--- Log opened Sun Jun 24 00:00:11 2018 00:00 < wpwpwpwp> catphish: ah, I see. a dedicated public IP from my ISP, right? 00:00 < jim> is that he.net? 00:00 < tds> there are others though, I think wikipedia had a nice thing of them and what protocols they supported 00:00 < wpwpwpwp> hmmm, the ISP gave me an ipv4 and NAT :/ 00:00 <+catphish> this is all a bit foreign to me, i have thousands of IPs 00:00 < wpwpwpwp> tds: so it could still work with an ipv4 address? 00:01 < Dagger> jim: there's the ULA range (fc00::/7), which is roughly that 00:01 < tds> with other tunnel providers, potentially 00:01 < tds> jim: and link local as well (fe80::/10) 00:01 < jim> so you get 118 bits of host? 00:02 < wpwpwpwp> tds: any free or especially cheap ones? 00:02 < wpwpwpwp> I just want to check my ipcam from time to time :P 00:02 < tds> wpwpwpwp: https://en.wikipedia.org/wiki/List_of_IPv6_tunnel_brokers 00:02 < Dagger> jim: you would normally generate a random /48, and pick /64s from that 00:02 <+pppingme> wpwpwpwp where is your ip cam and what kind of connection exists at that location? 00:02 < Dagger> applying the entire /7 onlink would be wildly silly 00:03 < wpwpwpwp> pppingme: the ipcam is behind a LTE router 00:03 < wpwpwpwp> my smartphone uses LTE, too 00:03 < wpwpwpwp> smartphone shold connect to ipcam through LTE router/connection and access the ipcam 00:03 < wpwpwpwp> it should only stream when I check (which is the case here) - otherwise my plan would be consumed in no time 00:03 <+pppingme> many consumer ip cams have a "call home to mama" feature, in other words, you go to manuafacturers site, not to your cam's actual ip.. 00:03 < wpwpwpwp> pppingme: aha! so they proxy this somehow 00:03 <+pppingme> the marketing term for this is cloud based 00:04 < wpwpwpwp> this particular IPcam got DDNS 00:04 < wpwpwpwp> but it won't help because the NAT :P 00:04 < jim> I'll be back... costco time :) 00:04 < Dagger> (although by "normally" I'm not implying that you'd normally be using ULAs. most of the time you'd just use your ISP global addresses) 00:08 < wpwpwpwp> what you think about this very cheap cloud offer?: https://vrtz.net/vps/vmware/DE/frankfurt/231.html 00:08 < wpwpwpwp> apparently it costs only around ~1 buck per month 00:08 < wpwpwpwp> which is nicely cheap, and it got 1gbit/s 00:08 < wpwpwpwp> hmm 00:08 < wpwpwpwp> limited bandwidth, hmm 00:09 < tds> do you really need >2TB/month for your IP camera? :P 00:09 < wpwpwpwp> tds: https://vrtz.net/vps/openvz/FR/roubaix/325.html 00:09 < wpwpwpwp> this is also cheap and got unlimited 00:09 < wpwpwpwp> tds: no, but when I can pick an offer, why not the best one :P 00:10 < wpwpwpwp> but... can openvz support IPsec ? :O 00:10 < wpwpwpwp> it is a kernel thing from what I heard 00:12 < tds> wpwpwpwp: remember what I said earlier about not using new/dodgy/super cheap providers? ;) 00:12 < tds> I'd suspect those quadhost ones are just on ovh boxes 00:13 < wpwpwpwp> tds: so I need the cheapest KVM box available :D 00:13 < wpwpwpwp> ideally gold plated ofc 00:13 < wpwpwpwp> no, but unlimited bandwidth would be nice 00:24 < Apachez> I feel a disturbance in the force... 00:40 < AaronTTT> Hi all, I have a 12u rack, Its tight on space, I have my main PC rackmounted in there, a virtualizsation server and a storage server in there. Since space is tight, would it be wise to mount the switch behind the patch panel on the other side? or is that highly not recoemnded? 00:40 < AaronTTT> recomended* (excuse my typos :P) 00:44 < Apachez> not recommended 00:44 < Apachez> get another rack or a full size one 00:44 < Apachez> you get cool air in the front and spit it out at the back 00:44 < AaronTTT> ah okay dokay, just checking, cheers :), yeh I did think airflow would be a problem 00:44 < AaronTTT> Heres my curernt design 00:44 < AaronTTT> current 00:45 < AaronTTT> https://imgur.com/a/37KzBCy 00:45 < AaronTTT> The changes so far im making are removing teh power strip away from the networking stuff, and Im toying with the idea of whether to combine the storage and virt servers... 00:46 < AaronTTT> Ive not built it yet. I have the rack and some components 02:12 < ghostboarder> guys, i keep getting "secure connection failed" for a lot of sites, ie. googling from the firefox address bar 02:12 < ghostboarder> latest firefox, latest win updates on win10, same with edge, but chrome is fine 02:14 < ghostboarder> https/ssl issue obviously, but not with all secure sites 02:22 < tds> do you get any more detail in the error than that? 02:23 < tds> untrusted cert, revoked, not valid yet/expired, etc? 02:24 < ghostboarder> ugh now its not doing it 02:24 < ghostboarder> lemme check search history 02:25 < ghostboarder> "ssl_error_rx_record_too_long" 02:25 < ghostboarder> for many secure sites, no rhyme or reason it seems 04:09 < RJ45> I'm curios, is it possible to add a real HDD to Virtualbox in Windows, like I do in Linux? in Linux I can use a command to make a .vmdk which links to /dev/sdx 04:10 < RJ45> if so, when I boot into Windows, maybe I could then make a VM which mounts my Linux drive and shares it via SMB? 04:24 < strixdio> when looking to update a switch... 04:24 < strixdio> there's "IP BASE" and "IP SERVICES"... what's the difference? 04:26 < light> more features 04:26 < strixdio> light: anything "valuable" enough for someone not running an ISP? 04:27 < light> you're not going to use 90% of the features of your switch anyway 04:27 < strixdio> ;) 04:27 < strixdio> you're probably right :D 04:27 < strixdio> oh boy, updating ios is going to be fun. 05:30 < strixdio> so, I'm trying to use ssh for my 3560g, but when I ssh to it, it says, "no matching key exchange method found. Their offer: diffie-hellman-group1-sha1" - how do I change this? google says, "ssh server algorithm encryption [algorithm]" but it's invalid at server? 05:32 < qman__> a quick google indicates that that's a pretty old piece of equipment, so it most likely does not support modern encryption algorithms 05:33 < qman__> your SSH client almost certainly has the older, insecure algorithms disabled, and therefore can't connect 05:35 < qman__> https://www.openssh.com/legacy.html 05:35 < strixdio> ah, great. 05:35 < strixdio> so, telnet or nothing. 05:35 < light> no 05:39 <+pppingme> strixdio "man ssh" 05:44 < strixdio> good point, thanks :) 05:53 < dp> Heyho, I'm looking at getting vnstat on my "gateway" with 1 NIC to stop counting traffic to and from the 10.0.0.0/24 subnet so it stops counting file transfers I perform to/from this gateway and instead only count traffic that goes to+from the 192.168.0.0/16 subnet (where WAN traffic goes to be routed) 05:54 < dp> Since vnstat doesn't seem to support such filters, I was wondering if the Linux networking stack would allow me to create, say, a virtual interface through which all WAN-bound traffic can be routed, then vnstat could count traffic only on this interface? 05:55 < dp> Or, are there other comparable daemons out there for tallying network traffic that /do/ support such filtering? 05:59 < BitShack> Such a thing probably exists 06:00 < dp> Though if I can't get it to work I'll just grab a cheaper USB to ethernet adapter and run an extra cable to the machine, not a big deal 06:02 < Holo> netflow and filter out the 10.0.0.0/24 subnet 06:02 < Holo> :P 06:03 < BitShack> I would like to be taught more about networking 06:04 < dp> lol Holo 06:04 < BitShack> I'm kinda young but I can grasp complex topics (14, anyone younger?) 06:04 < BitShack> Books usually preparebu for some exam so those won't help 06:05 < dp> Holo, I laughed, but it looks like there have been attempts to emulate netflow on Linux 06:05 < Holo> dp https://sourceforge.net/projects/ipt-netflow/ 06:05 < Holo> z;p 06:05 < dp> Yeah, I spotted that too 06:06 < Holo> BitShack cisco CCNA books and lynda.com videos 06:07 < Holo> should give you a good foundation 06:07 < Holo> packet tracer is great 06:08 < BitShack> Will they go in more depth about headers and stuff? 06:08 < Holo> what do you mean? 06:09 < BitShack> I want to write some powerful network tools in c out of this, so I don't look like q script kiddie. School IT thought I didn't make my own programs until they saw I use my school GDrive for backups 06:10 < BitShack> TCP/IP headers and bluetooth maybe 06:11 < BitShack> Always dreamed of 802.11 over BT... 06:11 < Holo> hell no 06:11 < Holo> way too much dam overhead 06:12 < Holo> and we already do something like that with bluetooth wifi tethering with mobile phones 06:12 < BitShack> Anything is possible 06:12 < Holo> lol 06:12 < BitShack> Ik, I can't afford tethering 06:13 < BitShack> >_> I use a BlackBerry Torch 9850 06:13 < Holo> so..... what are you trying to do? 06:14 < BitShack> Idk, I get so many ideas that I don't know myself what I would do 06:14 < varesa> isn't .11 over bluetooth like taking out half of the .11 spec? 06:14 < BitShack> I say 802-11 instead of Wi-Fi 06:15 < Holo> not sure, I never bothered to look into bluetooth, the bandwidth is too low except for fun things like music etc 06:16 < Holo> BitShack assuming the phones dev kit will let you use bluetooth that way 06:16 < Holo> you are better off googling 06:16 < varesa> man, tethering over bluetooth was awesome when you were used to doing it over infrared with a serial port attached transceiver 06:16 < Holo> heh 06:17 < BitShack> $.$ 06:17 < Holo> BitShack do you know the IOS OSI model? 06:17 < Holo> err 06:17 < Holo> ISO OSI 06:18 < BitShack> Heard of it... 06:18 < Holo> if you do not, you should really learn it 06:18 < BitShack> What about it? 06:18 < dp> It 06:18 < Holo> once you know how each layer works 06:18 < BitShack> It what 06:18 < dp> The model itself 06:19 < Holo> you will have a basic understanding and a foundation 06:19 < BitShack> Will everything in my head click and go b00m if I learn it? :0 06:19 < dp> Not really 06:19 < BitShack> Aww 06:19 < Holo> heh no 06:19 < dp> I learned it when I was about your age, BitShack, and I kind of went "yeah so what, isn't this obvious" 06:19 < Holo> it helps big time when troubleshooting issues 06:20 < dp> I never grokked it until recently" 06:20 * BitShack loves those C moments when you learn something and that happens 06:20 < dp> Not until I started actually working on network appliance's software 06:21 < Holo> again this is why i like packet tracer 06:21 < dp> (appliances'*) 06:21 < Holo> you get virtual hands on 06:21 < dp> Holo, Also lots of customers' private data 06:21 < Holo> and there are labs designed to help you understand 06:22 < Holo> Sadly I cant share most of my labs due to NDA 06:23 * BitShack wishes his high school taught computer programming and networking 06:23 < BitShack> :/ 06:23 < dp> You'll do it at university if you go 06:23 < BitShack> I have a bad record so might be hard 06:23 < dp> You still have a few years to improve it 06:24 < BitShack> Ill probably make a failure software company called "The Bit Shack" 06:27 < BitShack> https://github.com/BitShack/PyChat <-- Should I keep this for future opportunities? 06:37 < jackbrown> hello, which are the best PoE surveillance camera ? 06:39 < Holo> jackbrown https://www.cisco.com/c/en/us/products/physical-security/video-surveillance-ip-cameras/index.html 06:39 < Holo> :P 06:39 < Holo> there is no *Best* 06:39 < jackbrown> Holo, are them PoE compatible ? 06:40 < Holo> Flexible power options: The camera supports Power over Ethernet (PoE) 802.3af, 12V DC or 24V AC power through an optional external power supply. 06:42 < jackbrown> Holo, which one do you suggest among them? I see too many models in the webpage you linked I suppose that the 3620/3630 should be fine 06:43 < Holo> you see, thats when you pay me to help you pick 06:43 < Holo> :P 06:43 < dp> consultancy \o/ 06:43 < jackbrown> Holo, do you work in Italy ? 06:43 < Holo> nope 06:45 < jackbrown> Holo, OMG they are fucking expensive, I don't think that thieves need to break into my home if they want to steal, they can just grab the CISCO camera and they will be fine https://www.connection.com/product/cisco-1.3mp-video-surveillance-ip-outdoor-dome-camera/civs-ipc-3630/31605037 06:45 < Holo> ha, these are enterprise grade 06:45 < jackbrown> Holo, how much they should cost instead non enterprise 06:45 < dp> Why should there be a difference? 06:46 < Holo> support 06:46 < jackbrown> dp, yes indeed 06:46 < Holo> etc 06:46 < dp> Holo, Yeah, but surely for security we should all fork out for enterprise grade 06:46 < dp> Or at least the highest we can afford 06:46 < Kingrat> your original question would probably have gotten you plenty of stuff to look at on google 06:46 < Holo> https://www.ubnt.com/unifi-video/unifi-video-camera-g3/ 06:46 < Holo> This is what I would use at home 06:47 < Holo> https://www.ubnt.com/unifi-video/unifi-video-camera-g3-dome/ 06:47 < Holo> if you want a dome style 06:47 < Holo> $150 a unit 06:47 < Kingrat> https://www.google.com/search?q=largest+security+camera+manufacturers 06:47 < dp> Nice 06:48 < jackbrown> Holo, that's ubiquity was already suggested me for the AP in my home seems that it's a good choice with reasonable prices 06:48 < Kingrat> for home, sure unifi is ok, not standard poe though and the unifi video stuff is a bit meh, but it works 06:48 < Holo> ubiquity is good 06:48 < Holo> for the price 06:49 < Kingrat> i would suggest it over like an arlo or a nest, since theres no subscription, but its a little higher investment cost and you pretty much need to run cables 06:49 < Holo> ya, pay more now but save over time 06:49 < jackbrown> Kingrat, sorry ? arlo ? 06:49 < Holo> since there will be no reason to upgrade these things 06:50 < Kingrat> the netgear wireless camera system 06:50 < Holo> Kingrat and the arlo has a nice wakup from motion delay 06:50 < Holo> a brisk walk and they will not power up in time 06:50 < jackbrown> Kingrat, I have very thick walls (50cm) I think that cabled and PoE is the best choice in my situation 06:51 < Kingrat> i dont disagree 06:51 < Holo> plus wired is best for seciruty 06:51 < Kingrat> looking at the other mfgs from the google search i pasted, most of them have more features/nicer cameras, but you will be paying for it 06:51 < Holo> too easy to wifi jam your entire network 06:51 < jackbrown> Kingrat, Holo this system works with batteries ?!?!? 06:51 < varesa> Kingrat: weren't newer ubiquiti cameras standard POE? 06:51 < jackbrown> https://www.amazon.it/dp/B01DVVY81Q/ref=asc_df_B01DVVY81Q53408120/?tag=googshopit-21&creative=23390&creativeASIN=B01DVVY81Q&linkCode=df0&hvdev=c&hvnetw=g&hvqmt=&th=1&psc=1 06:52 < Kingrat> familiar with hikvision and hanwha, they both have cameras that will give you almost full color in low light, better than IR 06:52 < jackbrown> varesa, I want Active PoE camera 06:52 < Holo> then get ubiquity 06:52 < Kingrat> varesa, i believed they were still 24v passive but i could be wrong 06:53 < varesa> Kingrat: hmm, seems that I might be the one that's wrong after all 06:53 < Holo> 802.3af PoE or 24V Passive PoE 06:53 < Kingrat> yeah the arlo, its motion only, and like holo said they dont wake up very quick so sometimes you miss stuff, and youll be swapping 4xcr123 batteries every 3-6mo depending on how often they wake up 06:53 < Holo> I think the old ones were just 24V 06:53 < Holo> the new cameras should be good 06:54 < varesa> nope, there is .3af 06:54 < jackbrown> Basically I have just to connect all those to the switch via Lan cable, and then setup a server with a software of my choice to record and handle the camerass 06:54 < Holo> jackbrown yes you can do that 06:54 < Kingrat> the regular g3 says 24v passive, but it comes with an af to passive adapter 06:54 < varesa> I was looking at some old info, should have gone straight to the spec sheet 06:55 < jackbrown> Kingrat, Holo wake up? I want that the camera system always record maybe usinga 1TB or 2TB hard drive, now they are cheap has ell 06:55 < jackbrown> *as 06:55 < Holo> ... 06:55 < Holo> again 06:55 < Kingrat> if you want to always record consider how long you want to archive recordings for and your camera bitrates 06:56 < Kingrat> youll find that 1-2tb will be eaten up quick if you have more than a few cameras 06:56 < Holo> ubiquity it all the way 06:56 < Holo> ya 06:56 < dp> Hmm iptables netflow doesn't seem to do what I want re. totalling and recording to dsic 06:56 < Holo> I usually like just have record only on motion 06:56 < jackbrown> Kingrat, yes I got 06:56 < dp> Might just be easier for me to stick with vnstat and grab a USB-ethernet adapter 06:57 < jackbrown> Holo, recording only on motion should be fine, but of course the motion detection has to be really quick 06:57 < Holo> jackbrown these are allways on... 06:57 < jackbrown> Holo, ? 06:58 < jackbrown> Holo, what ? what do you mean ? 06:58 < Holo> the netgear arlo was slow because on motion detection, they had to wake up from low power mode 06:58 < Holo> these are always on 06:58 < Kingrat> unifi motion allows you to set how much time before and after the motion event to save, i have mine set at like 10s before and after 06:58 < jackbrown> Holo, ok I got, it's a problem that affect just system similar to ARLO if I cable everything I should be fine 06:58 < Kingrat> so ill see nothing then 10s later a car will drive by 06:59 < Holo> thus why I like the unifi system 06:59 < Kingrat> they are getting ready to revamp their video platform in the future, not many details about the new platform yet 06:59 < Holo> its a simple easy cost effective video system 06:59 < jackbrown> Kingrat, 10 seconds before the motion ? how the camera knows 10 second BEFORE that something is going to move in its viewangle ? 06:59 < Holo> Kingrat oh? interesting 06:59 < Holo> jackbrown ram? 07:00 < jackbrown> Holo, ram ? 07:00 < Holo> its always storing the video in ram 07:00 < Kingrat> the cameras are little computers 07:00 < Kingrat> all ip cameras are basically 07:00 < Holo> so you have like the past 30 seconds 07:00 < jackbrown> Holo, ok I got, basically it's always recording but it delete parts without motion and saves just 10s before and after 07:00 < Holo> it sees motion and sends it all depending on the configuration 07:01 < jackbrown> I got sorry for questio 07:01 < jackbrown> n 07:01 < Holo> jackbrown see https://dl.ubnt.com/guides/unifivideo/UniFi_Video_UG.pdf 07:01 < Gobo708> Hi all, anyone familiar with virtualbox, ubuntu dual config for host-only and NAT? 07:02 < Holo> dual config? 07:02 < jackbrown> Holo, thanks, by the way stop supporting me if you want to charge, I can't pay you from Italy :) 07:02 < Gobo708> Holo, yeah, private network and public internet access 07:02 < Holo> so 2 interfaces? 07:02 < Gobo708> its for a kubernetes cluster 07:02 < Holo> done? 07:02 < Gobo708> yeah 07:03 < Gobo708> so I have added two interfaces 07:03 < Holo> just add 2 virtual network cards, configure and call it a day 07:03 < Gobo708> private 192.168.207.0/24 07:03 < Gobo708> and Nat 07:03 < jackbrown> Do you guys think that it's better to but a NVR dedicated server (expensive) or maybe I can just setup a small server running maybe linux (if there are software for this OS) ? 07:03 < Gobo708> 192.168.1.20 at the moment 07:03 < Gobo708> The private works 07:03 < Gobo708> Nat, not so much 07:03 < Holo> jackbrown better for nvr for ease of use 07:03 < Gobo708> I thought I had setup the interface 07:03 < Gobo708> but cant get it to ping 8.8.8.8 07:03 < Holo> plus you get to access them easly from outside the house 07:04 < jackbrown> Holo, yep 07:04 < Gobo708> or anything for that matter 07:04 < Kingrat> if you go unifi just download their nvr software, or get their appliance (not really recommended >10 cams, older models are 500gb not sure if the newer ones are larger?) 07:04 < Holo> Gobo708 do you have the gateway setup corectly? 07:05 < Holo> Kingrat they are 2 TB now 07:05 < Gobo708> Holo, I think so, it seems pretty straight forward on virtualbox 07:05 < Holo> its a good buy 07:05 < Holo> Gobo708 on the vm 07:05 < Gobo708> Holo, you just add another adapter 07:05 < Holo> yes and is the vm configured properly 07:05 < Gobo708> And Vbox sorts the rest, I though 07:05 < Gobo708> thought 07:05 < Gobo708> Holo, thats what I am not sure about 07:06 < Holo> here is a thought 07:06 < Gobo708> but I can drop the config 07:06 < Holo> you have 2 neteork routes 07:06 < Holo> network* 07:06 < Gobo708> yeah 07:06 < Gobo708> 192.168.207.x 07:06 < Gobo708> and 0.0.0.0 07:06 < Holo> its probably defaulting to your private 07:06 < Gobo708> yeah it might be 07:06 < Gobo708> metric value? 07:06 < Holo> you need to adjust the metric 07:06 < Gobo708> hmm 07:06 < Holo> make the nat one have higher priority 07:07 < Gobo708> lower number is higher priority right? 07:07 < dp> Yes 07:07 < Holo> yes 07:07 < jackbrown> what is ONVIF ? 07:07 < Gobo708> I think they are all zero at the moment 07:07 < Holo> Gobo708 you could also set a default static route 07:08 < Gobo708> will paste the routes 07:08 < Holo> or set 3 routes 07:08 < Gobo708> nevermind, cant paste from Vbox yet 07:08 < Holo> a default, and the other two ranges 07:09 < Gobo708> ok it already has two defaults 07:09 < Gobo708> and all routes are 0 metric 07:09 < Gobo708> so I may have to rewrite the whole table 07:10 < jackbrown> Basically those NVR system are like Router/NAS with an HardDrive inside you log in and handle camera from them 07:10 < Gobo708> I see now why you are supposed to add the Nat interface first ;) 07:12 < Holo> Gobo708 you can always just set the route metrics 07:12 < Holo> and be done with it 07:12 < Holo> tho if you are to do it properly 07:12 < Holo> :P 07:13 < Holo> default static route is the way to go 07:13 < Gobo708> wont that still conflict with the two existing default static routes? 07:13 < Holo> if the metric is lower 07:14 < Holo> you can do things like this is the default route 07:14 < Holo> this is a floating default route that will not be used unless the default route interface goes down 07:14 < Gobo708> ok, so if I set it as a default, then set the metrics on the others 07:15 < Holo> then again i don't know much about linux networking.... just Cisco mostly 07:15 < Holo> Gobo708 if you set it the default by hand it should just work 07:15 < Gobo708> ok, well thanks for your time 07:18 < jackbrown> is this crap ? https://www.aliexpress.com/item/Smar-Full-HD-4CH-1080P-POE-48V-NVR-CCTV-Kit-2-4PCS-2MP-20FPS-Outdoor-IP/32879173240.html?spm=2114.12010619.0.0.98b016e7yjMbDm 07:18 < Kingrat> most likely, yes 07:19 < Holo> its freaking aliexpress 07:19 < Holo> lol 07:19 < jackbrown> :) 07:21 < Holo> let alone software updates for when the software gets pwned 07:23 < Kingrat> Holo, btw re: ubiquiti revamping their video platform https://community.ubnt.com/t5/UniFi-Protect-Beta/bd-p/UniFiProtectBeta only available currently on the ck-g2 beta hardware, no packages/installers yet for the nvr appliance or standalone 07:23 < Holo> nice 07:27 < jackbrown> hey look at these prices http://www.nventawires.it/sorveglianza/ubiquiti-unifi-video.html 07:30 < jackbrown> grand total for my needs is aroun 1000€ not bad https://imgur.com/a/l8xI0MS 07:44 < aditsu> hi, my broadband connection is currently down, so I want to connect through my mobile phone; however, I have a couple of wireless routers, but they don't seem to support connecting to the internet via wifi, what can I do? 07:45 < dnanib> Your mobile phone doesn't have a Wifi hotspot option? 07:45 < aditsu> it does, but I want to share it to a router so I can connect computers with network cables 07:46 < aditsu> now I'm using a laptop connected to the phone over wifi 07:46 < Holo> lets see 07:46 < adleff> aditsu, typically you need to set the wifi router into a different mode so that it will do that for you 07:47 < adleff> workgroup bridge, or extender or something 07:47 < adleff> different consumer products call it different things 07:47 < adleff> go into the wireless settings 07:47 < Kingrat> probably moreso than that, if he just bridges his hotspot on his phone is probably still limited by number of devices 07:47 < Holo> you want something like Repeater Bridge 07:48 < adleff> could be 07:48 < adleff> that's how you'd want to do it htough 07:48 < adleff> *though 07:48 < Kingrat> he would probably need to bridge it to a router or have the router itself connect as a wireless client for the wan interface 07:48 < Holo> Kingrat he could add nat 07:48 < Kingrat> good luck with that 07:48 < Holo> :P 07:48 < Holo> horrid nat 07:48 < Holo> well not nat 07:48 < Holo> nat overdrive aka pat 07:48 < Holo> -.- 07:48 < adleff> I haven't really seen any consumer devices that will connect wirelessly AND provide the router/nat function 07:48 < adleff> so yeah, good luck 07:49 < Holo> adleff every apple router 07:49 < aditsu> yeah.. apparently they don't support this kind of function 07:49 < Holo> I shit you not 07:49 < Kingrat> call your isp and get your internet connection working 07:49 < Holo> the apple airport routers support this 07:49 < Kingrat> limp along with 1, 2, 4, 8 devices or whatever your hotspot supports 07:49 < dnanib> One other option is - my laptop has a SIM card slot. If you are in a GSM country/network and has a compatible laptop you might be set. 07:49 < adleff> Holo, if that is the case, I would refer back to my original statement. put the router in the correct mode 07:50 < aditsu> they will come to check it tomorrow.. 07:50 < Holo> adleff aka some kind of Repeater Bridge :P 07:50 < adleff> a repeater would not mean the functionality you just described 07:51 < aditsu> as far as I can tell, my routers don't support this mode, wanna know the model numbers to check? 07:51 < Holo> most probaly do not 07:51 < aditsu> I wonder if I should install some different firmware 07:52 < Holo> aditsu got a raspberry pi? 07:52 < xtrWrithe> hi, somebody have some linux netlink exercises for NETLINK_AUDIT and related? 07:52 < dnanib> adleff: For example, https://www.amazon.com/dp/B00PVE25KI/ 07:52 < aditsu> Holo: umm, yes? 07:52 < Holo> aditsu got another usb network adapter? 07:52 < xtrWrithe> aditsu: what is your router? 07:52 < Holo> you can use the pi and hostapd 07:53 < Holo> connect to cellphone and nat across 07:53 < Kingrat> Holo, assuming he has a pi3 with weefee and not an older model 07:53 < Holo> indeed 07:53 < Holo> or 2 wifi usb adapters 07:53 < aditsu> xtrWrithe: my main one is a tp-link Archer C1200, I also have a Linksys E2000 and I might find an older one if I dig some more 07:53 < Holo> Kingrat or just 1 adapter and another router :p 07:54 < xtrWrithe> aditsu: so go straight with openwrt on the ac1200 07:54 < adleff> dnanib, that would work, but it's not really the situation 07:54 < adleff> but that would be a nice thing for aditsu to have 07:54 < xtrWrithe> aditsu: which was the original issue? i came later 07:54 < Holo> the things I do to get my Nintendo switch to work on a 802.11x network 07:54 < aditsu> xtrWrithe: want to connect the router to the internet through wifi 07:54 < adleff> ok can we talk about the switch for a minute 07:55 < adleff> why does the marketplace suck dick 07:55 < Holo> how? 07:55 < adleff> I so kinda regret my switch purchase 07:55 < adleff> the games suck 07:55 < xtrWrithe> aditsu: doesnt have repeater mode right? 07:55 < Holo> if you say so 07:55 < adleff> I am unimpressed. I don't think it was the best choice for me 07:55 < adleff> I just wanted Zelda originally 07:55 < aditsu> xtrWrithe: apparently not; also I would rather play with firmwares on the Linksys 07:56 < xtrWrithe> aditsu: openwrt default images comes with web GUI and mostly dont fail on common firmware upgrade from tplink firmware 07:56 < Holo> aditsu I love it because I take it with me to work on dead days 07:57 < aditsu> Holo: you love what? 07:57 < Holo> err adleff 07:57 < Holo> your names are too similer 07:57 < Holo> :P 07:57 < xtrWrithe> same len 07:57 * aditsu changes name to adletsu 07:58 < Kingrat> n/ick aldesu 07:58 < aditsu> the pi is also an interesting idea.. but maybe it would be easier to do it on my computer 07:59 < Holo> probaly 07:59 < aditsu> or.. the laptop 07:59 < Holo> connect computer to phone, share network to ethernet port 07:59 < Holo> plug router to port 07:59 < Holo> share to the rest of the devices 07:59 < dnanib> Here's an option. Turn on hotspot on the phone. Hook laptop to that hotspot. Connect laptop to switch/router/whatever. Setup routing such that devices go via router > laptop > phone > wild west 08:00 < aditsu> yeah that's the same idea ^ 08:00 < Holo> lol 08:00 < Kingrat> and make sure your hotspot network isnt the same network range as your lan, if they are both 192.168.0.x you will have a rough time figuring out why it doesnt work 08:01 < aditsu> Kingrat: actually, it would be obvious that's the reason why it doesn't work :p 08:02 < Kingrat> to us maybe 08:02 < aditsu> anyway, so manual routing setup.. I haven't done this in a LONG time 08:06 < xtrWrithe> recommendations for kernel networking monitoring? 08:06 * aditsu reading https://askubuntu.com/questions/227369/how-can-i-set-my-linux-box-as-a-router-to-forward-ip-packets 08:07 < dnanib> aditsu: as a first step echo 1 > /proc/sys/net/ipv4/ip_forward 08:08 < aditsu> yeah 08:09 < Holo> next step is to flip a table over readinf iptables and install nftables 08:09 < dnanib> For plain routing you don't need iptables etc. 08:09 < Holo> ya, for if you want nat 08:09 < dnanib> iptables is needed if you need firewalling, NAT or both 08:10 < Holo> dnanib I use nftables instead 08:10 < Holo> its readable unlike iptables 08:10 < xtrWrithe> dnanib: thats is userspace bro 08:10 < dnanib> OK. I've been reading iptables for many years that I probably comprehend it better than English :-) 08:10 < xtrWrithe> im learning conntrack as well of nftables 08:11 < xtrWrithe> dnanib: what do you mean? is the netfilter userspace toolset 08:11 < Holo> dnanib hell no 08:12 < Holo> I feel more at home with nftables because I am coming from the Cisco IOS CLI 08:12 < Holo> its similer 08:12 < Holo> makes me happy 08:12 < xtrWrithe> Holo: xD i have to deal with that and quagga for now 08:13 < aditsu> so I did the iptables thing (needed or not) 08:13 < xtrWrithe> Holo: did you tried GNS3 for networking lab? some alternative? 08:13 < aditsu> I think it's working 08:13 < xtrWrithe> aditsu: SNAT the src addr 08:13 < aditsu> xtrWrithe: what do you mean? 08:13 < xtrWrithe> aditsu: also i recommend you to disable the route redirection from ICMP 08:14 < Holo> xtrWrithe I have a shitload of packet tracer labs from official Cisco classes 08:14 < varesa> coming from JunOS and Vyatta/VyOS the IOS CLI is horrible :P 08:14 < xtrWrithe> varesa: it is. 08:14 < dnanib> IOS didn't have many firewalling features except for its ACL-based packet filtering... I came from the PIX/ASA background. Was quite fine with that syntax & iptables's 08:14 < Holo> I wish I could share as there are a lot of good ones but NDA :S 08:15 < xtrWrithe> aditsu: make POSTROUTING jump to SourceNAT from local router ip addr 08:15 < xtrWrithe> Holo: lol priv8 mess 08:15 < Holo> xtrWrithe ehh, I can fire up and practice on my phone if needed 08:15 < Holo> :p 08:15 < aditsu> um.. not sure how and why 08:16 < xtrWrithe> aditsu: iptables -t nat -A POSTROUTING ! -d 192.168.0.0/16 -o eth0 -j SNAT --to-source 1.2.3.4 08:16 < Holo> and this is why I fucking hate iptables 08:16 < Holo> lol 08:16 < xtrWrithe> Holo: wow wowowow 08:17 < aditsu> xtrWrithe: so what does that do exactly? 08:17 < xtrWrithe> aditsu: lol 08:17 < xtrWrithe> aditsu: iptables(8) 08:17 < adleff> why does IOS router automatically insert ipv4 afi statements when all I did was setup v6 afi 08:17 < adleff> http://dpaste.com/1T8TZ5S 08:17 < adleff> why would you have a 'no neighbor activate' under a v4 afi 08:18 < adleff> what is dis shish 08:18 < Holo> bro, I havent touched bgp yet 08:18 < Holo> have fun 08:18 < adleff> I don't think you really need to understand bgp to see that this doesn't make sense 08:19 < adleff> does a config statement with an ipv6 address seem like it belong underneath v4 config sections? 08:19 < xtrWrithe> adleff: specify via "no ->" statements 08:19 < adleff> probably not 08:19 < Holo> https://supportforums.cisco.com/t5/lan-switching-and-routing/neighbor-activate-bgp/td-p/2445181 08:19 < Holo> a quick google 08:19 < Holo> and 08:19 < Holo> wow 08:19 < xtrWrithe> gugl 08:20 < adleff> in case it wasn't clear 08:20 < adleff> that line 7 I didn't type in 08:20 < adleff> the router put it there for no apparent reason 08:20 < adleff> and it seems to be a silly unnecessary config statement 08:21 < xtrWrithe> adleff: because to disable ipv4 entries you must NO them 08:21 < adleff> xtrWrithe, that isn't a ipv4 address 08:21 < xtrWrithe> .... 08:21 < adleff> why does the router put that there 08:21 < xtrWrithe> you dont get the point, hehehehehehhhehejhehehe 08:21 < adleff> apparently not! 08:21 < Holo> there is a lot of old Cisco stuff 08:21 < adleff> my lab works though 08:21 < xtrWrithe> :() 08:22 < Holo> as tech slowly evolves 08:22 < aditsu> xtrWrithe: so... that would be instead of the masquerade? 08:22 < xtrWrithe> Holo: recommend me some good idea for IOS lab 08:22 < adleff> it just triggers the shit out of me that the router put that there 08:22 < Holo> xtrWrithe nat and ACL hell 08:22 < adleff> because a) I don't have any v4 neighbors defined. b) why the fuck would I need a no statement for a fucking v6 address under a v4 family 08:22 < xtrWrithe> Holo: i started CCNA some months ago and seem GNS3 as a good option but i dont like it too much 08:22 < Holo> xtrWrithe packet tracer 08:22 < adleff> why? what's wrong with gns3 08:23 < Holo> and crawl the internet for labs 08:23 < Holo> or 08:23 < xtrWrithe> aditsu: Yes masquerade is for another situations 08:23 < aditsu> anyway, it ain't broken now, so why fix it? :p 08:23 < Holo> buy that mypearson lab thing 08:23 < Holo> via ciscopress 08:23 < xtrWrithe> Holo: no i mean for virtualization setup 08:23 < Holo> packet tracer then 08:23 < Holo> if you want to make your own labs 08:24 < aditsu> I think I'll leave snat for another day 08:24 < Holo> packet tracer should be good enouth 08:24 < aditsu> I'll probably check out openwrt though, it may come in handy 08:24 < xtrWrithe> Holo: and what about security testing? 08:24 < Holo> GNS3 is on the gray side and most people illegally get the images 08:24 < xtrWrithe> i want to touch directly the system 08:24 < xtrWrithe> Holo: cool then 08:24 < Holo> xtrWrithe http://virl.cisco.com 08:24 < adleff> not me. I pay for a virl subscription 08:25 < xtrWrithe> i know that , wont spend 08:25 < adleff> you aren't serious about a career path then 08:25 < adleff> all good things require investment 08:25 < xtrWrithe> i wont be cisco #1 08:25 < xtrWrithe> im doing a reverse engi path 08:26 < xtrWrithe> computer science and other kind of topics related to embedded 08:26 < Holo> for the general CCNA all you need is packet tracer xtrWrithe 08:26 < xtrWrithe> Holo: i know.. but seems limitated at some point, for me atleast 08:26 < xtrWrithe> Holo: cool soft anyway 08:27 < Holo> yes it is but its enouth 08:27 < adleff> if you don't like gns3 then what would you prefer 08:27 < xtrWrithe> simulations ands details are pretty deep 08:27 < adleff> there's eve-ng too 08:27 < xtrWrithe> adleff: dont want to spend 3 days setting up a stable qemu lab 08:27 < xtrWrithe> adleff: i saw too , but it comes with licensing right? 08:27 < adleff> what exactly do you want 08:27 < Holo> xtrWrithe http://www.ciscopress.com/store/ccna-routing-and-switching-200-120-network-simulator-9780789750884 08:28 < Holo> if you want the cert 08:28 < xtrWrithe> adleff: be able to exploit the router, reach kernel ring and that kind of security meaning 08:28 < Holo> this will basically guarantee you for the lab shit 08:28 < Holo> then this is not general CCNA anymore lol 08:28 < xtrWrithe> Holo: ok checking it 08:29 < xtrWrithe> Holo: i guess, but i like to gain time 08:29 < Holo> xtrWrithe it follows the official cert guides 08:29 < Holo> thr lab structure matches the book chapters 08:29 < xtrWrithe> Dont really like cisco gear but is cheaper than fortinet and friends 08:29 < Holo> I never have issues with cisco gear 08:30 < xtrWrithe> Holo: thanks buddy for the lecture 08:30 < Holo> lol 08:31 < Holo> idk if packet tracer can keep up with cisco security 08:31 < xtrWrithe> Holo: no it doesnt 08:31 < Holo> or some of the newer cybersecurity classes 08:31 < Holo> they are next on my list 08:32 < xtrWrithe> OSCP? 08:32 < xtrWrithe> CSSP? 08:32 < Holo> no 08:33 < Holo> CCNA Cyber Ops 08:33 < xtrWrithe> Holo: i have the pdf if you need 08:33 < xtrWrithe> final it says 08:34 < Holo> do not send, pdfs scare me 08:34 < xtrWrithe> k 08:35 < Holo> http://www.ciscopress.com/store/ccna-cyber-ops-secops-210-255-pearson-ucertify-course-9781587147104 08:37 < xtrWrithe> have it thanks! 08:38 < Holo> they warermark your books 08:38 < Holo> soooo 08:38 < Holo> dont share :P 08:38 < xtrWrithe> ok ty for the adv 08:38 < xtrWrithe> love to pirate shit hahah 08:38 < xtrWrithe> they course price is very high i guess 08:38 < Holo> ... 08:38 < xtrWrithe> so i can justify that shit 08:39 < Holo> no you cant 08:41 < xtrWrithe> Holo: its the same bro you know 09:15 < android> legacy still high 09:15 < android> what is the reach? 09:16 < android> not stopping 09:16 < android> only legacy minor 09:39 < android> yeah? 10:00 < Project86__> Is it just as bad to "su" in a user ssh, as it is to ssh into root? 10:06 < Apachez> no? 10:06 < Apachez> hopefully your ssh users cannot do all the shit as the root user can do? 10:07 < xingu> Project86__: rephrase the question as "is it as bad to run a network service that allows remote unprivileged login only as it is to run a network service that allows remote root login" 10:10 < jackbrown> hello 10:10 < jackbrown> between mPCIe module which is better ? Intel or Realtek ? 10:10 < varesa> I'd take Intel over Realtek any day, in any case 10:11 < Apachez> INTEL ANY DAY 10:11 < Apachez> oopsie 10:11 < jackbrown> = 10:11 < jackbrown> ? 10:11 < jackbrown> jackbrown is confused 10:12 < jackbrown> can you help me ? I found this I'd like to buy for my laptop https://www.ebay.it/itm/Intel-Dual-Band-Wireless-AC-7260-mini-PCIe-Wi-Fi-802-11ac-Bluetooth-4-0/173378058985?hash=item285e233ae9:g:qIgAAOSwnpBbLuzF 10:12 < Apachez> jackbrown: what are you confused about? 10:12 < Apachez> realtek is garbage compared to intel 10:12 < Apachez> can it be any more clear to you? 10:12 < jackbrown> but I found on ebay the same 7260MHW model that seesm it has no AC https://www.ebay.it/itm/SCHEDA-WIRELESS-INTEL-7260HMW-BN-802-11bgn-2-4GHz-Bluetooth-4-0-300Mbps-BN-PCIe/142448107897?_trkparms=aid%3D222007%26algo%3DSIM.MBE%26ao%3D2%26asc%3D20170831090034%26meid%3D1a7a3b13cc30469a9fcf41502522a58d%26pid%3D100005%26rk%3D8%26rkt%3D12%26mehot%3Dlo%26sd%3D173378058985%26itm%3D142448107897&_trksid=p2047675.c100005.m1851 10:12 < jackbrown> hwo it's possible ? 10:13 < jackbrown> Apachez, varesa said Realtek and you said intel that's confused me 10:13 < Project86__> Apachez: it can't, which is why I was asking if elevating priveledge in the tunnel, was just as insecure as a tunnel to root. But xingu that does make sense lol 10:13 < Apachez> jackbrown: can you read? 10:13 < Apachez> <varesa> I'd take Intel over Realtek any day, in any case 10:13 < jackbrown> Apachez, sorry 10:13 < Apachez> where does varesa say that realtek is better? 10:13 < jackbrown> Apachez, my mistake! 10:13 < Apachez> fakkin moron 10:13 < jackbrown> Apachez, I don't know why I read I'd take Realket any day 10:14 < jackbrown> Apachez, my fault 10:14 < jackbrown> Apachez, about my question on those 2 modules ? 10:14 < jackbrown> Apachez, do you thin that the 7260HMW ac mPCIe for my laptop will be enough ? I can't find mPCIe of newer board 10:14 < varesa> > varesa said Realtek - Well I did say 'Realtek', not that it was better though :P 10:15 < jackbrown> varesa, my fault I readed badly 10:19 < Atro> readed 10:20 < jackbrown> Atro, read 10:20 < varesa> writed as well as readed :) 10:20 < jackbrown> varesa, written 10:20 < jackbrown> varesa, wrote 10:21 < jackbrown> varesa, yeah sometimes I have trouble with uncommon past 10:21 < Atro> readied 10:21 < jackbrown> varesa, not a native english speaker as you can se 10:21 < jackbrown> e 10:21 < jackbrown> Where are you from guys? 10:22 < varesa> yay for things breaking: a component of a customer production environment *and* another host which is the only way I can SSH into said environment to fix things 10:24 < varesa> Earth 10:27 < Apachez> yeah I would also say earth to blend in... 10:27 < varesa> at least the things broke today... Yesterday and the day before were national holidays which pretty much mean everyone would have been drunk 10:27 < Apachez> national holiday tomorrow? 10:27 < Apachez> which country? 10:28 < varesa> not tomorrow, friday/saturday 10:28 < Apachez> which country? 10:28 < varesa> up here in the cold nordics 10:29 < Apachez> which country? 10:30 < Apachez> Finland Hervanta district 10:30 < varesa> Finland 10:31 < jackbrown> all from Finland? I tought you were american 10:31 < jackbrown> s 10:31 < Apachez> perkelee saatan! 10:31 < Apachez> voine, vittu and rasta muttan is the finish words I know 10:31 < Apachez> are 10:31 < jackbrown> https://en.wikipedia.org/wiki/Finnish_profanity 10:31 < varesa> Apachez: around there 10:32 < varesa> also it's 'perkele' and 'saatana'. Get it right ;) 10:32 < Apachez> oooh ooh and finish summersoup 10:32 < Apachez> koskenkorva in a flowered cup 10:34 < jackbrown> hey guys what about the Intel WiFi I want to buy for my laptop https://www.ebay.it/itm/Intel-Dual-Band-Wireless-AC-7260-mini-PCIe-Wi-Fi-802-11ac-Bluetooth-4-0/173378058985?hash=item285e233ae9:g:qIgAAOSwnpBbLuzF ? 10:35 < jackbrown> actually mine is Qualcomm Atheros AR9485 Wireless Network Adapter (rev 01) 10:35 < light> wireless communication will never take off, you should get a gigabit network port instead 10:36 < varesa> Apachez: where did you get Hervanta from btw? 10:36 < jackbrown> light, I know but where it phisically impossible to have that and 20-40Mbit/secs are enough to do what you need you can use WIFI 10:40 < Apachez> varesa: thats a secret 10:44 * varesa thinks he figured it out 11:04 < shreyansh_k> Hi guys, Can't the host configure it's own IP address from a DHCP server running on itself. I mean, If i run, let's say dnsmasq, on eth0, can't the host OS configure the interface eth0 with the address provided by dnsmasq? 11:04 < shreyansh_k> In other words, is it a hard requirement that the host interface should be statically configured for a DHCP server to work on it? 11:05 < Atro> lol 11:05 < Atro> shreyansh_k: dhcp has a server address in its packets 11:05 < Atro> if you source them from an interface without an ip, that field would be empty, and i think its mandatory 11:05 < Atro> but what you want makes absolutely no sense 11:07 < shreyansh_k> Atro: please pardon my ignorance. I am learning. Thank you. 11:07 < Atro> why would you want a dhcp server getting it's ip address from itself? 11:10 < spaces> Apachez you don't have any secrets, I know them all! 11:10 < varesa> I've managed to do that by accident... Though I think I also had a static IP on the interface 11:11 < spaces> varesa yoyo! also here :) 11:11 < varesa> I was configuring some devices with my laptop by starting a DHCP server on the ethernet interface and routing/NAT for internet access 11:11 < varesa> spaces: yo 11:12 < varesa> at some point I wondered why my laptop lost internet access. Found out that it had requested a DHCP lease from itself, configured a second IP (whatever) and set the default route to itself (boo) 11:12 < spaces> oh he that sucks indeed 11:13 * spaces is building his own openstreetmap server, damn that takes LONG! 11:30 < varesa> spaces: you were using ovirt, right? 11:30 < spaces> varesa yap goind to setup a new env, but just ask :) 11:30 < varesa> has it gained support for organizing VMs to folders? 11:31 < spaces> like you had in your overview ? 11:31 < varesa> yea 11:31 < ellyacht> would either of you konw how to install a package I have downloaded and extracted onto my desktop linuxmint? 11:31 < spaces> sort of but it are clusters 11:31 < varesa> as in.. VM clusters, not host clusters? 11:32 < spaces> you create a cluster, put hosts in it and VM's are bound ot that cluster... 11:32 < spaces> so when you select such cluster you only see those VM's 11:32 < spaces> or even the host 11:32 < spaces> it filters 11:32 < varesa> and hosts can be only part of one cluster? 11:33 < spaces> yes 11:33 < varesa> :( 11:33 < varesa> I just remembered one day the #1 thing I hated while using ovirt 11:33 < spaces> yeah you think so but it's related to networks/sotrage, etc 11:34 < spaces> oVirt is really clustering, vsphere is just... how can we have a customer making it so much flexible for he doesn't even know what we manage anymore 11:34 < varesa> for one thing that's why all my VMs are still named in the reverse hostname like fi-domain-site-vm so that I can at least sort them alphabetically and get all the VMs for a site next to each other 11:35 < varesa> I also figured out I could use the bookmarks to save filters/searches for certain groups of VMs 11:35 < varesa> but still makes doing any group operations from the UI a pain 11:37 < spaces> in vsphere ? 11:37 < varesa> nah, in ovirt 11:38 < spaces> no need, you filer on domain :) 11:38 < spaces> filter 11:38 < spaces> it's just much more powerfull then like windows explorer liek 11:38 < spaces> like 11:38 < varesa> that could work if I had the group in the domain name 11:39 < varesa> like I want to get all the VMs for my prod ELK cluster, I've got elasticsearch{1-3}.site.mydomain.fi, logstash{1-2}.site.mydomain.fi and kibana.site.mydomain.fi, all grouped in one folder in vSphere 11:40 < varesa> then I might have elasticsearch{4-5}.site.mydomain.fi which I haven't finished building/joining the cluster and haven't promoted to "prod" 11:43 < spaces> erm that is possible in ovirt ? 11:44 < varesa> how? (without manually writing/fixing filters/search/what_were_they_called) 11:45 < spaces> use seperate hosts or clusters for it 11:45 < spaces> the sad thing is they removed cluster migration 11:46 < varesa> I don't have that many hosts :( 11:46 < spaces> you could do nested 11:47 < spaces> I agree, you need many hosts but oVirt is a scaling thing not clutter it all together and have an issue when a host goes down like Vmware does :P 11:47 < spaces> bbiab 11:47 < varesa> nested hypervisors? 11:49 < varesa> my Vmware handles host failures just fine :) 11:50 < varesa> quite some time ago when I didn't have monitoring setup, the first place I noticed the effects of a host dying was on a VM where I had a broken nginx config that failed to start after vSphere HA restored the VMs to healthy hosts 11:50 < varesa> and that was like 3 days after the crash 12:23 < spaces> ;) 12:23 < spaces> sounds good 12:23 < spaces> no it's more that oVirt works with reservations to the max if you want 12:24 < spaces> it tries to guarantee you have resources left 12:25 < varesa> there's a setting for that in vSphere too "Enables admission control and enforces availability constraints and preserves failover capacity. Any operation on a virtual machine that decreases the unreserved resources in the cluster and violates availability constraints is not permitted. 12:39 < spaces> :) 12:40 < jackbrown> Hey guys is this switch a good start for my Network home ( AP PoE and surveillance camera PoE) ? CIsco Catalyst 2960 24PC-L 12:40 < spaces> sure it is :) 12:41 < jackbrown> spaces, a good one ? 12:41 < jackbrown> spaces, is this an Active PoE or passive ? 12:42 < varesa> the main ports are only 10/100 so it will be of limited use outside powering slower PoE devices, even for APs it might be slow 12:42 < varesa> but if 100M per devices is enough for you and you can find a PoE model for cheap I'd guess it's decent 12:44 < varesa> you'll also have to take a look at if you need .3af or .3at PoE (one can deliver more power than the other) 12:46 < jackbrown> varesa, I didn't know it was just 10/100Mbit ports 12:47 < jackbrown> varesa, doesn't make any sense if I want to put Unity Access point dual band that should support till 1GB wireles connections theretically 12:47 < jackbrown> varesa, am I wrong? 12:47 < varesa> yeah, wouldn't put fast Wifi on that 12:48 < varesa> it has 2x gigabit ports but I don't know if they're even PoE (probably not) 12:48 < jackbrown> varesa, any suggestion for a good switch Gigabit PoE and that has 16 ports ( I don't need more than that) 12:49 < jackbrown> varesa, or you think I should stick to Ubiquity UniFi even for the switch? 12:50 < varesa> they should serve you fine 12:50 < jackbrown> varesa, here this one for example http://www.nventawires.it/ubiquiti-networks-unifi-switch-16-port-150w.html 13:23 < brutser> hi, in my laptop there is "Qualcomm Atheros QCA8172" but the link is going down the whole time and i am losing the connection. The laptop is lenovo g505, not the newest laptop, but ok. how can i troubleshoot the eth problem? 13:26 < brutser> just small output to give idea: https://pastebin.com/7TKRU3j1 13:31 < Atro> brutser: i've little idea how you can debug link problems 13:31 < Atro> since it's the vague area between the L1 and the driver 13:31 < Atro> so either it's not the nic's fault, but your cable/switch 13:32 < Atro> or its the nic's fault, but theres little you could do 13:34 < brutser> Atro: yes i guess you are right and there are known issues i can find with this atheros chip, but the articles i find are pretty old 13:35 < Atro> Try updating drivers 13:40 < brutser> Atro: yea it's using alx drivers, so not sure how to update those and the laptop is like 2012-2013 13:41 < brutser> perhaps i should try install win10 13:50 < spaces> win 10 is tha bomb! 14:10 < h0dgep0dge> i use windows as my desktop environment, but i kinda hate myself for it 14:11 <+catphish> h0dgep0dge: try something different :) 14:12 < h0dgep0dge> i'm really familiar with linux, and have used linux exlusively in the past, but i always find myself back with windows 14:12 < h0dgep0dge> i'm sure one day i'll try linux again, and it'll finally work well enough to never go back 14:13 < h0dgep0dge> what's the best desktop distro at the moment? 14:17 < compdoc> as if we would tell a windows user our secrets 14:17 < on0moLi> :'D 14:19 <+catphish> h0dgep0dge: you cannot be told what the best desktop environment, you have to try them :) 14:19 < on0moLi> find one that sticks. 14:19 <+catphish> h0dgep0dge: personally i use mint, which is based on ubuntu but with the cinnamon desktop environment, which i really like 14:20 <+catphish> it's quite windowsy 14:52 < camil_toughbook> hello 14:54 < h0dgep0dge> thanks for the tips 14:54 < Apachez> I prefer gnome si I stick to original ubuntu 15:04 < spaces> gnome is perfect 15:04 < spaces> it has been reinvensted 15:04 < spaces> *reinvented 15:05 < spaces> Apachez did Ubuntu ditch that ubuntu One totally ? 15:08 < Apachez> yup 15:08 < Apachez> since 17.04 15:08 < Apachez> err I meant unity 15:12 < varesa> I stopped using Windows as a daily driver the moment I got my PC upgraded so that I could game in a VM 15:13 < varesa> the only thing that kept me in Windows was that I hated closing my stuff and rebooting. That meant that if I dual booted the moment I had to go to Windows for some reason I more or less stuck with it (at least until it crashed) 15:21 < spaces> Apachez I don't use it as desktop anymore as I like Windows 10 too much but that is good 15:22 < spaces> varesa win10 is pretty good 15:24 < hays_> I feel i am missing a rule here for NAT port forwarding https://bpaste.net/show/f4cc22907975 15:26 < varesa> Honestly my top 1 issue with Windows is that it doesn't have the Linux CLI 15:26 < varesa> WSL, cygwin, etc. go part of the way 15:26 < grawity> learn some powershell 15:27 < Apachez> win10 is terrible 15:27 < varesa> Also haven't found a terminal that I really like. One with a nice color scheme, good link handling and no BS 15:27 < Apachez> unless you like getting your privacy raped over and over and over again 15:28 < varesa> I do use powershell for AD and VMware administration among other things 15:30 < varesa> And I think Windows 10 does a lot of things better than 10 but all the telemetry and bloatware are quite stupid 15:31 < spaces> Apachez terrible in what way ? 15:31 < spaces> Apachez privacy ? that is not even cared by Ubuntu @ first place 15:31 < spaces> default it sends all statics to Ubuntu 15:32 < spaces> and also, all tools i use on windows are not there in a decent way for Linux yet... they will be behind forever @ that part I believe 15:32 < spaces> I even ditched OSX because of it 15:32 < Apachez> spaces: its easy cared by in ubuntu 15:32 < Apachez> not so much in windows where it will reset "telemetry" settings upon reboot 15:34 < tds> hays_: if you want to dnat incoming traffic to forward it to something behind the router, then you need a rule for that as well as your snat rule for outgoing connections 15:35 < varesa> I also like to think there is a line between statistics and error reporting used to make the software better 15:35 < spaces> Apachez it doesn't reset it 15:35 < hays_> tds: like this? iptables -A PREROUTING -t nat -i eth0 -p udp --dport 51412 -j DNAT --to 10.7.0.3:51412 15:35 < varesa> And just personal data being sold to advertisers 15:35 < tds> hays_: I don't think you need to bother with the port number on the --to option, if it's the same as the original destination port 15:35 < tds> otherwise that looks fine 15:35 < spaces> i always like the advisertisement discussion and everyone is sharing on their social shit, hey have you seen this ? 15:35 < spaces> I like ads :) 15:36 < varesa> Of course it is impossible to know what the data is used for 15:36 < spaces> I don't care really 15:36 < spaces> I have better things to worry about 15:37 < spaces> people don't want privacy, they only want everything that makes their life more comfortable 15:37 < spaces> privacy is just a reason to be a tard 15:37 < varesa> For example I maintain a few websites that use analytics (self hosted/open source). I don't care a little bit about who the people are or what they do with their life. I just want to know how they use the site/application and how it performs 15:38 < spaces> really when you know where they privacy freedom fighters are talking about behind someone his back for their own profit 15:39 < Apachez> spaces: yes it does 15:51 * dogbert_2 tips over Apachez for lack of anything better to do this morning 15:55 < spaces> Apachez not @ my side ;) 15:58 < jackbrown> anyone here 15:59 < djph> maybe 16:01 < dogbert_2> hey djph 16:06 < Apachez> dogbert_2: if you wanna hug you can just say so? 16:07 < dogbert_2> m00000000000000000! 16:07 < dogbert_2> looks slowz this morning 16:07 < Apachez> im not slow 16:07 < Apachez> Im speed challenged 16:08 < dogbert_2> :P 16:08 < con3> hmm..I'm not sure if this is the right place to ask but I have pgadmin that I want to remotely link to a digital ocean droplet running ubuntu with postgresql, any here that might be able to help? 16:39 < spaces> catphish who was that ? 16:43 <+catphish> dunno, some kind of spammer 16:55 < Apachez> kill him with fire! 16:57 < spaces> Apachez we don't live in the timzone of Robin Hood anymore :P 16:58 <+catphish> i do 16:59 <+catphish> robin hood lived in sherwood forest, which is in the Europe/London zone, as am i 17:00 * Apachez bitchslaps spaces gently 17:22 < xenial64-user> Linux help needed. I created virbr1 which has forwarding route via wlan0. 17:22 < xenial64-user> I ping via wlan0 obviously it works however via vibr1 it does not. 17:23 < xenial64-user> https://unix.stackexchange.com/questions/159191/setup-kvm-on-a-wireless-interface-on-a-laptop-machine/159198#159198 <-- I followed this guide 17:24 < spaces> Apachez harder harder! 17:25 < spaces> catphish so the time stood still @ your place? 17:26 < tds> xenial64-user: what's the current configuration of your interfaces, can you post the outputs of ip addr and ip route? 17:27 < tds> also, are you able to set static routes on the router for the wifi network you're connecting to? that would be much nicer than trying to do proxy arp 17:32 < xenial64-user> yes give me a second 17:32 < xenial64-user> its on another pc :) 17:35 < xenial64-user> https://pastebin.com/fNkRX6Lw 17:35 < xenial64-user> tds: I want to make sure this works no mater what network i connect to. 17:36 < tds> it's a nasty solution, but NATing on the vm host would likely work better than proxy arp :/ 17:36 < xenial64-user> So basically any wifi connection I make should route my vm guest out the proper interface 17:37 < xenial64-user> I would have liked to create a bridge networking via wlan0 like you can do for eth0. 17:38 < xenial64-user> However I couldn't get that working. 17:38 < tds> the issue is that you can't bridge like that with wifi, so you instead have to route on the host and then proxy arp to the rest of the network over the wlan interface 17:39 < xenial64-user> tds: why is that a nasty solution. Sorry networking is not my strong suit 17:39 <+catphish> spaces: no 17:39 < tds> your configuration won't be easily portable to any network, you have to renumber everything when you move between networks 17:40 < tds> and you likely want to run a second dhcp client to avoid picking an address to proxy arp that's already in use 17:41 < xenial64-user> tds: the virtual software runs its on dhcp serve3r 17:41 < xenial64-user> runs its own dhcp server** 17:42 < tds> if you want to get the effect of "bridging" with a wifi interface, you'll need to pick an address to proxy arp, and you don't want to just pick one at random or you may pick one that's already in use 17:43 < xenial64-user> so something in the 172. address space might be best? I am saying that because not many networks use this space. 17:44 < tds> no, you can't just pick some other bit of rfc1918 space without doing nat, you need to use an address from the on-link subnet on the wifi interface 17:44 < xenial64-user> tds: so that is when you are saying if i go to a random wifi i will have to change that each time. 17:45 < tds> yes 17:46 < xenial64-user> tds: ok now i see why its not ideal. As depending on how active the wifi is i could pick someones address that is already in use. 17:46 < tds> yeah, exactly, hence my suggestion of having to run an additional dhcp client 17:48 < xenial64-user> tds: ok maybe i should explain what I am trying to ultimately accomplish and see if there is a better way. 17:48 < tds> sure 17:50 < xenial64-user> I am trying to create a virtual machine that I use just for web browsing. I want to look like a new machine with new hostname, mac address. The goal is to be tracked a little less in this sill world wide web we have now. I would like to have less of a profile and look more random to the world. 17:52 < Atro> lol 17:53 < xenial64-user> Atro: did you like that? 17:55 < Atro> xenial64-user: you can always be tracked via your ISP 17:55 < Atro> so your attempt is kinda useless 17:57 < tds> xenial64-user: that sounds a little useless, but I'd say the easiest solution is to get a usb wifi adapter and just pass that through to the vm 17:58 < varesa> everything will come out of the routers IP/MAC anyway 17:58 < varesa> unless you're talking about public wifi 17:59 < xenial64-user> yes public wifi. but then you can layer on socks proxy, vpn and tor depending on your goals 17:59 < Atro> seems useless but eh 18:03 < xenial64-user> https://www.privateinternetaccess.com/blog/2013/10/how-does-privacy-differ-from-anonymity-and-why-are-both-important/ 18:06 < kamura> yea but running your stuff in a vm isn't going to particularly help you get either of those 18:14 < xenial64-user> Its a start to reducing the use of super cookies and cookies that track. It can be reverted and changed each time at least. Then you can add the layers as discussed in the article to that same machine if you want. 18:17 < xenial64-user> Verse just navigating the web from the host. All the cookies are stored and saved and your fingerprint is the same even if you layer on socks proxy, vpn or tor. 18:23 < kamura> yes but you can just use a brower that doesn't store cookies, doesn't run JS and sends a spoofed user agent 18:24 < Peng_> Which makes you completely unique because no one else does that ;) 18:25 < Atro> yeah but still 18:25 < xenial64-user> Hence just creating a unique vm each time and restoring snapshot before web browsing ever started :) 18:25 < Atro> if i run a hotspot that blocks tunnels whatchu gonna do ? 18:26 < xenial64-user> Leaving off all the add ons 18:26 < xenial64-user> also i realize i am not in /r/privacy :)... So i expect not to have many fans here 18:26 < Atro> its not privacy if i can still find you 18:27 < kamura> exactly 18:27 < Atro> you're too low in this channel, we can find you no matter what VM you use, try the upper floor 18:27 < Atro> and you also mentioned MAC Address, lol 18:27 < kamura> you're painting your shoes a different colour to hide the fact you've got feet 18:28 < Atro> you can get tracked either way, and identifying you is another matter 18:28 < Atro> depends who wants to track you 18:28 < Atro> but this is already /r/paranoid 18:29 < kamura> if some one was actualy going after you the're not going to be useing http useragents 18:29 < kamura> and if your worried a bout general corporate tracking it doens't matter if you stand out 18:30 < xenial64-user> My only goal is to reduce web trackers and advertisers ability to profile me. Nothing more... 18:31 < xenial64-user> i am not at the /r/paranoid level :) 18:31 < kamura> then install firefox with, a coockie blocker , a js blocker and an adblocker 18:32 < weyland|yutani> or use Umatrix 18:36 < Atro> xenial64-user: for example, it is already known that you live somewhere around columbus, ohio 18:37 < xenial64-user> or you think i do :) 18:39 < Atro> well you can say that to anyone 18:40 < xenial64-user> Atro: That is obvious that IRC is not anonymous unless you take steps to come from somewhere else. 19:06 < jackbrown> Hello I'm still struggling to find a good solution to upgrade my Laptop Wifi mPCIe card 19:06 < jackbrown> can anyone help pls? 19:06 < skyroveRR> jackbrown: well, a decent USB wifi adapter, how about that? 19:07 < jackbrown> skyroveRR, why I should plug something into my USB ports if I can replace my mPCIe internal card? 19:07 < skyroveRR> Because a USB wifi adapter would be far better. 19:07 < xtrWrithe> jackbrown: what do you need' 19:07 < xtrWrithe> skyroveRR: that doesnt help and its lazy thinking 19:08 < skyroveRR> I am lazy right now, yeah. 19:08 < jackbrown> xtrWrithe, I'd like to replace my mPCIe card inside my laptop with a newer one, acutally I have a Qualcomm Atheros AR9485 Wireless Network Adapter (rev 01) 19:08 < xtrWrithe> jackbrown: i mean what are your card needs? 19:08 < jackbrown> xtrWrithe, I just bought a FRITZ!Box 7490, i'd like somethin that is able to have more speed and pass a bit more through the walls 19:09 < xtrWrithe> jackbrown: in case is for home use, did you tried setting up the router channel on 3,6,11? 19:10 < Atro> jackbrown: get a screwdriver 19:10 < jackbrown> xtrWrithe, no!! probably that's the best thing to do, of course I have to do that on 2.4GHz right ? 19:10 < xtrWrithe> jackbrown: also, you could increase the ath9k driver txpower, are you using linux or something? 19:10 < Atro> ugrade it 19:10 < jackbrown> xtrWrithe, yes i'm in LinuxMint 19:10 < jackbrown> xtrWrithe, can you help me with this "overclock" "tuning" ? 19:11 < Apachez> if the card and router supports it try changing to 5GHz for less interference from neighbours 19:11 < xtrWrithe> jackbrown: ath9k driver is cool IMHO so you could try iwconfig the wifi device as first 19:11 < jackbrown> xtrWrithe, https://pastebin.com/8PLU5EvA 19:13 < xtrWrithe> jackbrown: spanish? yo tambien 19:13 < jackbrown> xtrWrithe, italian 19:13 < Atro> in b4 his laptop blows 19:13 < xtrWrithe> jackbrown: haha ok 19:13 < xtrWrithe> very low signal quality 19:13 < xtrWrithe> how far is the router? 19:13 < jackbrown> xtrWrithe, on the up floor 19:13 < Atro> lol -71 19:13 < xtrWrithe> and txpower as well but first the other 19:13 < jackbrown> xtrWrithe, I'm just a floor down to it 19:14 < xtrWrithe> LMAO 19:14 < Atro> get an ap down as well 19:14 < Atro> sheesh 19:14 < xtrWrithe> what the hell is that router new? 19:14 < jackbrown> xtrWrithe, and I bought this router because in the reviews they said the pass trhough many floors!! I don't know it it's the router or my Laptop card 19:14 < jackbrown> xtrWrithe, FRITZ!Box 7490 19:15 < Atro> depends what your walls are made of 19:15 < xtrWrithe> jackbrown: its the router bro, lets do a txpower change test, and if that doesnt help we can try to tweak router settings 19:15 < jackbrown> xtrWrithe, here with me near my laptop i have my smartphone, can we check with it if the strengh signal is bad too ? so I can undestand if it's the router or the receivers 19:15 < xtrWrithe> jackbrown: how goes on the cellphone? 19:15 < jackbrown> xtrWrithe, you think the router has a too low signal ? 19:15 < xtrWrithe> as atro said, depends on the walls too 19:16 < jackbrown> xtrWrithe, it's a Xiaomi Mi5 maybe I can install terminal and check same parameters 19:16 < xtrWrithe> jackbrown: termux 19:16 < jackbrown> xtrWrithe, sure I already know that 19:16 < xtrWrithe> c00l 19:17 < jackbrown> xtrWrithe, installing, do I have to run iwconfig command aswell ? 19:17 < xtrWrithe> jackbrown: its the idea for a good comparsion 19:19 < jackbrown> xtrWrithe, here it is https://imgur.com/a/44Ob1NP 19:20 < xtrWrithe> jackbrown: what can we do with that ifconfig, nothing 19:20 < xtrWrithe> iw dev wlan0 station dump 19:21 < jackbrown> xtrWrithe, what else should I have to run on the smartphone to do that comparison ? 19:21 < pikaro> I use a VPN on Debian with an iptables killswitch for privacy reasons but would like to circumvent that with a second browser profile sometimes. I don't have an external server in my country available for proxying, so I'd like to implement that using the same machine. how should I approach this in general? 19:21 < xtrWrithe> jackbrown: the iw cmd i put 19:21 < jackbrown> xtrWrithe, it doesn't recognize iwconfig command 19:22 < xtrWrithe> pikaro: then set up a local proxy for the second profile and filter the proxy 19:22 < xtrWrithe> jackbrown: the comand is: iw dev wlan0 station dump 19:23 < xtrWrithe> jackbrown: as you were a pro user of the termux i guess you did noticed iwconfig isnt avaible for it 19:23 < jackbrown> xtrWrithe, I'm not a pro user I just know it :) 19:23 < xtrWrithe> :( ) 19:24 < jackbrown> xtrWrithe, doesn't recognize the iw command 19:26 < pikaro> xtrWrithe, how would I go about excluding the proxy from the iptables rules? e. g. by tagging packets going into it - does that tag stay when it sends them out again? or define an outgoing port range for it and simply work with that? etc. - of course I need some kind of proxy locally, I just don't know how to do this "best practice" 19:27 < xtrWrithe> pikaro: a virtual interface could help or NAT the proxy 19:27 < jackbrown> xtrWrithe, any idea? 19:28 < pikaro> xtrWrithe, ooh, additional interface is a good idea, thanks! clean and simple 19:28 < xtrWrithe> jackbrown: you may install the pkg on termux 19:28 < xtrWrithe> pikaro: (y) 19:28 < Atro> jesus christ, this channel has the weirdest requests 19:28 < jackbrown> xtrWrithe, i'm installing wifi analizer app too 19:29 < xtrWrithe> jackbrown: good 19:30 < pikaro> Atro, what's so weird about the request? 19:30 < xtrWrithe> Atro: it may be weird to you 19:30 < jackbrown> xtrWrithe, anyway it's -69db on my smartphone so should be the router 19:30 < jackbrown> xtrWrithe, don't you think ? 19:30 < xtrWrithe> jackbrown: its the first i said 19:31 < jackbrown> xtrWrithe, what can we do to increase the router signal ? It should be a good router did you see its specs ? 19:31 < xtrWrithe> enter the router admin panel and take a screen of the wifi related things 19:31 < xtrWrithe> jackbrown: yes look nice 19:32 < jackbrown> xtrWrithe, pls take a look https://imgur.com/a/44Ob1NP 19:33 < jackbrown> xtrWrithe, anyway if you search FRITZ!Box 7490 how to do something there are a lot of tutorial on the offical website 19:33 < xtrWrithe> jackbrown: its the old screenshot 19:33 < jackbrown> xtrWrithe, the problem is that I don't what to search for 19:33 < xtrWrithe> jackbrown: just shows LAN info 19:33 < jackbrown> xtrWrithe, check https://i.imgur.com/IrfHmBZ.png 19:33 < xtrWrithe> jackbrown: Wireless LAN configuration its the topic 19:34 < xtrWrithe> radio channel ? 19:34 < xtrWrithe> english pls 19:34 < xtrWrithe> its hard to me 19:35 < jackbrown> xtrWrithe, https://imgur.com/a/uROHjEl 19:35 < jackbrown> xtrWrithe, it's automatic on both 5Ghz and 2.4 19:36 < xtrWrithe> jackbrown: try forcing 2,4 channel 3 or 6 or 11 19:36 < xtrWrithe> try these 19:36 < xtrWrithe> and be sure that your router applied the changes 19:37 < jackbrown> xtrWrithe, changed to 11 19:38 < jackbrown> xtrWrithe, iwconfig show the same results 19:39 < jackbrown> xtrWrithe, https://pastebin.com/DqK4DTqC 19:40 < xtrWrithe> jackbrown: its also possible that some device in your house is messing the signal 19:40 < xtrWrithe> different microwaves and such 19:40 < xtrWrithe> try the other channels 19:41 < jackbrown> xtrWrithe, I god anyway the value I should ceck is the dBm correct? 19:41 < jackbrown> xtrWrithe, which value I should expect since I'm right beneath the router and there's just a floor ? 19:41 < xtrWrithe> xtheosirian: the networks was in channel 11 already 19:41 < jackbrown> xtrWrithe, I mean for a good connection 19:41 < xtrWrithe> jackbrown: check Frequency & dBm 19:42 < jackbrown> xtrWrithe, frequency it's always around 2.4Mhz because my laptop has no 5Ghz 19:42 < xtrWrithe> jackbrown: atleast 60 19:42 < jackbrown> xtrWrithe, you mean I should go from -71 to + 60 ? 19:42 < xtrWrithe> jackbrown: frequency shows channel , better dont look at that just paste it hah 19:42 < xtrWrithe> no -60 19:43 < xtrWrithe> less is better 19:43 < jackbrown> xtrWrithe, ah ok from -71 to -60 ok 19:43 < jackbrown> xtrWrithe, actual frequency is https://pastebin.com/DqK4DTqC 19:43 < jackbrown> xtrWrithe, sorry is https://pastebin.com/DqK4DTqC 19:43 < jackbrown> xtrWrithe, Frequency:2.462 GHz 19:44 < xtrWrithe> jackbrown: that means channel 11, 2.457 is channel 10 and so on 19:45 < xtrWrithe> https://en.wikipedia.org/wiki/List_of_WLAN_channels 19:45 < jackbrown> xtrWrithe, ok thanks learning 19:45 < jackbrown> xtrWrithe, now I switched to channel 6 let's check it out 19:46 < jackbrown> xtrWrithe, still around -70 -68 an around 19:46 < jackbrown> xtrWrithe, let's try channel 3 19:46 < xtrWrithe> ok after that we change the txpower 19:47 < xtrWrithe> its on 15, normal is 20 and good is 30 19:47 < xtrWrithe> but depends on hardware somethings that doesnt let more than 20 19:47 < jackbrown> xtrWrithe, on the router or on my lan card ? 19:47 < xtrWrithe> wifi card 19:47 < xtrWrithe> oh but wait the router was the thing 19:47 < xtrWrithe> sorry i forgot for a second hahaha 19:48 < xtrWrithe> you will have to find the best channel for now 19:48 < jackbrown> xtrWrithe, i tried 3 6 and 11 they were all the same now I'm setting it to automatic again 19:48 < xtrWrithe> jackbrown: disable 5ghz band and keep trying channels 19:48 < jackbrown> xtrWrithe, can we change TX on my card? or TX just increase transmission so we need to change router's TX ? 19:49 < xtrWrithe> jackbrown: normally router doesnt allow that 19:49 < xtrWrithe> jackbrown: keep trying channels 19:49 < jackbrown> xtrWrithe, OpenWrt they do but this has no OpenWRT firmware avaialbe 19:49 < jackbrown> xtrWrithe, ok 19:49 < xtrWrithe> jackbrown: fritzOS for you haha 19:50 < jackbrown> xtrWrithe, they say it's the best, can't be my old wifi laptop board ? 19:50 < xtrWrithe> jackbrown: you can use: watch -t -n 1 'iwconfig wlan0' so you monitor freq 19:50 < xtrWrithe> and you change the freq on the router while you see if takes good effect 19:50 < xtrWrithe> im back on 10-15min 19:51 < jackbrown> ok thanks 19:54 < Atro> in the end, besides changing channels and tinkering his adapter, there's nothing he can do 19:57 < roxlu> Hi, I just learned that an UDP socket can change it's source IP after you've bound it with INADRR_ANy. I had no idea this was possible and I'm wondering how to make sure it doesn't change? 19:57 < jackbrown> Atro, I don't undestand why since I'm just beneath the router I have this bad signal 19:57 < detha> Atro: he can mount the client device in the focal point of a 1m dish, aimed at the router 19:57 * Atro slaps detha with a paperfoil bat 19:57 < Atro> shit *aluminum foil 19:58 < detha> paper-clad tin? 19:58 < Atro> jackbrown: 1. because the AP is unidirectional and it's meant to go horizontally, not vertically. 2. cement 19:58 < detha> 3. reinforcement bars 19:59 < jackbrown> Atro, but in the review seems really that it does exactly the opposite 4 floor down and he was able to pick up the signal! 19:59 < Atro> jackbrown: yeah, it is 4 floors down, in a cardboard house 19:59 < jackbrown> Atro, https://www.youtube.com/watch?v=JOza_zJa3B8 20:00 < jackbrown> Atro, seems a common building, my home has very thick wall (50cm) but I'm not trying to reach the router through the walls but beneath it throug the floor that should be standard as a normal building 20:00 < Atro> jackbrown: i don't see a proper wireless survey 20:00 < Atro> i only hear his words 20:00 < jackbrown> Atro, can you see the video? 20:01 < Atro> jackbrown: im talking about this stuff : https://www.syscomm.ca/wp-content/uploads/2015/06/wirelesssurvey.png 20:01 < jackbrown> Atro, ah ok those are pro tests 20:02 < Atro> yeah but its the only proper way to assume signal penetration 20:02 < Atro> oh, and jackbrown , are you on 5ghz ? 20:02 < Atro> ah nvm you're on 2.4 20:02 < jackbrown> Atro, of course not, 5Ghz can't reach here, the router automatically switch on 2.5Ghz and anyway my laptop has no 5GHz connectivity 20:05 < Atro> heh 20:05 < jackbrown> I want to reboot my router 20:05 < Atro> do it 20:05 < detha> well, if one assumes the router has a fairly 'flat pancake' radiation pattern, putting the router on its side should work 20:07 < Atro> i think signal penetration is one of home router's biggest lies 20:13 < Holo> Why you get a mesh networking home router setup 20:14 < Atro> i think you ate some commas 20:14 < Holo> I am hungry after all 20:18 < quantum> Anyone know how to download a dynamic website? 20:19 < compdoc> write them an email asking for code 20:19 < quantum> (that's no help) 20:19 < compdoc> ! 20:19 < detha> then the answer is: "often" 20:21 < Atro> easy just GET everything 20:23 < spaces> compdoc wow long time no see! 20:30 < quantum> A wealth of info... :/ 20:31 < quantum> And wget -r -k -l 7 -p -E -nc doesn't work. Just gets one file. 20:31 < quantum> It can't construct pages with javascript. 20:36 < Apachez> stop killing ducks to make duck tape! 20:37 < quantum> No such thing as "duck tape". 20:38 < detha> https://www.duckbrand.com/about 20:38 < quantum> Got the picture. Nobody knows. 20:39 < Atro> ye 20:39 < Atro> and i wouldnt even want to know 20:43 < detha> Also, wtf would one use cupcake-scented duck tape for? 20:47 < Atro> cause it smells nice 21:12 < xtrWrithe> jackbrown: so what happened? 21:16 < jackbrown> xtrWrithe, I just closed the laptop that was really nearby the router and it was connected to it 21:16 < jackbrown> xtrWrithe, now I have -65 21:17 < jackbrown> xtrWrithe, file transfer is 6Mbyte/second around 50mbit then 21:17 < jackbrown> xtrWrithe, what do you think ? 21:18 < jackbrown> xtrWrithe, I think that I have to place the router on the wall, it's to messed near another laptop and cables and disoderd 21:19 < Harlock> you shoudl be able to look up the radiation pattern of the router if it has internal antennas 21:20 < jackbrown> Harlock, how? 21:20 < jackbrown> Harlock, anyway the FRITZ!Box has a very complete interface and I really don't know how to use it completely 21:21 < Harlock> the specs of the unit shoudl have the pattern 21:40 < xtrWrithe> jackbrown: yes try to setup the router in another place 21:40 < jackbrown> Harlock, do you think that replacing my internal WiFi laptop card i can have more bandwith ? 21:40 < jackbrown> xtrWrithe, mostly is that the problem 21:41 < jackbrown> xtrWrithe, actually moving a bit the router I reached almost 50Mbit on the WiFi, the problem is that soon i'll have a 200Mbit DSL connection, and I will not be able to use it with my laptop if i'm limited to 50Mbit Am I wrong ? Is there a workaround ? 21:42 < jackbrown> my actual wifi card Qualcomm Atheros AR9485 Wireless Network Adapter (rev 01) 21:46 < buu> Anyone know of a good udp based file transfer program designed for high speed wans? 21:49 < Wulf> buu: maybe your web brower and a web server with QUIC support? 21:50 < buu> Wulf: is that what google's http spdy got turned into? 21:54 < jackbrown> Question: My Internet Provider, provide a router aswell and seems that I cannot avoid using it, since I'd like to user my FRITZ!Box I want to connect that to my IP router. 21:54 < jackbrown> Question: Is it better to connect it using a different subnet mask or the same subnet mask ? 21:56 < varesa> There is really no need to use anything but /24 in a home network 21:56 < tds> s/24/64/ :) 21:57 < varesa> I'd wish :) 21:57 < jackbrown> ? 21:58 < varesa> A /24 network is 255.255.255.0 mask 21:58 < jackbrown> varesa, sorry but I'm a bit dumb: if the main router has for example 192.168.0.X is better that I configure the FRIT!Box to stay in the same range 192.168.0.X or to have a different one 192.168.178.X for example ? 21:59 < varesa> Ah, subnet is not the same thing as the mask 21:59 < jackbrown> varesa, that's my ignorance 21:59 < varesa> Mask just defines the size of the subnet 21:59 < jackbrown> varesa, 254 ip adresses ? 22:00 < varesa> If you have ISP - router1 -(subnet1)- router2 -(subnet2), you have to use different subnets 22:00 < jackbrown> varesa, nevermind I should study before ask, once I knew more but I forgot 22:01 < jackbrown> varesa, ok but I could use the same subnet if I disable DHPC on my router and I assign it an IP in the ISP router's subnet. correct ? 22:01 < jackbrown> varesa, for example if the ISP router subenet is 192.168.0.X I can assign to my router 192.168.0.2 IP 22:02 < Wulf> buu: no, but it's related. spdy became http/2 22:02 < varesa> You can't as long as client devices don't have a direct connection to the first router 22:03 < jackbrown> varesa, if all client devices (laptop or watever) connect to the router and I assigned to the router an ip in the same ISP router subnet it will not work ? 22:03 < varesa> If you only use a router as an access point (disable DHCP and routing/NAT) then you can use a single subnet 22:03 < spaces> everyone sexy ? 22:03 < jackbrown> varesa, ok exactly 22:03 < spaces> except Apachez because he wants to be a seperate loner 22:03 < varesa> But then it is no longer a router :) 22:03 < buu> Wulf: I'd need something I could run cli on a headless debian box 22:04 < jackbrown> varesa, but do you suggest to do that ? Or to use the router subnet to use it's ffirewall and DHPC would be better? 22:04 < varesa> Double NAT by chaining two consumer routers is almost never good 22:05 < tds> if you want to replace your ISP's default router, you'll have a much better time if you can replace it with a plain modem rather than stacking more routers/NAT 22:05 < tds> ^ what varesa said 22:05 < varesa> You might be able to turn the ISP router into a dumb bridge/modem and then use your own as the actual router in your network 22:06 < jackbrown> tds, varesa I'd like to replace my ISP router but it seems that it's impossible, they even handle the voice via VOIP, I should steal all the settings from that router maybe clone its MAC address then try to configure my FRIT!Box 22:06 < jackbrown> varesa, ah ok that's a good idea but I don't know how to do that 22:07 < tds> what's the model of that router? 22:07 < jackbrown> tds, the one from my ISP ? 22:07 < tds> if you have access to the admin interface, there may be an option to enable "bridge mode" or similar 22:07 < tds> yes 22:07 < spaces> I want pizza 22:08 < varesa> The games nowadays make me think I should ask for the gigabit internet... 22:08 < jackbrown> tds, they call it "FastGate" but it should be some brand router adapted to my ISP I don't know which one 22:08 < varesa> stupid 50-100G downloads... - _- 22:08 < somnambulus> i really don't think "the games made me do it" is a valid excuse ever lol 22:09 < jackbrown> anyone recognize the brand of this router ? https://fastweb.it/myfastpage/gfx/assistenza/kb-sf/media/files/Manuali%20modem%20Fastweb/FASTGate/Fastgate.jpg 22:09 < varesa> I could even get symmetric gigabit by just calling a certain network admin but I'm sure he has better things to do :P 22:11 < somnambulus> trust: they never have better things to do - but they will pretend :D 22:12 < tds> jackbrown: a quick google search suggests it's not possible to use that as a modem, you may be able to replace it with your own though 22:12 < jackbrown> tds, ? 22:12 < tds> if you want to use your own router, you probably want to use a plain modem rather than sitting it behind another router 22:12 < tds> as mentioned earlier 22:13 < jackbrown> tds, yes as i told you it's not that easy, they have a MAC check and I need VoIP configuration data that they don't share 22:14 < jackbrown> tds, anyway on the main ISP router I found the way to disable its DHPC, does it means that it will turn it into a bridge Modem ? 22:14 < tds> no, it will continue routing and doing NAT 22:15 < varesa> Nah, DHCP is a completely independent service 22:16 < varesa> Bah, my IRC relay is lagging today... 22:16 < jackbrown> the tds idea of turnin it into a bridge modem is good but I don't think that can be done. 22:16 < jackbrown> anywy i have to go now thanks for all the support! 22:16 < tds> if you're able to add static routes on their router, that would at least allow you to run your own router behind theirs without double NAT 22:17 < varesa> But if you still depend on the ISP box for NAT/routing, is there much benefit? 22:17 < varesa> Well I guess better firewall/access control if you need it 22:17 < tds> yeah, depending on the features of your own router you might benefit a bit, but it's rather pointless 22:19 < tds> also looks like that ISP might be doing cgnat, which is a bit rubbish :( 22:19 < varesa> I'm glad we've got FTTB and plain ethernet from the ISP switches with no BS required to the apartments 22:19 < Apachez> varesa: ftw 22:20 < varesa> Only issue is that IPv6 is only SLAAC :( 22:20 < Apachez> will be tricky when doing 10G upgrade thou 22:20 < Apachez> dunno how far those 15 year old cat5e cables and connectors will last 22:20 < tds> my home network is pretty much stuck behind NAT, I just run VPN tunnels out to other routers though 22:21 < varesa> I think it'll be quite a few years until >1G internet becomes a commodity 22:21 < varesa> Because you need to renew basically everything 22:21 < tds> 80Mb/s VDSL is pretty much the standard here, so still quite a long way off 1G 22:22 < tds> still, not too bad going for basically retrofitting on an ancient copper network 22:22 < varesa> My home network has one virtual router that does NAT and talks DHCP with the ISP + OSPF to a HA pair of routers that are my internal firewall (terminates most of my VLANs) 22:23 < varesa> WAN will be gigabit once I get around to request they configure it, LAN is 10G 22:24 < jason85> If a host receives and answers an ARP request, does it automatically cache the arp data of the sender of the request? 22:24 < tds> oh, very shiny, my home lan is still only 1G 22:24 < varesa> Then I've got another virtual appliance with its own public IP that terminates my IPsec tunnels talking BGP to other sites and OSPF to the internal firewall 22:25 < tds> ah, I run something vaguely similar with a bunch of remote sites all tied together with VPNs and then VPNs back to my home network as well, that's all BGP internally and externally though 22:26 < tds> it is nice being able to just power down a router causing issues and not care about it though :) 22:28 < varesa> It used to be all a single big OSPF domain but I wanted to lab and practice BGP a bit so I converted the hslf of it over 22:29 < tds> heh, yeah, very similar situation here 22:29 < varesa> Definitely taught me a few things that can go wrong :P 22:29 < tds> though I'm also now taking full v6 tables, so BGP internally is necessary 22:32 < spaces> my donkies are yelling like they are having an orgie all over the area 22:35 < spaces> other ones are joining the yell... wtf 22:36 < spaces> and my dog now steps on the bed @ the other side of the bed instead of the end of the bed... animals... they think they have too much privileges these days :P 22:37 < compdoc> feed the donkies to the dog, then eat the dog. all issues solved 22:37 < spaces> I already have hotdog suasages in the fridge 22:38 < spaces> andmy fridge is not that american selffish asshole huge 22:38 < compdoc> so you arent prepared 22:39 < spaces> for whay ? 20L icecream like all americans seem to have in stock ? 22:39 < spaces> *what 22:39 < compdoc> I have none 22:39 < Apachez> how would you otherwise survive the first weekend of a nuclear holocaust? 22:39 < spaces> the BBQ in about 3 year ? 22:39 < Apachez> crying in front of the tv while eating melting icecream 22:39 < Apachez> ftw... 22:39 < compdoc> sounds good to me 22:39 < Apachez> 20L is then a bare minimum 22:39 < spaces> Apachez you dumbfuck :P 22:40 < Apachez> spaces: dont fuck dumb people, you might impregnate them :S 22:40 < Apachez> I have enough of gorbies in my fridge to probably survive 1 week on just them alone 22:40 < tds> varesa: btw, if you're running an actual network with public v6 space + a public asn, and are sufficiently bored, I'm open to peering via a 6in4 tunnel/similar ;) 22:41 < Apachez> as long as I have power to keep them at below -18C and then the power to the microwave to heat them up 22:41 < spaces> Apachez I have a dog next to me in bed, she has claimed the full half at minimum, so I doubt if there is any change that someone dumb will come by 22:41 < Apachez> 1minute per gorby :) 22:41 < Apachez> nomnomnom 22:41 < spaces> gorbies ? 22:42 < varesa> tds: unfortunately I don't have an ASN/public IP space :( 22:42 < tds> ah, ok :/ 22:42 < spaces> Apachez gobies sound dumb 22:42 < Apachez> gorbies are nomnomnom 22:42 < spaces> you are eating dumb creatures ? 22:42 < spaces> Apachez only dumb women always do nomnomnomnom 22:43 < Apachez> like a wheat pirog with seasoned ground beef 22:43 < varesa> RIPE membership for the ASN is a little bit too much for me 22:43 < spaces> yeah it's expensive 22:43 < tds> no need for ripe membership for an asn/v6 pi space, you just need to find a friendly lir who's willing to sponsor it 22:44 < qzo> Hey guys, I just virtualized my firewall, and I now think that may have been a mistake, because if it breaks, I have no way to access it because it defines the management interface VLAN for the proxmox host 22:44 < Apachez> they claim to also contain cheese but I have never seen any 22:44 < Apachez> other as a brief topping on the edges of the pirag 22:44 < Apachez> -a+o 22:45 < tds> qzo: just give your desktop/whatever a port on the management vlan so you can get back in when you break everything 22:45 < spaces> ok sleep well 22:45 < Apachez> https://www.torebrings.se/produkt/gorby-original-kottfars-ost-dafgard/1231410 22:46 < varesa> Ooh, I knew you could (and in many cases should) get the IP space from a LIR but I didn't know you could get an ASN from them as well 22:46 < qzo> tds: right now, the management VLAN is 100% software defined unfortunately. It looks like I will have to actually assign a physical NIC to it 22:46 < tds> qzo: ah, so your management vlan is internal to the host, and you get to it via a router running on the same host? 22:47 < qzo> tds: yep, thats it 22:47 < qzo> I will just need to get another PCIe 1000baseT card so that I can fix things when they go wrong 22:48 < tds> I run something similar on one host, my trick there is that I have remote management to get a console on the host, and I also have a serial port attached to the vm so I can get a console on the router from the host 22:49 * varesa thinks of bugging the network admin about some IPv6 space ;p 22:49 < tds> did you say they only do slaac, no dhcpv6-pd? :( 22:49 < qzo> tds: I could do that, but my host is proxmox, and most of the actual management would have to be done through the crappy web interface, so I need more than a serial cable 22:49 < varesa> tds: yes :( 22:49 < tds> qzo: that host is proxmox as well, you can happily manage it (or at the very least normally fix it) from the cli 22:50 < qzo> tds: really? I will have to take a look through that. I just switched over from Xenserver, but it didn't seem to have as many CLI management options 22:51 < tds> pve is pretty much just debian with some fancy perl scripts to wrap qemu and lxc 22:51 < tds> you can use their "qm" cli tool to manage VMs, and "pct" to manage lxc containers 22:51 < tds> qm attach get s you a serial console for a vm, pct enter gets you a console in a container 22:51 < qzo> oh sick 22:52 < qzo> I will have to read the documentation a bit 22:52 < Atro> ^ THIS GUY RTFM'S 22:54 < tds> the pve docs + wiki are actually pretty good 22:55 < tds> and worst case scenario you can just go and grep through the source 22:57 < Apachez> more would if the M's was filled with porn 22:57 < Apachez> were 22:57 < Apachez> was? 23:11 < Atro> wat --- Log closed Mon Jun 25 00:00:12 2018