--- Log opened Thu Jun 21 00:00:06 2018
00:56 < Surre> Is it possible to get the public id of a certain network interface in Linux, without relying on a 3rd party service like ipify.org?
01:08 < djph> sure, look at the network interface
01:08 < turtle> it's blinking, what next
01:09 < turtle> kind of dusty too..
01:09 < djph> now, if that interface is connected to an RFC1918 network, you're SOL
01:09 < djph> turtle: you're looking at the wrong one
01:09 < turtle> oh, the one with the dead roaches, my favorite!
01:10 < djph> turtle: that's the one
01:16 < Surre> <djph> sure, look at the network interface
01:16 < Surre> oh that wasn't for me, was it?
01:17 < Surre> anyway, ifconfig doesn't throw the public ip, only private
01:48 < Gueraga>  trying to rdp into w10 pc. got this msg: https://ghostbin.com/paste/495s5 wat do?
03:07 < Alex4921> Now this is a bit of an odd question,but with a device with 2 antennas is it better to have them parallel as in both pointing right up,or at a 45 degree angle away from each other
03:09 < nojeffrey> I have a cisco 3750x and a ubiquiti edgeswitch, trying to connect the 2 switches together over fiber/SFP, I've configured trunk ports for both sides, but it doesn't work, I can't seem to access ping this ubiquiti at 10.1.99.5
03:09 < nojeffrey> If I connect the 2 together over ethernet/trunk ports it works fine
03:11 < nojeffrey> on the Cisco, I'm using a c3kx-nm-10g module
03:11 < nojeffrey> and the port is labeled "G2/TE1"
03:12 < nojeffrey> is there anything I need to do to tell it to use the TE1 side?
03:13 < nojeffrey> https://i.imgur.com/SceXWdV.png
03:15 < nojeffrey> show ip int brief, shows this port as "Te1/1/1                unassigned      YES unset  down                  down"
03:17 < nojeffrey> "show interfaces status err-disabled" doesnt show anything wrong
03:19 < nojeffrey> I am using a Fiberestore GBIC designed for Ubiquiti switches, could that be it? I don't think so because that err-disabbled command above that I ran should show "gbic-invalid" if it was
03:39 < mablae> Hi there
03:39 < mablae> Anyone familar with bind9 subdomain delegation?
03:43 < mablae> My szenario is: I have an TLD hosted at an external ISP and it's not allowed to add an wildcard cname record there. I want to use that subdomain zone for CI hosted environments of webapps that are created and removed dynamically
03:44 < mablae> The glue part on the external ISP webinterface is clear to me, however I struggle with the config of the bind9 server that is hosted at the subdomain server that also hosts the docker containers
03:47 < nojeffrey> Tried a bunch of different GBICs, one worked, so I need a cisco compatible 10G GBIC.
03:49 < UltraPhil> mablae, where do you struggle exactly?
04:29 < Abbott> so I just switched our Comcast router/modem combo over to "bridge mode" and set up a router to use in front of it. The new router subnet is 192.168.1.x, but I can access the modem with 192.168.100.1 no matter what seemingly. How am I able to reach the modem? Is this something Comcast is managing? If I do `traceroute 192.168.100.1` the first hop goes to gateway (192.168.1.1) then I get * * * until I ^C
04:30 < fryguy> Abbott: well, let's think about how thw internet works for a second, let's say you try to visit 1.2.3.4, and your new router sees that, what happens?
04:31 < RoadRunner> hello
04:32 < Kingrat> Abbott, as fryguy said, think about it for a while, you should get it
04:33 < RoadRunner> do you have to install Samba to create and make linux shares visible to Windows?
04:33 < fryguy> yes
04:33 < Abbott> fryguy: so the router sends a request to the modem then the modem sends the signal down to the ISP where it gets to the internet
04:33 < Abbott> so maybe does the modem intercept requests for 192.168.100.1 and serves up access to the modem?
04:34 < fryguy> it's not even intercepting, it's just normal routing
04:35 < Abbott> that makes sense
04:35 < Abbott> thanks guys
04:35 < BenderRodriguez> RoadRunner: yes.
04:35 < BenderRodriguez> oh
04:37 < RoadRunner> thanks; another question: does video calling currently work in Pidgin under ubuntu?
05:21 < Harlock> a meraki mk33 is quite a bit weake rthan my old ruckus 11n ap
05:45 < mead> so I just installed a directv CCK at my Aunt and uncle's home,  100mb full duplex network over coax is sorta nice.
06:51 < amoe> hello, I have a service running on host 'h3', port 80,  which is currently only available from host 'h2' due to firewall restrictions.  I want to access from host 'h1' which is not inside the firewall.  I have user-level (non-root) access to h2 and root access to h3 and h1.  Is there any way that I can access it?
06:52 < amoe> I thought that it may be possible to use an SSH tunnel, but I imagine that requires access to open an unknown port on h2, which I can't do
06:55 < Kira> Does anybody know what EDSP stands for in this thread? http://mipassoc.org/pipermail/ietf-dkim/2013q3/017066.html
06:58 < kerframil> amoe: it's not clear what you mean by "open an unknown port"
07:05 < amoe> ah, OK.  I mean that h2 will drop all traffic to most ports, I can't see which ports are exceptions (I know that 22 is open but that seems to be all)
07:07 < winsoff__> Alright, so I ran a traceroute to another network within this ISP (I'm on a different connection again), and this time, the client's gateway to the rest of the ISP's network isn't even part of the traceroute. Rude.
07:07 < kerframil> amoe: doesn't matter
07:10 < kerframil> amoe: as long as sshd (at h2) has "AllowTcpForwarding yes" in effect, SSH tunneling is a plausible option
07:12 < amoe> kerframil: thanks!
09:15 < Phil-Work> any recommendations in the UK for an ISP that will provide a decent 1G layer 3 service using Virgin Media on the last mile?
09:30 < zenix_2k2> so let's say i have scenario of 2 computers, 1 client, 1 server, both have been configured the right "way" as i expect so the client can send something out to every computer in a LAN but only the server will ( the configured one among all ) response, is there anyhow i can configure that "way" ?
09:31 < zenix_2k2> my purpose is to detect the server, cause the server CAN be or CAN'T be in that LAN
09:31 < zenix_2k2> if it CAN, then it will response
09:31 < zenix_2k2> i mean the client will response
09:36 < Roq> I probably don't understand your question but there is no scenario where a server can be or can't be in that lan. It either is or isn't.
09:37 < Roq> If you have two servers on two locations let them replicate
09:37 < Kira> Is there any guarantee that, when a mail server bounces a message, it will include all the headers from the original message?
09:38 < Kira> (for all popular mail server implementations anyway)
09:38 < Kira> Or are there some popular mail servers that are known to strip away some headers?
09:38 < zenix_2k2> i mean, the client will try to send something ( and i am wondering what is this "something" ) to every hosts in a LAN, if my server is in that LAN, it will response
09:38 < zenix_2k2> is that possible ?
09:39 < zenix_2k2> and if i am misunderstanding this "something" to something else, please correct
09:40 < zenix_2k2> wonder if there is any protocol for this
09:40 < zenix_2k2> and hopefully it is usable on windows
09:41 < Roq> zenix_2k2: Your client will only send traffic to every host in very specific situtations (broadcasts etc). Else the client will just talk to the server directly
09:41 < Roq> what do you mean with "something"?
09:41 < zenix_2k2> i mean is there any protocol for this kinda stuffs
09:41 < zenix_2k2> something like tht
09:42 < zenix_2k2> and it was an abstract, i didn't really mean send the protocol
09:42 < zenix_2k2> obviously :P
09:44 < zenix_2k2> and by by sending the traffic to every host, then how do the server-host knows whether it is the client's traffic or not ?
09:44 < Roq> You're still a bit too vague with what you're looking for exactly. Unicast traffic is host to host. Are you looking for something like multicast, or anycast?
09:45 < zenix_2k2> just give me a moment searching what is multi/any-cast
09:46 < detha> zenix_2k2: the words to google are 'service discovery'
09:47 < zenix_2k2> ok got it
09:54 < zenix_2k2> and by the way, one question... is every host in a LAN is in the same subnet ?
09:54 < zenix_2k2> or more likely, have the same netmask
10:00 < dnanib> zenix_2k2: Not necessarily. It really depends on the administrator
10:01 < mcdnl> its a bad practice to mix subnets in the same broadcast domain
10:01 < mcdnl> but yes, you can do it
10:02 < mcdnl> subnet mask only defines the hosts that you can "directly" (layer 2) talk to
10:03 < Atro> >subnet mask only defines the hosts
10:04 < Atro> >directly L2
10:04 < Atro> >subnet masks
10:04 < Atro> >L2
10:04 < mcdnl> ?
10:04 < dnanib> zenix_2k2: Based on your messages, I think what you need is service discovery. https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol
10:05 < Atro> subnet masks are L3
10:05 < mcdnl> yeah
10:05 < zenix_2k2> so these two scripts can only work of they are in the same subnet ??? --> https://pastebin.com/yqA8VHeS
10:05 < grawity> subnet masks are L3, but they do describe L2 behavior
10:06 < zenix_2k2> my scripts ?
10:06 < mcdnl> ^
10:06 < squ> ADBLOCK DETECTED. For just $2.95 you can support Pastebin
10:07 < squ> lol
10:07 < mcdnl> inside your subnet mask => talk to it through layer2, outside your subnet mask -> talk to it through the router
10:07 < dnanib> zenix_2k2: Those scripts have no subnet constraints
10:07 < detha> zenix_2k2: that will work for anything not explicitly firewalled off, from local LAN segment to  other side of the world
10:09 < zenix_2k2> so in which case i will encounter subnet constraints ?
10:09 < detha> you still need to know the server address in the client, and put that in place of IPv4. Then, as long as there is a route, it will work.
10:11 < zenix_2k2> yea i know, i did mean that IPv4 by the server's address... but i am still wondering in which case i will encounter subnet constraints
10:11 < zenix_2k2> and i don't mean switches
10:12 < grawity> broadcasts, multicasts (as they're commonly used for link-local scope), and addresses which were explicitly link-local (e.g. IPv6 fe80:: or IPv4 169.254)
10:27 < dnanib> There are probably a few non-routable protocols. I think SMB is one?
10:28 < grawity> no
10:29 < grawity> you're probably thinking of NBNS and Browser protocols – the ones which do broadcast-based discovery
10:29 < grawity> SMB just runs over regular TCP...
10:31 < zenix_2k2> oki about my first question, let's me try to make it clearer a bit... so i am my friend have 2 computers, one from my friend and one from me, so currently he hasn't connected to the LAN but is there anyhow i can check whether it has connected or not ?
10:31 < zenix_2k2> i think an example will make it clearer
10:31 < zenix_2k2> right ?
10:31 < zenix_2k2> i mean... i and my friend
10:31 < zenix_2k2> opps :P
10:33 < ^7heo> zenix_2k2: yeah good job on making that clearer
10:33 < mcdnl> you should listen from your computer to broadcasts in whatever port you like and send an udp broadcast packet from your friend's pc
10:33 < ^7heo> it's now very clear you can't compute long sentences
10:34 < zenix_2k2> i think the guy above you do understand
10:34 < ^7heo> que?
10:34 < mcdnl> zenix_2k2: don't reinvent the wheel
10:35 < mcdnl> just take a look at ssdp as you've been told
10:35 < grawity> you literally told them to reinvent the wheel two minutes ago
10:35 < mcdnl> i just described what ssdp does
10:35 < zenix_2k2> ok let's me try
10:38 < meowschwitz> zenix_2k2: you want to know if someone connected to your network?
10:43 < TandyUK> zenix_2k2: you could also look at the DHCP table on your router, this will show most computers.
10:44 < TandyUK> arp / ndb / ssdp / listening for broadcasts, or even monitoring the up/down status of each of the ports on your switch can all let you know when a device has been plugged in
10:46 < shtrb> Anyone have a warning what to avoid (common pitfull etc) to prepare for when moving to a different VPS provider ?
10:46 < TandyUK> avoid cheap if you want reliable and fast
10:46 < TandyUK> cheap generally == overloaded hosts
10:49 < zenix_2k2> meowschwitz: not "someone", i want specially my friend
10:50 < zenix_2k2> maybe i could tell him to do something to his computer to make him detectable by me
10:50 < meowschwitz> zenix_2k2: arpwatch?
10:50 < shtrb> TandyUK, thanks
10:51 < zenix_2k2> meowschwitz: is that a protocol ?
10:51 < grawity> zenix_2k2: what OS is your friend's computer running
10:51 < TandyUK> (ze)nmap will alos letyou scan your lan for all connected devices
10:52 < zenix_2k2> Windows
10:52 < zenix_2k2> and i am running Linux
10:53 < ^7heo> try templeos
10:53 < skyroveRR> Heya ^7heo
10:54 < meowschwitz> ^7heo: ok I lol'd.
10:56 < ^7heo> meowschwitz: thanks :)
10:56 < djph> o/
10:56 < ^7heo> hi skyroveRR, djph
11:01 < shtrb> Let me get that correctly, I can't put a link to a news story now without paying a fee (on a personal website)? (Article 11+13)
11:14 < djph> shtrb: wha?
11:15 < djph> 'sup ^7heo
11:15 < shtrb> djph, the new EU link tax
11:15 < shtrb> I'm not understanding what is the implecation for a common user
11:16 < djph> link ta... wha?!
11:16 < djph> ... and you say that the US is regressive ... ha.
11:16 < detha> shtrb: as far as I understand from what is reported, that is aimed at news aggregation sites
11:16 < djph> (well, maybe not "you" personally, but ...)
11:16 < shtrb> I'm not saying it's bad or good, just wish to understand what it actually mean
11:17 < shtrb> detha, I have seen one that claim "all extract or links" that is why I ask if someone actually understand what the hell it is
11:20 < detha> If the law writes it like that, probably yes. But a quick search only finds journalist's interpretations of it, not the actual text
11:22 < shtrb> That is going to be fun
11:22 < regdude> Does anyone knows in SFP EEPROM ( https://cdn.hackaday.io/files/21599924091616/AN_2030_DDMI_for_SFP_Rev_E2.pdf  ) bit-0 is the one from the right or from the left?
11:22 < system16> hi im trying to limit the wifi signal on my router but i only have these options : 100 % - 50% - 25% - 12.5% and i wanna set wifi signal power to around 70%. how can i do that? can i use Beacon interval ?
11:23 < Gollee> beacon interval is not the same as signal strength
11:23 < djph> system16: you cannot do what you want.  Carry on.
11:25 < sinni800> i love when you allow uploading content, you have to precheck all your content for copyright infringing material
11:26 < sinni800> i dont know if it counts as for drawings of copyrighted characters as well tho
11:27 < shtrb> sinni800, fonts are copyrighted ...
11:27 < sinni800> hell yeah
11:28 < shtrb> but there are Free to use fonts
11:28 < sinni800> it probably basically ends up needing machine learning to identify infringing images
11:29 < system16> so Gollee i should not touch that beacon interval thing ? i kinda know what it does
11:30 < shtrb> Yes, let give an AI / script the power to block stuff up, we didn't see any problem with the risk management software (if you have car insurance and you are put in a risk area good luck getting a decent insurance)
11:32 < shtrb> lol , I just got an AD about 30% discount in car insurance
11:34 < djph> system16: only thing changing the beacon interval will do is change how long it takes a machine to see that your wifi SSID is available
11:35 < system16> so i should leave it at 100 ?
11:35 < shtrb> system16, why do you wish to reduce the power ?
11:36 < system16> in order to reduce conflict between my two routers
11:37 < djph> choose two different channels that don't overlap, then yes, set a power level that makes sense.  Or scrap one (both) of them, and get some proper APs.
11:38 < djph> (well, scrap one for sure, the other just turn off its wifi)
11:38 < system16> my "smart"phone gets confused when i go to my living room because in my living room both routers have 50 % signal
11:39 < system16> it just keeps hoping back and forth. (both routers have the same SSID and password)
11:39 < djph> normal
11:39 < djph> in that case, you'll have to turn one (both) down, and possibly add a third AP for adequate coverage
11:40 < system16> and that hoping makes my vpn disconnect alot
11:40 < grawity> that's because you put the same ssid on two routers
11:40 < djph> a VPN, at home ..
11:40 < grawity> that's like having the same address for two houses
11:40 < system16> its not a problem at all when i dont use my vpn.
11:40 < system16> grawity, its better than before
11:41 < shtrb> system16, is that one of the four AP installations ?
11:41 < grawity> one router and one access point would be even better
11:41 < grawity> because that'd let you roam *without* breaking any connections
11:41 < shtrb> (some ISP now give a router + "smart boxes" (which are just APs)
11:41 < system16> shtrb, i have 2 routers. one of them is combined with a modem and its connected to the isp
11:42 < shtrb> The question is why are you using both if they cover the same area
11:42 < system16> they dont
11:42 < system16> my modem router combo wasnt able to cover my bedroom.
11:42 < grawity> shtrb: I believe it's kinda normal and expected for coverage to overlap a little
11:43 < grawity> system16: so is the 2nd thing actually a router?
11:43 < system16> yeah
11:43 < grawity> well, turn the routing part off
11:43 < grawity> because it breaks your roaming
11:44 < system16> my house is like a bus. its long but no much wide. if i disable one of them i will get shortage in wifi
11:44 < grawity> wifi has nothing to do with routing
11:45 < system16> grawity, that 2nd router is in "AP mode"
11:45 < grawity> that's good, except I've heard of DD-WRT using that name for what's actually router mode
11:46 < system16> whats dd-wrt ?
11:46 < system16> oh its an OpenSource firmware ? i use the original firmware.
11:47 < grawity> does the gateway's MAC remain the same on both networks?
11:48 < system16> um let me check
11:48 <+catphish> can anyone tell me what ruckus firmware i want for standalone operation on an old zoneflex device?
11:48 <+catphish> there seem to be loads :(
11:48 < grawity> if `ipconfig` shows the same IP, and if `arp -a` shows the same MAC for that IP, then it should be actual proper AP mode
11:49 < system16> grawity, how can i check that ?
11:52 < system16> subnet mask is 255.255.255.0 on both routers
11:52 <+catphish> ah, think i found what i need, zf7341_100.1.0.0.194.BL7
11:52 < system16> im not sure how this can fix my problem
11:57 < grawity> system16: I just told you the commands which show the information
11:58 < system16> oh sorry i thought ur talking with someone else
12:00 < winsoff> Are there any networking protocols that can just use some sort of diffie-hellman exchange for file sharing?
12:00 < system16> grawity, let me paste the outcome in pastebin
12:00 < winsoff> Something like secure-samba
12:01 < winsoff> grawity, does juniper offer any sort of cisco-like training for their products, or any sort of networking-with-juniper material
12:01 < winsoff> Or any other large networking vendor, for that matter?
12:01 < grawity> winsoff: SFTP (via SSH), FTPS (via TLS)
12:01 < system16> https://paste.ubuntu.com/p/R7QX8FT4wz/
12:01 < grawity> winsoff: idk, why are you asking me about that
12:01 < system16> grawity, ^^
12:01 < winsoff> just wondering if you knew.
12:01 < grawity> winsoff: SMBv3 supports encryption https://blogs.msdn.microsoft.com/openspecification/2012/10/05/encryption-in-smb-3-0-a-protocol-perspective/ – but not all clients do yet
12:02 < winsoff> does samba do automatic discovery through netbios and such, or how do they find network shares?
12:02 < system16> grawity, what now ?
12:02 < winsoff> o
12:02 < grawity> winsoff: it can, it doesn't need to
12:03 < winsoff> Whoops. I'd like some implementation where I can say "share folder" and have it advertise for a short time frame, and have a listener be like "yeah good on you" and share the key, and then have the sharer verify that the key's in the keystore.
12:03 < grawity> system16: compare this when connected to router 1, and when connected to router 2
12:03 < winsoff> I wish android was real boy linux.
12:03 < grawity> winsoff: datproject
12:04 < system16> oh umm thats kinda impossible since this is a desktop computer
12:04 < winsoff> grawity, this seems really interesting. Hmm.
12:04 < system16> it connected to that 2nd router
12:04 < winsoff> Is datproject secure, though?
12:05 < system16> grawity, can i run that command in termux ?
12:06 < grawity> system16: on Android? yea, `ip nei` should be enough really
12:06 < grawity> winsoff: looks like it should be, though I haven't looked into it in depth
12:06 < grawity> just found it earlier as a relative of IPFS
12:06 < system16> 'ok plz wait
12:06 < winsoff> Ah right, good ol' ipfs
12:07 <+catphish> woo, cheap ruckus AP works great
12:07 < system16> ok they both show one ip address
12:07 < grawity> system16: and the exact same MAC next to it?
12:07 < system16> yeah
12:07 < winsoff> catphish, how cheap can you actually get with ruckus
12:07 < system16> but some thing is different
12:07 < winsoff> ew, they're owned by arris?
12:08 <+catphish> winsoff: £10 each :)
12:08 < system16> one is STALE
12:08 < system16> and the other one is REACHABLE
12:08 < winsoff> catphish, jesus. I heard that ruckus was really high quality. Am I an idiot?
12:08 < system16> im not sure what it means
12:09 < grawity> nothing worthy of concern
12:09 <+catphish> winsoff: no, ruckus is incredible quality, but the previous generation of 11n access points are selling really cheap now
12:09 <+catphish> i guess corps are upgrading to ac
12:09 < Phil-Work> catphish: My question from earlier than you may have missed - any recommendations in the UK for an ISP that will provide a decent 1G layer 3 service using Virgin Media on the last mile?
12:10 < winsoff> catphish, that's fkn nuts. Which model do you have?
12:10 < system16> grawity, so now what ?
12:10 <+catphish> Phil-Work: they will use whoever is cheapest on the last mile
12:11 <+catphish> Phil-Work: i'd recommend asking https://www.hso.co.uk/ first
12:11 < Phil-Work> catphish, yeh - just wondered if there's anyone with a tendancy towards Virgin
12:11 < grawity> system16: idk
12:11 < spaces> catphish ruckhus is not that flexible tho
12:11 < spaces> I don't like it
12:11 <+catphish> spaces: :|
12:11 < Phil-Work> thanks catphish, I'll take a look
12:12 <+catphish> Phil-Work: i doubt it, they will just use whoever has the infrastructure there / doesn't charge too much
12:12 < spaces> catphish feeling sick ?
12:12 < Phil-Work> there's both fibres pulled into the building
12:12 < winsoff> for $10, "not flexible" is understandable
12:12 < Phil-Work> we've already got some circuits on BT so looking for a bit of diversity
12:12 < system16> maybe my vpn is just too crappy to handle 1 sec hop
12:12 <+catphish> spaces: i feel like you're wrong, ruckus is probably as powerful / featurefull / configurable as you can get
12:13 <+catphish> Phil-Work: well you can definitely ask for virgin, as long as they have infra nearby
12:13 < Phil-Work> cool :)
12:13 < spaces> catphish am I confusing it with a network company that uses almost the same name ?
12:13 <+catphish> spaces: dunno
12:13 < spaces> ruckless or something
12:14 < winsoff> catphish, unfortunately, none on the local listings ;-;
12:14 < winsoff> utah's just not cool
12:14 <+catphish> Phil-Work: i'd do the quote myself with SSE but by login doesn't seem to be working :(
12:15 < Phil-Work> catphish, got an SSE L2 circuit that we carry L3 over via Telehouse
12:15 < Phil-Work> BT Last mile but I'd rather not take another with SSE over Virgin
12:16 <+catphish> oh ok, i just happened to know SSE could do it
12:16 <+catphish> other people will often be using SSE, you will need to specifically ask for "virgin and NOT SEE"
12:16 <+catphish> *SSE
12:16 < Phil-Work> that's a fair point actually
12:16 < Phil-Work> SSE had a fibre cut last week and we were out for 2 days
12:17 <+catphish> winsoff: specifically ZoneFlex 7341 are the ones that are flooding ebay here
12:17 <+catphish> and they seem great
12:17 < Phil-Work> *this week
12:26 < winsoff> xcv ah there are some amazon used for $40, interesting
12:26 < winsoff> Oh wow, there are plenty for quite a small price though
12:26 < winsoff> Hmmm
12:26 < winsoff> catphish, do they have a web portal for management
12:26 < winsoff> or do they require proprietary controller software
12:27 <+catphish> winsoff: they work either way, they provide 2 firmwares you can download
12:27 <+catphish> winsoff: mine came with the firmware that needs a controller, but it was trivial to install the "standalone" version instead
12:27 < winsoff> Ah, interesting. Wonder if their performance is worth marketing to some people.
12:28 < winsoff> Do they BEAMFORM, or is that only possible with ac mimo
12:29 < winsoff> also, do they poe
12:29 <+catphish> winsoff: depends what you want, i speed tested them at about 55Mbps, so they're not fast, but they're really stable and have good range
12:29 < winsoff> intredasting
12:29 <+catphish> yes they're poe *or* 12v local power
12:29 < winsoff> Kind of tempting, just for fucking around
12:29 < winsoff> Wish I had some extra cash, though.
12:38 < Xtreme> Hello Everyone, I am stuck with something crazy.
12:39 < Xtreme> I have a server, which acts as proxy/caching server, as well as internal development server.
12:39 < Xtreme> That server has 2 NIC.
12:39 < Xtreme> NIC A: 190.190.190.1 is connected to local network. (IP Changed)
12:40 < Xtreme> NIC B: 191.191.191.1 is connected to Loadbalancer and is connected to internet.
12:40 < Xtreme> Now, as I am on the internal network, My ip is 190.190.190.20
12:41 < Xtreme> now, I am creating a openvpn tunnel from the development server, to connect me to 10.0.2.0/16 network.
12:41 < Xtreme> Now, the tunnel is created. everything is fine.
12:41 < Xtreme> From the development server, I can ping 10.0.2.10 and everything works fine. No issue.
12:41 < Amnesia> question, is it common for network protocols to leave the responsibillity to close at the client?
12:42 < ne2k> Xtreme, 10.0.2.0/16 is not a network address
12:42 < Xtreme> BUT from my IP, when i ping 10.0.2.10 from MY SYSTEM, ie 190.190.190.20, i get 100% packet loss.
12:43 < Xtreme> ne2k, sorry, i am changing the IPs for the example. its 10.0.0.0/16
12:43 < Xtreme> and when i do traceroute, I get !X  1.576 ms !X  1.548 ms !X FROM 190.190.190.1
12:44 < Amnesia> to close the session*
12:44 < Amnesia> session/channel
12:44 < Xtreme> Also, I am not a network expert.
12:45 < ne2k> Xtreme, on what device is address 10.0.2.10? on what device is the openvpn tunnel terminated?
12:46 < detha> Xtreme: Please do not obfuscate IPs, or use IPs that are not yours, it makes it impossible to see what is happening. !X means firewalled or no route, so start looking at that.
12:48 < Xtreme> ne2k, 10.0.2.10 is on AWS instance. openvpn tunnel is terminated on another instance in the same VPC
12:48 <+catphish> Xtreme: the obvious answer is that you need to make sure you have the correct routed both ways
12:49 < Xtreme> detha, I would like to do that. but not allowed. Sorry. about !X firewall, i also thought it was the problem, but there is no firewall there.
12:50 < Xtreme> Also when i log into 190.190.190.1, i can ping 10.0.2.10
12:50 < Xtreme> catphish, yup. thats true.
12:50 < Xtreme> I am just not understanding where I am going wrong.
12:51 <+catphish> Xtreme: basically start on the host you're trying to ping from, see if it has a route to what you're pining, and go along each hop doing the same
12:51 < ne2k> Xtreme, so you have four boxes; (A you) 190.190.190.20 --- 190.190.190.1 (B dev server) 191.191.191.1 ==OVPN== 1.2.3.4 (C AWS VPN) 10.0.2.1 --- 10.0.2.10 (D AWS server)
12:52 < Xtreme> catphish, did it. except my host, ie 190.190.190.20, it works for everyone.
12:52 < detha> Xtreme: !H is normally firewall, !X could mean 'no route to host', i.e. that hop has no route to where you want to go.
12:52 < Xtreme> ne2k,yup. thats right.
12:52 < ne2k> Xtreme, you do realize, don't you, that there is absolutely nothing to be gained by hiding your IP addresses? anyway, if you must, just use 1.2.3.4 or something so it is abundantly clear it is not supposed to be a real IP
12:53 < ne2k> Xtreme, please pastebin the route tables of A, B, C and D
12:53 <+catphish> Xtreme: it works for other hosts on that same network?
12:53 < Xtreme> ne2k, okay.
12:53 <+catphish> Xtreme: and stop changing IPs, it'll only lead to confusion
12:53 < Xtreme> catphish, from my network, nope.
12:54 < ne2k> catphish, he's contradicting himself now
12:54 <+catphish> so it seems
12:54 < Xtreme> 1 sec, let me give you all clear picture with accurate IPs
12:55 < ne2k> Xtreme, I think what catphish is asking is whether, e.g. 190.190.190.21 can communicate with 10.0.2.10
12:55 <+catphish> Xtreme: the obvious cause is that your machine has no route to 10.0.2.10, and 10.0.2.10 has no route back to your PC
12:59 < Xtreme> 2 mins.. i have VM setup as well. so mentioning everything
13:01 < Guest37145> gfdsgfdsgfdsgfdsgd\sgsgf
13:01 < Guest37145> \sg
13:01 < Guest37145> g
13:01 < Guest37145> d\sgds
13:01 < Guest37145> gds
13:01 < Guest37145> gs
13:01 < Guest37145> gsd
13:01 < Guest37145> g
13:01 < Guest37145> sg
13:01 < Guest37145> sg
13:01 < Guest37145> dsg
13:01 < Guest37145> eds
13:07 < meowschwitz> deep.
13:09 < skyroveRR> Nice nick, meowschwitz :)
13:10 < meowschwitz> just the tip
13:10 < skyroveRR> meow :)
13:17 < squ> !catgif
13:17 < skyroveRR> !squ
13:17 < skyroveRR> @squ
13:18 < skyroveRR> Meh
13:23 < bytefire> hi, let say you bind a tcp listener socket to [::0] (INADDR_ANY for ipv6) and some time later, ip address of eth0 changes. will the listener stop getting connections?
13:24 < grawity> no
13:25 < skyroveRR> Is there a definitive way to turn OFF IPv6 on android? echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 doesn't work at all.
13:29 < bytefire> grawity: thanks. so INADDR_ANY means listener socket will dynamically deal with any changes in ip addresses of the interfaces?
13:29 < grawity> yes
13:29 < grawity> well, it literally means "any": it won't bother checking
14:19 < Amnesia> question, is it common to leave the responsibillity to terminate a channel to the client (in a server-client model)
14:22 <+xand> context
14:26 <+catphish> Amnesia: i'd say it was common for either end to do this
14:26 <+catphish> http for example can support both ends terminating the connection
14:26 < Amnesia> hm ack
14:26 < Amnesia> tyvm
14:27 <+catphish> some protocols encourage the client to "request" to disconnect and then for the server to close the connection, i think IRC and SMTP are both like that
14:29 < meowschwitz> Amnesia: in principle both ends of the implementation must be able to deal with unexpected disconnections when dealing with tcp
14:30 <+catphish> that is also correct and important
14:30 < Amnesia> thanks, I'll keep that in mind
14:32 < bytefire> grawity: i see...
15:12 < backtrack_> hi
15:12 < backtrack_> is possible to use a smartphone as hotspot when it is connected to a lan?
15:12 < backtrack_> i want to connect to intenet trough the cellular connection
15:12 < backtrack_> but not creating a wifi hotspot
15:13 < backtrack_> maybe i can set in the laptop settings, the smartphone ip as a default GW?
15:13 < backtrack_> what do you think?
15:13 < Sout> well 1. that probably needs to be rephrased. but you can do ip over usb i have seen
15:14 < backtrack_> wait, both my latop and my smartphone are connected via wifi to my lan
15:14 < backtrack_> this lan has no internet
15:14 < Sout> so essentially you want to route your lan traffic threw the phone cell.
15:14 < backtrack_> the only internet access is my smartphone
15:14 < Sout> ah k
15:15 < backtrack_> generally i enable the hotspot function which creates a wifi dedicated connection where i need to connect to
15:15 < backtrack_> i don't want that
15:16 < tbcsj> > maybe i can set in the laptop settings, the smartphone ip as a default GW?
15:16 < tbcsj> How does the laptop get to the smartphone?
15:16 < tbcsj> If not via wireless
15:18 < tbcsj> Oh just seen this:
15:18 < tbcsj> > wait, both my latop and my smartphone are connected via wifi to my lan
15:19 < Sout> think Internet <- Cell <- Lan (no direct connection to the internet)
15:19 < tbcsj> I don't think if the Wifi is active on a cell, the mobile internet will be
15:29 < Xtreme> Guys, very sorry for the delay
15:29 < Xtreme> https://pastebin.com/myKYs3VE
15:29 < Xtreme> ne2k, catphish ^^
15:30 < Xtreme> so, when i log into 204.204.204.1 and traceroute to 10.0.3.78
15:30 < Xtreme> it works. Even MTR works.
15:30 < Xtreme> no problem.
15:33 < Xtreme> another thing.
15:33 < Xtreme> sometimes it works
15:33 < Xtreme> sometimes it doesnt
15:37 < Xtreme> Anyone?
15:38 <+catphish> Xtreme: do does 204.204.204.1 have a route to 10.0.3.78?
15:38 < Xtreme> catphish, yup.
15:38 < Xtreme> 10.0.0.0/16 via 204.204.204.1 dev wlp8s0
15:39 < Xtreme> I think my issues is with iptables forwarding.
15:39 < Xtreme> ie for development server, from eth0 to tun0
15:39 <+catphish> iptables doesn't do forwarding
15:39 < bezaban> so it's routing via itself?
15:39 <+catphish> in that case the obvious cause of this is what 10.0.3.78 doesn't have a route back to 204.204.204.4
15:40 < Xtreme> catphish, give me one sec.
15:40 <+catphish> looking at the tracertoute, you don't even get a response from the remote end of the VPN tunnel
15:40 <+catphish> so look there first
15:40 <+catphish> check it has a route back to 204.204.204.4
15:41 < backtrack_> re
15:42 <+catphish> "204.204.204.0/32" is wrong by the way
15:43 <+catphish> Xtreme: i asked if  204.204.204.1 has a route to 10.0.3.78, you showed me a route via 204.204.204.1, clearly that's wrong
15:43 <+catphish> bezaban noticed it
15:43 <+catphish> i can't stress this enough, and you simply haven't bothered to do it: make sore every device has a route to both ends of the connection
15:44 <+catphish> Xtreme: come back when you've checked there's a route to 204.204.204.4 and to 10.0.3.78 on ALL devices involved
15:44 <+pppingme> sometimes its easier to just say turn on rip
15:45 <+catphish> also, running tcpdump at each hop will show how far a ping gets, that's the best way to debug
15:47 < Xtreme> catphish, you are right.
15:47 <+catphish> i'm always right
15:47 < Xtreme> aws guys messed up.. no prob with my network. :)
15:48 < backtrack__> hi
15:48 < Xtreme> and to answer your previous question: of 204.1 to 3.78
15:48 < Xtreme> 10.0.0.0/16 via 172.27.232.1 dev tun0 metric 101   => this is what is there on 204.204.204.1
15:48 < backtrack__> i tried setting up the smartphone ip as a default gateway on my laptop
15:48 < backtrack__> but it doesn't ping the internet
15:48 < backtrack__> why?
15:49 <+catphish> backtrack__: because your phone isn't a router
15:49 <+catphish> backtrack__: if you turn on hotspot mode and connect to its wifi network, it should work though
15:49 < backtrack__> catphish, yes it is, when i enable hotspot, it acts as router
15:49 <+catphish> yes, you didn't say you'd done that
15:50 < backtrack__> catphish, isn't possible to do what i want?
15:50 <+catphish> but then you wouldn't set a gateway manually, it would provide a DHCP address with a gateway set automatically
15:50 < backtrack__> i want to use my smartphone as hotspot, using my lan network
15:51 < backtrack__> laptop ---> lan ---> wifi ---> smartphone ---> internet carrier
15:51 <+catphish> backtrack__: the smartphone isn't going to route your packets to the internet if its not in hotspot mode
15:52 <+catphish> (probably)
15:52 < backtrack__> :(
15:52 < bezaban> and while on wifi that route is probably going to take precedence
15:52 <+catphish> yeah, if the network already has a gateway the phone will use that as its gateway
15:53 <+catphish> but even if it didn't, i seriously doubt any phone would allow this kind of routing
15:53 < bezaban> you could usb tether it to a machine and route via it
15:53 <+catphish> that's a much better idea
15:53 < backtrack__> the problem is that i need printers on my lan
15:53 < backtrack__> but i also needinternet
15:53 <+catphish> or wifi hotspot + internet connection sharing on a laptop
15:54 < backtrack__> and i don't want to switch between them
15:54 <+catphish> backtrack__: use usb tethering
15:54 <+catphish> or get another wifi adapter
15:54 <+catphish> then you can connect to both
15:54 < Atro> backtrack__: use usb tethering, and have lan plugged via cable
15:54 < backtrack__> no, i need wifi, the smartphone must be outside the building to get a better signal
15:54 < Atro> that way you have both internet
15:54 < Atro> oh
15:54 < Atro> well then find a 10m cable
15:54 < backtrack__> ...
15:54 < Atro> OR
15:55 <+catphish> or just use 2 wifi NICs
15:55 < Atro> do usb tether outside and wireless  LAN
15:55 < backtrack__> it's a laptop, not easy
15:55 <+catphish> whats not easy?
15:55 < backtrack__> maybe there is a way to tell the smartphone to make routing
15:55 < backtrack__> adding a route rule
15:55 < Atro> yeah right
15:55 <+catphish> yeah no
15:55 < Atro> is it rooted? if not, good luck lol
15:55 < backtrack__> it's an iphone
15:55 < Atro> LOL
15:56 <+catphish> if it's rooted and you know linux routing and NAT, then yes
15:56 < Atro> yeah good luck
15:56 <+catphish> you can do it manually
15:56 < Atro>  i offer my solution : go outside, do lan tethering (or find a long usb cable), and stay on wireless lan
15:56 <+catphish> or just use 2 WIFI NICs
15:56 <+catphish> that's not hard at all
15:56 < backtrack__> long usb cable across the office?
15:57 < backtrack__> my boss will tell me "WTF?"
15:57 <+pppingme> why don't you just fix the real issue and get real internet to this network?
15:57 <+catphish> what pppingme said
15:57 <+catphish> but also, 2 wifi nics will solve it
15:57 < backtrack__> real internet to my network only allows port 80
15:57 <+catphish> backtrack__: well fix that
15:57 < backtrack__> i can't checkmy email
15:58 < backtrack__> it's a firewall rule
15:58 < bezaban> won't they say wtf to connecting work networks to the internet avoiding their firewalls?
15:58 < backtrack__> not managed by me
15:58 <+catphish> get in touch with the network admin, get it fixed
15:58 < backtrack__> it's an intentional network design
15:58 <+catphish> if your office has that kind of security, there's NO WAY you're allowed to bridge their LAN to a smartphone WAN
15:59 <+catphish> so stop right now and discuss this with whoever makes the security policy
15:59 < backtrack__> with my smartphone i can do whatever i want
15:59 <+pppingme> so its intentionally air-gapped? I smell someone ready to get fired..
15:59 <+catphish> he wants to un-air-gap it :)
15:59 <+catphish> seriously, don't do this, get a firewall exception for what you need to do
16:00 <+pppingme> I'm sure whoever made this " an intentional network design" will appriciate that
16:00 < Atro> this channel sometimes reaches /r/networkingmemes quality level
16:00 <+catphish> lol
16:01 < backtrack__> no, it's not possible, i asked them, they told me, use your personal connection
16:01 <+catphish> backtrack__: that's fine, but surely you shouldn't be using both at the same time
16:01 <+catphish> seems like you're wiping out the whole point of their security policies
16:01 <+catphish> if you don't care, you can just use 2 NICs
16:09 < redrabbit> you is on point
16:11 <+catphish> i just remembered PCMCIA, those were cool
16:14 < ryao> Whiskey`: The wireless link that I setup for my neighbors is having packet loss issues. I reduced bandwidth from 80MHz to 20MHz and changed frequency, but the spectrum analyzer is showing emissions in a 200MHz band centered at where it is supposed to be broadcasting. I am fairly confident that the emissions are caused by it (because they perfectly correlate to network traffic). Have you ever seen
16:14 < ryao> anything like this?
16:15 <+catphish> ryao: seems pretty normal to me
16:15 <+catphish> radios are noisy
16:15 < ryao> Whiskey`: Transmit power is 24dBi and one of the antennas is behind a wired mesh... reception was better there in my attic. My guess is either it is generating a dirty signal or the wire mesh is somehow changing the frequency.
16:15 < ryao> catphish: Wait... that is normal?!?!
16:16 <+catphish> ryao: well depends how much power there is, but all radios have some mess at the sides
16:16 < djph> catphish: yeah, but a 200MHz-wide band of noise?
16:16 <+catphish> well normally i'd expect it to look like waves falling off to each side
16:17 < ryao> It also seems to have changed its own ambient noise reading of the band where it is located. It was -103dBm without network traffic. It is now -85dBm.
16:17 <+catphish> and when i say falling off, i mean MUCH smaller signals than the primary one
16:17 < ryao> catphish: It does!
16:17 < ryao> I was trying to look up physical phenonoma that takes part of the signal, shifts it over, etcetera.
16:18 <+catphish> like this: https://i.ytimg.com/vi/qmQG_1bE84Y/maxresdefault.jpg
16:18 < ryao> A flood ping is also reporting duplicate packets... it is like there are reflections happening...
16:18 <+catphish> one primary signal, several smaller side bands, and a kind of wider hump
16:18 < ryao> catphish: Half the time, air view looks like that.
16:19 <+catphish> ryao: are you sure there isn't an ethernet problem?
16:19 <+catphish> duplicate packets are usually an ethernet problem, not a wifi one
16:19 < ryao> catphish: I am confident that the wired bits are fine. The wireless stuff is having a problem.
16:20 < ryao> Anyway, I am going to relocate the nanobeams. Hopefully, that will fix it.
16:20 <+catphish> ryao: weird, i'm not really sure then :(
16:20 <+catphish> realighment is always a good diea
16:20 <+catphish> *idea
16:20  * ryao is hoping that he can make things less noisy by reducing transmit power after moving a nanobeam outside.
16:20 <+catphish> i seriously doubt that reflection would result in a complete duplicate frame
16:21 < ryao> catphish: These are pings. They are tiny.
16:21 <+catphish> ryao: definitely tidy up the mounting anyway
16:21 <+catphish> and realign
16:21 < ryao> catphish: I am relocating the mount points.
16:21 < ryao> Or will be soon.
16:21 <+catphish> mv /data /mnt/data
16:22 < ryao> catphish: I learned my lesson. I am not going to try using PtP links through solid walls again.
16:23 <+catphish> lol yeah they really should be LOS
16:23 < ryao> catphish: I figured that the directional antennas could punch through the walls. ^_^;;
16:23 <+catphish> i mean, any link that works is ok, but better to get the best LOS you can
16:23  * ryao overestimated attenuation by a factor of 1000.
16:23 <+catphish> technically they can / will
16:23 < ryao> s/over/under/
16:23 <+catphish> but attenuation is huge, and reflections too
16:24 < ryao> I underestimated those.
16:31 < system16> how can i enable telnet on my modem ?
16:33 < Xtreme> catphish, so we traced the problem and the problem is, the vpn box on AWS is not able to ping 204.204.204.1
16:33 < Xtreme> https://pastebin.com/4E3PHYtB
16:34 < Gollee> system16: search the documentation for the maker and model of the modem
16:34 < Xtreme> 172.27.232.2 is the vpn endpoint on 204.204.204.1
16:34 < Gollee> there is no universal way
16:34 < system16> Gollee, i did
16:34 <+pppingme> system16 you probably don't...  what modem?
16:34 < system16> dlink dsl 2730u
16:36 <+catphish> Xtreme: it's not great to start randomly debugging in a totally different place, stick with a single pair of hosts, and use tcpdump to see at which point packets are lost
16:36 < system16> i have the manual pppingme
16:36 < system16> http://setuprouter.com/router/dlink/dsl-2730u/manual-1648.pdf
16:36 < system16> but i didnt find "telnet" in it
16:37 <+catphish> Xtreme: also, if you haven't already, check you have a route to both ends on ALL routers involved
16:38 < system16> ?
16:38 < Xtreme> catphish, they are the main pair. ie: Client of openvpn and host of openvpn. And there nothing else involved in middle.
16:38 <+catphish> Xtreme: don't forget the endpoints
16:38 < Xtreme> 204.204.204.1 has tun0 with ip 172.27.232.2 which is directly connected to 172.27.232.1
16:39 < Xtreme> from 204.1 I can ping 232.1
16:39 < Xtreme> but from 232.1 I cannot ping 204.1
16:39 < ne2k> oh we're back
16:39 < Xtreme> So, my guess. issue is with routing on 232.1
16:39 <+catphish> Xtreme: you may not be pinging with the source IPs you think you are
16:40 <+catphish> use ping with -I to make sure you are using the source IP you want to use
16:40 <+catphish> but if you're sure you can ping one way but not the other (using the same IP pair) then you have a firewall somewhere
16:41 < ne2k> Xtreme, did you paste the real, actual, unmangled routing table of all four hosts, A B C D, somewhere?
16:41 <+catphish> Xtreme: also, seriously, start using tcpdump, rather than just all this guesswork
16:41 <+catphish> he did not
16:41 < Xtreme> ne2k, yes i did.
16:41 < Xtreme> catphish, i did.
16:42 <+catphish> did you? where?
16:42 < ne2k> Xtreme, where?
16:42 <+catphish> i thought we were still working with mangled IPs and parts of routing tables
16:42 < Xtreme> Xtreme> https://pastebin.com/myKYs3VE <Xtreme> ne2k, catphish ^^
16:42 < Xtreme> Anyways, its expired. Let me put it again
16:42 < system16> system reboot
16:42 < Xtreme> https://pastebin.com/vZ5k9yB5
16:42 < Xtreme> here you go.
16:42 < system16> Gollee, ?
16:43 <+catphish> yeah that's not 4 routing tables
16:43 <+catphish> and those are clearly fake IPs
16:43 < system16> open 192.168.1.1
16:43 < Xtreme> catphish, do you want screenshot?
16:43 < system16> admin
16:43 < system16> amirhossein
16:43 < system16> system reboot
16:43 < MakersMarc> If I was referring to the 2.4GHz channels collectively, would I say "the 2.4GHz band" or the "the 2.4GHz bands", in the plural?
16:43 < ne2k> Xtreme, that's garbage
16:43 <+catphish> Xtreme: it's really up to you, you can paste us all 4 routing tables, or you can work through it yourself using tcpdump to see how far the packets get
16:44 < system16> how tf ? i didnt type that
16:44 < ne2k> system16, ooh, was that a password?!
16:44 < system16> nope
16:44 < ne2k> lol
16:44 < Xtreme> catphish, routing table of 204.1 https://pastebin.com/xwwK7Wb3
16:44 < system16> but how TF ?
16:44 < system16> i didnt type that
16:44 < ne2k> Xtreme, I DO NOT BELIEVE YOU THAT THAT IS THE REAL IP ADDRESS
16:45 < Xtreme> ne2k, want screenshot?
16:45 <+catphish> i also don't believe those are real ip addresses
16:45 < system16> maybe telnet is conflicting with hexchat
16:45 < system16> open 192.168.1.1
16:45 < system16> seadmin
16:45 < djph> system16: copy/paste suck
16:45 < system16> seeamirhossein
16:45 < system16>  ?
16:45 < system16> ssystem reboot
16:45 < djph> MORE PASSWORDS
16:45 < system16> see
16:45 < system16> ?
16:45 < djph> babababa
16:45 < djph> hahahahah
16:45 < system16> when i run that script
16:45 < system16> it does this
16:45 <+catphish> maybe Xtreme really us using someone else's IPs
16:46 <+catphish> *is
16:46 < system16> let me close hexchat
16:46 < mjauschwitz> you need to change the password to wallakyaahbal
16:46 < Xtreme> catphish, how to use tcpdump?
16:46 <+catphish> "tcpdump -n -i [interface] icmp"
16:46 < Xtreme> catphish, yes. I do not use 192.* crap
16:46 < system16> telnetd:error:132.865:processInput:314:unrecognized command system reboot
16:47 <+catphish> Xtreme: you... what?
16:47 < ne2k> Xtreme, can you please take the routing tables of all four boxes, in the order A (your machine) B (local VPN server) C (remote VPN server) and D (remote endpoint server) and put them all, in that order, labelled, into a single pastebin.
16:47 <+catphish> replace [interface] with the interface you want to watch
16:47 < djph> system16: didn't do so much closing
16:47 < TandyUK> Xtreme: you mean you DONT use the set of ips designated for internal private use
16:47 < Xtreme> TandyUK, yes. I dont.
16:47 <+catphish> TandyUK: sounds like that's what he means
16:47 < system16> djph that script was doing something to hexchat
16:47 < TandyUK> why the fuck not
16:47 < Whiskey`> ryao: post me a shot of the interference
16:47 <+catphish> Xtreme: why not?
16:47 < lithiumpt> rebellion
16:47 < system16> djph, https://www.howtogeek.com/206620/how-to-automatically-reboot-your-router-the-geeky-way/
16:48 <+catphish> Xtreme: randomly using other people's IPs gives a very very bad impression
16:48 < Xtreme> lithiumpt, is right. :D
16:48 <+catphish> Xtreme: but never mind, lets get the 4 routing tables that ne2k keeps asking for
16:48 < Xtreme> catphish, or confuses the hell out of hackers.
16:48 < Xtreme> yes. on it
16:48 <+catphish> yes, it's confusing us right now
16:49 <+catphish> and also a set of tcpdumps (one for each interface along the route) while running the ping
16:49 < system16> how is this not working ?
16:49 <+catphish> with all that info it should be trivial to debug
16:50 < ne2k> I'm seriously thinking of saying what I thought I should have said an hour or more ago but thought better of
16:51 <+catphish> to debug this i would want 4 clearly labelled sets of config (ideally both ip addr and ip route), and 6 tcpdumps (one per interface) while running a ping end to end
16:51 <+catphish> these should take less than 5 minutes to collect
16:52 < Xtreme> catphish, if everything was on my system, sure. less then 2 mins to collect.
16:52 < Xtreme> but sadly its not.
16:52 <+catphish> sure, but its not, so 5 minutes
16:53 < TandyUK> ne2k: was thatalong the lines of "use proper ips you fucking moron"?
16:54 < TandyUK> thats the only 'help' he's getting from me
16:54 < ne2k> TandyUK, no, it was, "Get a different job."
16:54 < TandyUK> yeah is uppose that works too :P
16:54 < ne2k> anyway, I am officially bowing out of this time suck now
16:56 < Xtreme> ne2k, https://pastebin.com/P0Z9yWQJ this is ip route.
16:56 < Xtreme> catphish, i am waiting for tcpdumps..
16:57 <+catphish> much better
16:58 < ne2k> Xtreme, the VPN box doesn't appear to be ont he same network as the endpoint
16:58 <+catphish> there's some weird redundant routes there, but that's ok
16:58 < Xtreme> ne2k, its on 10.0.0.0/16 network. Something to do with AWS subnets.
16:59 <+catphish> VPN Box doesn't appear to be connected to Endpoint!
16:59 < Xtreme> anyways, they both communicate fine with each other.
16:59 < Xtreme> catphone 10.0.0.0/16 network....
16:59 <+catphish> catphone :|
16:59 < Xtreme> :D
16:59 < ne2k> Xtreme, what are 10.0.3.1 and 10.0.1.1? are they two interfaces on a AWS provided router?
16:59 < TandyUK> endpoint and vpn box are both 10.x.x.x/24
16:59 <+catphish> Xtreme: so you have some hops you're unaware of
16:59 < TandyUK> not /16
17:00 <+catphish> i assume amazon is routing between them
17:00 < ne2k> Xtreme, you see, it's this "something to do with..." that bothers me
17:00 <+catphish> via 10.0.1.1
17:00 < Whiskey`> ryao: ping
17:00 <+catphish> there's another router involved here, one you maybe don't control
17:01 <+catphish> between VPN Box and Endpoint
17:01 < Xtreme> guys, can we please focus on development server and vpn box?
17:01 < TandyUK> im paartially with catphish
17:01 < Xtreme> only this two pair?
17:01 <+catphish> Xtreme: sure
17:01 <+catphish> so what IP are you pinging that doesnt work, and from where?
17:01 < TandyUK> 10.0.1.1 whatevere that is, is routing 200.x.x, 204.x.x 206.x.x properly and not via your vpn
17:01 < Xtreme> from vpn box, i am not able to ping 204.204.204.1
17:02 < Xtreme> give me 2 mins. checking why tcpdump is taking ages
17:02  * tcpdump is on vacation today.
17:02 <+catphish> so you can't ping from 172.27.232.1 to 204.204.204.4
17:02 < ne2k> Xtreme, can 204.204.204.4 ping each of the following? 204.204.204.1, 172.27.232.2, 172.27.232.1, 10.0.1.107, 10.0.1.1, 10.1.3.1, 10.1.3.78
17:02 < TandyUK> or more specifically, whatyevr 10.0.3.1 is
17:02 < ne2k> Xtreme, perhaps you failed to pass -n
17:02 <+catphish> which isn't surprising because 204.204.204.4 has no route to 172.27.232.1
17:03 <+catphish> Xtreme: did you catch that? you won't be able to ping from 172.27.232.1 to 204.204.204.4 because 204.204.204.4 has no route to 172.27.232.1
17:03 < ne2k> catphish, it has a default route via 204.204.204.1
17:03 < ne2k> stop confusing the poor man
17:03 <+catphish> ne2k: oh, sorry, so it does
17:04 <+catphish> then i don't know why that's failing
17:04 <+catphish> Xtreme: ignore me :)
17:04 < TandyUK> ok, is there a new name for fibre<>ethernet media converters?
17:04 < ne2k> Xtreme, I was the results of those seven pings
17:04 <+catphish> do what ne2k says
17:04 < TandyUK> I cant believe none of my 3 suppliers have one for converting an OS2 fibre (via sfp module) to ethernet
17:05 < TandyUK> as its temporary, seems pointless putting another managed switch in
17:05 < ne2k> TandyUK, what, you mean like this? https://www.comms-express.com/products/tp-link-mc220l
17:05 < ne2k> urgh
17:05 < TandyUK> yeah check url lol
17:06 < ne2k> I cut off all the shite but then it doesn't owrk. search for mc220l
17:06 <+catphish> TandyUK: one of these? https://www.fs.com/c/unmanaged-media-converters-1038
17:06 < TandyUK> yeah got it, thats the kiddie
17:06 < ne2k> https://www.tp-link.com/us/products/details/cat-43_MC220L.html
17:06 < ||cw> TandyUK: os2 fiber is just a cable, the converter depends on what you're running on the fiber.
17:06 < TandyUK> fucktard search
17:06 < TandyUK> "Gigabit Ethernet Media Converter"  yet a search for "converter" doesnt include that as a result lol
17:07 <+catphish> ne2k: that's just a SFP module socket
17:07 < TandyUK> yeah thats what im after
17:07 < TandyUK> i have  fibre link into building,  and next to building is a portacabin
17:07 < ne2k> ||cw, that's true. you might be running AM audio of 300 baud modem signals
17:07 <+catphish> but yeah, the exact device will depend on how the cable is terminated
17:07 < ne2k> catphish, he said SFP
17:07 < TandyUK> cant see much point putting another managed switch in building while its being refurbed
17:08 < ne2k> TandyUK, mind out, those MC220Ls are 1000M only. no auto negotiation or rate conversion
17:08 <+catphish> oh yeah, i'd personally buy an SFP media converter and the right mosdule
17:08 <+catphish> much more flexibility that way
17:08 < ||cw> ne2k: more reasonably, 10G and 1000B-SX/LX and 100B or whatever are all very different
17:08 < Xtreme> catphish, not 204.204.204.4; 204.204.204.1
17:08 < TandyUK> yeah we already hve the module (in the existing swicth, whill will tempoarily move into the portacabin
17:08 < Xtreme> I cannot ping other IP of development server.
17:09 < ne2k> Xtreme, I gave you seven addresses to ping
17:10 < Xtreme> https://pastebin.com/vv5KLbG3
17:10 < Xtreme> Here. tcp dump. for all pings.
17:10 < Xtreme> This are from Openvpn to development server.
17:10 < Xtreme> from development server to openvpn, it works fine.
17:12 < Xtreme> ne2k, 204.4 can only ping 204.204.204.1 & 172.27.232.2. It cannot ping other addresses.
17:12 < Xtreme> ne2k, development server, ie 204.1 can ping all the IP addresses except 10.1.3.78.
17:13 < Goop> Is it profitable to lay down any more fiber lines in the United States?
17:13 < Xtreme> Guys, I am going to call it a day today.. Its been a long exhausting day..
17:14 < Goop> Xtreme, have a good one.
17:14 < Jonta> Goop: Depends™ on where
17:14 < Xtreme> ne2k, catphish do you have anything for me for today? or lets continue tomorrow?
17:15 < Goop> Jonta, what you said implies there are areas where it is profitable. How would I find where it is profitable in the United States?
17:16 < uxfi> hello
17:16 < Jonta> Figure out who needs it and is willing and able to pay for it, and whether the price they're willing to pay works for you
17:16 < Jonta> uxfi: Hi
17:19 <+catphish> Xtreme: i ran out of time
17:20 < Xtreme> (y)
17:20 < Xtreme> tomorrow. then.
17:20 < Xtreme> thank you very much
17:20 <+catphish> hopefully ne2k can still help if you provided all the dumps and routes
17:20 < Xtreme> catphish, yes did it.
17:20 <+catphish> otherwise, maybe tomorrow :)
17:20 < Xtreme> all route and dump in the chat.
17:21 < Xtreme> but yes, i really prefer tomorrow. Exhausted as well today.
17:21 < Xtreme> But seriously, you both been a great help. and got to learn many things. :)
17:25 < mgolisch> would increase of traffic significantly raise the cpu utilisation of a switch? as it uses some sort of asic for switching i would think it would not
17:25 < Xtreme>  iptables -I FORWARD -i tun0 -o eth0 -s 10.8.0.0/24 -d 192.168.0.0/24    -m conntrack --ctstate NEW -j ACCEPT
17:25 < Xtreme> Do I need to do something like this on development server?
17:26 < k_sze> I'm trying to setup docker-mailserver (https://github.com/tomav/docker-mailserver). But I'm confused when it comes to the DKIM DNS record.
17:27 < k_sze> The script generates a txt file and I was supposed to copy the content of the txt file into the zonefile (if I had access to the zonefile directly).
17:28 < mgolisch> am i wrong in that asumption? they are investigating host generating abornal traffic or something, but i think it just caused because they installed some additional monitoring tools that now bulkwalk the switch in addition to the existing nagios setup
17:28 < k_sze> But I'm using Linode's DNS and I don't have access to the zonefile. I can only edit DNS records through the web UI.
17:28 < k_sze> Am I supposed to copy the value with the parenthesis and double-quotes??
17:28 < mgolisch> in my experience high cpu utilisation was almost always caused by snmp monitoring, any thoughts?
17:37 < k_sze> Is it legal to enclose RDATA in double-quotes? RFC1035 doesn't seem to mention the use of double-quotes, but I have seen scripts that generate a TXT RR with the RDATA enclosed in double-quotes.
17:41 < ne2k> Xtreme, provide the six dumps and I shall have a look
17:42 < ivve> hello guys
17:43 < skyroveRR> hi
17:43 < ivve> anyone here know if other brands other than arista and juniper support lacp fallback
17:43 < ivve> or similar functionality
17:44 < ivve> (for pxeboot/lacp)
17:45 < ivve> and also what the function is called if it exists in other brands (force-on in juniper, lacp fallback in arista)
17:45 < ivve> sorry, force-up for juniper
17:45 < Thuryn> what does "lacp fallback" do?
17:46 < ivve> accessport until lacpdu are passed and switches back and forth in boot allowing pxe to work on a "lacp configured port"
17:47 < Thuryn> most things I've seen work that way, where they fail down to a single link if LACP negotiation fails.
17:47 < Thuryn> k_sze, yes it is legal
17:47 < k_sze> I see.
17:47 < Thuryn> k_sze, "dig microsoft.com txt"
17:51 < ivve> its called edge-port in HPE
17:51 < ivve> apparently :)
17:51 < ivve> wonder what its called in cisco
17:53 < k_sze> odd, microsoft has multiple facebook-domain-verification records. XD
17:55 < regdude> anyone have a .pcap file for a IEEE 802.11F Layer2 update frame?
18:10 <+catphish> i really wish someone would make a clustered filesystem that doesn't suck
18:14 < detha> are you implying all of them are cluster-sucks ?
18:18 < Aeso> catphish, what does 'doesn't suck' really even mean?
18:21 < skyroveRR> Aeso: one that isn't written badly.
18:21 <+catphish> Aeso: specifically, i want something that's easy to dynamically add and remove nodes, doesn't introduce huge file access lag, and handles failures as gracefully as possible
18:22 < detha> pick any two
18:23 <+catphish> so, i've tried OCFS2, i ran into stability problems, i looked at GFS but it seemed to be tied into the complexity of configuring a redhat cluster
18:24 <+catphish> basically, i want it to be fast, reliable, and simple
18:24 < Aeso> catphish, I've had a lot of luck with Ceph in the past, but it probably violates your performance requirements without special consideration
18:26 < detha> catphish: for what type of load? database? archive? VM backing?
18:27 <+catphish> detha: i have 2 use cases: 1) vm backing 2) general small usage, ie web hosting
18:27 <+catphish> ie a cluster of 2 web servers hosting the same site from a SAN
18:27 <+catphish> vm backing can be handled by lvm, so that's not so bad
18:28 < Aeso> catphish, I've done both of those things to great effect on production Ceph clusters
18:28 < detha> vm backing is the difficult one. lots of random writes
18:28 <+catphish> ceph is totally different, it's distributed
18:28 < Aeso> vm backing is easy, you just need a suitably sized writeback cache
18:28 <+catphish> i also tried ceph, it failed to be either simple or fast for me :(
18:28 < Aeso> catphish, I'm not sure I follow. What do you mean by clustered, then?
18:29 <+catphish> but regardless, ceph is distributed, so not what i'm looking for
18:29 <+catphish> Aeso: a clustered filesystem is one where several hosts can mount a filesystem from the same disk
18:29 <+catphish> not to be confused with a distributed filesystem where the data is distributed to multiple disks
18:30 < Aeso> catphish, ah, okay.
18:30 < Aeso> (ceph does that too, but I digress :P )
18:30 <+catphish> i hadnt seen that
18:32 < Aeso> catphish, have you tried GFS2?
18:33 <+catphish> its been a long time since i looked at it
18:34 < Aeso> though I have to wonder if you _really_ need a clustered filesystem
18:34 <+catphish> last time i did, it was heavily dependent on redhat's clustering system, which seemed rather static, non trivial to dynamically add nodes
18:34 <+catphish> i do
18:34 <+catphish> i mean, i can do hacky things with nfs failover instead
18:34 < Aeso> catphish, but why?
18:34 < Aeso> :P
18:34 <+catphish> as above
18:35 <+catphish> the main use case is multiple web servers being able to share the same webroot
18:36 < Aeso> catphish, why do they have to share the same webroot? Are you trying to solve an inter-server communication problem or a update-delivery problem?
18:36 <+catphish> things like wordpress assume they can store user data on the filesystem, so if you want to cluster, you need a shared filesystem
18:36 <+catphish> the first one
18:37 < TandyUK> cant you just nfs/cifs mount /webroot to a single share on the san?
18:37 <+catphish> although the second applies in a way, because again, wordpress, likes to update its own code
18:37 < TandyUK> and make sure your systems keep uid/gid's in sync
18:37 <+catphish> TandyUK: some SANs offer file based shares, in which case, yes
18:37 <+catphish> but most don't
18:37 < iron_houzi> I need to change from tomatousb broadcom router/gw to pfsense netgear sg-3100 .. is it possible to have both devices working alongside eachother somehow and when the new device is configured, I turn off the old device and make minor adjustments to the new device to have everything working as before the migration..?
18:38 <+catphish> i believe netapp supports this, and that would work
18:38 <+catphish> but most san controllers are purely block based
18:39 < iron_houzi> catphish: Were those comments addressed to me?
18:39 <+catphish> iron_houzi: no
18:39 <+catphish> anyway, i'm going home now, have fun
18:40 < Aeso> iron_houzi, for the record, that's a netgate device, not a netgear device :P
18:41 < Aeso> also no, unless Tomato supports CARP
18:42 < iron_houzi> Aeso: thanks, so the only way is to make note of the entire network configuration, replace the device and recreate the config anew?
18:42 < Aeso> assuming you have two external IPs, you could always stand them up side-by-side and just swap the default gateway on the hosts you want to test with
18:42 < iron_houzi> Don't have two WAN ports unfortunately
18:42 < iron_houzi> s/ports/connections
18:44 < Aeso> iron_houzi, I mean you can turn on the pfsense box and configure the interfaces ahead of time, but there's no way to get around the fact that you're going to have to swap the devices and hope for the best
18:45 < iron_houzi> OK
18:57 < ryao> I need to order outdoor rated cables. :/
18:58 < ryao> I have never used outdoor rated cables before now. Is there anything special done at the plug to prevent moisture intrusion?
19:04 < zrx> hello, anyone here know how I can wifi calling to work on a pfsense firewall?
19:04 < zrx> so far I have opened up port 500 4500
19:04 < zrx> and have allowed bogon networks on the WAN
19:04 < zrx> we can get the phone to ring but it won't answer
19:04 < zrx> and egress calling works fine
19:37 < Cmaj6> Question. I have a linux laptop running a server in virtual machine (which is a virtual LAMP). I also have an android device with an application i wrote. All are connected to the same WIFI-network. I can connect from from browser of host laptop to the 'website'  at the virtual machine. I can also SSH into it. Next, I can connect and view my 'site'  from the browser of my Android device. However, I cannot programmatically perform a
19:37 < Cmaj6> HTTP request from the android application to the virtual machine. When i try to send a request to a php file on the VM, i get a 'FileNotFOundException'.
19:38 < Cmaj6> I Also have an exact copy of the database at a remote server (the production server). The application connects fine to that remote server, but not to the local virtual machine server.
19:38 < Cmaj6> Could this be some firewall issue on my host laptop or virtual machine that denies the android app?
19:39 < detha> check your apache logs to see what is is reqiesting
19:46 < Cmaj6> detha, here is the log: https://pastebin.com/r8CJ73j0
19:49 < detha> 500 return code? what is in error.log?
19:52 < Cmaj6> lemme see
19:53 < Cmaj6> :O :O :O :O
19:53 < Cmaj6> detha man it may seem that i found the error thanks to your tip!
19:53 < Cmaj6> In the error log it says call to undefined function at line X in file Y
19:54 < Cmaj6> I opened file Y, looked for line X, and there is a call to a php function mysqli_connect
19:54 < TandyUK> anyone know on a cisco 3020 switch (in a hp bladecenter chassis) how to stop it trying to pull down a config file from the tftp server it can see on the lan?
19:54 < TandyUK> i have 6 of these switches, and theyre just flooding my logs lol
19:54 < Cmaj6> Did a quick google searhc, the first post suggested that that could be due to unsupported php extension. Possible solution: add/uncomment the extension in the php.ini file!
19:55 < Cmaj6> (and come to think of it, after installing php i didn't do anything with the configuration lol...completely forgot about that!)
19:55 < Cmaj6> So i'm going to find the php file and look if the above will work! I'll get back to you!
19:56 < zrx> any one have an idea on how I can get wifi calling working?
20:13 < Whiskey`> ryao: drip loop to keep water from running to the hole and seal it how ever you want, silicone is most common
20:15 < amincd> Hi, not sure if I'm in the right channel. I'm having trouble connecting via HTTPS to a Rails application running with a self-signed cert on an EC2 instance
20:16 < amincd> Any suggestions on or helpful guides anyone can point me to?
20:16 < Jonta> Does it work if connecting via HTTP?
20:16 < amincd> yes it did
20:17 < wind_swept> anyone know of tools to emulate aruba switches?  aside from their SEEL which I think customers can't access
20:18 < Jonta> amincd: Hm. Other variables you can think of to eliminate?
20:18 < amincd> Jonta: let me think on it
20:19 < amincd> I'll go for another dive into the environment, thanks for your suggestion
20:20 < wind_swept> anyone know of tools to emulate aruba switches?  aside from their SEEL which I think customers can't access
20:21 < Jonta> wind_swept: Why don't you make sure customers can't access it first?
20:22 < wind_swept> i've asked our partner, haven't heard back yet.  do you know something i don't?
20:23 < Jonta> Loads. But not about this
20:23 < wind_swept> cocky too i see
20:24 < Jonta> Projecting?
20:26 < wind_swept> calls em like i sees em
20:26 < Jonta> I'll take that as a yes
20:29 < ryao> Whiskey`: What about the connector itself? Isn't water intrusion into an outdoor rated cable a bad thing?
20:29 < ryao> Or can I just buy bulk "outdoor rated" cable, terminate it normally and just use it?
20:30 < BitShack> how can I configure my layer 3 switch to work as layer 2?
20:30 < ||cw> BitShack: that's the default mode
20:31 < ryao> BitShack: Reset it to the defaults.
20:31 < ||cw> a layer3 switch just means it has options for layer 3 things like filtering and routing, it still does layer2 switching when you don't configure those things
20:31 < BitShack> But I cannot access the admin page from the router I connected the switch to
20:32 < wind_swept> BitShack: are you in the same layer 2 subnet as the admin interface?
20:32 < ||cw> that likely has nothing to do with the switch's layer3 features
20:32 < BitShack> i want to put the layer 3 in the layer 2 subnet
20:33 < BitShack> If I connect it to the first port instead of the internet port on the switch, I get it to run as a layer 2. But I want that first port
20:33 < ||cw> BitShack: back up and explain the situation, you've got yourself into a XYProblem
20:34 < BitShack> So I have a Linksys EtherFast 8-Port switch.
20:34 < BitShack> There are 9 ports - 8 client ports and 1 "Internet" port.
20:35 < BitShack> If I connect it to the Internet port, I am not able to access any of the 8 clients or the switch admin page.
20:35 < TandyUK> https://www.amazon.co.uk/Linksys-EtherFast-Cable-Router-8-Port/dp/B000051SGX
20:35 < TandyUK> one of them
20:35 < TandyUK> ie a ROUTER
20:35 < BitShack> but if I connect to a client port
20:35 < TandyUK> with an 8 port switch
20:35 < BitShack> it works just fine
20:35 < BitShack> yes
20:35 < TandyUK> well no shit
20:35 < TandyUK> woudl you want the internet getting t oyour LAN?
20:36 < TandyUK> 8 lan port = lan, wan port = WAN
20:36 < TandyUK> different networks
20:36 < BitShack> ik, but I want to use all 8 ports for clients but make them accessible from the wan without port forwarding
20:36 < BitShack> is there a way to do this?
20:36 < fryguy> how many IP addresses do you have on the wan side?
20:37 < TandyUK> again backup and explain why you think thats what you want t odo
20:37 < BitShack> fryguy, one second lemme do a fingnscan.
20:37 < BitShack> fing scan**
20:37 < TandyUK> if you have an ip block from your isp, you need 1 for the router, and can allocate 1 per device sure
20:37 < TandyUK> id suggest reading that routers manual
20:37 < BitShack> I want to do that so I have all 8 ports on the switch available.
20:37 < TandyUK> it looks like a piece of crap to me
20:38 < BitShack> oh the maunals are no help
20:38 < BitShack> xD
20:38 < TandyUK> so likely neither is the device if you ask me
20:38 < BitShack> so im stuck with 7 available ports or a frustrating peice of crap?
20:38 < ||cw> BitShack: the "internet port" is a separate network.  you might be able to configure routing between the networks, but probably what you really want is to configure the internet port as a lan port, if it allows it, or just don't use the internet port
20:39 < BitShack> piece**
20:39 < BitShack> if i do some work with the static routing tables I might be able to pull thos off
20:39 < BitShack> this**
20:39 < Aeso> where did you find this device? 2001?
20:39 < BitShack> Goodwill >_>
20:40 < ||cw> yeah, IF it allows it. some linksys devices to, many don't
20:40 < BitShack> I'm just going into high school so no money here..l
20:40 < fryguy> just get some used hp switches on ebay, super cheap for 24+ ports
20:41 < Aeso> ^
20:41 < Aeso> get literally anything other than this, it's not what you want for this application
20:41 < fryguy> or, if you don't mind some fan noise, you can get some cisco stuff for very cheap as well, especially if you don't need gigabit, which it doesn't look like you do based on this thing that was linked
20:42 < BitShack> For now I will work with this thing...
20:42 < BitShack> looks like it cant support ddwrt goddammit
20:43 < Aeso> BitShack, you're looking at a SOHO router that's old enough to join the army
20:43 < Aeso> that thing is crying out for a mercy killing
20:43 < TandyUK> if it were a football player, it would have retired by now
20:47 < BitShack> also, is there a way to convert an ethernet cable to the RF-style CATV?
20:48 < Aeso> :|
20:48 < Fieldy> probably not, as there is considerable braided shielding under the jacket. ethernet has no such thing, it just uses specific twisted pair patterns to cancel out interference
20:49 < Fieldy> without those the signal loss and interference would be profound and greatly decrease the distance it can go
20:50 < Aeso> tl;dr yes, but you need an active (read: powered, expensive) pair of modems
20:51 < Aeso> and as anyone around here will tell you, media convertors are the devil
20:53  * Fieldy puts a vampire tap on Aeso sfinger
20:53 < Fieldy> RG-8 baby
20:54 < alexandre9099> hi, would ethernet fail if the cable is low quality or would the speed get lower (DSL style)?
20:54 < TandyUK> generally just fail
20:54 < Fieldy> fail / sporadic working/not working
20:54 < TandyUK> paarticularly when you actually try pushing full data rates over it
20:54 < Aeso> alexandre9099, depends on the nature of the signal degredation
20:54 < qman__> you could ebay some old thinnet gear, if 10mb/s is enough
20:55 < Aeso> devices will often auto-negotiate lower rates, but if the signal is dropping altogether at times, the ports will flap
20:55 < alexandre9099> Aeso, what you mean? like cross talk or external noise?
20:58 < alexandre9099> hmm just tested with iperf3 and it seems quite stable
20:59 < Aeso> alexandre9099, are you worried about run length, or about noise ingress?
20:59 < alexandre9099> about *speed* that goes trough the cable ;)
21:01 < Aeso> 'low quality' cable either meets the spec, or it doesn't. That's the whole reason for the spec, so you don't have to worry about the quality of your cables over the standard run length, install conditions, etc
21:06 < BitShack>  great, the keyword filter on my router/switch doesnt work >_>
21:06 < BitShack> WHYY
21:06 < wind_swept> low quality cable that's installed incorrectly could fail to meet the spec
21:06 < alexandre9099> so, if the cable is for example cat5e compliant it should go up to 100 meters on gigabit without problems?
21:07 < wind_swept> well, any cable installed incorrectly for that matter
21:07 < alexandre9099> BitShack, i guess it would be helpful if we knew what router/switch it is :D
21:07 < wind_swept> ever pull off a wall plate and find > 6 inches of untwisted wires ? hehe
21:07 < Aeso> alexandre9099, there are more specifics about installation than just run length, but in theory, yes
21:08 < alexandre9099> hmm, okey, thanks :)
21:08 < alexandre9099> wind_swept, nope, never saw those, the ones i saw have the pairs almost to where it is suposed to be crimped XD
21:09 < BitShack> its an SMC 8014 WG
21:09 < BitShack> being used as a switch
21:09 < BitShack> not the black one, the blue one.
21:09 < my_mind> Hey
21:09 < BitShack> i also cannot seem to find the admin password to login over ssh and telnet to it. I can login on the webpage though
21:10 < wind_swept> the installation tolerances get stricter with higher ratings for the cables.  i understand it's harder to terminate cat 6 than 5 for instance.  i don't know about cat 7 but i would guess the trend continues
21:12 < my_mind> I have 2 routers connected to each other, Main router LAN port 1 to Lab router WAN port. I set up the WAN ip of the lab router as 10.1.1.2 but when I go to myip.com, I see my real ISP provided external IP
21:12 < my_mind> I wanna see 10.1.1.2
21:12 < my_mind> more info here https://hastebin.com/raw/iwunobavaj
21:12 < my_mind> This isn't the same scenario as I had yesterday
21:13 < wind_swept> my_mind: you can't do that.
21:13 < my_mind> why not
21:13 < wind_swept> myip.com is always going to see your real public IP address
21:13 < Aeso> ^
21:13 < Aeso> NAT is not routing
21:13 < my_mind> hmm
21:13 < wind_swept> you can't use anything in 10.0.0.0/8 on the internet, it's an rfc1918 address, private, internal
21:14 < wind_swept> you also can't just use any ol' IP on your ISP connection
21:14 < Aeso> your lab routers packets hit your main router, it rewrites the packet headers with the external IP, and sends them off to the website
21:14 < my_mind> yeah it makes sense.
21:15 < my_mind> i don't know what I was thinking. lol
21:15 < wind_swept> you can route your traffic through a VPN, a proxy, or TOR though...
21:16 < my_mind> yeah i'm familiar with vpn and tor
21:17 < wind_swept> k
21:18 < my_mind> I'm just experimenting with 2 routers
21:19 < my_mind> seeing what interesting things I can do to seperate them, give them different subnets
21:19 < my_mind> I know I should be using VLANs for that
21:20 < wind_swept> set up ipsec between them
21:23 < my_mind> i'm looking into it, thanks
21:30 < alexandre9099> is there any difference from patch cables to "normal" cables?
21:31 < alexandre9099> from what i read patch cables are the cables used to connect devices
21:32 < my_mind> patch cables are usually less than 10 feet
21:32 < my_mind> its just another name for ethernet.
21:32 < alexandre9099> hmm so "patch" cables are small ethernet cables?
21:32 < Aeso> correct
21:33 < Aeso> it matters less and less these days, but it's worth noting that patch cables are typically straight-through
21:33 < TandyUK> they should also be stranded cablke
21:33 < my_mind> yeah, usually connect patch panels to switches, and ethernet wall plate to computers
21:33 < TandyUK> ie, are more flexible
21:33 < Aeso> as in, not crossover cables
21:33 < TandyUK> crossover cables still exist?
21:34 < TandyUK> mdi0x has been a thing for like 20 years lol
21:34 < TandyUK> mdi-x
21:34 < luminos1ty> crap... i can't figure out why this website my application hits with HttpWebRequest in c# temporarily blocks my IP address. I'm playing really nice with it... I only make a series of 3 to 6 requests every 15 seconds or so, with 2 seconds between requests... kind of like a human would use it. They are using an apache webserver
21:34 < luminos1ty> and all my headers n stuff match normal browser usage
21:35 < Aeso> TandyUK, mdi-x is part of the 1000BASE-T spec, no? I still see new 10/100 devices that don't support it.
21:35 < alexandre9099> well, i usually connect two computers directly (as in my laptop does a bridge between wireless and cable) and my network teachers were kinda impressed because i did not use a crossover cable XD
21:35 < Aeso> Not that both ends _need_ to support it, but still.
21:36 < TandyUK> in the modern age you shouldnt need to (or if you do, it also doesnt matter)
21:36 < Aeso> TandyUK, I see you don't work with industrial controls much :P
21:37 < Harlock> auto mdi/mdi-x
21:37 < UncleDrax> only thign I know about industrial control networking is ModBus is a PITA to work with for no real reason.
21:37 < RearchSesults> how to partition gnu/linux server?
21:38 < RearchSesults> i have leared /tmp is good
21:38 < UncleDrax> RearchSesults: you should first find a linux channel
21:38 < RearchSesults> and also /home and /usr
21:38 < RearchSesults> UncleDrax
21:39 < alexandre9099> RearchSesults, #linux ):)
21:41 < TandyUK> is there a newer cisco config thing than CNA v6?
21:42 < TandyUK> having issues with some hp/cisco 3020 switches... they are well old and need firmware, but memory is too full, and im having a real hard time actually deleting the old shit from their flash using CNA
21:46 < Aeso> TandyUK, not to my knowledge. Most recent I've seen is 6.3.3
21:46 < TandyUK> yeah thats what im using
21:47 < TandyUK> on one swithc, ive deleted enough to upload the new firmware, its now runnig it, but it wont let me delete the old one, or all its html stuff
21:47 < TandyUK> all im trying to do is get into them enough to stop them constantly tftp'ing to the server im trying to setup
21:47 < TandyUK> its causing a lot of pointless log spam atm, as its right, theres no config files for any of these switches there :)
21:48 < TandyUK> ~8 lines per second of logs telling me that, constantly lol
21:48 < TandyUK> they must be polling for changes like every 30s
22:31 < TandyUK> ok, reading here: https://www.cisco.com/c/en/us/td/docs/switches/blades/3020/hardware/quick/guide/3020GSG2.html#wp39520
22:31 < TandyUK> "Ports 23x to 24x
22:31 < TandyUK> Dual-purpose external/internal 10/100/1000BASE-T copper Gigabit Ethernet uplink ports. These ports can be configured for internal 1000BASE-X cross-connection with a corresponding switch module."
22:31 < TandyUK> anyone have any idea how exactly?
22:32 < TandyUK> oh has to be done from bloody telnet
22:32 < TandyUK> i do dislike cisco sometimes
22:32 < Thuryn> *ssh
22:33 < Thuryn> telnet must die
22:36 < TandyUK> no, telnet
22:36 < TandyUK> i agree it needs to die
22:37 < turtle> and people need to stop using it to test if ports are open..
22:37 < Thuryn> it's fine as a port test
22:37 < Thuryn> if you're the admin
22:37 < turtle> no
22:37 < Thuryn> it's not cool when actual logins occur
22:37 < Thuryn> what's wrong with the port etst?
22:38 < Thuryn> *test even
22:38 < turtle> wrong tool. might as well use your pop3 client.
22:38 < Thuryn> ew no
22:38 < Thuryn> telnet tells me things.
22:38 < turtle> use netcat
22:38 < Thuryn> why
22:38 < turtle> right tool
22:38 < Thuryn> why
22:39 < turtle> see pop3 reference
22:39 < Thuryn> neg.  telnet creates a simple connection and shows me the results.  simple.  effective.
22:41 < TandyUK> argh ffs
22:42 < TandyUK> so this is in a hp c7000 chassis
22:42 < TandyUK> the switch has defaulted to dhcp, via its fe0 interface, which is correct
22:42 < TandyUK> but now when i try to set its ip, it just tells me cant do that because it conflicts with the ip on fe0
22:42 < TandyUK> its fe0 im trying to set statically
22:43 < TandyUK> i think a static dhcp lease might be less fucking around tbfh
23:16 < Jonta> Thuryn: Downsides of netcat?
23:19 < TandyUK> anyonehere have a cisco account with active support, who is willing to download cbs30x0-ipbasek9-tar.150-2.SE11.tar  from  https://software.cisco.com/download/home/280348753/type/280805680/release/15.0.2-SE11  and send it to me?
23:19 < TandyUK> i bought 16 of them second hand, and would like to update to the latest (last?) firmware on them
23:21 < TandyUK> newest i can get from hp is SE8
23:25 < GenteelBen> TandyUK, sec.
23:28 < GenteelBen> TandyUK: https://yadi.sk/d/o8rIHUjl3UUUXu
23:28 < GenteelBen> Check the hashes against the ones listed on the Cisco website. Looks the same to me.
23:29 < TandyUK> thanks
23:33 < TandyUK> yup, matches
23:35 < GenteelBen> Then my work is done.
23:51 < BullHorn> can anyone recommend a reliable and up-to-date hosts files that blocks lots of trash on the internet?
23:53 <+catphish> BullHorn: you could also consider a DNS service to do this
23:53 < BullHorn> i dont know any that do that
23:54 < BullHorn> http://winhelp2002.mvps.org legit?
23:54 < Helom> https://tinyurl.com/ya79dnx5
23:56 < tomreyn> ^^ some person who likes to gather ip addresses of irc users.
--- Log closed Fri Jun 22 00:00:08 2018