--- Log opened Wed Apr 11 00:00:00 2018 --- Day changed Wed Apr 11 2018 00:00 < mines5> under specifications it states its "unmanaged" 00:00 < michael_mbp> mines5: yeah 00:00 < mines5> which is confusing considering it does QoS 00:01 < michael_mbp> mines5: most likely ingress bound (DSCP) 00:01 < michael_mbp> i.e. QoS would apply to the entire switch 00:01 < mines5> That makes sense 00:02 < mines5> I've actually never heard of DSCP until now which is a little sad. But hey, you learn new things everyday 00:02 < michael_mbp> yup - same here actually ^^ 00:02 < genec> Demos[m]: read the release notes and all applicable changes from current to new 00:03 < genec> QoS on solely DSCP is a poor man's approach but sometimes works (tm) 00:03 < Demos[m]> Combo port fails to linkup with Intel NIC X520 and X710 after multiple unplug/re-plug on XS712Tv2 00:03 < Demos[m]> sounds about right 00:04 < michael_mbp> I'm looking to play with https://www.openvswitch.org/ on my Xenserver 00:04 < michael_mbp> so much learning, not enough time. 00:04 < mines5> michael_mbp, is it virtual or physical? 00:05 < michael_mbp> er.... 00:05 * genec innocently whispers about PoE+ on his 10GBASE-T switchports 00:05 < michael_mbp> well, I'm sure it must map to actual NIC ports 00:05 < michael_mbp> but it's virtualised in Xen if you want to 00:05 < mines5> I didn't read before posting that lol 00:05 < michael_mbp> mines5: hehe 00:06 < michael_mbp> (i.e. you can run on a hypervisor) 00:06 < mines5> Makes sense for working with limited physical ports 00:07 < michael_mbp> issue I ran into wiht Xen is that pfSense can't run VLANs on virtual interfaces 00:07 < genec> Demos[m]: time to queue the change request for very-soon maintenance window, possibly even force an emergency maintenance window 00:09 < mines5> ESXi is my preferred server hypervisor currently 00:09 < mines5> because its free lel 00:11 < genec> yeah, pretty easy to allow multi-VLAN access to vNICs in ESXi with the VMPG VLAN ID 4095 00:11 < BenderRodriguez> mines5: what... 00:11 < BenderRodriguez> libvirt/openstack? 00:12 < mines5> ESXi is free to a degree last I checked, its good as a hypervisor if you know vmware 00:12 < mines5> Microsoft's is a pain to use last time I tried 00:12 < mines5> on that note, I'll be back I have some thing I need to take care of 00:13 < genec> yes, but ESXi is free as in beer while libvirt/openstack is free as in speech 00:14 < mines5> I had forgotten about those 00:14 < mines5> most of what I've learned is rusty because I've been stuck in dead end IT jobs :/ 00:15 < genec> today, there's very little that ESXi on a freebie is limited to short of everything that requires vCenter 00:16 < mines5> I mean, its not so useful currently because I don't have the capital to upgrade my hardware either 00:20 < Maarten> I use ESXi on most of my remote locations, even if there is only ONE server (such as a domain controller). It makes patching/rebooting windows servers a lot easier, as the hypervisor can just stay up for years if need be, and you can troubleshoot any boot problems with the windows servers. 00:21 < pekster> And acrue years worth of vulnerabilities :P 00:22 < pekster> Depends on if any matter to you I suppose 00:22 < pekster> Boot issues on bare-metal don't have to be awful either with IMPI or some other proper out-of-band access 00:23 < pekster> Some BIOSes even offer remote-serial, though that's almost worthless for Windows unless you can do legit management from the bootloader via serial now 00:25 < genec> pekster: most of my VMs can do a reboot in 15-30 seconds. vulnerabilities can be solved with using an public-facing VM for VPN access to the secured ESXi management system 00:25 < pekster> Maybe. Unless the vulnerability is in the networking stack on the host, which presumably still needs a public-facing link 00:26 < pekster> Seems bad to assume such a thing couldn't occur, especially if going "years" without updates 00:27 < pekster> Not saying VMs are bad, just pointing out they require managemnet like any other appliance 00:28 < genec> but there are ways to reduce the profile significantly 00:28 < pekster> Spectre/Meltdown come to mind recently ;) 00:28 < genec> pekster: double tag comes to mind 00:28 < pekster> How does Q-in-Q help with a CPU exploit? 00:29 < pekster> I understand the reduce-attackable-footprint approach, but a hypervisor cannot completely disassociate itself from the network it's riding on 00:29 < genec> pekster: no, a QinQ frame can sometimes circumvent allowed VLANs but only in outbound flows 00:31 < pekster> Ah, OK, so a (partly) compromised VM could gain access it shouldn't have. At any rate, at least keeping up with hypervisor exploits is good so you know what updates you're not installing as they become availble 00:32 < pekster> Not rebooting because you know and don't care is better than not realizing/caring a hypervisor has an attack service ;) 00:32 < genec> pekster: but the networking stack vulnerability (below the IP stack...) you propose is exactly the level that a QinQ vulnerability comes in on 00:33 < pekster> Sure, I was thinking a more remotely-exploitable vulnerability there, but to the extent local process limits are used, that's a valid point too 00:35 < genec> pekster: well, since the host has no public-facing IP stack interfaces but does have a public-ish facing network interface, that is the level of the attack 00:36 < pekster> The host is on an isolated network? Seems fairly worthless (how do you get Windows Updates to it, for instance?) 00:37 < pekster> Just because there's no direct external access does _not_ mean a service is going to be safe from remote-exploits 00:37 < pekster> dnsmasq had a nasty vulnerability a while back that allowed remote-code execution if specific DNS records were _returned_ in _response_ to a query (made as a client) 00:38 < genec> pekster: no no.... the host ESXi would have no access except via the secure-access VM. the general VMs like say a Windows OS guest instance might have full public access 00:38 < pekster> Right, so a networking _stack_ vulnerability on the ESXi _host_ could compromise the entire setup 00:39 < pekster> Say a buffer overflow in the TCP/IP driver on the host reads from arbitrary memory if you send a carefully constructed packet 00:39 < pekster> Now say I can MITM you upstream (somewhere, don't worry about how. Could be a foreign power hijacking BGP traffic, the method is not relevant to this example) and then I introduce such a byte sequence in reply to a request you initaited 00:40 < djph> pekster: let's be honest here, you're only gonna be sending goatse 00:40 < oneplane> has anyone here managed to get GRE protocol 0x6558 de-capsulated on Linux or OpenBSD? I'm getting data from vmware using Encapsulated Remote Mirroring (L3) source, and it is basically eth:ip:gre:eth:ip:udp:dns for example, I'd like to get rid of the first part (eth:ip:gre) and get the rest on a tap or physical interface; so far most tools I tried failed :( 00:41 < pekster> Not sure how profane images relate to an exploit, but OK. Must be the new-kids' version of Godwin's law 00:41 < obcecado> i'm running a gre tunnel over ipsec between an openbsd and an ubiquity device 00:41 < obcecado> both are edgerouter3 00:41 < obcecado> it works 00:44 < obcecado> to 'span' traffic out of vmware i span the port-profile to another veth, using a cisco nexus1000v 00:45 < oneplane> yeah, I expected something like that 00:45 < oneplane> it seems so simple... read in a packet, dig towards the 2nd ethernet frame, push out out onto another interface 00:46 < oneplane> wireshark decodes it fine, but gre, gretap, and the four openbsd versions all have problems decoding 00:46 < oneplane> I can do some packet wrangling with scapy, but it's userspace and slow 00:49 < cluelessperson> So, I bought some unifi equipment and I'm pretty happy with it 00:51 < drac_boy> hi 00:52 < cluelessperson> drac_boy: sup 00:52 < drac_boy> hi mr.clueless :) 00:52 < michael_mbp> hey chaps 00:52 < michael_mbp> I'm waiting to snag a unif 24port switch 00:52 < michael_mbp> or 2x 16s 00:52 < michael_mbp> (which makes more sense incase 1 fails). 00:54 < cluelessperson> michael_mbp: I like unifi stuff. :) 00:54 * drac_boy is waiting to see if this 2611 ad seller will write back or not 00:55 < michael_mbp> cluelessperson: same here 00:55 < cluelessperson> I just setup a USG, 8 port PoE and AP 00:55 < cluelessperson> I plan to upgrade to a 16 port PoE 00:55 < michael_mbp> my USG runs in bhyve on a FreeNAS box hehe. 00:57 < drac_boy> I'm wisfully still waiting for a nice alternative router model from ubiquiti but meh I dunno tbh :-> 00:58 < djph> drac_boy: whatcha mean? 01:01 < genec> pekster: but a TCP/IP driver won't be in the network stack. it's in the IP stack ABOVE the network stack. you can't exploit a TCP/IP vulnerability from just the L2 networking stack. 01:03 < genec> darn, I was gonna suggest some virtual interface mangling on Linux for oneplane... 01:04 < drac_boy> hi djph .. how about they sell the routerstation again or at least an updated new version of it anyhow? :) 01:04 < genec> drac_boy: don't confuse router with home gateway/router/AP consumer mashbox 01:05 < djph> dunno what the routerstation is(was). something arimax? 01:05 < genec> drac_boy: tbh, I'm very happy on my Aruba IAP cluster :D 01:06 < drac_boy> djph btw I would had rather used the default os (instead of openwrt that is) to keep the gui familiar network-wide but heres the hardware spec tho https://wiki.openwrt.org/toh/ubiquiti/routerstation.pro 01:08 < djph> looks kinda generic all-in-one 01:10 < drac_boy> well I don`t care for the usb part or the minipci too much .. its the dual connection feature that's the first important feature anyhow :-) 01:21 < drac_boy> genec last I checked no `consumer` router in the past 15 years have ever supported the connections I need to be able to provide so .. there :) 01:21 < genec> provide? 01:22 < genec> drac_boy: so do a gateway appliance like the ERL or ERX, a switch and 1+ APs 01:24 < genec> drac_boy: what kind of "connections I need to be able to provide"?? 01:24 < lupine> less ubnt, more pcengines 01:30 < drac_boy> genec oh right sorry I sometimes forget to write out the whole thing rather than the usual short version .. most people have 56k+dsl (although theres the infrequent cable-not-dsl addresses closer to urban too tho) .. and obviously too many cheap routers have no clue how to even install themselves into these sort of networks 01:41 < genec> drac_boy: so do you have home gateway/router/AP deployments or are you rolling the modem into the kit too? 01:45 < drac_boy> just wired networks alone usually .. sometimes wifi maybe (often only at few certain 2-3 floor houses alone..no surprise) .. its for offices too yep 01:46 < admiralspark> Is there anyone here who CAN get to this link? I just want a damn spec sheet for the Cisco 5000 series industrial switches: https://www.cisco.com/c/en/us/products/collateral/switches/industrial-ethernet-5000-series-switches/datasheet-c78-734967.pdf 01:46 < admiralspark> I can't imagine why I have to have permissions for this, I can download firmware for any catalyst switch with no contract but I can't get spec sheets for a switch? 01:47 < djph> because fuck you, that's why --cisco 01:47 < genec> admiralspark: I've got plenty of devices that require a contract that are all Catalyst 01:48 < admiralspark> to get data sheets though? 01:48 < admiralspark> Like....I'm not going to call a VAR to get a spec sheet. I'll just go look at Juniper 01:48 < admiralspark> well, guess that actually settles it 01:48 < genec> admiralspark: not datasheets but how old is the device? 01:49 < admiralspark> brand new 01:49 < drac_boy> genec I think he's too lazy to bother shopping properly from the sound of it :-s 01:49 < admiralspark> sorry 01:49 < admiralspark> I don't own one, I need a spec sheet to verify temperature ratings, power input ratings, etc 01:49 < drac_boy> admiral and what power output is your room? 01:49 < genec> admiralspark: you realize that there's numerous vendors that REQUIRE that you pay their annual "tax" to access updates in case vulnerabilities come up? 01:49 < admiralspark> Some 48v, some 125v 01:50 < drac_boy> "some" != proper shopping 01:50 < drac_boy> again .. what output :) 01:50 < cluelessperson> admiralspark: http://www.tecnologikausa.com/wp-content/uploads/data_sheet_c78-461802.pdf 01:50 < admiralspark> genec: again, I need a SPEC SHEET, not updates. I do not need updates. No firmware. No licensing. I need a data sheet that tells me hardwware specifications 01:50 < admiralspark> cluelessperson: thank you 01:50 < admiralspark> wait 01:50 < admiralspark> shit 01:51 < admiralspark> that's a nexus 01:51 < drac_boy> genec not to mention some of the times (as I have heard) they prefer people to actually call as to remove the "I bought it without even thinking..now YOU GET IT WORKING!" idiots 01:51 < admiralspark> I need the industrial ones :P 01:51 < genec> admiralspark: yet 01:51 < admiralspark> yet? 01:51 < genec> admiralspark: you don't need firmware YET but you will if you buy them 01:52 < genec> admiralspark: but it's interesting that the IE line is held so closely 01:52 < admiralspark> drac_boy: seven of the nine locations run 48v off of the fiber hut battery system. Two of the locations ate 125v power for the network appliances only 01:53 < drac_boy> 48v what? 01:53 < admiralspark> genec: yeah, budget isn't a concern (ironically). We're expecting to pay full 24/7/365 smartnet etc etc. But I don't care about that, I need to prove to engineers that this will meet the hardware requirements for their systems 01:53 < admiralspark> drac_boy: DC, sorry, I just remembered this isn't all USA people, my apologies 01:53 < admiralspark> 125v DC as well 01:54 < genec> admiralspark: I've seen worse system requirements 01:54 < admiralspark> right, but, I can't access the spec sheet....to see if the 5k sup[ports inputs using that 01:54 < admiralspark> we have several other needs that need to be met 01:54 < admiralspark> as well, that's just the first 01:54 < drac_boy> again admiral .. if you can't be clear with your spec then you can't expect a "free" product .. again like I said cisco probably doesn't want the "refuse to bother reading" idiots :) 01:55 < genec> admiralspark: at least it isn't 400Hz AC 01:55 < admiralspark> drac_boy: I think we're not talking about the same thing, I'm not expecting any products for free. I'm looking for hardware sales documentation 01:55 < drac_boy> genec oic..yeah...or 11,000v 01:55 < drac_boy> admiral if you want hardware then stop being lazy and you know...talk to a supplier 01:56 < admiralspark> which they provide to the public everywhere else, so that I can see which meets the needs I've been given 01:56 < admiralspark> drac_boy: do you work for a VAR? 01:57 < genec> drac_boy: do you have 11kV supply systems?? 01:57 < genec> admiralspark: looks like anything above the 3000 requires VAR access for the spec sheet 01:57 < admiralspark> ahh, sweet. Looks like it's not an option then. Thanks for the check genec 01:57 < drac_boy> genec no but have been very close to them a few rare times .. still dunno who thought 11000v overhead and 120v on ground floor could mix .. funny companies 01:58 < drac_boy> at least thankfully I don't work for the railroads .. I forgot how much mileage of overhead wires amtrak alone owns 01:58 < drac_boy> (at least these wires are very high up human-wise) 02:00 < drac_boy> you know genec I forgot which room but yesterday I was talking to someone and he somehow couldn't believe that there were still a large number of house that had only 120v immediately from the main line .. no 240v provision at all 02:01 < occupant> our building's dryer is 120v. it must cost a lot to run. 02:02 < drac_boy> well most of these houses had either air-drying or fuel-heated dryers mind you occupant 02:04 < drac_boy> occupant but either way hmm well I guess for an electric dryer that may depend what mode it uses and how soggy the overall load is 02:08 < drac_boy> anyway you all have fun as I need to go out as usual :-s 02:11 < tpanarch1st> howdo, got a chappy who's got a question that seems to have got him into a bit of trouble across Freenode 02:12 < tpanarch1st> forgive me for asking if it seems any kind of breach of rules 02:12 < tpanarch1st> he's curious about finding out how long it takes somebody to get a message on IRC and if there's a way of doing that without breaking any rules 02:12 < tpanarch1st> curious mind! 02:13 < tpanarch1st> he's over in my ##linuxnewbies channel and told me he'd got told off for asking - i don't follow as to why, maybe someone might enlighten me :) 02:13 < djph> not very long, a couple of seconds at most 02:15 < tpanarch1st> djph: is this possible to establish without effectively hacking the network 02:15 < tpanarch1st> or is that where it could land him in the shit 02:15 < tpanarch1st> he's thought about pinging and suchlike 02:16 < tpanarch1st> but ##freenode channel were not too happy with that it seems 02:16 < djph> dunno never thought enough to care 02:16 < tpanarch1st> this dude does :) 02:16 < tpanarch1st> curious minds etc :) 02:16 < djph> read the RFCs, perhaps. but really, it's message -> server -> other client 02:17 < djph> so it's your time to the server, then the server's time to the other client 02:17 < tpanarch1st> would trying to test that in any way land him in the shit? 02:17 < hiTech> uhm actually what i want to know is how to check how much my client lags 02:17 < tpanarch1st> yeh i appreciate that in terms of practicality but could he get like a down to the second (or even millisecond answer) 02:17 < djph> near on all of the traffic (barring lag) should be within a second 02:17 < tpanarch1st> oh alright there we go - horses mouth :) 02:17 < tpanarch1st> it's hiTech that's asking 02:18 < djph> most clients tell you how much they (think) they're lagging from the server 02:18 < hiTech> some people say i should ping someone and wait for the reply, but others say i should get someone to ping me and tell me the reply 02:18 < hiTech> so im comfused... 02:18 < djph> there is, of course a human element to "responded to you" 02:19 < hiTech> djph: can you rephrase plese? 02:19 < tpanarch1st> sure and then there's differentials 02:20 < tpanarch1st> such as there internet speed at any given moment and then yours, so you are looking at averages really 02:20 < hiTech> im not sure i understood.. im not native english speaker btw 02:20 < tpanarch1st> what djph is saying is that people may not reply immediately 02:20 < djph> :20:04 < hiTech> im not sure i understood.. im not native english speaker btw 02:20 < tpanarch1st> so that bawks your test a touch 02:20 < djph> err ... "20:20:04 ..." 02:21 < hiTech> it was 20:19:58 for me 02:21 < djph> then there you go, 6 seconds from where-ever you are to where-ever I am 02:22 < hiTech> djph: the thing is your client lags or my clinet lags? 02:22 < hiTech> or both? 02:22 < tpanarch1st> and hiTech there's also the matter of the IRC server you are connected to and the IRC server that "they" are connected to 02:23 < hiTech> tpanarch1st: exactly 02:23 < djph> your client -> server -> (more servers maybe ->) my client 02:23 < tpanarch1st> hiTech: you'd need a "both ways" test for that 02:23 < hiTech> if i see my client lags a lot i change server 02:23 < tpanarch1st> hiTech: you're looking at averages dude 02:23 < tpanarch1st> because there are so many things that can change 02:23 < hiTech> what if id ping the server itself? will the response be more accurate? 02:23 < djph> well, we know he sent a message at :19:58; I saw it at :20:04; and then responded at 20:21 02:24 < djph> so presumably he saw it at :20:27 02:25 < tpanarch1st> so if you say "test" hiTech (i'm sure the others will be kind and tell you) i'll let you know the time I get it, connected to orwell from the UK 02:25 < djph> hiTech: no, not at all. the whole point is you *RELAY* messages through several servers 02:25 < tpanarch1st> hiTech: i'd do "best of three" and then average it 02:26 < hiTech> tpanarch1st: ok 02:26 < tpanarch1st> you will not get a precise answer on this 02:26 < tpanarch1st> it's just not possible 02:26 < djph> ^ 02:26 < tpanarch1st> 01:26:03 on "OK" 02:26 < hiTech> 03:25:58 for me 02:27 < tpanarch1st> anybody else please as to when you got "OK" from hitech? 02:27 < djph> had seconds off, since I stopped caring 02:27 < tpanarch1st> oh be a sport djph :) 02:28 < hiTech> its fine 02:28 < tpanarch1st> it would be cool to get three people, three times 02:28 < djph> 20:26:xx here (probably a touch after you tpanarch1st, what being in the states instead of the UK) 02:28 < tpanarch1st> we can send him off with an average then 02:28 < hiTech> the thing is how do i choose whats the best server for me to connect to? 02:28 < tpanarch1st> what was your seconds djph do you have those? 02:28 < djph> "its fine" at 20:28:06 02:28 < tpanarch1st> that's test two djph :-p 02:29 < tpanarch1st> when hiTech said "OK" 02:29 < djph> tpanarch1st: they were *OFF* 02:29 < tpanarch1st> yeah course they will be 02:29 < tpanarch1st> but it's averages dude 02:29 < djph> tpanarch1st: no, "OFF" as in "DISABLED", not "different" 02:29 < tpanarch1st> oh sorry djph :) 02:29 < tpanarch1st> anyone with seconds on their client for reference please? 02:30 < hiTech> they are sleeping :P 02:30 < hiTech> but i guess i understood it pretty much 02:31 < djph> or, you just work with "test 2" time from me, and average against yours. but realistically, there's no such thing as a "better" IRC server 02:31 < hiTech> im just thinking how can i find an effective way to check which server is the best for me 02:31 < djph> are you connected and talking to people? 02:32 < tpanarch1st> hiTech: there's only seconds in it, you're not going to improve that between servers as servers are inconsistent 02:32 < tpanarch1st> there's around 5 seconds in it 02:32 < tpanarch1st> if there was a minute or two in it, fair enough 02:33 < hiTech> yeah i guess 02:33 < tpanarch1st> sometimes the server you are connected to is faster 02:33 < tpanarch1st> sometimes it will be a touch slower 02:33 < tpanarch1st> (by around 6 seconds) :_p 02:33 < hiTech> sometimes certain servers lag too much, but my internet connection isnt the best 02:33 < tpanarch1st> hiTech: the lag is so insignificant, really don't worry about it 02:33 < djph> but it doesn't matter if you've got no lag to *your* server, since perhaps there's lag between one or more of the relays 02:34 < tpanarch1st> yeah that too ^ 02:34 < djph> not to mention "the people at the other end just not wanting to talk to you" 02:34 < tpanarch1st> so, as an extension, sometimes the server that the recipient is connected to will be slower, sometimes faster too 02:34 < hiTech> tpanarch1st: sometimes lagging is so muc that the other person never gets my messages :P 02:34 < tpanarch1st> and the in-between relay 02:35 < tpanarch1st> hiTech: not come across that, that's likely to be an ISP issue in which case you are never going to be able to choose a better server 02:35 < hiTech> djph: what do you mean? 02:35 < tpanarch1st> hiTech: there's no guarantee that people will respond to another person 02:35 < hiTech> my internet is a crappy one 02:35 < tpanarch1st> you can't expect too much from IRC, if somebody wants to respond, they will 02:35 < tpanarch1st> if they can't be arsed, they won't 02:36 < hiTech> tpanarch1st: on ieccloud i can see if my message finally got delivered and sometimes it doesnt 02:36 < tpanarch1st> so your messages were likely delivered on the network 02:36 < djph> this is beginning to sound lije an xy problem 02:36 < tpanarch1st> it's just you didn't get a response. If you see your message appear in the window, you can assume it was delivered. If you get a message saying you're disconnected from the server, your internet is playing up 02:36 < djph> *like an 02:37 < tpanarch1st> hiTech: likely to be unreliable with what is an oldskool protocol like IRC 02:37 < tpanarch1st> trust me, it's likely delivered, somebody just didn't respond...it happens sometimes, pop on to a website forum if you can't get a reply 02:38 < hiTech> tpanarch1st: im not talking about freenode 02:38 < hiTech> that never happened on freenode i think 02:38 < hiTech> i just sometimes seeing my message not delivered 02:39 < hiTech> or sometimes i see people on the list that had actually quit.. but i dont see their quit 02:40 < tpanarch1st> well what we've said applies to the IRC protocol rather than a specific IRC network 02:48 < hiTech> yeah i believe so 02:48 < tpanarch1st> well there you go hiTech 02:48 < tpanarch1st> no definitive answer to your question 02:49 < tpanarch1st> averages are around 6 seconds maybe (not exactly a scientific test) 02:49 < tpanarch1st> and you expect too much of IRC :) 02:49 < djph> ^^^^^^ 02:49 < hiTech> well you two are both from us 02:50 < hiTech> for people from my country is usually less than 1 min 02:50 < djph> no 02:50 < djph> six SECONDS is 1/10 of a minute 02:50 < hiTech> yeah sorry 02:50 < hiTech> 1 sec 02:50 < djph> sounds about right 02:51 < hiTech> i guess :P 03:06 < genec> hiTech: why does it matter if the latency is faster than a human? 03:14 < tpanarch1st> i suppose in a world where seconds matter genec - the seconds add on to the time taken by a human to respind 03:14 < tpanarch1st> respond* 03:19 < genec> tpanarch1st: if hiTech could explain what lies underneath, perhaps it may offer a new insight for an answer 03:26 < tpanarch1st> sure genec - i just think it's curiosity 03:26 < tpanarch1st> sorry i'm geting hugely pissed off with how complicated it is, particularly as a dyslexic to send a mysql dump over scp 03:26 < tpanarch1st> and then transfer it into a database 03:27 < tpanarch1st> because phpmyadmin isn't capable of doing it's job properly after multiple attempts at trying to sort out the config files 03:29 < mast> Anyone have experience with Intel SR2600s? 03:30 < tpanarch1st> anybody know of a way to do drag and drop in a linux GUI to get around scp commands please 03:31 < fryguy> most file managers support gvfs which will do scp stuff for you 03:31 < genec> tpanarch1st: winscp 03:31 < fryguy> or use sshfs and then normal fileyssystem operations 03:31 < tpanarch1st> genec: in linux? 03:32 < TV`sFrank> tpanarch1st: shell script 03:32 < TV`sFrank> link icon on desktop 03:33 < tpanarch1st> well i just tried to find that in synaptic but no joy 03:34 < tpanarch1st> genec: no such thing in synaptic 03:35 < TV`sFrank> winscp should work in wine 03:35 < genec> tpanarch1st: WinSCP is for windows. 03:36 < tpanarch1st> genec - i use linux 03:36 < TV`sFrank> lol 03:36 < tpanarch1st> forget about wine 03:36 < tpanarch1st> it's horrific shit 03:36 < tpanarch1st> :) 03:36 < genec> tpanarch1st: "scp my/local/file luser@host:path/to/end" 03:36 < tpanarch1st> sure genec 03:36 < tpanarch1st> but for some reason 03:36 < tpanarch1st> the password isn't then recognised 03:36 < TV`sFrank> Good luck, then. o/` 03:37 < genec> tpanarch1st: "ssh luser@host" first 03:37 < genec> tpanarch1st: it's possible you have the wrong password or no ssh permission. keys are better 03:37 < tpanarch1st> yeh sure genec like scp -o PubkeyAuthentication=no /home/beanie/Downloads/financedatabase.sql root@192.168.1.176:/tmp/dbdumps/. 03:37 < tpanarch1st> thanks genec yeah i intend to get round to that 03:38 < tpanarch1st> for now, all as i want to do is transfer a mysql file from one computer to a server with mysql :'( 03:38 < tpanarch1st> i've spent two hours trying to work it out, one person told me to tunnel and then left when i tried to confirm it, another said don't tunnel, transfer it first but then the command didn't work 03:39 < genec> tpanarch1st: "ssh luser@host" first. does your password work? 03:39 < tpanarch1st> what's the luser please? 03:39 < tpanarch1st> never come across that :) 03:39 < genec> tpanarch1st: LOL; root is NOT normally permitted to SSH in with passwords on most distros 03:39 < tpanarch1st> yeah mine ***usually*** works 03:39 < tpanarch1st> :) 03:40 < tpanarch1st> i have permit root login deliberately turned on until i install certs 03:40 < genec> tpanarch1st: well, does "ssh root@192.168.1.176" work? 03:41 < tpanarch1st> no it's refusing me a connection 03:42 < genec> tpanarch1st: see how we break the issue down? 03:42 < tpanarch1st> genec: the issue here is i think failtoban has blacklisted me 03:42 < genec> tpanarch1st: tbh, I'd suggest trying an intermediate user and perhaps intermediate user with key. 03:42 < tpanarch1st> thanks, i'd appreciate that genec :) 03:43 < TV`sFrank> haha 03:43 < tpanarch1st> well, forgive me for the fact i'd just really like to get this database in the right place pleae 03:43 < tpanarch1st> in terms of fail2ban, how do I unblacklist myself please 03:43 < tpanarch1st> and then whitelist my LAN 03:44 < TV`sFrank> there is a #fail2ban channel... 03:45 < abdulhakeem> Packet Tracer or GNS3? on Arch Linux 03:50 < genec> tpanarch1st: but once you work the f2b, try the simple SSH and go from there. 03:50 < tpanarch1st> ok genec i've flushed the damn tables 03:50 < tpanarch1st> and got ssh root access 03:53 < tpanarch1st> genec: would iptables -A INPUT -i 192.168.1/24 -j ACCEPT work for whitelisting please? 04:01 < mast> What's really all that bad about Startech KVM switches 04:04 < strive> I ran nbtstat -A (server IP) and got back this line along with others: ☺☻__MSBROWSE__☻<01> GROUP Registered 04:28 < cmj> do people still use kvm? 04:28 < cmj> with synergy available 04:28 < chezidek> yes 04:29 < chezidek> oh wait 04:29 < chezidek> thought you meant virtualization 04:29 < inire> synergy isn't free anymore 04:29 < cmj> most importantly, my old kvm switches use vga 04:29 < chezidek> i use drac and ilo. 04:30 < chezidek> and i think most servers still have vga ports 04:30 < cmj> huh 04:31 < cmj> most servers are headless and use serial for "that day" 04:39 < purplex88> we have say downspeed of file is 2 Mb/s are we referring to instantaneous speed or average speed or something else totally? 04:45 < djph> depends, what context are *you* using for the download? 04:46 < Criggie> purplex88: average speed for the duration of the download I'd say 04:48 < purplex88> what are different contexts for "download"? 04:48 < djph> well, are you talking about the average speed for the whole file, or "it is transferring at $rate right now" 04:49 < Criggie> burst in the last X seconds vs total bytes/time taken 04:50 < purplex88> context means a situation in which i'm downloading a file? i hear 'context' too many times 04:51 < djph> 'context' matters 04:52 < purplex88> sometimes context means "more information", and sometimes 'environment', and 'situation' i want to be clear about it' 04:53 < djph> "context" ALWAYS means "the circumstances that form the setting of an event" 04:54 < djph> so talking about a download -> "right now, we're downloading at 2Mbit/sec" and "we downloaded 200MB at an average of 20Mbit/sec" are two different contexts 04:55 < xau> Can linux running in a VMWare sandbox on top of Windows7 be neatly and cleanly configurable for networking, even if the Windows7 based VMWare platform is twisted and kludged beyond redemption? 04:56 < purplex88> i saw many the download speed was 2 Mb/s when downloading 04:56 < xau> VMWare platform not known to be bad, underlying win7 corrupt beyond redemption 04:57 < djph> xau: no 04:57 < xau> ok 04:57 < TV`sFrank> purplex88: Go for Door #2! 04:57 < djph> xau: I mean, the *linux* networking may be sane .... but win + vmware;ehhh 04:57 < xau> yeah 04:58 < Criggie> djph: heh good observation 04:59 < purplex88> TV`sFrank: do you mean it was average speed? 05:00 < TV`sFrank> Me? I don't mean anything. :D 05:06 < purplex88> djph: can it be made more clear for me? i can't think of how these are the "circumstances that are forming the setting of downloading a file". 05:10 < wadadli> Has anyone configured UM to accept PP on RouterOS? 05:10 < wadadli> If so how did you make the customer's public host available over the internet for PP to access? 05:11 < Criggie> wadadli: I don't even know what that is sorry. 05:11 < Criggie> might get more answers in #mikrotik ? 05:12 < wadadli> Thanks. 05:20 < b0bby__> hello 05:21 < b0bby__> Does anyone have a socks5 server that I could quickly use to test something 05:21 < b0bby__> ? 05:24 < conr> Can’t ssh to a computer running a VPN from outside my home network but can from another within. But can ssh to that other computer not using VPN from outside. 05:25 < conr> Is it just a firewall issue with the VPN computer? 05:25 < rewt> could be anything, you'd have to check... my guess is response packets are going out the vpn instead of the non-vpn interface 05:26 < conr> rewt: I’m using UFW on the device. 05:26 < rewt> that doesn't mean anything 05:26 < conr> Would there be a certain rule to allow? 05:27 < conr> I see. But why only external IPs. Internal ssh just fine. 05:28 < rewt> again, depends on your setup 05:28 < rewt> the solution is specific to your scenario; there is no "one solution to fix them all" 05:29 < rewt> check the firewall rules, routes, and see where packets should go and where they actually go 05:29 < conr> Rewt here’s what I got. 05:29 < conr> :1234 -> 10.0.0.1:1234 (Modem/Router) -> Fwd 10.0.99.1:1234 (2nd Router) -> Fwd 10.0.99.100:22 (Ubuntu box using VPN) 05:35 < conr> rewt: Also I get a timeout error. So you thinking the return packets are getting lost by going out the VPN tunnel? 05:35 < rewt> could be 05:36 < rewt> do some tcpdumps on all interfaces to see which one is receiving and which one is trying to send 05:36 < conr> What Linux package will help with tracking? 05:36 < conr> Oh ok. 05:37 < conr> And would there be any timeout 05:37 < conr> logs? 06:36 < b0bby__> hello 06:37 < mustu> guys, anyone has experience with mirroring 10Gbps traffic pipe on network? 06:57 <@pppingme> mustu whats your goal in mirroring that much traffic? 07:02 < ExploitedKernel> yeah 07:27 < Criggie> pppingme: IDS/IPS, or "compliance" comes to mind. 07:57 < wadadli> I have a MikroTik Router that's on a switch, which is connected to my ISP's DSL modem. How can I put this router on the Internet? 07:58 < grawity> uhh what exactly do you mean by "put this router on the internet" 07:59 < Mead> if you want to use that router as gateway, you should adjust your topology 08:00 < wadadli> The MT router is running a service that I need PayPal to send a response back to. It's currently on the ISP's DSL LAN, so that's not possible. So how can I give the MT a public IP address that is accessible from the Internet? 08:01 < mustu> pppingme: traffic analysis / situational awareness / forensic analysis 08:02 < Mr_Roboto1> horray successful network window 08:09 < xjjw> Hi, Let's say I am connected to a Hidden WiFi which is controlled by Let's say X. Then is there a possibility that X can know that I'm opening xyz.com ? Could X Identify the sites which I am browsing by looking at the traffic 08:10 < sielicki> absolutely 08:10 <@pppingme> xjjw worried about the goat porn? 08:10 < sielicki> take the ip address and find the hostname 08:10 < sielicki> contact the IP address itself. 08:11 < xjjw> pppingme: It's not related to porn. But just to know if that is possible. Because thing is : You don't download any self-signed certificate from X and put in your browser. So possibility of MITM is zero 08:12 < wadadli> So I need to give the MikroTik the DSL Modem's WAN address. 08:12 < sielicki> I have an assignment due tomorrow for school and the entire block 143.235.0.0/16 is dead from where I'm sitting 08:12 < sielicki> https://bgp.he.net/AS3128 08:13 < grawity> wadadli: option 1: if your ISP supports it, switch the DSL modem to "bridge only" mode, and make the Mikrotik router do the handshake by itself (either PPPoE or regular DHCP) 08:13 < sielicki> https://d2l.uwc.edu/ --> dead 08:13 < sielicki> need to look at the assignment PDF, can't work on it 08:13 < grawity> wadadli: option 2: if the DSL modem only supports "router" mode, forward all necessary ports to your Mikrotik... like you would forward ports normally 08:13 < sielicki> someone please fix network issue so i can work, I assume this is the proper channel, thanks guys 08:15 <@pppingme> sielicki is the ##homework on the subject of procrastination? 08:15 < Spice_Boy1> in proxmox, it says the disk is local-lvm:vm-110-disk-1 but I can't find that anywhere on the system 08:15 < sielicki> ha ha ha 08:16 < Spice_Boy1> I think the lvm is throwing me off, but even if I do find / -name ..... it doesn't show up 08:16 < sielicki> Spice_Boy1 man lvdisplay 08:17 < sielicki> Spice_Boy1 it should be under /dev/mapper 08:17 < Spice_Boy1> ah yes, I found it under /dev once, but not the 'actual' file 08:17 < Spice_Boy1> ie, I'm trying to replace it with a different image 08:17 < TV`sFrank> Could it be that local-lvm:vm-110-disk-1 is virtualized? "Hmmmmm" 08:17 <@pppingme> Spice_Boy1 whats in /dev/mapper/ 08:18 < Spice_Boy1> lrwxrwxrwx 1 root root 8 Apr 8 13:52 pve-vm--110--disk--1 -> ../dm-13 08:18 <@pppingme> Spice_Boy1 lvm's don't show as files 08:18 <@pppingme> you see them via lvmscan 08:18 < sielicki> it's a symlink to /dev/dm-* which is a block file 08:18 <@pppingme> oops.. lvscan 08:19 < Spice_Boy1> yeah, got it.... 08:19 < Spice_Boy1> but how do I replace it with another one? 08:19 <@pppingme> you create the lv (unless you already ahve it) and change it where ever you're mounting or calling it 08:20 < Spice_Boy1> ACTIVE '/dev/pve/vm-110-disk-1' [64.00 GiB] inherit 08:20 < wadadli> grawity: hm 08:20 < sielicki> Spice_Boy1 read this, https://wiki.archlinux.org/index.php/LVM 08:20 < grawity> of course option 1 means that *all* internet access must now go through the mikrotik router 08:20 < grawity> but it also means you probably get more control of routing etc. than the modem offers 08:23 < wadadli> I don't see an option for switching the mode of the DSL modem. 08:25 < wadadli> It's a comtrend http://www.comtrend.com/links/218$product.htm 08:27 < sielicki> can someone please explain how to read this 08:27 < sielicki> https://cms-1.uwsys.net/cgi-bin/lg.fcgi?router=r-uwmadison-hub&query=show+bgp+summary&arg= 08:27 < sielicki> Where do I see prefix? I just see IP with no mask 08:28 < grawity> all those IPs are peer routers running BGP – *not* prefixes advertised via BGP 08:29 < wadadli> I wonder if it's possible to buy another modem that supports this feature and replace the one from the ISP. 08:29 < sielicki> Oooooh, I see 08:30 < grawity> you'd have to choose, uh, I think "show bgp" or "show ip bgp" and then enter the specific address or prefix 08:31 < grawity> https://cms-1.uwsys.net/cgi-bin/lg.fcgi?router=r-uwmadison-hub&query=show+route&arg=143.235.8.27 08:37 < sielicki> interesting 08:37 < sielicki> anyway, it's not coming back up, I'm going to sleep 08:38 < sielicki> later all 09:10 < NNightmare> any linux help? 09:12 < detha> Maybe there is, maybe not. It would depend entirely on what the linux question is 09:19 < NNightmare> ik I just broke one of the rules by asking to ask a question. It was too tempting 09:20 < NNightmare> I want to forbid my system from making any ethernet connection not through openvpn 09:20 < NNightmare> using debian 9 09:27 < detha> NNightmare: add a firewall rule that allows the connection to the vpn endpoint, then a 'drop all' rule. 09:27 < grawity> and/or remove the default route via the local gateway, and readd one just for the vpn endpoint 09:28 < detha> depending on how the vpn is set up, it may still need some tcp/udp 53 to resolve the vpn endpoint's address 09:31 < NNightmare> deams like doing this is going to need more linux knowledge than I thought 09:31 < NNightmare> I'm writing this through polari. That's how much of a novice I am 09:33 < NNightmare> still can't figure out the irc commands and flow in epic5. Am I supposed to type /join (room name) each time I want to join a room? How do I turn on vi key bindings for the input? 09:34 < grawity> there are shortcut keys for switching the active buffer 09:35 < NNightmare> thank god 09:36 < grawity> https://www.electricmonk.nl/docs/bitchx_tutorial/bitchx_tutorial.html#4.3 09:36 < grawity> epic5 should be relatively similar to bx 09:39 < NNightmare> thank u. any vi key bindings for the input? are u using bitchx? 09:40 < Lope> Running ubuntu 16.04. I've got `echo 'SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="aa:bb:cc:dd:ee:ff", NAME="maineth"' > /etc/udev/rules.d/70-mainnet-setup-link.rules` So my ethernet adapter gets renamed to maineth. Then maineth is part of a bridge. It works 99% of the time. But I just booted up and for some reason br0 would not come up. And I had another ethernet adapter called "rename3" that had the same MAC address as the one that 09:40 < Lope> is renamed to maineth. I just rebooted. There's no more weird "rename3" adapter, and the bridge works as it does 99% of the time. Any ideas? 09:42 < zamba> hi! when testing with iperf i'm able to get around 8 Gbps on a link.. but when transferring a file to a socket i'm only getting around 700 Mbps.. what could be the problem here? 09:42 < zamba> on the receiving side i'm doing: netcat -l -p > /dev/null 09:43 < zamba> and on the sending side i'm doing: dd if=/dev/zero bs=1M count=2000 | nc -w 3 09:43 < zamba> just to make sure that IO is not the culprit here 09:43 < detha> zamba: how far (in ms) are those systems apart? 09:44 < zamba> detha: 0.2 ms 09:44 < zamba> detha: and as i said, with iperf i'm getting around 8 Gbps 09:44 < zamba> on a single TCP stream 09:45 < detha> hmm. and if you change the blocksize to, say, 1K ? 09:46 < zamba> detha: same 09:46 < zamba> maybe slightly slower, actually 09:47 < detha> nothing in there that could slow it down indeed. no idea, then 09:48 < detha> which nc is that (or rather, what does -w3 do in this version) 09:49 < zamba> detha: it's the timeout value 09:49 < NNNightmare> ? 09:51 < zamba> NNNightmare: ? 09:55 < NNightmare> just seeing if i can connect on terminal. was a test 09:58 < detha> zamba: odd, then. time for wireshark, and see what it does, and what the syn/ack analysis looks like 09:59 < zamba> detha: true 10:00 < zamba> detha: it should be enough to just capture the tcp headers, right? 10:00 < zamba> detha: and just omit the data? 10:00 < detha> yeah, all you are interested in is how many bytes in flight, not what they are 10:01 < detha> (given that command, I'd be willing to put money on them being 0 anyway) 10:05 < zamba> given which command? 10:07 < detha> dd if=/dev/zero 10:19 < zamba> ah, hehehe 10:19 < zamba> yeah 10:55 < Celmor> I'm trying to give my pi-like device (running a debian derivative) a static IP 10:55 < Celmor> I tried setting it in nm-too, flushed ip, set link down, then up, restart dhclient, tried setting it in my routers interface but it always gets a weird random IP 10:56 < grawity> 1) define "weird random IP", 2) provide DHCP client logs, 3) why are you restarting dhclient manually if you're using NetworkManager? 10:56 < bezaban> a random one, wow 10:57 < Celmor> first it looked like this in my routers interface https://puu.sh/A0MiX/bbe9c72924.png 10:57 < bezaban> do you want to set a static ip on the device or a static lease in the dhcp server? 10:57 < Celmor> was able to communicate it using 241, shortly later it changed to .71 10:57 < grawity> that doesn't look very weird 10:58 < grawity> what DHCP client is NM configured to use, globally? 10:58 < Celmor> no idea, was able to find dhclient using auto-complete 10:58 < Celmor> it uses init.d, /etc/init.d didn't contain anything dhc* 10:58 < grawity> not even close to what I asked 10:59 < grawity> again, if you use NM, *don't touch* the DHCP client manually, let NM manage it 10:59 < grawity> if you try to start it manually, it'll use a separate config, separate leases, etc. 10:59 < Celmor> this is the output of nm-tool https://ptpb.pw/1hbq 10:59 < grawity> what NM version is that? 11:00 < Celmor> 0.9.8.8-0ubuntu7.3 11:01 < grawity> that's older than I remember how to configure 11:01 * grawity has 1.10.6 :| 11:01 < grawity> 0.9.8 didn't have `nmcli con modify` yet, did it? 11:01 < purplex88> what happens if we mutiply the bitrate by some number of seconds? e.g. 50 kb/s * 5 seconds? what do we get? 11:02 < Celmor> it seems to have it https://ptpb.pw/7roI 11:03 < Celmor> nm-connection-editor shows this after I created a profile https://puu.sh/A0MMA/ebf23b9c52.png 11:07 < javi404> please for the love of god, please deregulate these fucking monopolies like fios and comcast, please!!!!!!!!!!!!!! I want another ISP!!!!!!!!!1 11:07 < javi404> I can't stand it anymore 11:08 < raFeki> if one is banned from a irc channel. How come they can't get in even if he changes his Nick? 11:08 < javi404> raFeki: fuck them, I take my bans with pride. 11:08 < raFeki> even if the banned person changes their Nick* 11:09 < raFeki> javi404: hahaha man you made my night 11:09 < javi404> if you are banned for something stupid, then you don't want to be there anyway. 11:09 < raFeki> can I pm you please? 11:09 < javi404> raFeki: im still banned from /r/fedora because I used curse words. 11:09 < javi404> fedora linux channel 11:09 < javi404> no pms please 11:09 < raFeki> serious 11:09 < raFeki> cool 11:10 < javi404> raFeki: seriously, it has to be run by redhat corporate 11:10 < javi404> no reditor would give two shits about someone saying "this fucking sucks" or some bullshit. I think that was back when I was ranting and raving about systemd 11:10 < z8z> I have a clean installation of centos in 2 servers and using curl i can access a website on port 443 but i cannot access the other on port 445.... using the browser from my laptop i can access without problems. Any clue? 11:12 < raFeki> javi404: how can they know it's you though? 11:29 < zamba> detha: the segment lengths for the iperf testing is a whole lot bigger than the ones using netcat 11:29 < zamba> detha: all the way up to 65226 11:31 < detha> zamba: my guess: iperf sets initial window scaling much higher, nc doesn't touch it 11:32 < zamba> detha: but the same happens when just doing regular ftp 11:32 < zamba> detha: i'm not able to get more than around 700 Mbps 11:32 < zamba> does this mean we have to tweak each and every application to be able to get the throughput needed? 11:33 < detha> zamba: iirc there are some sysctls you can tune 11:33 < zamba> also tried with 'scp' now (before you start barking about ftp being an outdated protocol): 11:33 < zamba> testfile 100% 3054MB 92.5MB/s 00:33 11:33 < zamba> but why should we have to do this? 11:33 < zamba> low-latency.. shouldn't have to tweak too much 11:35 < detha> defaults are from the days ethernet was 10 or 100Mb/s 11:38 < zamba> you were btw. totally correct about the window scaling 11:39 < zamba> detha: nc didn't touch it, so it was set to 68 bytes throughout the whole session 11:39 < zamba> detha: whereas iperf quickly went all the way up to 24000 bytes 11:41 < zamba> shouldn't the kernel handle all this? 11:41 < detha> zamba: tuning guides point to net.ipv4.tcp_window_scaling, and the rmem/wmem things 11:41 < zamba> the linux kernel has automatic window scale option? 11:41 < detha> it does 11:42 < detha> but that should be on by default, unless you have changed it 11:42 < zamba> then why isn't it doing its job? :) 11:42 < zamba> it's on, on both sender and receiver 11:51 < Apachez> https://www.pcgamer.com/a-new-kind-of-ransomware-forces-you-to-play-pubg-to-unlock-your-files/ 11:53 < Apachez> https://i.imgur.com/Mk3FFhw.gifv 12:08 < alxtb> If I'm not misremembering, there is a DNS record type that denotes an additional/alternative fqdn than the CNAME. Does that exist and if so what's it called? 12:08 <+xand> er 12:09 < alxtb> my thoughts exactly xand! 12:10 < alxtb> DNAME? 12:11 < alxtb> ANAME? 12:11 < Peng_> MX? SRV? 12:21 < Apachez> alxtb: what is it you want to do? 12:21 < Apachez> PTR tells ip -> fqdn 12:21 < Apachez> A/AAAA tells fqdn -> ip 12:21 < Apachez> CNAME tells fqdn -> fqdn 12:21 < alxtb> Apachez, figure out what record I'm (mis)remembering :) 12:23 < Apachez> http://stuffin.space/ 12:43 < Dagger> SRV records? 12:56 < teprrr> cname can't be at apex, so there's aname but I think it's a draft until now? 12:56 < teprrr> some providers may implement it via some A record mangling iirc 12:56 < raFeki> temmm 12:56 < Peng_> teprrr: right 12:56 < Peng_> AAAA records too ;-) 12:57 < teprrr> https://tools.ietf.org/html/draft-ietf-dnsop-aname-01 12:57 < teprrr> Peng_: godo point ;-)= 12:57 < raFeki> once a site bans you, how come you can't get back in even with a different Nick? 12:58 <+catphish> alxtb: basically no, at least not in the same way as a cname 12:58 < alxtb> Thanks catphish 12:58 <+catphish> ah you figured it out :) 13:04 < dna6a> May I have some assistance with port trunkning please? https://usercontent.irccloud-cdn.com/file/VvUx8mY0/Screen%20Shot%202018-04-11%20at%209.00.06%20pm.png 13:05 < dna6a> sorry 13:05 < dna6a> I can paste it 13:05 < dna6a> Adapter 1 is the default system gateway and is also in the port trunking group. Do you want to change this group to a new default gateway? 13:05 < dna6a> Note :If yes, the new default gateway will be Adapter 1+2 13:08 < dna6a> Can I use Adapter 1 and 2 and trunk them and use that for internet? virtual port, and docker? or do I need to use a third adapter (which i can do if needed) 13:08 < dna6a> for my QNAP TVS673 NAS 13:30 < dna6a> fixed it sorry 14:02 < wadadli> Can anyone suggest a good cloud RADIUS provider? 14:21 < AlexPortable> Using a consumer grade router as a switch/ap, but sometimes the internet connection just stops working, while it stays connected. I have to wait around 10 minutes or power off and power on the device. How can I diagnose what's going wrong? 14:23 < Kingrat> theres not much diagnosis with the consumer grade stuff, i suggest that it may be a good time to replace/upgrade to something better 14:24 < Kingrat> its probably not worth your time unless your time has no value, plus generally when those things start acting up theres not much you can really do about it anyway 14:24 <+catphish> AlexPortable: could be all sorts of things 14:24 < Kingrat> only thing i would try is a firmware update 14:24 <+catphish> obvious thing would be to try to see how far the packets are actually getting 14:31 < Apachez> wadadli: cloud radius? you are doing it wrong... 14:31 < Apachez> AlexPortable: rule things out, if you use a tp cable (rj45) to the same switch - do you get the same behaviour? 14:31 < wadadli> Apachez: ? 14:31 < Apachez> most likely overheated ap, buggy ap, or evil neighbours flooding your wifi 14:32 < Apachez> wadadli: Can anyone suggest a good cloud RADIUS provider? 14:32 < wadadli> Apachez: Yes. I typed that. 14:33 < wadadli> I don't like the sound of it either but it does have it's use cases. 14:35 < djph> wadadli: I'm pretty sure the use case is "I always wanted a new job" 14:51 < wadadli> Not sure what that means. 14:53 < acovrig> We have a 40/10G network with a windows server 2012 (contemplating upgrading to 2016) with a 40G link, and a handful of clients with 10G links. what network config would y’all recommend (services to disable in windows, jumbo frames, etc) 14:54 < djph> wadadli: it means "you're doing it so very wrong that I would expect your boss to fire you over it" 14:55 < acovrig> the switch is a layer 3 with some 40G and 10G ports. We disabled IPv6 on the windows clients and server and enabled jumbo frames at the 9xxx (I forget the exact number - the highest windows supports); has anyone had any experience with speed differences with windows server 2012 v 2016 14:56 <+xand> djph: but managers lurve outsourcing. 14:56 < djph> xand: in other words, they'll outsource his job to someone who can do RADIUS 15:11 < mAniAk-_1> acovrig: i wouldnt recommend enabling jumbo frames at all, if so only for specific isolated networks 15:14 < ikkuranus> I currently have several powerconnect 5500 series switches. If I get an HP NC522SFP for my server will there be any specific direct attache copper cable requirement or should I stick with matching fiber modules on both ends and a small fiber cable? 15:17 < djph> find one that's supported by both switches? 15:21 < ikkuranus> That's kind of the question but it's between the card and the switch and not between the switches 15:21 < ikkuranus> do they exist 15:22 < ikkuranus> when and if I need to link the 2 switches I'll be using the hdmi stacking feature 15:23 < djph> whichever. read the datasheets for both, they should(tm) list what they work with (or call support, etc.) 15:27 < mines5> isn't HDMI a video standard? 15:28 < ikkuranus> yes but they manage to make it work for ip in this case 15:28 < ikkuranus> er ethernet 15:30 < ikkuranus> anyway so what they have hdmi over ethernet 15:30 < mines5> That makes sense, HDMI is supposed to be capable of handling network traffic 15:31 < mines5> do they have two boxes to convert it with? 15:31 < mines5> I guess the better question is what is the problem they are trying to solve? 15:31 < mines5> I just woke up so half of the conversation is missing for me 15:32 < ikkuranus> well for me this is kind of off topic 15:32 < ikkuranus> my question is about connecting an HP NC522SFP to my pc5500 series switch 15:33 < mines5> which specific pc5500? 15:33 < ikkuranus> 5524p 15:34 < mines5> this is a dell switch? 15:34 < acovrig> mAniAk-_1: this is an isolated storage network, enabling jumbo frames seems to have helped, if/what services should we disable in windows? 15:34 < ikkuranus> yes 15:35 < mines5> ikkuranus, the HP one is this correct? https://www.amazon.com/HP-NC522SFP-Server-Adapter-468332-B21/dp/B002JQH7UO 15:35 < ikkuranus> yes that's the one I wish to purchase for my hp server 15:35 < ikkuranus> I know it's probably not required that I get that specific one 15:36 < ikkuranus> but for around 20$ on ebay it's hard to pass up 15:36 < mines5> I can't really tell you how well HDMI will work as far as ethernet, but I would recommend getting the SFP equipment for getting that and the switch to work together, assuming the switch is something like this: https://www.optiodata.com/dell-powerconnect-5524p-switch 15:37 < ikkuranus> nevermind the hdmi I'm just going to be using that for stacking 15:38 < mines5> you should be fine then, I have feeling the config for that is similar to the ethernet ports in that you just give it a vlan and an address 15:38 < ikkuranus> assuming I ever get a 3rd and 4th 10g capable device 15:38 < mines5> I wish I had a need for such things 15:38 < mines5> 1GB is overkill for my home 15:38 < ikkuranus> for now that second switch is just sitting in the box as a replacement if the other fails 15:40 < mines5> 10GB SFP modules are actually fairly cheap, you just need to get that and some fiber cables and you should be good 15:41 < ikkuranus> I already have a spare 3m cable 15:41 < mines5> I say that, the SFP modules range from under $20 to over nearly $700 15:42 < mines5> Used and still works should be fine though if you want it cheap 15:42 < ikkuranus> was hoping to use direct attach copper but if I have to buy several and it end ups not working then I wasted a bunch of money for nothing 15:43 < mines5> I'm sure you could, you probably just have to find the right one 15:43 < GreyHatNET> Is there any good cheap VPS Hosting for setting up an VPN, or private surfing? 15:44 < AlexPortable> Apachez: mostly cable keeps working yes 15:44 < AlexPortable> In rare cases but 15:44 < AlexPortable> Not 15:44 < mines5> GreyHatNET, I can't think of any off the top of my head, but your most likely looking at having to purchase at least two in order to mask yourself properly 15:45 < ikkuranus> 2 that sounds super paranoid 15:45 < GreyHatNET> Yeah, I just need one. 15:46 < GreyHatNET> The Hosting must to be trusted, that's the thing. 15:47 < ikkuranus> I'm probably just going to get one that claims to be compatible with the switch and hope for the best 15:47 < mines5> GreyHatNET, define trusted? 15:48 < GreyHatNET> So I can be sure that they dont touch my server without reasons like the police are at the door. 15:49 < mines5> You may want to look for a host in a country like the one the pirate bay is hosted in 15:50 < mAniAk-_1> acovrig: dunno, dont really use windows 15:50 < GreyHatNET> Yeah, but the cheapest I can find are OVH Reseller but I do not know if they are really trusted. 15:50 < mAniAk-_1> acovrig: but you may want to tweak some tcp values if you don't get that good speed 15:51 < GreyHatNET> Do you one some Hostings pirate bay is hosted in? 15:51 < GreyHatNET> know* 15:52 <+catphish> it's not hard to look up 15:52 < GreyHatNET> It's not, but to find a cheap one is. 15:53 <+catphish> lol tpb is cloudflare :) 15:53 < mines5> it is now 15:53 < mines5> but a few years ago it wasn't 15:53 < GreyHatNET> HTTP 15:53 < GreyHatNET> I need VPN 15:54 <+catphish> i imagine it probably had to move because of hassling from copyright holders 15:54 < GreyHatNET> Cloudflare is just for HTTP Anonymity 15:54 <+catphish> well not just for that, but its one benefit 15:55 <+catphish> anyway, you can get a VM with thousands of providers, it really doesn't matter much which 15:55 < mines5> I think it was in Norway originially 15:55 < GreyHatNET> Do you know a cheap in UK, USA, NL, FR, RO, RU? 15:56 <+catphish> they're all cheap 15:56 < mines5> this might help with VPS's https://www.pcmag.com/article2/0,2817,2455706,00.asp 15:57 < mines5> but if you want a VPN without that, you can use this https://www.privateinternetaccess.com/pages/linus-tech-tips 15:57 <+catphish> i like digitalocean, $5/mo 15:57 < mines5> Don't judge my sales link, I only have that because it makes things cheaper than they would be normally 15:59 < GreyHatNET> +catphish: Are you at digitalocean? 15:59 <+catphish> i use them sometimes 15:59 < GreyHatNET> So what is your main hosting? 16:00 <+catphish> if you are worried about data privaecy, the EU is a good place to go, since they have very strong data privacy laws on the horizon 16:00 <+catphish> GreyHatNET: i have my own network 16:01 < GreyHatNET> Where? 16:01 < mines5> Not in britain though 16:01 <+catphish> london 16:01 < mines5> you may want to move 16:01 <+catphish> that's not really an option 16:01 < mines5> If Brexit happens I'm not sure where the data privacy will be 16:01 < mines5> assuming it hasn't been called off 16:01 <+catphish> it won't make any difference 16:01 < mines5> In that case it should be fine 16:01 <+catphish> we've already implemented GDPR, nobody wants to change it 16:03 < GreyHatNET> I found one: 100up.de 16:03 < mines5> In that case it should be a good option 16:03 < GreyHatNET> Thank you for your help. 16:05 <+catphish> GreyHatNET: anything in the EU should be good for privacy, just go with a respectable company if the price isn't too bad 16:05 < mines5> Also make sure to read the privacy policy and user agreements 16:05 < GreyHatNET> The english website is 100up.org 16:06 < mines5> All the law jargon is where they get most people 16:06 < GreyHatNET> The prices are very fair. 16:06 < mines5> At least in the US its that way 16:08 <+catphish> mines5: a requirement of GDPR is that privacy statements are easy to understand, however in reality they still get long and complicated :( 16:08 <+catphish> ours is pretty extensive 16:08 < mines5> Legalese is a pain for anyone to understand 16:09 <+catphish> mines5: legalese is a nonsense, i don't know why people use it 16:09 <+catphish> i try to call people out on it 16:09 <+catphish> but yeah, it's pretty much illegal for privacy policies in europe to use such stupid language 16:10 < mines5> I'm not saying its real, just that legal jargon is hard to read for someone who isn't a lawyer or in the legal field 16:10 < javi404> what was the alternative of wget? or am I just getting old and need a B12 ? 16:10 <+catphish> javi404: there's wget and curl, most people use one or the other 16:10 < ntd> curl, aria2? 16:10 < javi404> fuck me 16:10 < javi404> curl 16:10 < javi404> brain fart 16:10 <+catphish> lol 16:10 < javi404> thanks ntd 16:10 * javi404 goes to take a vitamin B12 16:11 <+catphish> i use wget when i want to download, saves telling it to save to a file 16:20 < acovrig> mAniAk-_1: any recommendations on what tcp values to tweak? 16:21 < mAniAk-_1> acovrig: i dont know if 2012 has good or bad ones for your use-case, youll have to test, there's lots of info on google to find about this 16:22 < TandyUK2> erm, just incovered somethign very worrying to me.... wwww.whatismyip.com now lists your LAN ip as well as public ipv4/6's 16:22 < TandyUK2> anyone else aware of that, and how to block it from happening (its been suggested WebRTC is the culprit leaking the data) 16:23 < TandyUK2> multiple browsers too 16:23 < UncleDrax> well, guess it depends.. is your browser sending it as a x-header to the site, or is WIMIP running an active script to discover it.. (prob the later?) 16:23 < TandyUK> there no X-forwarded header, no 16:24 < UncleDrax> fair enough. i'd suspect that was not likely the cause 16:24 < GreyHatNET> In Firefox go to searchtab and type in about:config -> connection.en -> disable all -> WebRTC is now disabled. ;) 16:25 < GreyHatNET> Hope I helped, TandyUK. 16:25 < TandyUK> any ideas for chrome? 16:25 < TandyUK> yes thanks, although i dont usually use firefox 16:25 < TandyUK> it may now become my primary browser again 16:25 < GreyHatNET> http://www.giyf.com/ 16:25 < UncleDrax> looks like there's a plugin you need 16:25 < GreyHatNET> TandyUK the solution is http://www.giyf.com/ 16:25 < TandyUK> lol 16:25 < UncleDrax> that's the new LMGTFY eh? cute 16:26 < GreyHatNET> :D 16:26 < TandyUK> tbf, i was concerned this was some exploit, not some dumbass protocol that leaks private data 16:26 < GreyHatNET> disable all your addons and try again. 16:26 < UncleDrax> you say that like it's mutually exclusive 16:26 < redrabbit> anyone tried standing desks here? 16:26 < GreyHatNET> Some addons will send it always. 16:26 < TandyUK> what addons lol 16:26 < GreyHatNET> Browser Addons 16:26 < TandyUK> i care about my privacy to a certain extent 16:26 < TandyUK> yes lol, im ean what addons, i have none 16:27 < GreyHatNET> Browser Addons = No privacy 16:27 < redrabbit> "to a certain extent" same, there's a fine line between ok and insane 16:28 < GreyHatNET> In Chrome go about:config -> media.peerconnection.enabled -> set false -> WebRTC is disabled. 16:28 < redrabbit> gosh vegan food is dumb 16:29 < redrabbit> i eat a plate that is bigger than my head and i dont feel full 16:29 < TandyUK> im more concerned tbfh that i wasnt aware of these new 'features' being added to any of the browsers 16:30 < TandyUK> this goes back before 2015 ffs :S 16:32 < TandyUK> im now lookiing for ways to block webrtc in general o my entire network (and those of all my customers) 16:32 < TandyUK> (without killing voip as a bystander) 16:32 < mAniAk-_1> what is anyone going to do with your local ip 16:33 < TandyUK> i dont care, but the fact they cant dfind that, what other information might 'leak' 16:33 < shangul> Hi, How could I get line(phone) number which Huawei HG530 is using? I have access to it with the web panel, telnet and ftp to download "rom-0" and "ras" 16:33 < shangul> (It's an ADSL modem/router) 16:34 < TandyUK> VPN users have been aware fo this leak for years it would seem 16:34 < redrabbit> send an sms 16:34 < TandyUK> but im not seeing any ways to totally disable webrtc for an entire subnet 16:34 < redrabbit> TandyUK: that's old stuff 16:34 < TandyUK> each broswer, pc, etc would need to be checked manaully 16:34 < TandyUK> redrabbit: its news to me 16:34 < redrabbit> i have disabled that years ago 16:34 < redrabbit> adblockers have an option 16:34 < TandyUK> i had no idea my browser even had this shit, let alone benabled by default 16:35 < redrabbit> "block webrtc in general' 16:35 < redrabbit> can't 16:35 < redrabbit> its client by client 16:36 < TandyUK> so basically nobody has any security any more whatsoever 16:36 < redrabbit> some vpn providers include something in their bloated software though 16:36 < UncleDrax> I think Lynx probably doesn't use webRTC 16:36 < redrabbit> its easy to block it 16:36 < redrabbit> ..on the software 16:37 < ||cw> shangul: I don't think dsl uses a phone number, I know you don't have to have phone service for DSL to work 16:37 < qman__> shangul: DSL doesn't use a phone number, just the lines 16:37 < mAniAk-_1> TandyUK: i think youre overeacting a bit... 16:37 < qman__> it's a different, digital protocl 16:37 < shangul> ||cw, the lines? the phone lines. right? 16:37 < redrabbit> mAniAk-_1: yeah 16:37 < redrabbit> its not that significant 16:38 < ||cw> shangul: it's just a local loop, wires. not a phone line. the phone service just happens to run over the same local loop 16:38 < redrabbit> (nobody cares) 16:38 < mAniAk-_1> if youre so scared of this maybe you should disconnect from the internet 16:38 < redrabbit> ^ 16:39 < UncleDrax> +++ATH 16:39 < UncleDrax> .. damn it didn't work 16:39 < TandyUK> im not scared of it per-say, but its certainly not something i want 16:39 < UncleDrax> that said, i'd prob be ok disabling it at the browser level.. i'll prob do so at home 16:39 < redrabbit> FB suckerberg dickhole is LIVE on BBC world new 16:41 < redrabbit> that's fuckin' gold 16:41 < UncleDrax> how so? 16:41 < redrabbit> he's getting roasted lmao 16:41 < redrabbit> that grin on his face 16:41 < redrabbit> priceless 16:42 < UncleDrax> I watched some of the steam yesterday with the COngressional hearing.. all I got out of it was 'congresspeople dont really understand' and 'I was amazed at Zucks restraint' 16:42 < UncleDrax> i mean the dude probably spent the last 3-4 weeks training for it 16:42 < redrabbit> yeah but you can see how he's feeling live 16:43 < redrabbit> he's easy to read that fucker 16:43 < redrabbit> he's takin' some heat 16:44 < ntd> 1: they should bring up the "dumb fucks"-email 16:44 < ntd> 2: yesterday he said they couldn't ban CA since they were not a customer/advertiser in 2015 when they found out about what they were doing. 16:45 < ntd> so instead they let them become a advertiser later, knowing this? 16:45 < ||cw> the hard part in trying to block webrtc at the network level is that anyone can run their own ICE/STUN/TURN server on any port they want, including port 80. you'd need to do protocol inspection and whitelist your VOIP providers 16:46 < ntd> 3: "i don't wanna answer that question in public, let my team get back to you on that"-2K 16:47 < ntd> 4: he said they delete your data if you permadelete/close your account. under oath 16:47 < ||cw> it's probably easier to just force GPOs or whatever on the PCs you control 16:47 < b0bby__> hello 16:48 < redrabbit> https://www.twitch.tv/rabbit539 16:48 < b0bby__> On lede how do you block router ssh access and router http console access from a certain zone? 16:48 < redrabbit> im restreaming it if you wnna check 16:48 < b0bby__> the lede router 16:48 < redrabbit> b0bby__: firewall 16:49 < b0bby__> redrabbit: I'm asking how I would configure that firewall 16:49 < b0bby__> redrabbit: I tried From any host in prison To IP range 192.168.0.0/16 at port 80 on this device 16:49 < djph> b0bby__: from $ZONE to $LOCAL, drop all 16:50 < UncleDrax> 192.168 / 16? 16:50 < UncleDrax> oh right.. complete brain fart. carry on 16:51 < b0bby__> But that simply caused everything to stop for some reason 16:52 < djph> because that's dropping from zone1 to some random subnet ... not to the *router* tiself 16:52 < djph> *itself 16:53 < djph> or do you mean you tried the from zone1 to localzone approach I mentioned? 16:55 < b0bby__> djph: trying now 17:03 < zenix_2k2> i have a question, i have a VM opened on my localhost and it is a client which was trying to connect to my actual computer ( server ) using 2 python scripts... and if you know python, the accept statement will be like this --> local, (address, port) = sock.accept(), but the VM's Ipv4 = 192.168.189.128 and mine = 192.168.0.21 but the address variable = 192.168.0.21 17:04 < zenix_2k2> i thought it would show the address of the VM 17:06 < zenix_2k2> and do you need the 2 scripts to analyze stuffs or... that is quite enough ? 17:08 < grawity> zenix_2k2: depends on how the VM is configured to connect to the network 17:08 < grawity> zenix_2k2: very likely that the VM software just NATs all connections 17:08 < ||cw> zenix_2k2: wouldn't that be better asked in a python channel? it's very python specific 17:08 < ||cw> but yeah, it's likely seeing the NAT. instead have the client connect the hosts IP in the NAT network 17:08 < grawity> you could also say it's very bsd-specific because the socket api was invented there 17:09 < zenix_2k2> ||cw: i thought it is some sort of networking issues though 17:10 < ||cw> I guess I misinterpreted, thinking python might give the server address that was connected to, but I guess that doens't make much sense 17:10 < ||cw> zenix_2k2: when you NAT, the server sees the NAT router's "public" ip, not the client's private IP 17:10 < zenix_2k2> oh... and how can i manually view that ? 17:11 < grawity> is it Virtualbox? 17:11 < zenix_2k2> Vmware 17:11 < ||cw> view what? 17:11 < grawity> similar 17:11 < grawity> look through the VM networking options it offers 17:11 < zenix_2k2> ok 17:11 < ||cw> a server cannot ever get the local IP behind nat unless the client sends it as part of the protocol 17:12 < zenix_2k2> well but basically i haven't done any NAT-ing in this situation 17:12 < zenix_2k2> they are both in the same LAN 17:12 < ||cw> then how does the 192.168.189 network get to the 192.168.0 network? 17:12 < zenix_2k2> i don't know.. that is why i was asking 17:13 < djph> you'd need a router ... 17:13 < ||cw> it's because you've set the VM on the NAT vm network 17:13 < zenix_2k2> and even if it was linked to routing or NAT-ing stuffs, my router's gateway is 192.168.0.1 17:13 < ||cw> your PC hosting the VM is the gateway 17:13 < grawity> in this case, vmware is acting as the router 17:13 < ||cw> switch the guest to the bridged network 17:14 < zenix_2k2> oohhhh... 17:18 < ne2k> zenix_2k2, we are lacking a thorough description of the setup 17:19 < zenix_2k2> yea but i can't find where the configuration is set/stored at 17:19 < zenix_2k2> maybe something is broken with my VMware but i think i got my issue 17:21 < purplex88> if i multiply two quanties with different units what units will i get as result? e.g. miss rate (missed events/total events) * duration (seconds) 17:21 < UncleDrax> you get missrate-per-second.. 17:21 < purplex88> with multiply? 17:22 < UncleDrax> i mean in general. is this for some specific toolset? 17:22 < UncleDrax> or framework? 17:22 < purplex88> in general 17:23 < UncleDrax> ya, when you do math with 2 units you essentially create a 3rd unit of 'unitA per UnitB' (or similar). 17:24 < purplex88> if miss rate = 0.5 and 10 seconds then = we have 5 is miss rate per second? 17:24 < ne2k> purplex88, you most certainly don't get per second if you multiply by seconds 17:24 < ne2k> purplex88, miss rate is a unitless quantity 17:24 < purplex88> or i guess miss rate in 10 seconds 17:25 < purplex88> say, if miss rate = number of incoming flows / total flows 17:26 < purplex88> so thats miss rate of incoming flows 17:27 < ne2k> I can't think of any meaningful use for miss rate * time 17:27 < ne2k> what are you actually trying to do? 17:28 < ne2k> purplex88, ^^^ 17:35 < purplex88> ne2k: ah its a miss rate during a period of time 17:35 < purplex88> miss rate during a period of time * some other time 17:36 < ne2k> purplex88, wut? this makes no sense 17:36 < mawk> a miss rate is already miss / time 17:36 < mawk> so miss rate * time makes sense 17:36 < ne2k> mawk, no, it's not, it's a miss proportion 17:36 < mawk> sorry then 17:36 < ne2k> mawk, if i multiply two quanties with different units what units will i get as result? e.g. miss rate (missed events/total events) * duration (seconds) 17:36 < mawk> it makes no sense then 17:36 < ne2k> no 17:37 < ne2k> purplex88, I repeat, what are you /actually/ trying to do? 17:37 < mawk> purplex88: you get the product of the units 17:37 < mawk> but it's not always meaningful 17:37 < mawk> and it's even invalid when you do other operations than multiplication 17:38 < purplex88> i'm finding a response time = miss rate during a period of time x some roundtrip time 17:38 < mawk> a miss rate during a period of time ? 17:38 < mawk> it should be constant 17:39 < ne2k> purplex88, and what, exactly, is the miss rate? 17:39 < purplex88> miss rate = number of misses / total trials 17:39 < purplex88> during period of time 17:39 < LunaLovegood> Is there a way, on Linux, to reliably let a single thread use a whole cpu core? I mean, no task switching and no interrupts. The only calls it would use are sendmsg() and clock_gettime(). 17:40 < mawk> the period of time is just for you to compute the 17:40 < mawk> miss rate 17:40 < mawk> it doesn't appear in the final result 17:40 < LunaLovegood> Or I could use netmap on some TX queues of my NICs for even more exclusivity, still on a dedicated core. 17:40 < LunaLovegood> Only input would be through shared memory. 17:41 < ne2k> purplex88, I think you want something rather more complicated. sounds like you want a poisson distribution or something 17:41 < purplex88> if in 5 minutes the miss rate was 0.5 and roundtrip was .10 then find response time 17:41 < ne2k> purplex88, is this a single packet exchange? i.e. one there, one back? and do you have any latency? 17:42 < ne2k> purplex88, this is definitely probability, not straight maths. also, it sounds suspiciously like homework 17:43 < ne2k> purplex88, the miss rate is a number between zero and one; it's a probability 17:43 < purplex88> i guess it is but not mentioned 17:44 < ne2k> purplex88, well, anyway, as it seems we have successfully identified that this is indeed homework, bye bye 17:44 < mawk> is it the real question purplex88 ? 17:44 < mawk> or you're rephrasing it 17:44 < purplex88> rephrasing of course 17:45 < mawk> give the real question please 17:45 < purplex88> what is homework anyway? 17:45 < purplex88> i don't go to any school 17:45 < purplex88> was reading and got stuck 17:46 < ne2k> purplex88, ok, well, if it's not actual school homework and you're just trying to learn on your own, then go on. but please paste the actual question. 17:46 < purplex88> theres no question, just an equation which says response time = miss rate during a period of time x some roundtrip time 17:47 < ne2k> purplex88, but what is the context? what is is talking about? and what is it for? why do you want to understand it? 17:47 < mawk> I'd say / miss rate maybe purplex88 17:47 < mawk> uh no sorry, I took it for a success rate 17:48 < purplex88> i 'll figure it out later .. don't want to make it complicated 17:48 < ne2k> purplex88, what are you reading? it is entirely possible that if you found some random thing online that it is complete garbage 17:49 < ne2k> and, in fact, it sounds very much like it 17:49 < mawk> if p is the miss rate, 1-p is the success rate, so the expected number of tries for a successful send is 1/(1-p) 17:49 < mawk> so I'd say roundtrip time / (1-0.5) 17:51 < mawk> the expected value for a geometric law with probability of success p is 1/p 18:20 < drac_boy> hi 18:21 < chezidek> hi. 18:22 < OhPie> what's the best thing about a network? 18:22 < OhPie> on freenode? 18:22 < mawk> that you're easing the communication of people while being associally manipulating your computers ? 18:22 < chezidek> lol 18:23 < chezidek> speak for yourself. i'm not manipulating anything 18:23 < mawk> lol 18:24 * drac_boy wonders whats really going on now 18:25 < chezidek> OhPie: the best thing is all the packets getting to their destination despite the entire thing being made of shitty afterthoughts and patches 18:25 < chezidek> it's really quite a joke, especially how most service providers and network equipment vendors operate 18:26 < chezidek> i'm looking at you zayo 18:32 < c|oner> how can you have a backup dhcp server? 18:33 < c|oner> how _I_ have a backup dhcp server. 18:33 < chezidek> high availability similar to routers 18:33 < chezidek> health check from / to each, synchronize database 18:33 < c|oner> hmm. 18:35 < chezidek> microsoft has HA in 2012 or above i think. i'm sure ISC has something... & infoblox or whatever else you might be using, if it's enterprise 18:38 < tds> isc has dhcp failover for v4, but nothing for dhcpv6 if you want that 18:46 < AlexPortable> Using a consumer grade router as a switch/ap, but sometimes the internet connection just stops working, while it stays connected. I have to wait around 10 minutes or power off and power on the device. How can I diagnose what's going wrong? I can't ping the AP, neither the router 'behind' it. Wired keeps working (rarely it also stops working). 18:47 < ne2k> AlexPortable, are you not using it as a router, then? 18:47 < Dalton> well since you can't replace part of a router..... 18:47 < chezidek> ditch it, it sounds like a piece of shit. 18:47 < AlexPortable> no i have another router 18:47 < AlexPortable> but it's with every device i get the same problem 18:47 < AlexPortable> first it works for a while, and then problems start to appear 18:48 < Dalton> then it's something behind the router/connection 18:48 < Dalton> or you're cursed/jinxed 18:48 < chezidek> AlexPortable: is the switch/ap doing DHCP also? 18:48 < AlexPortable> nope, that's what the router is for chezidek 18:48 < ne2k> AlexPortable, does the ap/switch have an IP address on its bridge? can you access from a wireless client when it's not passing traffic succesfully through to the Internet? 18:49 < AlexPortable> router -> 'router' (configured as ap and switch). the second 'router' has it's own ip address, can't ping neither access the website (also not from wired clients) 18:49 < AlexPortable> although internet keeps working for the wired clients 18:50 < ne2k> AlexPortable, just to check, what interfaces does the AP/switch have? does it have a WAN one? and have you disabled it? 18:50 < AlexPortable> yes, i'm using lan1 for 'uplink', to the real router, lan2 for my pc, lan3 for another pc, and lan4 empty. around 5 devices connected to wifi 18:50 < ne2k> AlexPortable, and the real router, does it have multiple LAN ports? how are the wired clients connected, and how is the AP/switch connected to the router? 18:51 < ne2k> AlexPortable, ok 18:51 < AlexPortable> on the real router, lan1 is the ap/switch, lan2 and lan3 are some other computers 18:52 < ne2k> AlexPortable, it sounds like switch component of your ap/switch carries on working (which is not surprising as it is an ASIC), but the CPU part crashes 18:52 < ne2k> AlexPortable, which stops it being reachable on ping or web interface from either wired or wireless, and stops the AP bridging to the LAN 18:53 < ne2k> AlexPortable, do wireless client remain connected to the AP when it's in this state? and if you disconnect and reconnect, do they reconnect straight away? 18:53 < AlexPortable> sometimes they stay connected, sometimes they disconnect and try to reconnect, that sometimes works but other times also won't work 18:53 < AlexPortable> the network will stay visible 18:54 < chezidek> AlexPortable: update the software or swap it out 18:54 < ne2k> AlexPortable, have you tried a factory reset on the ap/switch? 18:54 < AlexPortable> yes 18:54 < AlexPortable> but then i have to put all settings there agian 18:54 < ne2k> AlexPortable, how about a reflash? 18:54 < AlexPortable> reflash won't help 18:54 < ne2k> AlexPortable, presumably it's just SSID and PSK that you need to put back in? 18:55 < AlexPortable> also the networking, since it's a router by defualt 18:55 < ne2k> AlexPortable, do you mean it didn't help, because you have done it? or do you mean you think it won't work, in which case what makes you so sure? 18:55 < AlexPortable> I remember updating the OS 18:56 < mgolisch> are different sfp transceivers interoperable? 18:57 < mgolisch> can sfp+ transceivers talk to a switch with sfp transceivers? 18:57 < ne2k> mgolisch, in theory, yes, but I would always recommend going with matched pairs 18:58 < ne2k> mgolisch, you can check a specific sfp+ modules's stats to see if it is backwards compatible with sfp. i think, in general, they are supposed to be, but I'm not sure 18:58 < ne2k> AlexPortable, it sounds like it probably has a hardware fault 18:58 < UncleDrax> mgolisch: are you trying to put a SFP+ transceiver into a switch with an SFP slot? 18:58 < AlexPortable> well then almost every device here gets a hardware fault 18:59 < UncleDrax> mgolisch: or as you asking if a SFP+ transceiver that does 1000Base-LX from Cisco will talk to a SFP transceiver from Juniper that is also doing 1000Base-LX ? 18:59 < mgolisch> UncleDrax: no i want to connect an old switch with a sfp 1gbit transceiver to a new switch with sfp+ 10gbit transceiver 18:59 < chezidek> should work unless it's a qsfp breakout or something 18:59 < chezidek> look up the spec of the 10g module if it supports 1g 19:00 < UncleDrax> mgolisch: they both need to speak a commmon protocol. ie: 1000Base-LX or 1000Base-SX. so long as both trasnceivers agree on that, there should (ideally) be no problem 19:00 < ||cw> I have had a 1G sfp refuse to talk to a 100M sfp. so make sure the module supports 1G as well as 10 19:00 < mgolisch> would the switch port need to be configured accordingly or would that happen automaticaly? 19:00 < mgolisch> as iam getting no link 19:01 < mgolisch> provided the module actualy supports 1gb 19:01 < mgolisch> will check its specs 19:01 < UncleDrax> mgolisch: you need to look at the specs of your optics. 19:01 < chezidek> post show interface stuff 19:02 < chezidek> mgolisch: do you know the module works in that switch? 19:02 < UncleDrax> mgolisch: the short/easy answer: just put the same transceiver into both ends of the connection. This assumes your SFP+ port will dumb-down to 1G trasnceivers (which afaik, almost all do) 19:15 < pfyoo> anyone have good resources for VoIP phones for a small office? 19:16 < compdoc> what sort of resource? 19:16 < Apachez> unfortunately its not uncommon with SFP+ that only does 10G 19:16 < drac_boy> pfyoo not really but feel free to consider grandstream for brand choice if you want to tho :) 19:16 < Apachez> that is a SFP+ slot who only accepts 10G SFP+ modules 19:17 < compdoc> snom is great for wifi wireless phones, and I like Yealink for desktops 19:17 < chezidek> pfyoo: polycom, asterisk, snom, 3cx, aastra, yealink 19:18 < UncleDrax> whichever you pick, if you're running it Internet-based VoIP, for the love of all that is holy, make sure you pick a SIP provider that is network-topography local to you 19:18 < pfyoo> thanks for all the links and suggestions! 19:18 < chezidek> dedicated circuit for voice. 19:18 < chezidek> or kill yourself 19:19 < UncleDrax> everytime someone calls me saying thier whatever-SIP-budget-system doesn't work because it's talking cross-country, I cry just a little. 19:19 < UncleDrax> yes 19:19 < ne2k> pfyoo, just use tin cans and string 19:19 < ne2k> pfyoo, or carrier pigeons? 19:20 < chezidek> ugh. having flashbacks of trying to explain QoS / shaping, and the fact that packets arrive at your interface in whatever order they want 19:20 < Guest49564> Hey guys 19:20 < Guest49564> If im on a network that sniff packets. Cant i use a vpn on tcp port 443? will they still be able to see me? 19:21 < Guest49564> sniffs* 19:21 < chezidek> Guest49564: i think it depends if SSL VPN or IPSec 19:21 < ne2k> chezidek, sorry, but you still don't beat the time I had to explain to someone that, if he had two radios that could communicate up to 200m, why he couldn't put them 400m apart 19:21 < Guest49564> i think im using ssl 19:21 < chezidek> ne2k: i just frowned IRL 19:22 < chezidek> Guest49564: is this at school or something 19:22 < Guest49564> yep 19:22 < Guest49564> Im not a student 19:22 < chezidek> who cares if they know you're using a VPN? 19:22 < Guest49564> just doing a event 19:22 < UncleDrax> Guest49564: VPN doesn't require 'encryption'. that said, they will see the packets (and thier source & destination), but might not be able to see the payload/contents of said packets. So depending on your defination of 'able to see me' 19:23 < chezidek> man ##networking is patient today :) 19:23 < Guest49564> they wont let us use our router so i was configuring it to be a vpn client 19:24 < redrabbit> VPN all the things 19:24 < tds> if you use something like openvpn in tcp mode wrapped with stunnel (with a valid cert on port 443) it should be basically indistinguishable from normal https traffic 19:24 < ne2k> Guest49564, if you connect outbound to a VPN server on TCP port 443, they'll have a hard time distinguishing between that and regular HTTPS traffic. 19:24 < Guest49564> Now that sound amazing 19:25 < Guest49564> thats what i was thinking 19:25 < redrabbit> tcp/443 without the fancy stuff works 99% 19:25 < redrabbit> never had it blocked 19:25 < UncleDrax> but they could still say 'oh you are doing a lot of HTTPS traffic to x.y.z.p' so if they look they will know yo're doing "something" 19:25 < redrabbit> who has time for that 19:25 < redrabbit> :| 19:25 < tds> plus if they're really paranoid, they may just be mitming ssl, in which case you're a bit stuck 19:26 < redrabbit> LTE 19:26 < redrabbit> :p 19:26 < ne2k> Guest49564, note that I said "hard time"; there are still ways for them to establish whether or not they think it's bona fide web traffic. but, as redrabbit says, in the majority of cases they probably just allowing 443 outbound 19:26 < ne2k> tds, they can't MITM it without you knowing 19:27 < tds> yeah 19:27 < ne2k> but yes, if they are MITMing it, you're screwed 19:27 < redrabbit> "wrapped with stunnel (with a valid cert" 19:27 < redrabbit> do you have a guide for that? 19:27 < redrabbit> or more info 19:27 < ne2k> ah yes, two layers 19:27 < redrabbit> never had to resort to this 19:28 < redrabbit> just curious 19:28 < tds> this guide looks decentish: https://www.perfect-privacy.com/howto/openvpn-over-stunnel/ 19:29 < tds> but if you just google "openvpn stunnel" there seem to be various helpful results :) 19:29 < ne2k> redrabbit, I guess the theory is that, if they're MITMing you, all they will see within is another VPN. which they could block, but not get into 19:29 < redrabbit> doesnt look too hard 19:29 < redrabbit> never had an issue with my 433/TCP setup anyway 19:30 < redrabbit> 443* 19:30 < idnc_sk> ssh proxied over HTTPS 19:30 < idnc_sk> everything tnneled over ssh 19:30 < tds> also worth keeping in mind, if you're at a uni with eduroam, then they're required to allow udp traffic on port 1194 :) 19:30 < redrabbit> i just use openvpn 19:31 < idnc_sk> tds: good to know 19:31 < khj0956> I don't know if this is the right place to post this, but I'm looking for someone with Windows 10 or Windows 7 computer/laptop, and an iPhone or iPad to capture app traffic for me. Should take no longer than 1 hour. Willing to pay $100 by bitcoin. PM me for more info. 19:33 < idnc_sk> khj0956: this is hillarious 19:33 < kitt__> Hello 19:33 < redrabbit> whats the catch 19:33 < redrabbit> hi 19:34 < dumbRabbit> Hello? 19:34 < idnc_sk> as in hillary-ious >> more hilarious than usual 19:34 < b0bby__> hello 19:34 < khj0956> ? 19:34 < b0bby__> I have a lede router 19:35 < redrabbit> me too 19:35 < redrabbit> is that the whole story? 19:36 < dumbRabbit> i think it was a hub joke 19:36 < dumbRabbit> broadcast it to everyone to see who picks it up 19:37 <+catphish> i have many routers 19:38 < b0bby__> I have it setup so I have a wan(192.168.0.54), lan(192.168.1.1), and pri(192.168.2.1) interfaces. Ping: 192.168.1.177-->192.168.0.33(works), 192.168.0.33-->192.168.1.177(Fails). How do I fix this? 19:40 < djph> check your firewalls, and the default gateway for 0.0/24 19:40 < b0bby__> default gateway for what? 19:40 < djph> 192.168.0.0/24 19:43 < b0bby__> The router in control of 192.168.0.0/16 is the modem 19:50 < djph> which collides with the other two networks ... 19:51 < b0bby__> what? 19:54 < electricmilk> Dear God. Our Shoretel PRI phone provider wants $1,995.00 to increase the capability to have up to 100 users. Licenses for mailbox and extension is $160 each! 19:54 < electricmilk> We really need to switch to damn VOIP already 19:54 < mgolisch> hm doesnt work, get no link, they probably dont do 1000sx, but some of the old sfp transceivers work in the new switch 19:55 < mgolisch> that will work for now 19:56 < electricmilk> Any recommendations for a reasonably priced VOIP provider. I know next to nothing about VOICE and want something managed with support that is affordable for a non-profit 19:57 < chezidek> how many channels 19:57 < electricmilk> currently we are using PRI and have 18 channels 19:57 < electricmilk> Like to get off of 1980's technology 19:58 < chezidek> what phone system 19:58 < c|oner> I have one piece of advice, don't use polycom phones, annoying to provision IMHO 19:58 < electricmilk> Currently we have an ancient Shoretel phone system 19:58 < electricmilk> We are getting screwed 19:58 < chezidek> :yaomingfuckthat: 19:58 < chezidek> shoretel fucking sucks. 19:58 < electricmilk> YES 19:58 < electricmilk> And it is expensive as all hell 19:58 < c|oner> maybe you can find a 3cx reseller or something 19:58 < electricmilk> They are killing us with these licenses 19:59 < chezidek> yeah 3cx, asterisk, hosted voip, whatever, polycom, snom, yealink 19:59 < c|oner> we had digium onsite pbx it wasn't the worst system in the world, fwiw 19:59 < chezidek> i've heard digium is pretty terrible beyond asterisk itself 19:59 < electricmilk> We get a non-profit discount with BetterWorld Telecom, TechImpact, and TechBridge. Anyone used them? 19:59 < chezidek> electricmilk: what country are you in 19:59 < electricmilk> USA 19:59 < chezidek> why not ditch phones altogether? 20:00 < electricmilk> Use smoke signals? 20:00 < UncleDrax> some biz still works on phones 20:00 < c|oner> the phones are not really relevant 20:00 < chezidek> that is what a lot of companies are doing 20:00 < electricmilk> What just use your desktop or something? 20:00 < c|oner> softphones are nice, but I dont recommend it 20:00 < chezidek> use cell phone or a softphone 20:00 < detha> eeeew softphones 20:01 < c|oner> Softphone -> USB headset is single point of failure 20:01 < electricmilk> nah wouldn't work. We need extension dialing 20:01 < c|oner> yeah that works on softphones 20:01 < chezidek> like, i used to feel differently, but i am starting to realize that voice is just a huge expense with almost no benefit now. 20:01 < electricmilk> Auto-attendant 20:01 < c|oner> what doesn't work is WiFi and user acceptance, and stability with softphones 20:01 < electricmilk> Well we have to have something....but we are a small non-profit...They are KILLING us.. $3,500 for 5 year support. $160 per user...to expand to 100 users its another $1,995 20:02 < electricmilk> I mean Jesus 20:02 < c|oner> we use ubity.com fwiw they are not terrible 20:02 < c|oner> all our phones go over WAN though, no onsite pbx 20:02 < chezidek> get a SIP trunk and circuit from a reputable provider 20:02 < chezidek> with an SLA 20:02 < detha> electricmilk: any deceint voip provider, asterisk, some phones 20:03 < chezidek> shortel should support SIP or if they are married to it you can use an SBC or something 20:03 < electricmilk> ubity would cost us like $1,000 a year 20:03 < electricmilk> hmm 20:03 < chezidek> audiocodes SIP => PRI, no changes needed to the PBX 20:04 < c|oner> again, stay away from polycom phones, those are designed to sell you consulting imho 20:04 < c|oner> then again I've never used anything else. 20:04 < electricmilk> I wonder if we could keep our current phones and PRI...yet switch to a reasonable phone provider 20:04 < qman__> I've used vitelity as a SIP provider before with good results, but I don't have any recommendations for managed/hosted PBX 20:04 < detha> on budget, yealink is ok 20:04 < electricmilk> hmm..I don't get it. Don't some people just use VOIP.ms and its cheap as all hell? 20:04 < chezidek> c|oner: having provisioned hundreds of polycom phones it seems like a breeze now, but you're right 20:04 < electricmilk> I really need to stop procrastinating and learn VOICE 20:05 < electricmilk> To me its just magic 20:05 < chezidek> i've used voip.ms for a long time, i quite like them, but i'm not sure i'd recommend it for a business 20:05 < electricmilk> ah okay. My buddy uses it for his business but they have like 8 staff members 20:06 < electricmilk> We have multiple buildings, extensions and around 50 staff members 20:06 < electricmilk> Perhaps we'll just bite the bullet 20:06 < c|oner> I still don't like voip, no one does it properly 20:06 < c|oner> typically in implimentations 20:06 < electricmilk> Already invested so much with shitty Shoretel 20:06 <@pppingme> electricmilk what are you calling "phone provider" when you're talking about keeping your current phones and pri? 20:06 < electricmilk> pppingme, I don't even know dude. I'm retarded when it comes to phone systems. 20:07 < electricmilk> pppingme, Our Shoretel provider is killing us with expensive licensing and support costs 20:07 < chezidek> electricmilk: 160 per user per what 20:07 < qman__> also keep in mind that you need solid internet service, otherwise your experience will be awful 20:07 <@pppingme> then thats what your "phones" would fall under 20:07 < electricmilk> $160 per user for a mailbox and extension license...one time fee 20:07 < c|oner> haha 20:07 < chezidek> well it's paid already and that is pretty cheap 20:08 < b0bby__> hey 20:08 < electricmilk> Ah ok 20:08 < b0bby__> I'm back 20:08 < chezidek> wb 20:08 <@pppingme> thats an argument I don't get.. people worry about paying $160 for a resource that a $50k/year employee will use.. seems like the $160 is just pennies in the employee total cost.. 20:08 < c|oner> Ubity has a very important feature, calls to customer service use G.722! 20:08 < b0bby__> so how do I solve this host unreachable problem 20:09 < electricmilk> pppingme, We are a non-profit :-( 20:09 < electricmilk> pppingme, Will just need to take more money out of our already tiny IT budget 20:11 < chezidek> electricmilk: have you looked at tech soup? 20:12 < electricmilk> Yes 20:12 < electricmilk> https://www.techsoup.org/phone-service 20:12 < electricmilk> I don't know if any of those organizations are worth a damn 20:12 < electricmilk> It seems like we already have so much invested with this current phone system that we'll likely just stay with them 20:13 < electricmilk> We also are in contract with our ISP that has the 18 channel PRI setup 20:13 < felda> Does Cloudflares 1.1.1.1 use DNSSEC? 20:13 < detha> felda: yes 20:13 < felda> awesome thanks 20:13 < chezidek> electricmilk: yeah i've never heard of any of those. 20:13 < hehehe> hey hey 20:14 < hehehe> how I can redirect domain to another domain 20:14 < hehehe> to redirect to linkedin company url 20:14 < grawity> it's a bit silly to rely on public resolvers doing DNSSEC validation 20:14 < hehehe> a record wont work 20:15 < hehehe> since page url is same as home page 20:15 < grawity> admittedly with cloudflare being 2-4 hops away it reduces the window a little 20:15 < hehehe> what else can be used? 20:16 < electricmilk> hehehe, You can mess with DNS settings and setup a redirect I believe 20:16 < electricmilk> hehehe, What domain registrar? 20:16 < hehehe> lv 20:17 < hehehe> nic.lv 20:17 < electricmilk> hehehe, I mean you have options... 20:17 < electricmilk> You can setup redirects in CPANEL...or even a shitty redirect in PHP or HTML 20:17 < electricmilk> Or you can change CNAM DNS records 20:17 < electricmilk> *CNAME 20:17 < hehehe> cname seems easiest 20:17 < hehehe> or yes redirect on a site 20:18 < hehehe> which one is best 20:18 < electricmilk> CNAME 20:18 < obcecado> cname is 'cheap' 20:18 < hehehe> I have a running linux box 20:18 < hehehe> cname can do 301? 20:18 < electricmilk> 301 is done with web server settings I believe 20:19 < electricmilk> 301 = permanent redirect....302 = temporary...if I remember right 20:19 < qman__> correct, and redirects are performed by the web server 20:19 < detha> hehehe: best? running a proper site. In our office, any form or redirect to linkedin will result in 'You are not allowed access to this site' 20:19 < electricmilk> I'm not sure 301 will let you direct to another domain name though 20:20 < b0bby__> Ok 20:20 < b0bby__> so 20:20 < qman__> you can 301 or 302 redirect to any URL 20:20 < electricmilk> I always used it to redirect on the same domain 20:20 < b0bby__> I made a network diagram 20:20 < electricmilk> cool 20:20 < b0bby__> https://imgur.com/a/D3Vb5 20:20 < qman__> however I suggest against doing a 301 in most cases 20:20 < electricmilk> So there are a lot of options for redirecting to another domain 20:20 < electricmilk> What do you recommend qman__? 20:20 < qman__> if you do a 301 and you want to change it later, you will have lots of headaches 20:20 < b0bby__> hopefully that will help 20:20 < qman__> do a 302 20:20 < electricmilk> so then 302? 20:20 < electricmilk> ah yes 20:20 < hehehe> detha opps why? 20:21 < hehehe> detha: 20:21 < qman__> because it's a spammy social media site 20:21 < detha> hehehe: proxy rules. no social networks or tracking sites 20:21 < hehehe> emmm 20:21 < hehehe> ok 20:21 < hehehe> cool 20:21 < b0bby__> So how do I fix the problem where 192.168.0.39 can't ping 192.168.1.177?? 20:21 < electricmilk> Why do you want to redirect a domain to linkedin? 20:22 < hehehe> I wanted to save time 20:22 < hehehe> instead of updating landing page 20:22 < hehehe> redirect to linkedin 20:22 < electricmilk> ah I see 20:22 < electricmilk> If it were me, I'd create a resume type website. There are awesome templates for cheap you could use...then have a link to linked in 20:22 < electricmilk> Looks way more professonal 20:23 < b0bby__> Does anyone know how to configure an lede router? 20:23 < detha> hehehe: for 99.9% of the cases, a one-liner in php with a 302 redirect will work 20:26 < qman__> yep, pretty much everything can handle a 302 20:26 < qman__> no issues with javascript or HTTP refreshes 20:26 < electricmilk> wait you can set a 302 redirect with PHP? 20:26 < electricmilk> Why wouldn't you just use .htaccess? 20:27 < qman__> php doesn't require any changes in the webserver config 20:27 < qman__> htaccess may 20:27 < grawity> assuming the webserver is even apache 20:27 < UncleDrax> low-ball way is an HTML meta refresh 20:27 < qman__> it really depends on your setup 20:28 < qman__> if you're in total control of the web server, doing a config change is probably the simplest 20:28 < qman__> if you're not, a php script isn't a bad choice 20:28 < hehehe> total control 20:28 < hehehe> :P 20:28 < hehehe> I think I will simply update home pahe 20:28 < hehehe> page 20:28 < hehehe> :) 20:31 < hehehe> now the issue is | i have updated a recorf few hrs ago 20:31 < hehehe> it seems it have not been propagated yet 20:31 < hehehe> :) 20:31 < hehehe> url wont redirect to ip 20:32 < b0bby__> Can someone help me? 20:32 < hehehe> yes 20:32 < b0bby__> hehehe: ok 20:34 < b0bby__> hehehe: so this is my network https://imgur.com/a/D3Vb5 . for some reason 192.168.0.39 cannot ping 192.168.1.177 20:34 < b0bby__> hehehe: how do I fix this 20:34 < qman__> b0bby__: in your diagram, 1: LEDE router must not be doing NAT AND either A: router at top must have route to 192.168.1.0/24 via LEDE router OR all computers in 192.168.0.0/24 must have route to 192.168.1.0/24 via LEDE router 20:34 < hehehe> i will check later 20:36 < b0bby__> qman__: I should mention that my router has two vlans. One that is 192.168.1.1 and one that is 192.168.2.1 20:36 < b0bby__> qman__: so should I just configure my nat to forward connections to one of the pc's or is there a better way? 20:37 < qman__> b0bby__: 192.168.2.0/24 isn't on your diagram so it changes nothing concerning the diagram 20:37 < qman__> no 20:37 < qman__> if you want computers in 192.168.0.0/24 to be able to access computers in 192.168.1.0/24, you must not use NAT on the LEDE router, and you must have a route 20:38 < qman__> that route can be on the first router, or it can be on the computers in 192.168.0.0/24 20:38 < b0bby__> qman__: ok 20:38 < b0bby__> I'll try that 20:44 < b0bby__> qman__: damn router doesn't have static routes 20:45 < qman__> you can also hand out routes via DHCP, but if you're using that router for DHCP, it probably can't do that either 20:45 < b0bby__> qman__: probably cant :( 20:46 < b0bby__> qman__: I'll just create a nat. 20:46 <@pppingme> nat is bad 20:46 < b0bby__> qman__: do you know how to do that on lede 20:46 < b0bby__> pppingme: why? 20:47 < b0bby__> pppingme: I don't want it but it's necessary with what I have 20:50 <@pppingme> explain your setup a bit more.. you ahve two networks, 192.168.1.x/24 and 192.168.0.x/24, right? 20:50 <@pppingme> I found your pic.. 20:50 <@pppingme> why do you ahve the 2nd router? 20:52 < b0bby__> pppingme: second router is lede so I can do some extra firewall stuff with it 20:53 <@pppingme> ok, but is your goal to have two networks? 20:53 < b0bby__> pppingme: yes 20:53 <@pppingme> why? if you want them to talk, why split them? 20:55 < b0bby__> pppingme: The final setup will allow connections on vlan 1 to talk to the entire network and connections on vlan3 to talk to only the internet 20:56 <@pppingme> then you need to move everything to vlans behind your new router 20:58 < b0bby__> pppingme: what I don't understand is why routers can normally find routes to subnets fine. 20:59 <@pppingme> anything directly connected it will understand how to route to 21:01 < b0bby__> pppingme: But how do routers normally find the routes to subnets? 21:01 < qman__> they must be added 21:01 < qman__> either statically or via routing protocols 21:01 <@pppingme> if they aren't directly connected, they must either be added manually or learned via a routing protocol 21:01 < qman__> the local subnet is automatically known, and the default gateway is the route for anything it doesn't know about 21:02 < qman__> in your case, the default gateway doesn't know about the second network either, so you never get there 21:02 < b0bby__> qman__: so why are the routing protocols failing 21:02 < qman__> there are none in place 21:03 < qman__> you have to set them up on the routers, and they have to support it 21:03 <@pppingme> b0bby__ did you set them up? 21:03 < b0bby__> pppingme: I didn't but I haven't had this problem before with setting up subnets. 21:03 < qman__> if you can't add a static route to that first router, I really doubt you can set up a routing protocol on it 21:05 < b0bby__> qman__: so how was the router discovering the locations of subnets without protocols or static routes? 21:05 < qman__> it wasn't 21:05 <@pppingme> there's something you aren't telling us, or you were unintentionally doing nat or something else.. 21:06 <@pppingme> qman__ its still surprising how many consumer devices do rip2 21:06 < qman__> indeed 21:07 < b0bby__> pppingme: how do I disable nat on an lede router 21:07 < b0bby__> pppingme: if it is enabled 21:07 <@pppingme> that'd depend on the device 21:07 < b0bby__> pppingme: I'm using the graphical interface 21:07 < b0bby__> *web 21:08 <@pppingme> i'm looking at your pic again, are you really using a /16 subnet on the first device? 21:09 < b0bby__> pppingme: Yes the subnet mask is 255.255.0.0 21:10 <@pppingme> then you have an overlapping subnet, that won't work either 21:10 <@pppingme> why are you doing a /16? 21:11 < b0bby__> pppingme: I thought that was want you are meant to do 21:11 < chezidek> NEEDS MORE ADDRESS SPACE 21:11 < b0bby__> pppingme: should I change it to /24 21:11 < b0bby__> ? 21:15 < b0bby__> brb 21:15 < b0bby__> I'll be offline 21:18 < mgolisch> hm guess ill have to buy some more sfp modules then, 3 of them work in the new switch`s sfp+ ports the other 3 dont 21:18 < mgolisch> :( 21:18 < mgolisch> and all the sfp+ modules we have seem to be single speed 21:18 < Apachez> zuckerberg got hemorojds? https://twitter.com/IIJERiiCHOII/status/983807305144680448/photo/1 21:18 < chezidek> service unsupported transceiver breh 21:20 < b0bby__> hey 21:20 < b0bby__> im back 21:29 < Apachez> https://imgur.com/gallery/Jt813 21:38 < riotz> Apachez, https://twitter.com/MatthewTeague/status/983788401190211584 21:39 < hehehe> I have changed A record 3 hrs ago, it id yet to propagate 21:39 < Apachez> riotz: mediatraining gone wrong 21:39 < hehehe> maybe i need to flush dns locally on my laptop? 21:39 < Apachez> did you see his forced smiles? 21:39 < Apachez> or drinking water :D 21:39 < riotz> lol no.. i didnt waste my time watching to tool 21:39 < riotz> to = this 21:40 < Apachez> "congressman, this is an important question" 21:40 < riotz> but right now i maybe can.. are there some full lenght videos of his questioning? 21:40 < Apachez> so what about if you answer it then instead of wasting seconds? :P 21:40 < Apachez> should be on youtube 21:40 < riotz> i'm kinda depressed now and need something to laugh about 21:40 < Apachez> look at time channel 21:41 < riotz> https://pbs.twimg.com/media/DahkXo_WsAEtsIJ.jpg:large 21:41 < riotz> hahaha 21:41 < Epic|> Ha 21:43 < Apachez> riotz: https://imgur.com/Mk3FFhw 21:43 < riotz> lol 21:43 < riotz> hes such an underhuman 21:44 < riotz> i ask myself why all those people still use facebook and dont give a crap about what this tool is doing there 21:44 <+catphish> i like the guy behind him laughing too 21:45 <+catphish> i assume that's the bit where they asked how they were going to make any money 21:45 < BottomX> riotz: that is good quetion 21:45 < riotz> is he live on the time channel now? 21:45 < riotz> i just have a black screen 21:47 < riotz> oh nice there is a 11 hour recording https://www.youtube.com/watch?v=Ziw70UJLVHc 21:56 < b0bby__> hey 21:56 < b0bby__> I'm back 21:57 < b0bby__> I switched that top router to /24 pppingme 22:48 < raFeki> how is it that if you're banned from a site, you still can get in even if you create a new account? 22:48 < nickster> hmm? 22:52 < raFeki> how is it that if you're banned from a site, you still can get in even if you create a new account? 22:52 < raFeki> *still can't get in 22:52 < UncleDrax> you'd have to ask the site operator and whomever wrote the software they use. 22:52 < nickster> cookies sometimes 22:53 < nickster> sometimes your ip (dhcp exists though so idk why) 22:53 < Maarten> raFeki, your IP address likely was banned. 22:54 < raFeki> interesting 22:54 < nickster> Speaking of IP bans, I gotta figure out how to fix collision issues that some users are having. 22:54 < Maarten> depending on your ISP, you may be able to change it. 22:54 < raFeki> it's a paid pornography site 22:55 < nickster> I help run a decently sized forum and more and more people are saying "it says im banned but i've never been there" 22:55 < raFeki> I made a new account and paid but they knew it was me 22:55 < nickster> how do you get banned from a paid porno site 22:55 < Maarten> raFeki, you must have done something very special to get banned from a paid porno site..... 22:55 < raFeki> chat room 22:56 < raFeki> I was being rude 22:56 < nickster> oof, fair 22:56 < Maarten> right :) so they banned your IP address. I would suggest to grow a pair of balls and take your punishment like a man, move on to some other porn site :P 22:56 < jkemppainen> ^ LMAO 22:57 < nickster> for any fetish there are probably 10+ sites dedicated to it. 22:57 < Maarten> likely 22:57 < raFeki> You heard of 22:57 < raFeki> girls do porn? 22:57 < nickster> they're half of porn ye? 22:58 < Maarten> raFeki, the balls comment was rhetorical. Of course if you are female, you can still take your punishment with pride, and move on. 22:59 < nickster> side note: had to explain to a few superiors what SNI was. 23:00 < jkemppainen> This conversation is one for bash.org, honestly. 23:00 < jkemppainen> The comedic value is high. 23:01 < riotz> https://youtu.be/Ziw70UJLVHc?t=6615 23:01 < riotz> he needs his team to say if they are tracking people on the internet besides of facebook 23:01 < riotz> trolololo 23:34 < derpingit> hi guys.. i have a cisco 3560e poe and would like to get a converter for the 2 10gb ports to cat6. what part would i need for thi s? 23:35 < derpingit> the switch has a twingig converter but is for spf 23:38 < wiresharked> So is DFS important for group policy and for domains in general? 23:42 < qman__> DFS has supplanted NTFRS for AD replication, yes 23:44 < ||cw> I also recommend using dfs for shares even if you're not replicating. makes future migrations so much easier. 23:44 < wiresharked> What is NTRFS? 23:46 < Apachez> Nazi Transaction Responsive FileSystem ? 23:46 < ||cw> from the context, replication. if you want gory details, google it :P 23:48 < wiresharked> Apachez: No, new technology responsive filesystem 23:48 < qman__> it's NTFRS, not NTRFS, stands for NT File Replication Service 23:49 < wiresharked> How is that different from DFS? 23:49 < qman__> this is all extensively documented by Microsoft 23:50 < wiresharked> Alright. I'll look into it 23:50 < ||cw> wiresharked: it's different in every way any 2 replication system can be different 23:50 < wiresharked> Well, sorry for asking then 23:50 < ||cw> more importantly, ntfrs was made for NT4 and patched to work on early AD. DFS is made for AD. 23:51 < wiresharked> So it sounds like NTFRS was made around the time that Windows 2000 was widely used 23:52 < qman__> no 23:52 < qman__> as mentioned, it was made with windows NT4 23:52 < qman__> it's much older than windows 2000, and older than active directory 23:53 < wiresharked> So why is it that a domain joined machine can fail to login after a certain amount of time being without internet? 23:53 < qman__> machine passwords expire 23:53 < mervin> aya 23:54 < qman__> if the computer cannot communicate with a domain controller before the password expires, it can't get a new one 23:54 < wiresharked> mervin: So they can always change the GPO to allow for a longer duration before passwords expire, or just set it to never expire 23:59 < wiresharked> qman__: And then there's the issue of domain joined computers having a cluttered audit queue for logons --- Log closed Thu Apr 12 00:00:42 2018