--- Log opened Thu Jun 07 00:00:48 2018
00:02 < BenderRodriguez> ugh
00:02 < BenderRodriguez> what's with the IT industry and its fascination with RCA documentation
00:02 < BenderRodriguez> You KNOW what cause the issue
00:02 < BenderRodriguez> why do you need a document?
00:02 < BenderRodriguez> catphish: am I right or am I right
00:03 <+catphish> i dont know what that is
00:05 < BenderRodriguez> catphish: good
00:05 < BenderRodriguez> it's better not to know about these things
00:05 < BenderRodriguez> lest the cancer spread
00:25 < djph> "Root Cause Analysis"
00:25 < djph> my boss was *pissed* last time he made me write one
00:25 < djph> I started it with "shit broke, and the pencilneck paper pushers wasted 4 hours on the phone pointing fingers before they'd let us even start looking into the issue"
00:26 < djph> my plan for "make sure it doesn't happen again" was "fire management, and let us do what yo upay us to do"
00:29 < Apachez> end game: djph doesnt have to write any more "root cause analysis" any more? :P
00:34 < djph> Apachez: that's the plan
00:34 < djph> Apachez: though it didn't work this time
02:07 < MarkusDBX> Looking for a good documentation / teach material of how reverse lookup and arpa addresses work.
02:07 < MarkusDBX> Google is show lots of stuff, some stuff is just too old.
02:08 < MarkusDBX> *google is showing..
02:08 < MarkusDBX> need to set up PTR and my skills in this area is not the best
02:15 < tds> MarkusDBX: if this is for a public IP and you don't own the IP space, you probably need to do that via your provider, I'd expect it to be an option in the control panel or whatever
02:23 < Fieldy> anybody know how to, from the client side, prevent openvpn from trying to assign an ipv6 address? i only want an ipv4 address. i've disabled ipv6 entirely in sysctl as well as a boot parameter, however the server (which I don't control) is also trying to give the client an ipv6 address, and it quits when it can't assign one. i've searched around and not really finding anything
02:24 < Dagger> dare I ask why you don't want a v6 address? you might be better served by fixing whatever the underlying issue there is
02:25 < Dagger> given that v6 is a thing you need to be deploying anyway
02:33 < MarkusDBX> tds: it's a vps provider I use, they have a controlpanel, I can create such a zone
02:33 < MarkusDBX> tds: I'm just noobish in the area
02:35 < tds> it's difficult to know what you need without knowing the provider's interface - you should be able to add a record per ip address, with a hostname as the data in the ptr record
02:35 < DF3D2> I'm having an issue with a software vendor who provides a client/server app, the app allegedly uses 443 out which is definitely not being blocked at the client site, however the user is experiencing all sorts of intermittent connection issues, but ONLY on this app and the internet is a fiber connection. The vendor of course claims the issue on our network side, I can find no such issue...
02:36 < DF3D2> I'm not sure where else to look
02:41 < djph> wireshark? see what's going out?
02:43 < DF3D2> yeah also gonna start a capture in the router soon
02:44  * dogbert_2 drops a large pizza on djph 
02:54 < Fieldy> found the solution. if you want to disable ipv6 from the client side on openvpn (example: you don't control the server): https://www.snbforums.com/threads/openvpn-help-please.41683/#post-352774
02:55 < tds> Fieldy: as Dagger asked earlier, what's your reason for wanting that?
02:56 < tds> if it's for privacy or similar, you may want to null route v6 traffic rather than just ignoring the openvpn options, since otherwise you may leak v6 traffic via a native connection
02:56  * dogbert_2 spins The Stampeders - Sweet City Woman
03:32 < smallville> does spectrum provide a free router?
03:33 < smallville> or do they provide a modem only?
03:35 < dogbert_2> is spectrum a cable provider, if so, buy your own cable modem and wireless router
03:35 < dogbert_2> I have Cox here...use a Arris Surfboard SB6183
03:37 < smallville> kinda overkill, no?
03:37 < smallville> why not get one with wifi?
04:02 < Kingrat> smallville, generally they provide it for a small monthly fee, but in my experience unless you have a business account most of the ones they use for residential are not good
04:07 < dogbert_2> combining cable modem with wireless isn't a good idea, IMO...that's what the D-Link AC1750 is for :)
04:08 < dogbert_2> the SB6183 just passes the stuff thru to the D-Link :)
04:16 < UserUS> is it normal to have a lot of incoming icmp packets from google?
04:16 < rewt> omg they're trying to hack you
04:20 < UserUS> lol well follow up, how about from russia, japan, and poland?
04:21 < UserUS> Null payloads
04:22 < dogbert_2> upgraded firmware in D-Link AC1750
06:39 < Ted33> Computer1 has 2 NICs.  NIC1 on VLAN1 and the NIC2 on VLAN2.  Both VLANs are routable.  If I want all traffic bound for VLAN3 to go out NIC2 and all other traffic to go out NIC1, then shouldn't I configure both NICs with gateways?
08:37 < zetheroo> 2 systems in the local network - sshing into an offsite-hosted server - local system 1 can ssh into said offsite server instantly, while local system 2 timesout - suggestions? (All systems are Ubuntu Linux)
08:44 < detha> zetheroo: look at the server ssh logs
08:45 < cluelessperson> hey all.  If I want to setup a dns and dhcp server, that handles internal as well as public DNS, what terminology should I be searching for to learn about it?
08:45 < cluelessperson> I'm not sure what the standards are.
08:49 < detha> cluelessperson: the standards are DNS and DHCP. Terms: resolving, authoritative, tsig update
08:52 < zetheroo> detha: apparently it's a tcp problem ... I tried to tcptraceroute the server at port 22 and it fails with Destination not reached
08:53 < detha> zetheroo: can you ping it? if yes, firewall problem
08:53 < zetheroo> detha: yes, can ping it from both local systems
08:54 < zetheroo> but if it's a firewall issue how is it that one local system can reach it just fine while the other cannot?
08:54 < detha> and from the 'working' system tcptraceroute works?
08:54 < zetheroo> yes
08:54 < zetheroo> practically instant
08:55 < detha> from the non-working, how many hops do you still see in tcptraceroute?
08:56 < zetheroo> 6 - not including the ones with ***
08:56 < zetheroo> from the working there are 7
08:56 < detha> ones with *** count just the same. Do both systems follow the same route?
08:57 < zetheroo> yes they do - up till the 6th hop
08:58 < detha> any NAT gateways involved, or do both have a public IP?
08:59 < zetheroo> ok, I just tried again from the working one and now it's showing *** after the 6th hop, get's to the 30th hop and then end ... no message
08:59 < zetheroo> very odd
09:00 < detha> and ssh still works?
09:00 < zetheroo> yes
09:01 < detha> odd indeed. still points to some firewall/IDS in front of the server though
09:02 < zetheroo> or a firewall rule on the offsite server itself?
09:02 < detha> could be that too. It sounds like rate limiting, fail2ban, something like that
09:03 < detha> easy enough to test, on the server do sudo iptables -I INPUT -p tcp --dport 22 -j ACCEPT
09:03 < zetheroo> I just had a look at the iptables rules on the offsite server and there a a bunch
09:04 < zetheroo> hmm ... maybe iptables has a log ....?
09:05 < detha> only if you use -j LOG in the rules
09:06 < zetheroo> all I see is -j ACCEPT after the rules :/
09:07 < detha> try adding that --dport 22 rule as the first rule, that will rule out [pun intended] other issues in the ruleset
09:08 < zetheroo> sorry, not entirely sure what you mean I should do
09:09 < detha> sudo iptables -I INPUT -p tcp --dport 22 -j ACCEPT
09:09 < detha> that will create a rule to allow ssh as first rule in the chain
09:09 < zetheroo> ok 👍
09:09 < zetheroo> I see it there now
09:10 < zetheroo> -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
09:10 < detha> -A is 'last rule'
09:10 < zetheroo> oh
09:11 < detha> you want it as the first rule in the input chain, so it takes priority over whatever other stuff is in there
09:11 < zetheroo> and it should be the first rule ..
09:12 < zetheroo> but all the rules have -A in front of them
09:13 < detha> when you build a ruleset, you use -A so you can write it in order.
09:13 < zetheroo> ok, how do you get it to be a first rule?
09:13 < detha> use -I instead of -A
09:13 < detha> Insert, Append
09:14 < zetheroo> that's what I did ... I copied your command
09:14 < detha> is it in there as first rule in iptables -vnL now?
09:15 < zetheroo> first line of output is:
09:15 < zetheroo> 24840  133M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
09:15 < detha> good. and if you test again with tcptraceroute, what happens?
09:16 < detha> also, that looks like an older rule - 24K packets don't happen in a minute or so
09:17 < zetheroo> do I need to reload a service on the offsite server for the change to be applied?
09:18 < detha> no
09:19 < zetheroo> tcptraceroute from non-working local system is the same as before
09:19 < detha> and from working?
09:20 < zetheroo> same as before - works instantly once or twice, and then does it's *** hops till 30 and end without message
09:20 < zetheroo> but ssh no problem
09:20 < detha> some firewall
09:22 < detha> chances are that if you wait an hour, suddenly both work.
09:22 < zetheroo> really :D
09:23 < zetheroo> can iptables be disabled temporarily for testing?
09:23 < zetheroo> as in, to see if it's the issue at all ..
09:24 < detha> I wouldn't, but yes you can. Rather look for port 22 traffic with tcpdump
09:25 < detha> If you ssh to the server, and you see the SYN packets, it's the server. If you don't see them, it's an IPS in front of the server
09:26 < zetheroo> and you see that information in a log?
09:26 < zetheroo> or with some networking traffic monitoring software?
09:27 < detha> on the server, run 'sudo tcpdump port 22'
09:27 < zetheroo> I guess I have to install something ... command not found ... one sec
09:28 < zetheroo> holy hell ... when I execute that command the output is like a torrent
09:29 < detha> ah. running it on another ssh session instead of remote console?
09:29 < zetheroo> yeah, I am ssh'ed onto the remote server
09:29 < zetheroo> doing it wrong?
09:30 < detha> ok, sudo tcpdump port 22 and 'tcp[tcpflags] & tcp-syn !=0
09:30 < detha> oh, and a closing '
09:31 < zetheroo> ok, and now I ssh from another terminal ...
09:33 < regdude> The term "fiber drop cable" simply means a more durable fiber optics cable? (more durable shell)
09:33 < zetheroo> detha: can I PM you the output pastebin?
09:33 < detha> zetheroo: no problem
09:34 < zetheroo> Thats the output from the offsite server as I was sshing in from the working local system
09:35 < detha> that....seems to be a popular target for scanners. The question now is, which would be your attempts?
09:38 < zetheroo> in that output I don't see SYN anywhere - is that what you said to look for?
09:38 < detha> the [S] is syn, [S.] is SYN/ACK
09:39 < zetheroo> ok
09:40 < detha> zetheroo: is mrs-4b something you have any control over?
09:40 < zetheroo> that's the offsite server - I have ssh access to it (from that one local system) and can access the offsite hosting account
09:41 < zetheroo> oh wait, that's not the one I am trying to ssh into though
09:41 < zetheroo> mrs-1b
09:41 < detha> hang on, that looks like it was taken from mrs-1b . yes
09:41 < zetheroo> ^ that's the one in question
09:43 < detha> anyway, it looks like lots of things are trying to connect ssh to that server.
09:44 < VincentHoshino> heh stuck a ssh server with a public facing IP on port 22?
09:44 < zetheroo> yes, there are. and all are seemingly working - other than pretty much all local systems on our network
09:45 < VincentHoshino> ohh
09:46 < zetheroo> I heard from the other sysadmin that he created a iptables rule for a VPN connection from the offsite system to the local system that incidentally is the only system which can ssh into that offsite server without issue
09:46 < zetheroo> could that have anything to do with this?
09:46 < detha> ah. that server be set up to accept keys only by the looks of it, good. Now on the non-working system, do you have keys for it?
09:47 < zetheroo> yes, my key is deposited on that server
09:47 < detha> what is the exact message you get when trying to connect?
09:51 < potatoe> i wanted to move my ssh server to port 22222 but then again
09:52 < detha> from the earlier tcpdump, that server happily responds to connections. However, this times out, so something in front of it. I would ask whoever hosts the server
10:01 < zetheroo> if the hosting provider has a firewall they would have to be blocking all of our internal IP's other than the one which can ssh into the server ...
10:06 < zetheroo> I will contact the provider nevertheless
11:02 < screwsss> https://imgur.com/zcjlzWF are these speeds reasonable
11:02 < screwsss> over fully hardwired LAN ethernet
11:05 < regdude> I think your PS3's HDD is the  bottleneck, though it might be the router that is not able to handle more than 200Mbps with TCP
11:06 < regdude> 22MB/s write seems reasonable for a 2.5" HDD
11:06 < regdude> though it can do a lot better
11:06 < screwsss> https://www.dlink.com.au/home-solutions/DSL-2890AL-dual-band-wireless-ac1750-gigabit-adsl2-modem-router
11:06 < djph> ew, 5400 RPM drive?
11:06 < screwsss> thats my router
11:07 < screwsss> MiB
11:07 < screwsss> megabits right
11:07 < regdude> the AC1750 SoC should be able to handle more than just that, but that is DLink, dunno how they have implemented the chip and if they are even using the built-in switch chip
11:07 < djph> base-2 megabytes (1024 KiB * 1024 Bytes)
11:08 < djph> er 1024 ^ 3 Bytes
11:08 < djph> vs MB (base-10) of 1000 ^3 bytes
11:09 < djph> ... fuck it's too early, s/3/2/g
11:09 < screwsss> ah a mebibyte
11:10 < screwsss> what did you mean by TCP earlier
11:10 < regdude> TCP traffic adds extra load on a switch chip (asterix) and on the CPU for the router
11:11 < regdude> if you are worried about network performance, then never use file transfers, too much factors, use iperf instead
11:12 < screwsss> iperf
11:12 < screwsss> ok.
11:12 < screwsss> thats a CMD command right
11:12 < stefy143> whats the difference of same and adjacent layer interaction
11:15 < regdude> some devices can offload to the hardware traffic that is being sent over Layer2, some can even offload some very simple routing (Layer3), but between these two layers there will be a performance drop
11:16 < regdude> screwsss: it is a tool to measure network's performance. If you are using Windows, then there should be a GUI tool as well, I think there was jperf
11:19 < stefy143> can anyone help me?
11:21 < stefy143> hello?
11:24 < screwsss> im on windows yep
11:25 < screwsss> regdude - meh. 120 megabits a second feels about right
11:26 < regdude> so the bottleneck is your PS3's HDD (or maybe your PCs HDD), or maybe the CPU, but the network is running at wirespeed, nothing to improve there
11:27 < regdude> oh wait, 120Mbps using iperf? That is not so good at all
11:28 < regdude> that is really bad then
11:37 < stefy143> anyone?
11:37 < Emperorpenguin> hi stefy143
11:38 < stefy143> hi
11:38 < stefy143> can anyone explain me the difference of same and adjacent layer?
11:39 < djph> same layer -> e.g. layer 2.  adjacent layer -> +/- 1 (e.g. L1 or L3)
11:41 < stefy143> im a noob what does it mean +/- 1?
11:42 < lithiumpt> regdude: the PS3 has hard disk encryption, so every disk write goes through the encryption function, which is quite cpu heavy
11:42 < djph> "plus or minus 1".  so if we're starting at "2", "2+1 = 3" and "2-1=1)
11:44 < stefy143> you lost me
11:45 < regdude> lithiumpt: it was a long time ago, but when I modded to have a 3.5" HDD I think it did better, the CPU is quite good, but I think his network might be a bottleneck if iperf shows only 120Mbps
11:45 < stefy143> whats got to do with adjacent?
11:46 < djph> stefy143: "adjacent" literally means "next to"
11:46 < djph> stefy143: so "given Layer *TWO*" the layers "next to" it are ... *ONE* and *THREE*
11:48 < stefy143> so your giving me a calculation?
11:48 < djph> no, I'm giving you primary school number lines.
11:49 < djph> one comes before two, and two comes before 3.  Therefor "2" is adjacent to 1 and 3.
11:50 < djph> anyway, the layers themselves are just a model. That is, they're just a tool to make sense of the complexity of networking (and throw away everything after L4 anyway)
11:51 < detha> Wait, we can throw away L8? Yes!
11:51 < stefy143> no such thing as level 8
11:51 < djph> stefy143: (l)users.
11:51 < stefy143> unless they added it recently
11:52 < stefy143> idk why but ur example make sense in some way
11:52 < djph> stefy143: aka your cow-orkers. aka "those people you can replace with a small shell script"
11:52 < djph> stefy143: aka meatsacks
11:53 < regdude> I actually gave this guy difference between L2 and L3 from performance viewpoint
11:53 < djph> detha: you can, although better to have them leave of their own volition.  Unquestioning PFYs are hard to come by these days.
11:54 < detha> djph: true. But I was more thinking along the lines of the model that puts 'Management' at L8.
11:55 < djph> isn't manglement L9?
11:55 < detha> L8 - management, L9 - finance. Or vice versa.
11:55 < djph> ah
11:55 < djph> still "getting them to leave" is generally the cleaner option.
11:56 < stefy143> i dont get the the last two comments
11:56 < djph> stefy143: it's a joke
11:56 < stefy143> but thanks for the help djph
11:56 < stefy143> okay
11:57 < djph> the OSI model has L1 - L7.  L8+ are jokes (users, management, beancounters, etc.)
11:57 < stefy143> sorry not in the mood for jokes just studying djph
11:59 < djph> too bad, you're getting them anyway. It's the only way we can cope with bad users.
11:59 < djph> (well, that and alcohol ... but alcohol is frowned on at 9AM)
12:00 < stefy143> oh btw to learn networking what do i need to learn it i mean tools
12:01 < stefy143> like the physical one
12:01 < stefy143> is there a kit or something?
12:01 < djph> you need a brain, and to not be color-blind.
12:01 < stefy143> because the exam is compost of written and practical right?
12:01 < djph> no idea
12:01 < djph> what test?
12:01 < stefy143> for networking?
12:02 < stefy143> im not taking the test but i do need to learn it physically
12:02 < djph> I mean, are you talking about a *specific* test that you're planning on taking, or just some ephemeral "test".
12:02 < stefy143> is there like a kit in amazon or some idea how to get stuff
12:03 < djph> copper is simple -> TIA/EIA 568-B.
12:03 < stefy143> i hate test ill probably not take it
12:03 < djph> glass is ... well, make your employer pay for you to learn that.
12:03 < stefy143> but ill study like im going to take one
12:03 < drozdziak1> I'm trying ti ping `ff02::1` I get `Network is unreachable`. What could be the problem? I do specify an existing interface that is up and has a link-local IPv6 address
12:04 < Roq> stefy143: Which test are you studying for? A kit makes sense if you're studying for a vendor specific exam like cisco or juniper
12:04 < djph> stefy143: if you want a crimper and some cable and some ends to practice with, your local home improvement type store should have some / all of that.
12:04 < stefy143> the book says ccna
12:05 < stefy143> ccent
12:05 < Roq> Ok, cisco it is then. You can do anything you need for CCENT in "Packettracer"
12:05 < djph> Roq: I *think* he's looking for a (physical) networking toolkit -- lineman's scissors, pliers/cutters, crimpers, etc.
12:05 < stefy143> i dont have a prob with that
12:05 < djph> ... or not ...
12:05 < stefy143> more on the configuring part?
12:05 < Roq> djph: hah, or not :)
12:06 < djph> :)
12:06 < stefy143> or making ur own network stuff no idea
12:06 < Roq> stefy143: packettracer is software that simulates switches and routers etc. You can build your labs in it and test the commands etc
12:06 < stefy143> i think u need physical stuff besides packettracer
12:06 < Roq> It's free to use and saves you the costs of an actual lab
12:06 < djph> stefy143: "need"
12:06 < stefy143> u call it networking lab then?
12:07 < Roq> A virtual lab? Yeah
12:07 < stefy143> i need a physical one
12:07 < Roq> Why?
12:08 < stefy143> fuck or i need to ask someone so i can do lab stuff dammit
12:08 < stefy143> theory and physical are not the same
12:08 < Roq> You can build labs in packettracer, it will be sufficient for your CCENT
12:08 < djph> "lab stuff" is typically just "okay I have three routers, and I'm gonna make OSPF work because I can"
12:08 < Roq> It will simulate a physical lab
12:08 < stefy143> im not taking the test -_-
12:08 < stefy143> i just want to learn it
12:09 < djph> you don't actually *need* a physical lab
12:09 < djph> (unless you're studying for a test like "terminate 80-billion connections")
12:09 < stefy143> oh u mean i can buy the materials i need from there to make a physical lab?
12:09 < Roq> You will learn it by making labs in packettracer too :) It's the easiest way to start with building/configuring simulated networks
12:09 < stefy143> that sounds like ddos
12:10 < djph> no, I mean *physical* connections -- e.g. here's some 600-pair cable.  have at it.
12:10 < stefy143> ok so first packet tracer and then physical
12:10 < regdude> "in todays lesson we are going to learn how to mitigate DDoS, lets build our own botnet with 1000 IoT on our desks"
12:10 < stefy143> u mean a rac?
12:10 < stefy143> *rack
12:10 < stefy143> i think its called
12:10 < djph> regdude: haha
12:10 < djph> stefy143: who, me?
12:11 < Roq> Just download packettracer and make some entry level topologies, you will learn from that
12:11 < Roq> Even if you're not taking the test
12:11 < stefy143> i already have that im just reading the book coz i never finished it
12:11 < stefy143> i want to finish what i started then go to the next
12:12 < stefy143> like programming
12:12 < stefy143> one last question
12:12 < stefy143> is networking mind different from a programming mind?
12:13 < stefy143> i mean how he logically solves problem is it a huge difference?
12:13 < djph> they're two different sets of problems
12:13 < stefy143> solve in different ways?
12:14 < stefy143> just want to know the way of thinking before i dive to this
12:14 < djph> well, it's more like asking "can I use this hammer to install screws"
12:14 < djph> logical thought processes, etc. will overlap.  But the actual execution of "solve teh problem" are different.
12:14 < stefy143> fuck two way of thinking got it
12:15 < djph> I ... guess ...
12:15 < stefy143> -_- ill be crazier when i finish this
12:15 < stefy143> more drugs then okay
12:15 < stefy143> gtg
12:15 < djph> I mean "programmer" writes a program.  "Network guy" ... well, fixes the network ...
12:15 < stefy143> thanks for the help
12:15 < stefy143> whats the difference?
12:16 < djph> "fixing the network" and "writing a program" are entirely different tasks.
12:16 < Jackneill> hey
12:16 < Jackneill> is RAP == vpn client?
12:16 < Roq> The type of person will be the same, pragmatic, analyticial, logical. The fields are vastly different so you can't really compare that
12:16 < djph> 'RAP' looks like an acronym
12:16 < stefy143> why do we write program? and why do we fix network?
12:17 < stefy143> seems the same to me
12:17 < djph> stefy143: (1) to solve a problem.  (2) to shut the users up.
12:17 < stefy143> i just want to know if the brain pattern differs a lot or im screwd
12:17 < djph> or rather, the program is to automate / speed up some task.
12:17 < djph> the network is to move data faster.
12:18 < stefy143> speed is the common ground
12:18 < stefy143> i can go with that
12:18 < stefy143> thanks
12:18 < stefy143> gtg thanks a lot
12:20 < Jackneill> djph, remote access point
12:28 < myrat> dd
12:42 < Tazmain> Hi all, is it possible on windows 10 , that I can run my own dns server?
12:43 < Tazmain> host file entry doesn't seem to work. Seems another dns is interfering
12:47 < djph> Tazmain: probably not.  MSFT is pretty adamant about how you use their various "levels" of operating system
12:47 < djph> Jackneill: huh?
12:48 < djph> Jackneill: oh, right, the "RAP=vpn" or whatever.  In what context is this, exactly?
12:48 < Jackneill> replacing vpn client with hardware that does the same
12:48 < djph> Jackneill: I mean, like Cisco APs, or ... something else?
12:48 < Jackneill> is this manufacturer dependednt?
12:49 < djph> so a site-to-site VPN?  I'd use ipsec right on the routers if they were capable of it
12:49 < Jackneill> djph, to connect a computer to a vpn/intranet in other country
12:50 < djph> Jackneill: well, if it's just a single computer, something like openvpn on a raspi might be sufficient
13:32 < Apachez> putin live answering questions from the public :) https://www.youtube.com/watch?v=JFyfu9um_Ts
13:42 < zetheroo> detha: the hosting provider replied saying "We are neither filtering nor blocking any traffic per default. Furthermore, the firewall feature via robot has not been activated from your end." - so that rules them out :/
13:45 < zetheroo> how do I turn on logging for iptables?
13:46 <+xand> how did you turn it on?
13:46 <+xand> delete the LOG rule
13:48 < zetheroo> xand: I didn't turn it on
13:48 <+xand> well it isn't enabled by default, there must be a LOG rule
13:48 < detha> zetheroo: iptables -A INPUT -j LOG
13:48 < stefy143> hello
13:48 <+xand> yeah one like that
13:49 < zetheroo> gr8 thks
13:49 <+xand> you need to remove it
13:49 < stefy143> what is a session layer?
13:49 < zetheroo> remove it?
13:49 < stefy143> is it a protocol thing? or somthing?
13:49 <+xand> zetheroo: what distro do you use?
13:49 < zetheroo> Ubuntu
13:49 <+xand> mmmm
13:49 <+xand> well
13:49 < zetheroo> so to get logging to work I have to remove the rule?
13:50 <+xand> I'm sorry I misread, I thought you wanted to turn it off.
13:50 <+xand> oops
13:50 < zetheroo> k
13:50 < thelucky1ike> stefy143: it is layer out of OSI or TCP/IP stack
13:50  * compdoc slaps xand around a bit with a large trout
13:50 <+xand> zetheroo: do you actually have any rules, as there are not any by default. and do you want to log just dropped things, or everything?
13:50 < stefy143> wut?
13:51 < thelucky1ike> stefy143: https://en.wikipedia.org/wiki/OSI_model
13:51 < zetheroo> xand: there are a number of rules on the system
13:52 < stefy143> so it is about protocols?
13:52 < zetheroo> xand: I am looking for anything blocked
13:52 < detha> zetheroo: just full logging may give too much noise, maybe just log anything port 22 (or even port 22 SYN)  that gets through
13:52 < stefy143> like handshake?
13:52 < zetheroo> any ssh connections blocked
13:53 < zetheroo>  detha: yes, that makes sense
13:54 < detha> what is the last rule in your input chain? a DROP, or is it set to 'default drop' policy?
13:54 < thelucky1ike> stefy143: your terms doesn't make much sense, protocols, handshakes
13:54 < thelucky1ike> intro page in wiki makes it kindof clear
13:55 < stefy143> whats ur knowledge about networking?
13:55 < thelucky1ike> its my job, but depends
13:56 < zetheroo> detha: it's an ACCEPT for udp
13:56 < stefy143> you know the differnces on osi model of each?
13:56 < detha> zetheroo: then iptables -A INPUT -p tcp --dport 22 -j LOG
13:57 < thelucky1ike> stefy143: yes, even if it is not in use nowadays
13:57 < detha> that logs any port 22 traffic that falls through, and ends up in the default block or drop
13:57 < stefy143> then you know what im asking about
13:57 < detha> (unless you have specific drop rules for it before there)
13:57 < zetheroo> detha: ok ... great ... going to watch kern.log now as I attempt to SSH in ..
13:58 < stefy143> no need to send me to wiki if you understand it correct?
13:59 < thelucky1ike> sorry mate, but your question about it was too generic to answer shortly.
14:00 < stefy143> i want to know what it means L5
14:00 < stefy143> to differentiate it from transport
14:01 < stefy143> transport is tcp/udp
14:01 < stefy143> whats session?
14:01 < zetheroo> detha: ssh timeout and no output on kern.log
14:02 < detha> zetheroo: interesting. time for another log rule, now as first rule.
14:02 < Atro> most stuff uses TCP/IP which disregards L5
14:02 < Atro> but your question sounds like homework
14:03 < stefy143> so you guyz dont know?
14:03 < zetheroo> detha: ok, deleted the previous rule and created it again with -I
14:03 < djph> stefy143: look at the OSI model
14:03 < djph> that will show all the layers
14:04 < djph> (or the TCP/IP model -- but it has fewer layers than the OSI model, which may make things less clear)
14:04 < detha> zetheroo: do you know the external address you are connection from?
14:04 < zetheroo> detha: first rule in input chain:    72 41714 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 LOG flags 0 level 4
14:04 < stefy143> okay you dont get my question
14:04 < thelucky1ike> stefy143: session layer "binds" together application with actual sessions - opening, closing, mantaining, etc
14:04 < thelucky1ike> it follows what connections goes where and to what applications
14:04 < stefy143> so it is a handshake?
14:05 < detha> zetheroo: with all the ssh hitting that server, probably easier to log specifically on the address you are connecting from
14:05 < zetheroo> detha: yes
14:05 < stefy143> or security stuff?
14:05 < thelucky1ike> its a way how all your network stuff works together
14:05 < Atro> its more of a handshake
14:06 < stefy143> ok so its like packets or frames connecting to the server? or computer?
14:06 < stefy143> and vice versa?
14:06 < stefy143> data flow?
14:06 < thelucky1ike> not packets/frames, but more flow itself
14:07 < stefy143> so its the interaction between nodes or something?
14:08 < zetheroo> detha: iptables -I INPUT -p tcp --dport 22 -j LOG --> how do I apply that to a single IP?
14:08 < djph> stefy143: no.  data traverses EVERY LAYER
14:08 < thelucky1ike> no, within same node. I would see it like this: your application ( example firefox ) needs to go to webpage. Firefox itself doesn't have tcp stack, it uses underlaying OS stack. If this stack operates under OSI, then layer5 would bind your outgoing tcp session to correct firefox session
14:08 < detha> zetheroo: iptables -I INPUT -p tcp --dport 22 -s 1.2.3.4 -j LOG
14:08 < detha> that logs any ssh traffic coming from 1.2.3.4
14:09 < zetheroo> ok
14:09 < Atro> its a session inside a session
14:09 < stefy143> so its not the interaction
14:09 < Atro> yo i herd u like sessions so i put a session inside your session so you can TCP RST inside the session
14:10 < stefy143> traffic is more on the transport than session right
14:10 < Atro> define "traffic"
14:10 < detha> #define traffic CARS * many
14:10 < stefy143> binaries passing through wire?
14:10 < djph> stefy143: so, your application (L7) sends a request through the presentation layer (L6), which gets wrapped in a session (L5), which gets wrapped in a transport protocol (e.g. "TCP", L4), which gets wrapped in the network protocol (e.g. "IP", L3), which gets wrapped by a data-link protocol (e.g. "Ethernet", L2), which finally gets transmitted over the physical medium at L1
14:10 < Atro> that's L2
14:11 < Atro> djph: nice :>
14:11 < Atro> djph: but what about L8
14:11 < stefy143> its not the frame i was looking for
14:12 < stefy143> but the exact definition of session in another sense
14:12 < zetheroo> detha: when watching the kern.log it's scrolling so fast I can't keep up ... crazy
14:12 < stefy143> and i dont see it
14:12 < detha> zetheroo: hmm. can't remember how to filter on flags, but maybe state will do:
14:13 < detha> zetheroo: iptables -I INPUT -p tcp --dport 22 -s 1.2.3.4 -m state --state NEW -j LOG
14:13 < stefy143> okay lets say its a phone call
14:14 < stefy143> what would be session in that case?
14:14 < zetheroo> detha ok
14:14 < stefy143> is firewalls on session?
14:14 < djph> on the receiving side, physical electrical signals (L1) are interpreted and handed off to data link for initial interpretation / unwrapping (L2), which hands off to the network stack (e.g. "IP", L3), which hands off to the transport interpreter for packet re-assembly / re-ordering (e.g. "TCP", L4), which hands off to the session manager (L5), which sends to the right presentation manager (e.g. for
14:15 < djph> "mimetype image/jpeg", L6), which hands off to the application (e.g. "firefox", L7), which draws that funny cat picture in its window, for your eyes to see (L8)
14:15 < djph> actually ... s/packet re-assembly/datagram re-assembly/
14:16 < djph> Atro: there, took care of L8 for you :)
14:16 < thelucky1ike> lol
14:16 < thelucky1ike> L8 then is most problematic layer
14:17 < djph> indeed
14:17 < Atro> djph: yeah but sometimes the L8 is broken as hell
14:17 < djph> Atro: "sometimes"?
14:17 < stefy143> no answers?
14:18 < Atro> stefy143: phone call is SIP
14:18 < Atro> deduce the rest
14:18 < djph> stefy143: firewalls are typically L3.  They MAY also take L4 into account (but they don't have to)
14:18 < Atro> They may also take L7 if they're gud
14:19 < stefy143> your sentence doesnt make sense
14:19 < stefy143> im talking about l5
14:19 < djph> Atro: true, but DPI is a pain in the ass to get right.
14:19 < djph> stefy143: which is not typically something a firewall looks at.
14:20 < Atro> stefy143: https://en.wikipedia.org/wiki/List_of_network_protocols_(OSI_model)#Layer_5_(Session_Layer)
14:21 < regdude> Sanity check: CoS 1 is less important than CoS 7 (802.1p), right?
14:21 < Roq> regdude: yeah
14:21 < regdude> Roq: thanks! then I got it working now
14:22 < stefy143> better thanks Atro
14:23 < stefy143> so security is focus on session
14:23 < djph> stefy143: ignoring L7 / DPI ... most firewalls will look at:  L4 (protocol - TCP, UDP, ICMP, etc.); L3 (IP address); RARELY L2 (MAC Address - since they're only known to the local segment); and L1 (which physical interface is the traffic entering / exiting)
14:24 < stefy143> i get the rest
14:24 < stefy143> its the session im scratching my head at
14:24 < djph> L5/6/7 are typically outside the purview of a firewall's function.
14:24 < stefy143> i think its more on the syncing part
14:25 < Apachez> not a nextgen firewall :)
14:25 < Apachez> or proxybased firewall
14:25 < stefy143> access
14:25 < djph> stefy143: "sessions" in terms of networking are things like "this user is (still) authenticated to access those resources"
14:25 < Apachez> but sure a "regular" SPI based firewall only cares for L2, L3 and L4
14:26 < djph> Apachez: shutup you, I'm trying to keep this simple :P
14:26 < Apachez> djph: fuck me! :)
14:26 < stefy143> thats the problem
14:26 < stefy143> im not asking the network term
14:26 < djph> Apachez: back in the gimp box with you
14:26 < stefy143> im asking how it works and function
14:26 < Apachez> session is "this machine is still sending data within the protocol time to live"
14:26 < stefy143> i need to know how it works
14:27 < thelucky1ike> stefy143: but it is not in use anymore, why you need more than teoretical knowledge about it ?
14:27 < Apachez> stefy143: what was your question again?
14:27 < Apachez> I missed the start
14:27 < stefy143> or its useless to memorize terms and vocabs if u dont know how it works
14:27 < djph> stefy143: it depends on what SESSION MANAGEMENT utility you're using (e.g. SMB vs. SIP vs. hell, just a 3600 second counter)
14:28 < detha> stefy143: it is a model. from the olden days of networking. Some things in modern networking map to it easily, some don't. You will have to accept that.
14:28 < Apachez> stefy143: https://www.youtube.com/watch?v=8j0eqZKTjpk
14:29 < djph> stefy143: L5,6,7 are really more for the OS itself / applications.  You're asking networking guys -- we rarely go beyond L4 in day-to-day work.
14:29 < Apachez> https://www.youtube.com/watch?v=8j0eqZKTjpk&t=8
14:29 < dogbert_2> Ho, Ha, Ha, Guard, Turn, Parry, Dodge, Spin, Ha, Thrust!
14:29 < djph> dogbert_2: uuddlrlrba(select)(start)
14:29 < Apachez> its like subnet ranges
14:29 < stefy143> probably one of u guyz stumbled on it so i was asking
14:29 < Apachez> aka cidr
14:29 < Apachez> most knows /24
14:30 < Apachez> and /23 and /21
14:30 < dogbert_2> I watch too much Robin Hood Daffy :)
14:30 < Apachez> and /16 and /8 and /29, /30, /31 and /32
14:30 < Apachez> but how many have in the top of their head how many ip's /9 is ?
14:30 < dogbert_2> what is a /30 useful for (good interview question) :)
14:30 < djph> stefy143: we have, but it's one of the three (OSI Model) layers that ... well, don't really matter.
14:30 < djph> dogbert_2: nothing. :D
14:30  * dogbert_2 drops an anvil on djph 
14:31 < Apachez> dogbert_2: linknets with only two hosts and none of them supports /31 :)
14:31 < stefy143> no problem the wiki page might be of help
14:31  * djph steps to the left, reads 'ACME' on the side
14:31 < stefy143> ill just check what are those
14:31  * Apachez meep meep...
14:31 < dogbert_2> we had a guy inteviewing via skype and was googling da answers...needless to say, he didn't advance :P
14:31 < djph> Apachez: some 32 million and change, I think
14:32 < stefy143> okay thanks for the help more or less i get what session is more on access,handshake and flow
14:32 < Apachez> well thats what you normally do :P
14:32 < djph> oh wait, a /9 ... because I can read.  *facepalm*
14:32 < Apachez> but sure its better if the person can explain things without googling first
14:33 < dogbert_2> apachez, if it's a hand's on interview, yeah, but you should possess some basic knowledge walking in da door...
14:33 < stefy143> i didnt find the list
14:33 < djph> stefy143: the list of what?
14:33 < stefy143> it should be together with the osi
14:33 < dogbert_2> I spent the better part of 2 hours adjusting Bosch IP cameras (I put 25 of 'em online in the last two days)
14:33 < stefy143> and i did google cannot find what im looking for but its ok
14:34 < stefy143> more or less i got it
14:34 < stefy143> thanks
14:34 < stefy143> gotta go
14:34 < Apachez> stefy143: https://www.youtube.com/watch?v=8j0eqZKTjpk&t=8
14:34  * dogbert_2 spins The Ozark Mountain Daredevils - Jackie Blue
14:34 < stefy143> this list djph https://en.wikipedia.org/wiki/List_of_network_protocols_(OSI_model)#Layer_5_(Session_Layer)
14:34 < Apachez> 25 bosch cameras online?
14:34 < Apachez> with no firmware update?
14:35 < Apachez> so now you have 25 VPNfilter hosts? :)
14:35 < thelucky1ike> iot :D
14:35 < dogbert_2> oh, I can update them over the webUI...had to actually get them into the VSOM
14:36 < dogbert_2> I can tunnel/port forward to work on an individual camera, given the IP of the camera
14:37 < stefy143> ciao
14:37 < thelucky1ike> anyone can suggest something like rasberry pi, but little stronger, with some gig ethernet ports, to run as soho firewall ?
14:39 < tds> espressobin?
14:40 < dogbert_2> might werk
14:40 < dogbert_2> would like to see a RPi with dual gig-e and the ARM processor from hell to use as a IDS sensor :)
14:41 < djph> thelucky1ike: an edgerouter?
14:42 < dogbert_2> ERL would probably work
14:47 < thelucky1ike> djph: something like that, maybe runing pfsense even
14:47 < dogbert_2> pfsense would be a good choice also
14:48 < Kingrat> the only small arm devices pfsense can run on are what netgate sells, arm is not supported otherwise, also a lot of people are using the pc engines apu2 with pfsense/opnsense
14:49 < dogbert_2> yeah, that makes sense, Kingrat
14:49 < tds> if you want to use one of those little arm boards as a router, just doing it yourself with your preferred linux distro may work nicely
14:50 < thelucky1ike> could also do that, but hard to expect 1g roughput via them
14:51 < Kingrat> more likely with linux than bsd, linux can handle more bandwidth on equal hardware than bsd can right now, but bsd is a little more consistent latency wise and easier to predict
14:52 < Kingrat> either case should serve you quite well, but a diy linux router is a lot more work to set up and make changes to
14:54 < Apachez> thelucky1ike: ubiquiti edgerouter, er-x if you are on a budget - or if you have some more money they look at ER4 and ER6p
14:59 < thelucky1ike> er-x might fit my needs, will definetely check it out. is there something similar, where i can install my own linux on it?
15:00 < djph> not really, no
15:00 < djph> EdgeRouters are Debian (Jessie?) based
15:01 < djph> note that the ER-X is 1gpbs *total* throughput, and if you want 1gpbs simultaneous bidirectional throughput, you won't get it
15:01 < SwedeMike> djph: what is the block diagram, is it single gige to the SoC/packet accelerator?
15:02 < SwedeMike> djph: so all three ports share 1 gige to the SoC?
15:04 < SwedeMike> https://kazoo.ga/re-visit-the-switch-in-edgerouter-x/ seems to indicate that there are actually 2 gige worth of bw between the Soc and the switch
15:04 < SwedeMike> "To recap, between the CPU and the switch is aggregate 2Gbit/s throughput. "
15:04 < djph> SwedeMike: for the ER-X? it's something with how the "switch" vs. "routing" functionality works
15:04 < SwedeMike> djph: but if it's 2 gigabits/s then it would actually be possible to get 1 gigabit/s bidirectional performance
15:05 < SwedeMike> "There are two 1Gbit/s links between MIPS 1004Kc CPU and the switch block. In common usage, one would make use of both links to achieve an aggregate 2Gbit/s throughput. So 1Gbit/s full-duplex routing between two network interfaces is made possible. For example, a symmetric gigabit WAN is well and fully served as such."
15:05 < djph> it's all the same die -- as I understand it, the backplane speed is literally only 1gbps
15:06 < SwedeMike> hm, ok, further down in the text is a lot of caveats
15:06 < djph> SwedeMike: there's something about that "second link" that makes the ER-X not work like that
15:06 < djph> IIRC, like it's only usable by an external switch chip
15:07 < SwedeMike> djph: yep, it looks like you're correct, it actually only uses one of the two gige:s to the SOC
15:07 < SwedeMike> that's silly of UBNT to design it like that for the non-SFP models.
15:07 < djph> they didn't
15:08 < djph> or well, I mean, Mediatek are the guys who made the chip stupid like
15:08 < djph> but, let's be honest here, it's a $50 router :)
15:09 < SwedeMike> djph: from what I can gather, if they made eth0 into one vlan, and eth1-4 into one vlan, they could each go on separate switch/CPU interconnects. Lots of other devices do this.
15:09 < djph> SwedeMike: it's not VLANs ... it's PHYSICAL wiring
15:10 < djph> SwedeMike: e.g. they'd have had to use a second switch chip instead of just the one mediatek CPU in order to get the 2gbit capacity
15:10 < SwedeMike> djph: or actually wired one port directly to RGMII and called this "WAN".
15:11 < djph> SwedeMike: yeah, they could've done that too, and lost the "you can use all the ports as a single switch" option
15:11 < SwedeMike> right.
15:11 < djph> personally, I'm happy with a $50 router / switch / do whatever I need
15:12 < djph> even if it means I only get 1gbps total routed throughput
15:12 < SwedeMike> right, but it's something that is not obvious to the general person buying this. But I agree, it's a very competent USD50 device.
15:13 < djph> SwedeMike: yeah, the downside of UBNT having a pricepoint stupids are comfortable with :)
15:13 < thelucky1ike> yes, seems to have it nicely, will need to put aside some 200+$
15:14 < SwedeMike> the ER3 is better in this aspect, as long as one does things it has support for acceleration for. The mediatek has nice acceleration for a lot of things, but now instead limited by wiring.
15:27 < regdude> which SoC is that EdgeRouter using?
15:28 < regdude> probably MT7621A, those had limited data lanes when enabled a SFP or switch chip, that is the least weird thing MediaTek does, they are extremely cheap for a reason
15:37 < djph> depends on the ER
15:37 < djph> IIRC, ER-X[-SFP] are the only Mediatek chips; with the rest being Cavium
15:41 < Langley> Hello, when setting up Dovecot mail on one server, and Roundcube client on another server, both must use the same (non-self-signed) certificate, right?
15:42 < Rayben> The earliest seaworthy boats may have been developed as early as 45,000 years ago, according to one hypothesis explaining the habitation of Australia
15:43 < Rayben> There are indications as stone tools and traces left on a rhinoceros skeleton that suggest early hominids crossed the sea and colonized the Philippine island of Luzon in a time frame as early as 777,000 to 631,000 years ago.
15:43 < Rayben> Over thousands of years of human migrations and the rise of ancient civilizations, seafaring exploration led to ocean trade routes. The earliest known reference to an organization devoted to ships in ancient India is to the Mauryan Empire from the 4th century BC. It is believed that navigation as a science originated on the Indus river some 5000 years ago.
15:43 < Rayben> In the early modern period, successor states of the Adal and Ajuran empires began to flourish in Somalia, continuing the tradition of seaborne trade established by previous Somali empires.
15:43 < Rayben> The world's first dock at Lothal (2400 BCE) was located away from the main current to avoid deposition of silt.[16] Modern oceanographers have observed that the Harappans must have possessed great knowledge relating to tides in order to build such a dock on the ever-shifting course of the Sabarmati, as well as exemplary hydrography and maritime engineering.[16] This was the earliest known dock found in the world, equipped to berth and service
15:43 < Rayben> ships.[16] It is speculated that Lothal engineers studied tidal movements, and their effects on brick-built structures, since the walls are of kiln-burnt bricks.[17] This knowledge also enabled them to select Lothal's location in the first place, as the Gulf of Khambhat has the highest tidal amplitude and ships can be sluiced through flow tides in the river estuary.
15:47 < njbair> what just happened?
15:54 < djph> Langley: no (but RC MUST trust "mail.yourdomain.com", or whatever the dovecot cert is).
15:55 < Langley> djph, thanks but I guess I should have asked instead: must the certs be different? We only have this one set
15:55 < djph> Langley: although, I'm assuming you mean using the cert for SMTPS / STARTTLS on the dovecot side, and e.g. "webmail.yourdomain.com" for roundcube
15:55 < djph> the cert name MUST match the host / URL.
15:56 < djph> although SMTPS / STARTTLS can be told "meh, just go with it" (not the best idea, but ... it'll work)
15:56 < njbair> couldn't you add the Dovecot server's self-signed CA to the Roundcube server's trust chain?
15:56 < Langley> Hmm... the problem is that when switching Dovecot to the certs, Roundcube doesn't log in (just loads forever) and Dovecot's imap logs gives "unknown ca" errors
15:56 < djph> njbair: you could do that too
15:57 < djph> means your dovecot setup is wrong
15:57 < djph> e.g. you don't have the full chain in the trust store on that server
15:57 < djph> *likely means that [...]
15:58 < njbair> but that's Dovecot's logs, which means Dovecot is having trouble connecting to something?
15:58 < Langley> Roundcube is logging errors too
15:59 < Langley> SSL routines:ssl3_get_server_certificate:certificate verify failed in /usr/share/php7/Roundcube/rcube_imap_generic.php on line 1027
15:59 < djph> Langley: then you don't trust the cert on teh RC side either
15:59 < Langley> We do have our intermediate certificate set in Dovecot... and it works for other clients (desktop clients, Tine20...)
15:59 < djph> OR RC is erroring BECAUSE dovecot is erroring
16:00 < djph> njbair: Dovecot is having trouble establishing the chain of trust internally for itself (e.g. someone's asking dovecot to prove it is who it says it is, but it can't find some part)
16:01 < djph> njbair: e.g. the private key, or can't get from "end-entity" to "intermediate", or ...
16:01 < njbair> djph, makes sense.
16:03 < Langley> Hmm doesn't make sense to me... since it's only Roundcube that's not working
16:03 < djph> then dovecot is reporting the error on behalf of RC spazzing out
16:04 < w0lff_> Hi guys, I'm trying to ping a web server using its domain name. But the web server has no public IP of its own but it is part of a local network. The router to which the web server is connected has dynamic NAT enabled bot to the inside and the outside. But I'm not able to ping the web server from outside the router to which it is connected. Please help me. Thanks in advance!
16:05 < Langley> So Roundcube fails to verify Dovecot server's certificates, right?
16:05 < tds> how did you specify the server in roundcube? you'll need to make sure you use the right hostname rather than IP, since otherwise the cert won't be valid (unless you got a cert with an ip as a san)
16:06 < tds> I'd try and make a connection to the imap server with say gnutls-cli, that may help diagnose the cert issues
16:06 < compdoc> w0lff_, sounds like you need a dns service  and some port forwarding
16:06 < Langley> tds, it's set to imap.company.com:993
16:07 < djph> Langley: possible
16:07 < tds> Langley: I'd try manually poking it from the roundcube server then
16:09 < w0lff_> compdoc_, Thanks for replying, I'm actually using gns3 and this situation I'm trying to achieve in gns3. I have a dns service on th router that the server is connected to (Let's call this router R2). R2 has another router connected to it on another interface(lets call this router R1). I have enabled dns on R2 and R2 is able to ping the server using its domain name. Is there no way to make R1 ping the server without configuring po
16:10 < Langley> Huh, gnutls fails too, it's receiving the old certificate... is there any other service other than Dovecot I need to restart?
16:11 < djph> recheck the dovecot configs, I guess
16:11 < w0lff_> compdoc_, I'm pretty new to networking concepts, as a matter of fact I'm using gns3 to learn about networking, sorry if this seems like a naive issue.
16:11 < djph> w0lff_: yeah, you're gonna need DNS somewhere
16:11 < tds> I guess it might be worth checking what's listening on 993 in case it's stunnel sitting in front of dovecot or something weird, that sounds unlikely though
16:12 < Langley> ..... actually I did try to set up stunnel a while back, for another issue
16:12 < w0lff_> djph_: I do have DNS running on R2, the router that the server is connected to.
16:12 < Langley> But that was on the Roundcube server
16:14 < djph> w0lff_: and is that DNS available to ... where-ever you're connecting from?
16:16 < w0lff_> djph_: Yes, I'm trying to ping the server from R1, which is also connected to R2 on another interface. R1 can resolve the private IP address of the server since it's connected to R2, but i guess it can't ping the server since R1 and he server is part of different IP ranges.
16:17 < djph> so then the DNS entry / entries provided by R2 for "host.your.tld" are not available for R1
16:17 < w0lff_> djph_: I'm sorry i didnt mention this earlier, but the whole reason I'm trying to ping the server is to capture the ping on wireshark so i can study the action of NAT.
16:17 < djph> or R1 is looking at the wrong DNS server(s) (e.g. 8.8.8.8 instead of R2)
16:18 < djph> if you want to resolve "host.your.tld" from another device; that device MUST be able to communicate with a DNS server that can resolve "host.your.tld" to its IP address.
16:20 < Langley> Nah it wasn't stunnel... and gnutls shows the right certificate from the Roundcube server
16:22 < w0lff_> Well R2 is able to provide R1 with the IP address of the server. But it provides R1 with the private IP address of the server. I'll be a little more specific. The IP range between R1 and R2 is 192.168.31.0/24 and the IP range between R2 and the server is 10.0.0.0/24. The private IP address of the server is 10.0.0.2. When R1 tries to ping the server, the name is resolved to 10.0.0.2. But since the IP address of R1 is 192.168.31.45
16:24 < w0lff_> Also, the name is resolved to 10.0.0.2 only because ive configure R2 to provide DNS for R1. But what i really want is for R1 to ping the server without seeing its private IP. it should be able to ping the server by resolving the name to its Public IP address, i.e. the IP address of R2. Is there no way to do that?
16:25 < djph> w0lff_: OK, so R1 can PROPERLY resolve the IP address?
16:25 < djph> w0lff_: in that case, change the DNS to point to 192.whatever ... or just skip DNS entirely and ping the relevant IP that's supposed to initiate the NAT
16:26 < w0lff_> djph:_ Yes, R1 can resolve the private IP of the server. but cant ping it.
16:26 < djph> (NOTE - I am, of course, assuming you're doing 1:1 NAT, or otherwise forwarding ICMP)
16:26 < djph> w0lff_: and do you have a route to 10/24 via R2's 192.x interface established on R1?
16:28 < w0lff_> djph_: How would I add a route like that? I thought the router will figure that out using a routing protocol.
16:28 < djph> w0lff_: are you using a routing protocol?
16:28 < tds> if you've configured a routing protocol, sure, it doesn't work by magic though :)
16:29 < w0lff_> djph_: Also, about the NAT. I'm using dynamic NAT where the router assigns each internal IP to a port.
16:29 < djph> I mean, routing protocols are simply ways for routers to exchange routes.  If you've not configured that, then a static route (e.g. 10/24 via 192.168.31.2 ) is perfectly fine
16:30 < w0lff_> djph_: So how do i go about configuring a static route on a cisco router?
16:30 < djph> w0lff_: no clue, I don't Cisco.
16:32 < w0lff_> djph:_ Okay thanks for your help. Just one last thing, If i make a static route to the server from R1, will R1 is any case know the private IP address of the server? I want R1 and the devices behind R1 to have NO clue of the internal IP of the server.
16:33 < djph> w0lff_: then you have to unfuck your DNS, and resolve "server.your.tld" to the "public(tm)" interface of R2.
16:36 < adam5isalive> Anyone here have any experience with Extreme/Avaya Fabric Connect?
16:36 < w0lff_> djph_:I did that at first but the ping stops at R2.
16:36 < djph> then R2 is not responding to ICMP
16:37 < djph> or you haven't forwarded it
16:38 < w0lff_> djph_:But wouldn't the forwarding be taken care of since I've done NAT for both outside and inside?
16:38 < djph> w0lff_: ICMP is not TCP (80)
16:38 <+pppingme> why are you nat'ing on your own network? ("inside")
16:39 < djph> pppingme: I don't even want to know :)
16:39 < djph> (I think it's gns3 / testing / fake / ohgodwhy)
16:43 < adam5isalive> NATing inside your network isn't unusual.
16:54 < bezaban> sadly
16:54 < adam5isalive> It is what it is.
17:52 < josuah> hello, I'm getting started with networking, half through practice and tldp's linux-network-administrator-guide, and running with linux issues
17:53 < josuah> what I do: brctl addif br0 eth0
17:53 < josuah> then eth0 is stuck right away: I do ping 192.168.0.1 (home router) and no response
17:54 < josuah> as soon as I brctl delif br0 eth0, eth0 is back and ping start over
17:54 < josuah> I did the same on OpenBSD and it works as expected.
17:55 < josuah> Am I doing an obvious beginner mistake (wrong toolset, forgot to enable spanning tree protocol...)?
17:55 < josuah> if not well, I bet all I got to do is go back reading that book, that sure won't hurt :)
17:56 < tds> what was the configuration of those interfaces when you added it to the bridge? normally you'll have all the IP addresses on the bridge itself, rather than on the member interfaces
17:57 < josuah> tds: I'm pasting an ip addr and a brctl show on ix.io...
17:57 <+xand> josuah: what tds said - bridge member interfaces shouldn't have IP addresses, the bridge should
17:57 < josuah> but yes I have an IP on eth0 given by dhcp.
17:58 < josuah> http://0x0.st/s_fr.txt
17:59 < josuah> 260226th interface created yeah :P (auto restart overnight)
17:59 < josuah> thank you a lot, I'll try to remove the address from eth0 and add it to the bridge instead.
18:04 < josuah> THAT WORKED! :D
18:04 < josuah> thank you a lot tds and xand!
18:04 < tds> glad that sorted it :)
18:05 < josuah> I was simply not getting how a bridge works, I'll read more on that.
18:12 < deepy> anyone got a cable model to recommend?
18:12 < gentoo> josuah: can you get me out of here?
18:12 < deepy> bonus points if it can be powered by PoE
18:12 < gentoo> deepy: none
18:12 < gentoo> cable is trash
18:12 < GenteelBen> I only buy BenCo Gold cables.
18:13 < deepy> My options are cable model or 4G modem
18:13 < GenteelBen> gentoo is right, do the sane thing and make your own.
18:13 < deepy> As soon as the 4G stops having silly bandwidth caps I'm ditching cable modem
18:13 < GenteelBen> lol
18:13 < gentoo> deepy: cable is limited in ways that make you a slave to some unknown dev
18:13 < GenteelBen> You're both terrible people, for different reasons.
18:14 < gentoo> it caps below 2600mhz
18:14 < GenteelBen> gentoo because he's trolling, and deepy because he genuinely believes what he's saying.
18:14 < deepy> GenteelBen: hey, so far it adds up
18:14 < deepy> I've never had a non-shit experience with cable modems
18:14 < gentoo> cable is not internet
18:14 < gentoo> anything which requires a gateway is garbage
18:14 < gentoo> not internet
18:14 < GenteelBen> Wireless tech is currently half-duplex and shitty. So far there's no way to make it more than like 1/10th as fast as a cabled connection.
18:14 < gentoo> paying for the shopping cart to spy on you
18:15 < gentoo> that is about what it amounts to
18:15 < GenteelBen> You're even worse than I imagined, gentoo.
18:15 < GenteelBen> Change your nick to ubuntu.
18:15 < gentoo> if you cannot make a direct peer connection it is not internet
18:15 < deepy> Honestly, my ISP is bad enough that anything is a sane alternative
18:15 < deepy> Well not 3G because of the latency
18:15 < GenteelBen> Are you in the US, deepy?
18:15 < deepy> Nope, Sweden
18:16 < GenteelBen> What's your connection like?
18:16 < deepy> 50/10 on paper, usually about 30/10 for 28/30 days a month
18:16 < superkuh> gentoo++
18:16 < gentoo> deepy: if you are a prisoner sure buy cable
18:17 < gentoo> pay for your chains
18:17 < GenteelBen> And you think 30/10 is bad?
18:17 < deepy> the other 2 I get about 15% packet loss
18:17 < GenteelBen> There are Africans who get like 3KB/s
18:17 < GenteelBen> 30/10 is perfectly fine for anything except like, 3 people streaming Buttflix at once.
18:17 < GenteelBen> Buttflix in 1080p
18:17 < deepy> The problem is that I have to call my ISP about twice a month
18:18 < GenteelBen> Fuck, even then the bitrate's going to be much less than 10Mbit/s.
18:18 < superkuh> I'd rather have lossy 56k than a mobile connection without an ipv4 behind carrier-nat with no real ports or ability to interact with the internet except via http/s.
18:18 < GenteelBen> deepy, move to Norway - problem solved.
18:18 < deepy> I can move to most of the other places in town and not have to suffer ComHem as an ISP
18:19 < superkuh> Comcast at least gives you a real connection.
18:19 < deepy> Still, anyone got a cable modem without a router to recommend?
18:20 < gentoo> the cable possibly attaches to a fake internet in a NAS box
18:21 < deepy> Some days I question if the cable is even attached on the other end
18:21 < Aeso> deepy, SB6183 (if your ISP supports it)
18:21 < superkuh> ARRIS SURFboard SB6183
18:21 < gentoo> it isn't uncommon to find the town decides to impliment sharesall law 3 days after install
18:21 < kottt> have had no trouble on spectrum/twc with the SB6121 but it is definitely an old model
18:21 < kottt> if you're just really hard up for cash
18:21 < superkuh> SB6141 is fine too.
18:22 < kottt> basically the Surfboard line
18:22 < gentoo> you pay for the town's internet
18:22 < Aeso> yeah, 6141 and 6121 are fine so long as you don't need the additional upstream channels
18:22 < kottt> moto/arris SB#### is pretty good
18:22 < Aeso> err downstream
18:22 < gentoo> 3 days after install your line is spliced for everybody in town
18:22 < deepy> I can't seem to find arris in Sweden :-/
18:22 < kottt> ebay?
18:22 < superkuh> My service is 50/10 so 4 channels is just fine. With a 1 TB/mo limit why bother with more.
18:23 < deepy> Shipping on ebay is about 1.5x the price of the device :D
18:23 < gentoo> for every new line of service what is it about 1million in credit fraud
18:49 < Stranger789_> best free (open source by pref) for SNMP server ?
18:50 < PowerPCM_> Hi, what is the best way to change my IP address?
18:50 < Stranger789_> public?
18:50 < PowerPCM_> public yes
18:51 < skyroveRR> A proxy.
18:51 < Stranger789_> if your isp dont provide you another ip per reboot
18:51 < Stranger789_> then you must use proxy or better a decent vpn
18:52 < Stranger789_> if you have dynamic public ip then go with reboot, or if you want to be faster, look for a release option on your router.
18:53 < Stranger789_> otherwise telnet maybe? or make a scrypt to automate it if possible. i suppose
19:01 <+pppingme> PowerPCM_ what kind of connection?
19:16 < hagbard> So, I'm reading this LoA for a cross connect and it says, "drop and tag". I get that tag means label. What does drop mean?
19:18 < pekster> hagbard: typically "supply to the endpoint." In the case of facility racks that tends to me "coil up a usable amount and leave at the rack for the customer to connect to their gear"
19:19 < hagbard> pekster: Ok, thank you very much. I'm glad I asked as that's exactly not what I want.
19:19 < hagbard> I'm writing my own LoA and was looking at this one as a guide.
19:20 < hagbard> This is one cogent gave us a while back. The weird part is that they still specified ports on a patch panel.
19:21 < pekster> Generally a cross-connect setup doesn't include actually connecting the link at the customer's end, though some facilities include (or offer, for a pro-rated hourly fee) "remote hands" support which could further make the connection to switching/routing gear
19:21 < pekster> The setup is quite literally a connection to some other part of the facility
19:22 < E1ephant> / buf14
19:24 < hagbard> ok, I see. I interpreted, "coil up a useable amount and leave at the rack" to mean that they would run the fiber to the cabinet and then let the customer terminate the end and install it in their own patch panel.
19:25 < hagbard> This is an equinix site, so, yeah, they have smart-hands, too.
19:25 < E1ephant> "smart" hands
19:25 < hagbard> E1ephant: *exactly*
19:26 < hagbard> Jesus, christ. And the tech can't speak on the phone in front of the rack, because, you know, it's kinda loud. So, they have to walk four minutes from their office to the cabinet, forget what was said on the phone, walk back to the office to call you and ask what they were supposed to do again.
19:28 < hagbard> I haven't had to use smarthands too many times, but I've had the best success supplying a link to a google docs document in the ticket. Once the tech is actually handling the ticket, write, "YOU CAN EDIT THIS, BTW." in bold, red. End up playing quite literally, multiplayer notepad.
19:28 < E1ephant> :D
19:29 < hagbard> Incidentally, it's important to wait until the after the service desk has accepted the ticket, because they will reject it if you try to communicate directly some way other than through them.
19:29 < hagbard> At least, that was my experience.
19:30 < hagbard> So, am I correct to understand, "drop," as a verb here means that they'll leave me a patch cable connected to the port on the patch panel?
19:37 <+sep> hagbard, I can reccomend these to them, about the only thing working properly inside our DC  https://www.staypro.no/verneutstyr/horselvern/horselvern/3m-peltor-ws-alert-xpi-horselsvern-bluetooth-med-isseboyle.
19:39 < hagbard> sep: Interesting. Have you spoken to someone who was using one of these? How effective is the noise filtering?
19:39 < pekster> Depends on your suite, but you'll most commonly terminate a coper or fibre direct into your network gear. Patch-panels are used when you terminate unfinished cable (like 8P8C cabling without a plug attached) in a way that allows you to modify what switchport they land on. A cross-connect generally is furnished with a finished plug for the customer to connect wherever they see fit
19:40 < pekster> cross-connect is "just a really long cable" (or not so long, depending on the length of the connect. Could even technically be to the rack next to you!)
19:40 < hagbard> pekster: Interesting. Fair. All our Equinix cabinets have a patch panel at the top of them
19:40 < hagbard> Agreed, understood.
19:41 <+sep> hagbard, i use them myself fairly regularly. i can hold normal conversations inside the DC, using just the phone or the plantonics i have in my backpack are impossible.
19:41 < hagbard> I've done this process a number of times now, but I was always receiving an LoA from someone else.
19:41 < pekster> One of our suites has a cross-connect that goes down 2 floors and across half the building :)
19:42 < hagbard> We have one at NY5 that actually goes under the street to NY4 and then through another subterranean tunnel to NY2.
19:42 < hagbard> I was just worried that I might be stating the wrong thing in this LoA if I just copied what another one said without understanding it.
19:42 < hagbard> Hence my question.
19:43 < hagbard> I just want them to terminate the cross connect at the panel at the top on the first available port. If they can leave an LC-LC SMF patch cable there, that'd be neat. I've always assumed I'd have to supply my own.
19:44 < hagbard> I'd ask my CSM if my CSM wasn't worthless. We used to have a great one, but he got promoted.
19:46 < hagbard> sep: Thank you very much for the suggestion. They're $400 on amazon, but if they work as well as you claim, that sounds almost too cheap.
19:46 < hagbard> sep: Are they comfortable for wearing for an hour? four hours?
19:47 <+sep> better then most in my opinion. but you do get a set of hot ears after a day in the hot zone in the DC.. :)
19:50 <+sep> but not beeing able to talk while at the rack is just not practical.  had to deploy wireless in the DC so we could use VoWIFI on the phones. POE devices is powered a relay operated outlet. so only wireless when the alarm is off (someone is working)(
19:57 < hagbard> sep: Nice. I just submitted the purchase request for one of them.
20:17 < Goop> When a wireless router can do 5GHz, does that include the 5.8GHz range?
20:22 < qoxncyha> why might a TXT record on a second-level subdomain (x.y.z.net) not be picked up (NXDOMAIN)?
20:23 < hexa> how could load-balancing (with sticky flows) two wan links on linux work?
20:24 < hagbard> hexa: in what sense, are you asking how you'd implement it?
20:24 < hexa> yep, that. I need a hint what mechanism I could use to do load-balancing on to DSL lines
20:24 < hexa> s/to/two/
20:25 < hagbard> hexa: Well, it sounds like what you're doing is often called, "dual wan"
20:25 < hexa> funny, I was looking for multiwan and the internet wasn't exactly helpful
20:26 < hagbard> But, don't mistake it for "load-balancing" because, assuming residential ADSL, there's no way for the router to switch a connection between the two links nor to split traffic from the same connection across the two links.
20:26 < hagbard> hexa: This may help: http://www.darrylpetch.com/post/15943323883/linux-dual-internet-connections-load-balancing
20:26 < hexa> basically I want to distribute new flows according to the load on the links
20:27 < hagbard> hexa: Are both links from the same carrier?
20:27 < hexa> they could be, I'm at the design stage right now
20:27 < hagbard> Is this a personal/residential or professional/commercial endeavour?
20:27 < hexa> hackerspace
20:28 < hagbard> Ok, so that weird space in between the two.
20:28 < hexa> aye
20:28 < hagbard> I'd suggest you speak to a sales rep for the carrier and ask to speak to a technical person and explain your situation and ask for advice. (Play dumb.)
20:28 < hexa> we're only getting 25/5 Mbit/s on a single link and it's just not enough :)
20:28 < hagbard> They may be able to channel bond two DSL lines for example, as a single link
20:29 < hexa> in theory they could, but the carrier is DTAG, and they're not going to do anything custom
20:30 < hagbard> Because they're cunts or because you've asked them and they told you to sod off?
20:30 < hexa> because they have fixed radius profiles and they stick to them to reduce support effort
20:31 < hagbard> Understood. I'd still suggest asking because what's the worst that happens, they can do something for you?
20:31 < qman__> Something to keep in mind, I've done work for places that had multiple connectuons from the same carrier (comcast) and they wouldn't get the advertised speeds on all the connections at once because it's shared infrastructure
20:31 < hagbard> qman__ makes a good point.
20:31 < hagbard> I was assuming that the core of hexa's problem was the distance from the DSLAM.
20:32 < hexa> this is a DSL line, so it's a dedicated copper wire pair to the DSLAM at least
20:32 < hagbard> Another problem I've encountered with dual-wan setups is the NAT'd source address changing back and forth confusing some sites.
20:33 < hagbard> Also, when only one of the internet connections goes down, then the internet suddenly, "half works."
20:33 < hexa> yeah, sure, there are kinks involved :)
20:33 < hagbard> And not the good kind of kinks.
20:34 < hexa> multipath tcp is one option I'm considering
20:34 < hagbard> hexa: Commercial customers often get a little more latitude. I've found that by calling up, explaining a situation and asking for advice I get a better response than calling up and asking to do some thing I read on the internet Y.
20:35 < hagbard> That's just my thoughts.
20:39 < qman__> Yep, I've done a lot of work for small businesses in similar situations, had varying configs from simple backup connections to stuff like servers use connection A and users use B, or wifi on A and wired on B, to crap small business routers that are supposed to load balance, to setting up vyatta/vyos, to messing with linux routing manually
20:39 < hexa> I totally get what you're saying. The only bonding options that are offered is with DSL+LTE over GRE
20:41 < hexa> in a huawei cpe device
20:45 < ryao-outside> My neighbor's sister-in-law moved from South Africa to the US. She forgot her Google password. The only recovery mechanism that she has uses the south african phone number. She apparently still has it and is going to get it from her house. I am going to try to see if it will do international roaming to receive a text message from Google. If it does not, is there any way to port the number to a VoIP provider that can enable her to receive t
20:45 < djph> "maybe"
20:46 < ryao-outside> That was what I thought, but I am really not having fun trying to make sense of VoIP providers to figure out if that can be done. :/
20:47 < qman__> Many voip providers have sms capability, the issue is porting the number
20:47 < qman__> US numbers have to be portable by law
20:47 < qman__> South africa could be another case entirely
20:48 < Apachez> I doubt that
20:48 < Apachez> portable are within countries according to ITU
20:48 < Apachez> I mean you have the country code to spoil that to begin with
20:48 < ryao-outside> https://www.icasa.org.za/uploads/files/Geographical-Number-Portability-Consumer-Guidelines.pdf
20:49 < ryao-outside> That doesn't mention porting to VoIP. :/
20:49 < ryao-outside> Maybe I should ask this. Are there any reputable VoIP providers that support South African numbers? I am having a heck of a time trying to find even one. :/
20:51 < hagbard> ryao-outside: Totally maybe and would definitely depend on the south african carrier and south african laws.
20:52 < hagbard> ryao-outside: I'd find south african voip providers and start calling them, explain the situation and ask if they can help.
20:52 < ryao-outside> Thanks.
20:53 < ryao-outside> Well, I'll know more when she returns with the SIM card. If I am really lucky, it will roam and she can pay some absurd price for a single SMS.
20:53 < ryao-outside> I don't expect to be that lucky though. I expect this to be one of those days where I will regret having gotten out of bed in the morning.
20:54 < ryao-outside> And she just called to say that she cannot find her SIM card. -_-
20:56 < qman__> Best start thinking hard about that password
20:56 < ryao-outside> qman__: Well, I might not need the SIM card to do a number port, so I can still look into that.
20:57 < ryao-outside> She just said that she found it. ^_^
21:00 < ryao-outside> qman__: I actually have a last resort. Trying to talk to someone from Google about getting them to reset her password on my word that I am not trying to social engineer them into doing a password reset without permission. I do have access to her account via chrome on her machine, but not via thunderbird where the oauth2 token expired. That is how she realized that she forgot her password.
21:00 < ryao-outside> And if that fails, making a new gmail account, sending it as a forwarding address on the old one and configuring an autoresponder on the old one to tell people to use the new email address.
21:00 < ryao-outside> s/sending/setting/
21:01 < ryao-outside> That last resort is setting off so many alarm bells in my brain that I have trouble imagining it being successful. ^_^;;
21:07 < josuah> <gentoo> josuah: can you get me out of here?
21:07 < josuah> You mean out of the local network?
21:07 < josuah> sorry that's old message ^_^'
21:20 < kottt> i cant seem to find any information online about how VPNFilter actually infects targets
21:21 < kottt> does it just scan public address space for vulnerable devices, or can it get picked up by drive-by downloads?
21:26 < godxeno> i need help
21:27 < drudge`> okay
21:27 < godxeno> so half websites
21:27 < godxeno> dont work
21:27 < godxeno> and can't play steam games
21:27 < godxeno> online
21:28 < godxeno> so facebook youtube and google work
21:28 < godxeno> but everything else times out how to fix tried restarting router flushing the dns
21:28 < godxeno> renewing the ip any solutions you may have would be much appricated
21:28 < drudge`> can you ping the web sites that do not work and/or visit a non-working website by IP?
21:29 < godxeno> they all work from my phone mobile data
21:29 < godxeno> but not from my
21:29 < godxeno> router internet :(
21:29 < godxeno> how to fix it?
21:30 < godxeno> its making em sad ;(
21:31 < godxeno> *me
21:33 < drudge`> can you ping the web sites that do not work and/or visit a non-working website by IP?
21:33 < godxeno> nope they
21:33 < godxeno> just type out
21:33 < godxeno> *time out
21:33 < drudge`> from your non-working PC
21:33 < godxeno> can't ping it
21:33 < drudge`> ping by hostname or IP?
21:33 < godxeno> both
21:33 < godxeno> won't work
21:34 < godxeno> im thinking the router died
21:34 < TandyUK> is your rotuers WAN actually connnected?
21:34 < drudge`> is your PC plugged directly in to your router or does it go through wifi/switch(es)
21:34 < godxeno> wifi
21:34 < TandyUK> oh, myabe "have you even tried accessing the router" might be a better start lol
21:34 < godxeno> router
21:34 < godxeno> adsl
21:34 < godxeno> 2
21:34 < drudge`> can you plug directly in to the router for further testing by IP/hostname?
21:35 < godxeno> how so?
21:35 < godxeno> 3 websites i can open is google youtube and facebook
21:35 < godxeno> everything else times out
21:35 < godxeno> or partially loads if ive looked at that website before
21:36 < TandyUK> what does "ping 8.8.8.8" say?
21:36 < drudge`> does your router have an additional cat5 interface for your computer to bypass wifi?
21:36 < godxeno> Reply from 8.8.8.8: bytes=32 time=15ms TTL=59
21:36 < godxeno> yeah but i have no cat 5
21:36 < godxeno> cable :(
21:36 < TandyUK> ok, dns is broken
21:37 < godxeno> how to fix tandyuk
21:37 < TandyUK> ipconfig /all   and check what your dns/nameserver addresses are
21:37 < TandyUK> it oculd well be set to use your router, which in turn is set to use your ISP's dns servers, and either of those might br broken
21:38 < godxeno> pastebin works too
21:38 < godxeno> https://pastebin.com/NLfm1e4h
21:38 < TandyUK> you said you have google, so check "how to set nameservers to 8.8.8.8 in windows"
21:39 < godxeno> ipv6
21:39 < godxeno> or ipv4
21:39 < TandyUK> or for a better fix, login to your router, and set it to hand out 8.8.8.8 (google), 1.1.1.1 (cloudflare?), 9.9.9.9, (cant rmemeber) 208.67.220.220 (opendns) or any other namservers you like, which arent currently broken :)
21:39 < godxeno> whcih one
21:40 < TandyUK> v4
21:41 < godxeno> and which do i do
21:41 < godxeno> top or bottom
21:41 < deepy> 9.9.9.9 is Quad9
21:42 < godxeno> TandyUK
21:43 < drudge`> godxeno primary dns being 8.8.8.8 i beleive is what they intend for you to set
21:43 < deepy> godxeno: set the first one to 9.9.9.9 and the second to 1.1.1.1
21:43 < pekster> opendns is arguably broken as they violate RFC
21:43 < drudge`> i would define a decondary one as well, deepy suggested 9.9.9.9
21:44 < TandyUK> pekster: agreed, their redirects for nxdomains are annoying
21:44 < pekster> Annoying and standards-violating (for profit no less..)
21:45 < godxeno> nope does not work
21:45 < pekster> An old job ran split-horizon DNS and (arguments for/against that notwithstanding) ISPs that did such things caused active breakage for our remote users thanks to how the Windows resolver worked. Abuse of DNS is always wrong
21:45 < godxeno> nope doe sno
21:45 < drudge`> godxeno can you be more specific with what didn't work
21:45 < godxeno> *does not work
21:45 < godxeno> oh shit i already said that
21:46 < godxeno> the same websites
21:46 < godxeno> and blog spot works thats anothero ne of the working ones
21:46 < godxeno> https://gyazo.com/580ff0c04d6f6e857a1d3cd3d7c79f64
21:46 < godxeno> check
21:46 < godxeno> i did what u said
21:46 < godxeno> so i uploaded screen shot
21:47 < godxeno> (can't even look at gyazo image)
21:47 < godxeno> times out
21:47 < godxeno> oh it loaded but very slowly it did
21:47 < TandyUK> your isp is fucked from the sound of it
21:47 < TandyUK> or you have a line fault or somethign else interfering
21:48 < TandyUK> at this point, as an isp, id suggest phoning your isp
21:48 < godxeno> i will once they are up
21:48 < drudge`> schedule maintenance window and factory default your router as last chance...double check wiring? otherwise it's your ISP i'd think
21:48 < TandyUK> and be aware they will also want you to go physically plug your laptop or whatever into your rotuer to rule out any wifi whit too
21:48 < drudge`> your phone on wifi has same issues as pc on wifi?
21:49 < TandyUK> make sure the phone is actually on wifi, and not going 'oh this wifi is shit, fallback to 4g'
21:50 < godxeno> they open in 10 minutes
21:50 < godxeno> yes it does
21:50 < godxeno> i turned off 4g
21:50 < ryao-outside> I just spoke to VoIP.ms. They cannot help. Does anyone have suggestions for reputable VoIP providers that I can contact about porting a number from South Africa?
21:50 < godxeno> to test it :(
21:50 < godxeno> yes ask for some ebola ;(
21:51 < godxeno> jk
21:51 < godxeno> voice over ip is voip right?
21:51 < TandyUK> yup
21:52 < drudge`> being a clasically trained nerd it strikes me as odd when people state they don't have cat cable
21:52 < drudge`> cat5
21:54 < godxeno> i live at university
21:54 < godxeno> and i got the router
21:54 < godxeno> for 50 dollars from them
21:55 < godxeno> they did not supply me with a cat 5 cable only that blue cable that plugs into wall
21:55 < godxeno> that i forgot the name of :(
21:55 < godxeno> xD
21:56 < drudge`> sounds like cat5 =) but you need that to remain plugged in hah
21:59 < TandyUK> ryao-outside: I can make some enquiries, but I wouldnt wanna get your hopes up
22:00 < TandyUK> really you need to find a voip provider, who have a physical telco presence in south africa before they will be able to port numbers
22:00 < ryao-outside> TandyUK: I was afraid of that. I have no idea who there is reputable.
22:01 < TandyUK> me neither tbh, if you pm me the (or similar) number I will see what my wholesale providers say if you like
22:01 < godxeno> im surprised irc is still alive :P
22:02 < ryao-outside> Alright, although I am going to switch to colloquy on my phone. I am not sure how private messages work on the web client. I tried sending one to someone earlier and didn't get a response. Either it doesn't work or he didn't reply.
22:10 < ||cw> ryao-outside: PM from unregistered nicks are often dropped, maybe even by default.  see "/msg nickserv help" to register
22:10 < ryao-outside> I thought it was private messages from unregistered users.
22:10 < ryao-outside> I thought that I authenticated with nickserv.
22:10 < ||cw> you aren't right now, or at least your nick isn't registered
22:11 < maro_> Hello.
22:11 < drudge`> hi
22:13 < maro_> Can you recommend me a therapy room?
22:20 < nobody404> wut?
22:47 < drudge`> lol therapy room? this is not social ##networking
22:53 <+pppingme> maro_ like what kind of therapy?
22:54 <+pppingme> does your internet need coax-ing??
23:06 < Apachez> is there an emergency therapy room for snowflakes around here?
23:17 < ilikeover9kturtl> hey
23:17 < ilikeover9kturtl> So what do you guys think of the VPNFilter malware
23:31 < drudge`> it's more dangerous than we thought
23:45 < paulo_> hello
23:45 < paulo_> is sending a broadcast to 255.255.255.255 reliable for LAN game discovery?
23:47 <+catphish> reliable, by definition, no, in reality, send a few, and yes
23:47 < paulo_> catphish: i'm getting complaints that it doesn't work :(
23:47 < paulo_> i'm thinking of allowing keying-in of IP address
23:48 < qman__> That's not really a great approach, I'd suggest grabbing subnet info from the host and scanning that way
23:48 <+catphish> well it should, but you should alway allow people to manually enter the ip of the server too
23:48 < paulo_> qman__: how do I do that?
23:48 <+catphish> the correct approach is multicast, but that will be no better than broadcast, which really really should work
23:49 <+catphish> unicast requires broadcast for arp, so it really should work
23:49 < Apachez> also note that without igmp snooping running in your switch that multicast becomes broadcast
23:49 <+catphish> i really dont think brute force scanning the local subnet is the right way to do discovery
23:50 < paulo_> ok, i guess manual server IP input is best solution
23:50 <+catphish> imo multicast is the best way, also, 255.255.255.255 is ipv4, that's been deprecated for ages, you should be using ipv6 :)
23:51 <+catphish> manual ip input is something you should always offer, but coupled with automatic discovery by multicast
23:51 <+catphish> (officially multicast should be used over broadcast, but both should generally work the same)
23:52 <+catphish> many games i've played have had lan discovery that didn't work for some reason and i had to enter IPs manually, never investigated why
23:52 <+catphish> but other games it's worked fine
23:52 <+catphish> so offer both
23:56 < drudge`> created new group with TCP 389 and TCP 3899
23:56 < drudge`> ooops
23:56 < drudge`> this is not the screen im looking for
23:57 <+catphish> lol
--- Log closed Fri Jun 08 00:00:49 2018