--- Log opened Sat May 26 00:00:33 2018 00:10 < squealingcode> Does AOC require any special cables to connect two hosts, or can the same cables be used both between hosts and switches? 00:11 < squealingcode> Or does the network cards has to be put into any specific mode for it to work? 01:04 < ouemt> do these seem like high failure rates for dns queries? https://paste.fedoraproject.org/paste/xrJy2DVF1ggUKZAdReu39A 01:39 < Apachez> depends on what "failed" means? 01:39 < Apachez> when you get a NXDOMAIN in return from the server is that a fail? 01:47 < ldiamond_> What are the different ways/software to bypass internet access restriction on wifi 01:49 < ldiamond_> I could run a proxy on a server and use another protocol to get through the restrictions to my proxy which then goes to the internet 01:54 < ldiamond_> I wonder if ping tunnel would work 02:04 < wrenny> No matter what I try I can't get dnsfiltering to work on my Asus RT-AC56U router. Any suggestions? 02:23 < Apachez> yes, dont use dnsfiltering on homerouters 02:26 < Apachez> gdpr: https://scontent-arn2-1.xx.fbcdn.net/v/t1.0-9/33540579_447931165665492_1985186488970641408_n.jpg?_nc_cat=0&oh=39469fe4f602eaed60e03c612b45ce55&oe=5BBD0736 02:27 < wrenny> yea well I see no filtering at all using it 04:11 < wrenny> what's the difference when entering dns numbers into the router. There are 2 areas. One in Wan and one in LAN DHCP Tab? 04:30 < xamithan> I would assume one is for the WAN and one is for the LAN clients 04:36 < unsecur3d> who's good with sonicwall vpn's ? i got a vpn setup and once i connect i cant get to the internet from my pc only the pc's in the server which i can rdp to, i tried split tunnel for the config and no bueno, any ideas ? 05:06 < zeldafan78> If I know somebody's name and e-mail address, should I be sending the e-mail to "John Doe " instead of just to "an@email.address"? Is that good/bad somehow? 05:12 < phogg> zeldafan78: it's literally the same 05:13 < phogg> zeldafan78: the RFC allows that form so you can apply an arbitrary label to an address but only the email address part is used by mail software 05:15 < phogg> zeldafan78: see https://tools.ietf.org/html/rfc2822#section-3.4 05:17 < phogg> although I guess technically 5322 is correct now 05:19 < phogg> zeldafan78: this is the pertinent bit "Normally, a mailbox is composed of two parts: (1) an optional display name that indicates the name of the recipient (which can be a person or a system) that could be displayed to the user of a mail application, and (2) an addr-spec address enclosed in angle brackets ("<" and ">"). There is an alternate simple form of a mailbox where the addr-spec address appears alone, without the recipient's name or 05:19 < phogg> the angle brackets." 05:46 < redrabbit> is idrive.com any good 05:46 < redrabbit> i need to backup about 2tb offsite 05:47 < redrabbit> from a nas 06:05 < zeldafan78> phogg: Hmm. Thanks. I thought it was used. 06:19 < r0n0x> hey, anyone know what changed with the recent windows update? 06:19 < r0n0x> tinywall doesnt run, or install anymore 06:20 < r0n0x> when i loaded up after the update was applied, it said there was a certificate issue with tinywall so i uninstalled and reinstalled, but, the installer doesnt ever finish 08:10 < sarthak> Hello. I was reading through "Computer Networks: A top down approach" and I came across this line: "Let’s now consider the general case of sending one packet from source to destination over a path consisting of N links each of rate R (thus, there are N-1 routers between source and destination)." I am pretty confused about how the number of routers is "N-1". Thank you. 08:13 < Harlock> if you have host-link-router-link-host does the math work? 08:13 < kerframil> sarthak: consider two peers, A and C. now imagine that B is in the path between them, so A has a link to B and B has a link to C. that's two links, and there is one router (B). 08:15 < sarthak> kerframil: Thanks :D 08:15 < sarthak> Harlock: thanks :D 08:15 < sarthak> I was confused what it meant by "N links". It's clear now. 08:17 < Harlock> N is a number 09:24 < drathir> mornin/evenin... 09:26 < Maarten> night 10:05 < Guest36446> Hi. I'm sure this is a basic question, but how do I find the router configuration page (usually 192.168.0.1 or so) on my local network? I'm connected to it via WiFi if that matters. 10:05 < superlinux> hello. ping from router to phone exceeds a 2 seconds. is that normal? i think it's not. I have DLink DIR-890L running ddwrt. and I am just asking from networking point of view only. 10:14 < Tegu> BlueShark: Try the gateway address (use command "ip route" or "netstat -rn" or something) 10:15 < BlueShark> Tegu, netstat -rn returns this: 10:15 < BlueShark> Destination Gateway Genmask Flags MSS Window irtt Iface 10:15 < BlueShark> 0.0.0.0 192.168.43.1 0.0.0.0 UG 0 0 0 wlp2s0 10:16 < kerframil> try http://192.168.43.1 then 10:16 < Tegu> yea, try that 192.. one 10:20 < BlueShark> ip route output: http://ix.io/1brf, netstat -rn output: http://ix.io/1brh 10:20 < BlueShark> kerframil, * Failed to connect to 192.168.43.1 port 80: Connection refused 10:22 < kerframil> the management interface may be bound to a different port (try https too). it may not even be bound to that interface at all, or access to it may be filtered. 10:23 < BlueShark> kerframil, management interface? there's just one router and multiple devices connected to it. I don't understand what you mean by managment interace? 10:23 < Tegu> BlueShark: what's the router model? 10:24 < kerframil> BlueShark: to be clear, the service that exposes a management interface, as accessed using the HTTP protocol 10:25 < BlueShark> Tegu, I'm not sure which one it is :( 10:26 < BlueShark> kerframil, okay, understood. 10:26 < longxia> BlueShark: do you have physical access to the router? 10:28 < BlueShark> longxia, no, I don't. 10:30 < longxia> BlueShark: in that case, do you own the router? 10:32 < Byteflux> I know this is probably the wrong place to ask, but I think there is a lot of overlap in expertise here, so I'll ask: Is Tomato affected by VPNFilter? 10:53 < superlinux> hello. ping from router to phone exceeds a 2 seconds. is that normal? i think it's not. I have DLink DIR-890L running ddwrt. and I am just asking from networking point of view only. 10:54 < superlinux> what do you think I should do about it? 10:56 < drathir> superlinux: why isnt that normal? 10:56 < superlinux> because it should be as far as I know below half a sec 10:56 < drathir> superlinux: 2ms probably not 2s i suppose typo there... 10:57 < superlinux> no no! I am serious. 10:57 < superlinux> and I get intermittent wifi connection 10:57 < superlinux> it did not used to happen before 10:58 < drathir> superlinux: lol that odd than keep running mtr maybe check if continious that high one... 10:59 < superlinux> 64 bytes from 192.168.4.100: seq=0 ttl=64 time=5447.455 ms 10:59 < superlinux> 64 bytes from 192.168.4.100: seq=1 ttl=64 time=4446.488 ms 10:59 < superlinux> see? 10:59 < superlinux> and then .. 10:59 < drathir> superlinux: ping gateway... 11:00 < superlinux> gateway is cool and fine 11:00 < drathir> superlinux: check if not any multicast in network too... try to switch wifi channels... 11:01 < superlinux> I am pinging to 192.168.4.100 (my phone ) from inside the body of router 11:01 < TBJoe> Hey guys. I got some questions concerning double NAT. First does Carrier Grade NAT + NAT on the home router count as double NAT already? I mean will this second NAT at home cause additional problems in contrast to using NAT with a "real" IP (no Carrier Grade NAT)? 11:02 < drathir> TBJoe: if possible to just bridge isp... 11:03 < drathir> superlinux: make also sure there no colide ip in network... 11:03 < TBJoe> drathir: It's not always possible but that's not even my question :) I mean I am not having this particular problem, I'm just thinking about this problem for educational purposes 11:05 < detha> TBJoe: I would count it as single NAT. You go from some internal address to the ISP's external address 11:07 < superlinux> ok gtg.. bye .. thanks drathir 11:07 < drathir> TBJoe: in theory as long as You control routers thee souldnt be problem with port forwarding... 11:08 < detha> drathir: ehm? CGNAT maps multiple customers onto one outgoing IP, under control of the ISP. No port forwarding in that scenario. 11:08 < drathir> detha: at user point of view yep that single nat from world point of view that for sure multiple nats... 11:09 < drathir> detha: if user get own ip thats rare mostly isp pack ppl ayt one ip... 11:11 < detha> drathir: not really. CGNAT does this. 'Normal' NAT used to be multiple devices behind one IP from a pool, but still taking one IP per customer from that pool. 11:26 < drathir> detha: hmmm that mean cgnat always require static/dynamic ip per user? 11:27 < drathir> detha: but that normal nat pool mostly is private or isp reserved range? 11:28 < skyroveRR> CGNAT IP range. 100.something.something.something, drathir 11:28 < detha> drathir: with CGNAT you take 100.64/12, give each user on address from that, and pack 10 or 16 users in a range of ports on one external pool IP. Then carry on doing PAT as per ususal 11:28 < skyroveRR> detha: 1:16? 11:29 < skyroveRR> I thought it must be more. Here at least, it's more :) 11:29 < detha> skyroveRR: depends on the ISP - there are ~ 65000 ports. With 1:16 each user still has 4000 concurrent connections 11:30 < detha> You can pack it denser, but then you get the torrenting users complaining about things not working any more 11:30 < skyroveRR> hah. 11:35 < drathir> skyroveRR: but that still isnt a public ip... 11:38 < skyroveRR> drathir: of course it isn't. 12:50 < test1337> oi 13:02 < skyroveRR> wut 13:10 < test1337> w00t 13:57 < skyroveRR> Hola ^7heo 16:57 < moji> hi all 17:05 < tds> hello moji 18:39 < Atro> Networking backups as of 2018 make me sad 19:06 < Aleksandar86> is this channel alive? 19:07 < Aleksandar86> somebody here who can help me with VLANs and subnets 19:07 < SwedeMike> sometimes. 19:07 < Atro> usually 19:07 < Atro> ask thy question 19:07 < SwedeMike> state your question and see if someone bites. 19:09 < Aleksandar86> I must create 5 VLANs in router. VLAN1 is static 192.168.0.10 - 192.168.9.254, VLAN2 192.168.10.1-192.168.19.254, VLAN3 192.168.30.1-192.168.39.254 19:09 < Aleksandar86> i try with 192.168.0.0/16 19:10 < Aleksandar86> some example please 19:10 < SwedeMike> Aleksandar86: who decided on those IP address ranges? 19:11 < SwedeMike> Aleksandar86: because there is no netmask that will work with those chosen values. 19:11 < Aleksandar86> give me help with another mask 19:11 < Aleksandar86> please 19:11 < Atro> a /21 will get you till 7 19:12 < Atro> Aleksandar86: use this http://www.davidc.net/sites/default/subnets/subnets.html 19:12 < SwedeMike> Aleksandar86: 192.168.0.0-192.168.15.255 will work. /20 19:12 < Aleksandar86> some VLAN must include about 2000 IPs 19:13 < SwedeMike> Aleksandar86: /20 supports 4093 usable IPv4 addresses. 19:13 < Aleksandar86> VLAN1 = 192.168.0.1 - 192.168.7.254 or 192.168.0.0/21 19:15 < Aleksandar86> VLAN2 = 191.168.8.1 - 191.168.15.254 or 192.168.8.0/21 19:15 < Aleksandar86> is this correct? 19:15 < SwedeMike> yes. 19:16 < Atro> You can also use 2 /21-s to go over 2000 ip limit 19:16 < Atro> 192.168.0.0/21 and 192.168.8.0/21 19:18 < Aleksandar86> VLAN3 is 192.168.16.1 - 192.168.23.254 or 191.168.16.0/21 19:18 < Aleksandar86> ? 19:19 < Atro> 192.168.16.0/21 yes 19:19 < Aleksandar86> But if i want only IP x.x.20.1 - x.x.23.254 I can use pool 19:20 < Aleksandar86> for this VLAN 19:20 < Aleksandar86> Because point is create VLAN 10 who incude IPs x.x.10.1 - x.x.15.254 19:21 < Aleksandar86> is this correct? 19:21 < Aleksandar86> do with pool 19:21 < qman__> No 19:21 < Aleksandar86> why? 19:21 < qman__> IPs are binary numbers, they don't land on even 10s 19:22 < qman__> Subnet and supernet boundaries all land on powers of 2 19:23 < qman__> 2, 4, 8, 16, 32, etc 19:23 < Aleksandar86> this is only rule for DHCP, what if I wanna use static IP for VLAN 1? 19:24 < Aleksandar86> this is rule for any IP protocole? 19:24 < qman__> that has nothing to do with it 19:24 < qman__> This is how IP works 19:25 < Aleksandar86> what if I want use static ip for VLAN1? I can use only this ip 192.168.0.1 - 192.168.7.254 19:25 < Aleksandar86> ? 19:25 < Aleksandar86> sorry I'm begginer 19:26 < qman__> Static or dynamic is irrelevant 19:26 < Aleksandar86> i wish to learn 19:26 < Aleksandar86> I going to try with 3 VLANs 19:26 < qman__> networks can only use ranges that start and end at a power of 2 19:27 < qman__> So, /21 gives you that range 19:27 < Atro> Aleksandar86: learn subnetting before vlans 19:27 < qman__> The nex tange starts at .8.1 and ends at .15.254 19:27 < Atro> and use that link i gave you 19:27 < qman__> Next range* 19:28 < Aleksandar86> Thank 19:28 < flurant> well, powers of 2, or combinations of two or more powers of two added together 19:28 < Atro> WHAT ABOUT THE /31 19:29 < qman__> 0 is a power of 2 19:29 < Aleksandar86> Can this 2 subnets communicate between? 19:30 < qman__> only if you set up a router to route between them 19:30 < Atro> 192.168.3.4 - 192.168.3.5 only starts with a number that's a power of 2 :> 19:31 < Atro> but im curious, i guess you must statically ARP a /31, right 19:32 < Aleksandar86> What is for VLAN2 do this -> 192.168.10.0/24 and 192.168.11.0/24 and 192.168.12.0/24 19:32 < Aleksandar86> ? 19:32 < Aleksandar86> is this posible? 19:33 < Atro> this sounds like homework 19:33 < djph> ^ 19:33 < Atro> and i digress doing vlan's without understanding subnets 19:33 < djph> ouch 19:42 < wtflux> if you have a company that has two different offices on their own VLANs, and each office has a file server, but you have an employee that travels from office to office and needs to access one offices file server when he's in the other office what is the best way to handle this? 19:42 < wtflux> or, if not the "best" way, some options or typical ways its handled. 19:42 < Apachez> wtflux: use dns 19:42 < wtflux> DNS records? 19:42 < Apachez> this employee gets dnsserver info through dhcp 19:43 < Apachez> when at site 1 uses dns at site 1 19:43 < Apachez> gets 1.1.1.1 as response 19:43 < Apachez> when at site 2 uses dns at site 2 19:43 < Apachez> gets 2.2.2.2 as response 19:44 < wtflux> I dont follow, site 1 has DNS 1.1.1.1 and site 2 has DNS 2.2.2.2 but if he's in site 2 and DHCP gives a 2.2.2.2 DNS, how can he access site 1's file server? 19:45 < tds> if you want access between the sites and you don't trust the network between the two of them to just do it over the internet directly, a site to site vpn between the routers might make sense 19:45 < Apachez> no 19:45 < Apachez> site1 has dnsserver 1.0.0.1 19:45 < wtflux> tds what if our site uses the internet to make a WAN connection? (i dont know much about this part of networking) 19:45 < Apachez> site2 has dnsserver 2.0.0.1 19:46 < Apachez> when client is at site1 it uses dhcp 19:46 < Apachez> through dhcp it gets ip, subnet, gw and dnsserver to use 19:46 < Apachez> when at site1 it uses 1.0.0.1 as dns server 19:46 < Apachez> when at site2 it uses 2.0.0.1 as dns server 19:46 < wtflux> i get that, but how do they access site 1 fileserver from site 2. 19:46 < wtflux> am i missing something? 19:46 < Apachez> dnsserver at site 1 (1.0.0.1) answers for gayporn.fileserver.com that the ip is 1.1.1.1 19:47 < Apachez> dnsserver at site 2 (2.0.0.1) answers for gayporn.fileserver.com that the ip is 2.2.2.2 19:47 < tds> wtflux: sure, you can still have a default route out the wan interface, and you can run the VPN link over the internet and then have internal routes pointing over the VPN on each end 19:47 < Apachez> so this employee just connects to fileserver gayporn.fileserver.com and tada! 19:47 < Apachez> you can also solve this with views 19:47 < Apachez> so both dns servers have the same info 19:47 < Apachez> but depending on client ip the client gets different answer 19:47 < wtflux> Apachez, but there's two file servers 19:47 < Apachez> this is perhaps a better option 19:47 < wtflux> one for each office 19:47 < Apachez> yes? 19:48 < Apachez> gayporn.fileserver.com at site 1 19:48 < Apachez> and gayporn.fileserver.com at site 2 19:48 < Apachez> two different servers 19:48 < Apachez> their real fqdn can be anything 19:48 < tds> Apachez: if I'm correctly understanding what wtflux is asking, it's access between servers at two offices securely, rather than split dns to route users to the nearest file server 19:48 < Apachez> the above is just cname 19:48 < Apachez> tds: thats not what wtflux asked 19:48 < wtflux> TDS is right though, we've created the VLANs to secure the networks 19:49 < wtflux> i guess im asking what TDS is stating 19:49 < wtflux> i just didnt know how to word it 19:49 < Apachez> ohh you didnt want to load to the nearest server 19:49 < Apachez> well put up a sane dns naming structure then 19:49 < Apachez> like siteX.company.com 19:49 < Apachez> so its fileserver.site1.comapny.com and fileserver.site2.company.com 19:50 < wtflux> gotcha 19:50 < qman__> Route the networks together 19:50 < Apachez> and then use some encrypted vpn to connec the sites together 19:50 < qman__> If you don't want to do that, put a vpn client on the computer 19:50 < Apachez> so when user is at site1 it can still reach fileserver.site2.company.com 19:51 < Apachez> if you dont know what you are doing the hire somebody who does 19:51 < wtflux> Im just doing this in a lab environment 19:51 < wtflux> so i can learn the proper way to do it 20:03 < sql00_> Hello I have linksys router, but I want to do port mirroring and for this reason I need to buy network switch. I want to monitor all traffic on my home network with snort and I think that if I buy network switch and connect "Snort" to the monitoring port it will be good way to analyze network traffic. What you think? 20:03 < Apachez> sure but you need two interfaces to fully monitor in both ways 20:04 < Apachez> so verify that the switch you select can port mirror to two destinations (interfaces) 20:04 < Apachez> you mirror RX to intX and TX to intY 20:04 < Apachez> then connect snort to intX and intY 20:05 < sql00_> If I run snort on PC with two network interfaces will work ? 20:06 < Apachez> well you need to configure it 20:07 < sql00_> And where I need to connect switch ? Between ISP Cable and router because I want to monitor and wireless traffic 20:19 < djph> no. 20:27 < DSee> I have a Netgear router. I am scared :( 20:28 < djph> about? 20:32 <+xand> go hide under the bed 20:33 < Apachez> wanna hug? 20:33 < DSee> Apachez, send me a virtual hug 20:33 < Apachez> no 20:33 < Apachez> only physical 20:33 < Apachez> where we can feel each other armpits 20:34 < Apachez> only those who counts 20:38 < nixfreak> is it possible to add an A/AAAA record from my domain to a ddns? 20:38 < Apachez> huh? 20:39 < Apachez> you can do gayporn.yourdomain.com -> CNAME user.ddns.org -> x.x.x.x 20:39 < Apachez> you can do gayporn.yourdomain.com -> CNAME user.ddns.org -> A x.x.x.x 20:41 < nixfreak> perfect thanks 21:00 < varesa> eww, why does this always happen :-S 21:00 < varesa> migrated a bunch of VMs to a new KVM server with openvswitch based networking etc. 21:01 < varesa> everything seemed stable, did a bunch of testing, rebooted things a few times, used it a bit more 21:01 < varesa> suddenly NFS connection start dying all around 21:02 < varesa> and now I'm trying to figure out wtf is wrong from a bunch of packet captures, hindered by the clients freezing as the kernel starts waiting for NFS 21:03 < MikeSeth> yaaaay ipv6 works 21:15 < varesa> eh, now I can't even reproduce the NFS issue 21:25 < varesa> aand it's back 21:25 < varesa> looking at the server, the packets just completely stop 21:25 < varesa> looking at the client, well it just completely freezes so I'm not able to run any diagnostics at all 21:26 < MikeSeth> first get another client that is physically close to the server network topology-wise 21:27 < varesa> all the clients show the same behaviour 21:27 * varesa tries to find a patch cable to start port mirroring at the switch 21:28 < varesa> it also always recovers after a few minutes, I should probably time the hang/recovery to see if it aligns with some common timeout 21:29 < varesa> it is also weird as it seems to happen once or twice and after that the connection seems to remain stable until it is restarted 21:31 < MikeSeth> nothing interesting in dmesg? 21:31 < godSend23> hey all 21:32 < godSend23> ? 21:33 < varesa> server has [ 4306.721360] NFSD: client 192.168.0.214 testing state ID with incorrect client ID 21:34 < godSend23> i'm looking for a network media player that can play 4k content 21:35 < varesa> server has [ 398.304191] nfs: server not responding, timed out 21:35 < varesa> nothing else I can see that would be related to the cause rather than effects (soft CPU lockup, some IO errors, etc.) 21:36 < varesa> seems that this time it took ~3 minutes and 45-ish seconds to recover 21:39 < varesa> at least from the server perspective it is the client that disappears while the server tries to retransmit the last packet N times before giving up 21:42 < varesa> 3 minutes 50 seconds and everything works again 21:42 < nixfreak> ;k 21:46 < varesa> waait, journalctl -k: 21:47 < varesa> 21:47 < varesa> r8169: link up 21:47 < varesa> don't tell me these have some shit realtek NIC or driver that crashes under NFS?? 21:54 < varesa> no, I don't think it's that. Would have been too simple. Must have been that the CPU lockup caused the driver to time out or something 22:10 < varesa> And with port mirroring in place I can no longer reproduce. I though I got it to happen every time I restarted the client 22:15 < sql00_> What is the best way to monitor alive hosts in private network ? 22:16 < sql00_> I think that the namp scan is not good idea. 22:16 < sql00_> nmap* 22:20 < rewt> sql00_, do you want to scan for unknown hosts, or a list of known hosts? 22:20 < sql00_> I want to scan for unknown hosts in my network 22:21 < rewt> nmap 22:21 < rewt> why do you think nmap is not a good idea? 22:22 < sql00_> Which type of scan is good idea ? 22:22 < rewt> nmap 22:22 < rewt> why do you think otherwise? 22:23 < sql00_> What will happen if ICMP is blocked ? 22:23 < varesa> Switch ARP tables are one great way to find devices 22:24 < varesa> If they are in any way active on the network 22:25 < sql00_> Yes, but how i can export "Switch Arp Table" to specific database? 22:25 < sql00_> I want to store result of every scan 22:37 < tds> even if devices are blocking icmp they'll still likely respond to arp requests, so doing an nmap then dumping your neighbour table may work 22:40 < gregor2> I have configured a router as a client in wlan. 22:41 < gregor2> I can connect to the host router but not to the internet. 22:41 < gregor2> Why? 22:42 < sql00_> Thanks @tds 22:43 <+pppingme> gregor2 cause its broke 22:43 <+catphish> gregor2: is the second router doing NAT? if not, it may be that the primary router only does NAT for a single internal IP range 22:43 <+catphish> hard to be sure without knowing the exact config and devices 22:44 <+pppingme> gregor2 start simple, can you ping 8.8.8.8, I'm suspecting not.. 22:44 <+catphish> i assume not since he said he can't connet to the internet 22:44 < gregor2> it says network is unreachable 22:44 <+pppingme> is there an ip before that error? whats the ip? 22:45 < gregor2> what? 22:45 <+catphish> the IP in the ping error 22:45 < gregor2> An ip before that error? 22:45 < gregor2> 8.8.8.8 22:45 <+pppingme> thats the error you get when you ping 8.8.8.8, right?? 22:45 < gregor2> yes 22:45 <+pppingme> ok, whats the FULL error, including any ip addresses? 22:46 < gregor2> but i can ping the broadcast 22:46 < gregor2> i dont know how to show the full error 22:46 <+pppingme> you use that thing in front of you with all the buttons with letters and numbers on it.. 22:47 < gregor2> yes i type ping 8.8.8.8 22:47 < gregor2> and it says 22:47 < gregor2> ping: sendto: Network unreachable 22:47 <+pppingme> ok, that tells us a lot.. 22:48 <+pppingme> what os is this? 22:48 < gregor2> openwrt 22:48 < mawk> no default route 22:48 <+pppingme> wait.. you're getting that error on your pc, or your router/device/whatever?? 22:48 <+catphish> so, the device you're running ping on doesn't have a default route 22:49 < gregor2> i did the ping from the router 22:49 < gregor2> To the Router a pc is connected with a cable 22:49 <+pppingme> ok, that may not be important, if its acting as a wlan client/bridge, it doesn't necessarily need to talk on the 'net... 22:49 < gregor2> and another router is connected to the internet 22:49 <+pppingme> what happens when you ping 8.8.8.8 from the attached pc 22:50 < mawk> what fun thing can I do with a sigfox module ? I have a bunch of sensors at hand, and I need something that's not easily doable with zigbee/bluetooth/6LoWPAN 22:50 < gregor2> that works for some reason 22:51 <+pppingme> ok, then all is good... just means the bridge box doesn't have a gateway set, but its only an L2 device on your setup, so doesn't necessarily need one.. assuming I'm understanding your setup of course.. 22:52 < gregor2> there is no gateway set up 22:52 < gregor2> thats right 22:52 < mawk> you can set it up on the router if you want, that'll be useful for time synchronization for instance 22:52 < gregor2> Yes 22:52 <+catphish> why don't we deal with the fact the second router doensn't have a gateway 22:52 < gregor2> if i knew how 22:52 <+pppingme> gregor2 then set it to your real router.. 22:54 <+catphish> also, you can't use a router as a wifi client + bridge 22:54 <+catphish> at least not normally 22:54 < mawk> yeah 22:54 < mawk> unless nasty things are done with MAC masquerading and ARP proxying 22:54 <+catphish> indeed 22:54 < sql00_> How can I calculate network traffic with netflow data ? 22:55 <+catphish> if the client can ping google but the router can't, it must be running as a bridge, it may work, but it may also be horribly unreliable if you connect 2 clients 22:55 <+catphish> sql00_: add up the packet sizes 22:56 < gregor2> i did this once 22:56 < gregor2> i dont know 22:56 <+catphish> i feel like if you know how to decode netflow data, you shouldn't need to ask that 22:56 <+catphish> but yeah, just add up all the packet sizes and divide by time 22:57 < gregor2> i can connect to the gateway but not the internet 22:57 <+catphish> gregor2: from where? 22:57 < gregor2> from the pc 22:57 < gregor2> or 22:57 < gregor2> at least i can ping 8.8.8.8 22:57 <+catphish> ugh, this question has got way too messy 22:57 < gregor2> but 22:57 < nixfreak> I added a CNAME to my domain which is my ddns subdomain 22:58 <+catphish> you're making no sense "i can ping 8.8.8.8, but not the internet" 22:58 < gregor2> yeah i know 22:58 <+catphish> gregor2: you really need to explain your problem and configuration better :( 22:58 < nixfreak> but I still can't use my subdomain from my domain only the ddns subdomain works 22:58 < gregor2> i cant open google in my browser 22:58 < tds> gregor2: any chance of a diagram of this mess showing which parts work and which don't? ;) 22:58 < Kingrat> ~$ ping the internet 22:58 < Kingrat> ping: internet: Name or service not known 22:59 < Kingrat> :P 22:59 < gregor2> i cant open google in my browser 22:59 <+catphish> nixfreak: that should work, what's the name? 22:59 < gregor2> yeah 22:59 < gregor2> name? 22:59 < nixfreak> stream.chaos.ml 22:59 < gregor2> pinging 8.8.8.8 from pc works 23:00 <+catphish> gregor2: so that's the problem? 23:00 < nixfreak> it points to the ddns subdomain 23:00 <+pppingme> you're making no sense "i can ping 8.8.8.8, but not the internet" << I think he means name resolution is broke 23:00 < gregor2> opening google in browser on pc dont wirks 23:00 <+catphish> gregor2: maybe you just didn't set your dns servers, configure them to 8.8.8.8 23:00 <+pppingme> gregor2 ping google.com 23:00 < nixfreak> but when I try to call it in a browser when the server is running doesn't work 23:00 <+pppingme> gregor2 ping google.com 23:00 <+catphish> stream.chaos.ml is an alias for chaos.bad.mn. 23:00 <+catphish> chaos.bad.mn has address 66.188.181.226 23:01 < tds> nixfreak: is there meant to be a web server listening on that address? connections just time out for me 23:01 <+catphish> ^^ nixfreak is that what you wanted? 23:01 < gregor2> that could be the problem 23:01 <+catphish> nixfreak: for me it resolves as above, but there's no server at that address 23:01 < gregor2> if i type 172.217.0.0 23:01 <+catphish> 66.188.181.226 23:02 < gregor2> in the browser it does not work to 23:02 < nixfreak> try :9853 23:02 < nixfreak> https 23:02 <+catphish> gregor2: that IP redirects to a name 23:02 < gregor2> dns-nameservers is 8.8.8.8 23:02 < nixfreak> https://chaos.bad.mn:9853 23:02 <+catphish> nixfreak: it doesn't respond to ICMP, won't debug further 23:03 <+catphish> nixfreak: ok, that link works, but the ssl cert is invalid, and icmp ping doesn't work 23:03 < nixfreak> but I want https://stream.chaos.ml:9853 instead so I can get encrypt-this to sign the domain 23:03 <+catphish> https://stream.chaos.ml:9853/ works for me 23:03 <+catphish> just has a bad certificate 23:04 < nixfreak> oh very cool , must of been the TTL then 23:04 < gregor2> so just name resolv does not work? 23:04 <+catphish> yep 23:04 <+catphish> letsencrypt will probably work 23:04 < gregor2> but how can i fix that? 23:04 < nixfreak> yeah trying to get it to work but has an issue with the port 23:05 <+catphish> afaik you can only do letsencrypt on port 80 23:05 < tds> you can do dns challenges as well if you want 23:05 <+catphish> true 23:05 <+catphish> but why not just use 80/443 23:06 < nixfreak> I can just don't like ports getting hit all the time 23:06 < tds> yeah, I just use http-01 on all my stuff, works nicely 23:06 < nixfreak> I have conf the firewall anyway for filtering 23:06 < gregor2> how does this work? 23:06 <+catphish> gregor2: just set nameservers! 23:07 < tds> nixfreak: if you're using certbot, you could have it run in standalone mode, then nothing will be listening on 80 normally 23:07 <+catphish> oh yeah, certbot can make its own temporary server on port 80, forgot that 23:07 <+catphish> ideal 23:07 <+catphish> you can open the firewall, since nothing else is listening on that port anyway :) 23:07 < gregor2> i have set it to 8.8.8.8 23:07 <+catphish> gregor2: good 23:08 < gregor2> doesnt work annyway 23:08 <+catphish> gregor2: well you best get debugging 23:09 < gregor2> no 23:09 < nixfreak> i can't get to https://stream.chaos.ml:9853 --> you still can? 23:09 < gregor2> it did work when i was connected to a gateway directly 23:10 < nixfreak> hmm 23:10 <+catphish> no? 23:11 <+catphish> nixfreak: yes, works here 23:11 < nixfreak> weird 23:11 < nixfreak> not here 23:12 < nixfreak> ok I can see you 23:12 < nixfreak> has to be this end then browser wise but the server is showing it now 23:12 < nixfreak> appreciate the help 23:13 <+catphish> nixfreak: dns can be slow with TTLs and negative caching 23:16 < gregor2> ok 23:16 < gregor2> i missed the resolv.conf part 23:16 < gregor2> its working now 23:17 < gregor2> lol 23:17 < nixfreak> yep thats a DNS issue on my part 23:17 < nixfreak> damn this whole time I thought it wasn't working 23:18 < nixfreak> I just tried with my phone to connect w/o wifi 23:20 < gregor2> yes 23:20 < gregor2> exactly like that 23:33 <+catphish> nixfreak: cool --- Log closed Sun May 27 00:00:34 2018