Updating Gateway Entries on fuller.net

Introduction

Please read the Gateways FAQ first before reading this document.

Hints on Choosing Your Gateway's Subnets

Please read the document on setting up subnets first before reading this document.

Getting the Gateway, Resource and Encap Files

Again, please read the Gateways FAQ first before reading this document.

Propagation of Encap Routes

As the gateways file is updated on fuller.net, a new version of the encap.txt file is created. Both files are then made available via password protected FTP. As well, the file encap.txt is emailed to many of the gateway sysadmins daily, but only if the file has changed.

How long it takes for your routes to propagate depends on how quickly the gateway sysadmins install the new version of encap.txt. Some sysadmins have an automated update method, either using FTP or upon receipt of the encap.txt by email, and on these gateways your routes should be installed within 24 hours.

Some sysadmins still retrieve and update their encap routes manually, and your routes may take days or months to be installed on these machines. That's life.

Format of a Gateways Entry

This section outlines the format of version 4 of the entries in the gateways file.

Each gateway entry describes a single ampr.org gateway, its Internet address and the subnets that it services. There are three mandatory fields in a gateway entry, and each field is a single line of the entry:

Gateway : dotted IP address of the gateway

Other text may appear on the line. Examples of valid lines are:

Gateway: 10.23.76.195
Gateway: 10.23.76.195 fred.bloggs.org
Gateway: fred.bloggs.org 10.23.76.195 more junk here 12345678

Examples of bad lines are:

Gateway: 10.23.76.1956
Gateway: fred.bloggs.org -- no IP address
   Gateway: fred.bloggs.org 10.23.76.195 -- leading whitespace is bad

Subnets: list of NOS-style subnets

The line contains a comma-separated list of subnets serviced by the gateway in NOS format, e.g aa.bb/zz or aa.bb.cc/zz.
Examples of valid lines are:
Subnets: 44.136.6/24
Subnets: 44.136.7/24, 44.136.6/27
Examples of bad lines are:
Subnets: 44.136.6/24 lots of stuff which isn't a subnet
Subnets: 44.136.7/24, 44.136.6/27 44.13.5/23 note no comma
Subnets: 44.136.7 24, 44.136.6-27, 44.13.5,23

Password: encrypted password string

The line contains the password that you used when creating your entry. Note that it is encrypted with a one-way hash function. When performing updates, you must send in the original password. It will be encrypted and compared with the encrypted version on fuller.net. If you send fuller.netthe encrypted password, it won't work!

All other lines in the entry are optional and can be used to describe the gateway. See below for an example gateway entry.

Updating Your Gateway Entry

This section outlines the version 4 method of updating the entries in the gateways file.

To create or change a gateways entry (and hence the corresponding encap.txt file which contains the encap routes), you need to send the update commands as an email message to the Gateway Daemon at the email address gateways@fuller.net.

Your email can contain several commands to be performed by the Gateway Daemon; each command is given on its own line. However, before you can give any command you must identify the gateway you want to work on and its password:

Gateway: 10.23.76.195
Password: gursplacurjivle

The password you send is in plaintext, i.e not encrypted. The Daemon encrypts your password and compares it against the encrypted version on fuller.net. If they don't match, your email is rejected.

Note: During the changeover from version 3 of the gateways format, the plaintext password for each gateway will be its IP address. This will allow you to easily change your password over to a better one. The Daemon emails Warren if the plaintext password looks like an IP address, to identify use of vulnerable passwords.

Changing Your Gateway's Password

To change your gateway's password, send in the following command:

New Password: plaintext of new password

The password should be a single word, no whitespace. You have to remember it to update your entry in the future. The password must not be more than 20 characters long. No guessability checking is done by the Daemon.

The Daemon will change the encrypted password in your gateway's entry and append a Last Updated: line to your entry; this timestamps when the password change occurred.

Here's an example email to change a gateway's password:

Gateway: 10.23.76.195
Password: gursplacurjivle
New Password: inherently_easy

Changing the Entire Entry

To change the entire entry, or to create a new entry, send in the following command:

New Entry

The rest of email is the rest of gateway's entry, i.e the Subnet: lines and any other lines you'd like to put in. The Daemon will ignore lines starting with Gateway:, Password:, New Password:, route addprivate, Sent By: and Last Updated:. It will also try to ignore lines which look like a mail signature, but don't count on it.

Here's an example email to change/create a whole entry:

Gateway: 10.10.10.10
Password: gursplacurjivle
New Entry
Gateway Area: Bits of Canberra
Subnets: 44.255.255/24
Maintained by: Warren Toomey wkt@cs.adfa.oz.au
Notes:  This is the new gateway required to service my extensive set
        of IP-capable toasters running FreeBSD 2.2-current. People
        who cut and paste this and email it in to fuller.net will be
        laughed at in the gateways mailing list.
Services: WWW, FTP, DNS, Converse

As always, the Daemon will append a Last Updated: line to your entry which timestamps when the change occurred.

Changing the Gateway's Address

One of the most frequent changes to a gateway's entry is a change of IP address, and this has caused lots of problems in version 3 of the gateway update method. In version 4, it's much easier. After your Gateway: and Password: lines, you send the command:

New Address: new dotted decimal IP address

Your gateway's IP address and timestamp will be updated. Here's an example email to change your gateway's IP address:

Gateway: 10.11.23.56
Password: inherently_easy
New Address: 131.236.23.91

Deleting A Gateway's Entry

Finally, the command to delete an entire entry from the gateways file is:

Delete Entry

Here's an example email to delete an entry:

Gateway: 10.23.76.195
Password: inherently_easy
Delete Entry

Replies from the Gateways Daemon

If your email was successful in updating or creating a gateways entry, you will receive the following email:

[ *** Gateways Robot v4 - Expect possible bugs! *** ]
Your gateways entry update has been sucessful. Here is the log of commands that I processed:
Log of commands processed by the daemon
And here is your new entry as it appears on fuller.net:
New gateways entry file on fuller.net:
The Gateways Daemon

If your entry is a new entry, you will also see:

Your entry is a new one. It has been placed in a pending queue and will be hand processed by n7vmr@fuller.net.

However, if your entry was unsuccessful, you will get back the following error message:

[ *** Gateways Robot v4 - Expect possible bugs! *** ]
The gateways entry update you mailed me had errors. Here is the log of commands and errors that I processed:
Log of commands processed by the daemon and resulting errors
If you need any help or are confused, read the FAQ on submitting gateways entries to fuller.net. This is available at http://www.fuller.net/Gateways/Gateways-FAQ.html or
ftp://ftp.fuller.net/hamradio/Gateways/Gateways-FAQ. As a last resort, email n7vmr@fuller.net with the entry you just emailed me and this information.
The Gateways Daemon

Here's a list of the error messages you will see and what they mean:

Bad IP address on 'New Address:' line: There wasn't an IP address on this line, or else the IP address wasn't in correct dotted decimal notation.
Bad password in mail: The password you gave was either the wrong password or was not a single word of 20 characters or less. The daemon won't return the password in the reply email.
Bad password on 'New Password:' line: The password you gave was either the wrong password or was not a single word of 20 characters or less. The daemon won't return the password in the reply email.
Bad subnets on 'Subnets:' line: The list of subnets you gave were either not properly separated by commas, or had bad characters in them.
Can't change address on non-existent gateway: The IP address you gave is for a gateway that doesn't exist. The only command you can do on this gateway is `New Entry'.
Can't change password on non-existent gateway: The IP address you gave is for a gateway that doesn't exist. The only command you can do on this gateway is `New Entry'.
Can't delete a non-existent gateway: The IP address you gave is for a gateway that doesn't exist. The only command you can do on this gateway is `New Entry'.
Missing 'Gateway:' line in mail: Your email didn't contain a `Gateway:' line.
Missing 'Password:' line in mail: Your email didn't contain a `Password:' line.
New Entry didn't have a 'Subnets:' line: Your new gateways entry didn't contain a `Subnets:' line.
No valid IP address on 'Gateway:' line: There wasn't an IP address on this line, or else the IP address wasn't in correct dotted decimal notation.
Unknown command: line from email: The daemon found a line which didn't have a valid command on it.

Modified: James Fuller Mon May 31 22:16:56 MST 1999

Original:Warren Toomey

Fri Mar 1 13:46:28 EST 1996

This Page Has been Accessed times since 01/01/2000.