--- Log opened Sat May 12 00:00:17 2018
00:12 < electricmilk> Any idea why MX records are bouncing back and forth between the old record and the new record when I query in NSLOOKUP?
00:12 < bezaban> electricmilk: quering different servers?
00:12 < electricmilk> Nope same server
00:13 < electricmilk> I'm not the one that made the record change...is it possible that the gentlemen that helped added two records? Is that even possible with MX?
00:13 < bezaban> so only one dns server in use?
00:13 < Gollee> if he added two records you should get both back I think
00:13 < Harlock> you can have multipel mx
00:13 < Harlock> multiple
00:13 < Harlock> it's very common
00:14 < Harlock> mutiple dns records will round robin
00:14 < xamithan> Maybe the DNS is round-robin and it isn't replicated yet
00:14 < electricmilk> ah okay
00:14 < xamithan> lol what he said
00:17 <+catphish> electricmilk: i'd say you're querying different servers that have cached different values, even if you don't realise
00:18 <+catphish> electricmilk: dig will tell you the remaining ttl
00:18 < electricmilk> I've set the server as 1.1.1.1 and tried 4.2.2.2 and 8.8.8.8
00:18 < electricmilk> ah okay...just dig foobar.org?
00:18 <+catphish> dig lets you try different servers too, but yes
00:18 <+catphish> eg dig foobar.org @8.8.8.8
00:19 <+catphish> foobar.org.		299	IN	A	46.182.8.5
00:19 <+catphish> 299 is the remaining ttl
00:19 <+catphish> now...
00:20 <+catphish> if i do that repeatedly, i get diferent remaining ttl values, obviously from different 8.8.8.8 backend servers
00:25 < Blue_> what stuff can I do with a spare router
00:26 < Blue_> i.e stuff to learn
00:26 < Gollee> whatever you fancy
00:26 < Blue_> Im not sure what there is
00:26 < pekster> electricmilk: You should verify all the authoritative hosts for your domain currently return the same record; the rest is (most likely) a result of normal caching. In the future if you plan to make changes you're better off reducing the TTL ahead of the change to reduce cache propogation delays
00:26 < Blue_> maybe its tak-talk centric jargon
00:27 < Blue_> or whoever made the router
00:27 < pekster> s/same/expected/
00:27 < electricmilk> The guy managing our dreamhost account doesn't see a darn TTL settings
00:27 < electricmilk> *setting
00:28 < Blue_> I disabled WPS
00:28 < Blue_> most of the other settings I had no clue what they were aside from the usual
00:28 < pekster> electricmilk: Again, not really relevant; you can't do squat about a recursor on the public Internet that cached your (then-valid) records for the TTL at the time they were queried, even if they're now "old" in your opinion. Other recursors only know what they're told
00:29 < electricmilk> ah I see
00:29 < pekster> electricmilk: I'm suggesting you verify any listed NS for the (sub-)domain in question is currently accurate. Assuming they are and returning correct data, you just have to wait up to a possible max of whatever the TTL was the moment before you made the change
00:30 < electricmilk> Damn it was set to 4 hours...There goes email for the weekend
00:30 < electricmilk> as I have to get out of here in two
00:31 < Blue_> the model is a huwei HG633. I have some vm's to test on on its network
00:32 < pekster> "Stepping down" TTLs for longer records is common. Say you have stable MX records and set them to 1 week TTL, but plan to make changes next week. You might lower the TTL to 1 day, then 36 hours before lower it again to 12 hours, 14 hours before lower it to 2 hours, and 3 hours before lower it to 5 minutes. Your DNS rate will go up each "step down" but you'll reduce length of propogation time
00:36 < Blue_> so id like to make a hidden subnet using the spare router
00:36 < xamithan> hidden?
00:37 < Blue_> yeah so only my VMS can see/use it
00:37 < Blue_> that shouldnt be hard cause virtualbox has an option called briged adapter
00:37 < pekster> Firewalls protect things. Provided you control your existing routing, don't "hide" it at all but set up proper routing, and feel free to filter inbound traffic to this protected downstream network as much as you'd like
00:37 < xamithan> I don't think you can stop things from seeing it
00:38 < Blue_> like you have to type an IP manually
00:38 < egam> what does it mean when my modem firewall logs a ping of death with a source ip that's not mine and a target ip that's not mine?
00:38 < xamithan> That isn't hidden,  that is just no routes
00:38 < Blue_> therefore it doesnyt show up in a devices wifi network list automatically
00:39 < pekster> No, this is what a firewall between networks does
00:39 < pekster> If you mean network discover, don't put crap on the same LAN that's either going to broadcast its presense or accept network discovery. If you want security, use a firewall, not obfuscation
00:40 < pekster> If you want to protect OSI L2 attacks (ARP / NDP spoofing) then you either use 802.1X (rather a pain if you don't have it already) or separate networks provided you trust the core/inside routers
00:41 < Blue_> the OS's im using are quite old too I should mention
00:41 < xamithan> If you lazy just throw up an ACL and call it a day
00:41 < pekster> Blue_: Basically you need a much better definition of your threat model before you go about trying to "hide" or "manually" do things. Figure out what the threat is, then identify what combination of topology and security you need
00:41 < knaaaaaa> hi my port 994 is not open
00:41 < Blue_> I just dont want devices accidentally connecting to the VM test network
00:41 < knaaaaaa> is that right?
00:41 < Blue_> thats it basically
00:42 < pekster> Blue_: My solution for that is pretty simple: I've only got a single router for most of my network, but it serves a half-dozen VLANs, including my personal LAN, guest-LAN (access to Internet only, nothing internal,) and a couple other separate networks for things. No need for manual IPs or 2nd levels of routers or anything so obtuse
00:43 < pekster> As always, you secure cross-network traffic with a firewall, not more layers of routing. You add routing when you need separate networks to inter-connect
00:43 < egam> I assume it means someone in Poland is trying to attack someone else in the world, but why does my modem get involved in this attack?
00:44 < Blue_> there is no phone socket upstairs so the downstairs router wirelessly gives this laptop an internet connection, and then the upstairs router ... well is not needed I suppose cause virtualbox can make its own network and I can put any VM'S in it
00:45 < Blue_> the ISP put me on a contract without telling me on the phone
00:45 < Blue_> so now im in this shower of shit
00:45 < knaaaaaa> anyone?
00:45 < Gollee> knaaaaaa: why should it be open?
00:46 < Blue_> so I have a router, no phone socket upstairs and a contract im still paying for despite being moved out of the other house
00:48 < Blue_> obvioustly the house im in now has a router downstairs and my router is doing nothing
00:48 < knaaaaaa> it is used on an iPhone for networking
00:48 < knaaaaaa> And I need somebody to see if my port is closed
00:49 < xamithan> You could setup bridged mode on the router and hook ethernet up to devices
00:49 < Blue_> can you help with that
00:49 < knaaaaaa> Golle: I need gmail back in my taskbar
00:49 < Blue_> I heard its hard to set up
00:50 < xamithan> Depends on your router how hard it is.  Mostly you just choose the bridge client option and input the ssid|pass
00:50 < Gollee> knaaaaaa: are you for real?
00:50 < Blue_> ok im trying to find my default gateway
00:50 < knaaaaaa> I’m xunling
00:51 < knaaaaaa> Goller: im xunling, my Starcraft account
00:51 < Blue_> i.e the routers default IP. but something might have already taken that IP already
00:52 < knaaaaaa> my up adress is 109.40.3.21
00:53 < Blue_> do I plug the broadband port into the laptop or the # 1,2,3 or 4 ports
00:53 < Blue_> the other router is essentially the AP not this one and this router will connect to the AP router wirelessly
00:54 < xamithan> One of the 1-4 ports
01:00 < Blue_> I cant see it in device manager
01:01 < Blue_> and the default IP is not regognized
01:01 < Blue_> recognised*
01:01 < Blue_> "problem loading page"
01:24 < spaces> Gollee you might have a broken i ?
01:24 < spaces> and n as well ?
01:24 < spaces> S_SubZero I agree!
01:25 < Blue_> the router aint showing up in 'network' or 'device manager'
01:26 < spaces> Blue_ keep it that way, move to the bahama's and get a real life
01:27 < Blue_> yey
01:27 < spaces> leave the internet!
01:28 < Blue_> totally.
01:28 < Blue_> im actually trying to set up a intranet
01:28 < Blue_> not connect to the internet
01:28 < Blue_> but nice try
01:28 < Blue_> an intranets
01:32 < ufxinu-> i am usually using debian but i am in a situation where im forced to use centos, and some how i borked my network settings trying to setup a br0 (bridge), now- it seems like i can't get remote axs, i just can't get no connection working again
01:33 < ufxinu-> any1 that can help that's network guru plz pm, i think it's a centos issue tho... o well...
01:35 < spaces> Blue_ intranets are even worse
01:35 < spaces> pl later
01:35 < spaces> ok
01:35 < Blue_> yeah im leaving now cause you're A. not helpful and B. a bad troll
01:48 < spaces> hehe some people always blame others
01:50 < S_SubZero> well that's cuz it's their fault
01:55 < drudge`> goes on IRC; demands answers immediately. leaves but-hurt.
01:55 < drudge`> ta-da! mission accomplished
01:55 < djph> drudge`: those are the best people
01:55 < spaces> I hurt someone, and it was not even a woman, I suppose
01:56 < djph> s/best/second-best/
01:56 < djph> the best people are the ones you get a chance to direct to http://catb.org/~esr/faqs/smart-questions.html before they get butthurt and leave.
01:59 < drudge`> hah
02:00 < spaces> djph butthurt ? I think that's another channel
02:01 < djph> you can get butthurt anywhere on the internet.
02:03 < spaces> djph by watching youtube ?
02:06 < djph> even there
02:10 < drudge`> it's kind of hard to leave http.cat butt hurt, but i suppose if ur dog you could
02:12 < spaces> djph :O
02:13 < djph> drudge`: er, what?
02:13 < spaces> some ops on IRC that moderate some major software channels are real tards, just because they can. Freenode should do something about it
02:13 < spaces> I just saw it happening again with someone
02:14 < knaaaaaa> my ping is bad and port 456 is closed by vodafone, can you check that pleace
02:14 < xamithan> Dude thought his router would show in device manager.  I just stopped responding after he said that
02:14 < djph> xamithan: unfortunately, because users are retards, a lot of routers do these days :(
02:14 < xamithan> Maybe i'm the retard then.  Never heard of that
02:15 < knaaaaaa> help, do u want my iPad resa
02:15 < knaaaaaa> ip adress
02:15 < spaces> never blame your hardware! it cannot help it it found a retard as it's owner
02:15 < djph> xamithan: IIRC, it's the consumer-oriented crap running bonjour (etc.) that shows up (although it might be under "network devices")
02:16 < knaaaaaa> my iphone is new
02:16 < knaaaaaa> After login, button back come
02:16 < tds> yeah, I've seen a few routers running dlna media servers or whatever that show up
02:16 < knaaaaaa> a dumb guy types a wrong password with his head, to steal my source code galaxywars
02:17 < xamithan> I just don't see what good can come of that
02:17 < drudge`> i think dude is having a stroke
02:17 < xamithan> Maybe if you had an external HDD hooked up to it
02:17 < tds> yeah, I think that's the idea
02:17 < knaaaaaa> the window goes to left
02:17 < tds> some of them do print servers as well
02:17 < tds> they just install everything when building it :P
02:18 < knaaaaaa> anyone?
02:18 < drudge`> knaaaaaa did you try adjusting it top-wise near the right?
02:18 < drudge`> that usually works
02:18 < knaaaaaa> touchfield
02:19 < knaaaaaa> Brain Think Touchfield, near me is god, and I’m xunling
02:19 < knaaaaaa> It’s bad for us
02:19 < djph> xamithan: fewer calls by the retards to the retards in India you're paying to pretend to be "costumer[sic] support"
02:19 < knaaaaaa> which channel
02:20 < djph> drudge`: nah, it's an iDevice - he's just holding it wrong.
02:20 < knaaaaaa> turn it all the time?
02:21 < drudge`> put in my 2 weeks at this network support center; cant wait to get off the customer-facing support. woooo-weee
02:21 < djph> drudge`: there are always customers...
02:22 < drudge`> can't say ill miss the soudn of customers chewing in my ear and breathing heavily in the phone
02:22 < xamithan> Just wait till you are talking to CEOs or VPs
02:22 < drudge`> sales primmadonnas are a real treat
02:22 < djph> or any other mouthbreather calling IT
02:25 < xunling> help
02:36  * aaro calls 911
02:40 < knaaaaaa> can some scan me?
02:40 < knaaaaaa> do I look good?
02:40 < Project86__> Something just came to mind... if I were to use linux deploy to setup a VPN server. Would/could that essentially make my phone carrier a vps as long as it has internet?
02:41 < knaaaaaa> no
02:41 < Project86__> Damn
02:42 < tds> knaaaaaa: if you want to test connectivity back to yourself, I'd just get a vps/shell account somewhere, or you might be able to find websites to test for you
02:42 < Project86__> How come? Could I route them to work that way, or Would that just be like a wireless adhoc?
02:43 < tds> mobile providers often run cgnat, so it's entirely possible you can't have new incoming connections, which makes it slightly pointless for a vps-style setup
02:44 < Project86__> Ah ok. Thanks, there goes my amazing lightbulb moment
02:44 < tds> some mobile providers will give you a public unfirewalled ip though, so it might be worth trying
02:45 < qman__> You can get a vps for $3 a month though
02:47 < batch> hi, imagine i want to use a pi as a bridge, having wlan0 forwarding to eth0 which has a switch on the end
02:47 < batch> if i'm in debian and i want to configure all nics in /etc/network/interfaces
02:47 < Project86__> Just read about cgnat, crazy stuff. I'd like that config lol. And yeah, I can, but one of my personal philosophies is, why pay for what you can get for free?" (To extents) so if I could merge it with a bill I already pay, that provides extra security...then why not?
02:47 < batch> they all need iface X inet manual?
02:48 < Project86__> I thought it to be clever. I suppose not
02:48 < batch> i want to have it as a "wireless island"
02:49 < Project86__> Ooh, lemme look that up. Is it like decentralized VPN stuff?
02:49 < batch> Project86__ talking to me?
02:49 < Project86__> Yes. About wireless islans
02:50 < batch> more like a wireless point to point i think idk
02:50 < batch> https://www.glennklockwood.com/sysadmin-howtos/rpi-wifi-island.html
02:50 < batch> see here they use static
02:51 < batch> but some guy i know tells me to completely put everything in manual because it's a bridgedevice then
02:51 < Project86__> Oh, that's one of the setups I'm previously working on. Wireless p2p. There's a couple diff ways
02:51 < Project86__> *presently
02:51 < batch> oh ok that might be handy
02:51 < batch> can you guide me in here plz?
02:52 < Project86__> I've only read what others say. I have to find screenshots lol
02:52 < Project86__> Gimme a moment on that while I eat
02:52 < batch> so this is what i have: http://ix.io/1a5I
02:53 < batch> last 3 lines are 'ip route'
02:53 < batch> oke sure no problemo, have a nice meal :)
02:55 < batch> i'm really missing something like forwarding with iptables i guess
02:55 < batch> never thought i'd need to solve such a garbage
02:55 < batch> :D
02:57 < Project86__> What i read was to just install OpenVPN on both in a certain way, and the one without internet can p2p wirelessly to the one with internet to allows access back n forth
02:58 < Project86__> Heard that from others input here
02:58 < batch> vpn ee
02:58 <+pppingme> batch are you trying to bridge or route?
02:58 <+pppingme> when you bridge you DON'T put ip's on individual interfaces..  thats always wrong
02:58 < Project86__> I've not done iptables yet...
02:59 < batch> pppingme yeah.. hmm..
02:59 < batch> pppingme you mean like also don't give ethx1 no ip
02:59 < batch> remove address, netmask, dns ?
03:00 < batch> let me try that
03:00 < batch> didn't try that yet
03:00 <+pppingme> ip addresses go on the BRIDGE interface, not the individual member interfaces of the bridge
03:00 <+pppingme> but the ip's I see you assigning imply you want to route, not bridge
03:00 < batch> pppingme yeah
03:01 < batch> i gave br0 those settings
03:01 < Project86__> pppingme always gots the solutions
03:01 < batch> but he couldn't also not contact another ip address with ping
03:01 < batch> soo
03:01 < batch> i only need to open up wlan0 to ethx1 with iptables then?
03:02 < Project86__> Wait, me batch ?
03:02 < batch> and hope that my router does the natting?
03:02 < batch> Project86__ trying with pppingme
03:02 < batch> trying to understand from both you guys input
03:02 < batch> :p
03:02 < Project86__> batch: thought when u meant "gave br0 those settings"
03:03 < Project86__> Was bout me lol
03:03 < batch> what
03:03 < batch> oh
03:04 < batch> hmm
03:05 < batch> no wait, how can the router know that i want 10.0.0.0/16 if i don't specify it
03:05 < batch> goddamn
03:07 < batch> pppingme if you can tell me what i'm missing to make this work i'd be very happy cause it's beating me up
03:08 <+pppingme> first, decide, do you want to bridge, or route? (and by the way, bridging between wifi and ethernet isn't totally friendly for a couple reasons)..
03:09 <+pppingme> and also, how are you picturing this thing, I assume as some kind of step between your router and another device, but which side of the pi is facing the router, eth or wlan, and which side is facing the device?
03:09 < batch> oh well
03:10 < batch> isp>wlan0>bridge/route>switch>clients
03:10 < batch> that's how i picture it pppingme
03:11 < batch> actually i have another router between isp and wlan0 but that shouldn't be any issue i think
03:11 <+pppingme> so the wlan side faces your isp wifi router, and the wired faces multiple wired clients?
03:11 < batch> exactly correct
03:11 <+pppingme> hmm...  is there some reason you can't pull a cable? that would actually significantly simply this whole thing
03:12 < batch> well hmm
03:12 < batch> i might be actually making a repeater with this right
03:12 < batch> ?
03:12 < batch> :p
03:12 <+pppingme> you wouldn't even need the pi, just cable between isp switch and your new switch
03:12 < batch> yeah agreed
03:12 <+pppingme> repeater is kind of a vague word herre..
03:13 < batch> that be #1 solution
03:13 < tds> batch: were you asking about this a few weeks/days ago?
03:13 < batch> hmm how so
03:13 < tds> I seem to remember someone posting that link before
03:13 < batch> tds yes that's correct aswell..
03:13 <+pppingme> wired is best solution, if you're forced to face pi to wifi router, then wire your clients, next simplest solution is to set it up basically as a linux router..
03:14 < batch> well
03:14 < tds> as discussed then, I think you'll either need to NAT on the router, or do horrible proxy arp things
03:14 < batch> actually
03:14 < tds> (oh, where by "router" I mean pi)
03:14 < batch> i have 2 usb to ethernet adapters laying here
03:14 < batch> oke
03:14 < batch> so actually i could use ethx0 and ethx1
03:14 <+pppingme> tds nah, he could just -j MASQ as traffic exits the pi back to the real router
03:14 < batch> but i need forwarding
03:14 < batch> i wanna make it kind of a monitoring device
03:15 < batch> forwarding or routing or bridging however people may call it
03:15 <+pppingme> if you're doing two ethernet adapters there, then why are you even involving the pi?  just plug the cable from the main device into your switch and call it done
03:15 < tds> pppingme: yeah, that was what I meant by nat on the pi
03:15 < batch> so yes
03:15 < batch> NAT on the pi
03:15 < batch> but that's just not working
03:16 < tds> if you have ethernet, don't mess with nat, just do bridging
03:16 < batch> idk
03:16 < batch> vbox spoiling me cause in there it works
03:16 <+pppingme> batch ok, then there's a million very simple examples of setting up a linux router, just follow one of those..
03:16 < batch> but not on my hardware
03:16 <+pppingme> and watch your interface names as you setup your rules and interfaces
03:16 <+pppingme> linux is linux...  there's nothing special about a pi that would not make this possible
03:17 < batch> yeah i don't understand it either
03:17 < batch> these are cheap adapters though
03:17 < batch> could blame that but got no proof lol
03:18 < tds> what have you set up so far?
03:18 < tds> if you're doing routing + nat, can you upload the output of "ip a" and "iptables-save"?
03:19 < fnDross> is this possible? DUN on a Cell phone >> cell phone call to another phone>>usb>>lede>internet?
03:20 < fnDross> lede or other
03:20 < batch> oh tds i have completely nothing anymore
03:20 < batch> wait i had ifconfig
03:20 < tds> ok, I certainly wouldn't blame the hardware then, as pppingme said there are plenty of guides around for configuring a router to do routing + v4 nat
03:21 <+pppingme> fnDross a data call between two cell phones would require CSD and is SLOW...  whats this for?
03:21 < fnDross> price of payin data in an away zone
03:21 <+pppingme> batch yes, linux is linux for the purpose of this question..  the ONLY drawback of the pi is that it might not keep up at full interface speed..
03:22 < batch> pppingme yeah that's not really big of a deal for this project atm so
03:22 < fnDross> and curiousity
03:22 <+pppingme> fnDross when I say "would require CSD" I should clarify, that takes support from phone *AND* carrier, and is largely non-supported anymore..  in the USA I know of only ONE carrier that still supports it
03:23 <+pppingme> fnDross and I don't think current android or iphone supports CSD
03:23 < fnDross> we could bring back modem chatter sounds!
03:23 <+pppingme> the last phone I had that I know supported it was a nokia flip
03:24 < batch> tds http://ix.io/1a5R
03:25 < spaces> world domination!
03:25 < tds> yeah, bridging together wifi and ethernet interfaces won't work properly (in that direction), you'll want to do routing + nat
03:25 < batch> i might be a little off about static vs manual and weather i need to run a seperate dhcp server and what i need to use in iptables
03:25 < spaces> I'm going to cache all google maps queries
03:25 <+pppingme> if you have to nat, iptables becomes the answer
03:26 < batch> oke pppingme tds thx for suggestions allready
03:28 <+pppingme> if you can do ethernet on both sides, bridging becomes easy
03:33 < batch> pppingme they are both same chipset and same id for the adapters
03:33 < batch> i hope that doesn't conflict the r8152 module in linux
03:34 < batch> but yeah maybe that's a better plan
03:44 < batch> ok i think last question
03:45 < batch> do i give address to br0 or ethx1 ?
03:46 < tds> for routing you don't want to have a br0 interface at all
03:46 < gildarts> Is it possible to setup a router to allow access to an outer router? I have to use my ATT router and want to use my ubiquiti router, but I need to access the config page of the ATT router.
03:47 < batch> tds ok noted
03:54 < Project86__> gildarts: this is sorta what pppingme was talking about. Turning pi into a router. Except you don't need to make it one. You just need to configure it
03:57 < gildarts> Project86__: I just joined so didn't see the conversation. Also, not interested in any other hardware.
03:57 < Project86__> Was no conversation
03:58 < Project86__> Just my reply.
03:58 < Project86__> Had nothing to do with adding hardware either
04:01 < Project86__> And batch what pppingme had said about turning your pi into a router was the exact solution I got that I was trying to find earlier to show you lol. Same person too
04:01 < batch> i could put openwrt on it Project86__
04:02 < batch> if the chip supports it
04:02 < batch> i bet it does
04:02 < batch> might even be an easier solution
04:02 < batch> much easier configuration
04:03 < Project86__> Project86__: but mine would only be using wireless connection, no eth0. So a router is my best option. Also considered nat'ing it. But I've just been gathering responses and piecing stuff together slowly
04:03 < Project86__> I mention myself lol
04:03 < Project86__> That was at you batch
04:03 < batch> i see yes great idea
04:04 < batch> looks like everyone is into it but nobody is able to make it work LOL
04:04 < batch> it's like the arduino hype to make a led blink
04:04 < batch> a million tutorials about a stupid led
04:04 < Project86__> Lol
04:05 < batch> technology got us this braindead yeah
04:05 < batch> i blame social media
04:05 < Project86__> I'm trying this week to see if I can get it to work like I want. I'll update you
04:05 < batch> Project86__ nice to know you are into this stuff aswell, love to keep contact yes
04:06 < batch> thx :)
04:06 < Project86__> Yes
04:16 < moosebumps> im homeless and i have $5
04:16 < moosebumps> what drugs can i buy in Jerusalem
04:23 < moosebumps> I NEED MY SHIT
04:24 < xamithan> Wait for a bowel movement
04:24 < moosebumps> 20 SHEKELS
04:30  * linux_probe pours castor oil into moosebumps 
04:30 < linux_probe> or is that xamithan
04:35 < moosebumps> אני יכול לקנות כמה תרופות
07:40 < scientes> what does it cost for the equitment to send internet over my own coaxial cable
07:40 < scientes> i have coaxial already run
07:40 < scientes> can two docsis cable modems talk to each other?
07:43 < scientes> https://www.amazon.com/Actiontec-Ethernet-Adapter-without-Routers/dp/B008EQ4BQG
07:43 < scientes> ahhhh
08:04 <+pppingme> scientes no, two modems can not talk to each other, what are you trying to do?
08:27 < skyroveRR> Morning.
08:27 < skyroveRR> Almost afternoon.
08:27 < bl00dh0ney> hello
08:27 < skyroveRR> :)
08:27 < skyroveRR> Suppy
08:28 < codebam> I'm using wpa_supplicant directly to connect to WiFi, how can I automatically change my MAC address when connecting to a new access point?
08:28 < codebam> is there a daemon I can use?
08:29 < skyroveRR> You can write a simple sh wrapper that invokes a mac changing program every time you need to connect, codebam :)
08:30 < codebam> skyroveRR: I'm running wpa_supplicant as a daemon, how would you suggest I do that?
08:33 < skyroveRR> Hmm...
08:34 < skyroveRR> codebam: are you talking about hooks that wpa_supplicant could invoke?
08:34 < codebam> I just want it to work seamlessly, I don't actually care how it works. I'm asking for a good solution
08:34 < skyroveRR> (Which I don't think wpa_supplicant supports anyways)
08:35 < skyroveRR> There isn't a good solution, you'll have to write a wrapper, and it depends on how messy the end result is.
08:35 < codebam> hmm okay
08:36 < skyroveRR> codebam: it would have been great if wpa_supplicant supported hooks, but I guess it doesn't.
08:36 < codebam> hmm yeah
08:36 < skyroveRR> If that would have been the case, you wouldn't be asking this question ;)
08:38 < codebam> well yeah, it sucks that wpa_supplicant doesn't have all these features. if frontends like networkmanager didn't have to come along maybe it would
08:38 < codebam> because no distro I know of still uses wpa_supplicant directly
08:39 < skyroveRR> Just write a wrapper, it's messy, but works.
08:41 < codebam> I might just write a script to watch wpa_supplicant logs and change mac addresses when it disconnects from a network
08:42 < wyseguy> hey all
08:43 < skyroveRR> Hi wyseguy
08:48 < wyseguy> I have a ubiquiti edgelite 3 router as my main router, i want to hook up a unifi security gateway for DPI
08:48 < wyseguy> hi skyroveRR
08:48 < wyseguy> im thinking of setting a dmz on the main router to route to the security gateway, but thinking i may run into a double nat issue
08:48 < wyseguy> which i dont want
08:49 < wyseguy> maybe ill just replace the main modem with the USG
08:51 < Project86__> Someone had asked way earlier, if there's ever been a phone rom built on security. My reply for Ubuntu was wrong. However, there is the Pwnie Express Pwn Phone that cost $1096, before they decided to make it free open-source project. However. It has been seen no activity on github or wherever for like 2 years.... wonder if it'll still work.
08:52 < skyroveRR> Project86__: I wouldn't use stuff from an inactive (probably dead) project...
08:52 < Project86__> That's the phone Mr. Robot used in season 3
08:52 < Project86__> Ya, was thinking the same sky
08:53 < Project86__> Wonder why no pull request as were done to update and keep active? Was an awesome idea
08:56 < quackslikeaduck> why not just get a custom box with proper cpu/ram and network ports and load em up with IDS/DPI-software as seen fit , instead of depending on these third-party hardware-providersr threat-/sig- feeds for such.. aren't those, esp. these non-enterprise grade devices, likely prone to neglect somewhat and likely better with some custom setup or possibly mix of security-based OS thru virtualization on
08:56 < quackslikeaduck> .single box setup by oneself instead .. ?
08:58 < quackslikeaduck> ...home routers ...$100-$300 .. shitty stats/specs..often proprietary software .. even worse track record for remote root exploits, not to mention the related common-ness being a gr8 weakness by itself
08:59 < quackslikeaduck> ...mmh.. yeah, best setup a vm and set nic to use that as gateway.. try just two low resource  opnsense  and  securityonion  vms for them basics and possibly monitoring/honeypots?
08:59 < skyroveRR> quackslikeaduck: :)
08:59 < quackslikeaduck> ..tleast what i'd..!  ..never mind me tho; im a n00b tbh.. =|
09:07 < Project86__> Lol. I wanna be that n00b
09:09 < Project86__> But I agree, a personalized one would 've the way to go. If only I knew enough for all that
09:13 < quackslikeaduck> try  #opnsense , u could download virtualbox or something to play around with it on at least!
09:31 < Apachez> bwahahahhaa :D  https://www.youtube.com/watch?v=-X3DDJXzcxk&t=40m00s
10:08 < ljc> can anyone recommend a good adsl2+ router?
10:10 < quackslikeaduck> try opnsense; they even got a chan here; #opnsense  ?
10:11 < quackslikeaduck> otherwise,. on a simpler level, i thnk theres some android apps with most features ud need covered too  , pppoe wifi n all aye ^^  they go wrm real quick tho so watch for house fires;)
10:16 < joro_> Hi guys, is it secure to use ruby-mail in conky ?
10:16 < skyroveRR> ljc: none of them are. And none of them are open source :(
10:17 < skyroveRR> joro_: conky is used for local purposes, so why not?
10:17 < quackslikeaduck> as long as its cabled, heavily isolated cables .. u'll be safe, pal.  no stress.
10:18 < skyroveRR> haha
10:18 < quackslikeaduck> ..given u've got oversight and control over them cables from start to end that is ofc.
10:18 < joro_> skyroveRR, because... i put my username in a config file as well as my password
10:18 < skyroveRR> joro_: well, is the computer operated only by you?
10:18 < skyroveRR> :D
10:18 < joro_> yes
10:18 < skyroveRR> Then you'll be fine.
10:19 < skyroveRR> Just don't share them with us ;)
10:20 < joro_> :D i meant secured point of view
10:20 < skyroveRR> Fine as long as you are the only user of that computer.
10:20 < joro_> keeping a password in ~ is that a good idea ?
10:20 < quackslikeaduck> mail no good, no safe...   too many relays amidst the chain may not be secure.. & as always,never trust automated "end to end encryption"-solutions by itself, doubly or triple up with crypto .. just in case!  -- just enable urself easy of use as such or it ain't gna be used....any less-commonly used bit to add in the mix of security b  good bro
10:20 < skyroveRR> Should be ok.
10:22 < quackslikeaduck> no good, no swap ... and ascertain solder all input ports ("cold boot attacks"; DMA .. all kindsa shady side channel openings gon get ya...).   pop in a lil device; or some remote axx for a short bit to get lil mem dump n ya 0wnd
10:23 < quackslikeaduck> github.com/scipag  .. unsure if that's the page/guy, but may wna look into the mail header fingerprinting basics and try evade n counter at least some eh. hmm
10:24 < skyroveRR> quackslikeaduck: whoa!
10:24 < quackslikeaduck> and always, anything not cabled .. bluetooth,nfc,wireless, fm radio... . . 'ts all bad news, consider nearby LANs compromised. just my 2cs
10:24 < quackslikeaduck> and as always* , just good precautionary measures I thought, considering all dem vulns these days.......
10:25 < skyroveRR> True that.
10:25 < scientes> are there any cheap 5gz wireless adapters with in-tree linux drivers
10:26 < skyroveRR> Not easy to find..
10:26 < Capprentice> HI, how to burn a ONU to a OLT so the ONU can never be used with another GEPON OLT?
10:26 < skyroveRR> scientes:
10:26 < skyroveRR> quackslikeaduck: is that your repo btw?
10:26 < quackslikeaduck> no
10:26 < skyroveRR> Capprentice: when the hell did you get into fiber stuff?
10:26 < scientes> instead of this out-of-tree rtl stuff
10:26 < skyroveRR> Capprentice: and hi.
10:27 < Capprentice> skyroveRR: hehe! hello
10:27 < Capprentice> Do you know the answer?
10:27 < quackslikeaduck> the vulscan (for nmap) there at least is nice,if don't know of that already!
10:27 < skyroveRR> Capprentice: you mean you want to do a vendor lockdown of the ONU?
10:27 < Capprentice> yes
10:28 < skyroveRR> Hmm.. don't think that's possible yet.
10:28 < Capprentice> Oho!
10:28 < skyroveRR> It's a bitch to modify their firmware already. Forget about locking them down.
10:31 < quackslikeaduck> sry unsure if related (or watcha upto at all really..), but in regards to general wifi firmware stuffz... this guy, among a couple others, seems to have a good and well-updated collection of fancy stuff may fancy a look if havn't chekked'em alrdy~> https://github.com/0x90?tab=repositories
10:31 < skyroveRR> Nice repo.
10:39 < joro_> ow heaven https://github.com/0x90/esp-arsenal
10:44 < mast> Anyone have experience working with IBM's x3550 or x3650 line? Pre M4
10:45 < trae32566[w]> maybe. what's up?
10:45 < trae32566[w]> actually no, just the newer stuff :/
10:45 < mast> Ah
10:46 < mast> Just wondering if there's some kind of fan overide. A unit I just received has a defective fan, and I believe the unit is shutting down when it detects this
10:46 < mast> Which is super fun because its one of the fans for the second CPU that I'm currently not using
10:47 < trae32566[w]> I would expect if there is, it would be in the IMM
10:47 < trae32566[w]> I have no clue what that IMM looks like, but I would think you can tell it to ignore certain sensors
10:47 < mast> And not the bios?
10:47 < trae32566[w]> it could be, but often those things are either in both, or IMM / IPMI
10:48 < trae32566[w]> assuming it's possible
10:49 < mast> I'll have to dick. I would love a fan bypass here. Can't really get a replacement quickly
11:17 < rhineheart_m> Hello...I need help in FOC deployment
11:18 < skyroveRR> What the hell is FOC deployment, rhineheart_m ?
11:18 < quackslikeaduck> Greetings, stranger. Please, do elaborate  . . .
11:18 < rhineheart_m> If there are like 6 buildings...do I need to cut the fig 8 per location?
11:18 < rhineheart_m> Hahaha. Sorry.
11:18 < quackslikeaduck> Apology accepted.
11:19 < rhineheart_m> Thank you.
11:20 < Apachez> https://www.youtube.com/watch?v=FHRtZ-butGk
11:22 < codebam> how can I host a local dns server? (literally only used by my laptop)
11:22 < skyroveRR> codebam: what OS?
11:22 < codebam> skyroveRR: void linux, can I just follow the arch guide on BIND?
11:23 < quackslikeaduck> maybe something like https://github.com/Angristan/Local-DNS-resolver   for a 1-click install kinda thingie?
11:23 < skyroveRR> no, BIND is too heavyweight for that shit, try dnsmasq.
11:23 < quackslikeaduck> ..& dnscrypt-proxy ^^  .. n ya good2go
11:23 < rhineheart_m> Anyone who is interested to answer my inquiry earlier on? :)
11:23 < codebam> skyroveRR: ah okay, I've used dnsmasq before. thansk
11:23 < codebam> s/thansk/thanks
11:30 <+pppingme> rhineheart_m its not a straight forward answer
11:30 <+pppingme> lots of variables
11:31 < joro_> hi guys, i found script which return the interface...(wlp1s0), if i write 'ip addr' the interface is wlp2s0(different from the one the script returns)
11:35 < detha> That is what happens when one switches this silly udev 'consistent interface names' on I guess </sarcasm>
11:36 < joro_> what do you mean ?
11:41 < detha> that things were more consistent when it was wlan0, or eth0, than with the 'consistent' unpronouncable names
11:45 <+pppingme> nah, you slap in a new nic and your naming could shift around
11:48 < mast> I dislike that I cannot use this server right now because of an $8 fan
11:48 < detha> pppingme: yes. but one generally knows when one installs a new NIC. One does not always know when some random dev somewhere pushes an update that changes the contorted naming scheme
11:48 < skyroveRR> detha: Somebody should have stopped this stupidity, but thought that it looked cool.
11:49 <+pppingme> thats the idea, that it *shouldn't* change.. its based on physical location of the nic
11:52 < detha> pppingme: yeah. which only helps for some of the use cases. And is totally unhelpful when dealing with VM configurations generated by some tool
12:01 < Apachez> d
12:03 < skyroveRR> d
12:03 < test1337> d
12:05 < justanotheruser> For devices connected to a router, is there some heartbeat mechanism? Or how does my routers software determine the current state of its client list?
12:06 <+pppingme> justanotheruser it generally doesn't care
12:06 < justanotheruser> what do you mean?
12:07 <+pppingme> routers generally don't keep track of clients long term.. if its running dhcp server, it will maintain that list, but its not a valid showing of client state (client could turn off and dhcp server not know)
12:09 < justanotheruser> mhm. So how should I determine the ip address of a device I just connected?
12:10 <+pppingme> you could look at the dhcp list and look for the newest entry, or just check the device itself
12:10 <+pppingme> do you know the devices mac address?
12:10 < justanotheruser> no, I need to ssh into it
12:13 <+pppingme> you could always run nmap on your subnet and see what devices have tcp/22 open
12:20 < justanotheruser> I will try that when my update is done :)
13:36 < revoltingPeasant> grawity: Hello sir, I'm still trying to get host only netwrork
13:37 < revoltingPeasant> to play ball
13:38 < revoltingPeasant> I have set the static route on my router and I've set the vm's network to host-only. I still can't ping the vm and the vm has no internet connection
13:39 < djph> what do you think "host-only" means?
13:41 < revoltingPeasant> djph: I was following grawity's invaluable advice
13:44 < djph> revoltingPeasant: OK ... but again, what do you think "host-only" means, in the context of the VM, hmm?
13:45 < revoltingPeasant> from the virtualbox website "It can be thought of as a hybrid between the bridged and internal networking modes"
13:45 < revoltingPeasant> djph: ^^
13:46 < djph> something's screwey there then, as "host-only" has only ever been "keep the network on this VM host only".  If you wanna get out, you use either bridged, or NAT'd
13:48 < djph> https://www.virtualbox.org/manual/ch06.html <-- see table 6.1 (although this is for virtualbox)
13:48 < revoltingPeasant> djph: unfortunately, I'm trying to develop for a server software that runs in the vm. this server software has been configured by a 3rd party with a static IP, this was fine in the work env but I want to continue at home.
13:48 < djph> revoltingPeasant: that's fine, you just have the wrong network type for the VM
13:49 < revoltingPeasant> the networks are different so a bridged adaptor will not work
13:49 < djph> so then use NAT
13:50 < revoltingPeasant> ok, I'll have to do some research so. networking isn't my strong suit
13:50 < djph> no worries ... you are using virtualbox right?  Or is it some other VM solution?
13:51 < revoltingPeasant> yes virtualbox
13:52 < djph> it sounds like you really want to use "NAT" (or "NAT Network") then, based on wanting the VM to get to the internet (and the table on the page I linked)
13:53 < revoltingPeasant> ok I'll have a look at that, thanks, I'll be back
14:18 < zamanf> I am testing a udp application with 2 remote pcs and I need to verify the mac address of them. Only problem is my router
14:19 < zamanf> I see only my router's mac address. Is there any way to bypass it?
14:19 < zamanf> some settings maybe I need to check in my router?
14:20 < detha> No. That is how it is supposed to work, mac addresses only have significance on the same network segment.
14:21 < djph> ^
14:21 < kiokoman> idk but i think there is no way
14:21 < kiokoman> it's only used for communication in your local network
14:21 < kiokoman>  the router only transmits the IP packet to "the Internet". When connecting to the internet your router will not use your computers, but its own MAC address to forward the packet.
14:21 < djph> you're only ever going to see MAC addresses on your local network segment.  Soon as you need to go through a router, "all hosts(tm)" will have your router's MAC address.
14:22 < zamanf> if I set my router to work as a modem?
14:22 < djph> s/all hosts/all ethernet frame destinations/
14:22 < kiokoman> happens on all routing points, so your ISP will take your packet, get the IP packet out and put it into another MAC packet and so on
14:22 < tds> if the remote host is v6 with slaac (and non privacy), you can work out the mac address from the v6 address, otherwise there's no way to know it
14:23 < djph> not that knowing the MAC address is really useful off the local segment anyway
14:23 < zamanf> I see
14:24 < zamanf> the problem is that, the remote hosts have dynamic ip addresses
14:24 < zamanf> is there any way I can verify that they are the same pcs?
14:25 < kiokoman> using something like dyndns ?
14:25 < zamanf> I have thought of that, but I prefer something hard-wised
14:26 < detha> Give each device/user an individual certificate, solve it in your L7 protocol
14:26 < zamanf> hardware*
14:29 < djph> if it's across network boundaries, no there is no way to do that - unless you have the hosts respond with their MAC addresses (or provide them) as part of the comms
15:05 < chen08> hello can you help to reset my linksys E1200 router?
15:05 < light> have you tried the reset button?
15:06 < djph> light: that's so crazy it might just work!
15:07 < kiokoman> lol
15:11 < kurahaupo> zamanf: remotely log into some device on the same LAN, ping the device you want to check, and check the arp table.
15:12 < kurahaupo> zamanf: but why? MAC addresses aren't routable?
15:13 < kurahaupo> (unless you have really old auto conf for IPv6, in which case yes the MAC address is the bottom 64 bits
15:31 < pauliunas> hey people :) is there a network protocol that can negotiate connections between 2 changing IP addresses? what i mean is that the IP of either machine can change at any time, and the connection should be re-established as soon as possible, and ideally i could use this protocol from my application as a regular socket
15:33 < djph> no
15:33 < detha> pauliunas: what is being used as the 'central point'? DNS? some server?
15:33 < djph> I mean, you could probably have a keepalive, that if it falls uses DNS...
15:34 < b0bby__> Does anyone have the full stratum mining protocol documentation?
15:34 < pauliunas> ideally one of the two machines would be the server and the other the client... or it could be peer to peer, but there's no need for that.. if that's not possible, i might think of having a central server with static IP that transfers the packets
15:35 < detha> on a broadcast-enabled network, there's plenty discovery protocols. Outside that, there is always some central fixed point, be that DNS, some vpn server, STUN server, or whatever
15:35 < pauliunas> and those two machines are basically computers with 4G sticks moving around
15:38 < detha> no such thing without some central point or out-of-band comms then
15:39 < pauliunas> hmm ok thanks
15:41 < pauliunas> i thought that the machines could detect when their IP changed and re-negotiate the connection with the other one, but if i need to write that myself, i'd rather rely on an external server
15:42 < detha> They can probably detect that. And what happens when they both change IP at the same time?
15:42 < pauliunas> that would be a very rare case... in that case i could have a failover server
15:42 < pauliunas> the thing is, i don't want to increase the latency too much. if i can avoid external server, i want to avoid it
15:53 < april_> how to reset linksys E1200 with openwrt firmware?
15:54 < Apachez> use a hammer
15:54 < Apachez> semtex/c4 will work too
15:57 < precise> Damn matrix, settle the fuck down
15:58 < april_> how to reset linksys E1200 with openwrt firmware?
16:00 < Apachez> april_: use a hammer
16:00 < Apachez> april_: semtex/c4 will work too
16:00 < april_> Apachez?
16:01 < apache2notworkin> hello im using linux and i have set up apache2 exactly as the manuals say. i have set up a crossover ethernet cable between the server and the client , like so, server 192.168.2.2, mask 24 and client 192,168.2.1 mask 24. no gateways or routes are set. is my network correct?
16:02 < apache2notworkin> i can ping both machines and all firewalls are off
16:02 < skyroveRR> apache2notworkin: yup, setup looks fine.
16:03 < apache2notworkin> so what am i doing  wrong here?
16:03 < at0m> apache2notworkin: and can you visit http://$serverIP ? can you visit it from the server, ie. http://127.0.0.1 ? is apache even running?
16:04 < apache2notworkin> yes from the server i can view the html
16:04 < apache2notworkin> but not from other pc
16:06 < at0m> so you can ping $serverIP but not browser to http://$serverIP ?
16:08 < at0m> apache2notworkin: on the server, check what interface:port apache is listening to: "netstat -tlp | grep apache" (0.0.0.0 is for all interfaces)
16:09 < batterylow> hi! I'm getting my domain twice in an RSS feed, if the domain is xyz.net, it appears to be xyz.net/xyz.net/ any ideas what should I do?
16:11 < skyroveRR> Recharge your battery.
16:12 < batterylow> That's my problem. You should be minding your own work if you don't know anything.
16:13 < skyroveRR> I am minding my work by annoying you, partner.
16:14 < compdoc> nobody wants to be my partner  :(
16:14 < qman__> you should seek the documentation or support for whatever software you're using to produce said RSS feed, or if you're doing it yourself, read the RSS standards
16:21 < dogbert2> anyone got a recommendation for a keyboard/mouse combo wireless...I have an HP, but the mouse is a bit flukey
16:24 < dogbert2> brb...system restart
16:32 < ben8472> dogbert2 : uh K710 i have at work, so far so good, but its not with a mouse, i would take a wired keyboard and mouse unless i have a real need for it (laptop usecase)
16:33 < dogbert2> yeah...the mouse is probably bad, IMO...
16:35 < qman__> yeah, I don't get wireless unless I have a specific need for it
16:35 < dogbert2> looks like it loses connectivity a lot, for some reason...
16:36 < ben8472> since i got a G910 i kind of hate any other keyboard
16:36 < ben8472> i type alot and usually buy 1 new keyboard /year
16:37 < qman__> I do have one of these, and quite like it - the exact one I have isn't listed anymore but it's basically the same thing https://www.amazon.com/Beastron-Wireless-Keyboard-Touchpad-Rechargeable/dp/B06ZY8V83H/
16:38 < qman__> better than my folding keyboard and those silicone rubber ones
16:39 < dogbert2> I can pickup up a logitech MK270 wireless keyboard and mouse combo for $20
16:40 < qman__> far as actual workstation keyboards, I have a couple unicomp model Ms and a das keyboard II
16:42 < tds> I'm using a model m here, I quite like it :)
16:42 < tds> the ssks are rather appealing as well, but far too expensive
16:43 < dogbert2> interesting :)
16:48 < ben8472> i need a new mouse, i saw a few new logitech models got out, but i dont want to dish out 80-100 bucks again and be disappointed
17:10 < Guest5744> hi guys
17:14 < dogbert2> meh...this mouse is gonna get destroyed :P
17:52 < inq> somebody fucking talk
17:52 < inq> I need help
17:52 < inq> before I ask my question
17:52 < Emperorpenguin> inq
17:52 < Emperorpenguin> wasssaaaaaaap
17:52 < inq> I cant seem to get into my router settings
17:53 < inq> my browser just says page not found when entering my routers default ip
17:54 < inq> the end goal is to bridge this router wirelessly to the main AP router
17:54 < Emperorpenguin> inq: what address does it have?
17:54 < inq> 192.168.1.1
17:55 < inq> I have also tried .1.2, 0.1 etc
17:55 < inq> it worked the other day
17:55 < Emperorpenguin> inq: what IP does your router have
17:56 < Emperorpenguin> are they in the same subnet?
17:56 < inq> 192.168.1.1
17:57 < inq> accordingnto the sticker
17:58 < Emperorpenguin> ok so inq basically you have your router and an AP right?
17:58 < Emperorpenguin> and you want to connect the AP wirelessly to the other device?
17:59 < inq> yeah
17:59 < inq> the AP is also a router
17:59 < Emperorpenguin> you say it worked in the past?
17:59 < inq> once yeah, to get to the router settings
17:59 < Emperorpenguin> ok so do this
17:59 < Emperorpenguin> connect to your router and post your DHCP lease
18:00 < Emperorpenguin> connect to the AP by itself
18:00 < inq> ok
18:00 < Emperorpenguin> disable DHCP, enable bridge mode, set its static IP exactly as the DHCP lease you get from the router except for the IP address
18:00 < inq>  Lease Obtained. . . . . . . . . . : Saturday, May 12, 2018 3:55:45 AM    Lease Expires . . . . . . . . . . : Tuesday, May 22, 2018 4:22:48 PM
18:01 < Emperorpenguin> i need ip address, netmask and default gateway
18:02 < inq> IPv4 Address: 192.168.0.66(Preferred) Subnet Mask: 255.255.255.0 Default Gateway: 192.168.0.1
18:02 < Emperorpenguin> ok
18:02 < skyroveRR> Hey Emperorpenguin :)
18:02 < Emperorpenguin> so put the same gateway and netmask on your AP
18:02 < Emperorpenguin> hi skyroveRR
18:03 < inq> that is the AP
18:03 < Emperorpenguin> and give it a similar ip address, same 3 first numbers, change the 4th
18:03 < inq> I did ipconfig
18:06 < inq> it says the ethernet is 'media disconnected'
18:06 < inq> but the routers plugged into it adn turned on
18:24 < djph> you configuring the right ethernet port?
18:25 < dogbert2> hey djph
18:25 < djph> o/
18:26 < detha> djph: "it depends". it may be the left one, depending on board layout. <hides/>
18:27 < djph> detha: that's what I was afraid of.
18:27 <+xand> so long as it's not in the middle.
18:42 < revoltingPeasant> So I have a vm attached to my home router using a bridged network and a static ip of 192.168.1.33/32 and my host machine has 192.168.1.100/32 the vm has internet. I cannot however reach a running service on the vm from the host and cannot make contact in either direction using ping/tracert. could my home router be blocking the traffic?
18:44 < hazzardousmonk> Hello - I have a question.(Noob alert). This is about firewalls and routers. Why are computers behind a firewall able to browse the web? Does that mean that port 80 is open on the firewall?
18:45 < revoltingPeasant> I should add that the vm's firewall is completely disabled
18:46 < revoltingPeasant> hazzardousmonk: As far as I know, the browser can make connections out but nothing can instigate an unsolicited connection from outside the lan
18:47 < revoltingPeasant> hazzardousmonk: the firewall is like a 1 way door unless configured otherwise
18:47 < hazzardousmonk> @revoltingPeasant - but there must be some way for the packets from the remote server to come back to the computer initiating the request. How does that work?
18:48 < revoltingPeasant> hazzardousmonk: the router will allow the traffic to flow back if the connection was intitiated from inside the lan
18:48 < revoltingPeasant> but not vice versa
18:48 < hazzardousmonk> Alright - thanks a ton!
18:48 < revoltingPeasant> np
18:49 < revoltingPeasant> I'm no expert btw
18:49 < djph> revoltingPeasant: they're on two different networks.  use /24 instead ...
18:50 < djph> hazzardousmonk: no, http (and many other protocols) are stateful, and the firewall lets things through based on various rules
18:50 < revoltingPeasant> djph:  aha! of course thanks
18:50 < hazzardousmonk> Do you have any idea what mechanism verifies that the incoming packets are indeed a flowback of a connection initiated from within the LAN?
18:50 < tds> on a linux router, conntrack
18:50 < djph> they have a flag set ("established" or "related")
18:51 < Project86__> djph: I didn't even know any Ethernet slots were different besides the main "IN" one.. (unless that's what u mean)
18:51 < djph> as well as some identifying information about what solicited that request.
18:51 < djph> Project86__: huh?
18:52 < Project86__> djph: read back where there was a discussion of configuring the right Ethernet, not the left. And whatnot
18:53 < hazzardousmonk> great - thanks ...just read up about stateless and stateful. Thanks for pointing me in the right direction
18:53 < djph> Project86__: yeah, I was asking if the guy was configuring the right (as in *correct*) interface.  detha made a joke that it was the left (positional) one.
18:54 < tds> djph: random thought - is conntrack only able to track tcp/udp/icmp, or can it do other protocols as well (with plain routing, not nat), eg would sending 6in6/4in6 packets outbound from a network mark incoming 6in6/4in6 packets from the same ip as related/established?
18:59 < detha> tds: nothing stopping it from doing that - it can track on the (ip, protocol) tuple. Now if you want it to look /inside/ the 4in6 packet, that's another story
18:59 < djph> ^
18:59 < detha> same applies to, e.g. GRE
19:01 < tds> ah yeah, I was only thinking of tracking the 4in6 traffic, rather than the encapsulated packets
20:08 < ScriptGeek> I have an alfa awus036nh wifi adapter and I want to connect to a specific access point, which is one of many sharing the same SSID. Is there any way I can do this?
20:09 < localhorse> hey, does anyone have an idea why websockets aren't working over my TP-Link MR3020 with OpenWrt? https://superuser.com/questions/1319690/websocket-connection-timeout-problems-over-wifi-routers
21:03 < Apachez> eurovision: ON
21:11 < spaces> Apachez ok, I join you, let's be gay together :P
21:13 < edumass> Hello, I have this situation: BroadbandConnection1 router with ip 10.0.0.1 dhcp disable (BC1), BroadbandConnection2 router with ip 10.0.0.5 dhcp enable (BC2), another router (R1) with wifi and ip 10.0.0.3 with eth1 connected to eth1 of BC1, another router (R2) with wifi and ip 10.0.0.7 with eth1 connected to eth1 of BC2, and eth4 of BC1 connected to eth4 of BC2. When I connect to BC1 or BC2 or R1 or R2 i get the dhcp values of BC2, if I connect
21:13 < edumass> to R1 is there a way to have BC1 as gateway to internet instead BC2 ?
21:17 < ScriptGeek> I found NetSetMan, it allows me to connect to a specific access point that shares the same SSID as many other access points. No thanks to Microsoft, this solution works great.
21:18 < ScriptGeek> My otherwise worthless wifi connection has turned into something quite nice
21:52 < djph> if the wifi has a bunch of APs, and you're connecting to one with shitty signal, the APs are set far, far too high.
21:53 < djph> edumass: mind drawing a picture?  try draw.io
21:56 < mehwork> if people use 1.1.1.1 to avoid dns providers selling their data, does that mean if i typed in an IP address manually that they can't sell it? Because my ISP is my dns provider, so i don't see how it matters?
21:57 < djph> depends if the target IP will serve up a webpage if you hit the IP directly or not
21:57 < spare> you need dns hostnames for tls commonname signing and you can have more than one domain on the same ip
21:57 < mehwork> good point
21:58 < spare> if they only get ip data they cant really correlate what you actually requested or prove what the address returned but the domain leaks in http/s regardless supposedly
22:01 < mehwork> So using the example of a porn site, if you wanted to block that you went there from an ISP, you have to use a vpn or a proxy, rather than just using 1.1.1.1?
22:01 < mehwork> or would it only be hidden using 1.1.1.1 if you used the encrypted dns setup version?
22:06 < Peng_> spare: HTTP requests and TLS handshakes include the hostname, yes
22:07 < spare> you cant hide http domain requests from your isp regardless then
22:08 < mehwork> so a vpn is the only sure fire way?
22:08 < djph> VPN just moves who knows your fetishes
22:09 < spare> yeh or just tunneling eveything in general would hide it from your isp then give that data to the vpn and the isp they use then every ad agency with javascript running on the site the site itself etc ;P pretty much everything running a share on social media javascript plugin gives data to facebook and twatter etc
22:09 < mehwork> i thought the point of encrypted dns over http can hide the domain name from the isp
22:09 < mehwork> but i'm still reading up on it
22:09 < tds> mehwork: it also helps if the isp intercepts dns requests and responds with their own records
22:10 < tds> eg if they're returning their own IPs of a web server that displays ads when they should return nxdomain
22:10 < spare> you can attempt to stop outright logging and data hording by individuals but it doesnt stop the individuals from scraping that information from all the sites just changes data collection as a model
22:12 < mehwork> i guess i'm wondering if i should ever feel "safer" if i'm using 1.1.1.1 over my ISP's or some random provider. Or privacy is dead and it's more just for performance boost
22:12 < spare> you can still make a vps that returns different content based on the observer filtering specific domains or cookies to return completly different websites so its not really viable as ad data
22:45 < edumass> djph: http://movius.com.ar/lan.png
23:54 < sqed> Is this a good channel for asking how to configure sendmail correctly?
23:54 < TandyUK> edumass: any particular reason you have 4 routers, and not 1 router, some switches and access points?
23:58 < Capprentice> Hi! This is a topology im doing in GNS3 - SW1 -TRUNK - SW2, port1 trunk allowed vlan 1000, interface vlan having ip 1.1.1.1-2 respectively wth a mask of /24. Ping is not working bothways
23:59 < Capprentice> What is wrong?
23:59 < Capprentice> https://justpaste.it/5ad2s\
--- Log closed Sun May 13 00:00:10 2018