--- Log opened Mon May 14 00:00:19 2018 00:05 < Harlock> FC? 00:06 <+catphish> Harlock: nah, needs to be ethernet based 00:06 <+catphish> there are a couple of protocols that exist, but iscsi is the only one with wide support 00:07 <+catphish> so i either use iscsi, or essentially make something proprietary thats not going to work with other software 00:07 <+catphish> which isn't the end of the world 00:09 < Harlock> depedning on the situation working well is better than wide compatibility 00:10 <+catphish> yes indeed 00:36 < totesmuhgoats> Hi guys 00:37 < totesmuhgoats> what do I need to be able to resolve hosts on my lan by hostname? 00:38 < totesmuhgoats> it sometimes works, but not always 00:38 < GenteelBen> Use your router as your DNS server. 00:38 < totesmuhgoats> GenteelBen: I thought that might be the solution :) 00:38 < GenteelBen> If your hosts don't self-assign a hostname, then you need a DNS server like Windows Server's DNS role. 00:38 < GenteelBen> Pretty much no home routers allow you to edit DNS records held on the router. 00:39 < totesmuhgoats> well in the router's dhcp table it seems to be aware of the hostname 00:39 < GenteelBen> Not sure what your specific problem is. 00:39 < totesmuhgoats> I think you already answered it 00:39 < GenteelBen> Another ##networking success story! 00:40 < totesmuhgoats> I've had some variability recently 00:40 < GenteelBen> Do people still use FCoE, catphish? I'd assumed it had dropped out of favour due to needing to buy expensive FCoE HBAs and FCoE switches. 00:40 < totesmuhgoats> Got a new linux distro running on this machine but also had to replace my consumer grade router / firewall / access point / switch 00:40 <+catphish> GenteelBen: i've never seen FCoE in the wild, i believe iscsi killed it 00:41 < totesmuhgoats> so I wasn't sure if the reason hostname resolution wasn't working was because the router wasn't acting as a DNS server, or if there was something protocol specific on the host I was missing 00:41 < totesmuhgoats> in case you were wondering why that question was so easy to answer 00:42 <+catphish> GenteelBen: FCoE isn't really what it claims to be IMO, it doesn't operate over ethernet, rather an expensive extension of ethernet, and really quite unnecessary when you can run scsi over IP 00:43 < ericlee> Hi, anyone ever use tc to control ingress traffic in Linux? 00:56 < rhineheart_m> Guys....regarding fiber optic deployment...if let's say there are 3 buildings in a daisy chain layout...using an 8-core foc...but only 2 cores to be used for these buildings...are the foc cut per building? 01:05 <+catphish> rhineheart_m: afaik you can't cut only part of the cable if that's what you're asking 01:06 <+catphish> you run the various cables, and splice as needed 01:37 < Pimpernel00> Does anyone have experiencing dual-booting a mac to have ubuntu? 01:37 < Pimpernel00> I’m having trouble partitioning this mac to have the ubuntu storage on MS-DOS (FAT) 01:38 < Pimpernel00> It says ‘This volume can not be resized’ 01:56 < tpr> i bet there are more proper channels for that question, but my experiences dualbooting with a 2006 macbook weren't that good 01:56 < tpr> unfortunately no idea if it has gotten better since 02:08 < Pimpernel00> tpr: what channels would you suggest to me to inquire about dual-booting on macs? 02:09 < tpr> Pimpernel00: I think some of the mac forums did use to have irc channels too, I think that'd be the best bet 02:09 < tpr> can't remember those anymore, it's been a long time. or maybe there is something like ##apple or ##osx too? 02:11 < Pimpernel00> yaeh 02:26 < Pimpernel_> test 02:28 < SporkWitch> fail 02:29 < SporkWitch> tpr, Pimpernel_: according to alis, there's also ##hackintosh 03:22 < batch> hi, can anyone tell me what i'm doing wrong here? iptables complaint about ethx1 beeing incorrect while it's really available: https://bpaste.net/show/5668333a4aad 03:23 < Aldem> Hello 03:24 < Aldem> Back on 8 and 7, I had a software that was staying in the tray and told me my internet data usage when asked. 03:24 < Aldem> Forgot it's name :/ 03:25 < meingtsla> batch: What does "ip link show" say? 03:25 < Aldem> Ahhhhhh 03:26 < Aldem> Networx it was 03:26 < batch> meingtsla ethx1: mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000 03:27 < batch> i'm about to throw all this cheap hardware in garbage i swear 03:28 < danko0range> how to create website 03:28 < danko0range> url 03:28 < danko0range> ? 03:28 < meingtsla> What if you do "! -i ethx1" instead of "-i ! ethx1"? (Though afaik either one should work.......) 03:28 < light> danko0range: like this www.creedthoughts.gov.www\creedthoughts 03:29 < batch> damn you are good meingtsla 03:29 < batch> thx alot! 03:29 < batch> i just copied from here https://www.cybrary.it/0p3n/debian-firewall-gateway/ 03:29 < danko0range> really 03:30 < batch> but his use of dash is bad 03:30 < batch> danko0range idk 03:30 < danko0range> idk? 03:31 < tds> batch: you also probably want to be using iptables-save/iptables-restore rather than your own scripts (eg with iptables-persistent on debian) 03:31 < Aldem> When I saw creedthoughs, I though of CCR heh 03:31 < batch> i was more thinking of a rope to hang myself tds 03:32 < batch> but thx for the suggestion 03:32 < batch> :p 03:36 < batch> really tds it's impossible to make a gateway with iptables routing 03:36 < batch> i'm lost 03:37 < tds> it's definitely not impossible, all my routers use iptables :) 03:37 < tds> what issues are you having? 03:38 < batch> so i have this now 03:38 < batch> i was able to give the interface on my zero an ip and define the network 03:39 < batch> but now the client hanging on the adapter is not getting any ip 03:39 < batch> no-carrier says networkctl from the client 03:39 < batch> https://bpaste.net/show/5668333a4aad are the rules currently loaded 03:40 < tds> batch: ahh, were you the person doing wifi stuff with a pi? 03:40 < batch> do i need to specify specific separate client rules aswell or hmm? 03:40 < batch> tds yes that's me 03:40 < tds> you won't have ethx1 and ethx2 on a pi 03:40 < batch> but i changed it from wireless to wire to both wired 03:41 < batch> oh yes i have, using 2 usb-to-ethernet adapters 03:41 < tds> oh, if they're both wired, you don't need the nat mess anymore 03:41 < tds> you can just do plain ethernet bridging 03:41 < tds> if I'm remembering what you were trying to do correctly? 03:41 < batch> yeah i was thinking either routing or bridging 03:42 < tds> what were you actually trying to do, again? 03:42 < batch> my idea was bridging aswell but yesterday another guys said routing will be fine 04:01 < linuxmodder> what the hell is LPSRecommender used for / purpose ? I keep hitting a wall with IANA registration but not explaination 04:02 < djph> jurislav: "auto" TX is 200% fucking wrong 04:02 < linuxmodder> djph, no surprise to find you here too 04:03 < batch> tds i think i found the real issue 04:03 < batch> so they are both same models usb-to-ethernet adapters 04:03 < batch> same drivermodule 04:04 < batch> and both get renamed from eth0 to ethx1 and ethx0 04:04 < batch> so i think my system doesn't even try to figure out wether there's more then one adapter 04:04 < batch> +- 04:04 < batch> still confusing for myself but i saw it with dmesg 04:07 < batch> this is how i'm doing it btw https://bpaste.net/show/b6db075b0610 04:22 < linuxmodder> anyone able to explain what LPSRecommender is/does aka port 2620 ? 04:22 < linuxmodder> iana seems to have diddly shit on it beyond it's a registered port 04:25 < purpleunicorn> Should i make kali Linux or Ubuntu a com? 04:25 < purpleunicorn> *VM 04:26 < linuxmodder> purpleunicorn, why not? 04:26 < linuxmodder> kali is kinda meant to be VM'd anyway 04:26 < purpleunicorn> I just don’t know which one’s better for me 04:26 < purpleunicorn> I’m making it a vm for my Mac 04:26 < linuxmodder> usecase / purpose for both or either one 04:27 < purpleunicorn> Is one faster and easier than the other? 04:28 < linuxmodder> faster is all subjective 04:28 < linuxmodder> easier in what sense? 04:30 < purpleunicorn> I’ve never used Linux so I’m a beginner I guess. I just don’t want it to be too hard to navigate while using it 04:30 < SporkWitch> purpleunicorn: why kali? 04:31 < linuxmodder> SporkWitch, I was thinking same thing 04:31 < SporkWitch> linuxmodder: it's pretty much always the first thing that should be asked when kali comes up lol 04:31 < purpleunicorn> I don’t have a particular reason but I want to download linux and any form of it. I want better security. 04:31 < linuxmodder> ubuntu then to get thy feet wet safely 04:31 < SporkWitch> purpleunicorn: you're misunderstanding the purpose of kali then; it's a toolkit for penetration testing, it's not a high-security workstation distro 04:32 < linuxmodder> lol 04:32 < SporkWitch> purpleunicorn: ubuntu 18.04 switched back to gnome, which will look very familiar to a mac user 04:32 < purpleunicorn> Okay. I’ve downloaded Ubuntu before but it was to brute force my HDD 04:32 < linuxmodder> now that ^ usecase would have been squarely in kali's wheelhouse 04:32 < purpleunicorn> Okay I’ll go with that then SporkWitch 04:32 < SporkWitch> yup 04:32 < purpleunicorn> Ok 04:32 < SporkWitch> related: debian packaging is a PITA lol 04:33 < linuxmodder> what dpkg is too much for you ? 04:33 < purpleunicorn> Do you guys know any free vpn’s? 04:33 < SporkWitch> spent most of the day trying to figure out build deps, because i already had everything myself, had to figure out what launchpad's build system wanted lol 04:33 < linuxmodder> hell I was doing a firewall ansible play and going the total dumbass hard way 04:33 < purpleunicorn> I know they usually suck but I have no choice rn 04:34 < linuxmodder> purpleunicorn, self hosted with socks proxy to a VPS somewhere 04:34 < SporkWitch> linuxdaemon: was driving me nuts because it built fine locally; i had to figure out that crazy "quilt" patching system, and the build deps, before i finally got it to build on the ppa 04:35 < SporkWitch> erm, linuxmodder ^ 04:35 < linuxmodder> lol 04:35 < SporkWitch> and now my email is out there for all the world to spam and blame when it doesn't work lol 04:35 < linuxmodder> gem install github-pages was like that for me today too, it finally built and now I forgot how the hell to interface with it 04:36 < SporkWitch> ugghh, i hate ruby; why can't it just install things like a normal program? 04:36 < linuxmodder> that is why you use a forwarder or throwaway and fwd that :) 04:39 < linuxmodder> SporkWitch, https://gist.github.com/linux-modder/0c4a3b2cb78c02007711db889001e30e 04:39 < linuxmodder> a very specific and CTF style logic to those static ports too :) 04:39 < linuxmodder> TigerOS is the only hint you get 05:03 < batch> bind-interfaces in dnsmasq is used for making dns available on 127.0.0.1 for all interfaces or am i seeing it wrong?? 05:09 < matt|home> yo. quick question, i just bought a new laptop for work and i kinda need it to remain relatively secure. i have drive encryption, antivirus programs and malware scanners active, but from a networking standpoint is there any kind of uh.. i guess firewall is the term? like iptables or something i should be employing, or are network-based malware relatively rare 05:11 < purpleunicorn> So it says remove the installation medium before restarting my laptop. What is the medium? 05:11 < purpleunicorn> Am I deleting the Ubuntu download package 05:12 < rewt> the medium is a cd, dvd, usb drive, etc 05:13 < SporkWitch> matt|home: linux has iptables, i believe unix uses the same, but not sure, it's been a while since i've used a unix 05:13 < purpleunicorn> Okay well I guess in this case it’s the vm??? 05:13 < purpleunicorn> I mean virtual box 05:14 < matt|home> this is a windows 10 laptop, i don't know anything about its vulnerabilities or what kinda networking you can do with windows 05:14 < rewt> the firewall that comes with windows is good enough 05:14 < SporkWitch> matt|home: windows firewall will typically prompt you to allow new programs, but it doesn't require UAC IIRC, so a malicious application could potentially open ports 05:15 < matt|home> hm 05:16 < matt|home> so what's the probability of me getting any kind of malware if: i dont go to any nontrusted websites, i dont download any nontrusted programs, and i dont connect to any wifi other than my own 05:16 < matt|home> i assume something like a worm is relatively rare 05:17 < SporkWitch> higher than if you weren't on windows 05:17 < matt|home> hm 05:17 < matt|home> are there any good free firewall programs i should be using? 05:19 < SporkWitch> asked and answered 05:25 < matt|home> uh 05:25 < matt|home> if you say so 05:29 < cheng08> cant access openwrt web UI and ssh? 05:29 < cheng08> how can I fix it? 05:29 < light> have you tried turning it off and on again? 05:29 < mast> You will need to do a factory reset 05:30 < cheng08> mast: I try factory reset not working 05:30 < cheng08> ' 05:30 < cheng08> is factory reset need to communicate with the computer? 05:30 < cheng08> light: yes I try it. 05:34 < Jmabsd> Q: i like to understand how the 1x40gbps-to-4x10gbps on the Intel XL710 NIC works 05:34 < Jmabsd> https://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/ethernet-xl710-brief.pdf 05:35 < Jmabsd> the breakout cable is this: https://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/ethernet-qsfp-cables-brief.pdf https://ark.intel.com/products/71867/Intel-Ethernet-QSFP-Breakout-Cable https://ark.intel.com/products/series/71863/Intel-Ethernet-QSFP-cables 05:38 < cheng08> cant access openwrt web UI and ssh? 05:40 < Jmabsd> urr.. this document https://downloadmirror.intel.com/25245/eng/qsfp-configuration-utility-quick-usage-guide.pdf , only shows "4x10gbps" 05:40 < Jmabsd> so you can only run ONE port in 4x10gbps, and the other one will anyhow stay as 40gbps? 06:00 < cheng08> Can't access openwrt web UI and ssh? 06:02 < SporkWitch> cheng08: we saw the first two times 06:03 < SporkWitch> see also http://catb.org/~esr/faqs/smart-questions.html 06:12 < Jmabsd> what is "QSFP+ direct attach copper", a 20gbps copper cat7 cable? 06:16 < SporkWitch> https://lmgtfy.com/?s=d&q=what+is+OSFP+direct+attach+copper 06:21 < Jmabsd> err, so, the 40gbps QSFP to 4x 10gbps breakout cable that you can run on Intel's XL710 chip and also their X520-QDA1, is shown here: https://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/ethernet-qsfp-cables-brief.pdf 06:21 < Jmabsd> they offer one that is "twinaxial" 06:21 < Jmabsd> and one that they just call "breakout". 06:22 < Jmabsd> is one of these based on coppper e.g. normal rj45-cat7 cable, and the other one is optical? or what's the differencE? 06:32 < ericlee> Hi, anyone ever used tc for traffic control? 06:43 < grawity> Jmabsd: I don't think twinax is physically anything like cat7, no 06:43 < Jmabsd> grawity: and there are no adapters? so those are two separate worlds 06:43 < grawity> adapters to what? 06:43 < Jmabsd> is twinax sfp+ faster for some reason than cat7 rj45? 06:44 < Jmabsd> grawity: sfp+ twinax to rj45 cat7 06:44 < grawity> why would you need that 06:44 < Jmabsd> grawity: i didn't use any of the sfp+ / qsfp+ stuff previously 06:44 < grawity> if you have a SFP+ slot and need rj45, get a SFP+ rj45 module 06:45 < Jmabsd> grawity: aha. wait, can you take one minute to explain to me, so here for instance http://www.hotlavasystems.com/products_10gbe.html is a 10gbps module with an "SFP+" connector. 06:45 < Jmabsd> grawity: similarly here, https://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/ethernet-qsfp-cables-brief.pdf , you see the breakout cables for the 40gbps XL710 intel nic 06:45 < Jmabsd> grawity: i get a bit lost in the XL710's terminology 06:46 < Jmabsd> grawity: they offer a "Intel® Ethernet QSFP+ Twinaxial Cables" variant, and a "Intel® Ethernet QSFP+ Breakout Cables" variant. 06:46 < Jmabsd> what's the difference? 06:46 < grawity> looks like the latter is 1x40 Gbps SFP to 4x10 Gbps SFP 06:46 < Jmabsd> grawity: what is SFP+ actually? 06:47 < grawity> I don't know much about the fancy stuff above good old 1 Gbps 06:47 < Jmabsd> grawity: all i have experience with is RJ45. 06:47 < Jmabsd> i thought SFP means "optical", lol. 06:47 < grawity> but from what I've heard, 40 Gbps ports are special in that they consist of four 10 Gbps links *and* can run all of them separately (giving you four independent 10 Gbps links) 06:48 < Jmabsd> oh really, ahaaa 06:48 < Jmabsd> ok 06:48 < grawity> SFP and the like are formats for ... "media interfaces" in general, I think that's not very wrong 06:48 < Jmabsd> grawity: the XL710 with two 40gps seem to be able to operate the 4x10gbps breakout only for *one* 40gbps port 06:49 < Jmabsd> grawity: do you have any idea what "breakout" and "twinaxial" means here 06:50 < grawity> well 06:50 < grawity> literally the same as before 06:50 < Jmabsd> grawity: it's interesting this is all over the market and it's not even clear what it is 06:50 < grawity> "breakout" = one connection on one end, multiple connections on the other end 06:51 < grawity> and I'm just guessing but I think *all* of them are twinaxial 06:51 < grawity> their marketing team just didn't want to add too many specifiers or something 06:52 < grawity> twinaxial being the type of the cable that runs in the middle 06:52 < Jmabsd> grawity: btw this seems to be the ""monster"" class in the industry, http://www.hotlavasystems.com/pdfs/HLS_StHelens_Datasheet.pdf 06:53 < grawity> ¯\_(ツ)_/¯ way beyond my little LAN 06:53 < Jmabsd> grawity: you see that HotLava card uses XL710 to give you like at least 8x 10gbps from one NIC. 06:53 < Jmabsd> i think that's actually a **CHEAPER** solution as "virtual switch", than to go buy your own 10gbps switch 06:53 < Jmabsd> multiport 10gbps switches are phenomenally expensive. 06:53 < Jmabsd> and big 06:54 < Jmabsd> grawity: anyhow i still don't understand the SFP connectors thing 06:59 < mast> Yeah I don't either really 06:59 < mast> Its laziness on my part. I have a bunch of swtiches with SFP and I understand is that it lets you have fancy jack swapping 07:00 < grawity> and that's about it, no? 07:04 < Jmabsd> those HotLava cards are expensive. 07:04 < Jmabsd> mast,grawity: does SFP mean "optical"? what's SFP actually 07:04 < Jmabsd> they have those gigantic, deep connectors that allow you to plug n play the PHY:s no?? 07:05 < grawity> no it doesn't mean "optical" 07:06 < grawity> but that's the most popular use, I'm sure 07:11 < Jmabsd> grawity,mast: so "SFP" is a kind of plug n play PHY standard? 07:11 < Jmabsd> which has both a laser-optical module standard, and a copper cable standard but which is separate from rj45? 07:11 < Jmabsd> hm 07:11 < grawity> yeah I suppose 07:12 < grawity> there *are* SFPs with ordinary RJ45 ports too 07:13 < grawity> and the "laser-optical" modules are many different types, not all of them even laser-based AFAIK 07:14 < Jmabsd> grawity: would those rj45 based SFP modules work with all SFP NIC:s? 07:14 < grawity> tbh I don't see why not 07:15 < Jmabsd> aha, this may be called "10g rj45 transciever", https://www.amazon.com/s/ref=nb_sb_noss?url=search-alias%3Delectronics&field-keywords=10g+rj45+transciever 07:15 < Jmabsd> yep, they cost around 175 USD per piece. 07:15 < RJ45> Jmabsd: yo mama's may be called "10g rj45 transciever" 07:16 < RJ45> Jmabsd: yo mama cost around 175 USD per piece 07:16 < RJ45> XD 07:17 < Jmabsd> sigh. 07:22 < Jmabsd> interesting to see that the SFP to RJ45 10gbps transceivers are so expensive (135USD for generic and 175-200 USD for a branded one), compared to the SFP to 10gbps fiber transceivers which are like 20 USD 07:22 < RJ45> S U C C 07:23 < Jmabsd> now... Intel's QSFP+ breakout gives you.. four.. *MALE* SFP connectors?? https://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/ethernet-qsfp-cables-brief.pdf 07:25 < grawity> well yes, that's what direct-attach cables are 07:25 < grawity> straight from SFP slot of device A to SFP slot of device B 07:26 < Jmabsd> ahaaaaaa. got it. 07:27 < Jmabsd> grawity: is there any way that I can break out one QSFP into four 10gbit ethernet rj45 connectors? 07:27 < Jmabsd> btw, what's the difference between "QSFP" and "QSFP+" 07:27 < RJ45> Jmabsd: woah there, this sounds pretty x-rated 07:28 < Jmabsd> lol. 07:28 < SporkWitch> "difference between" is genergally going to have a lot of good google hits 07:29 < RJ45> I'm bit-banging ur wife 07:29 < Jmabsd> aha, there is QSFP to 2x RJ45 10gbps 07:29 < Jmabsd> mm 07:29 < Jmabsd> sporkwitch: this whole QSFP/SFP thing was all new to me. interesting. 07:46 < Jmabsd> (Promise are unclear about the difference https://www.promise.com/Products/SANLink/SANLink3-N1/ and https://www.promise.com/Products/SANLink/SANLink3-T1/ for their Thunderbolt 10g adapters, emailed.) 07:52 < SporkWitch> Jmabsd: i find quite a few results for "difference between osfp and osfp+" that answer your question 08:10 < Jmabsd> sporkwitch: ahh, "QSFP" means 4x1gbps, while "QSFP+" means 4x10gps, gotcha, http://www.fiber-optic-equipment.com/difference-between-qsfp-qsfp-qsfp28.html 08:38 < Jmabsd> grawity,sporkwich,*: interesting, so a dual-QSFP+ XL710 NIC can be made to break out to *in total* 4x SFP+. if you run all those 4x on one of the QSFP+ ports, then the other one will just deactivate as i understand it. 08:38 < Jmabsd> now, i like to understand how you can convert QSFP+ to multiple 10GBASE-T RJ45 connectors 08:38 < Jmabsd> i see one single product on the market to actually do that: https://www.hpe.com/us/en/product-catalog/servers/server-transceivers/pip.server-transceivers.1008646254.html 08:42 < Jmabsd> is there any way to take one of those QSFP+ male to 4x SFP+ male, to convert the SFP+ male to SFP+ female and so plug in a 10GBASET RJ45 transceiver there? 08:55 < detha> you want to do *what* ? What would be the purpose of that? Have a longer qsfp+ to RJ45? 08:55 < detha> (also, where would the qsfp module get power from?) 09:00 < detha> Anyway, reading that again: I'd call that an 8-port SFP+ switch. Plug the 4 sfp+ into the first 4 ports, plug some shady RJ45 transceivers in the other 4 ports. 09:10 < Jmabsd> detha: for instance Intel XL710 allows you to use one QSFP+ (40gbps) port as *FOUR* different 10gbps ethernet interfaces! 09:12 < Jmabsd> detha: so what i asked myself is, how do you actually make use of those four 10gbps interfaces, what kind of adapters do you need for it 09:12 < Jmabsd> and that seems to be total jungle presently 09:12 < Jmabsd> detha: right, i think this is the cheapest 10gbps switch out there: https://www.qnap.com/en-us/product/qsw-1208-8c 09:12 < Jmabsd> 500 USD for 12 ports, of which 8 are SFP+. 09:12 < jurislav> djph: i don't get it. Auto TX is a requirement for "Self Healing" feature - you say that one is useless too? 09:12 < detha> you either plug it into a switch, or you go back to 1x40Gb 09:14 < detha> Jmabsd: read the specs, and read them again. Not all switches can handle this. 09:14 < detha> What are you actually trying to do here? 09:15 < mAniAk-_-> Jmabsd: just use qsfp breakout to DAC or fiber? 09:15 < Jmabsd> detha: i guess all QSFP+ switches are very expensive? 09:16 < Jmabsd> what's the cheapest 4/6/8/10/12 port you're aware of? 09:16 < Jmabsd> maniak-_-: right, the DAC cable is the easy one - that gives you QSFP+ or SFP+ *MALE* connectors to plug directly into the other end right. can you give me an example ofa QSFP+ to 4 x fiber breakout cable? 09:16 < mAniAk-_-> Jmabsd: youll find qsfp in high density datacenter switches, thousands of $ at a minimum 09:17 < detha> The one where the VAR is short of monthly target, and you can beat the SE down to list minus 60 :p 09:17 < mAniAk-_-> Jmabsd: yes, intended use is to connect to stuff in the same rack 09:18 < Jmabsd> maniak-_-: right. what about optical splitter cable, do you know any? 09:18 < Jmabsd> also what's the cheapest switch with a QSFP+ connector you're aware of ?=) 09:18 < mAniAk-_-> Jmabsd: uh, what is that 09:18 < mAniAk-_-> Jmabsd: something on ebay maybe? 09:18 < Jmabsd> QSFP+ is the 40gbps form 09:24 < Jmabsd> detha: ?? 09:25 < Jmabsd> detha: so again, the XL710 supports operating one QSFP+ port as four separate SFP+ interfaces. 09:25 < Jmabsd> and i wonder how to actually use that, in particular with 10GBASE-T RJ45 09:26 < detha> Jmabsd: I still have no idea what the question behind all this is. What are you trying to build ? 09:36 < Jmabsd> are there any 100gbps pci nics today? 09:36 < Jmabsd> ah right, mellanox. 09:44 < mAniAk-_-> Jmabsd: what are you trying to do? 09:56 < Jmabsd> maniak-_-: i just explored what's possible to do with 40gbit ethernet. 09:56 < Jmabsd> what i see is that 10gbit ethernet is the fastest ethernet available that has been "commoditized". 09:56 < Jmabsd> the XL710 is the fastest "commodity" ethernet adapter out there, and then it's most useful in its 10gbps mode 09:57 < Jmabsd> just because there's more switches and other nics 09:57 < Jmabsd> the fastest commodity Thunderbolt 3 NIC is 10gbps RJ45. 09:57 < Jmabsd> so, there is some hardware for the 40gbps ethernet, it's based on QSFP+, and it's a bit exotic and mostly veery expensive 09:57 < Jmabsd> i wonder what the cheapest smallest QSFP+-based 40gbps ethernet switch is - maybe Mellanox makes something 09:57 < mAniAk-_-> not that much more expensive than SFP+ 09:58 < mAniAk-_-> its just a form factor 09:58 < mAniAk-_-> the asic that the port is connected to is the same 10:31 < r0n0x> heyo 10:31 < r0n0x> i need to impose some restrictions and apply certain control to my home internet 10:32 < r0n0x> like being able to view IP addresses certain devices are connecting to, blocking said IPs, potentially throttling speed of certain devices 10:36 < regdude> r0n0x: that is a job of a router and, possibly, a IDS or some traffic monitoring option 10:37 < r0n0x> well, i have a router 10:37 < regdude> r0n0x: you might need a quite advanced router, not expensive though 10:37 < r0n0x> however i think i need some sort of special software installed on there or a better router 10:37 < r0n0x> ye 10:37 < regdude> what do you have? 10:38 < r0n0x> telstra technicolor-something 10:38 < r0n0x> a router that came with the NBN setup, i havent checked if i actually need the router or not 10:39 < r0n0x> since my ADSL comes from a fixed wireless box 10:39 < r0n0x> connected to an antenna on the roof 10:39 < regdude> damn those things are expensive 10:39 < r0n0x> because we dont have phone lines, a bit of an uncommon situation 10:39 < r0n0x> they are free here 10:40 < mAniAk-_-> ...you have wireless adsl? 10:40 < uw_fluxus> OpenWRT might be useful. If your router can run it and you're willing to replace firmware. 10:40 < r0n0x> yeah, ill need to first check i guess, if my router isnt performing some function of sorts first 10:41 < r0n0x> i.e, if its acting as a generic router would, or, if its also signing into an AP or something 10:41 < regdude> can multiple people connect to it at once? 10:42 < r0n0x> yeah 10:42 < djph> mAniAk-_-: he's probably calling it "DSL", when in fact he's simply got a WISP 10:43 < r0n0x> just to clarify, this IS wireless adsl 10:43 < grawity> how does that work, again? 10:43 < detha> wireless wires 10:44 < regdude> that is a router then, I suppose you can just buy another router with a decent software and just place if behind that CPE box 10:44 < grawity> if "DSL" is a type of physical link over phone lines, and you don't have phone lines, then it's not "DSL"... 10:45 < r0n0x> its not over 4g or something, its a special wireless link to a nearby phone tower (ironically) but over the fixed wireless NBN service 10:45 < r0n0x> anyway, it SHOULD effectively be no different to actual wired phone/ethernet but, not sure 10:45 < r0n0x> Technicolor TG797n 10:45 < djph> it's point to (multi-)point microwave. 2.4 or 5 GHz most likely. 10:45 < r0n0x> yes 10:45 < detha> it's some form of WISP-type setup I guess. The only relevance to it being wireless is that one cannot just replace the CPE with some standard box 10:46 < djph> lotta WISPs use it 10:46 < djph> depends on whether or not the WISP is doing bridged-mode on the CPE-Radio most times. After that, it's (usually) just your run-of-the-mill pppoe 10:47 < r0n0x> oh wait, i have another router here, i could test it 10:47 < grawity> r0n0x: it might be Wi-Fi, it might be Nv2/airMAX/iPoll/etc., it might be WiMax, but it doesn't sound like "ADSL" in the slightest 10:48 < r0n0x> well, thats irrelavent 10:48 < regdude> it can be anything, but the important thing is that he can't remove the CPE box 10:48 < r0n0x> but, now i just need to see if a generic router can use that ethernet line 10:48 < r0n0x> whats CPE btw? 10:49 < regdude> that testra thing 10:49 < djph> Customer Premesis Equipment 10:49 < r0n0x> ah 10:49 < r0n0x> yeah thats a no go 10:49 < r0n0x> my router on the other hand is far as i can tell a standard router 10:49 < r0n0x> actually, i kinda would like to boost my signal so i can do drone/robot stuff around the property 10:49 < djph> regdude: not necessarrily. Most WISPs I know of just grab whatever generic router that'll do what they need in most cases. They don't tend to care if the customer uses it or not. 10:50 < r0n0x> well, hopefully thats the case, telstras stance on it however is that its "impossible to use internet without the T gateway router" 10:51 < regdude> djph: true, but a lot of (W)ISPs tend to just drop their CPE, but don't tell anything. I had to sniff packets to find out that IPTV and Internet was simply tagged with different VLANs, but they didn't want to share any of this information 10:51 < r0n0x> but, in the settings i cant find any account specific stuff soooo 10:51 < djph> regdude: the only two that don't (that I know of), use the radio itself as the router (although, they're already doing CGN, so I suppose another round of NAT won't be the end of the world) 10:52 < r0n0x> oh wait here we go, a PPP credentials 10:52 < r0n0x> but thats just my telstra login information 10:52 < r0n0x> is that normal to have? 10:53 < r0n0x> oh noes 10:53 < detha> sounds like normal PPPoE over some radio link then 10:53 < r0n0x> i have an IP voice service for my home phone 10:53 < r0n0x> looks like i cant replace or reprogram this 10:54 < r0n0x> but, hopefully i can just shut off wifi and install a second router 10:56 < r0n0x> swoot 10:56 < r0n0x> theres 4 ports 10:56 < r0n0x> physical ethernet ports i mean, and they are numbered 10:56 < r0n0x> so, now the question becomes, what router should i get... 10:58 < regdude> I guess OpenWRT is an option. I could recommend a few options with x86 or some routers, but that is going to be an overkill. Does anyone knows if UBNT does QoS and can mirror traffic? 10:58 < r0n0x> also, will having 2 routers have any negative effects on the speed any 1 router can attain if one of the routers is doing literally nothing but being ready to handle VOIP 10:58 < regdude> yes, 0.1ms latency increased 10:58 < r0n0x> :O 10:58 < r0n0x> is that a lot? 10:58 < mAniAk-_-> regdude: QoS yes, maybe can do mirror in their switches 10:59 < r0n0x> i mean i know its not but i dont know how that impacts bitrates 10:59 < mAniAk-_-> regdude: doing QoS disables hardware acceleration though 10:59 < regdude> it impacts your swearing in video games 11:00 < r0n0x> i dont play video games 11:00 < regdude> mAniAk-_-: this guy uses WISP, I suppose any router from their line should be able to forward at least 100Mbps through the CPU 11:00 < regdude> 0.1ms is not noticeable for home users 11:01 < mAniAk-_-> regdude: iirc i got around 60 with my edgerouter lite 11:02 < r0n0x> so, any idea what router i should aim for? 11:03 < regdude> mAniAk-_-: any options for traffic-flow or any other traffic monitor? 11:04 < r0n0x> ill be running openwrt on it or something else if better options exist 11:04 < mAniAk-_-> regdude: they support netflow, and have something you can enable in the web interface to view flows, you get some aggregate graphs etc 11:05 < regdude> oh wait, r0n0x, do you want to monitor which addresses are being visited in real time or view a history? 11:06 < r0n0x> its not that important, but a history is fine 11:06 < r0n0x> i just asumed it was a feature of openwrt 11:06 < regdude> well a history requires a dedicated server to store that data 11:06 < r0n0x> then dont worry about it 11:07 < r0n0x> just a good affordable fast router that can run openwrt 11:07 < r0n0x> or at least be considerably better than my technicolor router 11:07 < regdude> then look for UBNT or OpenWRT, there are countless options 11:07 < r0n0x> thats the software though 11:07 < r0n0x> firmware* 11:08 < r0n0x> i mean the router on which to run it 11:08 < regdude> UBNT is a router brand that has a quite rich feature set 11:08 < r0n0x> oh 11:09 < regdude> OpenWRT is a firmware, can't really recommend any since haven't bough any routers my self for 5 years 11:09 < r0n0x> UBNT doesnt seem to support openwrt 11:10 < regdude> it seems OpenWRT can run on UBNT as well, check EdgeRouter Lite 11:10 < mAniAk-_-> i wouldnt do it though 11:10 <+xand> I imagine it can but you probably wouldn't need to or want to 11:10 < mAniAk-_-> control plane cpu on edgerouters are slow 11:10 <+xand> the ubnt routers have ASICs that won't work with openwrt 11:10 < djph> ^ 11:10 < djph> not to mention Vyatta > WRT 11:10 < regdude> like all, but at least a backup option 11:11 < r0n0x> so, i guess ill just look for a normal router then which probably can support openwrt 11:12 < mAniAk-_-> r0n0x: https://www.smallnetbuilder.com/ 11:12 < r0n0x> since noone has anything specific in mind, what would you say i should look for spec wise, taking at least 1 step above my generic router which i am already quite happy with, besides the limited firmware control 11:16 < r0n0x> neato RT-AC87U 11:42 < NotsoRoyal> !weather savannah, ga 11:42 < markeczzz> Hi! Question! I have network something like this: 11:42 < markeczzz> <192.168.1.0/24> -- --VPN Tunnel-- -- <192.168.2.0/24> 11:43 < markeczzz> I need to temporarily transfer one server(192.168.1.10) from 1.0 subnet to 2.0 subnet. I can't change ip on that host, because clients on 1.0 subnet must be able to contact that server. If i would put a route on R1, something like 192.168.1.10 - gateway 192.168.2.0, would this work? Would clients on 1.0 subnet be able to contact that server? 11:43 < djph> The only way to put a server on a different subnet is to, well, change its IP address. 11:44 < Roq> markeczzz: Thats not gonna work 11:44 <+catphish> markeczzz: it is possible, but it's not easy, and there are better ways to achieve this 11:44 < Apachez> "We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4" 11:44 < djph> markeczzz: whay not just set a route on 2.0/24 back to 1.0/24 via the VPN? 11:44 < markeczzz> Ok, what would be better way to do this? 11:44 < djph> * why not 11:45 <+catphish> markeczzz: i would suggest the best option to solve this is probably NAT on R1 11:45 <+catphish> R1 would respond to arp for the old address, then 1:1 NAT to the new address 11:46 <+catphish> the other option would be proxy arp, which is quite similar, but the server would keep its IP, but just live in the wrong subnet, both routers would have to fake some ARP respnses for other other's subnet, this is likely a really bad idea 11:47 <+catphish> markeczzz: i'd strongly recommend just updating the clients to point to the new IP, but if you really can't try my first suggestion, change the server's IP, then use 1:1 NAT on R1 11:47 < djph> I suppose it really depends on what he means by "server needs to be on 2.0/24" 11:47 <+catphish> so R1 pretends to be the server, but rewrites the packats to its real IP 11:47 <+catphish> actually, wait... 11:48 <+catphish> " I can't change ip on that host, because clients on 1.0 subnet must be able to contact that server" 11:48 <+catphish> i just read that again, why would changing its IP prevent clients accessing it? 11:48 <+catphish> they just need to connect to its new IP, do that! 11:48 <+catphish> i was working on the principle that the IP of the server couldn't change, but that's dumb 11:49 < detha> who says the server cannot have two IPs, one in each subnet? 11:49 < markeczzz> Because that IP is hardcoded in client application (yup, badly written software) 11:49 <+catphish> i assume they're in different physical locations (since there's a VPN between them) 11:49 < Emperorpenguin> whaaaaaaa 11:49 < Emperorpenguin> hardcoded IP 11:49 < Emperorpenguin> you're goona have a bad time 11:49 <+catphish> markeczzz: oh, nasty, then i suggest you look as NAT as I suggested 11:49 < markeczzz> Yes, well.. it sucks :D 11:49 <+catphish> R1 should pretend to be the server, then NAT to its real IP 11:49 < markeczzz> Well, what i am trying to achieve is this: 192.168.1.10 is virtual machine on server on one location which can't have any downtime. But I need to do some maintenence on that server and I need to shut it down. On that other location (2.0 subnet) I have another server which could host it. 11:50 <+catphish> also, seriously, fix the software :) 11:50 < Emperorpenguin> best way to do it: DNS with double A record 11:50 <+catphish> hardcoded IPs isn't cool 11:50 < Emperorpenguin> oops can't do that 11:50 <+catphish> so, it comes down to NAT 11:50 <+catphish> not much choice 11:50 < Emperorpenguin> can you dynamically announce the subnet from different sites? 11:50 <+catphish> that's a terrible idea 11:51 < Emperorpenguin> or NAT yes 11:51 <+catphish> you could make the subnet appear in both locations with proxy arp, but its way too messy 11:51 <+catphish> hopefully NAT will work with less mess 11:52 < djph> there are always maintenance windows ... 11:52 < detha> just stand up a temporary VM in location 1, with the IP of the original server, and either DNAT or an L3 proxy to location 2 11:53 <+catphish> yep, though the router can probably do it without needing to make a VM 11:53 < markeczzz> Well, I am gonna try with NAT.. first with some test vm :) Thx guys 11:53 <+catphish> good luck 12:02 < ljc> i've got a tp-link d930 and i'm trying to get my gl inet mini router to connect to it. I plug in the ethernet cord to the LAN port of the tplink but the mini router can't connect 12:04 < djph> can't connect to ... what? 12:04 < ljc_> oops, back 12:04 < ljc_> djph: can't get internet 12:04 < djph> what port are you using on the "mini router"? 12:04 < ljc_> not sure if it's a dhcp thing 12:05 < ljc_> WAN 12:05 < djph> and the TP-Link LAN is ???? subnet, the mini-router is ???? subnet? 12:06 < ljc_> as in the IP's? 12:06 < djph> hm, probably should've used something other than '????' 12:06 < djph> yeah 12:06 < ljc_> TP link is 192.168.1.1 12:06 < ljc_> mini router is 192.168.8.1 12:07 < djph> and mini's WAN is something like 192.168.1.x (right)? 12:08 < ljc_> possibly, i'm not sure 12:08 < ljc_> actually my other pc just got 192.168.8.140 from the mini router 12:08 < djph> okay, so a computer plugged into the mini router gets 8.x from the mini router. Can it ping 8.1? if yes, can it ping 1.1? 12:10 < ljc_> yep, laptop can connect to mini router (192.168.8.1), but can't ping tplink (192.168.1.1) "destination net unreachable" 12:11 < djph> check the mini router that it's properly performing NAT on the outbound (and its WAN interface is actually getting an IP in the 1.0/24 network) 12:14 < ljc_> i'm not sure how to do either of those 12:14 < ljc_> i'm trying to check logs on both but the tplink interface isn't the best 12:15 < ljc_> glinet is running busybox and can't find the logs i need 12:15 < ljc_> ifconfig on the minirouter shows no allocated IP 12:19 < djph> is the TP-link running a DHCP server? 12:21 < ljc_> yea, i can see 2 IPs. one is this computer i'm typing on, and the other i'm not sure what it is (the MAC doesn't match the minirouter) 12:21 < ljc_> ^ from the TPlink router's DHCP page 12:22 < djph> then re-configure the whatsit (and triple-check the ports ;) ) to pull an IP via DHCP (or maybe just reboot it) 12:23 < ljc_> hm yea i'll pull the plug 12:35 < purplex88> is access point always / often means wireless? 12:40 < regdude> purplex88: depends on what you mean by Wireless. If you mean WiFi, then no, there are different standards as well where the name AP is used. For Ethernet there are Access Ports 12:43 < purplex88> when you create a network, why do you need an access point? 12:44 < purplex88> local network (no internet) 12:44 < grawity> I guess it's a central place to decide on the frequency, handle authentication and key-exchange, etc. 12:45 < grawity> there *are* Wi-Fi modes without an AP (adhoc/IBSS, and recently mesh), they're just not nearly as common 12:46 < shtrb|laptop> purplex88, an AP is like a Wireless Access Point ("antenna") , an entry point for wireless communication into your network 12:46 < shtrb|laptop> *:Antenna: in mobile phone network 13:04 < purplex88> and i'm seeing a gateway hardware. 13:04 < purplex88> i thought gateway was simply an ip address 13:05 < shtrb|laptop> I'm oversimpilifying that 13:16 < Apachez> QSFP+ 40G SR4 MMF modules, they dont work with LC only MTP/MPO right? 13:17 < Apachez> https://efail.de/ 13:27 < ljc_> usually connecting ethernet is ezpz and it just works 13:28 < pagios> hi 13:29 < pagios> hi anyone understands STUN correctly? 13:29 < shtrb|laptop> !ask 13:30 < djph> purplex88: a "gateway" is essentially another name for a router (now, "residential gateways" muddy the waters a bit, since they're a router / switch / wifi AP / sometimes a modem all-in-one) 13:32 < purplex88> djph: in my campus, i saw a big giant hardware they were calling "gateway" 13:33 <+catphish> does anyone know how sms peering works? like if i want to send an sms to someone on a different network, how do i do it? 13:33 < purplex88> what was that 13:34 < djph> catphish: open "messaging", write in phone number, done :D 13:34 < djph> purplex88: and? 13:34 < shtrb|laptop> purplex88, a gateway is an entity between two or more domains 13:35 < purplex88> djph: what was it for, why was it that big? 13:35 <+catphish> maybe every operator who does sms has bilateral agreements with every other operator, but i'd hoped there was an easier way 13:35 < shtrb|laptop> catphish, local or international ? with or without roaming ? 13:35 <+catphish> shtrb|laptop: i was thinking international, no roaming 13:35 < shtrb|laptop> catphish, there are local agrements (region/ bileteral) and bics for international (need an agrement too ) 13:36 < detha> catphish: operators have agreements. If you want to send straight, you have to have a link into each operators' SMSC 13:36 < djph> purplex88: connecting mutiple networks. They needed tons of ports (NOTE that if it's cisco or other "expensive" grade gear, you can usually pretty easily swap ports between "switched" and "routed") 13:36 <+catphish> what i likely need is an operator who already has the arrangements in place and would host my numbers for me 13:36 < shtrb|laptop> catphish, you have white list way (via BICS for example) and you have inter operator agrement 13:37 <+catphish> but i wondered how it worked 13:37 < shtrb|laptop> on a physical level (data) - you have via ftp , SMPP , email to SMSC and others 13:37 < shtrb|laptop> (delivery) 13:37 < detha> same as calls, operators have agreements to terminat each others' calls 13:37 < shtrb|laptop> and there is the old fashioned way via SS& 13:37 < shtrb|laptop> SS7 13:38 < djph> purplex88: generally the TCO of say a "chassis-based" device is less than the equivalent number of ports on individual switches/routers. 13:38 < shtrb|laptop> SS7 / SIGTRAN 13:38 <+catphish> shtrb|laptop: thanks, ideally i'd want SMPP (since i don't have any SS7 links yet) 13:38 < shtrb|laptop> catphish, Are you an operator ? 13:38 < shtrb|laptop> or a customer ? 13:38 <+catphish> shtrb|laptop: yes, operator 13:38 <+catphish> shtrb|laptop: but would i need to peer with every operator in the world individually? 13:39 <+catphish> becuse that is likely impractical, we're way too small 13:39 < shtrb|laptop> there are different SMPP ways, not all operators confront the protocol (and SMPP is LIVE and not disconnected mode) 13:39 < purplex88> djph: a gateway connects all devices? 13:39 < shtrb|laptop> catphish, check how you can work with BICS (or any other provider) 13:39 <+catphish> when you said FTP, did you actually mean FTP, as in, transfer a batch of messages... by FTP?! 13:39 < shtrb|laptop> yes 13:39 <+catphish> that's terrifying :) 13:40 < djph> purplex88: a gateway gets you between networks. 13:40 < shtrb|laptop> catphish, there is an SMS ove FTP , each file is put on a special internal network and then taken from it 13:40 < shtrb|laptop> and there is SMS in SIP 13:41 < djph> e.g. 192.0.2.0/24 to 198.51.100.0/24 13:41 <+catphish> shtrb|laptop: looks like perhaps the best approach would be to use BICS and have them host my numbers 13:41 < shtrb|laptop> catphish, do not trust one example given over IRC , you need to check all your options 13:42 <+catphish> shtrb|laptop: :) indeed 13:42 < purplex88> djph: but all are wires coming from all devices connect to gateway? 13:42 <+catphish> shtrb|laptop: negotiating direct peering with every provider seems implausible though, regardless of the protocol used 13:43 < shtrb|laptop> catphish, yes and no , many operator create peering agrement with a local already peer (for a nice fee) 13:43 < shtrb|laptop> you can sign with BT for example and they will deliver your SMS to intenrational dests 13:43 < djph> purplex88: ultimately. Most of the time end hosts are patched into a switch ... which in turn is patched into a gateway 13:44 < shtrb|laptop> catphish, depdening or your destinations check what are the big players near the hub (and have more then one route !) 13:44 <+catphish> shtrb|laptop: that makes sense, so just sign up with one (or perhaps more) peers who are essentially transit providers 13:44 < purplex88> so basically all switches and routers will all connect to gateway 13:45 < shtrb|laptop> catphish, but prepare for a LONG process 13:45 < mAniAk-_-> purplex88: a router is in general a gateway 13:45 <+catphish> shtrb|laptop: i'd be happy enough if i could just find one provider who i could pay to do it for me 13:46 < purplex88> i want to see a topology where a separate gateway hardware and access point harware is used with all switches and routers 13:46 <+catphish> but thought it was worth understanding the process too 13:46 < pagios> does STUN only work with udp? 13:46 < mAniAk-_-> purplex88: a gateway isnt one specific thing, it has different meanings 13:46 < pagios> or tcp 13:47 < pagios> STUN works: o mainly you are saying, clientA opens a connection to stun using UDP port 12345, now stun tells client your ip is 1.1.1.1 and u are using 12345, keep that port open and if i get a request for you i will pass these info to clientB. so clientB asks for it and connects to 1.1.1.1 and port 12345? 13:47 < shtrb|laptop> catphish, there SMS sellers locally 13:49 < shtrb|laptop> *There are SMS sellers (service providers in your region that will do the SMS delivery for you) , but consider the need for MMS and RCE 13:49 < djph> purplex88: okay ... ERL (router/gateway), plugged into an ES-16, with two or three UAP-AC-LITE. There ya go. 13:49 < shtrb|laptop> *RCS 13:50 < shtrb|laptop> pagios, did you seriusly used CF ip in your system ?! 13:50 < shtrb|laptop> CloudFlare 13:51 < djph> I think he's trying to use 1.1.1.1 as an example 13:51 < pagios> whats cf? 13:51 < shtrb|laptop> or he is from AT&T 13:51 < pagios> tea 13:51 < djph> shtrb|laptop: er, what? 13:51 < shtrb|laptop> facepalm 13:52 < shtrb|laptop> djph, AT&T took over by mistake 1.1.1.1 13:52 < djph> oops 13:52 < shtrb|laptop> "mistake" 13:52 <+catphish> shtrb|laptop: thanks 13:52 < pagios> .......... 13:52 < shtrb|laptop> catphish, np and good luck 13:54 < shtrb|laptop> djph, https://arstechnica.com/information-technology/2018/05/att-is-blocking-cloudflares-privacy-focused-dns-calls-it-an-accident/ 13:55 < regdude> dear god 13:56 < regdude> Arris 5268AC gateway "has been assigned 1.1.1.1 on an internal interface." 13:58 < djph> SOME cisco stuff did the same in the past 13:58 < djph> least I think it was Cisco ... either way, was first-time setup or a guest portal 13:59 < regdude> yes, even cisco... 13:59 < liveuser1> hey 13:59 < shtrb|laptop> I trust cisco to do an error, AT&T not 14:00 < liveuser1> a little much ironic doncha think? 14:00 < shtrb|laptop> why ? 14:00 < liveuser1> shtrb|laptop: do an error? 14:00 < shtrb|laptop> I meant that If they said it was an error, I trust it was not malicous activity 14:00 < NotsoRoyal> what's donki 14:01 < regdude> most probably left it there from testing or initial config 14:01 < liveuser1> ljc: partner? 14:01 < liveuser1> yeah shtrb|laptop the game is going 14:01 < liveuser1> it is dropping "red herrings" all over 14:02 < liveuser1> it is reading my text notes and then making it look silly to outsiders 14:02 < shtrb|laptop> liveuser1, https://arstechnica.com/tech-policy/2012/08/att-have-you-no-shame/ 14:02 < liveuser1> by dropping "red herrings" 14:02 < liveuser1> is hitman on? 14:03 < liveuser1> If I trace the dev can I count on you to perform a lawful execution? 14:03 < liveuser1> The dev knows my requirment of knowledge is high, the dev knows I am it's judge. 14:03 < liveuser1> The execution is not your doing only by agency. 14:04 < liveuser1> You perform a lawful execution and do you require a fee? 14:04 < liveuser1> It is an instant indulgence in service of the LORD 14:04 < shtrb|laptop> sudo chmod +x ? 14:05 < liveuser1> hitman talk on ssh 14:05 < liveuser1> the thing has been going for a long time with "zodiac killer " intelligent methodology 14:06 < liveuser1> there are worse crimes than murder 14:06 < liveuser1> see Book of Jude 14:06 < liveuser1> and Michael commanded Satan "LORD rebuke you" 14:09 < djph> thank the gods for /ignore. 14:10 < shtrb|laptop> djph, ignore works for non pms ? 14:10 <+xand> yes... 14:11 <+catphish> remember that 1.1.1.1 is experimental, it's a well known unusable address 14:12 <+catphish> so these incidents of it breaking will not be isolated, but it does seem to be going ok, apart from the amount of junk it probably receives 14:13 < Epic|> Wonder how much their load surged following announcement 14:14 <+catphish> "While Huston has yet to analyse any of the junk traffic in this new experiment, he said that it can still be measured in multiple gigabits per second." 14:18 < Marc_One> hello. i have a problem with an ssh reverse tunnel. i can do "ssh -N -R *:4430:somelanmachine:22 user@server". but i cant do "ssh -N -R *:4430:localhost:22 user@server". 14:19 <+catphish> do you get an error? 14:19 < light> are you confused over which machine localhost refers to? 14:19 <+catphish> that should definitely work 14:20 < Epic|> Haha @ multiple gigs 14:21 <+catphish> Marc_One: the error should shed some light on it, i assume you understand that localhost is your local machine, obviously a remote forward to a remote localhost would be pointless :) 14:21 < Marc_One> no. no error. i have a openvpn server on the machine that is supposed to tunnel. but i get no connection. ssh also doesnt work. but when i specify another machine on my network i can ssh and open the website of my router. 14:22 <+catphish> no error? well what happend? 14:22 <+catphish> *happens 14:22 <+catphish> i'm pretty confused by the question now, must get back to work anyway 14:23 < Marc_One> ok. sad 14:24 < Scroto> What's a good online course for computer networking? 14:25 < liveuser1> another dark joke? 14:25 < liveuser1> scroto 14:26 < djph> Marc_One: something doesn't look right there. But I can't put my finger on it 14:26 < detha> catphish: before you get too involved in iscsi again, could we have a +q on that account please? 14:26 < light> he probably doesn't know what he's trying to do 14:27 < Scroto> liveuser1: It's not :) 14:27 < Marc_One> i want to acces a openvpn server from outside, because i have carrier grade nat. 14:28 < djph> ssh -N -R port:localhost:22 user@jumphost <-- should mean that ultimately, ssh -p port localhost (on the jumphost) returns you to the mai... 14:28 < djph> wait what? 14:28 < liveuser1> Scroto: all of these nicks 14:28 < liveuser1> Scroto: trying to blend in with the deranged minds? 14:28 <+catphish> detha: why do i have to be the bad guy? 14:28 < Scroto> liveuser1: It's literally just a handle, man. There's nothing deranged about it. 14:28 < detha> catphish: because you haven't give me ops 14:29 < detha> *given 14:29 < liveuser1> Scroto: what do you desire? 14:29 < djph> reverse ssh won't let you connect to an openvpn server (well, I mean, you'll get ssh access to the box, but that's not the same thing as "connected to the VPN") 14:29 < djph> I think I'm misunderstanding something though 14:29 < liveuser1> Give me 10% of your paycheck and I can manage you. 14:30 <+catphish> go mad, but not too mad, or i get in trouble 14:30 < light> can't believe that worked 14:30 < light> well played 14:30 < liveuser1> Scroto: networking job? 14:30 < liveuser1> Is that what yer looking for? 14:31 < Marc_One> let me explain: i have a vserver and want to tunnel reverse so that port 4430 on my vserver is sent to port 1194 of my host at home, where the openvpn server runs. 14:32 < djph> ssh != ovpn. Unless ovpn is listening on a different port, this isn't gonna work. 14:32 < light> Marc_One: why not do the reverse? 14:32 < light> Marc_One: if you set the VPN up on the vserver you can have the client at home connect out to establish the link 14:32 < light> LAN to LAN 14:32 < Marc_One> sorry the port is 1194 and not 22. with 22 i wanted to test if ssh is working, but it also does not. 14:32 < djph> or reverse-ssh from home to the vserver on the internet. 14:33 < Scroto> liveuser1: Something like that, my dude 14:33 < djph> e.g. ssh -N -R 11900:localhost:22 user@vserver 14:33 < djph> then ssh into vserver later, and ssh -p 11900 localhost (perhaps homeuser@localhost, i forget offhand) 14:35 < Marc_One> the curios thing is: when i specify some machine on my home network like ssh -N -R *:4430:somemachine:22 user@server it works as i expected 14:37 < djph> you mean that from "user@server" later on, you can 'ssh somemachine -p 4430' and it works? 14:37 < djph> err 'ssh -p 4430 somemachine' 14:39 < Marc_One> no i can "ssh user@ -p4430" and have a working ssh to . th same with "ssh -N -R *:4430:localhost:22 user@server" does not work and i cant get no connection weather ssh, hhtp or openvpn 14:40 < liveuser1> Marc_One: is there "known good"? 14:41 < Marc_One> what is "known good"? 14:42 < Marc_One> forgot to say: i of course modify the port to whatever service i want to use. 14:42 < liveuser1> in science it is called a control 14:42 <@detha> liveuser1: could you please stop with the random nonsense? 14:42 < liveuser1> "known good" something to compare with for identifying the prob;e, 14:43 < liveuser1> Marc_One: somds like unknown filters 14:44 < liveuser1> Marc_One: something like a warzone 14:44 < liveuser1> I haven't been able to make a connection to some ssh server for months now 14:45 < liveuser1> has it been years? 14:46 < Scroto> Can anyone suggest me a good online course for computer networking? 14:46 < djph> Marc_One: that doesn't make any sense. ssh -p 4430 user@server SHOULD NOT WORK, given that "othermachine" is not listening. 14:46 < liveuser1> if you are surrounded by hive whores where do you thing business which fits within society is going to lead 14:47 < liveuser1> you read about sodom didn't you? 14:47 < Marc_One> it works. there is a sshd running on somemachine:22 14:47 < liveuser1> what happened to all of those people 14:48 < liveuser1> Marc_One: yeah ssh works here on my own machine but try connecting past the first hop 14:49 < djph> the only way that could possibly work is if 'server' and 'somemachine' were on the same segment (or you could route between them) 14:51 < ShotokanZH> hi everyone 14:52 < Marc_One> server is somewhere on the internet. public routeable. and somemachine is behind nat. 14:52 < djph> reverse ssh syntax is "listenport:listenhost:mylisten user@remotehost" 14:53 < ShotokanZH> I've created a system that gives a random username & passwords combination for a guest user to connect to the guest wifi network. 14:53 < liveuser1> Marc_One: does openssh hold it's own implimentation of ssl? 14:53 < liveuser1> It looks like many softwars have builtin ssl 14:54 < ShotokanZH> I was trying to see if there was any simple way to share 'em and I thought about QRCodes 14:54 < djph> then from remotehost, connecting to "listenport/listenhost" gets you to the host that initiated the reverse connection 14:54 < djph> ShotokanZH: button or something to print it on a label / recepit paper 14:54 < ShotokanZH> sadly it seems that QRCodes does not allow to connect to a Wifi-enterprise network 14:54 < djph> (or well, probably generate -> then print) 14:55 < ShotokanZH> djph, yep but people here are already complaining about "waste of paper!!!" and such 14:55 < Marc_One> no. connecting to remotehost:listenport gets you to listenhost:mylisten 14:57 < Marc_One> i need a smoke. 14:58 < djph> Marc_One: no. If you run the command "ssh -N -R 11900:localhost:22 user@remotehost", you create a tunnel on the remotehost (listening to THAT localhost, port 11900), that points back at whatever host initiated that reverse session. 14:58 < regdude> ShotokanZH: android phones allows to scan NFC to connect to WiFi, but you are probably looking for full compatibility 14:59 <@detha> djph: seems more like it connects a listener on remotehost:11900 that connects to 127.0.0.1 on that same remote host 14:59 < djph> detha: except that's not what ssh -R does 15:00 < ShotokanZH> regdude, yep, for a simple WPA2 it's ok, but for a WPA2-enterprise (ssid, username & password) it does not work. 15:01 < ShotokanZH> regdude, the only reference i found about connecting to a WPA2 Enterprise network was here: http://www.glassappsource.com/google-glass-how-to/connect-enterprise-wpa-network-google-glass.html and it still does not work 15:03 < regdude> ShotokanZH: maybe you can connect to hotspot? You could print a QR code and opens a URL that would send the password, but for security reasons it must be HTTPS 15:03 <@detha> djph: ah right, it resolves on giving the command, so localhost ends up at the host setting up the tunnel. 15:05 <+catphish> detha: for clarity: -R creates a tcp server on the ssh server that connects through to a tcp client on the ssh client 15:05 < liveuser1> ssh is throwing "Connection timed out 15:06 < liveuser1> there's something funny about it though 15:06 < liveuser1> the connection connects from some places and not others 15:06 < liveuser1> and many times the connection interrupts 15:06 < liveuser1> say after the first interruptuion 15:07 < liveuser1> the key is taken 15:07 < liveuser1> then the connection is lost potentially forever 15:07 < liveuser1> and somebody pretends to be you 15:07 < liveuser1> on some ssh server 15:07 < light> say no to drugs :/ 15:07 < at0m> the key is taken? public key is public. 15:08 < at0m> doesn't matter if anyone takes it. 15:08 < liveuser1> why doesn't anybody comprehend the importance of an unbroken chain of changing the key 15:08 < regdude> ShotokanZH: seems to be a weird limitation for 802.1x, but some vendors seems to support captive portals with QR codes, found Zyxel 15:08 < liveuser1> at0m: what do you mean doesn't matter 15:08 < liveuser1> say it is a password 15:08 <+catphish> it's not 15:08 < liveuser1> key/password 15:09 < at0m> liveuser1: a key is *not* a password 15:09 < ShotokanZH> regdude, thank you my dear 15:09 < shtrb|laptop> xand, should ignore hide messages put on a channel for example ? 15:09 < liveuser1> same arguments against sanity over and over 15:09 < liveuser1> the key isn't any different than a long password 15:09 < at0m> liveuser1: no. a key belongs to a *keypair* 15:09 <+xand> shtrb|laptop: yes though it's a client command so up to client 15:09 < liveuser1> if the asci text file allows access 15:10 < liveuser1> may as well be a long password 15:10 < at0m> only the private key can decrypt what has been encrypted with the public key 15:10 < liveuser1> sure but they leave the private key sitting there 15:10 < liveuser1> so anybody can copy it 15:10 < at0m> liveuser1: maybe read a little on symmetric and asymmetric encryption. 15:10 < liveuser1> we dont beleive in locking doors 15:11 < liveuser1> and when we do we think hey leave windows open 15:11 < djph> detha: yeah ... honestly, it's a bit brain-bendy when you're looking at it :) 15:11 < regdude> ShotokanZH: seems to be possible with devices called MikroTik, does not seem to be a popular feature across many vendors, but all of them require you to use captive portals 15:12 < liveuser1> at0m: yeah? 15:12 < liveuser1> at0m: if I read are you going to meetup and perform it with I 15:13 < liveuser1> if the key is created in a led box and then pulled from the machine and locked in another led box fine 15:13 < liveuser1> worth encrypting 15:13 < liveuser1> all of this generate long ascii strings and leave it sit on the machine is useless 15:14 < liveuser1> there was something about changing the pemission of the private key 15:14 < liveuser1> reasonable 15:14 < liveuser1> but not secure 15:16 < liveuser1> at0m: maybe send the win32 pgp binaries with source for dcc ANALYSIS 15:16 < liveuser1> may as well do hand cyphers 15:16 < liveuser1> and with such reasonability maybe rot13 15:17 < liveuser1> reasonable 15:17 < liveuser1> I am near the dragon network 15:18 < liveuser1> I can recall each point at which it expanded and likely entrypoints 15:18 < light> weren't you op'd to quiet this tit? 15:19 < liveuser1> most of all of this started on win32 15:19 < djph> ^ 15:19 < liveuser1> windows xp 15:20 < liveuser1> which is why I ask for the pgp binaries 15:26 < mawk> hi 15:26 < mawk> what is the purpose of marking a route as deprecated ? 15:26 < mawk> an address, sorry 15:27 < Phil-Work> mawk, in what context? :S 15:27 < mawk> if I mark an address as deprecated then add a secondary address, the second one doesn't overcome the first, even though the first is deprecated 15:27 < mawk> in the context of linux interfaces 15:28 < mawk> I mark the primary address as deprecated with ip addr add 127.5.0.1 dev dummy0 preferred_lft 0 15:28 < mawk> missing the /16 sorry 15:29 < mawk> then add a secondary address with ip addr add 127.5.0.2/16 dev dummy0 noprefixroute, that new address is marked as secondary but it's not deprecated 15:29 < mawk> still, the preferred source address stays 127.5.0.1 for that interface 15:29 <@detha> I vaguely remember something about 'no new connections using that address, but it can still be used for existing connections' 15:30 < mAniAk-_-> mawk: man file says its v6 only? 15:30 <@detha> more in the context of changing ipv6 privacy address though 15:30 < mawk> ah maybe it's v6 only yeah 15:34 < mawk> I'm still search for the holy grail in order to find the preferred address for an interface 15:34 < mawk> the best I've got so far is the programmatic equivalent of ip route get 0 oif $IFACE 15:34 < mawk> if the result isn't an error of 127.0.0.1, that is the preferred source ip 15:35 < mawk> an error or* 15:37 < king_button> If I put a database in the 'cloud', how do I protect myself from data loss in the case of disk failure? 15:39 < king_button> I mean, I'm guessing most people use RAID. Do cloud providers have RAID? 15:39 < Aeso> king_button, if you're putting your data in the 'cloud', you're essentially paying someone else to solve that problem for you 15:40 < djph> ^ 15:40 < shtrb|laptop> "solve" , 15:40 < Aeso> you should still keep backups though, of course 15:40 < shtrb|laptop> king_button, you don't, you hope it will be ok 15:47 < SporkWitch> king_button: the cloud is not magical, it's just other people's computers. It doesn't solve anything, it just shifts blame and responsibility. You pay for the privilege of praying they're competent. 15:47 < djph> ^^^^^^^^^^^^^^^^^^^^^ 15:47 < djph> (and hint: they're not :) ) 15:47 < Apachez> and when you read the eula/terms of service you see that the cloud provider have no warranty whatsoever that your data will be accessible to you 15:48 < SporkWitch> it's a brilliant scam, really :P 15:48 < regdude> someone here a long time ago said: there is no such thing as clouds, only other people's computer 15:48 < shtrb|laptop> oh they are competent, and they are good, they have covered themselvs from losses and you pay for that 15:49 < djph> SporkWitch: actually, I think many of them have a "best effort, but if the place gets nuked" tupe clause -- i.e. you may not get it today or tomorrow (when you absolutely want it), but we'll get it back to you eventually 15:49 < SporkWitch> regdude: in the sense that people refer to "the cloud" or "cloud [thing]" that's correct; "the cloud" used to be a useful meta-object: its anything that we don't care about how it works 15:49 < shtrb|laptop> I have seen a doc that showed, the 100 mbps plan, one some page it says minimum speed is 0.01 mbps 15:49 < SporkWitch> djph: you mean Apachez 15:49 < djph> SporkWitch: fuck, indeed I do 16:05 < pagios> any interesting video on the web to really understand sip ? 16:06 < dminuoso> pagios: No. 16:06 < dminuoso> There are no interestings videos about SIP because there's absolutely nothing interesting about SIP. It was designed with two things in mind: 16:07 < dminuoso> Come up with some lose standard that everybody implements differently, with everybody making their own additions. And beer. 16:07 < dminuoso> The only way to truly appreciate SIP is to be wasted as to not feel the pain. 16:09 < shtrb|laptop> There are RFC, which you implement, and RFC have some option fields 16:09 < shtrb|laptop> so if one implment one and not the other is not implementing "different" 16:09 < shtrb|laptop> *there are RFCs 16:12 < Aeso> shtrb|laptop, that seems like a cop-out answer though. Sometimes the required components of the RFC are so vague that implementation inter-op is almost guaranteed to fail without coordination. (see XMPP, SIP, etc) To me, these RFCs fail to provide any value. 16:13 < Aeso> sorry, so limited* not necessarily vague 16:13 < shtrb|laptop> Aeso , I guess I was lucky enough not to get hit by that yet 16:15 < shtrb|laptop> Aeso, having handled with incorrect implementation (like considering optional elements illigal or fully incorrect implmentation ) but not as described before 17:02 < RaptorJesus> how do ipv6? 17:16 < djph> RaptorJesus: ? 17:18 < AlexPortable> What's the best way to exclude devices from internet access while still allowing LAN access? 17:18 <+xand> firewall 17:18 <+xand> on router 17:18 < AlexPortable> and how to identify the device? 17:19 < djph> IP reservation 17:21 < AlexPortable> what prevents the device from getting another IP? 17:21 < shtrb|laptop> reservation 17:22 < shtrb|laptop> you setup the ip in the router (static lease ) 17:23 < tds> if you want to make it more secure, isolate it at layer 2 (eg on a separate vlan), then firewall that interface's subnet 17:24 < AlexPortable> But how would other devices access that vlan? 17:24 < AlexPortable> vlanA (normal internet access + LAN access), vlanB (only LAN access). how would a device on vlanA access the device on vlanB ? 17:25 < tds> via the router (where you can firewall traffic between the subnets) 17:27 < AlexPortable> hm so i first need a router that supports that 17:28 < tonsofpcs> hihi 17:29 < djph> yes. If your router doesn't do VLANs, it's a fairly good bet it also won't do egress filtering 17:31 < AlexPortable> my switch does vlans 17:31 < djph> does your switch *route* though 17:32 < djph> further, does your router allow you to set static routes, so you can access that VLAN in the first place? 17:32 < SporkWitch> (point being that switches are typically layer 2, and routing is a layer 3 concept) 17:33 < djph> SporkWitch: oh come on, let's take this one step at a time. 17:34 < SporkWitch> i was just expanding / clarifying what you were getting at 17:34 < djph> SporkWitch: mind a PM? 17:35 < AlexPortable> router supports basically nothing, except IP filtering 17:36 < AlexPortable> hm i might be able to use that 17:36 < djph> scrap it for something that'll do what you need ... 17:38 < AlexPortable> how do i know what that is 17:38 < AlexPortable> most i can find is only custom firmware (dd-wrt), but that often won't work with hardware nat 17:38 < djph> scrap the soho brand, and get something like 'tik or UBNT 17:39 < SporkWitch> while there's impressive stuff out there, SOHO isn't really designed for multiple subnets 17:39 < AlexPortable> SOHO? 17:40 < SporkWitch> https://lmgtfy.com/?s=d&q=what+is+soho+router 17:40 < djph> "small office / home office" -- e.g. your typical consumerist stuff at walmart (or local equivalent( 17:40 < shtrb|laptop> AlexPortable, what you got from your ISP 17:41 < tonsofpcs> I have a device sending UDP unicast across a network over 3 switches, those switches have other switches hanging off of them too but shouldn't be passing that traffic to them 17:41 < AlexPortable> and 'tik ? 17:41 < tonsofpcs> the traffic is showing up on those spur switches though - what am I missing to make this stop? 17:42 < djph> AlexPortable: 'mikrotik' (one of several "better than consumer, yet not break-the-bank expensive" brands) 17:43 < tonsofpcs> mikrotik stuff is great. You just need to learn their language and the nuance between their different devices. VLANs make my head hurt in tik land but they work fine once set. 17:43 < djph> tonsofpcs: the path between hosts A-B is on switches 1,2,3; right 17:43 < tonsofpcs> djph - right. A-1-2-3-B 17:43 < AlexPortable> language? no web interface/ 17:43 < tonsofpcs> but 5 6 and 7 are each connected (respectively) to 1 2 and 3 and are seeing the traffic 17:43 < SporkWitch> djph: i usually make a distinction between SOHO and garbage-you-sell-grandma 17:44 < djph> tonsofpcs: that SHOULD work as you've described then. You're not using STP or anything, that might be changing the route. 17:44 < detha> tonsofpcs: destination MAC is indeed unicast, not ffff or some multicast address? 17:44 < tonsofpcs> detha: let me check the wireshark dump to be sure. Devices are set by IP in their menus. 17:44 < djph> AlexPortable: "language" as in they call a field "whatevername" but say Linksys calls it something else. 17:45 < djph> SporkWitch: it's all the same garbage 17:45 < tonsofpcs> MAC appears in src and dst for the ethernet frame at B. 17:46 < SporkWitch> djph: it's not; there is a clear line 17:46 < tonsofpcs> there is no alternative route - switches are all cascaeded with spurs, no loops or similar 17:46 < djph> SporkWitch: fine "SOHO garbage these people will actually buy" and "stuff that's so bad we have to get ISPs to install it for us" 17:47 < detha> tonsofpcs: managed or unmanaged switches? i.e., can you look at the switch's mac-to-port tables? 17:47 < AlexPortable> how do i know which brands are not soho? levelone, mikrotik, ubiquiti .. ? 17:47 < tonsofpcs> detha: managed, HPe 17:47 < tonsofpcs> let me start at switch 1 and take a look 17:48 < detha> see where the switch thinks that destination mac is.... or if someone has been playing with l33t tools to overflow its tables 17:48 < djph> AlexPortable: if it's available in your local walmart (or equivalent) - it's lowend / meant for the masses, and likely will not support anything more complex than "the WAN comes in this port, and these four ports are the LAN ... maybe some wifi" 17:49 < AlexPortable> no idea if it's available, i'm shopping online 17:49 < tonsofpcs> hmmm... the first switch shows the src mac but not dest... 17:50 < djph> AlexPortable: my point is, if it's something carried by walmart (or similar "cheap stuff megastore"), it's a very good bet it won't do what you need. 17:50 < AlexPortable> yes, but i dont know what brands they sell there 17:50 < detha> tonsofpcs: is that traffic only going one way, no replies from B ? 17:50 < djph> brands include, but are not limited to Linksys, TP-Link, Netgear, D-Link, Belkin, others who I'm definitely forgetting 17:50 < detha> have B ping A, see if B's mac appears in switch 1 17:50 < tonsofpcs> detha: yes. UDP unicast. only other thing I know this device replies to is pings. 17:51 < tonsofpcs> s/other // 17:51 < detha> ping it from B, see if the traffic disappears off the spurs 17:51 < tonsofpcs> oh, I can't issue a ping from B, it's an embedded device 17:52 < detha> ehm, ping A from something attached to the same switch as B ? 17:52 < SporkWitch> djph: the asus ones are actually very impressive :) 17:53 < tonsofpcs> done, no change in mac table... 17:54 < tonsofpcs> still going off to a spur 17:55 < detha> damn, I was thinking the wrong way around. Have to get B's MAC in there somewhere. 17:55 < detha> Ehm, ping B from A ? 17:55 < tonsofpcs> ok, switched B to be 'transmitting' to A, then switched it back 17:55 < tonsofpcs> it's now in the table 17:56 < detha> so now traffic should disappear off the spurs? 17:56 < tonsofpcs> and looks like traffic is dropping (I won't know for sure for 5 minutes... silly hp rates being a 5 minute weighted average) 17:57 < tonsofpcs> I guess I need to put a request in to the manufacturer of this box to send a UDP reply of some kind when it receives a connection... 17:58 < detha> or let it do gratuitous ARP once in a while. In the meantime, if it responds to pings, just pinging it from A once per minute or so should work 17:59 < tonsofpcs> well, I can't ping it from A, A is an embedded device, I suppose I could set up another device on switch 1 to ping them all continuously with repetition every 1 minute or somesuch but that feels dirty 17:59 < tonsofpcs> thanks for the solution finding help :) 17:59 < detha> np. what are these, as a matter of interest? 18:00 < tonsofpcs> unless maybe if I switch to RTP that it would reply? 18:00 < pagios> stun works over udp right? the way it works is that clientA connects to a stun server asks for its ip and source port, and that connection creates a nat rule in the router in clientA side. now clientB wants to connect to clientA so it asks for this info from the stun and then clientB connects to public ip of clientA and the port in that natting table, routerA detects that the port is for clientA and formwards it inside to 18:00 < pagios> the internal network? is this how it works? 18:00 < tonsofpcs> detha: they're serial (MPEG) data over IP converters, running about 20 Mbps. 18:00 < detha> RTP is still just one-way isn't it? 18:01 < tonsofpcs> it is, it's basically UDP with a bit of different overhead, I'm just curious if maybe that would make it show up in the ARP tables... 18:01 < tonsofpcs> my end goal is that the source devices will send out multicast and multiple receive devices but that requires even more ARP magic... 18:01 < tonsofpcs> err s/ARP/MAC 18:01 < detha> if traffic only goes one way, the MAC entry in the switch will time out in 5 minutes (or whatever it is set to) 18:02 < tonsofpcs> whelp, the mac entry timed out, let me switch them to rtp and see if it appears. 18:04 < tonsofpcs> mac appears with RTP! 18:04 < tonsofpcs> and I get error correction :D 18:11 < AlexPortable> Ubiquiti EdgeRouter X any good? 18:11 < compdoc> Ive heard people say they like those. I build my own 18:12 < AlexPortable> or better mikrotik routerboard 751 18:16 < detha> ER-X has a more solid feel to it, 751 will do the job too. For neither expect 1Gb/s linespeed with complicated routing/firewalls 18:17 < grawity> RB751 seems kinda meh compared to RB951G 18:18 < AlexPortable> what linespeed am i looking at with those devices? 18:18 < SporkWitch> look up the specs 18:18 < AlexPortable> the specs say 1 Gbps 18:18 < detha> 751 is cheap, and basic. Throughput? 'It Depends(tm)' Anything hitting the CPU, and you slow it down. 18:19 < grawity> for routing, or for switching? 18:19 < AlexPortable> Data/PoE Input Port (1) 10/100/1000 RJ45 Port, Data Ports (3) 10/100/1000 RJ45 Ports, Data/PoE Passthrough Port (1) 10/100/1000 RJ45 Port 18:21 < SporkWitch> AlexPortable: reading the specs doesn't require reading them back to us 18:22 < AlexPortable> well that's all it says 18:22 < khelpw> Hey, I've already asked in #juniper, but does anyone here know offhand or have a KB regarding the version path for JunOS on an SRX340, coming from like version 15.1x49-D35? 18:27 * SporkWitch mutters something about the _upgrade_ path being juniper → anything else 18:32 < AlexPortable> apparently the mikrotik rb2011uias also only has software nat 18:36 < ash_work> where can I find more specific information on the configuration options for dnsmasq? 18:36 < ash_work> specifically, I'm trying to find out more about `dhcp-match=set:` 18:36 < AlexPortable> #dnamasq 18:36 < AlexPortable> but then without the typo 18:38 < ash_work> AlexPortable: yeah... :\ 18:38 < ash_work> AlexPortable: I had asked in there before you joined 18:38 < SporkWitch> ash_work: spamming multiple channels with the same question is typically frowned upon 18:39 < ash_work> SporkWitch: well, I don't really expect a response from #dnsmasq so 2 other channels isn't absurd, imo 18:40 < SporkWitch> it's not absurd, it's just poor etiquette 18:40 < SporkWitch> especially when at least one of those channels has NOTHING to do with your query 18:42 < ash_work> SporkWitch: I yield :) 18:45 < OlofL> Most modern wifi drivers will prefer 5GHz over 2,4GHz. But when do they prefer 5GHz? For example mcos and ios? Is it -X dBm better signal on 2,4 before they switch over? 18:49 < jsync> Hello. What's the most simple name server software for Debian systems? 18:49 < batterylow> Hi! Is there's any way I can know if a user is downloading something or not on a network, using any terminal command? 18:50 < shtrb|laptop> jsync, #debian 18:52 < shtrb|laptop> jsync, bind9 or Dnsmasq depending what is your poison 18:53 < jsync> Just simple to configure really would be adequate. 18:53 < lupine> for resolving names, unbound 18:53 < lupine> for serving dns, I'd use powerdns 18:55 < jsync> lupine, I think I need it for resolving names. I'm setting up an apache2 server on a local network & trying to find sites with the other machines on the local network. 18:55 < jsync> I'd like to use something simple. I can't believe that apache2 doesn't have a simple feature for that built into the software. 18:56 < shtrb|laptop> trying to find sites as in scanning the network for anything which listen on HTTP ? 18:57 < jsync> So, I made a osvl.org page & virtual host file & it's listed in my /var/www/ file folder & I open the internet browser within the other machines on the network & the page is not visible to those machines. 18:57 < SporkWitch> why would apache, a webserver, provide DNS? 18:58 < jsync> The point is, SporkWitch, I'm not sure why they would be separate. 18:59 < SporkWitch> because they're completely different things 18:59 < jsync> Alright, so I guess I need a simple dns software? 18:59 < SporkWitch> your router may very well provide it, if it's not complete shit 18:59 < jsync> I have a basic router. 19:00 < jsync> A software would be fine. Something easy to configure would be cool. 19:01 < SporkWitch> many routers provide their own DNS and can do hostname resolution locally; check, because if so it's only one or two settings: default dns to the router IP and sometimes setting a local TLD 19:02 < shtrb|laptop> jsync, man /etc/hosts 19:03 < shtrb|laptop> Most routers support DNS and register dhcp client names in DNS 19:03 < jsync> Has anybody setup a local repository? That's one of the things I am putting in my /var/www/ folder & it's not visible to the machines. I created a symlink, though it's returning "404 Not Found". 19:03 < shtrb|laptop> local repository of what ? 19:04 < jsync> local repository of debian files. It's a "mirror". 19:04 < shtrb|laptop> You should not really use symlinks in apache2 (outside of documentroot), and there are debian software to do so (apt-mirror but a better place for such question is #debian) 19:05 < jsync> The instructions that I found said, "download files > create symlink > list in sources > apt-get update", & it returns "404 Not Found". 19:05 < SporkWitch> jsync: #debian 19:05 < jsync> #debian for that question. Alrighty. 19:05 < jsync> :) 19:05 < SporkWitch> and you can specify your mirrors by ip instead of name 19:06 < shtrb|laptop> jsync, I have a nice manual for you , send shtrb|laptop you bank creds and a document saying you agree to transfer your credntials for him to do what ever he needs) 19:07 < shtrb|laptop> jsync, never trust such manuals that are not from the provider itself 19:32 < Janos> hey there, got a puzzling problem and need a bit of help, I have a Linux firewall with a couple of interfaces one internal and one external. The internal interface has ip 10.1.1.1 directly on the interface and then 3 more vlans on that same interface 19:33 < Janos> one of those vlans has a public ip address that connects to an internal dmz 19:34 < Janos> the actual issue here is that at some random point in time (happens often) google.com [172.217.3.78] stops working, if I ping it from my internal network I get a response from my firewall 10.1.1.1 ´Destination host unreachable´ 19:35 < Janos> so ping 172.217.3.78 gives me destination host unreachable 19:36 < Janos> but I can ping every other ip on that network like 172.217.3.77 and 172.217.3.79 they all work 19:36 < Janos> also if I ping 172.217.3.78 from the firewall itself it works too 19:37 < Janos> also I can ping that ip from the other vlans like the dmz 19:37 < Janos> tcpdump sees the packet come in on the internal interface and sees the response from the firewall 19:38 < Janos> my take is there must be something been done on that internal network that the linux kernel is not liking, but no idea what 19:38 < jsync> Priori I go about installing this dnsmasq software & configuring it, I want to explain my goal & see if people within the forum agree that's what I need to install & use, if that's alright. 19:39 < Janos> maybe something like rp_filter or something like that, but I would like to find out what it is to fix it in that network 19:39 < Janos> any thoughts on the matter 19:40 < Janos> ? 19:40 < jsync> So, I have 3 machines connected to the LAN ports on my router. I have 1 machine that has apache2 software & I have internet pages listed within /var/www/ & I want to access those pages on the other machines connected to my router. 19:41 < detha> Janos: are you running anything like fail2ban that updates the firewall rules on the fly? 19:42 < ivanf> Hey all its my first time working with a server box. I'm trying to flash the Dell Perc H310 to IT mode 19:42 < ivanf> But having no luck 19:42 < ivanf> Followed every tut and its the same thing 19:42 < lupine> jsync: you can just use your isp-provided dns service for that 19:43 < jsync> lupine, it's just for a local network. 19:43 < Janos> detha, i´m not running fail2ban but you might be on to something, let me check the ruleset and see if that ip comes up somewhere 19:43 < lupine> right, but it must have internet access and that comes with the ability to make dns queries against a third-party dns server 19:43 < lupine> don't get me wrong, I love running my own stuff 19:43 < lupine> it just might not be a *requirement* here 19:44 < jsync> That router is not connected to the internet. 19:44 < jsync> I'm just using the router as a switch box to connect the 3 machines on a "local network". 19:44 < lupine> then you won't be able to make dns queries 19:44 < jsync> So, I need dns software? Yes? 19:45 < lupine> the dns software won't be able to provide answers to any queries you make to it 19:45 < shtrb|laptop> external quries (anything outside) 19:45 < lupine> stipulated 19:46 < lupine> it's sane if he's planning on serving a bunch of pre-cooked answers, but ISTR that was precluded in the initial enquiry 19:47 < jsync> What do I need to make these sites listed on a local network then? 19:48 < detha> lupine: he has a development copy of a site, in an apache install with name-based vhosts. So instead of either just putting that name in /etc/hosts on the other machines, or moving the site to defaulthost in apache and accessing it by IP, he wants somedomain.example to resolve to an internal address 19:48 < lupine> mm, /etc/hosts would be easiest for that 19:48 < lupine> or even just setting the SNI or Host: header directly if you can get away with it 19:50 < jsync> Well, I have, for an example, /var/www/osvl.org & it's accessible on the machine that has the apache2 software running, though it's not accessible on the other couple of machines connected to the router LAN ports. 19:51 < shtrb|laptop> man /etc/hosts 19:51 < shtrb|laptop> how many times do we need to repeat that ? 19:51 < shtrb|laptop> man hosts (actually ) :-( 19:51 < jsync> In /etc/hosts I have 192.168.x.x osvl.org listed. 19:51 < jsync> That didn't fix my problem. 19:52 < shtrb|laptop> now , go to each machine and add that line 19:52 < shtrb|laptop> no need for DNS server anymore 19:52 < jsync> Oh really?! 19:52 < jsync> I didn't realize that's what you meant. 19:52 < shtrb|laptop> I don't know if you are joking or seruis 19:52 < shtrb|laptop> the same could had been done on your router (to that that only once) 19:52 < jsync> That doesn't make sense to me. Why do I need to put that in the /etc/hosts files of the other machines? How will that help? 19:53 < shtrb|laptop> /etc/hosts is read by the OS to resolve BEFORE accessing /etc/resolv.conf for the DNS servers 19:54 < shtrb|laptop> Each machine will be able to resolve it later (assuming your apache is listening on an accisable interface) 19:55 < jsync> Do I list the 192.168.x.x address of the machine that has the apache software within each of the hosts files? 19:56 < detha> yes 19:56 < shtrb|laptop> do it on the router once 19:56 < jsync> For an example, if the machine that has the apache software & site is 192.168.1.66 & the other couple of machines use a separate address, do I list the 192.168.1.66 address within each of the separate machines? 19:56 < shtrb|laptop> YES 19:57 < shtrb|laptop> or you set it up once in the router .... 19:57 < jsync> OK. OK. Maybe that will fix this situation. 19:57 < jsync> Once in the router? Via the GUI? 19:57 < Janos> detha, yup, the ip was been explicitly rejected on the ruleset, thanks 19:58 < detha> Janos: you're welcome. Now to find out who hates google, and has access to that ruleset ;) 20:00 < Janos> detha, that is indeed the next step ... 20:04 < jsync> Where within the router GUI would I set that? 20:05 < jsync> The machine that has the apache software running is using a static address. Not dhcp. Maybe that's part of the problem? 20:06 < jsync> Within the NAT/Gaming section, I can select "Apache", though the device that has the apache software is not listed because it's using a static address. 20:18 < jsync> OK. I just listed 192.168.x.x osvl.org with address of the server machine into the /etc/hosts files of the other couple of machines & now osvl.org is accessible within those other machines. 20:19 < jsync> Thanks for the help. :) 20:39 < drudge`> some of those soho's cost as much as a grey market cisco with more capabilities 20:39 < drudge`> oh woa, im way scrolled up 20:39 < drudge`> nvm me here, lol 20:45 < jsync> I copied the debian repository files to /var/www/ & I did a2ensite, though my config had /public_html/ within it & the apache server returned error. I replaced the /public_html/ with /debian/ & the apache software still returns error & fails to start the server. 20:47 < jsync> The specific name I used is ftp.mirror.debian.org 20:48 < jsync> So, in the line that had /public_html/ I have /www/ftp.mirror.debian.org/debian/ 20:49 < jsync> That's the "DocumentRoot" line in the ftp.mirror.debian.org.conf file. 20:59 < CuriousMind> Hi. I am here because I have networking questions 21:01 < CuriousMind> I am doing research on ARP and I read something that says that ARP is a protocol used by the Internet Protocol. So protocols are sometimes dependent on other protocols? 21:03 < bezaban> many protocols are layered 21:03 < bezaban> or stacks have layers of protocols 21:06 < CuriousMind> bezaban: That is what I don't quite understand. When I read 'layered' or 'stacks', I get the impression that certain protocols operate at more than one layer, but I don't think that this is what you mean 21:06 <+catphish> CuriousMind: many protocols are either stacked on top of each other, or as in the case of IP and ARP, side by side but with one depending on the other 21:07 <+catphish> in a similar way, HTTP depends on DNS to do its name lookups 21:07 < CuriousMind> catphish: I see 21:07 <+catphish> you don't *have* to use DNS, or ARP, but they make things much much simpler 21:08 < CuriousMind> catphish: I don't get it. Why wouldn't you use DNS or ARP? What else could I use to accomplish whatever I would accomplish using DNS or ARP? 21:09 < CuriousMind> catphish: What does 'protocols are stacked on top of each other' mean? 21:09 <+catphish> CuriousMind: you would always use them, because the only other option is entering addresses manually 21:09 <+catphish> for example IP is usually on top of ethernet 21:10 <+catphish> TCP is on top of IP 21:10 < CuriousMind> catphish: catphish: Enter addresses manually where? In configuration files on your computer? 21:10 <+catphish> you can't use the upper protocol without the lower one 21:10 <+catphish> CuriousMind: in the case of HTTP and DNS, you can enter an IP address directly into a browser, or you could configure the hostnames in a file 21:11 <+catphish> with ARP, you can run commands to set up the mapping of IP addresses to MAC addresses, but you would very very rarely ever do so manually 21:11 < CuriousMind> catphish: Hold on, I am trying to make sense out of this. What you are saying is good 21:12 <+catphish> the point i am making is that some protocols use other protocols for convenience, but are not strictly dependent on them 21:12 <+catphish> in other cases, one protocol is encapsulated inside another, and as a consequence, it is 100% dependent 21:13 < Phil-Work> not entirely dependant as the lower layers can usually be swapped for something else without the higher layers caring 21:13 < CuriousMind> catphish: Ah I see 21:13 < Phil-Work> rarely is a protocol entirely dependant on the protocols below it 21:14 <+catphish> that's true, they are often interchangeable, though not always 21:14 < Phil-Work> TLS and DTLS being examples of those which do depend on what's below to a certain extent 21:14 < CuriousMind> catphish: 'IP is usually on top of ethernet' which means that IP is higher than Ethernet because IP is the network layer (layer 4) while Ethernet is Physical/Data link layer (layer 1 & 2). Am I understanding the context? 21:14 <+catphish> as an example, DNS almost always requires UDP, but it can also be used on TCP, and could theoretically be used on any other layer4 protocol 21:15 <+catphish> IP is network layer, i'd call that layer *3*, but yes 21:15 < Phil-Work> likewise Ethernet is layer 2, not 1 21:16 <+catphish> Phil-Work: it's both 21:16 < CuriousMind> What you guys are saying is good. I am trying to kind of conceptualize this in my head and understand 21:16 < Phil-Work> though layer 1 protocols such as Base1000T are specifically designed for carrying Ethernet over twisted pair 21:16 <+catphish> ethernet defines both layer 1 and layer 2 21:16 < Phil-Work> the OSI model works well, until you think about it too hard - then it breaks 21:17 < bezaban> like most models :) 21:17 < CuriousMind> lol 21:17 <+catphish> the model is actually pretty good, some protocols don't fit perfectly into it though 21:17 < Phil-Work> right 21:17 < Phil-Work> like GRE 21:18 <+catphish> pretty much any VPN 21:18 < Phil-Work> it's a layer 4 protocol that can carry layer 2 21:18 <+catphish> VPNs break the model, and people get confused about arp, an application that sits directly on top of layer2 21:19 < Phil-Work> likewise ICMP 21:19 < Phil-Work> which stops somewhere around layer 4 21:19 < CuriousMind> I know that a protocol is a set of communication rules for carrying out data. Besides from the theory, an actual protocol is programming instructions which are a standard across the entire Internet right? All the browsers, network devices, etc are embedded with the same instructions in order for things to work properly. Am I correct? 21:20 < Phil-Work> CuriousMind, in terms of the widely used protocols, sure 21:20 <+catphish> CuriousMind: a protocol is a description of how to communicate, like a language 21:20 < Phil-Work> at layer 7, pretty much anything goes... as long as two or more things understand the same protocol 21:21 <+catphish> as long as both ends know how to speak the same protocol, they can communicate 21:21 < Apachez> Phil-Work: you use 1000base over fiber too 21:21 < CuriousMind> Phil-Work: Oh right because certain companies and stuff develop their own protocols right? Like I know microsoft develop its own protocol and it runs on a certain specialized port. Am I correct? 21:21 < Phil-Work> Apachez, not 1000baseT 21:21 < Phil-Work> but yes 21:21 <+catphish> Apachez: those different layer1 protocols are all part of "ethernet" 21:21 < Apachez> well that T is the physical medium 21:22 < Apachez> T, FX, SX, LX, LH, ER, ZR, ZX 21:22 < Phil-Work> this is where I'm a bit hazy 21:22 < Apachez> whatelse 21:22 < Apachez> dunno what they call those 250km singlemode interfaces nowadays 21:22 < Apachez> since 80km is Zx 21:22 < Apachez> 40km is Ex 21:22 < Apachez> and 10-20 is Lx 21:22 < Phil-Work> I imagine that 1000baseT is quite significantly different to 1000baseSX given it's got 8 conductors vs 2 21:22 < Apachez> to fuck things up there is also Lx at 2km 21:23 < Phil-Work> I realise I just called fibre a conductor :D 21:23 < Apachez> SX is fiber so not many conductors in the way you think 21:23 < Apachez> multimode 21:23 < Apachez> LX is singlemode 21:23 < spaces> Apachez how are the meatballs doing ? 21:23 < Apachez> spaces: well done 21:23 <+catphish> those protocols specify the physical medium, and also the encoding 21:24 <+catphish> 1000BaseT is literally magic 21:24 < spaces> Apachez good 21:24 < spaces> catphish why that ? 21:24 < Phil-Work> indeed - but my understanding is that the protocols must be quite significantly different given the difference in medium 21:24 <+catphish> spaces: because it uses the same wire to transmit in both directions at the same time 21:24 < Apachez> there is 1000baseTX too 21:24 < Apachez> only 4 lines out of 8 21:25 < Phil-Work> though I guess 100baseT only has 1 TX and RX so it's probably not too different from how you signal over fibre 21:25 <+catphish> 1000baseTX never really came to be a thing 21:25 < Phil-Work> as I said, hazy - mostly due to Wireshark not telling me much about that part 21:25 <+catphish> Phil-Work: i think they're quite similar apart from 1000BaseT 21:25 < Apachez> which is bad since I liked those Y-cables you can use on 100Mbps networks 21:25 < Apachez> to put 2 physical pairs of cables over a single cable 21:26 < CuriousMind> Phil-Work: 'rarely is a protocol entirely dependant on the protocols below it' Is this because some/most protocols are were designed in a way which enables them to pretty much accomplish whatever they need to accomplish. Am I right? 21:26 < Phil-Work> wait, how does 1000BaseT duplex on the same wire? 21:26 < Phil-Work> different frequencies? 21:26 < grawity> Phil-Work: something to do with echo-cancellation 21:26 < grawity> or, well 21:26 < grawity> it subtracts what it knows it's sending, iirc 21:26 <+catphish> CuriousMind: protocols are designed to be agnostic of the way they're carried 21:27 <+catphish> CuriousMind: it means lower protocols can be upgraded later 21:27 < Phil-Work> except SIP 21:27 < Phil-Work> which is a shitshow 21:27 <+catphish> for example, IP will work over Ethernet, but would work over a future replacement for ethernet too 21:28 < Phil-Work> grawity, I'll leave it as "physics, innit." and be done with it 21:28 < CuriousMind> Real life applications please? 21:28 < spaces> catphish you mean half Duplex ? 21:28 <+catphish> spaces: what? 21:29 < CuriousMind> Yeah I'm lost lol. I get what you guys are saying kind of but not really 21:29 < spaces> catphish you say the same wire 21:29 <+catphish> spaces: what else did i say in that same sentence? 21:29 < spaces> catphish mhh indeed, I never seen that anywhere 21:30 <+catphish> right, it's magic 21:30 < spaces> catphish why are you confising ? confused because of the Brexit you are in ? :P 21:30 < Phil-Work> I guess it's not too different to Ethernet over Powerline 21:30 < Phil-Work> or duplex fibre circuits on a single fibre 21:30 * spaces had to make that stament because it's too easy 21:30 <+catphish> spaces: yes, brexit is very confusing 21:31 < spaces> I used 1G halfduplex in a situation where I was not able to get 2 cables from room to toom 21:31 < spaces> room 21:31 < GenteelBen> Half-duplex? 21:31 < GenteelBen> First time I've heard of that being used in the real world in like...10 years. 21:31 < spaces> catphish we will let the hat go around, don't let go mate! 21:31 < GenteelBen> Come on, spaces, we're all full-duplex now, get on the trolley. 21:32 < spaces> GenteelBen that was 12 years ago 21:32 < GenteelBen> Oh. 21:32 < GenteelBen> Why'd you use half-duplex? No money for an unmanaged switch? 21:32 <+catphish> i don't think there is any 1G half duplex 21:32 < GenteelBen> I remember at my first work they used to call them "splitters" 21:33 < GenteelBen> And nobody knew why they worked. 21:33 < spaces> GenteelBen no I needed to have 2 wallmounts but I was able to get 1 cable to each room. I needed to go through everywhere... 21:33 < GenteelBen> They were tiny two-port Ethernet hubs, basically. 21:33 < Phil-Work> they worked on 100BaseT because it only used 4 of 8 wires 21:33 < GenteelBen> This is crazy. 21:33 <+catphish> yeah, it's simple on 10/100, because those protocols only use 4 pairs 21:33 < grawity> Phil-Work: powerline isn't full-duplex, is it? 21:33 <+catphish> *2 pairs 21:33 < Phil-Work> *2 pairs 21:33 < GenteelBen> It's time to invest in a 100GbE backbone for your house, catphish. 21:33 < Phil-Work> ;) 21:34 < Phil-Work> grawity, not a clue 21:34 < GenteelBen> It must be. 21:34 < Phil-Work> that's always felt like magic too 21:34 < GenteelBen> Surely??11 21:34 <+catphish> GenteelBen: i'll focus on trying to get the best upload speed i can on my WAN for now 21:34 < grawity> iirc it's a cross between wifi and csma ethernet 21:34 < Phil-Work> shoving Ethernet on a wire with 240V on it always seemed a bit sketchy to me 21:34 < grawity> and duplex fibre just uses different colors 21:35 <+catphish> Phil-Work: once you learn about isolation, these things get less scary 21:36 < grawity> Phil-Work: have you seen live-line workers directly fixing megavolt overhead lines 21:36 < Phil-Work> catphish, also once you learn the bits not to lick? 21:36 < Phil-Work> grawity, fucking nut jobs 21:36 < Phil-Work> with really big gloves 21:36 <+catphish> lol 21:37 < Phil-Work> I don't mind working on mains, but never live 21:37 < grawity> nah, instead of isolating from the line, they isolate from ground 21:37 < grawity> it's the potential difference or something that has the... potential to kill 21:37 < Phil-Work> I'm sure you get used to it, but you're placing a lot of trust in the kit 21:38 <+catphish> Phil-Work: same with any device connected to the mains :) 21:38 < Phil-Work> catphish, at 240v - sure 21:38 <+catphish> my laptop is connected to the mains, i trust the power supply a lot to isolate me 21:38 < CuriousMind> catphish: 'in a similar way, HTTP depends on DNS to do its name lookups'. Is the DNS protocol encapsulated in the HTTP protocol? In the HTTP protocol is some code that says if client doesn't have IP address of the host that it requested, then check ARP table for resolver server? Do I understand or not really? 21:38 < Phil-Work> I've been shocked more times than I can count 21:39 < Phil-Work> RCD trips, I swear a bit 21:39 <+catphish> CuriousMind: go read about how each of those protocols work 21:39 < grawity> CuriousMind: not at all 21:39 < CuriousMind> catphish: ok 21:39 <+catphish> i've never been shocked, i've never worked on live mains voltage 21:39 <+catphish> i simply turn it off 21:39 < grawity> (also HTTP doesn't give a fuck whether you're using DNS or not, as long as it resolves) 21:40 < Phil-Work> likewise, but I've brushed against wires I've left hanging out the wall ready for plastering before which had to be turned on to put power back to the rest of the circuit 21:40 <+catphish> yeah i wouldn't do that :) 21:41 < Phil-Work> RCDs are a godsend 21:41 <+catphish> indeed 21:41 <+catphish> although 35mA is gonna hurt 21:41 < Phil-Work> sure - you know you've touched it 21:41 < Phil-Work> but 32A is going to hurt a bit more 21:42 <+catphish> plus whatever current if you touch both :) 21:42 <+catphish> but yeah, i believe RCDs are awesome 21:43 < Phil-Work> fitted a fan isolator at the weekend on a new bathroom I'm doing at home - ended up putting the plate screw through the switched live and the neutral 21:43 < Phil-Work> that made one hell of a bang, even on a 6A breaker 21:44 <+catphish> i did that last year, caught a live wire in a screw to earth 21:44 < Phil-Work> earth isn't too bad as the RCD trips 21:44 <+catphish> made a nice black streak across the back of the back box 21:45 <+catphish> iirc the 30A breaker and RCD both went 21:46 < Phil-Work> feasible, I guess, with a decent path to earth 21:46 < Phil-Work> you'd get the full 30A to earth before the 30ms RCD trips off 21:47 <+catphish> i'd think so, depending on the quality of the wiring 21:47 <+catphish> it was only a few m from the panel 21:48 <+catphish> good thing the back box was earthed properly 21:49 < Phil-Work> deep fried catphish 21:49 <+catphish> i think modern sockets earth the screw holes anyway 21:49 < Phil-Work> I'd think so, though the screw isn't exactly tight in there when you're screwing it in so it'd arc to earth at best 21:50 <+catphish> Phil-Work: see above regarding not working on live circuits :) 21:50 < Phil-Work> oh, yeh - that 21:50 <+catphish> this was after i was done, when i turned it back on 21:50 < Phil-Work> fair point 21:50 <+catphish> so it had good contact 21:50 < Apachez> you turned a black on it ? 21:51 < Phil-Work> in other news, why am I still here 21:51 < Phil-Work> not done an ounce of work in the last 3 hours 21:52 <+catphish> go home :) 21:53 < Shiraz_> hello . can someone help me factory reset an allied telesis AT-FS750/16 switch ? i don't have the credentials for the management interface 21:54 < Shiraz_> it doesn't have a reset button . i checked it . also , now i opened the case and loocked on the PCB 21:54 < Shiraz_> i don't see any reset switch !!! wtf is this shit ? 21:56 <+catphish> does it have a serial port? 21:56 <+catphish> usually you'd interrupt the boot process on the serial port 21:56 < Shiraz_> it has a null-modem port but i don't have a serial port on my PC lol 21:57 <+catphish> also, seriously, mind your language 21:57 <+catphish> Shiraz_: get a serial cable, interrupt the boot process, reset it 21:57 < Shiraz_> catphish ok sorry 21:57 < Shiraz_> but i don't have a serial port on my pc 21:58 <+catphish> you can get usb to serial cables 21:58 < Shiraz_> i searched but only found null-modem mother to null-modem mother 21:58 < Shiraz_> female i mean 21:59 < Shiraz_> i see there are som GPIO pins on the motherboard ( PCB of the switch ) 22:00 < Shiraz_> maybe i must connect some of those pins in order to reset it 22:00 < tds> it sounds like it'll have a web interface, if you don't have a serial port/cable handy you may be able to figure out what IP it's assigned and get to that to reset it 22:04 <+catphish> https://www.ebay.co.uk/itm/Serial-DB9-9-Pin-RS232-RS-232-to-USB-Adaptor-Convertor-Cable-Lead-Wire/292533987628?epid=2222868346&hash=item441c62692c:g:QVYAAOSwYUBa3M68 22:04 <+catphish> or similar 22:07 < tds> I like the system requirements there ;) 22:11 < Shiraz_> catphish thanks that whoud fit perfecty but unfortunatelly i couldn't find it locally . 22:11 <+catphish> Shiraz_: order from china 22:12 < Shiraz_> yea , maybe i'll do it unless i throwit out the window first 22:12 <+catphish> it's very unlikely there's any other way to get into it 22:13 < tds> if you're very bored and have nothing better to do then it might be worth trying a web/telnet interface, otherwise yeah, I'd just wait for a usb-serial cable to arrive 22:14 < Shiraz_> tds i tryed but the previous owner changed it's default credentials 22:18 <+catphish> telnet is no use without the credentials 22:22 < kuahara> Looking at a county government office that has an AT&T provided inside router that does everything a router usually does: routing, nat, the whole 9 yards. They connect it to another inside router doing all the same things. The primary subnet is behind the 2nd router. 22:22 < kuahara> I tell my boss this isn't normal. "yes, it is, we do that everywhere". 22:23 <+xand> more routers = more better 22:23 < kuahara> a tracert from the inside to the outside showed both devices before I got a hop with a public IP and they can't figure out why their VPN isn't working. 22:24 < kuahara> but clearly I don't know what I'm talking about 22:24 < kuahara> sorry, I know this isn't #venting 22:28 < E1ephant> what if you add one more router 22:28 < E1ephant> I think it's even numbers of routers that is broken 22:28 < kuahara> Triple nat? epic 22:28 < E1ephant> so an odd number of 3 will work great 22:30 < kuahara> I suggested having the ISP just provide a modem only. "no, they don't need to do that. I'll go look at it again" (you do that) Told him we're on fiber and I go directly from the ONT into the sonicwall, absolutely no need for a 2nd gateway. 22:30 < ||cw> kuahara: is pretty normal, actually 22:30 < E1ephant> normal for who? 22:30 < ||cw> lol good luck on having the ISP do anything special for you 22:31 < kuahara> He's describing the situation that home users are often in. 22:31 < ||cw> E1ephant: normal for DSL and cable 22:31 < Apachez> ONT... 22:31 < Apachez> poor bastard 22:31 < kuahara> ||cw even at home on cable, I purchased a modem only and use a separate router. I hate those combination modem, but also a router, but also has 4 switchports demonic devices that shouldn't exist. 22:32 < Apachez> ||cw: not that hard when you speak to ISPs who 1) knows what you are doing 2) you are an enterprise customer 22:32 < ||cw> our canada branch office is that way and there's no other option. they don't offer a modem, only the combined device 22:32 < kuahara> turn off routing 22:32 < ||cw> kuahara: home cable you can do that, business cable not usually. and business DSL, flat no 22:32 < ||cw> not an option 22:32 < kuahara> I have not had your experience with business internet at all 22:33 < E1ephant> for dsl you can use your own modem for almost anything, and cable provider that doesn't have a modem-only option? kinda weird get a surfboard, have it pretend to be a sb+router model. 22:33 < kuahara> We work with roughly 70 county government offices in Texas and with nearly all of them, this is not a problem. 22:33 < E1ephant> ? even 22:33 < ||cw> like it literally does not have that option. it is set to forward all to my pfsense though 22:33 < kuahara> E1ephant surfboard modem only, no need for the combo demon 22:33 < E1ephant> lol is alpheous and windstream in your portfolio? 22:34 < E1ephant> if so ouch :( 22:34 < Maarten> Most cable providers you can have a cablemodem only..... the bigger ones like Spectrum and Comcast you can just buy your own and have it activated. Don't know about smaller ones. 22:34 < ||cw> kuahara: nice to know ISPs in TX are sane. that's an out-lier. 22:34 < kuahara> If I ever had an ISP tell me I couldn't use my own equipment, I'd tell them they aren't my ISP anymore. 22:34 < ||cw> Maarten: not with business cable on charter, they want to "manage" it. 22:35 < ||cw> doing your own means you're basically on home-level support 22:35 < Apachez> how would they otherwise be able to fill the logservers that NSA put out in their networks? 22:35 < E1ephant> yeah so buy their fiber product 22:35 < E1ephant> don't have that issue :) 22:35 < kuahara> So use them for internet service, but they tell you how you'll use that internet because they manage a device in your house for you; regardless of what you want? no thanks. 22:36 < ||cw> E1ephant: I wish we could get anything but dsl at the canada branch. 22:36 < tds> catphish/Shiraz_: oops, sorry, I completely missed in the first message that you didn't have the credentials 22:36 < kuahara> ||cw, even if you're forced into that mess, that's still far from normal. 22:36 < Maarten> ||cw, yeah.... well, of course cable is a cheap business solution (which is why so many use it for smaller satellite offices) but if you are a serious business with serious internet needs, you would just get a dedicated fiber link. (Also, we have a 1 Gbit/s fiber link from Spectrum that doesn't have that problem. They just give you an ethernet port that you can connect to anything you want). 22:36 < ||cw> kuahara: not house, business. with an SLA 22:37 < ||cw> Maarten: our main office is fiber. I get an either-net cable out of their IAD and I do what i want with it. 22:37 < kuahara> oddly enough, the county office I'm in charge of doesn't have an SLA yet. We have 100 up, 100 down fiber, but the ISP here only just started selling it a year ago and still hasn't dolled out SLAs for business. That said, they treat us exactly like we have one. 22:38 < ||cw> but the IAD is still a router that I don't have any control over. it's set setup "enterprise" so it routes a public block 22:39 < kuahara> They treat us like we have a 100% uptime guarantee and if I call about anything, they're here immediately; even when the issue doesn't call for an onsite tech. 22:39 < ||cw> and it cost about 6 times what my home connection costs, for 1/3 the download but better upload 22:40 < kuahara> well, yea. that extra cost is for the SLA, not the technology. 22:40 < E1ephant> probably more like a NID 22:40 < E1ephant> than a router 22:40 < E1ephant> but yeah, using real gear is optimal to just commodity cable. 22:40 < ||cw> kuahara: none of that changes that it's pretty common to have a router you have litter or no choice over and a better router behind it. 22:41 < ||cw> E1ephant: IAD as it supports a voice PRI as well. 22:41 < E1ephant> the router bit isn't weird at all 22:41 < E1ephant> I think it's the NAT 22:41 < kuahara> I don't think that's pretty common in business. Sory. I disagree. 22:41 < kuahara> Sorry* 22:41 < E1ephant> which, yeah the device can then passthrough if all else no? 22:42 < ||cw> yeah, passthru is enabled. 22:43 < ||cw> E1ephant: the IAD on my fiber has an IP address that i use as my gateway, it is a router. 22:45 < kuahara> More normal, even for home, especially with AT&T is that company responsiblity ends at a demarc inside the NID. AT&T is responsible everything up to and into it, customer is responsible for the side that goes out and into the home. 22:46 < kuahara> that said, *I* own the equipment. I am not leasing theirs. I expect a public IP assigned to the outside interface of equipment they don't own. It's usually never an issue. 23:05 * L3gacy shimmies across the DC floor 23:05 < djph> kuahara: AT&T (residential) is a bit sucky, you "have to" use their gateway (even if it's just in "shutup you, just be a modem" mode) 23:07 < linux_probe> lol 23:22 < Psi-Jack> djph: That, and do they still use those insecure routers? 23:22 < Psi-Jack> What was that brand.... 23:22 < djph> Psi-Jack: IDK, I have a ... whatsit Pace? 23:23 < Psi-Jack> PACE is one... But not what they used for me a couple years ago. 23:23 < Psi-Jack> The one I had was vulnerable to the rotating key hack. 23:23 < djph> ... it's over there doing "fuck off, and be a good little modem", while I continually whine at AT&T that they need to stop pissing around and let me use my own kit 23:25 < phinxy> What are the modules that slide in to server-racks called? More specifically how are multiple hard drives connected? 23:25 < Maarten> I managed to bypass my AT&T gateway and connect directly to the ONT. That doesn't work with the copper vdsl variety though..... 23:25 < Psi-Jack> Hmm, now I don't rememebr, was big in the news a while back. 23:25 < xamithan> modules for hard-drives ? what? 23:25 < Psi-Jack> But AT&T doesn't even list that brand on their DSL routers compatability list, or anything. 23:26 < Psi-Jack> Arris! 23:26 < Psi-Jack> The short time I had AT&T DSL, they gave me an Arris DSL modem. heh 23:26 < Psi-Jack> Was reliable, mostly, but vulnerable (tested and confirmed, and AT&T denied it) 23:27 < djph> sounds about right for any big company :) 23:27 < xamithan> Does it matter, I still see people using WEP 23:27 < djph> yeah, you can apparently connect to the ONT, but I haven't really checked it out 23:28 < djph> right now, it works, so why screw with it. 23:30 < E1ephant> ||cw: you're SURE the IP lives there, and not upstream actually on an MTU or PE? 23:30 < ||cw> ¯\_(ツ)_/¯ 23:30 < Maarten> I got a Ubiquity USG connected directly to the ONT.... works great, HOWEVER I can't get IPv6 to work reliably, so there is that. Apparantly Ubiquiti's IPv6 implementation is still buggy, and you need a custom GUID file for AT&T, so manual hacking involved. Since I didn't need IPv6 right away, I put that on the backburner. But the connection runs super smooth and shaved another 1 or 2ms off of the connection in latency. --- Log closed Tue May 15 00:00:20 2018