--- Log opened Wed Jul 04 00:00:24 2018
00:00 < afidegnum> what is the default port for urd ?
00:00 < Apachez> urd?
00:01 < GoopAway> I'm looking into long-distance wireless network solutions, and apparently there is a new IEEE standard coming out (or already came out) in the 900Mhz range. I read that it provides at least 150kbps, and I wanted to know if that's a reasonable speed for an encrypted SSH connection for text.
00:01 <+pppingme> afidegnum urd             465/tcp         smtps   # URL Rendesvous Directory for SSM / SMTP over SSL (TLS)
00:01 < afidegnum> ah, thanks
00:01 < Apachez> GoopAway: check out airfiber from ubnt.com
00:02 < atsu> GoopAway: How far? Is there line of sight?
00:02 <+pppingme> wifi can go 100's of miles if you have LOS
00:02 < GoopAway> No line-of-sight. I'm thinking 0.5-3 miles away.
00:02 < atsu> 900Mhz equipment has been out for a very long time
00:02 < djph> 900MHz is crap. Don't do it!
00:02 <+pppingme> actually, almost any radio signal can at almost any frequency
00:03 <+pppingme> 900Mhz has its advantages
00:03 < djph> 0.5 to 3 miles is kind of a ... well, wide range
00:03 < djph> pppingme: yeah, in cordless phones
00:03 < atsu> Yeah. You can shoot through a ton of trees, but so can the interference
00:03 < atsu> A lot of power companies have started to use 900Mhz for smart meters
00:04 <+pppingme> djph 900Mhz will work well if you have direct line, but not actual LOS
00:04 < afidegnum> mysql?
00:04 < GoopAway> djph: all I need is a secure connection that I can have a laptop send like a 40 character code to, along with maybe downloading a really stripped down web page with text-only.
00:04 < afidegnum> oh i thought it was a bot who replied :D
00:04 < djph> pppingme: oh, I know ...
00:05 < djph> GoopAway: errr, "to a laptop", like you're looking for wifi?
00:05 < atsu> Ubiquiti has some 900Mhz stuff that isn't terrible for the price. It will get destroyed if there is interference. Look at their NSM loco that's 900Mhz
00:05 < Kryczek> GoopAway: https://www.winlink.org/
00:05 < atsu> Cambium makes the best 900Mhz equipment in my opinion. But you'll pay a lot for it
00:07 < korans> GoopAway: encrypted data hardly adds much if any size to the data transferred it's mainly just a few padding bytes also ssh can use compression so figure out how many bytes you're expecting te send receive a second
00:07 < atsu> https://store.ubnt.com/products/900-mhz-loco
00:08 < superkuh> I have a couple of those.
00:08 < superkuh> I use them with a 25w bidirectional amp at the basestation (home) sometimes. The other one is in my car.
00:09 < korans> at the theoretical maximum you're good but you have to factor interference packet loss and packet/frame size inc. headers
00:09 < superkuh> There's a good open firmware for 'em, broadband hamnet. http://www.broadband-hamnet.org/
00:10 < superkuh> (re: Ubiquiti 900 MHz loco)
00:10 < superkuh> GoopAway, what is goint o matter most for you is antenna height.
00:10 < superkuh> Nothing else.
00:10 < UFC> Hey guys, is it possible to create a site to site VPN with a fortigate 50e and a ddwrt router? The reason I ask is because this company has a very low budget but I do have serveral dlink routers lying around that I can flash ddwrt to for one of the branch offices... or is there a cheaper 100-200$ range device that would be better suited to use with the fortigate?
00:10 < atsu> superkuh: Agreed
00:11 < superkuh> Get some cheap transceivers and an expensive extensible pole on a roof or a tower.
00:12 < atsu> UFC: Could look at Mikrotik or Ubiquiti. Or you can put together something with pfsense with that budget
00:12 < superkuh> Er, extendable/collapsible. I use the one made for flying kites.
00:12 < superkuh> Just secured it to a porch wooden post with a bunch of UV resistant heavy zip ties.
00:13 < atsu> UFC: Although I'm not familiar with Fortigate/Fortinet, if it can do IPsec, IPsec is IPsec
00:14 < atsu> Personally I would not use DDWRT for a branch, or anything that isn't personal
00:15 < atsu> Plus the CPU in those routers can't be great (which you'll need for the encryption)
00:16 < tds> Whatever you do with that gear likely won't be great, but personally I'd be much happier doing that with openwrt than dd-wrt
00:17 < Kryczek> UFC: you could use IPsec Transport (end to end, from each computer to each other computer) and have the routers just do firewalling :)
00:17 < Kryczek> UFC: IPsec is already supported natively in Windows, Linux, BSD etc... no need to buy anything more
00:17 < Toadisattva> I've really liked dd-wrt but people keep suggesting open wrt is superior
00:17 < Toadisattva> should I consider upgrading my routers?
00:20 <+pppingme> openwrt is mroe actively developed and has more features
00:22 < Toadisattva> sounds like a winner to me
00:27 < afidegnum> wait, can you please explain this to me?
00:27 < afidegnum> using nethogs, this is what i m getting https://pasteboard.co/HsO2BDW.png
00:28 < xamithan> Looks like your connection speed is slow
00:29 < afidegnum> xamithan: ?
00:30 < afidegnum> xamithan: slow how
00:30 < afidegnum> ?
00:36 < afidegnum> this look like an ongoing traffic to a destiation, right ?
00:40 < xamithan> at 2.5 KB sent Doesn't look like much of anything
00:40 < xamithan> More like keep alive packets,  heh
00:44 < afidegnum> ah, ok, i was getting panicked :)
00:44 < afidegnum> what monitoring tool would you reoommend to scan and detect malicious codes ?
00:44 < afidegnum> and traffics
00:44 < afidegnum> ?
00:44 < afidegnum> i m trying to install ossec
00:44 < afidegnum> but i don't know if you hav an alternative
00:45 < turtle> probably goatse
00:45 < afidegnum> goat?
00:46 < afidegnum> :D :D
00:46 < djph> turtle: tubgirl?
00:46 < xamithan> Depends what you trying to detect,  a decent IDS works fine
00:46 < turtle> yum
00:47 < afidegnum> turtle: and besides, goatse is a Penetration Testing distro
00:48 < turtle> wow, that's golden right there.
00:48 < turtle> that's the kind of shit that belongs on bash.org
00:52 < djph> turtle: IKR
00:53 < mgolisch> funny seems like all those smart/easy managed switches are just the same garbage
00:54 < mgolisch> guess ill have to go with a proper managed switch instead
00:57 < brentaarnold> mgolisch p sure everyone's been saying that for years
00:57 < brentaarnold> smart switch isn't a managed switch
00:58 < mgolisch> why do those things exist at all, why have vlans if the ip interface is accessible everywhere or they come with questionable config utilities that can reset the switch and garbage like that
00:58 < mgolisch> >*
00:59 < djph> mgolisch: because "my nephew can do this, why should we pay for a pro?"
00:59 < brentaarnold> well idk about interface being available anywhere, afaik the smart switches I've used (Dell X series) were basically just stripped out managed switches
00:59 < brentaarnold> the interfaces were controlled the same as any others
01:06 < mgolisch> any recommendations for a 8port poe+ switch that isnt too expensive but is not total garbage? looked at some hpe/cisco stuff but thats sort of out of my budget
01:12 < atsu> what's the budget?
01:13 < xamithan> ubiquiti makes some nice PoE for pretty cheap
01:13 < mgolisch> id like to stay under 200eur
01:13 < xamithan> the 8 port is 197 USD
01:13 < djph> +1 for a UBNT UniFi Switch
01:14 < mgolisch> have some of their APs they are nice, never used the switches though, but i heard mostly good things about them
01:15 < djph> have used ES and US
01:15 < djph> prefer ES, but mostly because I never really liked the UniFi approach
01:15 < djph> *controller
01:15 < djph> it's SIGNIFICANTLY better now
01:16 < atsu> Yeah, ES is more "traditional" when you're use to
01:16 < atsu> CLI
01:16 < djph> *today* I'd really look at the US
01:17 < mgolisch> as long as you can configure the management interface to a vlan iam happy
01:17 < atsu> If power and noise isn't an issue, have you considered like a used 3750. Or maybe Juniper EX4200
01:19 < atsu> I am not crazy about Unifi stuff either
01:19 < mgolisch> plaing to plug my cable modem in one of its port to trunk it through to my rack switch to my router vm
01:19 < mgolisch> its going to sit in my living room, it rather not have a too noisy device
01:21 < mgolisch> i will look at the unify 8 poe thing
01:21 < atsu> Ubiquiti ES‑8‑150W probably is best bet, even though it pains me to recommend ubnt
01:21 < mgolisch> looks nice
01:23 < atsu> Unifi vs ES, really depends on if you want to go into the whole Unifi controller deal
01:23 < atsu> Or manage on CLI
01:24 < atsu> They did add CLI to Unifi line, but feels like an after thought
01:24 < mgolisch> i see
01:28 < atsu> If you want to go full into the Ubiquti koolaid with Unifi APs, Unifi switches can make management a little simpler
01:29 < atsu> Same controller software
01:41 < strixdio> any hope of using a cisco 1921 with something other than cisco firmware?
01:41 < strixdio> maybe, like, pfsense or openwrt"
01:41 < strixdio> ?*
01:41 < E1ephant> but why?
01:42 < E1ephant> for something like 1921, no, I highly doubt it.
01:42 < strixdio> I prefer pfsense
01:43 < E1ephant> I think a 1921 is better as an ebay sale
01:43 < E1ephant> or doorstop
01:43 < strixdio> pI also have cisco MS220-8 and MX64, those any "good"?
01:43 < E1ephant> then just pop pfsense on some vmhost :)
01:44 < E1ephant> meraki boxen?
01:44 < strixdio> yeh
01:44 < strixdio> idk anything about that "cloud" crap from cisco
01:44 < E1ephant> not very beefy from a systems perspective
01:44 < strixdio> makes it sound like $$$$ubscription!
01:44 < E1ephant> but if the license is valid, it's good gear and softwatre
01:44 < E1ephant> software even
01:45 < E1ephant> maybe feature incomplete relative to other NOS
01:45 < E1ephant> but it's "simplicity" (lol?)_
01:45 < strixdio> are they $ub based?
01:45 < E1ephant> yes
01:45 < strixdio> ew.
01:46 < E1ephant> once the subscription/license runs out, they stop forwarding completely
01:46 < strixdio> ...
01:46 < E1ephant> yeah it's perhaps non traditional
01:46 < strixdio> That's the worst ever.
01:46 < E1ephant> but tbh maybe a godsend for enterprises that most nerds seem to be discounting
01:46 < strixdio> well, it is only pissing me off now.
01:46 < E1ephant> if the license runs out and it becomes a brick, it stops the accouting firm from having a firewall live 10 years past it's EOL
01:47 < strixdio> idk what to do with this gear.
01:47 < E1ephant> realistically in a business you should be refreshing gear
01:47 < strixdio> yeah true. gotta milk that
01:47 < E1ephant> I believe the meraki gear can run openwrt
01:47 < E1ephant> or some of it can
01:47 < strixdio> interesting.
01:47 < E1ephant> (MX?)
01:47 < E1ephant> but yeah, they aren't particularly quick or memory heavy (relative to intel NUC)
01:48 < strixdio> huh.. that would be cool to put openwrt on those.
01:48 < strixdio> I have two
01:48 < E1ephant> good for just openwrt though probably without issue, just probably not a great kvm/container host?
01:48 < E1ephant> yeah
01:48 < E1ephant> at least they would be non-bricks :D
01:48 < strixdio> lol
01:49 < strixdio> darn, the switch doesn't look like there's anything for it.
01:49 < strixdio> That's the thing I was hoping to use really.
01:49 < strixdio> PoE is something I don't currently have.
01:50 < strixdio> would be nice to run my ubiquiti APs off PoE
01:50 < strixdio> well, a switch with PoE, rather.
01:50 < E1ephant> aye indeed
01:51 < E1ephant> I am just using injectors still though, only two APs
01:51 < strixdio> Yeah
01:51 < mgolisch> then again some of them use passive poe, so a poe switch will not realy help there
01:51 < E1ephant> yeah yucky :S
01:52 < strixdio> ouch, doesn't look like the mx64 is actually supported for openwrt
01:52 < strixdio> haha, of course, all the stuff I got for free is useless anyway.
01:52 < strixdio> (no wonder I got it for free :P)
01:54 < strixdio> I also got some cisco cable modems.. dpq 3925 .. 8 downstreams 4 upstreams. Think there would be much of a difference between that and a 12 downstream 4 upstream modem for 100mbit service?
01:55 < strixdio> and I got a Cisco WS-C2960-24TC-L
01:55 < strixdio> sadly only 10/100 :/
01:56 < strixdio> still enough to practice with I guess.
01:57 < E1ephant> depends on the carrier
01:57 < E1ephant> I would be surprised if you got a config file for a dpq?
01:57 < E1ephant> but maybe
01:58 < E1ephant> check out eve-ng and VIRL
01:58 < afidegnum> hello, i m having some strage behavior
01:58 < E1ephant> for labbing
01:59 < afidegnum> I have flush, and written the ip tables but i don't know a script which is overriding my configurations
01:59 < afidegnum> how do i trace such activities on my server?
02:01 < strixdio> afidegnum: might want to try #linux
02:05 < E1ephant> which distro, check messages/dmesg for scripts firing?
02:07 < afidegnum> Elephant inside /var/log?
02:07 < afidegnum> using debian
02:07 < E1ephant> yeah
02:08 < E1ephant> are you rebooting and they disappear?
02:09 < mgolisch> ordered the edgeswitch, lets see how it works out
02:09 < mgolisch> :)
02:12 < strixdio> damn.. so I got a cisco 1921, two cisco miraki mx64's, and a cisco miraki MS220-8 for free, and they're all useless.
02:12 < strixdio> le sigh. I thought I was getting cool stuff.
02:15 < xamithan> You did get cool stuff.  Stuff that was cool 15 years ago
02:17 < Henry151> howdy ##networking
02:19 < Henry151> I've noticed that sometimes when I connect to my VPN (I'm using PIA and on a debian system using OpenVPN) that sometimes, usually after it's been connected for some number of hours, my other devices that are connected to the same wifi network will experience huge slowdowns, almost stopping entirely. As soon as I disable the VPN on the debian laptop, the other devices connected to the network are
02:20 < Henry151> restored to full connectivity, and if I restart the VPN, it doesn't immediately cause interference, but usually only after a few hours, it happens again (sometimes longer, like 8 hours)
02:20 < Henry151> Anybody have any idea what could be causing that sort of a problem?
02:20 < QuinnStorm> Henry151: could something broadcast be leaking out into the LAN like DHCP?
02:21 < QuinnStorm> that is, are you doing any strange client side routing, iptables, etc?
02:21 < Henry151> QuinnStorm: I'm not sure what that means, sorry for my ignorance on the subject. I vaguely grasp the terms you're using there
02:21 < Henry151> oh
02:22 < Henry151> not that I'm aware of... I do usually have three separate SSH connections open in terminals
02:22 < Henry151> through the vpn
02:22 < QuinnStorm> also are you possibly just overloading your router? if yiu're asking it to upnp through a udp conection or even to handle one lkngrunning tcp link (and it has a bit of a memleak somewhere)...
02:22 < QuinnStorm> *longrunning
02:23 < Henry151> that sounds like a possibility; i am using the router my ISP gave me which I don't think is anything great
02:23 < QuinnStorm> openvpn? as I haven't had huge issues with it in the past...ahhh
02:23 < QuinnStorm> if you are also routing to your LAN via it without individual VPN connectio s at lezst through a local gatesay (unencrypted works too), you can easily end up with things all fubar
02:24 < Henry151> I bought a WRT54G to play with but it turned out to be the V5.0 which apparently is "neutered" or something, no good for running openWRT which was what i bought it for
02:24 < Henry151> but I also have a Netgear R7000 that's unused that I could set up if it might help me solve these problems
02:24 < Henry151> but all the traffic ultimately has to pass through the router from the ISP because it's also the DSL modem
02:25 < QuinnStorm> think about it like this...if you are a host out there kn the same wap/segment, how do you know which arp replies are for you? (l2vpn) or at leadt which ip bcast messages to ignore (dhcp, other l3)
02:25 < QuinnStorm> avahi could be storming even
02:25 < QuinnStorm> who knows (someone more experienced than I)
02:25 < Henry151> this is hard for me to grasp but i can start googling these terms to try to understand better what is happening
02:26 < Henry151> also if there are any suggestions for how to diagnose, commands I can run and look at for abnormalities, or anything like that
02:26 < QuinnStorm> sounds like a resource leak, a prptpcol message reflection/amplification bug avalanching and causing a flood
02:26 < QuinnStorm> well lets start with your network mao
02:26 < QuinnStorm> *map
02:28 < Henry151> QuinnStorm: does that mean running the nmap command in some way? or just describing what I have connected to my network in what way and what each device is doing?
02:29 < QuinnStorm> no, other way around
02:29 < Henry151> I'm probably overloading the heck out of the poor router XD
02:29 < QuinnStorm> tell me what hosts you have, how they're plugged and intended to be addressed etc
02:29 < QuinnStorm> yep
02:29 < QuinnStorm> rofl I tldr'd you
02:30 < QuinnStorm> #B sorry
02:30 < QuinnStorm> and while I do mean 2, B%2==2%2==0 so
02:30 < QuinnStorm> oh nevermind
02:31 < QuinnStorm> woe is me who arithmetic do cannot the three avoid from two and two oft receiving sadly
02:32 < QuinnStorm> also cannot type so turned it into awdullf pppoetry
02:33 < Henry151> so I've got three laptops connected to the wifi network with no VPN, one of which is running a bitcoin full node, the other two are each just running one firefox browser with a price chart shown on the screen (so it's getting live updates pushed from the website in some way, because it's ticking new price data every few milliseconds)... then I've got the debian machine with the VPN running and three
02:33 < Henry151> SSH connections open through the VPN, and also a browser with tabs open for Gmail, facebook, etc. ... then I've got an android cell phone connected that's using the network for wifi-calling; and then I'm playing video games on the Xbox that's plugged in to the router with an ethernet cable (see where my priorities are XD)
02:33 < Henry151> oh and on the debian machine through the vpn also Slack is running, and discord
02:34 < Henry151> I think i just solved my own problem by stating it
02:34 < TandyUK> yeah, use some cables :)
02:34 < Henry151> this is just way way way too much stuff for my poor little router
02:34 < TandyUK> the vpn part, quite possibly if it is doing the crypto
02:35 < TandyUK> but with a cable theres little benefit to it from the sound of it
02:35 < TandyUK> i assume youre worried about people spying on your wifi data or dsomething
02:35 < Henry151> so ethernet cables will possibly help alleviate the problem? I was thinking that maybe it was just alltogether too much for my 20Mbps DSL line
02:36 < TandyUK> the wifi (and vpn) is just adding latency to everything though
02:36 < Henry151> TandyUK: no actually, the VPN is primarily for accessing websites that block USA IP addresses
02:36 < QuinnStorm> well dont forget the radios are only fooMbps single-duplex one device per channel....[afaik]
02:36 < Henry151> I'm not worried about anybody trying to snoop on my wifi; i'm in a rural area with nobody nearby, and i think i'm the only person in a 40-mile radius who knows what linux is
02:37 < QuinnStorm> i.e. you're sharing that band no matter what or how many channels you bond, and ALL the hosts hear all the data, it s like an old school hub
02:37 < Henry151> besides which it is WPA2 secured
02:37 < Henry151> QuinnStorm: ok, so if I plug things in through ethernet cable, does that separate them?
02:37 < QuinnStorm> and as the data rate and radio counts go up, so do retransmits
02:38 < QuinnStorm> well it helps.  also ethernet phy is wag less cpu intensive even tha  mostly-in-firmware wifi boards
02:38 < QuinnStorm> *way
02:39 < QuinnStorm> and...well...bugs exist
02:40 < djph> Henry151: for sone definition of "separate"
02:54 < Henry151> QuinnStorm, djph, thanks for the input, I had a phone call, I'll buy some ethernet cables and plug it all in and see if it resolves the issue, thanks for the advice
04:15 < wsx> So i am trying to download this torrent for 3rd time it's 25GB and i use qbittorrent this time with the option for recheck on finish.
04:15 < wsx> well it has finished around 5-6 times now and it always finds error
04:16 < wsx> so it starts on 99.6--99.9 and goes to 100%
04:16 < wsx> checks....error...again from the beginning
04:16 < wsx> wtf is going on
04:17 < djph> drive errors perhaps
04:19 < rewt> sounds like it could be intentional bad seeding
04:20 < wsx> no i tried it on 2 drives
04:20 < wsx> yeah that is what i am thinking bad seeding
04:20 < wsx> but how do i counter that ?
04:20 < qoxncyha> let's say you have a VPS and it's working great.
04:20 < wsx> what's vps ?
04:20 < rewt> you can't... the source is sending bad data
04:21 < qoxncyha> wsx: don't worry about it
04:21 < wsx> well there are many seeds
04:21 < qoxncyha> all of a sudden your VPS gets hacked, and you scramble to rebuild it.
04:21 < wsx> how do i get from the none bad ones
04:21 < rewt> media companies do this to frustrate people hoping they'll buy instead
04:21 < wsx> well they can keep hoping but what do i do meanwhile
04:22 < qoxncyha> what are some software that can provision a VPS network?
04:22 < qoxncyha> i'm looking for something with complexity between setting it up yourself, and terraform
04:28 <+pppingme> wsx a part it thought it dl'd ok is probably bad, erase the whole thing and start over
04:28 <+pppingme> qoxncyha you know how they got it?
04:29 < qoxncyha> pppingme: it doesn't matter, i just want to autoprovision my services
04:29 < dogbert2> LOLOL - -a-bear-spent-the-day-in-the-backyard-of-a-california-hotel-soaking-in-the-tub-and-drinking-a-margarita
04:40 < spaces> I hate these devs on IRC that ask too much about whatever you want to do if you ask what a function can return in situation X
04:40 < spaces> do these people have some issue with interpretation or something ?
04:40 < djph> yes?
04:40 < spaces> djph I think as well
04:41 < djph> or situation x is undefined?
04:41 < spaces> djph no defined
04:41 < djph> fun times
04:42 < spaces> it's like, should a connected switchport light on on a switch with default settings
04:42 < djph> is the port connected to anything?
04:42 < spaces> then they start asking, did you put the cable in a device ?
04:42 < spaces> djph didn't I say, connected switchport ?
04:42 < djph> I mean "connected to the patchpanel" doesn't neessarily mean "actually connected to something"  ...
04:43 < djph> *necessarily
04:43 < spaces> djph where did you read patchpanel ?
04:43 < spaces> djph are you a dev ?
04:44 < djph> spaces: After having been in this channel (among others) where seemingly "obvious" answers like that turned out to be the culprit (or "oh, the cable was broken") ....
04:44 < spaces> djph I know what you mean but the basic question should be asnwered with yes
04:45 < spaces> otherwise you cannot do any fault checks
04:45 < djph> until "okay thanks, bye!" is the response; and then the guy comes back whinging that you lied to him ...
04:46 < spaces> djph not everyone is like that, I see more regulars on IRC whining someone didn't have proper information
04:46 < spaces> *gave
04:46 < spaces> like the regulars know it all
04:46 < spaces> do you get my point ?
04:47 < spaces> they try to act perfect and if they fail, they try to find whatever reason to not be the one that had overlooked something
04:47 < spaces> or try to act "not invited here" when they don't know it
04:48 < spaces> but I need to run :P Like those people also do when they don't know at all :P
04:48  * spaces needs sleep! 
04:48 < spaces> later guys
04:50 <+pppingme> qoxncyha it kinda does, if you provision it the same way as before, and that included some vulnerability, its gona happen again
04:51 < qoxncyha> pppingme: we did it differently
05:18 < GlenK> bob dobbs?
05:18 < GlenK> be odd if it's the bob I know from me being glen k
05:19 < GlenK> tacos and all that work stuff
05:20 < GlenK> man, cisco network academy is nonsense.  they say they support firefox and chrome.  well, chrome only works.
05:21 < GlenK> and then my chap 6 exam needs jnlp files to run or something, but nope.  not happening.  so now I need to go to the school lab just to take the exam
05:22 < GlenK> I'm very disappointed with guys that are supposed to be networking experts that can't even get websites to work proper
05:23 < GlenK> ah well.  so it goes on my end.  I'm stubborn and will continue to run linux
05:26 < GlenK> since I'm here.  I want to ask.  a /30 mask means 4 addresses?  is that right or wrong?  3 addresses and 1 broadcast?
05:28 < rewt> /30 has 2 bits for host portion, so yes, 4 total, minus 1 for network and 1 for broadcast, leaving 2 usable
05:28 < GlenK> chap. 7 should enlighten me, and I'm some what enlighted already, but anything other than 8, 16, 24, and 32 for a netmask confuse me still somewhat
05:29 < GlenK> rewt: ah, right.  one for the network.  gotcha gotcha.  thanks
05:29 < scientes> ipv6 has it too, the global addressing is 2000::/3
05:29 < scientes> you just have to understand binary
05:30 < rewt> all of them other than 8, 16, 24, and 32 work exactly the same way as those 4
05:30 < scientes> gnome-calculator has a binary mode you can you understand it
05:30 < rewt> it's just cisco not teaching things properly, still going on about classes
05:30 < rewt> which were deprecated over 25 years ago
05:31 < GlenK> scientes: yeah I get binary and all that.  still trying to come to grips with netmasks fully
05:31 < scientes> but yeah when and when not is there a broadcast address?
05:31 < scientes> and why is the router ad 192.168.0.1, not 192.168.0.0?
05:31 < scientes> what is the 0 reserved for?
05:32 < GlenK> I thought I was clever once upon a time when I put my pc at .0.  hidden sorta maybe sorta?
05:33 < GlenK> oh, right.  let me ask this.  I thought I was clever too when I put a hub in between my router and firewall.  then put a pc on there and ntop.  I could find all the jerks doing bit torrent or whatever
05:33 < GlenK> my teacher said very bad idea.  he didn't exactly explain why though.  any ideas why that's bad?
05:33 < scientes> cause hubs suck
05:34 < GlenK> well sure, but if you want all the traffic to go to ntop, then a hub seems like a good idea
05:34 < scientes> just use Linux as a router and do it that way
05:35 < ozzhates> wtf
05:35 < scientes> you can connect your modem to the same switch, and turn on PPPoE mode and then use Linux as a router with a SINGLE interfafe
05:35 < GlenK> but so I wanted this thing to be secure, with no ip.  pretty hard to jerk me up when my ntop box doesn't even have an ip
05:35 < GlenK> I had no control of the router by the way.  that was network dudes
05:36 < scientes> oh i c , this wasn't a home network
05:38 < GlenK> eh, I'll keep studying.  maybe I'll understand one of these days.  or maybe my teacher is a dummy.  either way, nice to be learning networking stuff because I've been lacking for a while
05:49 < zumba_addict> is there an online tool where we can tell where fqdn has already propagated?
05:50 < Peng_> No.
05:51 < linux_probe> https://www.whatsmydns.net/
05:51 < linux_probe> that's about as close as you'll get and it doesn't mean all the dns caches worldwide will have it up to date
05:52 < Peng_> It's impossible to get a complete picture because you aren't ruler of Earth and nobody's obligated to take part in such things.
05:53 < Peng_> If you know how your DNS servers work just wait however long and it'll mostly be fine
06:03 < drathir> zumba_addict: just lower dns cache time before planned changes... but normally 12-48h propagation time good counting ofc that not rule...
06:06 < drathir> zumba_addict: if You trust cloudflare use their ttl0 instant upgrade style...
06:10 < zumba_addict> just got back
06:10 < zumba_addict> thank you drathir
06:10 < zumba_addict> thanks Peng_
06:10 < zumba_addict> thank you linux_probe
06:11 < Peng_> drathir: Cloudflare can lag if there's an outage. :P
06:13 < linux_probe> that too Peng_
06:14 < zumba_addict> i guess it will take more than 24 hours since I just purchase the domain today
06:14 < linux_probe> cloudfail :))
06:14 < zumba_addict> purchased
06:14 < linux_probe> 24 at minimum and possibly add whatever the TTL ontop of that is
06:14 < Peng_> Depends. Usually new domains don't take long.
06:14 < linux_probe> plus it;s july 4th now in USA
06:14 < zumba_addict> i set 1800 ttl
06:14 < zumba_addict> got it
06:15 < linux_probe> may not get a button pusher to hit the yes/no for a day lol
06:15 < zumba_addict> hahaha
06:15 < linux_probe> actually, wait, it;s likely all outsourced to india or elsewhere
06:16 < zumba_addict> i remember my officemate said(from devops), when he made a change to one of our dns, he said it will only take 5 mins to propagate the entire internet because of the ttl he set. Could he be correct?
06:16 < Peng_> Mostly.
06:16 < zumba_addict> is it different from my situation?
06:16 < drathir> Peng_: not so big fan of cloudflare mitm style, but as interestng one could mention it, also its work only under using 1.1.1.1 as good remeber...
06:16 < linux_probe> there's always still caches that ignore the TTL and set their own minimums
06:16 < Peng_> Some bad resolvers ignore low TTLs. Though I have a feeling it's uncommon nowadays.
06:16 < zumba_addict> k
06:17 < linux_probe> yeah most are set to 0 seconds by defaut now
06:18 < drathir> zumba_addict: not matter if domain activated already... default ttl mostly max 48h...
06:18 < zumba_addict> got it, thanks
06:18 < linux_probe> so if ttl is set to nearly nothing, it will not cache, I go with a minimum of 30 seconds mysel;f
06:18 < linux_probe> but who knows what ancient things you'll run across abroad
06:19 < drathir> zumba_addict: domain name ? could take a look locally ;p
06:19 < Peng_> You'd have to check your TLD, of course, but many of them set the negative TTL to 900 seconds. (And use NSEC3, so aggressive NSEC isn't a factor.)
06:19 < zumba_addict> i did, no good replies from dig
06:20 < Peng_> Give it a few minutes for them to process the change and you can often have a new domain working in 20 minutes.
06:20 < zumba_addict> I bought it like 12 hours ago
06:20 < zumba_addict> i'll check it on thursday
06:20 < drathir> zumba_addict: in theory, but depend too at remote dns servers configs ;p that You get fast upgrades and send to others correct one dont mean remote servers will honour that ;p
06:21 < zumba_addict> even namecheap.com where I bought still doesn't have it, LOL
06:21 < zumba_addict> i used their nameserver
06:21 < zumba_addict> what a cheap company I picked, lol
06:21 < zumba_addict> read so many good reviews about it
06:21 < linux_probe> it could possibly takle 24 hours for them ot even OK the purchase
06:22 < zumba_addict> yup
06:22 < Peng_> Why would it take more than like 2 seconds
06:22 < drathir> zumba_addict: also isnt worth lower too mucch ttl if not needed...
06:22 < zumba_addict> it's 1800 which i think was the default
06:22 < zumba_addict> that's true since I won't be updating it much
09:17 < Guest78594> hi everyone
09:24 < skyroveRR> Hi Guest78594
10:06 < dionysus69> is this secure enough for spiped key ? dd if=/dev/urandom bs=512 count=1 of=/home/user/spiped.key
10:09 < ren0v0_> Hello, if i have a socket proxy setup using SSH to a machine on another network, how can i then use that to SSH into another machine on the same network ?
10:39 < tds> ren0v0_: if you're doing ssh port forwarding, you'd typically just ssh into the port ssh is now listening on on localhost, which will get forwarded through to the remote server
10:39 < tds> on recent versions of ssh ProxyJump or -J is very useful though, on older versions you could achieve the same effect with ProxyCommand
10:40 < amosbird> hello, anyone uses pdnsd ?
10:40 < amosbird> how can I avoid negate cache entries ?
10:46 < TandyUK> dionysus69: use bs=32 and make sure youre doing this on a machine with eg a mouse which you keep randomly moving to generate entropy
10:46 < TandyUK> if you really want a longer key, increase count
10:47 < TandyUK> but imho its unnecesary
10:53 < bezaban> I'd be surprised if a symmetric key uses the full 4096 bits
10:54 < bezaban> 256 should be fine and is a valid aes key size :)
11:11 < dodococo> Hey all, I recently read about subnetting and realized that network id and subnet id could be different, In routing process how is subnet id used?
11:49 < Apachez> any of you with experience from broadcom 3008 and 3108 raid controllers? pros/cons with both?
12:53 < dionysus69> TandyUK: ok sounds good :) but what's the specific reason behind 32? not more not less?
12:57 < skyroveRR> I'm trying to understand how PTR delegation works between APNIC, ISP and the customer. Suppose the customer asks an ISP to assign a PTR record, the ISP is able to assign a PTR record only because that record is known by APNIC? I mean, how does APNIC come into play here?
13:06 < Phil-Work> skyroveRR, isp.com would use APNIC to set the NS record into DNS that says that 3.2.1.in-addr.arpa. points at ns1.isp.com
13:06 < Phil-Work> isp.com then define 4.3.2.1.in-addr.arpa as a PTR record in ns1.isp.com
13:07 < Phil-Work> or indeed sub-delegate with NS records
13:21 < skyroveRR> Phil-Work: thankies.
13:35 < Atro> CRAWLING IN MY SKIN
13:35 < Atro> THESE PACKETS, THEY WILL NOT PROCESS
13:44 < avu> RIP
13:45 < Phil-Work> catphish, hSo are ignoring me :(
13:45 < Phil-Work> clearly not interested in the business
13:45 < Phil-Work> any other recommendations for someone who would use a Virgin last mile?
13:50 <+catphish> Phil-Work: i'm afraid i don't know, apart from them and SSE i don't have any experience of leased lines
13:57 < Capprentice>  An L2 Backhaul (Switched) vs L3 Backhaul  (Routed) network which is better for ISP segment?
14:03 < Windy> any aruba wlan users here?  i'm wondering what the appropriate design is for remote branch offices.  we will have controllers and mobility master at HQ, but it seems preferrable to have remote site traffic switched locally rather than tunneled back site-to-site
14:48 < chris_99> Hi, i'm just wondering i'm doing 'up ip -6 addr add $(generate-ipv6-address -r)/128 dev wlan0' in my /etc/network/interfaces file, which seems to work fine if i specific a static ip via 'address' as well but not if i don't, anyone got an idea why?
14:51 < Dagger> /128? not /64?
14:53 < chris_99> that's just what the guide said to use, i'm very new to IPv6.  i just found though if give an unspecified address such as 'address ::/128' the script works
14:54 < Dagger> are you doing "iface X inet6 static"? that requires an address. use "iface X inet6 manual" if you want to do it manually
14:54 < Dagger> also what are you trying to do? if you just want a randomized IP, use privacy extensions
14:54 < chris_99> it's for a wireless mesh
14:55 < chris_99> i'll try manual though cheers
14:59 < Dagger> ...right, good luck with that, I get the impression looking from the outside that meshes tend to do things a bit funkily
15:01 < chris_99> heh. i'm trying to use Babel for the routing protocol and ad-hoc wifi, but annoyingly i couldn't get wpa to work atm with the Pis ive got
15:04 <+catphish> chris_99: this seems like a very odd way to configure a network, if you just want interfaces to have a random IP, they already do (link-local) there's no benefit in assigning another one afaik
15:05 <+catphish> chris_99: also, it's not clear what you mean by "works fine", what works, what doesn't?
15:05 < chris_99> im following this - https://github.com/jech/babeld i mean as in it now has an ipv6 generated address when i do 'ip'
15:09 <+catphish> i guess generating random /128 addresses makes sense if you want the nodes to be reachable on a routable address, so this all makes perfect sense
15:10 <+catphish> chris_99: try running it manually, run: ip -6 addr add $(generate-ipv6-address -r)/128 dev wlan0
15:10 <+catphish> and see what happens
15:10 <+catphish> this really should work
15:10 < chris_99> yeah that adds an address too
15:10 < chris_99> i tried that version earlier
15:11 <+catphish> so it only fails when you do it through your init script?
15:11 <+catphish> my guess would be that generate-ipv6-address is not in tha PATH used by the init script
15:11 < chris_99> when i did it through /etc/network/interfaces it failed but that's working now
15:11 <+catphish> try specifying the full path to it
15:11 <+catphish> oh ok
15:11 <+catphish> well then everyone's happy
15:11 <+catphish> and this is a perfectly reasonable way to configure things :)
15:12 <+catphish> i would normally put /128 addresses on the "lo" interface, but this way works fine too
15:33 < hagbard> Anyone here ever use Lucera Connect?
15:50 < asahi> hello, I'm using a raspberry pi running raspbian as a router. It has 2 physical wireless interfaces, wlan0 (for AP), wlan1 as well as a tun0 interface that is connected to openvpn. I want traffic to/from my fire tv stick to go through tun0 and everything else to go through wlan1. Is there a way for me to set up a rule like this?
15:55 < rewt> asahi, look up source policy routing
15:56 < asahi> thanks. I'll look that up
16:21 < shambat> in a linux routing table, what is the difference between a route that just sets a device and a route that also sets a gateway?
16:21 < bezaban> shambat: the route with the gateway will route via the gateway
16:21 < bezaban> otherwise it's expected to be on link
16:21 <+xand> unless the device is ppp
16:22 < bezaban> or tun
16:22 < shambat> bezaban: ok, so on link means directly connected?
16:22 <+xand> same broadcast domain
16:22 < shambat> (I am trying to fix a routing table for a vpn-connected machine)
16:22 < shambat> ok I see
16:22 < bezaban> shambat: yeah, for a small variety of directly connected networks..
16:23 < shambat> so if the destination needs more routing, I should add a gw?
16:24 < bezaban> that would be a requirement if you want to reach another network via a remote router
16:24 <+xand> if it needs any routing
16:24 < bezaban> but you also need return routes, remote routers need to know your network is on the other end
16:25 < bezaban> or remote devices
16:25 < bezaban> & hosts
16:25 < bezaban> (on a call, not very focused here..)
16:26 < shambat> I had the correct settings, but the connect-script was changed and now some of the routes dont work anymore ... I'm trying to figure them out myself since admin is out of reach right now
16:26 < shambat> route -n
16:26 < shambat> or ip route?
16:26 < shambat> they are the same right?
16:29 < bezaban> the same yeah, ip route replaces route
17:25 < TandyUK> outputs are totally different though, which screws up anything scripted
17:26 < TandyUK> ip a/r needs a 'give me old fashioned output format' flag imho
17:28 <+xand> ifconfig-style?
17:28 <+xand> which is much more legible :P
17:29 < TandyUK> legible or not, its been parsed by scripts for decades
17:33 < mcdnl> TandyUK: if you need old style ouput just use ifconfig
17:34 < mcdnl> but there are some handicaps. before, to assing multiple ips to a single interface, you added the ip to intf:indx
17:55 < im0nde> Hi, I have a server in my lan and want to access it from outside. I thougt about a VPN, is that the best option? If o, what kind of vpn would you recommend on a linux box, there seem to be a few options  (openvpn, vpnc...). Some of them seem very complicated to set up
17:58 < lupine> vpn is probably overrated
17:58 < lupine> you might be able to get away with a bit of port forwarding on your router, depending on your specific circumstances
17:59 < UFC> how common is it to create site to site vpn tunnels with mixed gear? And is site to site vpn the only way to connect offices together other than being on a MPLS ?
17:59 < obcecado_> it is common enough
18:00 < obcecado_> keep in mind some ipsec implementations are at least selective regarding functionality
18:00 < UFC> ever heard of cyberoam equipment?
18:01 < obcecado_> nope
18:01 < UFC> I have a fortigate 50e and a cyberoam cr25wing
18:02 < im0nde> lupine: configuring the router is complicated, as its not mine and I have to ask evertime i want to change a port. Also I dont want to expose the services running on it to the internet
18:02 < UFC> https://www.cyberoam.com/downloads/datasheet/CyberoamCR25wiNG.pdf
18:03 < UFC> it looks like it supports vpn tunnells
18:03 < lupine> then perhaps consider a type of vpn, noting that you'll probably need to expose the vpn's port
18:05 < UFC> you talking to me?
18:05 < im0nde> lupine: is there something simpler than openvpn?
18:05 < lupine> dunno, I just use openvpn every time
18:06 < UFC> this cyberoam is worth 1k on ebay still
18:06 < obcecado_> eew
18:06 < obcecado_> that cyberoam has some pretty deprecated encryption algorythms listed
18:06 < obcecado_> not something i'd buy :>
18:08 < UFC> already own it
18:09 < UFC> it supports 3DES and SHA1
18:09 < obcecado_> exactly
18:11 < UFC> its not that bad
18:11 < UFC> and this is a small company also
18:11 < UFC> this will do the trick
18:11 < obcecado_> your job, your decision :-)
18:11 < UFC> well they dont want to buy any new routers or firewalls
18:12 < UFC> so I gotta work with what they have
18:15 < scientes> wireguard
18:15 < scientes> wireguard is the shit
18:41 < jackbrown> Does anyone knows a reliable sourch with and high bandwidth so I can test my internet connection speed downloading a file?
18:43 < drathir> scientes: lol any examples ?
18:44 < drathir> jackbrown: use online/ovh/hetzner torrents.... but best isp test files for internal conn link speed...
19:07 < goldstar> has anyone setup policy based IPsec  tunnels on a linux box before ? I am wondering how I can route packets without a vti
19:08 < goldstar> the SAs are established, just stuck on the routing bit
19:15 < detha> goldstar: once the SA's are in place, it should pick up things automagically(tm)
19:16 < ciscam> Hi! DHCP Wikis say, the servers' DHCPOFFER and DHCPACK packets are broadcast, but my wireshark says its target is the newcomer. Which is it?
19:18 < goldstar> detha: im running strongswan on two endpoints and loopback interfaces as the traffic selectors, SAs are up, when I ping a host in the policy, it doesn't reply.
19:19 < scientes> drathir, it can do what most people use openvpn for and ipsec
19:19 < scientes> and its only 4000 lines of code
19:20 < detha> ciscam: both. see rfc2131 paragraph 4.1
19:21 < detha> goldstar: create a route with the other side's loopback address, going anywhere (like your default gw)
19:23 < detha> oh, and 'src <myloopback>"
19:27 < drathir> scientes: advantages are faster crypto and higher speed not nention easier link establishement and les chit-chatty tunnels...
19:34 < goldstar> detha okay let me try that
19:52 < ciscam> detha, thanks that helped me out:)
20:07 < scientes> drathir, not just less chatty, but zero chit-chat
20:07 < scientes> wireguard only sends packets when there is traffic
20:23 < QuinnStorm> Henry1512: just following up, any luck?
20:27 < zenix_2k2> i have a nooby question, so i heard that each wrapped layer of the data's encapsulation contains a header and a body and, the header contains the protocol information needed for that layer and the body = data, so what are those "protocol information" all about and why do i need them ?
20:28 < zenix_2k2> can't the destination host just automatically unwrap it ?
20:34 < koala_man> zenix_2k2: the destination address is a piece of protocol information on the IP packet. a TCP packet can't arrive if it's not in an IP packet with address info
20:34 < varesa> zenix_2k2: as an example an IP header contains the source & destination IP addresses for the packet and it also has a field for the protocol contained in the data (e.g. TCP, UDP, ICMP, etc.)
20:35 < varesa> while the data itself contains the TCP/UDP/ICMP/... frame where the header might contain some protocol information like the TCP source/destination port
20:38 < varesa> look up for example ethernet frame, ipv4 header or UDP packet structure to see what kinds of fields the header contains
20:38 < varesa> and you'll see how they're important for thet packet to get delivered to the right place and interpreted the right way
21:07 < _TheDudester> anyone ever put a new windows machine together with a new motherboard and new samsung 860 and windows will NOT recognize it.
21:09 < _TheDudester> Mobo bios picks it up fine
21:09 < _TheDudester> windoze 10 ...
21:09 < linux_probe> someone needs to add chipset drivers
21:09 < _TheDudester> it game with the disk and we've tried to tell doze to use them but it still doesn't work.. MSI gaming mobo too
21:10 < _TheDudester> I've never heard of a windows installation not picking up an ssd before but picks up HD's fine
21:10 < linux_probe> more specifically, raid/sata drivers or the mode setting in wrong
21:11 < _TheDudester> Yeah he's tried that too
21:11 < _TheDudester> Going to format the drive on another computer to see.. just not finding much info on this online thought I'd ask if anyone saw it before
21:12 < jackbrown> hello
21:13 < jackbrown> maybe I'm forgettin/missing something. How can I check if an UDP port is properly opened ?
21:13 < tds> you can't really
21:14 < tds> you can try sending stuff to that port and see if you get icmp destination port unreachable or whatever back
21:14 < tds> or try sending something specific to that protocol and see if you actually get a proper reply
21:14 < tds> if you have access to the server, you can check easily with netstat/ss/whatever
21:15 < jackbrown> tds: this will works only on TCP ports ? https://portchecker.co/
21:16 < tds> not a clue, try running it against yourself and doing a packet capture on your router/server to see what it actually tries
21:17 < tds> dns is typically udp on 53 (though sometimes tcp), so I'd sorta expect that to test UDP
21:17 < tds> though I guess a proper dns server should be listening on tcp anyway, so meh
21:21 < zenix_2k2> also guys, i heard that with datagram socket which uses UDP, you can't be sure that the data arrived in the same order as it was sent or not, is that true cause i have built a UDP server in my localhost and test it out but it worked well for me
21:23 < jackbrown> zenix_2k2: tds do you guys suggest me to enable the uPNP port option for on the router ?
21:23 <+pppingme> zenix_2k2 what are you building and why are you wanting to use udp?
21:23 < jackbrown> pppingme: emule
21:23 < UFC> you built a UDP server?
21:24 < UFC> but dont know how UDP works...
21:24 < zenix_2k2> pppingme: well actually i wasn't building it on purpose but i was just testing whether to see if that quote above is right or not
21:24 < UFC> what exactly are you considering a "UDP server"
21:24 < ^7heo> wtf do you call the list of the directives that have already been executed?
21:24 < UFC> UDP is meant for stuff like streaming
21:24 < UFC> where packet loss is ok
21:24 <+pppingme> UFC I'm pretty sure he means a server/daemon that uses udp..
21:24 < UFC> so when youre streaming a youtube video and it loses quality for a second or glitches out its because it lost packets
21:24 < ^7heo> UDP is where packet loss happens, it is only beaten by UPS.
21:24 < UFC> but continues to receive new ones
21:25 < zenix_2k2> ya, a servers that use datagram sockets... sorry for the terms :P
21:25 <+pppingme> zenix_2k2 its absolutely true, but you're not likely to see the issue testing on a lan
21:25 < zenix_2k2> so when will it happen ?
21:25 < UFC> zenix_2k2 depends on the receievers end
21:25 < jackbrown> anyone can help me please?
21:26 < zenix_2k2> jackbrown: so what is your problem ?
21:26 < ^7heo> hi catphish
21:26 < ^7heo> wtf do you call the list of the directives that have already been executed?
21:26 <+catphish> hi :)
21:26 < UFC> jackbrown go on your firewall and open the port?
21:26 < ^7heo> like, the opposite of a backlog
21:26 < jackbrown> zenix_2k2: can't connect the KAD emule network, and I activated the uPNP on the router and it seems that all the required ports are opened
21:27 <+catphish> i was just pondering whether it's illegal to go into someone else's house without their knowledge or permission, and i don't think it is, isn't that odd
21:27 < zenix_2k2> UFC: the reciever's end ? so in which case that the receiver's end can effect my transmission, only 1 example is ok
21:27 < ^7heo> catphish: it totally is.
21:27 < UFC> trespassing
21:27 < ^7heo> yes.
21:27 <+catphish> trespassing isn't a crime here
21:27 < ^7heo> Here it is.
21:27 < UFC> well dont try that in america
21:27 < ^7heo> also, can someone PLEASE tell me what the fuck you call the list of the directives that have already been executed?
21:27 < UFC> they can shoot and kill you and nothing will happen to them
21:27 < Tegu> illegal here as well
21:27 <+catphish> UFC: that's not really true
21:27 <+pppingme> catphish so I can come sit on your porch or in your living room any time I want, even if you don't want me to?
21:28 <+catphish> UFC: you have to be in danger to legally use that kind of force, but yeah, it happens
21:28 < UFC> if you broke into/walked into someones house uninvited
21:28 < UFC> they can shoot and kill you out of fear
21:28 < ^7heo> okay, fuck you all.
21:28 < ^7heo> laters.
21:28 < UFC> ^7heo fuck you
21:28 < tds> catphish: my understanding is that as long as it's not breaking and entering, it's probably legal?
21:28 <+catphish> UFC: they'd have a legal fight on their hands in most places
21:28 < UFC> dumb question
21:28 < tds> that's more just a vague guess though ;)
21:28 <+catphish> pppingme: yes, technically you can, as long as you don't force your way in
21:29 <+catphish> at least i think you can
21:29 <+catphish> ^7heo: already been executed in what context?
21:30 <+catphish> i may have missed some of your query
21:30 < tds> catphish: iirc I've also heard of people getting injured when doing that and suing the property owner, which seems a little insane
21:31 < ^7heo> catphish: in the context of a delivery company for example
21:31 < ^7heo> catphish: like, there's a backlog, then you execute the order, and then it goes to... ?
21:31 <+catphish> tds: people have difficulty separating the 2 issues in their minds
21:32 <+catphish> like, if i'm watching tv without a licence, and someone drives their car into my house killing me, they can still be sued for negligence, right
21:32 <+catphish> just because one person is comitting a crime, doesn't mean they can't be a victim of negligance at the same time
21:32 < ^7heo> Not if you ask Warner Bros.
21:33 < ^7heo> or the Fox.
21:33 <+catphish> lol
21:34 <+catphish> the same legal principle applies, the breaking and entering, and the neglegent injury are totally separate
21:34 <+catphish> or so is my understanding
21:34 <+catphish> anyway, i was just pondering it, i thought it odd that if someone's house is unlocked, it's perfectly legal to wander in at night and look around
21:35 <+catphish> hence door locks i guess :)
21:35 <+catphish> ^7heo: i don't think i understand the context of your question at all :(
21:36 < ^7heo> nevermind
21:36 < ^7heo> I heard that if you die, nothing matters anymore.
21:36 < ^7heo> And I also heard that eventually everyone dies.
21:36 < ^7heo> So it's just a temporary problem.
21:36 <+catphish> ^7heo: no, things still matter, just not to you :)
21:36 < ^7heo> Is there someone else alive?
21:36 <+catphish> of course, ultimately the universe collapses, and nothing matters
21:36 < ^7heo> Also that.
21:37 < ^7heo> I'm gonna call that a "fucklog"
21:37 < ^7heo> someone will eventually correct it.
21:38 <+catphish> ^7heo: on an unrelated topic, you you happen to have a spare copy of Northgard?
21:38 < ^7heo> Not sure
21:38 < ^7heo> I'd have to check
21:38 < ^7heo> I have a shitload of spare copies of things
21:38 <+catphish> i have no idea why you have so many spare games, but it's cool :)
21:38 < ^7heo> humble bundle mostly
21:38 < ^7heo> that and sales
21:38 < ^7heo> too much cash, not enough time.
21:39 <+catphish> lol
21:39 <+pppingme> _TheDudester you sure the drive isn't bad?
21:40 <+catphish> ^7heo: i have a similar problem, but i mostly stopped, especially the bundles
21:40 < ^7heo> https://en.wikipedia.org/wiki/DARPA_Shredder_Challenge_2011
21:40 < ^7heo> I wonder why they would ask people to devise such methods...
21:40 <+catphish> i think the page says why
21:41 <+catphish> The aim of the challenge was to "assess potential capabilities that could be used by the U.S. warfighters operating in war zones, but might also identify vulnerabilities to sensitive information that is protected by shredding practices throughout the U.S. national security community".
21:56 < user1132> hello
21:58 < user1132> anyone who use a pi-hole?
21:58 < Apachez> nope
21:58 < Apachez> I use the upgrade a-hole
21:59 < motte> i have a thomson tg784 router i'm trying to use as a switch, for some reason i cannot ping any client connected to that router. is this a matter of port forwarding or am i missing something?
21:59 < user1132> i want to add a local dns address on the router (tplink c5400) but i get an error message
21:59 < user1132> dns server ip address and lan ip address cannot be in the same subnet
22:07 < Dagger> motte: if you're using it as a switch then no port forwarding is going to be involved. NAT is an L3 thing, switches are L2
22:13 < motte> Dagger: what should i do then? the router doesnt have "switch mode"
22:14 <+pppingme> motte is everything plugged into a "lan" port, or is something plugged into the "wan/internet" port?
22:16 < motte> pppingme: an ethernet cable is plugged in to the wan port. that ethernet cable goes to the main router, so the "switch" acts as a client of the main router
22:16 <+pppingme> motte thats not how it works..  move everythig to a lan port and it will work like your'e expecting
22:17 < Dagger> (just make sure to disable DHCP and RAs on it)
22:17 <+pppingme> yeah, do that too..
22:19 < motte> pppingme: yeah i probably should have mentioned that i'd like the "switch" to also work as a wireless ap, this won't be possible this way i guess?
22:19 <+pppingme> motte same hookup, same advise..
22:19 <+pppingme> plug *everything* into lan ports, ignore wan port
22:19 <+pppingme> disable dhcp
22:20 < motte> pppingme: ok, thanks for your help! i'll do that
22:21 <+pppingme> as for wifi setup, my advise, set the lan IP to something reasonable for your network, ignore any wan settings, set all wifi parameters EXACTLY the same as your other AP's, except for channel, and space your channels out to 1-6-11, don't use same channel
22:21 <+catphish> i just realised it's USA independence day today, enjoy your self-governance :)
22:23 < motte> pppingme: would devices switch aps seamlessly doing that?
22:23 <+pppingme> seamless is a bit of a strong word, but mostly..
22:24 <+pppingme> you'll probably notice a "glitch" when it does it.. but should mostly work without assitance and mostly not interrupt anything
22:33 < motte> pppingme: i connected everything to lan ports, now i can't connect to the web interface of the "switch" router any more, can't ping it either
22:33 <+pppingme> whats the lan IP set for?
22:34 < motte> for the main router it is 192.168.0.1, for the "switch" it is 192.168.1.1
22:35 <+pppingme> the lan IP on your 2nd device needs to be something reasonable for your lan..
22:36 <+pppingme> if your lan is doing 192.168.0.x/24, then that second device should have a lan IP of lets say 192.168.0.2/24..  and be sure your dhcp range starts well after that, make sure .2 isn't part of your dhcp range
22:36 < motte> right, that makes sense
22:44 < drathir> pppingme: just ot: wonder if dhcp servers checking arp somehow before assign from pool ip?
22:44 <+pppingme> drathir its not part of the protocol
22:49 < drathir> pppingme: thanks that kinda mean blind standalone counting lease ip mac in internal db  than i guess...
22:49 < nostrora> Hi folks! i have a beautiful new opnsense router and starting to configure it. what is a good choice for ip of home router ?  192.168.0.0 or 192.168.1.1 ?
22:50 <+pppingme> nostrora neither
22:50 < drathir> nostrora: depend probably at size of network ^^
22:50 <+pppingme> too common
22:51 < nostrora> drathir: 50 hosts
22:51 < nostrora> max*
22:52  * linux_probe has been using 192.168.1.x for years and been bashing my head over it for years
22:52 < nostrora> I know private network is 192.168.0.0/16. As my router is my "beginning" of the network. is it logical to give it the ip 192.168.0.0?
22:52 <+pppingme> you probably shouldn't use a /16 for any network without good reason..
22:53 <+pppingme> its always best to start at a /24..
22:53 <+pppingme> keeps things simple, but still a decent size network for most situations
22:54 < nostrora> Then it is also 192.168.1.1/24. the beginning is 192.168.1.0
22:58 < nostrora> and do you prefer static, dhcp or static dhcp ?
23:00 <+pppingme> noo such thing as "static dhcp", do you mean dhcp with reservations?
23:00 <+pppingme> dhcp is always best
23:01 < c|oneman> I hate how something as simple as DHCP is confusing to setup
23:01 < Apachez> mostly because those who wrote original code were stoned
23:03 < c|oneman> I like to have a DHCP "range" for automatic assignment, and then a section that is never used automatically but used for only for certain MAC addresses, but this isn't an option in some routers
23:03 < UFC> dhcp is pretty simple
23:03 < turtle> how is it confusing? you just fill in the values
23:03 < turtle> then you turn it on
23:03 < c|oneman> I don't like having to guess if the reservations will be honored or not
23:04 < c|oneman> I like for the reservations to have their own "section"
23:04 < c|oneman> while still being in the same subnet.
23:04 <+pppingme> dhcp is incredibly simple..  if you're having problems with it, I'd challenge that you're missing some basic understandings of IP
23:04 <+pppingme> then you're doing reservations wrong..
23:04 < c|oneman> I don't use CLI
23:05 <+pppingme> reservations should NOT come out of the scope
23:05 < c|oneman> well, they do on some shitty hardware, I guess.
23:05 < c|oneman> I've seen it before
23:05 <+pppingme> here's a typical setup:  dhcp range might be 192.168.1.100 to 192.168.1.254...
23:05 <+pppingme> now any reservations should stdart at .99 and below
23:05 < c|oneman> yeah, that's exactly how I like it.
23:06 < c|oneman> I think many ISP supplied junk routers don't offer that option
23:06 < c|oneman> the reservation is in the scope in their shit
23:06 <+pppingme> there's no guess if a reservation would be honored..  if its not, then you got the HW address wrong
23:07 < c|oneman> it's not a catastrophoe, but I still don't like it
23:08 < c|oneman> for example someone could easily manually set an IP address on their device and most setups won't block that
23:08 < c|oneman> or accidentally connect a rogue DHCP server
23:08 < c|oneman> most networks that I've seen in production don't prevent this
23:08 < Apachez> comare gear blocks that shit
23:08 < Apachez> by default
23:08 < Apachez> but yeah
23:09 < Apachez> its up to you as netadmin to fix that shit
23:09 < Apachez> option82
23:09 < Apachez> dhcprelay
23:09 < Apachez> dhcpsnooping
23:24 < drathir> nostrora: than for easy setup go for /24 You have plenty to chose 192.168.10-254.0/24... free to chose ;p
23:34 < motte> pppingme: https://i.imgur.com/Mi0v1Sx.png in what order should i edit these?
23:38 < motte> pppingme: if i try to edit dhcp settings i get action failed: could not set server. if i try to set the lan ip to 192.168.0.2, the router resets and won't give me an ip
23:40 <+pppingme> motte this is your real main router, or the one you're trying to use as an ap/switch?
23:41 < motte> thats the one im trying to set up as a switch
23:41 <+pppingme> disable dhcp server, and set the IP to something sane for your network
23:43 < motte> yeah i tried that, after setting these i can't access the web interface any more or i cant even ping the switch, depends on which order i do these
23:44 <+pppingme> motte you're probably not setting something sane for your network, like I'm telling you..
23:44 <+pppingme> stop..  question time..
23:44 <+pppingme> whats your rreal router's ip?
23:44 < motte> 192.168.0.2 is what im trying to set
23:44 <+pppingme> whats your rreal router's ip?
23:44 < motte> 192.168.0.1
23:44 <+pppingme> whats yourj pc's ip at the moment?
23:45 < motte> 192.168.1.64, just did a factory reset to the switch router
23:45 <+pppingme> stop, no changes..
23:45 <+pppingme> until I say..
23:45 <+pppingme> do you have a cable between your main router and this 2nd device?
23:46 < motte> not at the moment, if i connect the cable i cant access the web interface
23:46 <+pppingme> **where** were you connecting the cable to the 2nd device?
23:46 < motte> where you told me, lan ports, NOT the wan port
23:47 <+pppingme> ok, step by step:
23:47 <+pppingme> disable dhcp server
23:47 <+pppingme> change IP to 192.168.0.2/24
23:47 <+pppingme> hook cable up
23:47 <+pppingme> REBOOT PC
23:47 <+pppingme> then try to ping/access
23:47 <+pppingme> if I'm reading that screen right, you have about three ip's set on that device, REMOVE THE EXTRAS..
23:50 < linux_probe> lol
23:51 < motte> holy crap it worked
23:51 < linux_probe> unsure if troll, drunken/drugged or braindeads
23:51 < motte> braindead
23:51 < linux_probe> lol
23:51 <+pppingme> of course it worked
23:51 <+pppingme> why would there be doubt
23:52 < linux_probe> when in doubt pull out yer hammer and bash one out
23:52 < motte> not *that* braindead
23:52 < motte> im just new at this
23:52 < Johnjay> linux_probe: i was tempted to do that yesterday. i installed a usb/pro duo/sd card reader in my pc
23:53 < Johnjay> of the 8 screw holes only *two* would take a screw
23:53 < linux_probe> "installed" there's your problem
23:53 < Johnjay> I didn't think it was possible for screws to be badly designed
23:53 < linux_probe> i've unhooked and thrown awaymore internal readers than known to man kind =p
23:53 < Johnjay> but i learned the same day that iphones are actually deliberately designed to have screws go to specific holes
23:54 < Johnjay> and if you do the wrong one it "self-destructs"
23:54 < linux_probe> and most of them were infact supplied in OEM machines, HP, compaq, dell, etc.
23:54 < Johnjay> i.e. it punctures a small hole in the mainboard that makes the iphone not boot
23:54 < Johnjay> well the one i ordered from amazon wasn't terrible in terms of reviews. but yes most of them had bad reviews
23:54  * Johnjay isn't sure why reading sd cards is a big deal in 2018
23:55 < linux_probe> most of them had funky firmware that didn;t work with newer OS/upgrades and cause all sorts of issues
23:56 < Johnjay> actually that reminds me, i have to go leave a bad review for that reader
23:58 < linux_probe> unfortunately, the best ways is using "x" devices usb port plugged to the computer and using their internal card communication device :)
--- Log closed Thu Jul 05 00:00:26 2018