--- Log opened Sun May 13 00:00:10 2018 --- Day changed Sun May 13 2018 00:00 < Capprentice> Both the l3 switch have same config 00:16 < voices> does tcpdump record all tcp packets that pass through the attached network interface? 00:16 < TandyUK> if you tell it to, yes 00:16 < voices> so, not by default 00:16 < TandyUK> no clue, rtfm for the defaults 00:17 < TandyUK> its not very useful to record _everything_ 00:17 < TandyUK> usually its very helpful to filter for what you actually want 00:18 < TandyUK> tcpdump -i i think is everythign o nthat nic 00:21 < voices> TandyUK: Well, i'd prefer to record everything, and then parse it through a filter after the fact 00:23 < voices> that way , you're covered. 00:26 < dogbert2> mouse looks like it just needed fresh batteries, but I also just picked up a wireless mouse for my laptop bag :P 00:27 < voices> i know as soon as i narrow the scope, i'm going to notice something interesting, try to analyze it, and realize i didn't capture something crucial 00:27 < djph> edumass: o_O WTF 00:28 < djph> edumass: get two modems and one (1) router that can loadbalance 00:30 < djph> Capprentice: wouldn't they need to be PVID 1000, not trunk ports? 00:33 < voices> TandyUK: don't you agree 00:34 * dogbert2 throws pizza at djph 00:37 < voices> anyone else care to weigh in? 00:38 < djph> yay, free pizza! 00:39 < dogbert2> LOL 00:43 < Chinesium> Hi guys, I'm trying to set p.x13.me to use ns1.byet.org. as the nameserver, but I'm not having much luck, have I misconfigured my NS record? 00:53 < tds> Chinesium: there don't appear to be any NS records on p.x13.me, and x13.me's NS records point towards cloudflare name servers 00:53 < tds> that nameserver is also refusing to answer queries for p.x13.me 00:53 < Chinesium> tds: Odd 00:53 < Chinesium> Oh wait 00:53 < Chinesium> Nevermind, I put the NS records on the wrong site 00:54 < tds> heh, yeah, you'll want to add them to cloudflare 00:54 < tds> (and in the copy of the zone on ns1.byet.org as well) 00:55 < Chinesium> tds: I'd put them on digitalocean (previous DNS provider) :') 00:56 < tds> Chinesium: I can see the NS record now :) 00:56 < Chinesium> I'll try that one again 02:01 < spaces> Who is going to eat Hala KFC for dinner tomorrow ? 02:02 < spaces> dogbert2 we only throw Halal Chickenwings for a week! 02:06 < dogbert2> LOL 02:06 < tpr> hmm, a weird question, but any ideas what happened to socks versions 1-3? :-) 02:07 < spaces> dogbert2 and after that we start frying her legs... and that will take some time ;) 02:07 < light> they got holes in them 02:07 < Apachez> spaces: what about vegan chickennuggets? 02:08 < spaces> Apachez did she looked vegan to you ? 02:08 < Apachez> any chics looks vegan these days 02:08 < Apachez> full of fat and not much other content 02:08 < spaces> hehe 02:08 < spaces> that is ouch 02:09 < tpr> mm, apparently it was described by someone first, and someone extended it and called the extension version 4 :P 02:09 < Apachez> tpr: dont try to get on topic here young man 02:09 < Apachez> or else! 02:10 < spaces> or else Apachez is going to sing a toy song for you 02:14 < spaces> and Apachez is a terrible singer so tpr please save us 02:14 < Apachez> https://thehackernews.com/2018/05/signal-messenger-vulnerability.html 02:15 < spaces> Apache so uses that crap 02:15 < spaces> who 02:15 < spaces> so/who 02:22 < tpr> pfff 03:45 < CMLSC> Hey, I'm having some problems port forwarding. I previously wrote down a lot of the information here: https://www.reddit.com/r/HomeNetworking/comments/8izw4o/port_forwarding_not_working/ 03:53 < spaces> CMLSC are you in a hurry ? 03:53 < CMLSC> spaces not really 03:56 < spaces> so, keep on track @ reddit then ;) 03:57 < CMLSC> spaces but last time I tried, people stopped responding. :/ 03:57 < spaces> CMLSC yeah, remove the external port 03:57 < spaces> set it on blanc 03:57 < CMLSC> soaces wdym remove it? 03:57 < CMLSC> * spaces 03:57 < spaces> or is that source ? 03:58 < CMLSC> spaces https://i.imgur.com/Vxs4jSR.png 03:58 < spaces> you are giving not enough information on Reddit, it's vague 03:58 < CMLSC> spaces what else is needed? 03:59 < spaces> should be OK 03:59 < spaces> firewall rules 03:59 < spaces> anyways, gotta go 03:59 < CMLSC> k 04:01 < `whoami`> CMLSC: are you able to connect to 192.168.1.99:55444 ? 04:02 < `whoami`> from inside your lan, I mean 04:04 < `whoami`> oh they left 05:29 < stan7> my isp is blockin to open my port 80 , i wanna run a http server at home, i already call them and they told me i need to pay around 35 usd monthly for special ip, what do you recommend? 05:30 < Peng_> It would be cheaper to get a VPS at some company. 05:31 < Peng_> Perhaps a VPN of some sort, if the terms of service don't actually ban servers 05:31 < Peng_> Or get a business class Internet connection, it'll probably have way better customer service. 05:38 < stan7> thanks 05:38 < stan7> i would like to learn more about servers because i wanna admin mine, apache is good? 05:38 < stan7> i think to run apache on linux 06:21 < VincentHoshino> hmm anyone know how to tell a Brocade L3 switch to grab an ip via DHCP on a routing interface? 08:56 < shtrb|laptop> I was just forced to belive that broadcast cross vlans in WiFi, was I that intellectually chalenged to believe vlans should isloate broadcasts or the support was able to sweet talk me from a bug ? 08:57 < shtrb|laptop> s/forced/sweet talk/g 09:26 < rasf> well, hello 09:27 < rasf> zazzles 10:13 < Jmabsd> question, https://www.cisco.com/c/dam/en/us/products/collateral/servers-unified-computing/ucs-c-series-rack-servers/intel-xl710-product-brief.pdf , what's the functional difference between "INTEL® ETHERNET QSFP+ TWINAXIAL CABLES" (XLDACBL1) and "INTEL® ETHERNET QSFP+ BREAKOUT CABLES2" (X4DACBL1)? 10:13 < Jmabsd> (posted at #hardware though think this is the right place.) 11:21 < jim> hi, trying to find out how to write a command that finds out which interface has the default route 11:22 < jim> I already have one that parses route from the net-tools package, but I want one that parses something newer 11:22 < jim> like ip route? 11:23 <+pppingme> um, "ip route | grep default" ?? 11:23 < grawity> `ip -json route show exact 0.0.0.0/0` if you really want the default route (keep in mind that some VPNs might add 0.0.0.0/1+128.0.0.0/1 or such) 11:23 < jim> let's see what that does 11:24 < grawity> minus the -json if you run AncientOS or something, but if you do have it, it's good 11:24 < grawity> oh sigh, it's not there for `ip route` in latest release either :( 11:24 < jim> yeah, I get the whole line 11:24 < grawity> anyway, `ip route show exact 0.0.0.0/0` for that specific route 11:25 < grawity> or `ip route show match 8.8.8.8` for all matching routes 11:25 < grawity> or `ip route get 8.8.8.8` for the route that the kernel would choose 11:30 < jim> grawity, what's the conceptual difference between ip route | grep default and ip route show exact 0.0.0.0/0? 11:31 < jim> (the output on my machine is the same) 11:31 < grawity> the former relies on 1) ip route deciding to call it 'default', and 2) the word "default" not appearing anywhere else (like interface name or some other route parameter) 11:31 < grawity> and the latter very specifically asks it to print the default route (i.e. the 0.0.0.0/0 route) 11:32 < jim> oh, that -is- the default route... which seems like it's gonna be more resillient 11:32 < jim> ) 11:33 < jim> you mentioned json before... does ip of a certain version have json output? 11:33 < grawity> yes, it's getting slowly added 11:33 < grawity> in stable, at least `ip -json addr` should work 11:33 < grawity> I think in git even `ip -json route` works 11:34 < grawity> anyway, of course you could still have multiple default routes with different metrics, or have two /1-routes courtesy of OpenVPN, or even policy-based routing, so something like `ip route get ` might be the most resilient... it depends on what you're planning to do with the default route 11:34 < herpderp> Hi. What is a realistic maximum number of connections per ip to a (host + port)? 11:35 < grawity> 65535 before you run out of local ports 11:35 <+pppingme> herpderp depends on what you're doing.. 11:35 < grawity> well, realistic might be running out of OS's fd/socket quota, or of practical bandwidth 11:35 <+pppingme> if you're ssh'ing, typically one or two.. (or about five if your'e me), if you're web browsing, a dozen or more wouldn't be unusual 11:36 < grawity> oh if that's what you want 11:40 < jim> yeah, it looks like -json is not in ip at all in stretch 11:40 < jim> just so you know... I should be able to get my thing going 11:42 < herpderp> grawity: does the lokal ports not only apply per remote station? meaning: ip1:61521 -> server:45625 isnt the same connection like ip2:61521 -> server:45625 11:43 < grawity> herpderp: but you specifically asked per ip 11:44 < shtrb|laptop> I was recently sweet talked to belive that broadcast cross vlans in WiFi (will be seen by every client on that WiFi), was I that intellectually chalenged to believe vlans should isloate broadcasts or the support was able to sweet talk me from a bug ? 11:44 < herpderp> grawity: upsi, you are right. 11:44 < grawity> are your wi-fi ssids on different vlans, or do you run tagged vlans over a single wifi link? 11:44 < shtrb|laptop> grawity, same SSID 11:45 < shtrb|laptop> I'm a client on that network 11:45 <+pppingme> same ssid == same vlan (in most cases) 11:45 < grawity> please describe your layout in detail 11:46 < shtrb|laptop> service providers describe a vlan for each user , all user connected to the same SSID (single device) 11:47 <+pppingme> what kind of provider? 11:49 < shtrb|laptop> utility company in a building running their own WPA-Enterprise (If I understand correctly just a fancy hostapd ) , had to give a MAC address to be allowed to connect to the net 11:54 < Apachez> so you borrowed one? 11:54 < shtrb|laptop> No, I just connected and was able to see other client DHCP requests 11:56 < grawity> I think that's going to be implementation-dependent... 11:56 < grawity> I wonder how they even implement vlan-per-client on top of wifi 11:56 < grawity> guess hostapd has an option for that 11:57 < grawity> but it's possible that broadcasts are reflected by the AP before they reach the CPU? 11:57 < shtrb|laptop> I could only see DHCP requests, nothting else , When I asked them they told me DHCP (and any other broadcast requests will be seen ) 11:58 < grawity> hopefully that doesn't mean you can broadcast a fake dhcp response 11:58 < shtrb|laptop> grawity, not going to try that :) 13:02 < td34_> Hey, if I had two datacentres with separate subnets how would vmotion work if I transferred a vm over to the second datacentre? Do you have to rely on a stretched layer 2 network or put bgp on the host and advertise the /32 that way? 13:34 < shtrb|laptop> What idoms do you use for closed source (shady) router application ? I spinned of vbox but I think there must be a better way 13:38 < scientes> does double NAT suck? 13:38 < shtrb|laptop> it depends 14:07 < Chinesium> Can anyone tell me why http://p.x13.me/ is returning a page I've never seen before? 14:11 < Apachez> heatwave approaching, will be +27C next week - snowflakes melting all over the place... 14:11 < Apachez> Chinesium: try promoting your malwarized homepage elsewhere, ktnxbye 14:15 < Chinesium> Apachez: what? 14:15 < Chinesium> I'm actual asking for help 14:15 < Chinesium> I have no idea where the Funk that page is coming from 14:16 < Chinesium> Only thing I can think of it being is misconfigured cloudflare 14:35 < j2lapoin> my computer is running parabola, and i can't connect anymore to internet. I receive a message as what my eno1: reset adapter unecptecly (journalctl -xe) 14:49 < jvwjgames> Hello i am trying to get my name servers to register at enom so i can use then with my client's domain's my main domain is registered at godaddy bluepeakshosting.com but i am trying to register ns1.bluepeakshosting.com and ns2.bluepeakshosting.com at enom but it says the nameservers can't be registered. 14:57 < j2lapoin> i try messing around with ethtool but nothing work. 15:11 < j2lapoin> how to know that a network card is not dead? 15:12 <+pppingme> what does ethtool say about the card? 15:12 < j2lapoin> pppingme: i keep getting eno1: reset adapter ununexcpetly 15:13 < j2lapoin> pppingme: the card was just fine. then just before that my system freeze then when i restart, it start telling me that. 15:17 < phre4k> when I block outgoing traffic from my router's WAN interface to destination port 3320, any connections made by LAN clients to 3320 should be dropped, right? 15:17 <+pppingme> no 15:18 <+pppingme> first, 3320 on WHAT?? another lan client? the router? something outside on the internet? 15:20 < phre4k> something outside 15:23 < phre4k> I just tried it with port 80 and it works exactly like I said. 15:23 < phre4k> weird, then I was right after all 15:24 <+xand> firewall rules like wouldn't normally kill existing connections if that's what you mean 15:26 < phre4k> that's not what I mean, but I still rebooted the router to be sure. 15:26 <+xand> also "outgoing" could mean just traffic originating from the router itself, like the OUTPUT chain in iptables 15:26 < phre4k> yep 15:27 < phre4k> background: my boss got a notice from the ISP that someone is accessing port 3320 on some C&C server from the inside and I wanted to block said port and monitor which client it is 15:27 < phre4k> but weirdly enough, no connections to 3320 seem to be made. 15:27 < phre4k> s/seem to be/seem to have been/ 15:37 < spaces> Apachez how are your (meat)balls ? 15:38 < spaces> I think the world is on chickenwings since yesterday 15:58 < phre4k> is there some method to log all ports accessed by all clients for an edgerouter without logging every single packet? 16:03 < detha> edgerouters do netflow don't they? 16:05 < Apachez> spaces: nomnomnom 16:07 < phre4k> detha: they do, but I don't want to install yet another service. Thought there was a super simple solution to this. 16:09 < Apachez> detha: netflow however often only samples every 1000th packet or so 16:09 < Apachez> if you want to know what your clients are doing then push the data trhough an ids or a firewall that logs 16:10 < Chinesium> I'm super baffled, for some reason, accessing my site x13.me via http works as expected, but accessing it via https redirects to interwoven.com.ng 16:15 < j2lapoin> earlier i had a problem with my networking device. It came out that i reset my modem/router/computer and that did fix the issue. 16:17 < phre4k> Apachez: hm, seems to be the case I have to log _everything_ :/ 16:17 < phre4k> what syntax/file format do edgerouters use? 16:20 < Apachez> ubiquiti or some other edgerouters? 16:20 < phre4k> Ubiquiti 16:20 < phre4k> sorry 16:21 < Apachez> I dont get your question 16:21 < Apachez> which sytnax they use? 16:22 < Apachez> the edgeos is a vyos work 16:22 < Apachez> fork 16:22 <+xand> syntax for what? 16:25 < Apachez> xand: sometimes I think half of the question in here are like murican/russian trolls looping 150 times through google translate before asking the question so 99% of the context is lost 16:26 < phre4k> xand: config files 16:27 <+xand> I think it uses a json file to store the config 16:27 < phre4k> looks like json without all the json 16:28 < phre4k> random config I found: https://github.com/stevejenkins/UBNT-EdgeRouter-Example-Configs/blob/master/Google-Fiber/config.boot.erx 16:42 < purplex88> i want to confirm a fact, say, when in task manager I look that cpu usage is 10% for a process, does it mean that the process is taking 10% of the cpu's time? 16:42 < shtrb|work> no 16:42 < purplex88> or cpu's power? 16:42 < phre4k> purplex88: ask this question in ##windows, this is the ##network channel 16:42 < purplex88> i asked it there already, they said "yes" 16:43 < shtrb|work> did you need a second opnion ? 16:43 < purplex88> yes 16:43 < shtrb|work> then no :{ 16:44 < purplex88> now i need third lol 16:44 < purplex88> but see here: https://en.wikipedia.org/wiki/CPU_time 16:44 < Apachez> shtrb|work: :D 16:44 < purplex88> "The CPU time is measured in clock ticks or seconds. Often, it is useful to measure CPU time as a percentage of the CPU's capacity, which is called the CPU usage." 16:45 < Apachez> since a cpu doesnt really have that many states to operate in they operate in full or none (nul/slp) 16:45 < Apachez> nul/hlt I meant 16:46 < Apachez> so 10% will most likely mean that for the last second (or so) the cpu work at full mode for 10% and 90% it was hlt'ing 16:46 < purplex88> sure but is the percentage calculated from time? 16:46 < shtrb|work> no 16:46 < shtrb|work> there is no such thing as "time" 16:47 < shtrb|work> there are ticks , wall clock , ticks on cpu etc 16:47 < dogbert2> hey Apachez :) 16:47 < purplex88> lol 16:47 < shtrb|work> purplex88, that is why sleep (X) may wake up after X or X+Y 16:48 < purplex88> ok thx 16:49 < purplex88> better answer maybe: https://serverfault.com/q/648704 so seems i was right 16:56 < purplex88> e.g. if i run an infinite loop with no code, the cpu will still be 100% regardless of the amount of "work done", so that means that percent of usage it is related with time (call it scheduling time i don't know) 17:00 < Apachez> "no code" normally is "NUL" which is by the kernel replaced into "HLT" 17:00 < Apachez> so your cpu will "sleep" even if its technically running at 10=% 17:00 < Apachez> 100% 17:02 < shtrb|work> kernel works in mysterious ways 17:02 < purplex88> its not real world time, i understand 17:04 < scientes> purplex88, that is the Halting Problem 17:04 < shtrb|work> there are ticks , wall clock , ticks on cpu et 17:04 < shtrb|work> the Halting problem had a different meaning last I checked ... 17:05 < scientes> well i didn't read closely, i was seeing that you were complaining that cpu could be at 100% with no work being done 17:05 < scientes> which would be the halting problem, there is no way to know if work done is useful, or even if any work is being done at all 17:06 < shtrb|work> scientes, https://en.wikipedia.org/wiki/Halting_problem 17:09 < scientes> the halting problem can be subdivided, and then would be what i was saying above 17:10 < precise> REMINDER - IS MOTHERS DAY 17:10 < shtrb|work> given that we do not deal with a state nor an input I do not see how we can apply it here 17:44 < connorburt> Hi, if any of you have time to help me I’d really appreciate it! 17:44 < shtrb|work> !ask 17:44 < connorburt> I’m trying to connect a router to another router and I can’t seem to get it to work 17:44 < shtrb|work> how are they connected ? 17:44 < connorburt> My main goal is to just strengthen (or in general have) a Wi-Fi connection in a part of my house 17:45 < connorburt> shtrb|work: I was trying to convert one to an access point 17:46 < connorburt> I was trying to connect them LAN-to-LAN through the Cat 5 wall ports, but I can’t tell whether that’s actually working 17:47 < connorburt> My secondary router is a Belkin, and my primary or main is an Asus 17:48 < E1ephant> so you need an AP 17:48 < E1ephant> not a router 17:48 < E1ephant> (or one router in AP mode.) 17:49 < connorburt> E1ephant (IRC): well I had a Linksys one and after setting that up it still didn’t have an internet connection 17:49 < connorburt> E1ephant: I also tried turning the Belkin one into an AP but it just becomes inaccessible 17:50 < connorburt> No IP to control it from, and I give it an IP within the correct IP pool range of my main router (the Asus) 17:52 < connorburt> The models are as follows: 17:52 < connorburt> - Main: Asus RT-AC5300 17:52 < connorburt> - Secondary: Belkin Dual-Band Router (F9K1109V1) 17:52 < E1ephant> ouch 17:54 < connorburt> E1ephant: yeah, I’m pretty confused as to why none of the above is working 17:55 < E1ephant> you're following the documentation? 17:56 < connorburt> E1ephant: yep, that supplied by Belkin and Linksys 18:02 < connorburt> So this may seem ridiculous, but I just tested a couple ethernet ports and realized I’m getting no connection from any of them 18:03 < connorburt> The computer I was using yesterday didn’t have an ethernet port, and I assumed they were all functioning properly 18:04 < connorburt> Now I’m pretty sure they’re wired back to an ethernet switch, which in turn the router is connected to as well 18:08 < connorburt> Ok so if they are “wired,” what’s the most likely reason as to why I’m getting no connection? 18:10 < connorburt> They may go straight to the modem, but that wouldn’t be a problem, right? 19:04 < phre4k> connorburt: one of the routers has to be connected to a modem with its LAN port, the other router has to be connected with one of its LAN ports to one of the first router's LAN ports. Only one of the routers has to hand out DHCP IPs, the other has to just have a static IP in the same subnet but not hand out any DHCP IPs. 19:05 < phre4k> so if your first router has the IP 192.168.0.1/24 and the second 192.168.0.2/24, you may have the first router serve DHCP IPs 192.168.0.100/24 to 192.168.0.254/24, but the second one has to have DHCP disabled. 19:05 < phre4k> also, be sure not to connect the 2nd router's WAN port to the first router's LAN port, that'd be double NAT. 19:05 < phre4k> also, get proper Access Points, e.g. the Ubiquiti Unifi AP AC (Lite, Pro, LR) 19:48 < Epic|> Lel @ ubiquiti stuff being 'proper' 19:53 < grawity> lel @ pretending that your definition of 'proper' is relevant 19:55 < Epic|> Relevant? Wgaf. Correct? Undeniable 19:59 < djph> except that UBNT UAPs are proper bridges. 20:07 <+catphish> their hardware is excellent, if you forget the incident with the ERL memory sticks :) 20:07 <+catphish> i literally have a stack of ERLs with failed flash now :( 20:08 < connorburt> Thanks phre4k a lot! I ended up trying making the Belkin router back into an access point, and having the Asus router connect to it through a wireless bridge (WDS in its settings)—although as far as I know this hasn’t worked yet either 20:09 < connorburt> It mentioned keeping the channel the same; was it referring to the channel SSID? 20:09 < djph> catphish: grap some new USB keys, and EMRK them? 20:09 <+catphish> connorburt: you know both ends have to be configured with WDS right? 20:09 < djph> connorburt: most of the time for WDS to work, both ends need to be the same mfg. 20:10 <+catphish> and WDS isn't totally standard, so it may not work between different brands 20:10 < connorburt> I also turned off any security method for the Belkin router as an access point because I’m pretty sure an instruction piece on the Asus router’s control panel implied it 20:10 <+catphish> i've had wds work ok between different manufacturers, but all devices had to be configured in an explicit wds mode 20:11 < connorburt> djph: same “mfg”? I’ll look that up 20:11 <+catphish> connorburt: manufacturer 20:11 < djph> connorburt: shorthand for "manufacturer" (e.g. Asus or Linksys, etc.) 20:11 <+catphish> i don't know where the g came from 20:11 <+catphish> that letter doesn't appear in the word manufacturer :) 20:11 < connorburt> catphish and djph: ah gotcha, thanks 20:12 < connorburt> Yeah they are not from the same manufacturer so maybe it’s best for me to go out and buy an Asus access point? 20:12 <+catphish> djph: yeah, i might try to replace the flash (since it's just a usb stick), but there are some issued with some sticks working and others not, and most won't fit, so it's not as trivial as it should be :( 20:12 < djph> probably from 'manufacturing' rather than 'manufacturer' ... google isn't helping any right now though :) 20:12 < Epic|> There's no d in refrigerator either 20:12 < phre4k> connorburt: channel is a wireless channel, which means a frequency where your wireless devices talk to each other 20:13 < djph> IIRC the sandisk micros were a good fit 20:13 * Epic| observes the weapons grade autism 20:13 <+catphish> Epic|: i don't understand the refrigerator reference 20:13 < djph> oh, lookin' in a mirror Epic| ? :) 20:13 < djph> catphish: probably "fridge" 20:13 < phre4k> connorburt: if you already have cables, use them. Don't bridge wirelessly. 20:14 < Epic|> djph, wounding. 20:15 <+catphish> djph: i assumed it was just a terrible abbreviation you made up on the spot :) 20:15 < connorburt> phre4k: ah makes sense, see when I looked at the AP list on the Asus control panel, the Belkin router SSID and MAC address showed up, but as mentioned before I don’t think it was working because the weren’t the same “mfg” (heh) and the Belkin (as far as I know) didn’t offer WDS—only a way to change it into an access point 20:15 < djph> catphish: what? 'mfg'? 20:15 < connorburt> phre4k: well it’s much too far to use cables, and my wall ports don’t work it seems 20:15 <+catphish> djph: yeah, although maybe not, i guess i immediately knew what it meant 20:16 <+catphish> i've seen it before, even though it makes no sense :) 20:16 <+catphish> connorburt: if you want to make a bridge, its usually best to buy 2 identical devices specifically for the purpose 20:16 < djph> catphish: nah, not on the spot. :) 20:16 < phre4k> connorburt: by cables I mean your wall ports. You should find out why they "don't work". 20:16 <+catphish> connorburt: it's definitely possible to mix and match, but often luck comes into whether it will work 20:17 < djph> catphish: don't forget the sacrifices 20:17 < phre4k> connorburt: where do the "wall ports" terminate? as in, the cables behind them have to lead _somewhere_ 20:17 < jurislav> how do you guys troubleshoot wireless? i mean, i have more-or-less evenly distributed ~90 users, covered by 24 ruckus APs.. it's a student dorm. *some* of them complain about "wifi going down for 10~15 minutes, then coming back up", meaning they can't load any webpage (network still connected, according to them)... 20:17 <+catphish> i messages a guy about buying his guitar, he hasn't replied, i'm sad now 20:17 <+catphish> *messaged 20:18 < jurislav> after the 10~15 min, they said, all works as before.. 20:18 < connorburt> phre4k: yeah I was under the illusion that they had internet access because they all routed back to an ethernet switch board, but after testing two of them they didn’t seem to function 20:18 < connorburt> phre4k: so yes, I’ll look into that more 20:19 < phre4k> connorburt: by "ethernet switch board" you mean a patch panel? 20:19 < phre4k> connorburt: try to understand what passive and active components you have in your home 20:20 < connorburt> phre4k: I think so… it’s a Netgear item that has a lot of ethernet ports 20:20 < djph> jurislav: figure out what room(s) the complainers are in. Could be that one or two APs are dying for whatever reason 20:20 < phre4k> a patch panel alone doesn't make "connections to the internet", you have to connect it to a router and if you have multiple patch panel ports you want to connect to each other, there has to be a switch between them 20:21 < jurislav> djph: that's what I thought too, but they're spread across the whole floor 20:21 < connorburt> phre4k: ah ok, well they are connected to a modem and in turn a router I believe 20:21 < djph> jurislav: APs set too high, and they're trying to connect to {up,down}stairs instead of the one on their floor? 20:22 < phre4k> connorburt: er, that's not how this works, the modem is _between_ the internet and your router, often it makes no sense to connect a modem to a patch panel 20:23 < jurislav> djph: all APs are on a controller, same settings everywhere. do you think a client would connect to an AP that's more distant than the one in the next room? 20:23 < djph> phre4k: just to be difficult - I put a F-connector in my panel for my modem. But now I have fiber, so the F-connector is lonely. 20:23 < djph> jurislav: yes, especially if the person setting up the wifi was a fucktard and put the transmit power up high "for coverage(tm)" 20:24 < phre4k> djph: pls don'T 20:24 < djph> phre4k: I know - really gotta snap that keystone out next time I'm downstairs. 20:25 < jurislav> djph: hmm.. that could theoretically be the case... 20:25 < connorburt> phre4k: yeah I’m pretty sure I’ll have to take another look at the cabling; I guess there’s no way to do it other than opening up some of the walls? 20:25 < phre4k> connorburt: oh damn, don't open the walls 20:25 < phre4k> do you know which wall port does lead to which patch panel port? 20:25 < djph> connorburt: no, just get a tone generator / probe. Stick the generator on one end, and then probe it out in the panel. 20:25 < connorburt> phre4k (IRC): lol ok 20:25 < phre4k> connorburt: have you considered paying someone for this? :D 20:27 < connorburt> phre4k: no I’m not sure; to be honest I thought I only had one patch panel 20:27 < connorburt> phre4k (IRC): yeah right lol :D 20:27 < connorburt> djph: I’ll look into that thanks 20:27 < connorburt> phre4k: for this type of stuff who would you recommend contacting? 20:28 < djph> connorburt: the "patch panel" is where all the runs in the wall terminate. from there, you will need patch cables going into a switch (and ultimately router -> modem -> internet) 20:30 < connorburt> phre4k: and by “yeah right lol :D” I meant “you’re probably right” (kind of came off as “no way” I noticed heh) 20:30 < ca_cabotage> hey all, i have a security question. On my home network I've setup unbound on pfSense to use public TLD to resolve to some local machines on my LAN (i.e., books.network) what are the real workd security implications of this? how likely is it that something would mess up in DNS and somehow mixup the resolution of this? If it did occur, what are the security implications? basically - i know it isn't a 20:30 < ca_cabotage> recommended setup, but in all seriousness, does it matter on a home network? 20:30 < phre4k> connorburt: a network technician? 20:30 < phre4k> You can always buy a cheap probe for ~$20 20:30 < jurislav> djph: not the case here, afterall.. "auto" everywhere :? 20:30 < jurislav> :/ 20:31 < connorburt> djph: oh understood, thanks! 20:31 < phre4k> ca_cabotage: if you some day want to connect to a private service and you leak data to the internet service or some day you want to contact the internet service you're fucked 20:31 < phre4k> ca_cabotage: everyone and their grandma have a real domain lying around 20:32 < phre4k> you could at least use some unused TLD like .lan (or even .local which is reserved for mDNS/Avahi) 20:32 < ca_cabotage> phre4k, how does the fucking occur? 20:33 < phre4k> ca_cabotage: well let's say you put your porn stash on porn.network, maybe someone sets up Samba on the real porn.network and gets all of your wife's nudes 20:34 < connorburt> Thanks everyone for the help! Really informative and I’ve got a good idea on how to handle this now 20:35 < phre4k> connorburt: feel free to come back if you have any questions, but once you clear the question what a switch, patch panel, network socket, modem, router is you can google for more information 20:35 < ca_cabotage> phre4k, ok, theres nothing sensitive on the VM that this resolves to internally. but i'm curious, how does having a matching domain name to a public domain allow somethgin external to bypass my firewall and get into my network? 20:35 < phre4k> connorburt: also, consider posting on reddit.com/r/homenetworking 20:35 < ca_cabotage> phre4k, ty for taking your time to explain to me btw 20:35 < phre4k> ca_cabotage: not if you don't let it 20:39 < detha> ca_cabotage: there could be tricks bypassing same-origin policy in browsers, but that's probably about it 20:39 < phre4k> ca_cabotage: https://serverfault.com/questions/17255/top-level-domain-domain-suffix-for-private-network / https://www.us-cert.gov/ncas/alerts/TA16-144A 20:39 < connorburt> phre4k: thanks phrea4k, and I’ll check out that subreddit :) 20:39 < djph> jurislav: "auto" everywhere is another sign of a fucktard installer ... 20:40 < ca_cabotage> phre4k, so on my WAN firewall, there are no open ports except for VPN - DNS is of course allowed outbound, but all inbound stuff is blocked unless specifically passed. I use a local Unbound server (on pfSense) for DNS resolution to root servers, and unbound also has the entries for that public TLD to resolve locally. With this setup how would someone exploit or break the network because I'm using a public TLD 20:40 < ca_cabotage> privately? 20:42 < phre4k> well it seems highly unlikely 20:44 < Evan1929838483> Hi again 20:46 < ca_cabotage> phre4k, thanks for your input! i appreciate your time. i'll look into switching over to .localhost or something 20:48 < phre4k> ca_cabotage: don't you have your own domain? 20:51 < jurislav> djph: i meant in the TX power settings 21:04 < jsync> Hello. I have an apache2 service running on a local network server, though my internet page is not visible to my other machines on my local network. 21:05 < jsync> I have other services running on my local network, so I figured it was a problem with configuration of apache2, though they referred me to this group. 21:09 < detha> jsync: how are you connecting to the server? by dns name or by IP ? 21:09 < jsync> the name of the site: osvl.org 21:10 < jsync> Within a browser 21:10 < detha> Are you behind a NAT router? 21:10 < jsync> The IP is set. I have various other programs that I use across the local network that run in the server machine. 21:11 < jsync> I use the LAN ports on a router that connects the local machines. 21:12 < detha> Does that router NAT towards internet, and if so, does it support hairpinning? 21:15 < jsync> The NAT server is off & it's just a basic AT&T router. 21:17 < detha> So you have the actual 46.4.whatever address on the web server? 21:18 < jsync> The apache2 software is within a machine that uses a 192.168.x.x ip. 21:18 < jsync> & my internet page is configured with a url name. 21:18 < jsync> I figured I could open a browser & find the page. 21:19 < detha> That is rfc1918 space, so the router does NAT towards internet. Did you have to set up port forwarding to make it accessible from the internet? 21:19 < meingtsla> $ host osvl.org == osvl.org has address 46.4.72.55 That is a Hetzner IP address. 21:19 < detha> ah. the plot thickens. 21:20 < jsync> I'm making my osvl.org on my local network. 21:20 < jsync> It's not for outside network setup. This actually is just for a local network server & machines. 21:21 < meingtsla> Ah OK 21:22 < detha> then I guess you have to either use the 192.168.x.y address of the server, or set up some form of local dns that resolves osvl.org to that 21:24 < jsync> That's within the apache2 software config though, huh? 21:25 < detha> no, in the browser 21:25 < ikonia> wha'ts your "internet page"? 21:25 < jsync> My machines communicate fine when my service actually is configured correctly. I have other services that work on the local network between the machines. 21:26 < detha> Are those other services also using that osvl.org as address? 21:26 < jsync> No. They use the 192.168.x.x 21:26 < ikonia> so you have no name service 21:26 < ikonia> but what's an "internet page" 21:26 < jsync> The apache2 people told me to configure with "localhost" 21:26 < ikonia> for real ? 21:26 < detha> wow. 21:27 < ikonia> so it's bound to 127.0.0.1 21:27 < jsync> Yeah. I thought that wouldn't work. 21:27 < ikonia> jsync: where did they tell you to do that 21:27 < jsync> Well, that's what the hosts file configuration is for is what I figured that they mean. 21:27 < detha> just use http://192.168.x.x in the browser 21:27 < jsync> #httpd 21:27 < ikonia> detha: it won't work if it's bound to localhost 21:28 < ikonia> they did NOT tell you to use localhost 21:28 < ikonia> they told you, you have a name server problem 21:28 < jsync> So, should I configure apache2 to use 192.168.x.x? 21:28 < detha> ikonia: true. but most configs bind to 0/0 21:28 < ikonia> detha: he's actually bound it to localhost 21:28 < detha> eew. Just use 0.0.0.0 21:29 < detha> (in the apache config). Then use the 192.168 address to view it 21:36 < jsync> It's still not visible, though the default "It Works" actually is visible. 21:36 < ikonia> what ? 21:36 < ikonia> "the default" ? 21:36 < ikonia> could you please be speicifc 21:38 < detha> apache default page I guess, apache config will probably be set up with vhost on osvl.org now 21:38 < ikonia> it will fail and go to the default vhost as there is no name service 21:38 < ikonia> as #httpd told him 21:40 < detha> I'm not in #httpd I think, but yeah. Option 2 then, set up local dns or just put something in the /etc/hosts file of the machine used for viewing 21:44 < jsync> So, the page is visible within the machine that has the apache2 software running, though it's not visible within the other machines on the local network. 21:45 < ikonia> jsync: how are you trying to connect to it from the other machines 21:46 < jsync> With the browser. 21:46 < ikonia> and what are you typing into the browser ? 21:50 < jsync> I am typing osvl.org, like I used to see the page in the server machine browser. 21:50 < ikonia> that's not going to work 21:50 < ikonia> as you have no name service 21:50 < jsync> aha. 21:50 < ikonia> as the guys in #httpd told you 21:50 < jsync> I have osvl.org within my hosts file. 21:50 < jsync> They didn't tell me that. 21:50 < ikonia> you have 2 problems you need to fix 21:51 < ikonia> (they did tell you that) 21:51 < ikonia> a.) your apache is listening on localhost - that means only the server it runs on can connect to it 21:51 < jsync> (they) was "thumbs". Remember? 21:51 < Apachez> ikonia: not really 21:51 < ikonia> b.) you have no name service running, so every machine that needs to connect to the web service will need a mapping in the host file 21:51 < Apachez> it means that something needs to bounce locally on your server to connect to something that only listens to 127.0.0.1 :) 21:52 < jsync> I changed the NameServer localhost to NameServer 192.168.x.x 21:52 < ikonia> jsync: those are the two problems 21:52 < ikonia> jsync: are you running a dns service on your network that knows how to map osvl.org to ip addresses ? 21:52 < jsync> What is a "Name Service" on a local network? 21:52 < jsync> not dyndns. 21:53 < ikonia> ok - you need to understand the basics of networking befor eyou go forward 21:53 < ikonia> no, not dyndns 21:53 < Evan1929838483> StevenR: You seem familiar :/ 21:53 < jsync> Is there a name service software? 21:53 < ikonia> jsync: yes 21:53 < ikonia> many 22:28 < jsync> All the apache2 setup guides I found didn't mention a name service software needed. 22:29 < petemc> that is how names are translated to ip addresses 22:29 < petemc> you can use /etc/hosts for your local network 22:29 < jsync> Well my apache software is just for my localnetwork anyway 22:29 < jsync> & I have my url set within /etc/hosts already. 22:30 < jsync> Maybe I need to restart my server? 22:30 < dminuoso> Neither CHAP nor PAP seem particularly trustworthy. How do you folks authenticate PPP sessions from your NAS securely against RADIUS? 22:31 < dminuoso> (We're terminating our PPP sessions on Cisco ASR-1002X routers) 22:32 < Apachez> simple, you dont do PPP in the year of 2018 22:32 < dminuoso> Apachez: Let's pretend Im not a networking guy (because Im not). What do you use in the year 2018? 22:35 < Apachez> well I dont do PPP 22:35 < Apachez> I use vlans to segment clients in the same physical gear 22:38 < dminuoso> Apachez: Well I'd love to do DHCP shenanigans, but our MSAN infrastructure is a bit annoying currently.. 22:38 < dminuoso> We're kind of stuck to PPPoE for now 22:38 < dminuoso> Personally I couldn't really care, because I just develop software =) 22:40 < petemc> dminuoso: use tls ? 22:40 < Apachez> why do you even use pppoe? 22:54 < dminuoso> Apachez: We're a small sized carrier. Customers login using PPPoE 22:55 < dminuoso> It's not that rare.. =) 22:57 <+catphish> pppoe is really convenient for DSL 22:57 <+catphish> i'd likely still use it on any kind of shared medium like pon 22:58 <+catphish> or for a WISP setup 23:48 <+catphish> looking at iscsi again, and i can't help but wonder if there might be a simpler way to transmit data on a SAN 23:49 <+catphish> i'm at the point of thinking writing my own protocol might beat implementing iscsi, but then, you lose compatibility :( --- Log closed Mon May 14 00:00:19 2018