also closed by the standard FIN/ACK, ACK sequence...

    so the task moves back to the remote side to figure out why it is terminating those connections to its binkp and telnet ports... it could be the software on those ports but it is still possible that they are being filtered/blocked before the software even sees the traffic... especially since the software is not recording the transaction and subsequent dropping of the connection... i'm starting to suspect the ISP may be filtering port 24554 and port 23 but others are able to connect to those ports so that doesn't make sense... unless there is some sort of region blocking on certain inbound ports... i do note that the IP is owned by centurylink not that that really means much, though...

    can you also post a traceroute to 67.131.57.133?

    sorry i couldn't bring better news...


    )\/(ark

    ---
    ■ Synchronet ■ The SouthEast Star Mail HUB - SESTAR
  • From Al@VERT to Rampage on Thu Apr 2 12:25:30 2020
    Hello Rampage,

    can you also post a traceroute to 67.131.57.133?

    Yes, here it is..


    === Cut ===
    traceroute to 67.131.57.133 (67.131.57.133), 30 hops max, 60 byte packets
    1 192.168.0.1 (192.168.0.1) 0.163 ms 0.142 ms 0.141 ms
    2 96.50.224.1 (96.50.224.1) 12.050 ms 12.059 ms 12.038 ms
    3 rd3cs-be104-1.ok.shawcable.net (64.59.169.161) 19.247 ms 23.208 ms 23.218
    ms
    4 xe-1-2-0-825-agg01-van2.teksavvy.com (192.252.226.5) 22.024 ms 21.963 ms 23.485 ms
    5 ae1-203.cr0-van1.ip4.gtt.net (69.174.15.209) 23.749 ms 23.683 ms 25.352 ms
    6 ae37.cr1-chi1.ip4.gtt.net (89.149.185.98) 72.119 ms 63.269 ms 64.906 ms
    7 173.205.35.114 (173.205.35.114) 64.634 ms 62.674 ms 68.311 ms
    8 ae0-0.agr01.lsvp01-ky.us.windstream.net (40.129.40.73) 75.355 ms 77.591 ms 78.424 ms
    9 xe5-2-0-0.pe02.lsvp01-ky.us.windstream.net (40.136.210.219) 78.425 ms 79.505 ms 80.698 ms
    10 * * *
    11 * * *
    12 * * *
    13 * * *
    14 * * *
    15 * * *
    16 * * *
    17 * * *
    18 * * *
    19 * * *
    20 * * *
    21 * * *
    22 * * *
    23 * * *
    24 * * *
    25 * * *
    26 * * *
    27 * * *
    28 * * *
    29 * * *
    30 * * *
    === Cut ===

    sorry i couldn't bring better news...

    Thank you for your help. Dumas now knows where to look.. :)

    Ttyl :-),
    Al

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Dumas Walker@VERT/CAPCITY2 to AL on Thu Apr 2 16:20:00 2020
    This is what I got just a minute ago..

    alan@trmb:~$ telnet capitolcityonline.net 24554 Trying 67.131.57.133... Connected to capitolcityonline.net. Escape character is '^]'.
    Connection closed by foreign host.

    So I think I did connect breifly before the connection was closed.

    As it is not being logged by synchronet/binkit, I syspect whatever you are connecting to happens before it ever gets there. :(


    * SLMR 2.1a * RUNTIME ERROR 6D at 417A: 32CF: Incompetent user

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Al@VERT to Dumas Walker on Thu Apr 2 13:28:58 2020
    Hello Dumas,

    So I think I did connect breifly before the connection was closed.

    As it is not being logged by synchronet/binkit, I syspect whatever you
    are connecting to happens before it ever gets there. :(

    Yes, I did connect and the negotiation started but the connection is dropped for some reason.

    We need to figure out what the reason is.

    I don't know for sure but I don't think Synchronet did that, and if it did it would log the activity and IP.

    If you can get binkd up on some out of the way port I could try that and then we can rule out SBBS or Binkit.

    Ttyl :-),
    Al

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Al@VERT to Rampage on Thu Apr 2 14:01:04 2020
    Hello Rampage,

    sorry i couldn't bring better news...

    You've been very helpful.

    Dumas put up binkd on another port and I was able to connect without issue using both telnet and a binkp mailer session.

    That sounds to me like Synchronet/BinkIT is silently dropping the connection without logging?

    Is there a way to test that theory?

    Ttyl :-),
    Al

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Digital Man@VERT to Al on Thu Apr 2 14:57:09 2020
    Re: does binkit log failed in
    By: Al to Rampage on Thu Apr 02 2020 10:01 am

    Hello Rampage,

    sorry i couldn't bring better news...

    You've been very helpful.

    Dumas put up binkd on another port and I was able to connect without issue using both telnet and a binkp mailer session.

    That sounds to me like Synchronet/BinkIT is silently dropping the connection without logging?

    Is there a way to test that theory?

    Maybe the port is the key, switch the ports around between binkd and BinkIT and see what changes.

    digital man

    This Is Spinal Tap quote #29:
    I find lost luggage. I locate mandolin strings in the middle of Austin!
    Norco, CA WX: 62.2°F, 65.0% humidity, 0 mph ESE wind, 0.00 inches rain/24hrs

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Al@VERT to Digital Man on Thu Apr 2 15:02:52 2020
    Hello Digital,

    That sounds to me like Synchronet/BinkIT is silently dropping the
    connection without logging?

    Is there a way to test that theory?

    Maybe the port is the key, switch the ports around between binkd and BinkIT and see what changes.

    I think Dumas has BinkIT running on port 24554 and put up binkd just to test on
    port 24553.

    I and another node just setting up with Dumas can't connect to Dumas's BBS on port 23 for telnet or port 24554 for binkp sessions.

    The strange thing is Dumas has been running his BBS and mailer on the standard ports and most folks get in with no problem.

    The fact his mailer is up and running could make it troublesome for him to switch ports around but I am here and willing to test whatever services or ports need testing.

    Dumas: let me know if you'd like me to try different ports.

    Ttyl :-),
    Al

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rampage@VERT/SESTAR to Dumas Walker on Thu Apr 2 18:20:54 2020
    Re: Re: does binkit log faile
    By: Dumas Walker to AL on Thu Apr 02 2020 12:20:00


    As it is not being logged by synchronet/binkit, I syspect whatever
    you are connecting to happens before it ever gets there. :(

    based on my analysis of the pcap file of attempts to connect to your port 24554 and 23, i agree...

    have you tried rebooting your internet modem?


    )\/(ark

    ---
    ■ Synchronet ■ The SouthEast Star Mail HUB - SESTAR
  • From Rampage@VERT/SESTAR to Al on Thu Apr 2 18:23:28 2020
    Re: does binkit log failed in
    By: Al to Rampage on Thu Apr 02 2020 10:01:04


    Dumas put up binkd on another port and I was able to connect without
    issue using both telnet and a binkp mailer session.

    that's... interesting...

    That sounds to me like Synchronet/BinkIT is silently dropping the connection without logging?

    i guess it could do that depending on logging options...

    Is there a way to test that theory?

    i dunno... DM would be the more lokely one with that info...


    )\/(ark

    ---
    ■ Synchronet ■ The SouthEast Star Mail HUB - SESTAR
  • From Dumas Walker@VERT/CAPCITY2 to RAMPAGE on Thu Apr 2 19:39:00 2020
    so the task moves back to the remote side to figure out why it is terminating t
    ose connections to its binkp and telnet ports... it could be the software on th
    se ports but it is still possible that they are being filtered/blocked before t
    e software even sees the traffic... especially since the software is not record
    ng the transaction and subsequent dropping of the connection... i'm starting to
    suspect the ISP may be filtering port 24554 and port 23 but others are able to >onnect to those ports so that doesn't make sense... unless there is some sort o
    region blocking on certain inbound ports... i do note that the IP is owned by
    enturylink not that that really means much, though...

    It is possible the ISP is filtering on regions but one of the users is
    using AT&T and is only a county or two away from me in the same state. I suspect it is something with synchronet simply because Al has since been
    able to connect to a port (24553 under binkd control) that is not under the control of synchronet but that is on the same machine.


    * SLMR 2.1a * Four out of five people think the fifth is an idiot.

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Dumas Walker@VERT/CAPCITY2 to AL on Thu Apr 2 19:46:00 2020
    sorry i couldn't bring better news...

    Thank you for your help. Dumas now knows where to look.. :)

    Well, not really. I was thinking maybe one of the hops would be in my ip-silent.can but none of them are.


    * SLMR 2.1a * Lite Year: low calorie year!

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Rampage@VERT/SESTAR to Dumas Walker on Thu Apr 2 23:26:04 2020
    Re: does binkit log failed in
    By: Dumas Walker to AL on Thu Apr 02 2020 15:46:00


    Well, not really. I was thinking maybe one of the hops would be in my ip-silent.can but none of them are.

    router hops are not recorded in the packets so they won't be recorded in any blocking software... it is only the originating IP that you should be looking for...

    but yeah, this appears to be being blocked before the traffic gets to your sbbs on those ports...

    is this a windows box? have you tried turning off the windows firewall? do you have some fancy anti-virus that may be monitoring the network and could be blocking?


    )\/(ark

    ---
    ■ Synchronet ■ The SouthEast Star Mail HUB - SESTAR
  • From Digital Man@VERT to Rampage on Fri Apr 3 04:44:13 2020
    Re: does binkit log failed in
    By: Rampage to Dumas Walker on Thu Apr 02 2020 07:26 pm

    Re: does binkit log failed in
    By: Dumas Walker to AL on Thu Apr 02 2020 15:46:00


    Well, not really. I was thinking maybe one of the hops would be in my ip-silent.can but none of them are.

    router hops are not recorded in the packets so they won't be recorded in any blocking software... it is only the originating IP that you should be looking for...

    The issue was root-caused to bad syntax in the sysop's text/ip-silent.can file. The line ".46~" matched (and silently dropped connections from) the problem IP addresses, unintentionally.

    So yeah, the TCP connections were reaching SBBS and being silent disconnected.

    digital man

    Synchronet "Real Fact" #65:
    Synchronet can dynamically compress and uncompress message bases (using LZH). Norco, CA WX: 54.2°F, 86.0% humidity, 0 mph S wind, 0.00 inches rain/24hrs

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rampage@VERT/SESTAR to Digital Man on Fri Apr 3 13:23:30 2020
    Re: does binkit log failed in
    By: Digital Man to Rampage on Fri Apr 03 2020 00:44:13


    Well, not really. I was thinking maybe one of the hops would be in
    my ip-silent.can but none of them are.

    Rampage>> router hops are not recorded in the packets so they won't be
    Rampage>> recorded in any blocking software... it is only the originating
    Rampage>> IP that you should be looking for...

    The issue was root-caused to bad syntax in the sysop's
    text/ip-silent.can file. The line ".46~" matched (and silently
    dropped connections from) the problem IP addresses, unintentionally.

    my next step was going to be to ask to see the ip.can and ip-silent.can files... i mean, if it wasn't the firewall or the ISP, it had to be local...
    i can't even imagine what one would be trying to block with that particular entry...

    So yeah, the TCP connections were reaching SBBS and being silent disconnected.

    i'm glad you found it... that's why you get paid the big sbbs bucks :)


    )\/(ark

    ---
    ■ Synchronet ■ The SouthEast Star Mail HUB - SESTAR
  • From Digital Man@VERT to Rampage on Fri Apr 3 15:08:06 2020
    Re: does binkit log failed in
    By: Rampage to Digital Man on Fri Apr 03 2020 09:23 am

    So yeah, the TCP connections were reaching SBBS and being silent disconnected.

    i'm glad you found it... that's why you get paid the big sbbs bucks :)

    Ha! :-)

    digital man

    Synchronet/BBS Terminology Definition #26:
    FDSZ = FOSSIL DSZ (by Chuck Forsberg)
    Norco, CA WX: 61.1°F, 66.0% humidity, 3 mph E wind, 0.00 inches rain/24hrs

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rampage@VERT/SESTAR to Digital Man on Sat Apr 4 00:02:22 2020
    Re: does binkit log failed in
    By: Digital Man to Rampage on Fri Apr 03 2020 11:08:06


    Rampage>> i'm glad you found it... that's why you get paid the big sbbs bucks :)

    Ha! :-)

    i thought you'd like that ;) O:)


    )\/(ark

    ---
    ■ Synchronet ■ The SouthEast Star Mail HUB - SESTAR
  • From Dumas Walker@VERT/CAPCITY2 to RAMPAGE on Fri Apr 3 22:03:00 2020
    As it is not being logged by synchronet/binkit, I syspect whatever
    you are connecting to happens before it ever gets there. :(

    based on my analysis of the pcap file of attempts to connect to your port 24554
    and 23, i agree...

    have you tried rebooting your internet modem?

    It actually turned out to be a misunderstanding of how the ip-silent.can
    file syntax worked. I was using a tilde where I should have been using an asterisk. :D Synchronet apparently does not log nodes which are blocked silently, or I don't have the logging turned up sensitive enough to do so.


    * SLMR 2.1a * Happiness is a warm phaser.

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Dumas Walker@VERT/CAPCITY2 to DIGITAL MAN on Fri Apr 3 22:18:00 2020
    The issue was root-caused to bad syntax in the sysop's text/ip-silent.can file.
    The line ".46~" matched (and silently dropped connections from) the problem IP >ddresses, unintentionally.

    So yeah, the TCP connections were reaching SBBS and being silent disconnected.

    I have one other syntax related question. There is a note in the *.can
    files that says:

    Wildcard characters (*, ^, ~) are allowed and ! negates the match

    If I would have added an entry for Al and Beery's IPAs starting with a '!'
    in the ip-silent.can file, would that have allowed them in even though they were covered (accidentally) by my bad syntax?

    I did not try it, since you helped me fix the root problem, but I wondered
    what that would have done.

    Thanks!!!


    * SLMR 2.1a * Coming soon: New Taglines!

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Dumas Walker@VERT/CAPCITY2 to RAMPAGE on Fri Apr 3 22:22:00 2020
    my next step was going to be to ask to see the ip.can and ip-silent.can files..
    i mean, if it wasn't the firewall or the ISP, it had to be local...
    i can't even imagine what one would be trying to block with that particular ent
    y...

    I was trying to block all IPAs starting with '46.' because I had a lot of trouble with that one. For some reason, I thought the '~,^,*' were interchangable and was using the tilde. Wrong! :D

    FYI, IPAs starting with 46 tend to come out of Russia and/or the former
    USSR. Normally I try to be more specific and block 1.2.3.4/5 to only cover
    a particular provider. I went overboard with that one.


    * SLMR 2.1a * Bill T. Cat of Borg: "You will be Ack!Thbbpt!imilated!!"

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Digital Man@VERT to Dumas Walker on Sat Apr 4 01:41:29 2020
    Re: Re: does binkit log faile
    By: Dumas Walker to RAMPAGE on Fri Apr 03 2020 06:03 pm

    As it is not being logged by synchronet/binkit, I syspect whatever you are connecting to happens before it ever gets there. :(

    based on my analysis of the pcap file of attempts to connect to your port 24554
    and 23, i agree...

    have you tried rebooting your internet modem?

    It actually turned out to be a misunderstanding of how the ip-silent.can file syntax worked. I was using a tilde where I should have been using an asterisk. :D Synchronet apparently does not log nodes which are blocked silently, or I don't have the logging turned up sensitive enough to do so.

    Right, the "silent" means no-logging.

    digital man

    This Is Spinal Tap quote #16:
    David St. Hubbins: I believe virtually everything I read...
    Norco, CA WX: 54.9°F, 82.0% humidity, 2 mph ESE wind, 0.00 inches rain/24hrs

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Digital Man@VERT to Dumas Walker on Sat Apr 4 01:42:56 2020
    Re: does binkit log failed in
    By: Dumas Walker to DIGITAL MAN on Fri Apr 03 2020 06:18 pm

    The issue was root-caused to bad syntax in the sysop's text/ip-silent.can file.
    The line ".46~" matched (and silently dropped connections from) the problem IP >ddresses, unintentionally.

    So yeah, the TCP connections were reaching SBBS and being silent disconnected.

    I have one other syntax related question. There is a note in the *.can files that says:

    Wildcard characters (*, ^, ~) are allowed and ! negates the match

    If I would have added an entry for Al and Beery's IPAs starting with a '!' in the ip-silent.can file, would that have allowed them in even though they were covered (accidentally) by my bad syntax?

    No. Since their IP matched one of your lines (rules), they would still have been filtered.

    I did not try it, since you helped me fix the root problem, but I wondered what that would have done.

    There's really nothing you could have added to exclude their specific IP addresses since they matched that more general rule you had.

    digital man

    Synchronet "Real Fact" #13:
    Synchronet was the first BBS software to ship with internal QWK networking. Norco, CA WX: 54.9°F, 82.0% humidity, 2 mph ESE wind, 0.00 inches rain/24hrs

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rampage@VERT/SESTAR to Dumas Walker on Sat Apr 4 10:52:19 2020
    Re: Re: does binkit log faile
    By: Dumas Walker to RAMPAGE on Fri Apr 03 2020 18:03:00


    It actually turned out to be a misunderstanding of how the ip-silent.can file syntax worked. I was using a tilde where I should have been using
    an asterisk. :D

    yeah, that would do it ;)

    Synchronet apparently does not log nodes which are blocked silently,
    or I don't have the logging turned up sensitive enough to do so.

    yeah, i dunno... i think/thought that silent simply meant that it wouldn't tell them they were blocked and being dropped... but yeah, it might be (or also include) not logging the action... DM should know the answer to that for sure...


    )\/(ark

    ---
    ■ Synchronet ■ The SouthEast Star Mail HUB - SESTAR
  • From Rampage@VERT/SESTAR to Digital Man on Sat Apr 4 10:58:48 2020
    Re: Re: does binkit log faile
    By: Digital Man to Dumas Walker on Fri Apr 03 2020 21:41:29


    Right, the "silent" means no-logging.

    this is one of those things that could be of one or more meanings :lol:

    1. users not told they are blocked; connection just dropped.
    2. connection block not logged.
    3. both 1 and 2.
    4. something else?

    do the users still get notified when their IP is in the ip-silent.can file?


    )\/(ark

    ---
    ■ Synchronet ■ The SouthEast Star Mail HUB - SESTAR
  • From Gamgee@VERT/PALANT to Dumas Walker on Sat Apr 4 11:41:00 2020
    Dumas Walker wrote to RAMPAGE <=-

    my next step was going to be to ask to see the ip.can and ip-silent.can files..

    I was trying to block all IPAs starting with '46.' because I had
    a lot of trouble with that one. For some reason, I thought the
    '~,^,*' were interchangable and was using the tilde. Wrong! :D

    You may already be aware of this, but those modifier characters
    are explained pretty well here:

    http://wiki.synchro.net/config:filter_files



    ... Chuck Norris can divide by zero.
    --- MultiMail/Linux v0.52
    ■ Synchronet ■ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From Dumas Walker@VERT/CAPCITY2 to DIGITAL MAN on Sat Apr 4 12:46:00 2020
    Right, the "silent" means no-logging.

    Thanks for confirming. I knew it meant silent on their end (i.e. they
    don't receive a message), but was not sure about this end.


    * SLMR 2.1a * Palindrome: Evil I did dwell; lewd did I live.

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Dumas Walker@VERT/CAPCITY2 to DIGITAL MAN on Sat Apr 4 12:46:00 2020
    No. Since their IP matched one of your lines (rules), they would still have bee
    filtered.

    There's really nothing you could have added to exclude their specific IP addres
    es since they matched that more general rule you had.

    Good to know. Under what circumstances would the '!' entries be of use for?


    * SLMR 2.1a * An atheist is a man with no invisible means of support.

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Digital Man@VERT to Rampage on Sat Apr 4 16:00:11 2020
    Re: Re: does binkit log faile
    By: Rampage to Digital Man on Sat Apr 04 2020 06:58 am

    Re: Re: does binkit log faile
    By: Digital Man to Dumas Walker on Fri Apr 03 2020 21:41:29


    Right, the "silent" means no-logging.

    this is one of those things that could be of one or more meanings :lol:

    1. users not told they are blocked; connection just dropped.
    2. connection block not logged.
    3. both 1 and 2.

    It's both and 2.

    4. something else?

    do the users still get notified when their IP is in the ip-silent.can file?

    No and they're mostly not notified if their IP is in the ip.can file either.

    digital man

    This Is Spinal Tap quote #8:
    Derek Smalls: Making a big thing out of it would have been a good idea.
    Norco, CA WX: 61.0°F, 66.0% humidity, 3 mph ENE wind, 0.00 inches rain/24hrs

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Digital Man@VERT to Dumas Walker on Sat Apr 4 16:07:56 2020
    Re: does binkit log failed in
    By: Dumas Walker to DIGITAL MAN on Sat Apr 04 2020 08:46 am

    No. Since their IP matched one of your lines (rules), they would still have bee
    filtered.

    There's really nothing you could have added to exclude their specific IP addres
    es since they matched that more general rule you had.

    Good to know. Under what circumstances would the '!' entries be of use for?

    Depends on which .can/cfg file you're referring to, but for ip*.can, let's say you only wanted to accept connections from 192.168.*. You could have a single line, "!192.168.*" which would filter/block everything *but* the IPs you trusted.

    digital man

    Synchronet/BBS Terminology Definition #62:
    SBBS = Synchronet Bulletin Board System
    Norco, CA WX: 62.0°F, 65.0% humidity, 1 mph WNW wind, 0.00 inches rain/24hrs

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Dumas Walker@VERT/CAPCITY2 to GAMGEE on Sat Apr 4 22:38:00 2020
    You may already be aware of this, but those modifier characters
    are explained pretty well here:

    http://wiki.synchro.net/config:filter_files

    I am now, thanks! :)


    * SLMR 2.1a * The toughest BBS you'll ever love.

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Dumas Walker@VERT/CAPCITY2 to DIGITAL MAN on Sun Apr 5 16:50:00 2020
    Good to know. Under what circumstances would the '!' entries be of use for?

    Depends on which .can/cfg file you're referring to, but for ip*.can, let's say >ou only wanted to accept connections from 192.168.*. You could have a single li
    e, "!192.168.*" which would filter/block everything *but* the IPs you trusted.

    Oh wow, that'd be more powerful than I imagined. Thanks!


    * SLMR 2.1a * Truth Through Superior Firepower.

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP