--- Log opened Sat Apr 28 00:00:00 2018 00:09 < Miguel2013> hey how to make ping send 1000 packets instead of 1 per try 00:10 < Miguel2013> is there a ToOl 00:10 < TandyUK> [23:10] is there a ToOl << yes, google 00:10 < TandyUK> we're not going to help you smurf someone 00:10 < Miguel2013> ohh 00:11 < Miguel2013> I can actually hurt someone's nic with such tool? 00:13 < Miguel2013> I'm ur magic friend 00:14 <+catphish> i'm starting to think whoever designed iscsi didn't actually want people to be able to implement it 00:14 < TandyUK> how come?? 00:24 < Maarten> catphish, it's kind of annoying, but I never had any trouble getting it to work, really.....its an old technology that is still relevant today, so yea.... we're stuck with what it is. For now. 00:30 < Miguel2013> friends 00:30 < Miguel2013> is there a turn off switch for smurfs atacks 00:31 < Miguel2013> I been dosed before from people on irc 01:24 < cluelessperson> what do you suggest for DHCP/DNS server combo? 01:25 < cluelessperson> bind9 or dnsmasq? 01:25 < florianbAT> dnsmasq 01:26 <+pppingme> Depends on environment, simple home setup, probably dnsmasq, any more advanced setting, then real bind and dhcpd 01:27 < lupine> ITYM unbound 01:27 < florianbAT> dnsmasq also does zone delegations, etc as well as most dhcp features... so it's likely his best bet if he's asking for a combo 01:28 < lupine> right, I meant instead of bind 01:28 < lupine> but I guess I'm thinking recursor rather than authoritative 01:29 < florianbAT> lupine: he'd want a recursor if he combines it with dhcp, high likely 01:29 < lupine> unbound >> bind 01:29 < Miguel2013> can anyone see this pic https://imgur.com/gallery/e7Qj3AO 01:30 < florianbAT> Miguel2013: yes 01:30 < Miguel2013> can u help me 01:30 < rewt> it's using all of them 01:30 < Miguel2013> no 01:30 < rewt> depending on where you're connecting to 01:30 < Miguel2013> how 01:30 < florianbAT> lowest metric wins 01:31 < Miguel2013> give me an example of when will windows use my ehternher or wifi 01:31 < rewt> depending on where you're connecting to 01:31 < florianbAT> if ethernet is connected, it uses that, otherwise, wifi 01:31 < rewt> and the routes set up for each 01:31 < florianbAT> i think we're talking default route here rewt ;) 01:32 < florianbAT> well, and 127./8 for the loopback 01:32 < rewt> exactly 01:32 < rewt> it would even use lo for non-127./8, depending on the destination ip 01:33 < florianbAT> technically you can put whatever ip you want on the loopback haha 01:33 < cluelessperson> pppingme: I'm setting up my apartment wifi as an enterprise style network. I'm debating dnsmaq vs bind9 01:33 < rewt> even if it's the ip on the wired connection, it'll go through lo if it's the local machine 01:34 < florianbAT> rewt: igress, yes 01:34 < rewt> igress? 01:35 < rewt> there's egress and ingress 01:35 < rewt> but neither of those would go through lo 01:37 < Miguel2013> cool 01:37 < Miguel2013> cluelessperson, enterprise networks use wifi? 01:37 < cluelessperson> Miguel2013: sorry, I meant apartment network in enterprise style 01:37 < cluelessperson> Miguel2013: I'm multitasking here. :) 01:38 < cluelessperson> Miguel2013: At the moment, I have servers, security system, guest, public and development networks. :) 01:38 < Miguel2013> cluelessperson, I know but isn't enterprise all coated 01:38 < Miguel2013> that sunds exprensive 01:39 < rewt> if it doesn't have warp drive, it's not enterprise 01:39 < cluelessperson> Miguel2013: "coated" how? 01:39 < cluelessperson> Miguel2013: yes, but pursuing my hobbies, interests, and providing public services costs. I'm okay with that. 01:51 < Miguel2013> cluelessperson, enterprise on air 01:51 < Miguel2013> ) 01:52 < cluelessperson> Miguel2013: huh? 01:57 < Miguel2013> cluelessperson, the wlan 01:58 < Miguel2013> I am paranoid I always feel someone is going to harrast me if I let a bit out of the cable. I don't think a broken cable can serve as an antenna a bit flies? 02:00 < xamithan> Is that english? 02:00 < Miguel2013> tell me who 02:00 < cluelessperson> wtf? 02:00 < Miguel2013> I spoke well 02:00 < Miguel2013> I been american for 18 years 02:01 < xamithan> harrast me if I let a bit out of the cable. a bit flies ? 02:01 < Miguel2013> that's how we speak in my town 02:01 < xamithan> Well it makes no sense 02:02 < Miguel2013> I didn't born american my brain is not optimized 02:02 < Miguel2013> I am fine been looked down 02:07 < drathir> Miguel2013: always and any cable should left spare loop... 02:14 < Miguel2013> drathir, can u refrase that. any cable left alone connect to another port? 02:17 < drathir> Miguel2013: nope any cable is easier left little more than when in needs try to extending it lenght... 02:18 < Miguel2013> drathir, I'm having a hard time drinking this bottle of nebraska 02:42 < radicaldev> Which one of y'all was trolling that LI girl today? 02:45 < drathir> who when trolling ? 02:46 < Evidlo> where why trolling ? 02:47 < Miguel2013> anybody knows what cojudo means 02:48 < lupine> I guess it's cooperative judo 02:49 < radicaldev> Miguel2013: urban dictionary says it's a peruvian insult meaning idiot 02:49 < Miguel2013> I know! 02:49 < Evidlo> baka 02:49 < Miguel2013> I was named that in school my friends or other kids 02:50 < Miguel2013> I was making fun of my mom alone and they over heard 03:22 < julius> my network setup: laptop -> openvpn server (ssh), client2 -> openvpn server (openvpn). both laptop and client2 are on the same lan. now i connect from laptop -> openvpn server -> client2 with ssh....would this cofuse the router and drop the connection? 03:25 < mgolisch> it shouldnt 03:26 < julius> i hope i exaplained it alright 03:26 < julius> the connection is incredible slow 03:28 < mgolisch> slow internet? 03:28 < Miguel2013> julius, is the linux driver 03:28 < Miguel2013> julius, the card was probably never suported even as new 03:28 < julius> well, 25mbit download 03:28 < Miguel2013> oh that's fast compared to my fa510 netgear 03:28 < julius> upload i have to guess 03:28 < Miguel2013> on linux 03:29 < mgolisch> could be a number of things 03:29 < julius> Miguel2013, i could do a basic speed test...i wouldnt expect the driver to fall short there 03:29 < mgolisch> is the openvpn server remote? 03:29 < mgolisch> like on the internet= 03:29 < julius> yes 03:29 < julius> yes 03:29 < mgolisch> you have a shitty isp with ds-lite? 03:29 < mgolisch> that causes lots of problems with vpn connections 03:29 < julius> even typing simple commands gives me a hugh delay before the chars show up 03:30 < julius> im on a cable connection, but i dont know the details. just that its "kabel deutschland" 03:30 < julius> i dont own the line 03:30 < mgolisch> yeah probably ds-lite then 03:30 < mgolisch> most german isps do that 03:30 < mgolisch> or do you have a ipv4 only connection? 03:31 < mgolisch> maybe go to some test website to verify 03:31 < xamithan> With 25 download I'd have to assume they only give max 1meg up 03:31 < julius> ah...i just realised that the log keeps ending with: SIGUSR1[soft,ping-restart] received, process restarting 03:32 < mgolisch> think you can change the mtu value in the openvpn config file, thats what we do to get stable connections on those crappy setups 03:32 < mgolisch> yeah it looses connection 03:32 < julius> looks like its reconnecting every few seconds 03:32 < julius> like 1400 for testing? 03:34 < mgolisch> or you could connect to the openvpn server using ipv6 that would solve the problem too 03:34 < mgolisch> something like this is what we did : http://www.tweakpc.de/news/35026/dual-stack-lite-vpn-probleme-via-mtu-wert-loesen/ 03:38 < julius> ipv6 to the rescue 03:39 < julius> actually im setting up openvpn to reach a box in the lan because my router apparently does not forward ssh requests from the outside 03:39 < julius> all settings i looked at the router say that it would...but no packets arrive in the intenal la 03:39 < julius> n 03:40 < Dagger> julius: yeah, that'll be the DS-lite. your router isn't receiving v4 connections from the outside because it's behind NAT, and you can't reconfigure the NAT because it's being run by the ISP 03:41 < Dagger> this is what the v6 is for 03:41 < julius> i dont think im on ds-lite 03:42 < julius> thanks for the input guys 03:42 < Dagger> what does the router claim its WAN IP is? 03:42 < julius> my head is killing me...need to take some drugs 03:42 < Dagger> (first two octets if you don't want to tell me all of them) 03:42 < julius> some ipv6 03:42 < julius> one sec 03:43 < julius> 2a02:8108 03:43 < Dagger> if it doesn't mention a v4 WAN IP at all then you're probably using DS-lite 03:43 < julius> true 03:43 < _abc_> Hi. I have a problem accessing mail.yahoo.com from a computer, various addresses, the url mail.yahoo.com fails to load with error: "An error occurred during a connection to mail.yahoo.com. Peer's Certificate has been revoked. Error code: SEC_ERROR_REVOKED_CERTIFICATE" 03:43 < julius> Dagger, thanks...will look into that tomorrow 03:43 < _abc_> So someone revoked yahoo's ssl cert in the last ~2 hours or so?! 03:44 < light> _abc_: check the certificate 03:44 < _abc_> Can anyone confirm this or suggest a way to check more things? 03:44 < _abc_> light: could it be regional to me? How do I check it. 03:44 < _abc_> Is this a possible MITM indication? 03:44 < _abc_> Traceroute shows my connection goes to a server in UK, I'm in Eastern Europe 03:45 < _abc_> I'd appreciate if others would check access to https://mail.yahoo.com and report a cert error? From somewhere else than Eastern Europe? 03:45 < _abc_> No login is needed, just try to load the page 03:46 < light> An error occurred during a connection to mail.yahoo.com. Peer’s Certificate has been revoked. Error code: SEC_ERROR_REVOKED_CERTIFICATE 03:46 < _abc_> light: you get the same, then. 03:46 < _abc_> I assume you're not in .ro like me, thanks 03:46 < _abc_> This is fun. So how can an outfit the size of yahoo get a revoked cert? 03:47 < _abc_> Maybe they revoked it because it is known to have been leaked? Does that even matter? I mean the pkey. 03:47 < _abc_> light: you did get that message from them, right? :) 03:48 < lupine> revocation is quite normal 03:49 < _abc_> Hm I have 'Query OCSP responder servers to confirm the current validity of certificates' ticked 03:49 < _abc_> https://www.techcrises.com/how-to/fix-sec_error_revoked_certificate-in-mozilla/ this is an older howto. 03:49 < _abc_> Is this safe at all? 03:52 < _abc_> lupine: no it is not normal 03:52 < lupine> sure it is 03:55 < _abc_> Hmm in add security exception I am told https://yahoo.com is valid and needs no exception, mail.yahoo.com does not return a cert at all 03:55 < _abc_> same for login.yahoo.com 03:55 < _abc_> mail.yahoo.com says no information available 03:56 < _abc_> Something happened to their certs I think 03:56 < _abc_> Any ideas what else to check? 03:56 < _abc_> What do you see if you peruse the Add Security Exception dialog to get a new cert or verify the existing one from mail.yahoo.com ? 03:56 < lupine> I can recommend hosting your own email 03:57 < _abc_> I won't. I did 20+ years ago. 03:57 < lupine> it's... not changed much since 03:57 < lupine> but otherwise, you're more or less dependent on their sysadmins to fix things 03:57 < _abc_> It's... much more work now. 03:57 < xamithan> mail.yahoo.com not even loading for me 03:57 < _abc_> I ran sendmail, then qmail, now exim on servers I need to tinker with on and off 03:57 < _abc_> xamithan: exactly. So the problem is at their end. Let's simply wait. 03:58 < xamithan> Oh that was my VPN screwing it up 03:58 < _abc_> xamithan: what .tld are you on? 03:58 < _abc_> xamithan: very unlikely. 03:58 < _abc_> I mean the exit point of the vpn, where is it. Your apparently-at-location? 03:59 < xamithan> washington 03:59 < _abc_> Hm, so, then, it definitely is a global snafu at yahoo's 04:00 < _abc_> I tracerouted them from here in .ro where I am, I end up in a london or such data center. Could be Ireland. Makes sense. 04:00 < _abc_> Okay, we'll try more tomorrow. 04:00 < _abc_> It's 5am here :) 04:00 < lupine> haxxx 04:00 < _abc_> Thanks for the help so far and bye. 04:00 < _abc_> lupine: yeah either it's a backhoe or someone stepped on a cable. 04:01 < _abc_> Except the backhoe may carry Chyrillic writing and the cable may be in Iran 04:01 < _abc_> bye ;) 04:09 < Miguel2013> julius, most important thing is a working driver then ur cable or chaneling 04:33 < Spice_Boy> does anyone know if there's a way with pfsense to allow only a single tcp session through for a certain host? 04:39 < m3rc3r> looks like a rotational port forwarder 04:39 < m3rc3r> some sort of internal nat 04:40 < m3rc3r> so the real ports are forwarded in a rotation guessing until it reaches a central server 05:14 < tomahawk> can anyone recommend a cheap plug and play dhcp client firewall that is not a internet router ? but easy to setup and use, and cheap ? 05:14 < tomahawk> i have a netscreen 280 but do not know how to setup DHCP 05:15 < tomahawk> if anyone can help set my netscreen 280 juniper firewall, with internet, and dhcp, i can paypal (you) on the 1st, $15, if you'd be willing to walk me through the steps. for some reason, web access to it doesn't stay regular, and it isn't auto dhcp with one port internet in ? 05:15 < tomahawk> i get paid on the first. i'm disabled 05:20 < tomahawk> can anyone recommend a cheap plug and play dhcp client firewall that is not a internet router ? but easy to setup and use, and cheap ? 05:20 < tomahawk> i sure am a bundle of joy 05:23 < kepler> what you're asking doesn't make sense 05:23 < kepler> what do you have and what are you trying to do? 05:24 < tomahawk> hello. i got a firewall, need to setup dhcp internet input on it, configure it, i do not know how and let me comptuer get a dhcp address from it 05:24 < tomahawk> i can pay you paypal on 1st 05:24 < tomahawk> its a network 1U type device. it's complicated. i can run recordmydesktop if anyone wants to see video of its options 05:24 < tomahawk> its a Juniper Netscreen 280 05:25 < tomahawk> $15 i get paid on 1st. i'm disabled 05:25 < tomahawk> something like -- plug in cable here, internet goes in, and plug in cable in other and internet goes out -- all blocked ports. 05:25 < tomahawk> automatic after configure. i believe it can do it 05:25 < tomahawk> i am willing to use recordmydesktop if anyone can help 05:26 < tomahawk> i could spend $20 but that firewall only got two stars on newegg. not good 05:30 < kepler> just get a regular router 06:10 < atsu> lol 06:10 < atsu> That lasted long 06:10 < skyroveRR> Wut? 07:09 < redrabbit> that was odd 07:10 < AOL_> aye 07:50 < Apachez> https://www.ubnt.com/unifi-routing/unifi-xg-server/ 08:26 < Apachez> https://i.imgur.com/XKzqKMl.jpg 09:51 <+catphish> precise / MillerBoss what are you doing? :| 09:52 < MillerBoss> Chilling, you? 09:53 <+catphish> i meant with the nicks 09:55 < MillerBoss> Changing nicks I think that was 10:15 <+catphish> MillerBoss: why? 10:16 < MillerBoss> Why what catphish ? 10:16 <+catphish> why did you cycle though i bunch of variations on psi-jack's nick 10:16 <+catphish> *a 10:16 < MillerBoss> Lo, what does it matter catphish ? 10:16 < MillerBoss> lol* 10:17 <+catphish> i guess it doesn't, we'll skip the part where there might have been a legitimate reason and just to straight to the banning 10:17 < MillerBoss> Are you 5? 10:17 <+catphish> yep 10:18 < MillerBoss> Apparently :) 10:18 <@catphish> it's not like i didn't try to be mature about it first 10:19 < MillerBoss> catphish this is IRC. 10:19 <@catphish> i know what protocol i'm using 10:20 < MillerBoss> OK great 10:20 <@catphish> so yes, it matters 10:22 < azonenberg> Welp, http://thanatos.virtual.antikernel.net/unlisted/latentred-22.png 10:22 < azonenberg> This is the best layout i could come up with for the PHYs on the line card 10:22 <+catphish> azonenberg: looks like you still got some work to do there 10:22 < azonenberg> It's a clamshell structure, 4 PHYs and 4 magnetics on each side of the pcb 10:23 < azonenberg> i'm a little concerned about crosstalk coupling through the pcb and leaking from one port to the opposite 10:23 <+catphish> that's quite impressive really 10:23 < azonenberg> But i dont see a good alternative since i need the chassis and internal grounds separated 10:23 < azonenberg> And if i were to stagger the magnetics they'd overlap 10:23 <+catphish> how many layers you got there? 10:23 < azonenberg> Four 10:23 < azonenberg> I'm targeting the oshpark batch service for the backplane and line card 10:23 <+catphish> can't you spare one for a ground place in the middle? 10:24 < azonenberg> then i'll be using a "real" fab for the FPGA/ARM board with 6-8 layers 10:24 < azonenberg> I have signals on the outer (red/green) layers 10:24 <+catphish> of course you're far more of an expert than me 10:24 < azonenberg> Inner1 (Yellow) is ground fill on the whole board but it's split into circuit ground left and shield ground right of the magnetics 10:24 < azonenberg> You specifically do not want a plane under the magnetics, it messes with impedances and causes noise issues 10:24 <+catphish> azonenberg: ah so you already did that 10:25 < azonenberg> inner2 (purple) is power, which still need a bit of work 10:25 <+catphish> oh i see, well then i suppose i don't know what else to do other than build one and hope for the best 10:25 < azonenberg> I have skinny wires routed everwhere i need power but i have to slice and dice the layer up such that i have bigger fills for high current areas 10:25 <+catphish> see also ##electronics 10:26 < azonenberg> Each PHY needs 1.0V core, 1.8V analog, 1.8V digital I/O, and 2.5V analog I/O rails 10:26 < azonenberg> squeezed into one layer 10:26 <+catphish> so, what does this board do? 10:26 < azonenberg> And there are other constraints, like the MDI needs to be over solid 2.5V and the SGMII needs to be over solid 1.8V 10:27 <+catphish> phy on the right, what does the MII connect to? 10:27 < azonenberg> This is a line card for what will eventually be a 24+4 port layer 2/3 TBD switch 10:27 < azonenberg> 2x4 RJ45s at the far right 10:27 < azonenberg> then magnetics and PHYs 10:27 < azonenberg> Eight SGMII lanes go to that big connector in the middle (not the final placement, it will eventually be on the center left) 10:27 <+catphish> and the MII will go into a backplane? 10:27 < azonenberg> Which then goes to a passive backplane 10:27 < azonenberg> Just wires, possibly buffers but no actual packet processing 10:28 < azonenberg> The "brain" card is going to have an arm soc for the management CLI, no packet processing there 10:28 < azonenberg> and an FPGA that has all of the switch fabric 10:28 <+catphish> well that's sexy as fuck 10:28 < azonenberg> and eventually layer 3 ACLs/routing if i have enough gates left over after the core functionality 10:28 < azonenberg> The brain will also have four 10g SFP+ interfaces 10:28 < azonenberg> Since those are higher speed signals i didn't want to route on the backplane, plus the brain had otherwise wasted front panel real estate 10:29 < azonenberg> As of now the backplane and brain are designed on paper at a high level but i have no actual detailed engineering done other than estimated power consumption and pin counts 10:29 < azonenberg> The line card was the most straightforward so i'm doing it first 10:29 <+catphish> i'd still enjoy such a device to play with 10:30 <+catphish> still a lot to do though 10:30 < azonenberg> The remaining unfinished stuff you see in the screenshot is the power supply (backplane supplies 5V at ~2 amps to each line card, I regulate to 3.3 for sensors and 2.5/1.8/1.0 for the PHYs) 10:30 < azonenberg> the clock buffer (I'm tentatively using one oscillator for the whole board and buffering 25 MHz to each PHY, although if i have layout issues i may replace it with a per-phy-pair oscillator instead) 10:30 < azonenberg> and a couple of sensors 10:31 < azonenberg> the brain will be able to read out voltage and current consumption on all of the core power rails, power supply temperature, and pcb temperature (somewhere in the middle of the PHY area, havent decided exactly where the sensor will go yet) 10:31 < azonenberg> I'm intentionally not going to route the connector itself until i've done the brain card design, because I want to match them all to the same depth for easier mating with the backplane 10:31 < azonenberg> And until i do the brain I won't know how deep it has to be 10:32 <+catphish> makes sense 10:32 < azonenberg> This project is known as LATENTRED btw, it's the first in a family 10:33 < azonenberg> LATENTORANGE is a much more expensive, high-spec design that will be loaded up with 10G SFP+ and 40G QSFP+ interfaces, probably somewhere around 48 10G lanes total with some grouped to 40G 10:33 <+catphish> just make sure you can fit something powerful on the arm card 10:33 < azonenberg> The FPGA alone for that board is going to be several kUSD 10:33 <+catphish> ouch 10:33 < azonenberg> And it's years out :p 10:34 < azonenberg> yeah but think about it, 48 10G ports ain't gonna be cheap anyway 10:34 <+catphish> i'm much more interested in the 1G option :) 10:34 < azonenberg> LATENTRED is looking at somewhere around 750 USD in components for single unit volume 10:34 < azonenberg> Plus the PCBs themselves, which will be relatively cheap if you make a lot but very expensive in small volume due to setup fees for manufacture 10:35 < azonenberg> at least for the brain 10:35 < azonenberg> The line card and backplane will be using batch fab so they shouldn't be too bad 10:35 < Apachez> azonenberg: perhaps look at how ubnt designed stuff? 10:35 < azonenberg> The current line card sketch i have now is 92x220 mm (again depth subject to change, and it's priced by area) 10:35 < Apachez> they released a 10G router for $550 with fpga's and doing a profit on it 10:35 < azonenberg> Apachez: If i was making these by the thousand i'm sure i could too 10:35 < azonenberg> it's all volume discounts 10:36 < Apachez> ahh you are into that zone 10:36 <+catphish> azonenberg: is there some reason why the PCBs will cost anything at all? is there some quality requirement? i mean, i can get PCBs for basically no money these days 10:36 < Apachez> yeah... that could hold stuff up 10:36 < azonenberg> My line cards will be $285 per 3 blank boards 10:36 < azonenberg> at oshpark, which is the stackup i'm targeting 10:36 < azonenberg> conveniently 3 is the MOQ and they have 8 ports each, which comes out to 24 1G interfaces total 10:36 < azonenberg> (this was no accident) 10:36 <+catphish> oshpark is mad expensive compared to others 10:36 < azonenberg> Yes but they have tight design rules, gold plating, and FR408 dielectric vs standard FR4 10:37 < azonenberg> For multi-gigabit signals it helps get good impedance 10:37 <+catphish> you need 4 layers too i guess 10:37 <+catphish> so slightly more expensive 10:37 < azonenberg> Yes that's an absolute must 10:37 < azonenberg> The backplane will be a bit pricey too b/c of size but i wont know for sure until i get the design done 10:38 <+catphish> i use http://www.allpcb.com - have been getting some boards from them crazy cheap, but yeah, only FR4 10:38 < azonenberg> Then the brain board is going to be probably close to 1K for a MOQ, i have a chinese fab i use for higher end stuff that has better pricing than most US folks but it's still not CHEAP if you want controlled impedance for 10G, maybe via-in-pad, and 6-8 layers 10:38 <+catphish> and obviously you want precision for high speed data 10:38 < azonenberg> it's less critical on the backplane and line card but i am still doing long runs of 1.25 Gbps serial 10:38 < azonenberg> The MDI side i'm not worried about 10:38 < azonenberg> it's the SGMII 10:38 <+catphish> makes sense 10:39 <+catphish> well it sounds interesting, i'd enjoy programming something like that 10:39 < azonenberg> And the 50-100mm from PHY to back of line card, then ~300mm on the line card, plus another 50-100mm on the brain to the FPGA 10:39 < azonenberg> is going to be a nontrivial amount of loss 10:39 < azonenberg> i have two different buffer/repeater chips lined up that i could use on the backplane if i have problems 10:39 < azonenberg> one is a dumb buffer, the other does clock recovery, pre-emphasis, equalization, etc but costs about twice as much 10:40 < azonenberg> Plan is to do a purely passive backplane first then do signal quality measurements and if i have problems with the farther line cards work my way up 10:40 < azonenberg> The design will be open source 10:40 < azonenberg> And if you are seriously interested, when it comes time to fab i'll sell you a blank brain and backplane PCB at-cost 10:40 < azonenberg> you'd have to assemble though, this is a bit much for me to build a board for somebody else unless they paid me a bit :p 10:41 < azonenberg> One thing about this design that may be unpopular with some folks is that the ARM will not have any access to the packet datapath whatsoever 10:41 < azonenberg> By design 10:41 < azonenberg> it's purely a management engine and connects to the fpga via a relatively slow uart 10:41 < azonenberg> equally, you cannot reach the management network from the switch fabric (again, by design) 10:42 < azonenberg> there's a dedicated management interface that goes to the arm and is not used for anything else 10:42 < azonenberg> If you want to bridge them just use a patch cable and lose a port 10:42 < azonenberg> But i want to be able to say, in a high security environment 10:42 < azonenberg> that i can guarantee beyond all doubt that you cannot touch the management network from the DMZ network etc 10:43 < azonenberg> and having them physically separate is the easiest option 10:43 < detha> I think I like that design 10:43 < azonenberg> The FPGA will be decently large (xilinx kintex-7, either the 70k or 160k cell, TBD) 10:44 < azonenberg> So you should be able to fit layer 3 processing on it 10:44 < azonenberg> My initial firmware will be very minimal switching + vlans + 802.1q and nothing else 10:44 < azonenberg> then i'll add stuff as needed 10:44 < azonenberg> And the initial CLI will let you read per-port error/packet/byte counters, turn ports on and off, tag them with names, and force speed 10:45 < azonenberg> Full duplex only, i'm intentionally not supporting half duplex for any line rate 10:45 < azonenberg> If your gear is stuck on 10/half go use a cisco :p 10:45 < azonenberg> oh and you'll also be able to edit/view the mac table per vlan/port 10:46 < azonenberg> and configure vlans 10:46 < azonenberg> That's it 10:46 < azonenberg> My plan is to build one for initial bringup and once i've found/fixed all the bugs and (hopefully not, but probably) done a respin i'll make two more 10:46 < azonenberg> i need at least two to light up all of the data cabling i'm running in the house 10:46 < azonenberg> And then i want one more for a staging environment to test new firmware features 10:47 < azonenberg> Rather than losing the path from my workstation to my nas because of a bug in the firmware :p 10:50 <+catphish> azonenberg: sorry, i wandered off to deal with some rats 10:51 < light> ._. 10:52 < azonenberg> lol welp 10:53 < azonenberg> catphish: anyway yeah, this is a long-term project since i'm in the middle of moving 10:53 < azonenberg> and i cant build it until i'm in the new house as all of my cash right now is going to construction supplies :p 10:53 < azonenberg> So i'm working on design in the meantime 10:53 <+catphish> azonenberg: that's interesting, for me i'd definitely want the management arm to have access to the networks, but that may be achieveable by just patching it to a trunk port 10:53 < azonenberg> i also have several previous boards that need a lot of firmware 10:53 < azonenberg> catphish: yes you could patch it if you wanted to 10:53 <+catphish> azonenberg: an internal gigabit link would be nicer :( 10:54 <+catphish> but i see the security use case for having it physically disconnected 10:54 < azonenberg> I suppose i could run a point to point link on the board and leave it unpopulated by default, or something 10:54 < azonenberg> like, you'd have to physically build the board to support it 10:54 < azonenberg> but i'm not using a super beefy CPU either 10:54 < azonenberg> it's an am3358 10:54 < azonenberg> i just wanted a basic linux system with a sshd 10:54 <+catphish> if you put a link on the backplane, surely it could be optional on the supervisor card 10:55 < azonenberg> well the brain has the arm and the fpga 10:55 < azonenberg> the backplane is passive 10:55 < azonenberg> so an arm-fpga link would be on the brain 10:55 < azonenberg> and the backplane would never touch it 10:55 <+catphish> oh, i thought you were making the fpga and arm separate cards 10:55 < azonenberg> No 10:55 < azonenberg> I do plan to have *very* sophisticated debug features, that might remove a lot of the need for what you're thinking of 10:55 < azonenberg> not just port mirroring 10:56 <+catphish> that might be less useful for my specific use case then, as i was thinking of wanting a beefy arm 10:56 < Apachez> yay backdoors by design 10:56 < azonenberg> you'll be able to take traffic from a port and encapsulate it inside a udp or possibly tcp stream 10:56 < azonenberg> with cycle-accurate (few nanosecond resolution) timestamping 10:56 < azonenberg> i may make this function work below the mac layer so you'll see bad CRCs etc too if you want 10:57 < azonenberg> and the preamble and everything 10:57 <+catphish> anyway, sounds like a cool project, look forward to seeing the fpga design 10:57 < azonenberg> (can you tell i've wanted this feature when debugging embedded hardware in the past? lol) 10:57 < azonenberg> Apachez: its not a backdoor, it's a front door :p 10:57 < azonenberg> To enable debug stuff you have to be logged into the management processor 10:58 < azonenberg> And that means being on the physically separate management network 10:58 < azonenberg> catphish: also, the fpga will be capable of doing ACLs and layer-3 routing eventually 10:59 <+catphish> azonenberg: that's probably the part i'm most interested in :) 10:59 < azonenberg> Without ever touching the ARM 10:59 < azonenberg> With forwarding latencies, i'd guess, in the very low hundreds of nanoseconds 10:59 < azonenberg> maybe high tens 11:00 <+catphish> what i was hoping to be able to do was implement some kind of software defined networking where the arm pushes rules to the fpga, i'm not suite sure this concept matches what you're designing really, but still interested in it all 11:00 < azonenberg> I'm tentatively planning to have a "cut-and-forward" model internally, in which it does cut-through processing until you hit the exit queue but then it blocks until the whole packet is there and checks the CRC etc 11:00 < azonenberg> But you'll be able to turn that off and do full cut-through if you want 11:01 < azonenberg> The arm will be able to push config to the fpga 11:01 < azonenberg> You'll just have to do it form the management network 11:01 < azonenberg> And the arm cannot see packets 11:01 < azonenberg> only manipulate forwarding rules 11:01 < azonenberg> The exact interface from fpga to arm is tbd, it'll probably be a uart or spi bus or something like that 11:01 < azonenberg> Low bandwidth because it's control plane only 11:02 < azonenberg> So while you might want to fork my firmware to add SDN features, i don't see it being impossible at the hardware level 11:03 < azonenberg> My original goal was a minimalistic design that had the features i need without the massive attack surface of the 9001 legacy protocols that e.g. cisco does 11:04 <+catphish> azonenberg: yeah, i wouldn't want the arm to see packets, there's no way it would be fast enough, but for things like bgp to work, it will need to be connected to all the public facing networks 11:04 < azonenberg> Yeah 11:04 < azonenberg> As long as the arm maintains a strictly control-plane view of the network 11:04 < azonenberg> It'd work on my architecture 11:04 < azonenberg> what you're not going to do is, say, use it for layer-3 routing 11:04 <+catphish> yep, that's definitely how i'd want it, no point having an FPGS if the cpu has to see the packets :) 11:04 < azonenberg> like some of the older cisco stuff did in the "slow path" (not sure if they still do) 11:04 <+catphish> *FPGA 11:05 <+catphish> i have no desire for any slow path at all 11:05 < azonenberg> Good 11:05 <+catphish> but, i would want a path int the arm for packets addressed to the device itself 11:05 <+catphish> ie for routing protocols 11:05 < azonenberg> well the arm has two network interfaces 11:06 <+catphish> it would also need some decent resources to do routing protocols 11:06 < azonenberg> I'll have to check the module i'm using to see if it pins both out 11:06 < azonenberg> I'm using an OSD3358 system-on-module 11:06 <+catphish> RAM slots for example 11:06 < azonenberg> it's a 1 GHz cortex-a8, i think 512 MB or 1 GB selectable DDR3, power management, and some other stuff all in one multi-die BGA 11:06 < azonenberg> no, this only has in-package ram 11:06 < azonenberg> So you're not going to fit the global bgp table on it 11:07 <+catphish> that's a shame, but i guess not your target :) 11:07 < azonenberg> This was meant as a top-of-rack / access layer switch 11:07 <+catphish> sure, makes sense 11:07 < azonenberg> LATENTORANGE is going to be a similar CPU but a bigger FPGA, just scaling the datapath up to 10G/40G and is meant as a LAN core switch or for high end workstations/test equipment etc 11:07 < azonenberg> Then LATENTYELLOW was the planned border router / firewall 11:08 < azonenberg> It will have external RAM on the FPGA for storing routing tables and more complex ACL rulesets 11:08 <+catphish> thats more where my interest lies 11:08 < azonenberg> and probably a discrete CPU and ram chips/sticks 11:08 < azonenberg> instead of a module like the lower end ones use 11:08 < azonenberg> the CPU would still be for routing protocols only 11:08 <+catphish> anywway, great work, it really will be awesome to have some open source network gear 11:08 < azonenberg> Since i want the ability to do 10G or even 40G line rate routing on it :p 11:09 <+catphish> good, don't be tempted to route in the cpu :) 11:09 < azonenberg> It will be a waste deploying that on my 50/10 Mbps DOCSIS link, lol 11:09 <+catphish> i have gigabit fibre to my house :) 11:09 < azonenberg> (anybody have a cheap OC48 they want to run to my house?) 11:10 < azonenberg> LATENTRED/LATENTORANGE will be loaded to a much higher level because I'm going to be having a lot of high bandwidth test equipment on the LAN 11:10 <+catphish> right, gotta go do some "yard work" 11:10 < azonenberg> So i will have quite a few active 10/40G LAN pipes 11:10 < azonenberg> And i should sleep, so i can get up tomorrow and build the house this gear is going to go in 11:10 < azonenberg> :p 11:11 <+catphish> good luck :) 11:11 <+catphish> i want to build a house one day 11:11 < skyroveRR> hi catphish 11:11 < azonenberg> i'm more rebuilding than building 11:12 < azonenberg> the framing, foundation, plumbing, and most of the hvac are staying 11:12 < azonenberg> as is all but one exterior wall 11:12 < azonenberg> But by the time i'm done it will be all new electrical, sheetrock, flooring, roof... 11:12 < azonenberg> insulation 11:12 < azonenberg> Full kitchen and bathroom remodels after i move in, they're not happening quite yet 11:13 < azonenberg> i just tore out one wall in one bathroom to get to some electrical stuff 11:14 < tempate> Hello. I'm trying to set up a basic web server accessible from the internet in my raspberry ip. Everything is up and running locally, but port forwarding is not working correctly with my router (Livebox). I've tried everything from closing the firewall to changing ports, but nothing seems to work. It may also be noted that I'm checking if the site is app using my phone data. Does anyone have any idea of what the problem might be? 11:14 < skyroveRR> Can you access your site internally? 11:15 < tempate> yes 11:15 < skyroveRR> From your lan, I mean. 11:15 < tempate> I can by using the private ip 11:15 < skyroveRR> What IP is your web server binded to? 11:15 < tempate> 192.168.1.115 11:15 < tempate> you mean the public one? 11:16 < skyroveRR> Try binding it globally. 0.0.0.0 11:16 < tempate> at the moment it's just apache2's confirmation page 11:16 < skyroveRR> Then see if it works. 11:17 < tempate> I'm rooting ports through the NAT, that's how it's supposed to be done, right? 11:17 < skyroveRR> What do you mean "rooting ports"? 11:17 < tempate> mapping ports* 11:18 < skyroveRR> That's fine.. 11:18 < skyroveRR> Bind your server on a meta IP. 11:18 < skyroveRR> And check. 11:19 < tempate> I'm not truly sure of what you are asking. One my livebox I have a NAT - Mapping ports, where I can select which public ports should redirect where. If I try to set up the LAN IP there to 0.0.0.0 I get "That's not a valid ip". 11:23 < tempate> or do you mean setting up a static ip through dpcpcd.conf, skyroveRR 11:26 < vdamewood> tempate: What's the Listen directive look like in your httpd.conf file? 11:28 < azonenberg> tempate: better question 11:28 < azonenberg> have you packet sniffed on the pi? 11:28 < azonenberg> or ideally from the router on the lan/upstream interface if it has that capability 11:29 < azonenberg> (this is one of the reasons i like using a full linux box as a router, or something else that can do packet captures) 11:29 < detha> other question, from where are you testing the outside address? 11:30 < tempate> detha: phone data 11:30 < tempate> azonenberg: no, I haven't 11:30 < detha> ok, that should work. As long as it is from outside your localnet 11:30 < tempate> I don't understand why I must check from outside the localnet though 11:33 < Apachez> or an even better question, do you wanna hug? 11:36 < tempate> azonenberg, what should I do now? try to packet sniff? I'm pretty sure my router is not a full linux box... 11:57 < tempate> skyroveRR: are you still around? 11:57 < tempate> can anyone please help me out? 12:31 < wrenny> Once I set my router into 'Native' IPv6 mode, shouldn't my client list in the router show IPv6 addresses because in my Router I still see typical IPv4 addresses like 192.168.... ? 12:32 < Apachez> depends on if you have ipv6 clients 12:32 < wrenny> I have a big list 12:32 < wrenny> all show 192.168... 12:32 < wrenny> cellphone, computers 12:32 < wrenny> printer 12:33 < wrenny> how do I go about verifying if it's setup right? 12:33 < psprint> Anyone familiar with LwIP? I suspect too low MEM_SIZE setting in my project, I am right aren't I? http://lists.nongnu.org/archive/html/lwip-users/2018-04/msg00096.html 12:34 < wrenny> cuz I've never been on IPv6 yet before 13:31 < nikname> hi 13:33 < nikname> if I want to troll, where do I go? 13:34 < Emperorpenguin> You can fuck right off I'd say 13:34 < nikname> tux! :D 13:34 < nikname> is that you? 13:36 < Emperorpenguin> Maybe 13:37 < nikname> where have you been? I've never heard of anyone after my case 15:00 < Apachez> http://www.nsfwyoutube.com/watch?v=qghQ5eKGcyE 15:23 < blingrang> nsfw on #networking? 15:23 < Apachez> network safe for work 15:23 < Apachez> what did you think that acronym meant? 15:27 < blingrang> network safe hehehe. Now you're just pulling my leg. 15:27 < blingrang> https://www.urbandictionary.com/define.php?term=NSFW 15:30 < Apachez> "NSFW" != "nsfw" 17:08 < Project86__> Can anyone recommend me a good 2fa program to use on ARM? 17:13 < mniip> sigavax[m]: prod 17:19 < seven-eleven> what's the most common cause for a failing PPPoe session between a VDSL end customer and an ISPs authentication server that gets an L2 bitstream from the ISP's BNG, that they rent the line from? customer's router is BNG capable, customer's line is synchronous to the DSLAM, DSLAM port configuration is fine, port is not blocked in the BNG. i guess the cause is in the ISP's authentication server, failing to recognize the LINE 17:19 < seven-eleven> ID and therefore denying any handshake from the L2 bitstream 17:49 < LFSveteran> https://pastebin.com/yBcwtBWc 17:49 < LFSveteran> The idea is that a samba request is forwarded tot the server 192.168.10.1 17:52 < LFSveteran> hmm shouldn't --to-source be the IP of eth0? 18:11 < k12> Can a UPS keep a modem from going offline during a power outage? Or no? 18:12 < LFSveteran> depends on what's between the modem and the end 18:13 < LFSveteran> if the home pabx or the telephone centre is affect too by the power outage.... 18:14 < LFSveteran> modem will stay on but be sure the rest of the infrastructure isn't affected by the outage 18:32 < redrabbit> that's why i use a cellular failover 18:33 < RogerFederer__> hey 18:33 < RogerFederer__> is it ok if i ask a question 18:33 < redrabbit> no 18:33 < skyroveRR> haha 18:33 < skyroveRR> RogerFederer__: sure! 18:33 < RogerFederer__> wat 18:34 < RogerFederer__> are you going to help me now or not 18:35 < skyroveRR> Depends on your question. 18:35 < RogerFederer__> how do i jam a CCTV security camera 18:35 < skyroveRR> Getout. 18:35 < redrabbit> thuggin''''' 18:35 < RogerFederer__> its important 18:36 < skyroveRR> Nope. 18:37 < redrabbit> livin' that gangsta thugg lyfe 18:37 < LFSveteran> simple... 18:38 < LFSveteran> take a pot of jam, put the content on the camera and you have jammed the camera 18:38 < redrabbit> yummy 18:39 < detha> LFSveteran: does the brand of jam matter? 18:39 < LFSveteran> maybe some birds will come over too, and the security guard has his own private "birds" movie 18:39 < LFSveteran> No, as long as it's a delicious one 18:40 < RogerFederer__> so like 18:40 < RogerFederer__> are you a bunch of fucking idiots or what 18:40 < RogerFederer__> there are ways to jam a security camera 18:40 < skyroveRR> pppingme: ^ 18:40 < skyroveRR> xand: ^ 18:40 < RogerFederer__> without the use of a sugary type toast spread substance 18:41 < LFSveteran> yes there are many ways.... 18:41 < RogerFederer__> u can fuck i t up 18:41 < RogerFederer__> so if u dont know the answer just say so 18:41 < skyroveRR> One of them is by calling the ops, like pppingme and xand 18:41 < LFSveteran> strawberry jam, applejam, pearjam 18:41 < RogerFederer__> or just spill the beans 18:41 < RogerFederer__> hit me up 18:41 < skyroveRR> RogerFederer__: go ask elsewhere, buddy 18:41 < RogerFederer__> this is a networking question 18:41 < RogerFederer__> why dont u answer it 18:41 < skyroveRR> What's with that attitude? 18:41 < RogerFederer__> is it because you do not know the answer? 18:42 < skyroveRR> You aren't paying us, asshole. 18:42 < skyroveRR> Fuck you. 18:42 < LFSveteran> another solution" 18:42 < RogerFederer__> how much u want 18:42 < skyroveRR> As much as the US President gets paid annually. 18:42 < LFSveteran> take a pair of scissors and cut the network cable 18:42 < RogerFederer__> since when do u people pay for answers here lol 18:42 < RogerFederer__> it just doesnt happen 18:43 < RogerFederer__> ppl come in and ask ridiculous questions 18:43 < RogerFederer__> that a $200/hour consultant should be answering 18:43 < RogerFederer__> and they get it free 18:43 < RogerFederer__> but suddenly some one tells me i gotta pay 18:43 < RogerFederer__> fuck that shit 18:43 < skyroveRR> We consider special cases, like your case. 18:43 < LFSveteran> lost with tennis? 18:43 < skyroveRR> In which case, we charge. 18:43 < redrabbit> We jammin' I wanna jam it with you We jammin' I hope you like jammin' too 18:43 < LFSveteran> yeah mon' 18:44 < RogerFederer__> but you'll run to ask some idiot's question 'how do i create a VLAN in my mommy's basement??? 18:44 < LFSveteran> sure, cause we also want to know what happens in mommy's basement 18:45 < redrabbit> you aint entitled 18:45 < RogerFederer__> yes i am 18:46 < RogerFederer__> i am #1 tennis player in the world 18:46 < skyroveRR> get lost buddy 18:46 < RogerFederer__> i aint your buddy so dont call me 1 18:46 < LFSveteran> #1 on the losers list indeed 18:46 < redrabbit> delusional af dawd 18:46 < LFSveteran> buddy 18:46 < RogerFederer__> LFSveteran is a loser but a happy one 18:47 < LFSveteran> glad to be a happy loser 18:47 < LFSveteran> and always of pot o' jam with me 18:47 < RogerFederer__> maybe you should answer my question, faget 18:47 < LFSveteran> nooo..there are no fagets in my jam 18:47 < aruns> Hey guys, I have a quick question, our company has client sites running on servers owned by a hosting provider that only allows FTP connections, and you have to manually unlock the FTP server for your site in the hosting panel. If you attempt to connect to the FTP server without first unlocking it, even if your credentials are valid, the connection will be refused. 18:48 < RogerFederer__> yeah answer that one LFSveteran 18:48 < RogerFederer__> make yourself useful 18:48 < detha> aruns: tell them to find a better hosting provider 18:48 < RogerFederer__> or r u too stupid 18:48 < LFSveteran> it's a quick question, that will cost money 18:48 < skyroveRR> Hi detha 18:48 < redrabbit> you must have a lot of success with your princess attitude 18:48 < RogerFederer__> LFSveteran is yet to answer a single person's question 18:49 < RogerFederer__> because he's an idiot 18:49 < aruns> I'm playing around with FTP in Node, the return code for when the FTP server isn't unlocked is 530, which apparently happens when the server deems your credentials invalid. 18:49 < LFSveteran> aruns are you married / in love / engaged? 18:49 < skyroveRR> lol 18:49 < aruns> Does anyone know if there is like a standardised return code for when an FTP server is locked? 18:49 < redrabbit> what have YOU accomplished 18:49 < LFSveteran> just want to be sure aruns is single 18:50 < aruns> detha: It's cheap hosting, not bad, but not good either :P 18:50 < tds> aruns: is this at least FTP over TLS? 18:50 < tds> plain old ftp shouldn't be used anymore 18:50 < aruns> Nope. 18:50 < aruns> It's not SFTP. 18:50 < redrabbit> gross 18:50 < tds> well, ftp over tls is normally called ftps, sftp is different 18:50 < tds> but you want one of those 18:51 < tds> and if they don't do either, it's certainly time to find a new provider :) 18:51 < aruns> Oh, I'm not super clued up on the networking protocols. 18:51 < aruns> I've seen TLS used a lot with email though. 18:51 < tds> yes, TLS is normally used for connections to mail servers as well 18:51 < detha> aruns: please tell me the password for the control panel is different from the ftp password 18:51 < tds> again, if they don't offer encrypted SMTP/IMAP connections, switch company 18:51 < aruns> @detha It is. 18:52 < aruns> The worst part is 18:52 < redrabbit> cleartext gaping hole ftw 18:52 < aruns> We don't even get access to the server configuration 18:52 < aruns> Only .htaccess 18:52 < tds> that's how most shared hosting setups are done 18:52 < aruns> Yeah. 18:52 < redrabbit> run it yourself on a vps 18:53 < tds> ^ 18:53 < tds> (but only if you're happy to manage it) 18:53 < RogerFederer__> i am highly superior at tennis 18:53 < aruns> Why would I pay for VPS hosting for a client site when the agency is footing the bill ;P 18:53 < LFSveteran> Roger Roger 18:53 < RogerFederer__> get your agency to pay for the vps 18:54 < RogerFederer__> LFSveteran no talking please 18:54 < LFSveteran> Learn how to tennis 18:54 < aruns> lol 18:54 < aruns> But anyway 18:54 < aruns> Back to my question 18:54 < redrabbit> RogerFederer__: so you are good at taking BALLS is that right 18:54 < LFSveteran> lol 18:54 < aruns> Is there a standardised return code for when an FTP server is locked? 18:54 < aruns> I am guessing not. 18:55 < detha> aruns: 'locked' is not something the original ftp designers envisaged 18:55 < aruns> I see. 18:56 < RogerFederer__> yeh ftp servers were never designed with security envisagements 18:57 < LFSveteran> And tennisplayer where never designed for networking 18:58 < redrabbit> they are ball handlers 18:58 < RogerFederer__> LFSveteran even tennisplayers know more about networking than u 18:58 < RogerFederer__> i havenet heard you say 1 single intelligent thing 18:58 < LFSveteran> Seems he can't handle it 18:59 < skyroveRR> RogerFederer__: why the F do you want a cam? 18:59 < LFSveteran> You will never hear me say something intelligent, since IRC hasn't the ability to transfer audio 19:00 < LFSveteran> it TEXT chat no AUDIO chat 19:00 < redrabbit> well there is tts 19:01 < LFSveteran> too difficult for him 19:01 < aruns> You guys feel like answering another networking question for a networking n00b like myself? :D 19:01 < aruns> I am trying to figure out a good way of sharing my local domains in the office with other devices connected to the network, such as iPhones. 19:02 < tds> what do you mean by "my local domains"? 19:02 < RogerFederer__> LFSveteran shouldnt you be out collecting your welfare cheque 19:02 < RogerFederer__> ? 19:02 < tds> if you mean the search domain, that should be sent out by the DHCP server (or in RAs for ipv6) 19:02 < aruns> @tds Any of my Apache virtual hosts. 19:02 < aruns> Such as some-site.dev 19:02 < tds> don't use .dev 19:02 < tds> unless you've got it from google 19:02 < aruns> I don't use it anymore. 19:03 < aruns> Yeah 19:03 < aruns> I know it's a TLD now. 19:03 < tds> they certainly made a bit of a point with enable hsts for it as well :) 19:03 < redrabbit> https://translate.google.com/translate_tts?tl=en&client=tw-ob&q=handle+my+balls 19:03 < aruns> I know I can just use real domains but point it towards my IP. 19:03 < redrabbit> enjoy 19:03 < tds> for a small network you can just run an internal dns resovler and set records there 19:03 < tds> just using a public nameserver works as well 19:04 < aruns> But if I need to share any of my local sites with my colleagues, I would prefer to be able to use custom domains. 19:04 < tds> if it's all internal, an internal dns server is likely the easiest solution 19:04 < aruns> Yeah, I think so too. 19:06 < aruns> So for example, if I am using Google's DNS servers, I would just need to change my machine to point towards the internal DNS server then? 19:06 < tds> if devices are using dhcp already, you can just change the dns resolver handed out by dhcp 19:06 < aruns> Ah OK. 19:07 < aruns> So I don't necessarily need to change any settings on my actual machine. 19:07 < redrabbit> screw google, there is 1.1.1.1 now 19:08 < redrabbit> its supperior 19:08 < santost12> I have to run my openvpn server on 443/TCP for it not to be slowed down. If I run it on UDP with almost any port, the openvpn traffic is throttled. Almost any website takes like 1 or 2 minutes to load when throttled. Sometimes nothing loads. Is there a way I can obfuscate the openvpn traffic and still use UDP? I don't like using TCP for openvpn. 19:08 < LFSveteran> 1.1.1.1 FTW! 19:09 < skyroveRR> *burp* 19:09 < LFSveteran> cheeers 19:09 < tds> redrabbit: 1.1.1.1 is legacy, you want 2606:4700:4700::1111 ;) 19:09 < redrabbit> santost12: i run 2 instances 19:10 < aruns> tds: Any good, easy to use DNS servers for Windows you would recommend? 19:10 < redrabbit> tds: ikr 19:10 < redrabbit> 1.1.1.1 aruns 19:10 < santost12> One for UDP and another for TCP? Do you 'link' them together? 19:11 < redrabbit> santost12: 1 tcp, 1 udp 19:11 < redrabbit> yep 19:11 < yuljk> Ruffled goose 19:13 < santost12> I have heard about obfsproxy but that doesnt support UDP. I was using obfsproxy with shadowsocks and that worked but Iwanted to use a VPN instead 19:15 < detha> santost12: what are you protecting against with the vpn ? 19:16 < redrabbit> its a way to get in his lan maybe 19:16 < santost12> throtteling 19:16 < redrabbit> ah 19:18 < detha> wait. you are using a UDP VPN to protect against your ISP throttling ? That somehow doesn't sound right. 19:19 < detha> UDP is the first thing that gets throttled 19:19 < skyroveRR> lol 19:19 < skyroveRR> Funny but true. 19:19 < santost12> I am using it on tcp/443 right now. I would prefer to use UDP because I dont want to have "double TCP". For most networks that dont want you using openvpn, would tcp/443 be good enough? 19:20 < skyroveRR> santost12: no, don't use 443. Still too easy to block. 19:20 < redrabbit> anyone using ball or vertical mouse here 19:20 < skyroveRR> santost12: in fact, no standard ports. 19:21 < santost12> What port range should I use? 19:21 < tds> tcp/443 with stunnel + a valid cert should get past most filtering 19:21 < redrabbit> i wonder which is best for rsi 19:22 < santost12> http://www.speedtest.net/result/7266404307.png TCP/443 openvpn connection 19:22 < santost12> that is the best speeds ive gotten 19:22 < detha> tds: neh. typical 443 connections don't last more than a couple of seconds, couple of minutes at most. Cut TCP/443 after 15 minutes, no more VPNs 19:23 < santost12> ohh. Thats right. I see 19:23 < santost12> I didnt think about that. 19:23 < redrabbit> tcp/443 has been enough to bypass this stuff for me so far 19:23 < tds> detha: wouldn't that also cause issues with other long-running https connections? (eg websockets) 19:23 < tds> or do they reconnect restart anyway? 19:24 < tds> oops 19:24 < detha> tds: it does. but most long-running things are built with auto-reconnect 19:24 < tds> regularly reconnect* 19:24 * tds should stop eating with one hand and typing with the other 19:25 < LFSveteran> just type with two hands, and eat with two hands ;) 19:25 < detha> hmm. voice-to-text wouldn't help in this situation. 19:25 < tds> lol 19:25 < redrabbit> 2nd day using dvorak here 19:26 < redrabbit> i feel just as bad as using 1 hand 19:26 < tds> I've been slowly learning it for about a year now (very occasionally) and should really switch sometime, how is it? 19:26 < detha> https://twitter.com/dmofengineering/status/989937296777494528 19:26 < redrabbit> its to help with rsi 19:27 < redrabbit> i have already done all the rest 19:28 < redrabbit> standing desk, aeron, ergodox ez 19:28 < redrabbit> ergo mice 19:31 < redrabbit> dvorak was designed to avoid strain 19:33 < redrabbit> before the pain, i never questionned qwerty 19:40 < Truxx> I wonder: If you have a slow built-in umts connection, it might be possible to use an usb stick with a different sim to establish a connection. 19:40 < Truxx> Is there a way to use both of these connections as one for faster internet? 19:41 < Truxx> There used to be back in the days isdn channels doing something like that. 19:41 < redrabbit> load balancing 20:30 < Apachez> https://i.imgur.com/MEuz2GH.jpg metric (iso) vs imperial system 20:34 < obcecado> ha 20:37 < Evidlo> theres two types of countries. those that used the metric system... 20:37 < anddam> howdy 20:38 < Evidlo> and those that also used the metric system to go to the moon 20:39 < Evidlo> though I think the astronauts still used customary 20:41 < anddam> I have an AP whose configuration is unknown, what's an easy way to read the IP address of the device? I figure at some point in boot it's going to send some IP packet with a source address 20:41 < anddam> it a small home AP with either openWRT or dd-wrt flashed on many (many) years ago 20:42 < djph> nmap the network 20:44 < Peng_> [printer bursts into flames] 20:44 < djph> Peng_: forgot the blood sacrifice this month? 20:45 < anddam> djph: doesn't nmap work at a higher level, either TCP or UDP? 20:46 < anddam> djph: or, better said, how do I nmap the network if I don't know the IP configuration? 20:46 < LunaLovegood> there's an app called 'netdiscover' 20:46 < LunaLovegood> It does what you want 20:47 < Evidlo> you can use `tcpdump -ni eth0`, then unplug/replug the device to your router 20:47 < LunaLovegood> pings a whole subnet, and also reports the MAC/IP from random packets received from unknown hosts 20:47 < anddam> LunaLovegood: checking it 20:48 < LunaLovegood> err, sorry. I was wrong. It only reports on ARP packets. 20:48 < anddam> Evidlo: ah I remembered something like tcpdump but I wasn't sure that was it, and the 'tcp' misled me 20:48 < anddam> LunaLovegood: also I don't know what subet to ping 20:48 < LunaLovegood> still should be enuff for 90% of casses 20:48 < LunaLovegood> it tries the usual 192.168/16, 172.?**?, 10.0.0.0/8 20:49 < LunaLovegood> You can have it test the whole 0.0.0.0/0 if you really want; shouldn't take more than a few hours. 20:50 < Evidlo> cant you just reset the AP? 20:51 < LunaLovegood> ^^^ yeah, hold the reset button while powering it. It should end up somewhwre in the 192.168.0.0/16 20:53 < anddam> I can but I don't know what's on it, if I manually set something odd 20:53 < anddam> I haven't powered this thing up for like 6-7 years 20:54 < anddam> it's a small LaFonera I'm using to get better wifi in a remote room 20:54 < anddam> thanks for the info 20:55 < LunaLovegood> unless you changed the firmware, it should end up with one of the default ddwrt or openwrt admin passwords so try those first, from a wired connection. 21:05 < sunrunner20> I need some help with a basic Ubuntu IPtables/ufw forwarding traffic from the main IP to an LXC container on a bridge interface and still allowing ssh access to the host. I tried a tutorial but I must have done something wrong and ssh broke 21:06 < sunrunner20> I used this tutorial: https://www.cyberciti.biz/faq/how-to-configure-ufw-to-forward-port-80443-to-internal-server-hosted-on-lan/ 21:10 < anddam> seems it's 192.168.1.1 21:10 < anddam> was simple enough, thanks 21:10 < anddam> tcpdump did the trick 21:15 < iddqd-idkfa> OK, so somewhat more interactive question: I have been told I'm getting promoted to 'manager' 21:15 < iddqd-idkfa> And now I get to write my own job description 21:15 < iddqd-idkfa> The new title must have "manager" in it, and I'm leaning towards "network operations manager" 21:15 < iddqd-idkfa> so: What should the job description actually have? 21:16 < Miguel2013> my wireless n 150mbps card that actually runs at 48mbps has a default latency from the default gateway of 4-30ms can someone with a ac or newer wifi tell me what's ur ping latency to ur local gateway? 21:17 < djph> Miguel2013: 0.1 to 20 21:17 < djph> but really that depends on how congested teh channel is (i.e. how many devices I have connected) 21:18 < Miguel2013> wired uses only 1 channel? 21:18 < Miguel2013> djph, what's ur wifi technology 21:19 < djph> Miguel2013: depends. Laptop is ac. Other devices are n. 21:19 < Miguel2013> I was told servers don't run well over wifi cause of latency at least 21:19 < djph> well, yeah, servers *should* be wired. 21:19 < djph> and no "the channel" has nothing to do with wired connections 21:19 < Spice_Boy> n isn't a frequency 21:20 < djph> Miguel2013: he asked for the wifi tech, not the frequency (but near on all are 5 Ghz, except for the kindles, which are b/g only) 21:20 < djph> err Spice_Boy ^^ 21:20 < sunrunner20> no help? :( I'm terrible with networking 21:21 < Miguel2013> djph, the channel or band 21:21 < Miguel2013> ur ac is at 5gbz? 21:21 < Spice_Boy> djph: fair enough... I just woke up, still half asleep 21:21 < iddqd-idkfa> your latency can also be affected by interference in the area, penetration and distance. 21:21 < djph> sunrunner20: hmm? 21:21 < Miguel2013> that's why some cards are dual band to run as hotspots? 21:22 < Reventlov> ? 21:22 < sunrunner20> I need some help with a basic Ubuntu IPtables/ufw forwarding traffic from the main IP to an LXC container on a bridge interface and still allowing ssh access to the host. I tried a tutorial but I must have done something wrong and ssh broke 21:22 < sunrunner20> I used this tutorial: https://www.cyberciti.biz/faq/how-to-configure-ufw-to-forward-port-80443-to-internal-server-hosted-on-lan/ 21:22 < sunrunner20> damnit 21:22 < sunrunner20> sorry guys 21:22 < sunrunner20> meant to rephrase that as one line 21:22 < iddqd-idkfa> no. Cards are dual band because some places have either 21:22 < Reventlov> Being dual-band has pretty much nothing to do with being a "hotspot" 21:22 < iddqd-idkfa> I have some locations (not many now but some) that are 2.4 only 21:22 < Reventlov> me too. 2.4GHz has some advantages. 21:23 < iddqd-idkfa> if your card had only 5GHz you'd be SOL 21:23 < iddqd-idkfa> yep. Penetration/distance. 21:23 < iddqd-idkfa> lower top speed but greater range 21:23 < Apachez> SOL? 21:23 < iddqd-idkfa> my kingdom for 900MHz 'wifi' 21:23 < Apachez> sweden online 21:23 < iddqd-idkfa> shit out of luck 21:23 < Apachez> my left testicle for 700MHz wifi 21:23 < iddqd-idkfa> (I know 900MHz actually exists but...) 21:24 < Reventlov> that's called 4G, nope ? 21:24 < Reventlov> :> 21:24 < sunrunner20> there's 'wireless' network cables running at 60ghz iirc 21:24 < Reventlov> 802.11ax 21:24 < sunrunner20> I bet they can't penetrate a sheet of paper. 21:25 < iddqd-idkfa> yeah. ax is going to suck. 21:25 < Reventlov> ad* 21:25 < Reventlov> sorry 21:25 < LFSveteran> any good book to master the art of networking with iptables? 21:25 < iddqd-idkfa> yeah I jumped with you 21:26 < Reventlov> LFSveteran: don't use iptables ? :| 21:26 < LFSveteran> why not? 21:26 < Reventlov> (I use nftables and my life is better) 21:26 < iddqd-idkfa> wait. ad was the old WiGig standard. ax is the new hotness. 21:27 < Reventlov> but ad is in 60GHz 21:27 < iddqd-idkfa> and will suck. 21:27 < iddqd-idkfa> yeah but did anythign even get manufactured for it? 21:27 < iddqd-idkfa> I know Aruba's already throwing significant glances at me for ax access points 21:27 < Miguel2013> i have a wag511 netgear with atheros chipset. what driver is good for stable reliable connection on ubuntu 21:28 < Reventlov> the mainline driver associated to your chipset? 21:28 < Reventlov> or are you speaking client side ? 21:28 < Miguel2013> it loads mac80211 and ath5k but when I connect it it has some irqpool problem 21:28 < iddqd-idkfa> Nuke it from orbit. 21:28 < iddqd-idkfa> it's the only way to be sure 21:29 < Miguel2013> I connected it to a pentium 3 laptop 21:29 < sunrunner20> uh 21:29 < sunrunner20> why? 21:29 < iddqd-idkfa> welp I'm dead 21:29 < iddqd-idkfa> pentium iii killed me 21:29 < sunrunner20> I can mail you a better laptop for $50 + shipping 21:30 < sunrunner20> you'll need a hdd though 21:30 < iddqd-idkfa> "this 20 year old chipset doesn't work anymore, anybody help?" 21:30 < iddqd-idkfa> wait you connected what to the pentium 3 laptop 21:31 < iddqd-idkfa> omg PCMCIA?? 21:31 < iddqd-idkfa> https://www.netgear.com/support/product/WAG511.aspx 21:32 < iddqd-idkfa> see now you killed trekkie 21:32 < sunrunner20> just use a usb adapter 21:32 < sunrunner20> OHHHHHHH 21:32 < Miguel2013> https://imgur.com/gallery/tUEgSCE 21:33 < sunrunner20> bad link Miguel2013 21:33 < Miguel2013> available moementarily 21:33 < Miguel2013> I have a wireless n card usb chipset but I wanted to use this wag511 since i bought it in 2010 21:33 < Miguel2013> and never could 21:37 < Miguel2013> i would use my pentium 4m instead but it has a bad keyboard and the usb expansion card doesn't work there seems to have a problem with pcmcia sockets 22:18 < djph> sunrunner20: $50 huh? what country? 22:19 < djph> o_O WEP ?! 22:21 < sunrunner20> djph, its a piece of complete shit 22:21 < sunrunner20> but its way newer and faster than a p3 laptop 22:25 < sunrunner20> its some wyse thinclient that you can put a regular 2.5" hdd into 22:25 < sunrunner20> i've got it with 4gb ram running windows 10 22:25 < sunrunner20> runs win10 ok-ish 22:27 < djph> stick *nix on it :) 22:42 < gartral> not really sure if this is the right place to ask, but does anyone have any info on tclclouds.com? I just started getting a massive (relatively) amount traffic from them.. I can see they have a bunch of servers but it seems they're a "find my phone" service... I've blackholed the traffic for now 22:43 < SimonaRodriquez> I'm taking an interview in a couple of weeks where they'd possibly focus on networking a lot. Would it be advisable to pick up a book (like Tanenbaum) and glance through it quickly or is there some other good resource out there? 22:45 < memmo> Perhaps a stupid question. I picked up Google Wifi today for my home after hearing some positive reviews from some colleagues. My old network was setup by a AV installer and the old address of my router was 10.0.0.1 . I also have a bunch of static devices (10.0.0.55 etc) which were things like a NAS, home automation controller etc 22:46 < memmo> I want to update the Google Wifi's LAN Ip to be 10.0.0.1 and I see the page where to do that, but as soon as I change it from its 192.168.xx.xx address, the save button grays out 22:46 < memmo> Anyone have experience with Google Wifi ? 22:47 < gartral> memmo: disonect the wifi AP from your modem, do the setup, turn it off and reconnect it 22:48 < memmo> gartral: I have it working now .. but have a 192.168.xx.xx IP 22:48 < memmo> you think disconnecting the Wifi AP, and running the setup again will produce a different result? 22:51 < gartral> if you want a custom IP range, yes, at least that's what I remember from setting up one of those little white coasters. 23:22 < djph> that's ... annoying 23:27 < LFSveteran> ah..JohnMcEnroe left.... --- Log closed Sun Apr 29 00:00:02 2018