--- Log opened Wed Jun 27 00:00:15 2018 00:06 < thatlizdude> do you guys know if there is a way to convert IPv6 to IPv4? I've found a VPS that only supports IPv6 but I wanna host a website on it and make it accessible to everyone 00:06 < Dagger> that's not really how it works 00:07 < Dagger> if it was, then we wouldn't need v6 00:07 < B0g4r7> I found this today: https://imgur.com/a/bXjOT8R 00:07 < B0g4r7> D'ya think I can just change the patch cables for the proper ones, or did the ferroules likelu collide and get damaged? 00:07 < thatlizdude> or can Cloudflare do something about it? 00:07 < Dagger> although if you check, I suspect that VPS probably comes with the ability to host websites on v4 via haproxy 00:08 < B0g4r7> (SC UPC was plugged into SC APC) 00:08 < thatlizdude> so how would haproxy do that? 00:09 <+catphish> yes cloudflare can likely do it 00:09 < thatlizdude> I'm trying to figure out if it's worth paying cheaper for IPv6 only 00:09 < Dagger> by listening on a v4 IP, inspecting Host:/SNI and reverse proxying to a configured v6 address 00:09 <+catphish> the vps can't do it on its own, the provider may provice an http proxy 00:09 <+catphish> Dagger: the host doesn't have ipv4 00:10 <+catphish> thatlizdude: i'd suggest cloudflare or similar 00:11 < Dagger> catphish: he only said the VPS doesn't have v4. I suspect the *host* does 00:11 <+catphish> well its not his host so that doesn't help, unless they provide this as a service 00:11 < thatlizdude> it's Vultr btw 00:11 < thatlizdude> the $2.50/mo plan 00:12 < Chummly> Hi. I'm having trouble with my Edgerouter X and Netgear modem. It was fine an hour ago, then I noticed that my phones Wi-Fi noted that internet may not be available. Indeed, as my laptop was experiencing the same thing. I plugged my laptop directly into the modem, rebooted, 00:12 < Chummly> called Comcast, who had to reprovision it in order for me to ping from my laptop. 00:12 < Dagger> catphish: "as a service" was what I was attempting to suggest 00:12 < E1ephant> 1) don't make rebooting the first step imho 00:13 < E1ephant> should be the last step 00:13 <+catphish> Dagger: ah ok 00:13 < thatlizdude> so what would I need to do with Cloudflare to make it work? 00:13 < thatlizdude> I've never used Cloudflare 00:13 <+catphish> thatlizdude: nothing special, just configure a site and point it to your ip 00:13 < Chummly> However, after rebooting the edgerouter X, I'm still not able to connect with an ethernet cable from the X to my laptop. 00:13 <+catphish> it's really easy 00:14 < E1ephant> cloudflare hand holds quite well 00:14 < E1ephant> even at the free tier 00:14 < thatlizdude> so it'll generate an IPv4 for me or what? 00:14 <+catphish> then you point your dns to cloudflare, they'll help you as E1ephant says 00:14 <+catphish> thatlizdude: yes 00:14 < E1ephant> more like DNS that points to many IPs 00:14 < E1ephant> but yes 00:14 <+catphish> yeah, lots of IPv4 addresses around the world 00:15 <+catphish> but they'll explain how to point your dns name to them and they'll do the rest 00:15 < thatlizdude> ok I'd set my DNS in nginx (which I've never used either) to Cloudflare, and in Cloudflare I would put my domain somewhere? 00:15 <+catphish> nginx has nothing to do with dns so no 00:15 <+catphish> you point your dns to cloudflare, and then cloudflare to your ip address 00:16 < E1ephant> poo poo ka-chooo 00:16 < thatlizdude> nginx is the server that will serve my files no? 00:16 <+catphish> yes 00:16 < E1ephant> that is HTTP/HTTPS 00:16 < E1ephant> DNS is a different protocol 00:16 < thatlizdude> uhh so where is that set 00:16 <+catphish> you configure nginx to serve your files 00:16 < E1ephant> at your registrar? 00:16 < thatlizdude> ohh ok 00:16 <+catphish> dns is configured with your domin registrar, yeah 00:17 <+catphish> cloudflare will host dns for you, you just need to point the domain registry to cloudflare's dns servers 00:17 < E1ephant> you have to delegate the entire name to their servers 00:17 < E1ephant> last I checked they didn't do split names, they have to auth it. 00:17 < thatlizdude> ok sounds pretty easy 00:17 <+catphish> they do almost everything, you just need to configure your web server (nginx) and follow cloudflare's instructions 00:17 < E1ephant> but it has been a few years 00:18 < thatlizdude> the harder part might be using nginx with Node.js 00:18 < E1ephant> yeah I imagine if you pay, you can host your own DNS 00:18 < E1ephant> but really not sure 00:18 <+catphish> E1ephant: they'll do anything if you pay :) 00:18 < E1ephant> that sounds like it would be very well documented re: nginx and node 00:18 <+catphish> but not sure how it works with dns, they probably allow cnames 00:18 <+catphish> yeah, google for many many nginx + node guides 00:19 < thatlizdude> so Vultr will host a DNS for me that I will give Cloudflare access to? 00:19 < E1ephant> wait, where did vultr hosting the DNS come in? 00:19 < E1ephant> is your registrar vultr? 00:19 < B0g4r7> Me, I prefer to just pay the extra $2.50/mo for a VPS with IPV4. Then I don't have to depend on the likes of CF. 00:20 < thatlizdude> oh wait I know who the registrar is 00:20 <+catphish> your domain registrar will point dns do cloudflare 00:20 <+catphish> *to 00:20 < E1ephant> B0g4r7: I think cf offers much more value as a cdn/origin protection 00:20 < E1ephant> v4 proxy is just kinda meh 00:21 < E1ephant> that would be why to use it 00:21 < thatlizdude> B0g4r7 I'm trying to pay the 2.50 but they only have IPv6 00:21 < E1ephant> just tell everyone with legacy IP to fuck off 00:21 <+catphish> ^ this :) 00:21 < E1ephant> :P 00:21 < E1ephant> 00:21 <+catphish> i don't actually have ipv6 at home 00:21 < E1ephant> "I'm not doing everything twice!" 00:22 <+catphish> my isp still hasn't figured out how to make it work with pppoe 00:22 < thatlizdude> see this guy couldn't even connect to it 00:22 < E1ephant> :( 00:22 < E1ephant> I get DHCP-PD 00:22 < thatlizdude> so I'll use cf 00:22 < E1ephant> but it's /56 00:22 < E1ephant> and my device only supports like /48 or /64 00:22 < E1ephant> (fu legacy SRX) 00:22 < thatlizdude> oh and any important things I should do with my VPS? 00:22 < E1ephant> so using tunnelbroker here still :/ 00:23 < E1ephant> latency/throughput is pretty grand though 00:23 < B0g4r7> thatlizdude, use good passwords, and install the security updates. 00:23 < thatlizdude> I was planning to put ufw firewall on it and fail2ban 00:23 < veegee> Can anyone recommend a reasonably priced 10gbe switch? 00:23 <+catphish> E1ephant: i think HE have tunnelbroker nodes in london now, so would be pretty fast 00:24 < veegee> I just want to upgrade my home system to 10gbe but not sure whether to go copper or fiber or direct attach copper 00:24 <+catphish> E1ephant: but i have my own network in london so i'd use that :) 00:24 < E1ephant> yeah I would give it a try, I bet they can do 10ms and your throughput 00:24 <+catphish> veegee: go SFP+ 00:24 < E1ephant> but lots of guessing from me 00:24 < veegee> catphish you mean get a pure SFP+ switch? 00:24 < B0g4r7> veegee, I've been eyeing the Quanta LB6Ms on eBay. I hear they are quite loud, but boy is the price right. 00:24 < E1ephant> ah yeah 00:24 < veegee> I don't care about noise, I can modify the fans 00:24 < E1ephant> if you can term an ipip tunnel, in your own ASN 00:24 < E1ephant> much better than he.net :) 00:25 < thatlizdude> and yes I'll keep my VPS up to date 00:25 < thatlizdude> I'll use Ubuntu 18.04 :) 00:25 < E1ephant> ewwww 00:25 <+catphish> veegee: yes 00:25 < E1ephant> ubuntu 12 4 lyfe 00:25 < veegee> my home servers and workstations are all in the same room, so I can easily do direct attach copper and PCI-E SFP+ cards 00:25 < B0g4r7> veegee, https://www.servethehome.com/turbocharge-the-quanta-lb6m-with-brocade-turboiron/ 00:25 <+catphish> veegee: right :) 00:25 < veegee> thanks guys, I'll check it out 00:26 < E1ephant> those lb6m prices are up, they used to be cheaper :( 00:26 < E1ephant> still the craziest price per port 00:26 <+catphish> E1ephant: if i used my own network for the tunnel i'd likely add < 1ms to my latency 00:26 < veegee> I was looking at $100/port switches, so anything less than that is a relief 00:26 < B0g4r7> veegee, also, have a look at the "mellanox" sfp+ pcie adapters on ebay. Very inexpensve. 00:26 < veegee> will do 00:26 < E1ephant> catphish: hell yes! woot woot! 00:26 < veegee> I prefer the intel chipsets, they're easier to deal with on Linux 00:26 < veegee> and I hate broadcom 00:26 < E1ephant> yeah, switches with real sw seem to be closer to $60~80/PORT 00:26 < E1ephant> in the bargain category 00:27 < veegee> with real "sw" (?) 00:27 < E1ephant> software 00:27 < veegee> you mean managed switches? 00:27 <+catphish> E1ephant: that's about the rtt between my network and most london routes, where my isp lives 00:27 < E1ephant> no 00:27 < E1ephant> like a usable awesome network os 00:27 < thatlizdude> thanks :) 00:27 < E1ephant> not like some clobbled together barely booting reference code :) 00:27 < veegee> I was looking at the netgear 8 port 10gbaseT switches 00:27 < B0g4r7> Supposedly the lb6ms are hackable, and can have alternative firmware installed on them. 00:27 < E1ephant> oh lordy 00:27 <+catphish> veegee: how many ports you need? 00:27 < veegee> 8 would be good enough for my home 00:28 < E1ephant> B0g4r7: I wouldn't considewr brokaid much better 00:28 < veegee> I wouldn't mind larger switches if the price is reasonable. Noise and size is a non-issue 00:28 < E1ephant> but tbh it isn't that garbage the quanta comes with 00:28 <+catphish> netgear do some cheap small sfp+ switches 00:28 < E1ephant> the quanta is like your only option 00:29 < veegee> ok I'll check out both 00:29 < E1ephant> do you really want unmanaged network gear though, or anything netgear? 00:29 < E1ephant> yuck 00:29 < veegee> I'll need at least one copper sfp+ module for my imac pro 00:29 < E1ephant> don't be silly 00:29 < veegee> what do you mean? 00:29 < E1ephant> first off, you need this? 00:29 < veegee> it has an RJ45 port that can do 10gb 00:29 < E1ephant> you have spindle and storage to do this? 00:29 < veegee> yes, large file transfers to my file servers 00:29 <+catphish> E1ephant: my whole l2 network is netgear 00:30 < E1ephant> on top of, why mix 10GBaseT and 10GBaseX? 00:30 < veegee> E1ephant I have multiple NVMe SSDs 00:30 <+catphish> E1ephant: i always think it should be juniper, but they work 00:30 < E1ephant> veegee: and? 00:30 < veegee> on my servers and all over the place, I can easily saturate it 00:30 < E1ephant> lol 00:30 < E1ephant> for two seconds? 00:31 < E1ephant> while the entire device fills up? 00:31 < B0g4r7> Maybe someone at Apple thought the SFP+ cage was too large to include in the device. 00:31 < veegee> Also, a lot of my work doesn't involve storage at all 00:31 < veegee> the throughput is useful 00:31 < E1ephant> is it? 00:31 < veegee> yes sir 00:31 < E1ephant> examples? 00:31 < veegee> iperf3 00:32 < E1ephant> lol 00:32 < B0g4r7> How about diskless stations? 00:32 < E1ephant> that sounds somewhat valid I like it! 00:32 < E1ephant> that said, how much boot time would you save? 00:32 < veegee> but seriously, I transfer 40GB datasets every day between machines 00:32 < E1ephant> have you profiled the performance increase? 00:32 < E1ephant> veegee: so why not go 40G ptp? 00:32 < B0g4r7> I sure haven't. 00:33 < veegee> and I have like 128GB RAM and I do in memory stuff 00:33 < veegee> I'd rather have a general purpose switched network 00:33 < E1ephant> I have TBs of RAM 00:33 < E1ephant> and disk 00:33 <+catphish> veegee: imo the cheapest you will find is https://www.etb-tech.com/dell-networking-x4012-smart-managed-switch-new.html 00:34 < veegee> damn that's pounds sterling 00:34 <+catphish> well that's where i live 00:34 <+catphish> but im sure that device can be purchesed in other countries 00:34 < veegee> Wouldn't this be cheaper: https://www.amazon.ca/dp/B075Q66RKF/?coliid=I1I10HZR4NT386&colid=25BFE2GH3VVG&psc=0&ref_=lv_ov_lig_dp_it 00:35 < E1ephant> youy can find arista 7124 for cheaper 00:35 < veegee> $800 CAD for 8 copper ports 00:35 < E1ephant> and better sw 00:35 <+catphish> yes that is cheaper :) 00:35 <+catphish> depending on the cost of copper NICs 00:35 < E1ephant> at $200 for a 10BaseT NIC though, you'll loose any savings putting cards into hosts 00:36 <+catphish> i like SFP+ and DAC 00:36 < E1ephant> also your power bill 00:36 <+catphish> but i dont know why 00:36 < B0g4r7> Ubiquiti EdgeSwitch 16 XG is also cheaper. 00:36 < E1ephant> yeah SFP+ is just much more reasonable for 10G 00:36 < E1ephant> 10GBaseT is to be avoided 00:36 <+catphish> i was only looking at sfp+ 00:36 <+catphish> copper maybe cheaper, i dunno 00:36 <+catphish> i'm repulsed by it 00:36 < veegee> ah yes edgeswitch was another consideration 00:36 < E1ephant> https://www.ebay.com/itm/Arista-DCS-7124SX-R-24x-Port-10G-SFP-Layer-3-Switch-R-F-Airflow-JMW/391947431528?hash=item5b41e32e68:g:kLUAAOSw44BYlK8L 00:36 < E1ephant> ubnt is trash software though, and p bad support 00:37 < veegee> It's o 00:37 < veegee> k 00:37 <+catphish> if you can't decide, there's always the M4300-8X8F :) 00:37 < E1ephant> lol 00:37 < B0g4r7> How good does the software on a switch need to be? 00:37 < veegee> I use it and never had issues with it 00:37 < veegee> yeah exactly 00:37 < E1ephant> lol 00:37 <+catphish> B0g4r7: use a netgear switch, then say that again 00:37 <+catphish> :) 00:37 < E1ephant> once you use the good stuff 00:37 < E1ephant> you wont want to go back 00:37 <+catphish> netgear's GUI is absolute garbage 00:37 < veegee> M4300-8X8F is like $2000 00:37 <+catphish> but the switches work 00:38 <+catphish> veegee: yeah its not a sane option 00:38 <+catphish> but its kinda cool 00:38 < veegee> Yeah all my unmanaged stuff is netgear because I don't want to look at their GUI 00:38 < veegee> I use ubnt for most other things and never had a problem with it 00:39 <+catphish> veegee: by the way, if you decide on SFP+ you can get DACs here for basically no money https://www.fs.com/c/10g-sfp-dac-1114 00:39 < veegee> yeah I'll start out with SFP+ 00:39 < veegee> So I'm looking for a reasonably priced SFP+ switch 00:39 < E1ephant> veegee: how do you set support data rates in ubnt sw? 00:39 < E1ephant> for 802.11 00:39 < E1ephant> oh yeah, you don't at all 00:39 < veegee> I haven't looked, but I remember seeing an option for it 00:39 < veegee> I might be wrong 00:39 < veegee> the edgeswitch may give you more control 00:39 < E1ephant> over 802.11? 00:40 < veegee> I haven't had the need to tweak those parameters and I won't need to 00:40 < veegee> so never tried 00:40 < E1ephant> how do you grap stats from mFi sw? 00:40 < B0g4r7> Their airmax APs let you set the maximum data rate. 00:40 < E1ephant> oh yeah, you don't/screen scrape 00:40 < B0g4r7> I dunno about mfi. 00:41 < E1ephant> veegee: in an wireless network with any reasonable amount of APs you want to dictate data rates to support 00:41 < E1ephant> I want to set minimum data rates 00:41 < E1ephant> I don't want shitass 802.11b clients spamming airtime 00:41 < veegee> The X4012 is also pretty expensive, around $1,100 USD 00:41 < E1ephant> aerohive or ruckus? no problem 00:41 <+catphish> E1ephant: here: https://i.imgur.com/1Xn5aWO.png 00:41 < omglldp> unifi in my experience has no way to set minimum data rates. Which as stated is an absolute requirement in hd wlan environments 00:42 <+catphish> E1ephant omglldp bite me 00:42 < E1ephant> oh shit catphish 00:42 < E1ephant> is this very new? 00:42 <+catphish> dunno 00:42 <+catphish> i never looked for it before 00:42 < E1ephant> is there support for uap-ac-lite? 00:42 < veegee> Quanta LB6M seems to be the best price 00:42 < E1ephant> I am on v5 afaik 00:42 < E1ephant> although I was using uaps and 4 at that time 00:42 <+catphish> E1ephant: those settings are global for the network, so dunno if they'd be ignored on some devices 00:42 < B0g4r7> I have a LB4M, but I've not really tried it out yet. 00:43 < E1ephant> catphish: that is exactly what I am talking about, p slick :) 00:43 <+catphish> as you can see i'm on 5.4.14 00:43 < E1ephant> yeah 00:43 <+catphish> and i've never used those settings, i would assume they apply to all types of AP 00:44 < E1ephant> this article was added April 18th 00:44 < E1ephant> https://help.ubnt.com/hc/en-us/articles/115006559827-UniFi-802-11-Basic-Supported-Rate-Controls 00:44 < E1ephant> so I think this is new this year 00:44 < omglldp> glad ubiquiti is finally catching up. 00:44 < E1ephant> ^ 00:45 < E1ephant> although I am more glad I don't manage 1000s of APs or any wireless networks now :) 00:45 < E1ephant> f u wifi! 00:45 < B0g4r7> They seem to be doing better in the software department lately. 00:45 <+catphish> the screenshot in that doc is totally different to mine 00:45 < omglldp> wifi is life. (cries into coffee cup) 00:46 <+catphish> so maybe its improved recentlyu 00:46 <+catphish> i've been pretty happy with my unifis lately 00:46 <+catphish> had some trouble with apple clients but it seems thats just apple's problem 00:46 < B0g4r7> lol, you know who really rolled out wifi first? 00:46 < E1ephant> the price has always been the compelling part of them 00:47 <+catphish> i deployed some ruckus and it solved one apple problem but not the other 00:47 < B0g4r7> Apple Airport was available and shipping before any other computers even thought about wireless networking. 00:47 <+catphish> you what? 00:48 < B0g4r7> I sure never saw it any other systems at that time. 00:48 <+catphish> i don't remember apple having anything close to wifi back when i was using one of these https://images-na.ssl-images-amazon.com/images/I/414MNVMDJQL._SX425_.jpg 00:49 < E1ephant> stop 00:49 < E1ephant> you're inducing flashbacks 00:49 < E1ephant> :P 00:49 < E1ephant> the drivers and O/S stack around wireless was still such shit 00:49 <+catphish> airport was apparantly released in 1999 00:50 <+catphish> so actualy that is impressively early 00:50 < B0g4r7> Around 2002, 2003 I think. 00:50 < E1ephant> even getting valid radio measurements from a card was hell 00:50 < E1ephant> not to mention that BLAZING 11mbps 00:51 <+catphish> the first wireless i ever used was rangelan2, it wasn't even 802.11 00:51 < E1ephant> 802.11 was my first, bunch of linksys gear :( 00:51 < E1ephant> .11b even 00:51 <+catphish> this was it: https://arcelect.com/RF_wireless_LAN_frequency_hopping_2.4GHz.htm 00:52 < E1ephant> hahaha 00:52 < E1ephant> ISA too! 00:52 < E1ephant> nioce 00:52 <+catphish> my parents thought it was awesome and wanted to sell it, but never came to anything at the time 00:53 <+catphish> they had pcmcia too https://i.ebayimg.com/images/g/0kQAAOSwB-1YwWNX/s-l300.jpg 00:57 <+catphish> rangelan was launched in 1991 ! 00:59 * spaces is proud and has his first openstreetmap server imported :F 00:59 < spaces> :D 01:00 < spaces> how sexy is that ? 01:09 < djph> ... hmm, it only gives directions to tubgirl 01:10 < spaces> djph we don't need more 01:32 < k-man_> morning 01:33 < B0g4r7> So what do y'all think about my fiber problem? https://imgur.com/a/bXjOT8R 01:33 < B0g4r7> Can I just change the cables, or are the ferroules hosed? 01:39 < k-man_> how can i make a service, like say, imap, available over 2 seperate links, so that if one link goes down, the service will still be available to users via the other link? 01:39 < djph> two mailservers 01:39 < k-man_> you can't do some sort of dns failover? 01:40 < djph> "depends" 01:41 < djph> sometimes, yes; other times not so much -- if it's JUST the link / ISP, the alternate DNS may help -- but still a good idea to have a failover MX host somewhere to handle the times between DNS refreshes 01:41 < spaces> k-man_ just tell us the service you need it for 01:41 < k-man_> its interesting how smtp has the concept of ordered mx servers, ie, try first server, if that fails try the second server etc 01:41 < spaces> k-man_ DNS is who manages that, not the mailserver 01:42 < k-man_> spaces, i have a fibre connection at work, with imap behind it. users connect via a domain name to that imap server. i manage the dns. it seems like our fibre provider can' 01:42 < k-man_> t help but break the fibre every few months 01:42 < spaces> yeah ? and what do you need ? 01:42 < spaces> backup relay ? 01:42 < spaces> sounds more like a multiwan solution you need to setup right 01:43 < Poster> There are some other unorthodox methods you can use, like put a DNS server on link A that points to the IMAP server on link A, put a second DNS server on link B that points to the IMAP server on link B. In theory, if you lose the link, the DNS query will go unanswered for the given link. You'd need to run a pretty low TTL and be ready to cope if you have an actual IMAP service outage by 01:43 < Poster> turning off the DNS service, etc 01:43 < k-man_> spaces, yeah. so i configred a 4g backup connection - which is fine for outgoing. but for incomming traffic to the imap server, the imidiate solution i found was to change the dns entries for imap to point to the new wan address. i'm just wondering if there is a way to do it that doesn't require my intervention 01:44 < Poster> F5 makes a global traffic manager that is designed for it 01:44 < k-man_> Poster, ah interesting idea 01:45 < k-man_> ah, so another way i could do it, is externally monitor the WAN, if WAN is down, modify the imap DNS entry to point to WAN2's ip 01:46 < k-man_> as in write a script to do that 01:46 < spaces> k-man_ ah like that, not the solution for IMAP access 01:46 < spaces> that is dirty 01:46 < k-man_> yeah 01:46 < Poster> assuming you have a route though the surviving link yes 01:46 < k-man_> i guess. i'm just brainstorming 01:47 < Poster> it gets complicated, the host monitoring the link must also be able to reroute itself across whatever link(s) survive 01:47 < atsu> You could use a DDNS service to change DNS for you. Just do a CNAME to it 01:47 < Poster> the F5GTM will monitor services and publis DNS records accordingly, there's no reason you couldn't home grow it 01:48 < Poster> nagios imap plugin + nsupdate + dnssec glued together with a command interpreter of your choosing is about all it would take 01:48 < Poster> that assumes there is somewhere that is always up though, which hopefully a colo or VPS would be, mostly 01:48 < Poster> you could put one at each nameserver and fork off a local zone that does not replicate 01:49 < k-man_> Poster, probably better to use a paid service rather than homegrown really 01:49 < k-man_> I'll investigate that f5 product 01:49 < spaces> k-man_ why not get a second fiber ? 01:49 < Poster> It was formerly known as F5GTM or Global Traffic Manager, it's now called F5 DNS, same product, just got renamed 01:49 < k-man_> spaces, because in in .au and in .au its prohibitively expensive 01:50 < Poster> There are probably others out there, it's just what I am most familiar 01:50 < k-man_> Poster, thanks 01:50 < spaces> k-man_ then just don't 01:50 < spaces> ff nabellen 01:50 < spaces> oops 01:50 < k-man_> s/in in/I'm in 01:51 < k-man_> spaces, but honestly, yes, I have been considering it because this is the second downtime we had in the last few months. and everything grinds to a halt when it happens 01:51 < Poster> I do know the lab edition is right around $100 USD and can run as a VM, but I don't think you are permitted to use it in a production environment 01:51 < spaces> k-man_ host mail on a VPS then 01:52 < Poster> you could also put a load balancer at the VPS like haproxy and let it figure out which one is reachable 01:52 < k-man_> spaces, yeah another option i guess 01:53 < k-man_> Poster, ok, thanks 01:53 < spaces> k-man_ best option in your case 01:54 < Poster> regardless of where it is hosted, ensure that it's RPO/RTO can be met, check how frequent backups run, how fast they can be restored, perhaps note SLAs associated with a given service 01:54 < k-man_> what does RPO/RTO mean? 01:55 < Poster> recovery point objective (how much data can be lost in the event of a failure) and recovery time objective (how long does it take from declaration of a disaster until services have been recovered) 01:55 < k-man_> i see, thanks 01:56 < Poster> if a VPS provider backs up once a week, you would be subject to losing up to 7 days worth of email, maybe that's ok, maybe it's not, check with management 01:56 < Poster> if the VPS provider will run a restore within 24 hours, that's 24 hours that you may be without service, again, maybe ok, maybe not 01:57 < Poster> moving to "the cloud" is conventient, but make sure wherever you go can meet your requirements 01:57 < Poster> things like cloud backup sound great until you need to pull down 2-3TB and are without your data for several days 02:03 < k-man_> Poster, yes, i'm familiar with the concept, i just didn't know that terminology 02:04 < k-man_> i've already experienced those issues of pulling down a large backup from the cloud. and taken measures to reduce that issue for us 02:08 < k-man__> our fibre came back up! woohoo 02:38 < nickster> so apparently my switch was never broken 02:39 < nickster> It just never fully figured out that the port i was plugged into was supposed to be part of a separate port-based vlan 02:44 < Fieldy> oof. we all do stuff like that sometimes :) 03:08 < onconn> I think I have the oldest utorrent client 03:33 < xamithan> The oldest utorrent client doesn't work anymore so I don't see how that is possible 03:41 < ace-alfa> hi 03:41 < onconn> xamithan: u sure? 03:41 < ace-alfa> Can I point to 1and1 domain to a dynamic ip? Im using noip, but I don't want to use CNAME 03:42 < buu> ace-alfa: sure 03:42 < buu> Just update the A record in the dns server whenever you want 03:42 < xamithan> I'm not 100% positive, but pretty sure the protocol has changed in the past 13 years 03:45 < ace-alfa> 1and1 have any tool for thats? I don't see 03:46 < onconn> https://imgur.com/zO7DurB 03:46 < onconn> yeah, it does not support udp: trackers 03:47 < xamithan> Doesn't do http initial swarm or DHT either 03:47 < onconn> the build is so early it doesn't even have a version number yet 03:47 < xamithan> But look at that, no bloat! 04:23 < shangul> Hi. Could I use reverse proxy to run server on a computer without public IP and to access it? 04:48 < nickster> some cidr headaches real quick 04:48 < nickster> 10.2.0.0/9 would mean 10.2.0.0 - 10.129.255.255? 04:49 < jamesd_> don't they make a network calculator for that? 04:49 < nickster> yes but im confused. the calculate says it ranges from 10.0.0.0 - 10.127.255.255 04:49 < Kingrat> i believe what you mean is 10.0.0.0 - 10.127.255.255? 04:50 < jamesd_> 127 sounds right, but i'm not an expert. 04:50 < nickster> i thought it sorta counted off based on where it started, hence the 2-129 04:50 < Kingrat> ok so if you start at 8, which all of the 10 network, cut it in half with a 9 bit subnet, you will have two ranges, the low and the high, 0-127 and 128-255 04:51 < nickster> fair enough, makes sense. 04:51 < Kingrat> if you wanted 2-129 you would need to use a combination of multiple smaller networks 04:52 < nickster> Wouldn't be entirely necessary. I'm just playing around with some stuff on my network outline. Thankfully it is fairly liquid. 04:56 < BenderRodriguez> hi networking 04:56 < BenderRodriguez> I need some guidance 04:56 < BenderRodriguez> I was tcpdumping traffic in my home network when I saw my switch was doing something strange 04:56 < BenderRodriguez> very, very strange 04:56 < BenderRodriguez> and wanting an explaination on why 04:57 < BenderRodriguez> 02:55:55.152359 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.3.97 tell 10.0.3.97, length 50 04:57 < BenderRodriguez> why would it do an arp request for itself? 04:57 < Kingrat> that is a good question, it must be autistic 04:58 < jamesd_> perhaps its time to unplug it and plug it back in... 04:58 < Kingrat> what kind of switch is this? 04:58 < BenderRodriguez> This is a Juniper EX2200C 05:03 < Harlock> gratuitous arp 05:04 <+pppingme> some devices will do it upon bringing up an interface to check for dup ip 05:05 <+pppingme> was it a freshly booted, or just did an interface change? 05:05 <+pppingme> or did an interface cycle for some reason (down/up)? 05:06 < BenderRodriguez> Harlock: but a gratuitous arp doesn't include a request itself, no? 05:07 < BenderRodriguez> pppingme: no it's been humming for weeks 05:07 <+pppingme> or did an interface cycle for some reason (down/up)? 05:17 < Harlock> BenderRodriguez not usually 05:17 < Harlock> unless you have a loop somewhere 05:17 < Harlock> or multiple interface have the same ip 05:46 < nojeffrey> If STP wasn't configured or misconfigured how fast would you notice a broadcast storm? Lets say a 100 seat company middle of a work day 05:47 < light> Immediately 05:47 < nojeffrey> cool, thankyou 05:55 <+pppingme> nojeffrey the moment one single broadcast shows up on the network 05:55 <+pppingme> which in most cases would be less than a fraction of a second, or, close enough to immediately that most people would say as such.. 06:09 < webstrand> I've been playing with WireGuard and trying to set up a relay server for roaming devices, does anyone know if wireguard listens for peers on the wireguard interface? 06:10 < webstrand> I've been trying to encapsulate wireguard in wireguard, the packets arrive at the destination machine, but they're never responded to 06:12 < nojeffrey> +pppingme Got it, thanks 06:14 < nojeffrey> That would be why ports start off in the blocking state huh 06:15 <+pppingme> webstrand to relay what? 06:15 < webstrand> pppingme: relay wireguard packets between two hosts behind NATs 06:17 < webstrand> I have a public server, which both hosts can communicate with. Both have established wireguard connections to the server. 06:19 < webstrand> To establish secure communication between the two NATed hosts, I want to relay packets through the server. 06:19 < webstrand> Since both hosts already have wireguard tunnels established with the server, I try to establish another wireguard tunnel between the two hosts via the existing tunnels through the public server 06:20 < hicoleri> Let's say that I want to make an intranet which looks like this: https://a.uguu.se/ypLkhCOd78pu_topology.png (consider the 1st router to be used as a hub) 06:20 < hicoleri> What can I do to make the hosts 1-5 be "visible" to the main server and addressable by unique addresses, and without buying any dedicated network hubs? 06:20 < hicoleri> From what I've seen by fiddling around with my router, I can maybe connect the ethernet port of the first router to one of the LAN ports of the second router and assign it a static IP, but in that way, hosts 1-3 are represented by a single IP address. 06:21 < hicoleri> Do I have to make a DNS server or something for this? 06:21 < webstrand> you shouldn't need to. if I understand correctly, just put the hosts connected to router one their own unique subnet 06:21 < light> hicoleri: it's called routing 06:22 < webstrand> then on router two, put in a static route to router one 06:23 < hicoleri> I'll see if the router supports subnets or not aside from the default range of 192.168.0.xxx 06:23 < light> ._. 06:23 < webstrand> I've never seen one that doesn't 06:24 < webstrand> with so few hosts, you may be better served by a switch instead of a router 06:33 < hicoleri> light: alright, yeah my bad. There is a static routing section on my router. 07:04 < patrick99e99> Hi everyone. I have a very strange problem that I don't understand and am not sure if this is a good place to ask or not-- but I am frustrated and desperately seeking someone who might know the answer-- so here goes: I have an aws application load balancer with an https listener on port 9999, forwarding to a group on port 9999 with an ec2-instance being the target. If I run my websocket server w 07:04 < patrick99e99> ith the host name configured to my domain api.example.com, then when the client tries to open a websocket connection it gets: "Error during WebSocket handshake: Unexpected response code: 502". However, if I configure my websocket server with an empty string instead of the domain, then it connects just fine! 07:05 < patrick99e99> Is there something I need to configure on my server to make it so that my api.example.com domain will work as the host? 07:20 < Apachez> https://twitter.com/ShortFormErnie/status/1011362138772918272 :) 09:30 < tya99> I'm currently blocking outgoing bogons ie (unused private ranges), from being routed. 09:30 < tya99> The router is multi-homed has two external interfaces ppp0 (link to ISP) and tun0 (link to VPN). 09:31 < tya99> VLAN2 goes out ppp0 and VLAN3 routes out tun0. There is an exception of my sip and mail server as I'm using fwmarks to cause that to be routed to ppp0. 09:31 < tya99> I have two routing tables 1 ISP and 2 VPN defined in rt_tables. 09:31 < tya99> I am trying to essentially do the reverse and make an exception for 172.16.32.1 so that is always routed out tun0 as that is a remote host on the VPN. 09:31 < tya99> https://dpaste.de/f2Nc 09:32 < tya99> I tried to create some exceptions using fwmark like I did for the mail server and sip server using 0x2 for 172.16.32.1 but that didn't seem to work 09:33 < tya99> would this be because of the priority? iptables+routing+rules in that above link 09:34 < tya99> maybe if i made a mark 0x3 and gave it priority of 50 09:34 < tya99> that would be the solution? 09:35 < tya99> hosts on my LAN side can access 172.16.32.1, this is purely from the router 09:35 < tya99> as I Have a DNS server (unbound) that is doing lookups over the VPN and forwarding 09:41 < android> dre_ privmsg me 09:44 < ellyacht> any suggestions on a modem-router combo if $ was of no concern? 09:45 < android> vargo trout 09:45 < android> ready? 09:46 <+pppingme> ellyacht get your modem from your isp, then get a decent router 09:49 < tya99> yeah that :P all in ones are usually not a good idea 09:50 < tya99> all in ones are made to fit a budget 09:50 < tya99> and they do cheap things like use two switches in one and then vlan bridge 09:50 < tya99> and stuff that you wouldn't see in the business world 09:55 < android> huh? 09:57 < tya99> independent pieces are better 09:57 < tya99> modem, router, wifi access points etc 09:57 < tya99> and you said "if $ was of no concern" 09:57 < tya99> ubiquiti's products are rather good 09:59 < tya99> ie i have crappy tp-link in bridge mode, connected to router, with an edgeswitch and a bunch of unfi aps around the house 10:00 < tya99> the idea of having independent APs allows you to use better security for them ie EAP-TLS known as WPA2-Enterprise 10:00 < tya99> you won't get that in any "All in one" 10:37 < Gobo708> Hi All, I have run into an issue in virtual box, while installing a kubernetes cluster.. I have 3 guests that can ping each other. The master has opened up a port for nodes to connect (6433). Its listed as a tcp6 port, which I think is ipv6... I am able to telnet to 127.0.0.1 on the master node to port 6433, but the other guests cannot communicate on that port. Firewalls are turned off. 10:38 < Gobo708> ipv6 routes are new to me, in case that might be whats happening here 10:38 < android_> any militia recruits? 10:39 < android_> ang prospects? 10:39 < Dagger> "tcp6" sockets can accept v4 connections, if net.ipv6.bindv6only is left at its default value of 0 (which it obviously is if connecting to 127.0.0.1 works) 10:40 < Gobo708> Dagger, does that mean it can route though? 10:41 < Dagger> not sure what you mean 10:48 < Gobo708> Dagger, guest A is capable of chatting to ipv6 port on guest B, but that doesnt mean it knows the route 10:49 < Gobo708> I read somewhere that its different from ipv4 routing... or may default to an ipv4 route. I dont really know what Im talking about though... just guessing 10:51 < Dagger> if you're making the connection over v4, then there's no v6 routing involved at all 11:05 < Gobo708> hmm 11:06 < Gobo708> What else can be happening 11:06 < Gobo708> I can ping to the machine 11:06 < Gobo708> its listening 11:06 < Gobo708> Cant think of any other reason it would fail.. no SELinux, no firewall 11:08 < Atro> whats the fuckin deal with routing between secondary IP's 11:08 < Atro> architecture wise 11:09 < spaces> morning sexy networkers! 11:09 < mAniAk-_-> Atro: ? 11:09 < Atro> mAniAk-_-: im saying, how does the routing/software engine deal with routing between secondaries 11:10 < Atro> lets say i have a route to an device A, that has X IP, but my route is to Y IP via X next hope 11:10 * spaces hides for the mAniAk-_- 11:10 < Emperorpenguin> hey people, what would you suggest I use to extrapolate data from a "show interface" of a Cisco switch 11:10 < Atro> your brain? 11:10 < Emperorpenguin> yes thanks 11:10 < TotallyNotKim> sanding paper? 11:10 < Emperorpenguin> but my brain does not really want to do that for over 3000 ports 11:10 < TotallyNotKim> grind those curves buddy 11:11 < Atro> Emperorpenguin: whats your end goal? 11:11 < Emperorpenguin> Atro: format the data into a parsable format 11:11 < Emperorpenguin> or at least excell-able 11:12 < Atro> and what, toss x bytes into y interface? 11:12 < Emperorpenguin> ? 11:12 < Atro> show interface is dynamic info 11:12 < Emperorpenguin> yes 11:12 < Emperorpenguin> I need it as a snapshot for documentation 11:12 < Atro> a documentation that says that port x on sw y has z bytes/sec ? lol 11:12 < Emperorpenguin> did a clear interface counters and I need to show I have no drops nor errors after 24 hours 11:13 < Emperorpenguin> I don't need ALL the data 11:13 < Atro> use a SNMP poller 11:13 < mAniAk-_-> Atro: not following that... 11:13 < Emperorpenguin> I no longer have access to said network 11:13 < Atro> or you're down for screen scraping, my boi 11:13 < Roq> Emperorpenguin: Thinking outside of the box, why not use a monitoring system that will graph the data for you? this will allow a history and trending and isnt bound to a static snapshot 11:13 < Emperorpenguin> I am fine with screen scraping Atro 11:13 < Emperorpenguin> Stop suggesting other things I can do 11:13 < Atro> mAniAk-_-: What did you not understand? maybe i can explain better 11:13 < mAniAk-_-> Atro: but secondary addresses are not really any different 11:13 < Emperorpenguin> I have a txt with a "show interface" command 11:14 < Emperorpenguin> I can't do anything else 11:14 < Emperorpenguin> this is what I have 11:14 < Emperorpenguin> I need to turn it into a CSV 11:14 < Atro> Emperorpenguin: make a script to match specific regex strings and shove them into excel 11:14 < Atro> ez pz 11:14 < Atro> gl hf 11:15 < Atro> mAniAk-_-: so you'd say there should be issues 11:15 < Atro> but does the traffic get out of the port and get back in? 11:17 < mAniAk-_-> it will just follow the routing table as usual? 11:48 < myxenovia> what is the best sample rate for voice call 11:48 < myxenovia> in a mobile phone 11:53 < djph> POTS (BRI) was something like 64kbps 11:53 < djph> and it's pretty much "adequate" 11:54 < android_> yeah? 11:56 < android_> they want me to beleive it was a recall engram 11:56 < android_> though if they tempted I what did they do to her 11:57 < android_> the weaker 11:57 < Gobo708> I think I might have this problem: 11:57 < Gobo708> * CubicEarths has quit (Remote host closed the connection) 11:57 < Gobo708> * thothcastel_____ (uid78195@gateway/web/irccloud.com/x-wqmjmhkhuomiskcx) has joined ##networking 11:57 < Gobo708> * myxenovia (ca5a84ad@gateway/web/freenode/ip.202.90.132.173) has joined ##networking 11:57 < Gobo708> what is the best sample rate for voice call 11:57 < Gobo708> in a mobile phone 11:57 < Gobo708> * `Cam (~textual@220.240.148.141) has joined ##networking 11:57 < Gobo708> * gogbog (~gogbog@94.26.61.245) has joined ##networking 11:57 < Gobo708> POTS (BRI) was something like 64kbps 11:57 < Gobo708> crap sorry, wrong paste 11:57 < Gobo708> dont even know how I did that.. lets try again 11:58 < android_> gobo708 there is a time which those with wives live as thoughbthey have no wife 11:58 < Gobo708> I think I might have this problem: https://github.com/leblancd/kube-v6/blob/master/VIRTUALBOX_CONSIDERATIONS.md 11:58 < android_> though intelectual honesty is required in the Land Bountiful 11:58 < android_> name your wives 11:58 < android_> name yout baptised 11:58 < Gobo708> android_, there is no place like 127.0.0.1 11:58 < android_> name your friends 11:59 < Gobo708> Anyone able to help? 12:14 < android_> gobo708 yeah but prepare the sheath 12:15 < android_> for a Compton mission 12:15 < android_> signing off 12:15 < Gobo708> Bring the fireworks? 12:31 < Zeising> Hi! I'm looking for one or two switches for my home office/lab. Since I have an interest in networking I'm looking for something that might be a tad overkill under normal circumstanses. Demands, vlan, PoE+, multicast snooping (both v4 and v6). Good to have: cli management, basic l3, 10Gbe SFP+ uplinks. Around 24 ports. 12:32 < djph> UBNT EdgeSwitch ES-48 ... not 100% sure on the multicast snooping, but hits all your other things. 12:32 < djph> If you can forgo the SFP+, an ES-24 12:32 < Zeising> Any recommendations? So far I've looked at Juniper EX2300 and HP Aruba 2540 or 2930F. I have no real experience with either Juniper or HP, so it would alsobe nice if anyone with expereince from them or other brands can compare and contrast. 12:33 < Zeising> Multicast is unfortunately a hard requirement, because IPTV. 12:34 < djph> so read the documentation. I'd be surprised if it didn't have IGMP snooping, but I've never looked into it. 12:37 < Zeising> djph: I will. Or, I'm about to. :) 12:40 < Zeising> No IPv6 support at all from a quick reading of the spec, have to look closer though. 12:49 < djph> note that the sheets may be outdated 12:50 < Zeising> Where can I find more recent info then? :) 12:51 < djph> changenotes for the firmware releases. I mean the documentation "should" be updated, but that doesn't always happen, y'know 12:56 < Zeising> djph: Ok. I'm just asking, I have no previous experience with UBNT. 12:57 < djph> Zeising: yeah, I get that. I like their kit, since it's (typically) got high-end features for low cost (i.e. value for price is high). 12:58 < Zeising> ok 12:58 < djph> Although, I don't use all the features (and, tbh, I'm more a "routing guy" when it comes to networking) 13:21 < shtrb> Anyone have an idea what was the final descison in the EU about reducing CGNat ? 13:21 < shtrb> *CGN 13:22 < djph> shtrb: ipv6? 13:23 < shtrb> yes, it was used to assit (not sure) to explain why ipv6 is so important 13:23 < shtrb> but I ask if other than saying it is a good idea, was there an actual ban or any descision 13:24 <+pppingme> I'm not from EU, nor do I really deal with anything there, but this is the first I've heard of any kind of government intervention into CGN 13:26 < shtrb> first google result www.europol.europa.eu/newsroom/news/closing-online-crime-attribution-gap-european-law-enforcement-tackles-carrier-grade-nat-cgn 13:26 < shtrb> (about the fact they talked about it not any regulation or something) 13:32 < squ> what's the story in short? 13:34 < detha> cops don't like CGN because the ISPs can honestly say 'we don't know who was using that IP address 3 months ago at 13:18' and want someone to do something about it 13:34 < shtrb> I'm asking if there is any regulation about it (or it was left with we do not like that ) 13:34 < squ> detha: have they figured what to do? 13:35 < detha> no idea either 13:35 < Popzi> why do governments insist on controlling the internet? It's perfect the way it is? 13:35 < squ> I doubt it is possible to store terabytes of traffic for 3 months? 13:35 < shtrb> squ, that is the question :D 13:35 < Roq> shtrb: Europol wan't a solution that's not technically possible in IPv4, it's solved with IPv6 13:37 < detha> Next year's April RFC: CGNAT for IPv6 13:37 < Roq> haha 13:37 < Peng_> squ: You don't need to store full content, just netflows. And if you assign CGN statically by block (e.g. an IP and 1000 sequential ports to one user) it's trivial to keep records. 13:38 < Dagger> "wan't"? 13:38 < shtrb> squ, a terabyte cost something like ~100 euro 13:39 < detha> Peng: even flows is a substantial amount. .au tried that, the ISPs said 'dear govt, this is the storage bill. Please subsidize'. Silence followed. 13:39 < shtrb> lol 13:39 < Peng_> detha: Aren't Australian ISPs corrupt cheap-ass assholes? :P 13:40 < detha> you forgot the 'useless' in that sentence 13:40 < Peng_> :D 13:40 < detha> (at least according to what .au dwellers tell me) 13:40 < Peng_> It might have been a bit expensive and difficult, but with money and time to develop the technology, it could totally be done. 13:42 < detha> Like many things, it is technically possibly. If it is economically feasible is another question. 13:44 < Dagger> it seems like people have decided that anything, no matter how ridiculous, is economically feasible when the alternative is to see colons in their IPs :/ 13:44 < shtrb> wtf is a colon in an ip ? 13:45 < Dagger> the standard separator between each 16 bits? 13:45 * shtrb needs coffee 13:45 < Roq> The capturing part isn't the problem. In the trafficcapture setup we have to do by law if the government wanted it we don't even have to store it ourselves. It's just with CGN the capture is useless cause you can't link one public IP to an individual and that's Europol's issue against it 13:46 < squ> shtrb: port 13:46 * Peng_ is making coffee now 13:46 * squ Schweppes Ginger Ale 13:47 < Peng_> Related: The Intercept published an article about NSA and AT&T's infrastructure this week. https://theintercept.com/2018/06/25/att-internet-nsa-spy-hubs/ 13:52 < squ> It was built in 1964 as New York City’s first major telecommunications fortress. 13:52 < squ> https://theintercept.imgix.net/wp-uploads/sites/1/2018/06/building-10-1528304345.jpg?auto=compress%2Cformat&q=90 13:52 < squ> no windows 13:53 < Roq> That makes sense, microsoft was founded years later ;) 14:11 * shtrb left as clueless as before 14:14 < compdoc> for $50 paypal, I will sell you a clue 14:18 < shtrb> Is that like the ~$50 pdf that teach you how to make a million ? (you download a pdf that says put an Ad that says buy a book that teaches you how to make a million ) ? 14:19 * djph will sell you one for $49.99 -- yay capitalism! 14:20 * shtrb put a regulation office to tax both of you ! yay tax system 14:20 < djph> sale of knowledge is non-taxable under slaes & use tax here. you lose. 14:21 < regdude> you buy a $50 pdf that tells you to sell this pdf for $50 to not so smart people 14:22 < shtrb> djph, income tax is a very nice thing (lets stamp a luxury item/sales tax) and you make any tax person happy 14:23 < djph> sure, but I already pay those bi-annualy 14:23 < djph> anually...? 14:23 < djph> .. meh... 14:25 < shtrb> you know that stamp tax + sales tax and luxury tax are not only federal but can be made state and ever regional ? 14:25 < compdoc> fo r $50 paypal, you can own a pdf that tells you how to hire a tax attorney 14:25 < djph> shtrb: you don't say? ... 14:26 < shtrb> not all know that it's not only federal :D 14:26 * shtrb needs a better accounting training 14:32 < shtrb> djph, but if you like making money the Spaniards made it into an art form , they will tax anything and everything 14:32 <+catphish> compdoc: i'll buy that clue 14:33 <+catphish> wish i was paid consultancy rated for every hour i helped someone here :) 14:33 <+catphish> *rate 14:33 < djph> catphish: IKR? 14:33 < shtrb> I mean they have tried to tax on collecting thermal energy (Sun tax) 14:33 <+catphish> can i declare it as some kind of chartiable donation for tax purposes? 14:34 < shtrb> yes 14:34 < shtrb> you need to file as a non commercial facility, and file hours 14:34 < shtrb> you will get some tax reduction (not all) 14:35 <+catphish> i just googled it, internet says (i assume this is all USA related) that charitable time is not tax deductible 14:35 < shtrb> (non us) - if you do work or transfer funds you can get tax reduction 14:36 < shtrb> but if you volunteer that is something else 14:36 < shtrb> A chairity is a tax scam 14:36 <+catphish> looks like in the UK you can do it but only as a company who pays an employee then donates their time to a registered charity 14:37 <+catphish> also doesn't apply if the charity is a sports club, i guess too many people abused that to get paid tax free to play sport :) 14:38 < shtrb> In the UK it a relif (only for non profit and direct donation) 14:38 < vavkamil> protonmail was taken down with 500 Gbps DDoS 14:38 <+catphish> tax is way too complicated 14:39 <+catphish> vavkamil: looks they they got it sorted though :) 14:57 < RahulAN> Hi All 14:57 < RahulAN> I am trying accessing my VM from outside Linux machine. 14:58 < turtle> congrats 14:58 < RahulAN> i tried ssh root@ -L 27017::22, but no success 14:58 < grawity> isn't that kinda backwards wrt and 14:59 < RahulAN> any idea what to do ? Do i need to change some IP tables? 14:59 < RahulAN> grawity: I didn't get you ? You mean i wrote it wrong ? 14:59 <+catphish> RahulAN: what are you actually trying to do? 14:59 < grawity> you tried to use it wrong 14:59 <+catphish> i think you need to reverse the host IP and VM IP 15:00 < turtle> if you view your listen sockets after opening the ssh connection 15:00 < shtrb> you also need to allow traffic into the VM 15:00 <+catphish> but actually, why bother, why not just ssh to the host, then ssh to the guest 15:01 < RahulAN> catphish: Yes it is possible, but i want to access only VM instead of ssh host then ssh VM 15:02 < RahulAN> catphish: i am getting this https://paste.debian.net/1030946/ 15:02 < RahulAN> catphish: also ii got sshed in to VM 15:03 < RahulAN> catphish: i did this ssh -L 22::27017 15:03 < RahulAN> in vm i have configured it to 27017 port from sshd_config file 15:05 < shtrb> RahulAN, who says that machine from outside can tunnel into your vm ? 15:05 <+catphish> RahulAN: ssh host -L 27017:vm:27017 15:05 <+catphish> RahulAN: then you can: ssh localhost -p 27017 15:05 <+catphish> there was really no need to change the guest's listen port 15:06 < RahulAN> catphish: I am able to ssh in Host, not in VM 15:06 <+catphish> RahulAN: see above for correct commands 15:07 < RahulAN> catphish: i used this ssh host -L 27017:vm:27017 15:07 <+catphish> ok 15:07 < RahulAN> catphish: this made me ssh to Host 15:08 <+catphish> right, then you can run the second command to ssh to the VM 15:08 <+catphish> if you don't want to make 2 SSH connections then you need to do this a different way with some proper routing or NAT 15:08 < RahulAN> catphish: Yes correct i want to route properly .. 15:08 < RahulAN> How to do that .. 15:09 < shtrb> catphish, or you know , do a three step ssh tunnel 15:09 <+catphish> but if all you want to do is ssh, the most efficient way would just be to ssh to the host first then on to the vm, like this: "ssh host ssh guest" 15:09 < RahulAN> I don't want to make 2 ssh .. 15:09 <+catphish> but if you want to avoid that, you will need to learn how to do routing or NAT 15:09 <+catphish> NAT is probably the simplest, just forward a port on the host to a port on the VM 15:09 <+catphish> you can do this with one iptables command 15:10 < shtrb> catphish, I think you a missing a " there 15:10 < RahulAN> catphish: What is that ipTable command.? 15:10 <+catphish> shtrb: no 15:10 < RahulAN> catphish: yes correct if i then ssh host : 27017 it should go connect to VM 15:11 < RahulAN> and if i do ssh host : 22 than it should connect to host. 15:11 <+catphish> shtrb: that will ssh to the host, and on to the guest 15:11 <+catphish> iptables -I PREROUTING -p tcp -m tcp --dport 27017 -j DNAT --to-destination x.x.x.x:27017 15:11 <+catphish> where x.x.x.x is the IP of the guerst 15:11 <+catphish> if you run that on the host it should forward the port 15:12 < RahulAN> Cooo.l let me give a try 15:12 <+catphish> then you can just "ssh host -p 27017" 15:12 <+catphish> you can remove that rule by running the same command but with -D instead of -I 15:13 <+catphish> this makes some assumptions about how things are configured, but if the VM can access the internet those assumptions are probably correct 15:13 < shtrb> catphish, I thought that in order to perform an action (you need to put in quotes: ssh ... "ssh ... " ) , he also need to explictly allow connection 15:14 < RahulAN> catphish: Yes !! 15:14 < RahulAN> I am trying "iptables -I PREROUTING -p tcp -m tcp --dport 27017 -j DNAT --to-destination 192.168.122.254:27017" 15:14 <+catphish> RahulAN: works? 15:14 < RahulAN> and getting iptables: No chain/target/match by that name. 15:14 <+catphish> oh, try: "iptables -t nat -I PREROUTING -p tcp -m tcp --dport 27017 -j DNAT --to-destination 192.168.122.254:27017" 15:15 <+catphish> i forgot that first option 15:15 <+catphish> shtrb: nope, no need for quotes 15:16 <+catphish> shtrb: ssh takes everything starting with the first non-switch as a command to run remotely 15:17 <+catphish> shtrb: https://paste.ubuntu.com/p/n9SsWzYgp3/ 15:17 < RahulAN> catphish: ssh: connect to host 10.130.161.131 port 27017: Connection refused 15:18 <+catphish> RahulAN: maybe you have a firewall blocking it 15:18 < RahulAN> catphish: you man host firewall ? or guests ? 15:18 < shtrb> catphish, he needs to allow incoming (at least with vbox) 15:19 <+catphish> RahulAN: host firewall, try this: iptables -I FORWARD --p tcp -d 192.168.122.254 --dport 27017 -j ACCEPT 15:19 <+catphish> * iptables -I FORWARD -p tcp -d 192.168.122.254 --dport 27017 -j ACCEPT 15:20 <+catphish> that will allow it if it's the host firewall blocking it 15:20 < RahulAN> catphish: it is working ... !! wow 15:21 <+catphish> RahulAN: excellent! 15:21 < RahulAN> so iptables -I FORWARD -p tcp -d 192.168.122.254 --dport 27017 -j ACCEPT is the correct command to make it routed ? 15:21 <+catphish> RahulAN: no, that command is allowing it through the host firewall 15:21 <+catphish> the first command does the actual forwarding 15:21 < RahulAN> Oh i see 15:22 < RahulAN> Coool !!! catphish Thanks for the help 15:22 < RahulAN> you saved my day ;) 15:24 <+catphish> no problem, glad its working :) 15:40 < v0lZy> Hi 15:40 < v0lZy> asked in another channel but noone could explain to me 15:41 < Guest96932> hello 15:41 < v0lZy> I witness a situation where a windows server configured with a static ip (and thus a static default route in the persistent routes table) ignored some routes I added to the non-persistent table despite the fact that those routes were most specific match 15:42 <+catphish> v0lZy: that shouldn't happen 15:42 < v0lZy> The issue seemed to be that the metric was set to 26... when I restarted the VPN, the metric was set more appropriately to 55, after which everything worked. 15:42 <+catphish> v0lZy: metric shouldn't matter if the routes are more specific 15:42 < v0lZy> catphish: I know, but thats what I witnessed 15:42 <+catphish> with that said, i know *nothing* about windows network internals 15:42 < Guest96932> Would it be possible to access a server that is using iptables rules to only permit certain ip ranges to access the server? (I know which ranges are allowed) 15:43 <+catphish> Guest96932: yes, as long as you're on one of those IPs 15:43 < djph> yeah, if you're coming from one of the allowed ranges. 15:43 < Guest96932> catphish, what if I'm not one of those IPs would the most I could do be sending a syn and never receiving anything back? 15:44 <+catphish> Guest96932: correct, the ack would go back to the host whose IP you sent the SYN from 15:45 < v0lZy> catphish: From my understanding, metric comes into play when there are two matches for routing the same network via two different gateways... in that case, metric with lower value should apply 15:45 < Guest96932> Ouch, it's a deadend then, even if I know what ports are open behind the firewall? 15:45 < v0lZy> erm... route with lower metric value should apply* 15:46 < v0lZy> Guest96932: you could proxy your requests if you have access to a machine in the network that is allowed by the firewall. 15:46 < Guest96932> I guess, but that's not an option unfortunately as all of those machines also have rules to only allow another set of ranges. 15:47 < v0lZy> well if you can tap onto the WAN interface you can set whatever IP you want on your computer 15:47 < v0lZy> and get in that way. 15:48 < Guest96932> True, thanks. 15:53 < v0lZy> Anyone here knowledgeable about how routing works in Windows? 15:54 < v0lZy> Could use an explanation of what I witnessed (described above) 15:57 <+pppingme> v0lZy you'd have to pastebin the route table when things were "broken" 15:57 <+pppingme> but I'd be willing to bet you're misunderstanding or misinterpreting the route table 15:57 <+catphish> v0lZy: metric applies to equal length routes, yes 15:58 <+pppingme> most specifically, I'd bet that you're not correctly understanding the netmask 16:00 < IamTrying> Who sell cheapest domain names? 16:00 < Peng_> It depends 16:02 < v0lZy> pppingme: I dont have it on screen anymore 16:03 < v0lZy> pppingme: I didnt touch the routing table... I only started the VPN client and since my access wasnt working, I went to check out the routing table. I saw it looked normal and compared to another machine and figured out the difference between the two was only the metric 16:04 < v0lZy> pppingme: i then restarted the VPN and the metric on the routes in question changed to be the same as the machine I was comparing with, and everything working 16:05 < v0lZy> pppingme: I can assure you that 1) given that the server has a static IP, there was a single default route in the persistent table, 2) that the routes for my /24 network at the other end of the VPN tunnel were added with appropriate gateway and netmask to the non-persistent routing table 3) that these routes for my /24 networks had a metric of 26 16:06 < v0lZy> after restarting the VPN tunnel, everything was the same, except metric for my routes was now 55 16:06 <+pppingme> v0lZy a route with a more specific mask will always win over a route with a less specific mask, regardless of metric. What route do you think the traffic was taking? Do you think it was going out the default route? or another route? or what? 16:06 < v0lZy> pppingme: I did a traceroute to my remote networks, and the route that applied was the default route (the one in persistent table) 16:07 < v0lZy> basically, it was ignoring the routes in the non-persistent table, even if they were more specific than the default persistent route 16:07 <+pppingme> windows doesn't care about a "persistent" router vs a "non persistent" route.. the ONLY thing that means is that its stored in the registry or where-ever and will show back up after a reboot 16:07 <+pppingme> it doesn't affect its preference. 16:08 < v0lZy> pppingme: I know that; I can assure you the only difference in this case was the metric value 26 (not working) and 55 (working) ... both assigned automatically by windows, not by me. 16:08 < v0lZy> pppingme: it was as if the routes were ignored or skipped 16:09 < v0lZy> pppingme: I dont know what the metric value for the default route actually way... it said metric was 'default' 16:09 <+pppingme> there's only two possibilities here.. a misunderstanding of the route table at the time (most likely not understanding a mask), OR, and this is doubtful, but possible, a firewall or something thats mangling (changing) something on the way out.. 16:10 <+pppingme> metric for your default doesn't matter, it has a prefix length of ZERO... unless you have two with the same mask/length, it doesn't even come into consideration if you have a more specific route.. 16:11 < v0lZy> pppingme: there was nothing to misunderstand ... 10.100.1.0 mask 255.255.255.0 gw 10.100.201.190 metric 26 was the route I was concerning myself with 16:11 <+pppingme> the only other possibility I can see is your vpn was bouncing and you didn't realize it... up when you looked at route table, but down when you did your traceroute 16:11 < v0lZy> and tracert to 10.100.1.1 was going out the default gateway instead of 10.100.201.190 16:12 < v0lZy> pppingme: was not bouncing, I checked the table several times, VPN was up, IP address acquired, remote end showed VPN state connected etc. 16:13 < v0lZy> I attempted multiple traces, same result 16:13 < v0lZy> while on another host in the exact same network, everything was fine (so this wasnt enviornment related either) 16:14 < v0lZy> comapring those two hosts together (two virtual machines in the same subnet), the only discrepancy was route metric. 16:14 < Arpanet69> anyone experience with fortinet... cant setup a tunnel in a testing envirioment using the wizard 16:14 < v0lZy> which after restart of the OpenVPN client recalculated to 55 vs previous 26. 16:15 < v0lZy> for whatever reason, openvpn client added the routes with metric 26 the first time 16:15 < v0lZy> and with metric 55 the second time 16:16 < v0lZy> and that made all the difference... its as if windows either ignored routes with metric 26, or thought thought them an equal match with the default route and default route had lower metric value or something 16:18 < v0lZy> I should perhaps point out that these VM hosts are on a sihp 16:18 < v0lZy> ship 16:19 < v0lZy> and that connection, given a longer period of time, invariably experiences interruptions 16:20 < v0lZy> to that degree, the event I witnessed is potentially identical to this: https://serverfault.com/questions/611933/windows-route-not-followed 16:20 < v0lZy> but in my case, its not related to persistant routes, but rather non-persistant routes 16:20 < v0lZy> and it is perhaps the case that if vpn connection is not deliberately shut down, the routes persist 16:21 < v0lZy> and are therfore not refreshed 16:21 < v0lZy> could it be that internally, they are mapped to a connection that no longer exists? 16:22 < v0lZy> (as in, everything is OK with the routing table, but the interface is somehow no longer the same interface, and because routes are already there, they are not deleted and recreated?) 16:26 <+catphish> slack has been down for quite some time :( 16:26 <+catphish> "Connectivity issues affecting all workspaces" 16:26 <+catphish> super vague 16:31 < v0lZy> ... my hypothesis doesnt explain why the default gateway is chosen though 16:31 < v0lZy> does windows fallback to default gateway if the more specific gateway is unavailable? 16:31 < Wulf> catphish: it's called "slack" for good reason 16:32 <+catphish> v0lZy: many systems will disregard a route if its known to be unreachable, so yes 16:32 < v0lZy> and just jump to the next closest match route automatically? 16:32 <+catphish> v0lZy: if you have a route to an interface that's down, it'll definitely use something else 16:32 <+catphish> v0lZy: yes 16:32 <+catphish> it'll just carry on as if that route didn't exist and use the next match 16:33 < v0lZy> catphish: so in that case it could be what I suggest above 16:33 < v0lZy> a disassocciation between what interface the route 'resolves' to 16:33 < v0lZy> like interface ID changing 16:33 <+catphish> i have no idea how windows works :( with it should be able to tell if a route is reachable or not 16:34 <+catphish> and if not, it should ignore it 16:34 <+catphish> what is the route that's ignored? 16:34 < v0lZy> more than 1 route... all routes that i push with the OpenVPN server were ignored 16:34 <+catphish> is it an interface route, or via an IP? 16:34 < v0lZy> via an IP 16:35 <+catphish> and that IP itself has an interface route? 16:35 <+catphish> check that, check it's to the right interface 16:35 < v0lZy> I cant check anymore... restarted the VPN hours ago and everything was fine... but restating the VPN was a clean shutdown, so it cleared the routing table 16:36 <+catphish> well hard to guess why those routes got ignored, especially on windows which is a black box to me 16:36 < v0lZy> and when it started up again, it added routes which I hypothesise were terminated on the correct interface 16:37 <+catphish> but yeah maybe during a reconnect windows lost track of what interface those routes ultimately resolves to, dunno 16:37 < v0lZy> at least sounds plausible 16:38 < v0lZy> I'll go with that explanation for the time being :D 16:38 <+catphish> it's way too hot here :( 16:38 <+catphish> and slack is down 16:38 <+catphish> i think i'm'a give up and have a BBQ 16:38 < v0lZy> slack.. that chat thingy thats nothing bur IRC with a BNC? 16:39 <+catphish> v0lZy: yes 16:39 < v0lZy> never knew why anyone would use slack vs IRC and BNC... but ok. :D 16:39 <+catphish> assuming by BNC you mean nice web interface 16:39 < v0lZy> no 16:39 < v0lZy> I mean a bouncer 16:39 <+catphish> then no, it's not just IRC and BNC 16:39 <+catphish> it's also got a nice web interface 16:40 <+catphish> which is the reason most people like it 16:40 < v0lZy> the web interface isnt really a big addon ... :D 16:40 <+catphish> yes, it is 16:40 < v0lZy> you're basically connecting an IRC web client to a bouncer 16:40 <+catphish> correct 16:41 <+catphish> except of course that's not how it works at all 16:41 <+catphish> it's totally different tech, with a totally different interface 16:41 < v0lZy> Seems to me thats exactly how it works :D 16:41 <+catphish> the only thing it has in common with what you said is "it does chat" 16:41 < v0lZy> heavily inspired by IRC I suppose 16:41 <+catphish> it's just chat 16:42 <+catphish> IRC did chat early on, so i suppose all chat systems are somewhat inspired by it, though what it does it kinda obvious 16:42 < v0lZy> used to be a time when people used IRC as a background method of transportin gmessages between applications 16:43 <+catphish> it's actually quite a good messaging system 16:43 <+catphish> so it makes sense 16:44 < v0lZy> not good for long lines of text though :D 16:44 < v0lZy> but heh, can solve in app. 16:44 <+pppingme> malware 16:45 <+catphish> it's a great messaging backend for malware 16:47 < v0lZy> should be integrated into everytihng :D 16:52 < alabaster> sorry to bother anyone as it is probably a rudimentary question. I'm studying networking, for Cisco Certification to be exact. Either Network videos for CCNA videos show recognizable computers and servers and such (guess in essence nodes) when teaching that wireshark is a great tool to learn networking by watching and snooping/sniffing your own network.....) 16:54 < alabaster> But I tried a couple methods and can only get the computer that it is on to show up. It is seemingly supposed to be easy to to legally wireshark your own network. Anyone familiar with Wireshark can tell me how this is done if easy enough?? 16:57 < v0lZy> alabaster: Im probably more of a wireshark noob than you, but essentially you click record, do whatever you want to do, then click stop and review what you've recorded 16:57 < alabaster> for example I put in WPA-PWD my passphrase with the network connection off and than connected and reloaded Wireshark and still nothing 16:57 < alabaster> I do that V. 16:57 < alabaster> But I am still only getting my laptop which is the computer that has WS on it 16:58 < v0lZy> are you running wireshark on the correct interface... theres probably an option to do that 16:58 < v0lZy> also u usually configure a filter of what you want to record in advance 16:58 < Aeso> alabaster, so for starters, are we talking about wired or wireless here? 16:58 < v0lZy> so like I dont know... if you want to record information from a certain IP... or range of IPs etc. 16:59 < alabaster> They all generally say use wireshark on a computer that has a WiFi apdapter and thats how I connect using my laptop 16:59 < alabaster> I have a computer a couple smartphones... 16:59 < alabaster> all are mine 16:59 < Aeso> alabaster, depending on your wireless NIC, you may or may not have support for promiscuous mode 16:59 < alabaster> it picks up none except the laptop 17:00 < alabaster> Aeso thats one of the things I thought of 17:00 < Aeso> under normal operations, the drivers strip all of the management frames and data frames for other hosts because it's just additional noise 17:01 < alabaster> but my laptop is like only a one or two year old Asus ROG that has an AC adapter that for other purposes I've tested seems to be working for other projects 17:02 < alabaster> I've watched now about 10 videos and tuts on WS and just shows this network snooping/sniffing working from scratch. 17:02 < alabaster> Promiscuous mode is default on 17:02 < alabaster> although I don't know much of monitoring mode or where to find it, if thats necessary 17:02 < Aeso> Age doesn't really matter. You'll have to look up the wireless chipset and see if it even supports promiscuous mode. Then you need to check the drivers you're using. 17:03 < alabaster> Oh right I did Download an external software that works with open wireless lines. Forget to find out what that is about. 17:05 < alabaster> but what I am saying is. I have accidently in another project used a different program and it ended up seeing into networks before, My intention was not to do that so I quickly turned it off. As in "if it did that" why a legit usage of wireshark from default is not doing that to my internal network?? 17:07 < alabaster> But yes. Let me do the intelligent and primary steps of getting my adapters information and bringing it back to the chat. That makes sense 17:12 < alabaster> Intel Wireless 7265 17:12 < alabaster> AC 7265 17:15 < alabaster> Alright It does have the ability to work with promiscuous and monitor mode but YES, it requires a driver that allows it. I don't want to screw this up. Any suggestions? 17:17 < v0lZy> Get a usb wifi dongle 17:17 < v0lZy> always useful. 17:18 < v0lZy> I have one cause I generally run linux and a windows VM that I want to have direct connectivity from 17:18 < alabaster> I had one on my older laptop and it burned up because I left it running all night once 17:18 < alabaster> but again those days are done... haha 17:19 < v0lZy> I always keep one or two with me wherever i go 17:19 < v0lZy> they come in handy 17:19 < alabaster> I am simply just trying to view my own network and learn security over again and show a friend as well and use wireshark legitly.. I just don't know why it aint doing what it do out the box and what I may have missed here 17:21 < Popzi> alfa network awus036nh - best most reliable usb dongle ive ever used, promiscuious aswell, this thing could probably connect a freaking toaster or fridge to the network 17:21 < alabaster> but either way wireshark already shows a lot of useful information I'm not trying to 100 percent decrypt the traffic on the fly. Just see and pull in whatever it does on my own network 17:21 < maiz> I need help for a networking usecase I can't figure out a solution to: I have a virtual bridge set up by libvirt `virbr0' which my vms use to pass traffic to my ethernet/wireless interfaces through nat. what I want is to have the host go through the bridge too. 17:22 < alabaster> again, I don't know if you caught me posting the model of my wifi adapter but it does support promiscuous mode just needs a driver and or another thing on top of that. For Wireshark I already installed the necessary components I can think of. The usual 17:24 < Popzi> alabaster: what OS are you on lol? That's usually a good first step 17:25 < alabaster> Popzi you tryna make me feel ashamed 17:25 < alabaster> hahahaha 17:25 < alabaster> ahem yeah just win10 17:25 < Popzi> alabaster: nooo sorry ^^ it's just its vastly different on linux haha 17:25 < alabaster> I know 17:26 < alabaster> I knew you werent headed there 17:27 < alabaster> I do switch back and forth to my Ubuntu VM but I am maining Win10 for whatever unknown stupid reason I choose 17:27 < alabaster> chose* 17:27 < Popzi> alabaster: https://downloadcenter.intel.com/download/27849/Wireless-Intel-PROSet-Wireless-Software-and-Drivers-for-Windows-10?product=83635 this looks like the driver you need :P simple download and install? 17:28 < Popzi> that'll obviously allow windows to talk to your hardware, then from there you can wireshark away :P 17:28 < alabaster> reading the description I just drop my cig out my mouth. I will give it a try and roll back if I screw something up. Thank you 17:29 < Popzi> Np, intel are pretty good with their drivers, so if its not the right one you can just run the uninstaller 17:29 < Popzi> They also have an automatic tool to search for any connected hardware drivers here - https://www.intel.com/content/www/us/en/support/intel-driver-support-assistant.html 17:29 < alabaster> only thing I am afraid of is effing up, losing internet with the wrong driver than fighting to re roll or reinstall. But this seems like the direction I forgot 17:29 < alabaster> I SHALL RETURN! or Wont if correct! 17:30 < alabaster> Thank you so much Popzi 17:30 < Popzi> it's advised you have a backup interface available, like your phone hotspot or something, but you should be fine :P 17:31 < alabaster> Yeah I have my other two computers on the same TV and my phone next to me 17:31 < Popzi> nice, you'll be fine :P 17:37 < alabaster> Yeah you'd think that though Popz. I'm on W10. But I shouldn't run into to many issues. I would just set up Ubuntu to do the same thing but Wireshark gives so much info during capture... 17:37 < alabaster> that I am trying this route 17:37 < alabaster> so* 17:39 < Popzi> alabaster: wireshark is the same in both windows and ubuntu :P 17:42 < alabaster> hmmm I have never tried to do it this way and want to get it down, as well follow the videos, as well help my friend who wants the CEH and doesn't know basic Linux yet 17:43 < alabaster> it says only supports 8, 9 and 18 series, I'm gonna give it a go anyway. 17:44 < alabaster> oops I scrolled down AC 7265 supported 17:46 < zenix_2k2> is there anyhow to unblock a blocked socket ? like in python unblock something like this "local.setblocking(0)" with local as the socket object 17:53 < purplex88> whats 10/100Mbs port means? 17:54 < Wulf> zenix_2k2: no 17:54 < zenix_2k2> oh god 17:54 < skyroveRR> purplex88: it means it can do 10Mbps as well as 100Mbps. 17:55 < Wulf> zenix_2k2: make sure to set the socket as nonblocking before you do blocking operations on it... 17:55 < purplex88> i don't get it 17:57 < purplex88> what about 5 Mbps and between 10 Mbps and 100 Mbps? 17:57 < Apachez> its the linkspeed 17:58 < skyroveRR> purplex88: it means the particular device can negotiate at max 10mbps or 100mbps. 17:58 < Apachez> 10/100 means it can have link at 10Mbps or 100Mbps 17:58 < Apachez> unless its some isp who types that because then it means 10Mbps download and 100Mbps upload as shaping 18:00 < ldiamond> Anyone know if you can use a normal ethernet cable to connect to a tp-link switch via the console port and deal with it in software only? 18:00 < ldiamond> I.e. I don't have a serial port, or a serial-ethernet cable. 18:06 < purplex88> Apachez: link speed = bandwidth or throughput? 18:07 < drac_boy> hi 18:07 < zamanf> Hello 18:07 < drac_boy> know this might be unusual topic but have any of yu seen a single wwan expresscard for all 3g/4g bands including AWS? 18:07 < zamanf> Is it possible to use vpn and my ISP IP at the same time? I was about to try split tunneling but is there a way to do this using iptables? 18:08 < ||cw> ldiamond: no, you need a console cable, and either a serial port or a usb-serial adapter 18:09 < ||cw> purplex88: a 10/100 port on an ethernet device typically means it can support 10baseT and 100baseT ethernet standards 18:10 < ||cw> zamanf: that's just a matter of routing 18:10 < purplex88> ah the cables like cat5 and cat6? 18:10 < zamanf> ||cw, probably, just need to use vpn only for specific IP addresses 18:11 < ||cw> zamanf: then setup the vpn to not be the default route, and add a route for that IP or subnet to go via the vpn interface 18:11 < ||cw> purplex88: usually, yes. 18:12 < mawk> zamanf: you have many ways to achieve this, depending on what's the actual goal 18:12 < purplex88> ||cw: and its bandwidth speed right? thx 18:12 < zamanf> how do I setup a vpn without being the default route? 18:12 < mawk> you want some applications to go through the vpn, and the whole system through the physical interface ? the reverse ? 18:12 < zamanf> Never thought it would be possible 18:12 < mawk> well you just setup it normally, but tell the vpn program to not setup a default route 18:13 < mawk> then you can contact every computer in the vpn network, as if it was just a cable plugged into a switch 18:13 < zamanf> mawk, just for some specific ip addresses. I would be interested in learning how do achieve this for apps later some time 18:13 < ||cw> purplex88: more or less, yes. bandwidth and throughput are basically the same thing, and there are factors other than link speed that go into that 18:13 < mawk> zamanf: then I'd create a new routing table that has the VPN default route, and use iptables + policy routing to direct certain destination IPs into the VPN routing table 18:14 < mawk> but you'll have DNS leaks if you do that 18:14 < mawk> you'll resolve the ip address using the regular connection, and connect using the vpn connection 18:14 < mawk> that'll deanonymize you 18:15 < zamanf> mawk, probably but I don't need privacy at that level 18:15 < mawk> alright 18:15 < zamanf> ok, so where do I start now 18:15 < zamanf> I am setting up vpn connections through network manager 18:15 < mawk> then yeah you use iptables to mark certain connections that you want to go through the vpn, then apply that mark to individual packets, then use policy routing to direct packets having the mark to the secondary routing table 18:15 < mawk> in which you have the vpn default route 18:15 < mawk> and voilà 18:16 < mawk> well it's always harder when you use an automatic tool like that 18:16 < zamanf> I guess some expert settings missing from there 18:16 < mawk> you can note down the vpn gateway IP for further reference, then tell NM to not setup the default route, then create the secondary routing table 18:17 < mawk> yeah you can use the CLI to see every setting 18:17 < mawk> it's pretty intuitive 18:17 < zamanf> alright 18:17 < mawk> command is nmcli 18:17 < zamanf> I will google the things you mentioned and try to make it work, let's see =) 18:18 < mawk> you maybe have other options that play more nicely with networkmanager 18:19 < mawk> like using policy routing to skip the default route for packets that don't have the mark 18:19 < zenix_2k2> guys is there any suggestion on any book that explains TCP/IP for newbies ? i mean explain it in the most understandable and less abstract way as possible 18:19 < mawk> take a look at man ip-rule 18:20 < mawk> like you mark packets you don't want to pass through the vpn, and you use "suppress_ifgroup" to make them skip the vpn interface 18:20 < mawk> so they'll pass through the physical interface 18:20 < mawk> you have many ways to do that 18:22 < fred1807> I am using hostapd + systemd-networkd to create a WiFi router with wlan0 to share internet eth0 gets from adsl router... It is working, except an issue with DNS serving... if at wlan0.network there is [DHCPServer] DNS = 8.8.8.8 clients gets these and all works good, But I wonder how could I pass the DNS records from Eth0 ? Records eth0 gets from resolved... 18:23 < purplex88> ||cw: i heard throughput is real speed and bandwidth is speed written on spec 18:24 < ||cw> sure, that's a good distinction. when things are working right, they will be very close 18:24 < drac_boy> zenix see if you can't find a 'for dummies' series book on that? just a thought 18:24 < murder> can a reverse DNS work in IRC if the IP is properly pointing to a hostname, but hostname have 2 IP entries (not only the reverse one)? 18:24 < zenix_2k2> like this one ? --> https://www.amazon.com/TCP-IP-Dummies-Candace-Leiden/dp/0470450606 18:25 < zenix_2k2> but it is 2009, is it too old ? 18:29 < Apachez> purplex88: linkspeed is like that sign at highway that says "100" 18:30 < Apachez> while throughput is what your speedometer actually shows (30 :P) 18:31 < purplex88> very nice i see 18:31 < muffinman8> Hey I am trying to set up an egress firewall. When I have OUTPUT chain as default drop I cant access IRC. Yet I allowed port 6697 and 194. Are there some ports/configuration settings that I am missing? 18:31 < purplex88> so link speed is = bandwidth 18:32 < Biontry> https://tinyurl.com/ya79dnx5 18:33 < Apachez> for regular ethernet the linkspeed is synchronous 18:33 < Apachez> its the data tickrate onto the wire 18:33 < Apachez> while throughput is what your system actually manages to push through 18:33 < Apachez> for example an old dlink router (604 and 804) had like 10/100 interface 18:33 < Apachez> but their actual throughput was about 14 Mbps 18:37 < zenix_2k2> so is it ok to start TCP/IP with this book --> https://www.amazon.com/TCP-IP-Dummies-Candace-Leiden/dp/0470450606 ? 18:37 < purplex88> i thought download speed = througput 18:37 < zenix_2k2> it is just i don't know if there is anything more modern than that 18:40 < Apachez> purplex88: again linkspeed is the datarate of the link itself 18:40 < ||cw> purplex88: you're trying to quantify ambiguous terms. bandwidth, download speed, and throughput can have slight different meanings depending on the context, and can even all mean the same thing. don't over think it. 18:40 < Apachez> throughput is what you actually deliver through all the links between you and the server 18:40 < Apachez> for example lets say you buy a 100G nic to your server 18:41 < Apachez> but your server can only deliver data for 14 G 18:42 < Apachez> dunno what analogi one can use 18:42 < Apachez> lets say you have A300 airplanes 18:42 < Apachez> they fly at whatever 900km/h or so 18:42 < Apachez> but then you have some lazy ass TSA so the planes are never filled 18:42 < Apachez> they are only filled with half of the passengers that would fit 18:43 < Apachez> so even if the "tickrate" for these planes are like 1000 passengers per hour 18:43 < Apachez> the bad performance of TSA make them only fill the planes halfway so the throughput ends up at 500 passengers per hour 18:50 < zenix_2k2> so.. hi ? 19:00 < muffinman8> zenix_2k2 from what I know the tcp protocol hasnt changed that much recently. A book from 09 should be ok, but it depends what you are trying to do. 2009 is pre smart phone.... 19:01 < muffinman8> I should say modern smart phone to appease blackberry heads 19:07 < zenix_2k2> so the TCP/ip's changes that you mentioned are vital ? 19:07 < zenix_2k2> i mean are they really vital or not ? 19:07 < zenix_2k2> and i am not intending to build something too big anyway 19:16 < muffinman8> zenix_2k2 I mean ssl and tls have have changed. And that is related to tcp/ip in a sense 19:28 < zenix_2k2> oh if that is then ok, 2009 is ok 19:29 < spaces> Apachez (K) 19:37 < Llama052> Holy shit, does Azure really require a VPN tunnel per Resource-group/Virtual network. 19:38 < Llama052> Anyon familiar with Azure virtual network stuff? 19:38 < spaces> Llama052 setup your own "cloud",much better! 19:44 < lukce> Does anyone know how can i parse tcp flags from a raw packet captured with libpcap in c? 19:52 < lukce> Anyone? 19:53 < lukce> Nope? 19:56 < bravvve22> hi when capturing a ibm lotus pdf file transfert ,i got tcp streams,that gives malformed pdf,it can"t be opned correctly,can't figure why 20:03 < alabaster> Sorry to bother anyone but I am still not having any like with Wireshark if anyone has used it or familiar on now... 20:04 < alabaster> I feel like a failure here with an amateur question. All I am trying to do is view my own network. As I guess it is called promiscuous mode. AC7265 dual band I believe it falls in the Revision D catagory 20:05 < alabaster> I am trying to follow some networking vids and tutorials and from I what I see, Wireshark is generally default to show your other computers and devices on your own network 20:06 < Jalina> ciao 20:06 < Llama052> Azure is such a piece of shit, I have to make 30 VPN tunnels because each subnet is it's own "network" 20:07 < alabaster> I just updated the Intel drivers but looking further I don't think as the writing states above "Intel Proset are for those who don't need advanced features or IT features and such" 20:08 < Jalina> list 20:12 < mAniAk-_-> Llama052: so automate it? 20:14 < purplex88> whats Backplane speed in switch? 20:18 < Phil-Work> purplex88, the total switching capacity 20:18 < Phil-Work> so if you had 48 1G ports but only a 10G backplane then you could only send line rate on 10 ports at the same time 20:44 < bravvve22> any idea 21:02 < bravvve22> hi when capturing a ibm lotus pdf file transfert ,i got tcp streams,that gives malformed pdf,it can"t be opned correctly,can't figure why 21:49 < zOthix> i want to add proxy to my smtp server ( postfix ) i edited the main.cf file as : relayhost = 127.0.0.1:9050 , but it gives error in log file as : mail.com>, relay=127.0.0.1[127.0.0.1]:9050, delay=202, delays=81/0.01/121/0, dsn=4.4.2, status=deferred (lost connection with 127.0.0.1[127.0.0.1] while receiving the initial server greeting 21:49 < zOthix> how can i resolve this? 21:54 < zOthix> anyone ? 21:56 < Apachez> google made a boo boo https://techcrunch.com/2018/06/27/google-home-and-chromecast-are-down-affecting-users-worldwide/ 21:57 < Aeso> zOthix, sounds like whatever service you're trying to relay to is off/misconfigured 21:57 < zOthix> its tor server, i thought u can send any kinda request from it? 21:59 < `whoami`> i'm not sure you want to relay your email over tor, as the reverse DNS won't match and you emails might end in some spam folder ? 21:59 < zOthix> its not even getting in spam though, i mean its giving me that error ^^^ 22:00 < `whoami`> what about tor logs ? 22:01 < zOthix> wait, i didnt check that 22:01 < Aeso> zOthix, you don't actually want to use indirect delivery 22:02 < Aeso> you want direct delivery, but you want it via tor 22:02 < zOthix> yes 22:02 < zOthix> how can i achieve that ? 22:03 < `whoami`> zOthix: unrelated question: are you using encrypted emails ? 22:03 < Aeso> zOthix, I have no idea how tor works, but I'm guessing you have an IP on a network interface for it, is that true? 22:04 < zOthix> i have tor service running from my pc 22:04 < zOthix> and i gave tor port on relay host of postfix 22:04 < android_> z0thix free of charge? 22:05 < Aeso> again, you don't want a relayhost 22:05 <+catphish> i continue to be baffled by why https://thepiratebay.org/ is down, but other sites seem to be able to mirror or proxy their content 22:05 < zOthix> 9050 is the port tor use to send any kind of requests, so i used that as relay host. and its free 22:05 < Aeso> a relayhost implies there's a smtp server looking to relay your traffic 22:05 < android_> rmataeue ttm 22:05 < zOthix> okay, how can i directly use tor to send emails from my own smtp server? 22:05 < android_> rtmataeu34 ttm 22:06 <+catphish> zOthix: first, that souds like a really bad idea, second you'll need an smtp server that supports socks proxying 22:06 <+catphish> or, you could use socksify to force it 22:06 < zOthix> postfix does not ? 22:06 < Aeso> yeah, literally every mail server on the planet is going to blackhole your traffic 22:06 <+catphish> zOthix: dunno 22:06 < Harlock> so chromecasts are completely reliant on google cloud stuff to work? or does mirroring from a local pc still work 22:07 <+catphish> but your email will be blacklisted as hell, plus people will be able to read it trivially 22:07 < Maarten> I don't use tor. Ever since I found out major child porn rings use it to distribute data, I can't for my own conscience have any part in that, whether I can hide behind "it's encrypted data, I don't know!" or not. 22:07 < Aeso> zOthix, you need to set up a virtual network interface for tor, and set the smtp_bind_address for postfix to whatever address you have on the interface 22:07 < zOthix> any free email server i can use as relay host ? i am trying to not get my email in smap 22:07 <+catphish> Maarten: don't use the internet then 22:07 < Aeso> ^ 22:07 <+catphish> your money goes to support a network used by all kinds of criminals 22:08 < Maarten> catphish, you make a point. But if there are things that make it blatantly obvious a lot of it is criminal traffic - such as tor - I can at least be selective. 22:08 < Aeso> You should recuse yourself from society as well, since your tax dollars go to supporting infrastructure used by the same criminals 22:08 < zOthix> ^ 22:09 < linux_probe> lol 22:09 <+catphish> Maarten: unfortunately you're right, anonymity does bring a lot of criminal activity 22:09 < alabaster> speaking of traffic. In a non criminal sense 22:09 <+catphish> Maarten: you can however use tor without being a relay 22:09 < linux_probe> the internet itself is criminal 22:09 <+catphish> Maarten: you don't have to carry their traffic to be a client 22:09 < alabaster> I am trying to find something to keep up with networking videos and tutorials I think I am lost here if someone could help 22:10 < zOthix> Aeso, i cant find smtp_bind_address option in " main.cf " file 22:10 < alabaster> I am just trying to see in my own network. And I don't understand monitor mode and promiscuous 22:10 < Aeso> zOthix, it probably binds to all IPs by default. Most applications do 22:10 < alabaster> someone had said Monitor = Promiscuous 22:10 < zOthix> should i write this line in main.cf then ? 22:11 < alabaster> I safely assume my Ac7265 22:11 < rtmataeu34> ? 22:11 < rtmataeu34> ttm? 22:11 < alabaster> wont do either 22:12 < Maarten> Again: I can be selective. You can never completely "free" of criminal activities on the internet. Any VPN provider probably has child porn trafficers and terrorist as their clients as well. But.... besides the fact that Tor is riddled with criminal activity, it is also incredibly SLOW. I don't really see the point of it, unless you want to partake in said activities..... And even with Tor, if you use it to connect to the REGULAR internet, just 22:12 < Maarten> like any VPN, you will eventually hit an exit point where traffic is no longer encrypted (beyond standard https) 22:12 < alabaster> could anyone familiar lend me an ear one quick moment? 22:12 < rtmataeu34> android_ ? 22:13 < Maarten> lend you an ear? *looks at Vincent van Gogh....* 22:13 < alabaster> good one Maarten 22:13 < alabaster> heh 22:13 < Maarten> He's got one he ain't using! ;) 22:13 < alabaster> no I am on W10 using Wireshark with an Intel Dual Band AC7265 22:14 < zOthix> Aeso, i added that line in main.cf : smtp_bind_adress = 127.0.0.1:9059 , and the log file gave me an error : relay=none, delay=4.8, delays=0.02/4.8/0/0.02, dsn=4.3.0, status=deferred (unknown mail transport error) 22:14 < alabaster> I am just testing around my own computer, phone, and using my laptop with Wireshark 22:15 < android_> rtmataeu34 what they do to yourself? 22:15 < android_> how feel you rtmataeu34 feeling well? 22:16 < Harlock> AC7265 doesn't come in mini pci-e does it 22:16 < alabaster> yeah I assume it is since its my laptop 22:16 < Harlock> all i see are m.2 22:17 < alabaster> I don't know my laptop is about 2-3 years old 22:17 < alabaster> If my AC7265 doesn't support the modes I need I am going to be a cheap adapter 22:17 < Maarten> alabaster, if you are using Wifi to use Wireshark, this might be a good read: https://wiki.wireshark.org/CaptureSetup/WLAN - but in a nutshell.... Wireshark over wifi is a lot less effective than over the wire. 22:18 < alabaster> ouch I thought it was the other way around 22:18 < alabaster> I can try plugging it into the router 22:19 < alabaster> I've read through a lot and youtube before I try to ask rudimentary questions but I am not getting this 22:19 < alabaster> All I've read is I need an adapter that supports promiscuous mode. But other sources say in essence that means MONITOR mode 22:21 < tonyt> promiscuous mode and monitor mode are one in the same 22:22 <+xand> nope 22:22 <+xand> they are not 22:22 < alabaster> see 22:22 < alabaster> this is the entrenched battle I am finding 22:22 <+xand> different layers 22:23 < alabaster> let me make it clear here. This is to keep up with tutorials and videos 22:23 < alabaster> so my end result is what do I need as an adapter to see my own networks devices 22:23 < alabaster> wireless and wired 22:23 < fly_agaric> hello guys 22:24 < alabasterc> sorry I just dropped 22:24 <+xand> monitor mode is for stuff that's from multiple SSIDs whereas promiscuous mode is for seeing frames destined for other MAC addresses but on the same network 22:24 < alabasterc> probably because I connected my ehthernet cable 22:25 < alabasterc> thats what I thought 22:25 < fly_agaric> a general question about site2site vpn between a cisco asa and checkpoint firewall. one subnet cannot communicate anymore with the other subnets from the vpn. what could it be? noone has changed anything 22:25 < alabasterc> I did all the prereqs even though wireshark already installs what it needs additionally... 22:26 < alabasterc> But I am still only seeing my laptop with wireshark on it 22:27 < alabasterc> xand have you any familiarity with Wireshark. It is set in promiscuous mode so would the fault be in my WiFi adapter? 22:28 < alabasterc> I keep getting dropped 22:28 < linux_probe> lol 22:28 < alabasterc> oh no I didn't my old name did 22:29 * linux_probe debates if someone was dropped on their head as a kid 22:29 < alabasterc> why 22:29 < alabasterc> am I asking something outrageous here? 22:31 < alabasterc> meh 22:31 <+xand> er what are you trying to do? btw Windows is not the OS for that kinda thing 22:31 <+xand> use Kali linux. 22:32 < alabasterc> I have Ubuntu 22:32 < alabasterc> well Ubuntu VM 22:33 < alabasterc> I tried through the VM and I got the same results 22:33 < Maarten> VM's aren't ideal either.... due to the networking stack. Windows has some limitations when using wireshark. Best to use for Wireshark is native linux on a pc or laptop, not virtualized. You CAN however use a USB-booted linux if you don't want to put it as your main OS on a laptop. 22:33 < alabasterc> xand I am just trying to see my own network. 22:34 < alabasterc> yeah I have some Linux bootable I had put on a stick somewhere 22:34 < alabasterc> but is my wifi adapter still going to cause a problem? 22:35 < alabasterc> Again It's an Intel AC7265.. do I need something that supports either or promiscuous mode and/or Monitor mode ?? 22:36 < alabasterc> I'm not even sure if mine can or cannot. I found nothing on google 22:36 < Maarten> Try this :) (haven't tried it myself....) https://www.networksecuritytoolkit.org/nst/index.html 22:39 <+xand> alabasterc: if you use WPA2 then you won't see traffic for other devices 22:40 < alabasterc> I had my gateway / router set to both WPA and WPA2 22:40 < alabasterc> xand 22:41 < alabasterc> xand you mean it has to be decrypted beforehand 22:41 * RtMF peels a layer off of alabasterc 22:41 * RtMF puts it onto xand 22:42 < alabasterc> alright. I get your point now RtMF 22:42 < RtMF> I dunno, onions. ogres. layers. donkeys. naked kid at the rave. 22:42 < RtMF> M-a 22:43 < alabasterc> I'm sure I was the naked kid at a rave before though. I am twiced that age now 22:44 < alabasterc> alright off to do more research I shall begone! 22:44 < alabasterc> enjoy your donkey quinnstorm 22:46 < RtMF> I just need...hmm... good rave to go to, people to go with, enough spare extra actually extra cash & time (prereq: likely need place to live better/more than a tent, a source of income preferably a job -- but in the right circumstances perhaps...I should work/life balance before I end up dying of lack of rainbowtiem even though I don't have any work and my job is looking for work?), and...to feel like 22:46 < RtMF> I'm worth taking to a rave. 22:46 < RtMF> I mean I used to be http://tymestl.org/~rtmf/evangela.xh/withkandi/IMG_0031. 22:46 < RtMF> oops 22:46 < RtMF> I mean I used to be http://tymestl.org/~rtmf/evangela.xh/withkandi/IMG_0031.JPG 22:47 < RtMF> that's me at my ex-partner Jenny's place getting ready for a party 22:47 < RtMF> s/party/rave obviously, some people are too young to get that. 22:47 < RtMF> or too old? 22:47 < RtMF> or...just too boring 22:58 < pwnz0r> Hello, I am looking at the wikipedia page for NDP https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol. I am confused since I am reading on this page that NDP is a internet layer protocol (creates new ICMP messages) however in teh chart it shows NDP as a link layer protocol. is this a wiki error? I also see on the LLDP page that same possible error 23:01 < E1ephant> pwnz0r: it functions to help L2 and L3 connect, and it uses L3 messages to communicate as much 23:01 < E1ephant> so it is for "L2" much like ARP 23:01 < pwnz0r> ok interesting. 23:02 < E1ephant> but it uses L3 based messages to communicate such 23:02 < pwnz0r> I need to actually read it/rfc but I was curious initially what the difference beteeen NDP and LLDP would be 23:02 < pwnz0r> is LLDP more for manangement purposes 23:04 < E1ephant> you are certainly on the right track 23:04 < E1ephant> lldp is yeah, mostly for just knowing/exchanging information about neighbors 23:04 < E1ephant> NDP is like arp in that it helps make fundamental L2+L3 routing/switching work 23:04 < E1ephant> in multi-access networks 23:04 < pwnz0r> ok awesome that makes a lot of sense 23:04 < pwnz0r> thanks! 23:05 < E1ephant> np 23:05 < E1ephant> gl! 23:10 < linux_probe> nothing quite says plug my mouth and poop-shooter like I mean I used to be http://tymestl.org/~rtmf/evangela.xh/withkandi/IMG_0031.JPG 23:17 < rtmataeu34> hi everyone- i had a noob question about multiple router ( hardware ) setups 23:18 < E1ephant> rtmataeu34: shoot 23:19 < rtmataeu34> hi 23:20 < android_> yeah 23:20 < rtmataeu34> I setup my home router dsl/wireless router with a second router, in a daisychain setup 23:20 < E1ephant> gross 23:20 < rtmataeu34> yes i used setup twice ;( 23:21 < rtmataeu34> and i also have a couple of older routers from a neighbor 23:21 < rtmataeu34> but its mostly just older verizon hardware 23:21 < rtmataeu34> their dsl gateways that kind of thing 23:22 < rtmataeu34> nothing in the box goes past 802.11n 23:23 < rtmataeu34> so i plugged two of them together- they are operating in different subnets atm and ive been pushing some traffic to observe with wireshark 23:23 < rtmataeu34> so i was wondering with boxes like these what else can a guy do to learn networking 23:24 < rtmataeu34> i saw a Y configuration and this kind of what id call " daisychain" between two routers lan ports 23:25 < E1ephant> I would try and aim for some network emulation 23:25 < E1ephant> like dynamips/dynagen 23:26 < E1ephant> GNS3 or EVE-NG 23:26 < E1ephant> using consumer routers in a daisy chain is just not going to provide much learning opportunity 23:27 < E1ephant> ccna curriculum is pretty good to follow 23:27 < Gobo708> Hi All, does anyone know the syntax of adding an ipv6 route in ubuntu? 23:27 < E1ephant> just once, or on a permanent basis? 23:28 < Gobo708> I have traffic that just will not flow to a tcp6 port on a another machine in the same subnet. But it will communicate on every other port... 23:28 < Gobo708> there IS a listening port 23:28 < Gobo708> temp first 23:28 < Gobo708> then permanent ;) 23:29 < Dagger> if other ports work then your problem isn't routing 23:29 < E1ephant> just ip -6 route add for one time, for consistent, put that command under "up" commands in the interfaces file. 23:29 < Gobo708> fast update, the port is listed as listening in netstat, but a local telnet is not responding 23:29 < Gobo708> ugh 23:30 < E1ephant> if it's in the same subnet, you are not routing 23:30 < E1ephant> so no route will fix this 23:30 < Gobo708> Dual Nics 23:30 < Dagger> you don't need the -6 except for `ip -6 route add default` 23:30 < E1ephant> and? 23:30 < android_> hey 23:30 < E1ephant> even with dual NICs, it should match directly connected 23:30 < Dagger> if you give it a v6 destination (`ip route add 2001:db8::/N`) then it's clever enough to work out that you want to add a v6 route rather than a v4 one 23:30 < android_> hey 34 if you stare long enough do you see apparitions of deadmau5 23:31 < E1ephant> do you have both subnets on both NICs without any bonding? 23:31 < Gobo708> E1ephant, hmm ok.. I think my service is down in any case 23:31 < E1ephant> Dagger: ah that is nifty! 23:31 < Gobo708> Thanks 23:31 < Ady> Join 23:31 < Gobo708> What is this formating? 2001:db8::/N 23:31 < Gobo708> sorry for my ignorance.. 23:31 < Ady> Hello 23:31 < Gobo708> not sure what that represents 23:31 < E1ephant> it's know as "CIDR" notation 23:32 < E1ephant> and it's all you write v6 in, you generally never write the mask as dotted decimal or anything other than bitlength as int 23:32 < Ady> Is anyone here? 23:32 < android_> after about 1hr of staring seems like deadmau5 can be seen 23:33 < Gobo708> ok Thanks.. 23:33 < Dagger> actually no, you don't even need it for `ip route add default`, so long as it's via a v6 address 23:33 < Dagger> `ip route add default dev ethN` is going to need it though 23:43 < batch> hey, what is difference between a regular forward and dmz? 23:44 < batch> is it really like dmz is just completely forwarding all ports? 23:45 < batch> or some other disadvantages or advantages? 23:45 < E1ephant> depends on who or what you are asking 23:45 < rtmataeu34> i was afk most of the time* 23:45 < E1ephant> have a specific device or codepoint in mind? 23:46 < Gobo708> Just had a thought, if one guest is already connected to another over the port I am trying to telnet, my telnet will fail? 23:46 < Gobo708> Randomly, my hosts are showing as all connected and ready in the master... I think because I fixed standard routes 23:50 < Gobo708> I guess if you could have two egress sessions from different applications on the same port, it wouldnt be able to map communication back to the correct application 23:52 < android_> hey ryan dalnet is still running 23:52 < rtmataeu34> hey android_ 23:53 < android_> rtmstaeu34 yeah 23:53 < S_SubZero> probably some old box in a corner that maybe even accidentally got put in a wall or something 23:53 < rtmataeu34> what you up to 23:54 < android_> thinking mostly 23:54 < E1ephant> Gobo708: the source port should be different, and that should make the connections unique to the OS socket 23:55 < Gobo708> E1ephant, thanks 23:55 < E1ephant> IE the src port will be two different INTs, even between the same two hosts 23:55 < E1ephant> or single host 23:55 < Gobo708> E1ephant, oh, so you are saying it can? 23:56 < Gobo708> E1ephant, if for example I have kubelets holding a session to port 6433 on another host, I should also be able to telnet from that host? 23:56 < E1ephant> yeah, like say you have client and server, the two connections might be client:12345->server:80 and cxlient:54321->server:80 23:56 < Gobo708> E1ephant, I assumed the connection was failing due to the active session... 23:56 < E1ephant> making two distinct sessions/connections 23:56 < android_> rtmataeu34 what you need? 23:56 < E1ephant> I mean there isn't anything preventing you from writing application code that doesn't accept more than one connection at a time 23:57 < Gobo708> E1ephant, hmm, I guess the remote port could be refusing multiple connections from a host at the application layer though 23:57 < E1ephant> but in general L3/L4, you can have many different connections between the same client and host 23:57 < Gobo708> ok, good to know --- Log closed Thu Jun 28 00:00:16 2018