--- Log opened Sat May 12 00:00:17 2018 00:12 < electricmilk> Any idea why MX records are bouncing back and forth between the old record and the new record when I query in NSLOOKUP? 00:12 < bezaban> electricmilk: quering different servers? 00:12 < electricmilk> Nope same server 00:13 < electricmilk> I'm not the one that made the record change...is it possible that the gentlemen that helped added two records? Is that even possible with MX? 00:13 < bezaban> so only one dns server in use? 00:13 < Gollee> if he added two records you should get both back I think 00:13 < Harlock> you can have multipel mx 00:13 < Harlock> multiple 00:13 < Harlock> it's very common 00:14 < Harlock> mutiple dns records will round robin 00:14 < xamithan> Maybe the DNS is round-robin and it isn't replicated yet 00:14 < electricmilk> ah okay 00:14 < xamithan> lol what he said 00:17 <+catphish> electricmilk: i'd say you're querying different servers that have cached different values, even if you don't realise 00:18 <+catphish> electricmilk: dig will tell you the remaining ttl 00:18 < electricmilk> I've set the server as 1.1.1.1 and tried 4.2.2.2 and 8.8.8.8 00:18 < electricmilk> ah okay...just dig foobar.org? 00:18 <+catphish> dig lets you try different servers too, but yes 00:18 <+catphish> eg dig foobar.org @8.8.8.8 00:19 <+catphish> foobar.org. 299 IN A 46.182.8.5 00:19 <+catphish> 299 is the remaining ttl 00:19 <+catphish> now... 00:20 <+catphish> if i do that repeatedly, i get diferent remaining ttl values, obviously from different 8.8.8.8 backend servers 00:25 < Blue_> what stuff can I do with a spare router 00:26 < Blue_> i.e stuff to learn 00:26 < Gollee> whatever you fancy 00:26 < Blue_> Im not sure what there is 00:26 < pekster> electricmilk: You should verify all the authoritative hosts for your domain currently return the same record; the rest is (most likely) a result of normal caching. In the future if you plan to make changes you're better off reducing the TTL ahead of the change to reduce cache propogation delays 00:26 < Blue_> maybe its tak-talk centric jargon 00:27 < Blue_> or whoever made the router 00:27 < pekster> s/same/expected/ 00:27 < electricmilk> The guy managing our dreamhost account doesn't see a darn TTL settings 00:27 < electricmilk> *setting 00:28 < Blue_> I disabled WPS 00:28 < Blue_> most of the other settings I had no clue what they were aside from the usual 00:28 < pekster> electricmilk: Again, not really relevant; you can't do squat about a recursor on the public Internet that cached your (then-valid) records for the TTL at the time they were queried, even if they're now "old" in your opinion. Other recursors only know what they're told 00:29 < electricmilk> ah I see 00:29 < pekster> electricmilk: I'm suggesting you verify any listed NS for the (sub-)domain in question is currently accurate. Assuming they are and returning correct data, you just have to wait up to a possible max of whatever the TTL was the moment before you made the change 00:30 < electricmilk> Damn it was set to 4 hours...There goes email for the weekend 00:30 < electricmilk> as I have to get out of here in two 00:31 < Blue_> the model is a huwei HG633. I have some vm's to test on on its network 00:32 < pekster> "Stepping down" TTLs for longer records is common. Say you have stable MX records and set them to 1 week TTL, but plan to make changes next week. You might lower the TTL to 1 day, then 36 hours before lower it again to 12 hours, 14 hours before lower it to 2 hours, and 3 hours before lower it to 5 minutes. Your DNS rate will go up each "step down" but you'll reduce length of propogation time 00:36 < Blue_> so id like to make a hidden subnet using the spare router 00:36 < xamithan> hidden? 00:37 < Blue_> yeah so only my VMS can see/use it 00:37 < Blue_> that shouldnt be hard cause virtualbox has an option called briged adapter 00:37 < pekster> Firewalls protect things. Provided you control your existing routing, don't "hide" it at all but set up proper routing, and feel free to filter inbound traffic to this protected downstream network as much as you'd like 00:37 < xamithan> I don't think you can stop things from seeing it 00:38 < Blue_> like you have to type an IP manually 00:38 < egam> what does it mean when my modem firewall logs a ping of death with a source ip that's not mine and a target ip that's not mine? 00:38 < xamithan> That isn't hidden, that is just no routes 00:38 < Blue_> therefore it doesnyt show up in a devices wifi network list automatically 00:39 < pekster> No, this is what a firewall between networks does 00:39 < pekster> If you mean network discover, don't put crap on the same LAN that's either going to broadcast its presense or accept network discovery. If you want security, use a firewall, not obfuscation 00:40 < pekster> If you want to protect OSI L2 attacks (ARP / NDP spoofing) then you either use 802.1X (rather a pain if you don't have it already) or separate networks provided you trust the core/inside routers 00:41 < Blue_> the OS's im using are quite old too I should mention 00:41 < xamithan> If you lazy just throw up an ACL and call it a day 00:41 < pekster> Blue_: Basically you need a much better definition of your threat model before you go about trying to "hide" or "manually" do things. Figure out what the threat is, then identify what combination of topology and security you need 00:41 < knaaaaaa> hi my port 994 is not open 00:41 < Blue_> I just dont want devices accidentally connecting to the VM test network 00:41 < knaaaaaa> is that right? 00:41 < Blue_> thats it basically 00:42 < pekster> Blue_: My solution for that is pretty simple: I've only got a single router for most of my network, but it serves a half-dozen VLANs, including my personal LAN, guest-LAN (access to Internet only, nothing internal,) and a couple other separate networks for things. No need for manual IPs or 2nd levels of routers or anything so obtuse 00:43 < pekster> As always, you secure cross-network traffic with a firewall, not more layers of routing. You add routing when you need separate networks to inter-connect 00:43 < egam> I assume it means someone in Poland is trying to attack someone else in the world, but why does my modem get involved in this attack? 00:44 < Blue_> there is no phone socket upstairs so the downstairs router wirelessly gives this laptop an internet connection, and then the upstairs router ... well is not needed I suppose cause virtualbox can make its own network and I can put any VM'S in it 00:45 < Blue_> the ISP put me on a contract without telling me on the phone 00:45 < Blue_> so now im in this shower of shit 00:45 < knaaaaaa> anyone? 00:45 < Gollee> knaaaaaa: why should it be open? 00:46 < Blue_> so I have a router, no phone socket upstairs and a contract im still paying for despite being moved out of the other house 00:48 < Blue_> obvioustly the house im in now has a router downstairs and my router is doing nothing 00:48 < knaaaaaa> it is used on an iPhone for networking 00:48 < knaaaaaa> And I need somebody to see if my port is closed 00:49 < xamithan> You could setup bridged mode on the router and hook ethernet up to devices 00:49 < Blue_> can you help with that 00:49 < knaaaaaa> Golle: I need gmail back in my taskbar 00:49 < Blue_> I heard its hard to set up 00:50 < xamithan> Depends on your router how hard it is. Mostly you just choose the bridge client option and input the ssid|pass 00:50 < Gollee> knaaaaaa: are you for real? 00:50 < Blue_> ok im trying to find my default gateway 00:50 < knaaaaaa> I’m xunling 00:51 < knaaaaaa> Goller: im xunling, my Starcraft account 00:51 < Blue_> i.e the routers default IP. but something might have already taken that IP already 00:52 < knaaaaaa> my up adress is 109.40.3.21 00:53 < Blue_> do I plug the broadband port into the laptop or the # 1,2,3 or 4 ports 00:53 < Blue_> the other router is essentially the AP not this one and this router will connect to the AP router wirelessly 00:54 < xamithan> One of the 1-4 ports 01:00 < Blue_> I cant see it in device manager 01:01 < Blue_> and the default IP is not regognized 01:01 < Blue_> recognised* 01:01 < Blue_> "problem loading page" 01:24 < spaces> Gollee you might have a broken i ? 01:24 < spaces> and n as well ? 01:24 < spaces> S_SubZero I agree! 01:25 < Blue_> the router aint showing up in 'network' or 'device manager' 01:26 < spaces> Blue_ keep it that way, move to the bahama's and get a real life 01:27 < Blue_> yey 01:27 < spaces> leave the internet! 01:28 < Blue_> totally. 01:28 < Blue_> im actually trying to set up a intranet 01:28 < Blue_> not connect to the internet 01:28 < Blue_> but nice try 01:28 < Blue_> an intranets 01:32 < ufxinu-> i am usually using debian but i am in a situation where im forced to use centos, and some how i borked my network settings trying to setup a br0 (bridge), now- it seems like i can't get remote axs, i just can't get no connection working again 01:33 < ufxinu-> any1 that can help that's network guru plz pm, i think it's a centos issue tho... o well... 01:35 < spaces> Blue_ intranets are even worse 01:35 < spaces> pl later 01:35 < spaces> ok 01:35 < Blue_> yeah im leaving now cause you're A. not helpful and B. a bad troll 01:48 < spaces> hehe some people always blame others 01:50 < S_SubZero> well that's cuz it's their fault 01:55 < drudge`> goes on IRC; demands answers immediately. leaves but-hurt. 01:55 < drudge`> ta-da! mission accomplished 01:55 < djph> drudge`: those are the best people 01:55 < spaces> I hurt someone, and it was not even a woman, I suppose 01:56 < djph> s/best/second-best/ 01:56 < djph> the best people are the ones you get a chance to direct to http://catb.org/~esr/faqs/smart-questions.html before they get butthurt and leave. 01:59 < drudge`> hah 02:00 < spaces> djph butthurt ? I think that's another channel 02:01 < djph> you can get butthurt anywhere on the internet. 02:03 < spaces> djph by watching youtube ? 02:06 < djph> even there 02:10 < drudge`> it's kind of hard to leave http.cat butt hurt, but i suppose if ur dog you could 02:12 < spaces> djph :O 02:13 < djph> drudge`: er, what? 02:13 < spaces> some ops on IRC that moderate some major software channels are real tards, just because they can. Freenode should do something about it 02:13 < spaces> I just saw it happening again with someone 02:14 < knaaaaaa> my ping is bad and port 456 is closed by vodafone, can you check that pleace 02:14 < xamithan> Dude thought his router would show in device manager. I just stopped responding after he said that 02:14 < djph> xamithan: unfortunately, because users are retards, a lot of routers do these days :( 02:14 < xamithan> Maybe i'm the retard then. Never heard of that 02:15 < knaaaaaa> help, do u want my iPad resa 02:15 < knaaaaaa> ip adress 02:15 < spaces> never blame your hardware! it cannot help it it found a retard as it's owner 02:15 < djph> xamithan: IIRC, it's the consumer-oriented crap running bonjour (etc.) that shows up (although it might be under "network devices") 02:16 < knaaaaaa> my iphone is new 02:16 < knaaaaaa> After login, button back come 02:16 < tds> yeah, I've seen a few routers running dlna media servers or whatever that show up 02:16 < knaaaaaa> a dumb guy types a wrong password with his head, to steal my source code galaxywars 02:17 < xamithan> I just don't see what good can come of that 02:17 < drudge`> i think dude is having a stroke 02:17 < xamithan> Maybe if you had an external HDD hooked up to it 02:17 < tds> yeah, I think that's the idea 02:17 < knaaaaaa> the window goes to left 02:17 < tds> some of them do print servers as well 02:17 < tds> they just install everything when building it :P 02:18 < knaaaaaa> anyone? 02:18 < drudge`> knaaaaaa did you try adjusting it top-wise near the right? 02:18 < drudge`> that usually works 02:18 < knaaaaaa> touchfield 02:19 < knaaaaaa> Brain Think Touchfield, near me is god, and I’m xunling 02:19 < knaaaaaa> It’s bad for us 02:19 < djph> xamithan: fewer calls by the retards to the retards in India you're paying to pretend to be "costumer[sic] support" 02:19 < knaaaaaa> which channel 02:20 < djph> drudge`: nah, it's an iDevice - he's just holding it wrong. 02:20 < knaaaaaa> turn it all the time? 02:21 < drudge`> put in my 2 weeks at this network support center; cant wait to get off the customer-facing support. woooo-weee 02:21 < djph> drudge`: there are always customers... 02:22 < drudge`> can't say ill miss the soudn of customers chewing in my ear and breathing heavily in the phone 02:22 < xamithan> Just wait till you are talking to CEOs or VPs 02:22 < drudge`> sales primmadonnas are a real treat 02:22 < djph> or any other mouthbreather calling IT 02:25 < xunling> help 02:36 * aaro calls 911 02:40 < knaaaaaa> can some scan me? 02:40 < knaaaaaa> do I look good? 02:40 < Project86__> Something just came to mind... if I were to use linux deploy to setup a VPN server. Would/could that essentially make my phone carrier a vps as long as it has internet? 02:41 < knaaaaaa> no 02:41 < Project86__> Damn 02:42 < tds> knaaaaaa: if you want to test connectivity back to yourself, I'd just get a vps/shell account somewhere, or you might be able to find websites to test for you 02:42 < Project86__> How come? Could I route them to work that way, or Would that just be like a wireless adhoc? 02:43 < tds> mobile providers often run cgnat, so it's entirely possible you can't have new incoming connections, which makes it slightly pointless for a vps-style setup 02:44 < Project86__> Ah ok. Thanks, there goes my amazing lightbulb moment 02:44 < tds> some mobile providers will give you a public unfirewalled ip though, so it might be worth trying 02:45 < qman__> You can get a vps for $3 a month though 02:47 < batch> hi, imagine i want to use a pi as a bridge, having wlan0 forwarding to eth0 which has a switch on the end 02:47 < batch> if i'm in debian and i want to configure all nics in /etc/network/interfaces 02:47 < Project86__> Just read about cgnat, crazy stuff. I'd like that config lol. And yeah, I can, but one of my personal philosophies is, why pay for what you can get for free?" (To extents) so if I could merge it with a bill I already pay, that provides extra security...then why not? 02:47 < batch> they all need iface X inet manual? 02:48 < Project86__> I thought it to be clever. I suppose not 02:48 < batch> i want to have it as a "wireless island" 02:49 < Project86__> Ooh, lemme look that up. Is it like decentralized VPN stuff? 02:49 < batch> Project86__ talking to me? 02:49 < Project86__> Yes. About wireless islans 02:50 < batch> more like a wireless point to point i think idk 02:50 < batch> https://www.glennklockwood.com/sysadmin-howtos/rpi-wifi-island.html 02:50 < batch> see here they use static 02:51 < batch> but some guy i know tells me to completely put everything in manual because it's a bridgedevice then 02:51 < Project86__> Oh, that's one of the setups I'm previously working on. Wireless p2p. There's a couple diff ways 02:51 < Project86__> *presently 02:51 < batch> oh ok that might be handy 02:51 < batch> can you guide me in here plz? 02:52 < Project86__> I've only read what others say. I have to find screenshots lol 02:52 < Project86__> Gimme a moment on that while I eat 02:52 < batch> so this is what i have: http://ix.io/1a5I 02:53 < batch> last 3 lines are 'ip route' 02:53 < batch> oke sure no problemo, have a nice meal :) 02:55 < batch> i'm really missing something like forwarding with iptables i guess 02:55 < batch> never thought i'd need to solve such a garbage 02:55 < batch> :D 02:57 < Project86__> What i read was to just install OpenVPN on both in a certain way, and the one without internet can p2p wirelessly to the one with internet to allows access back n forth 02:58 < Project86__> Heard that from others input here 02:58 < batch> vpn ee 02:58 <+pppingme> batch are you trying to bridge or route? 02:58 <+pppingme> when you bridge you DON'T put ip's on individual interfaces.. thats always wrong 02:58 < Project86__> I've not done iptables yet... 02:59 < batch> pppingme yeah.. hmm.. 02:59 < batch> pppingme you mean like also don't give ethx1 no ip 02:59 < batch> remove address, netmask, dns ? 03:00 < batch> let me try that 03:00 < batch> didn't try that yet 03:00 <+pppingme> ip addresses go on the BRIDGE interface, not the individual member interfaces of the bridge 03:00 <+pppingme> but the ip's I see you assigning imply you want to route, not bridge 03:00 < batch> pppingme yeah 03:01 < batch> i gave br0 those settings 03:01 < Project86__> pppingme always gots the solutions 03:01 < batch> but he couldn't also not contact another ip address with ping 03:01 < batch> soo 03:01 < batch> i only need to open up wlan0 to ethx1 with iptables then? 03:02 < Project86__> Wait, me batch ? 03:02 < batch> and hope that my router does the natting? 03:02 < batch> Project86__ trying with pppingme 03:02 < batch> trying to understand from both you guys input 03:02 < batch> :p 03:02 < Project86__> batch: thought when u meant "gave br0 those settings" 03:03 < Project86__> Was bout me lol 03:03 < batch> what 03:03 < batch> oh 03:04 < batch> hmm 03:05 < batch> no wait, how can the router know that i want 10.0.0.0/16 if i don't specify it 03:05 < batch> goddamn 03:07 < batch> pppingme if you can tell me what i'm missing to make this work i'd be very happy cause it's beating me up 03:08 <+pppingme> first, decide, do you want to bridge, or route? (and by the way, bridging between wifi and ethernet isn't totally friendly for a couple reasons).. 03:09 <+pppingme> and also, how are you picturing this thing, I assume as some kind of step between your router and another device, but which side of the pi is facing the router, eth or wlan, and which side is facing the device? 03:09 < batch> oh well 03:10 < batch> isp>wlan0>bridge/route>switch>clients 03:10 < batch> that's how i picture it pppingme 03:11 < batch> actually i have another router between isp and wlan0 but that shouldn't be any issue i think 03:11 <+pppingme> so the wlan side faces your isp wifi router, and the wired faces multiple wired clients? 03:11 < batch> exactly correct 03:11 <+pppingme> hmm... is there some reason you can't pull a cable? that would actually significantly simply this whole thing 03:12 < batch> well hmm 03:12 < batch> i might be actually making a repeater with this right 03:12 < batch> ? 03:12 < batch> :p 03:12 <+pppingme> you wouldn't even need the pi, just cable between isp switch and your new switch 03:12 < batch> yeah agreed 03:12 <+pppingme> repeater is kind of a vague word herre.. 03:13 < batch> that be #1 solution 03:13 < tds> batch: were you asking about this a few weeks/days ago? 03:13 < batch> hmm how so 03:13 < tds> I seem to remember someone posting that link before 03:13 < batch> tds yes that's correct aswell.. 03:13 <+pppingme> wired is best solution, if you're forced to face pi to wifi router, then wire your clients, next simplest solution is to set it up basically as a linux router.. 03:14 < batch> well 03:14 < tds> as discussed then, I think you'll either need to NAT on the router, or do horrible proxy arp things 03:14 < batch> actually 03:14 < tds> (oh, where by "router" I mean pi) 03:14 < batch> i have 2 usb to ethernet adapters laying here 03:14 < batch> oke 03:14 < batch> so actually i could use ethx0 and ethx1 03:14 <+pppingme> tds nah, he could just -j MASQ as traffic exits the pi back to the real router 03:14 < batch> but i need forwarding 03:14 < batch> i wanna make it kind of a monitoring device 03:15 < batch> forwarding or routing or bridging however people may call it 03:15 <+pppingme> if you're doing two ethernet adapters there, then why are you even involving the pi? just plug the cable from the main device into your switch and call it done 03:15 < tds> pppingme: yeah, that was what I meant by nat on the pi 03:15 < batch> so yes 03:15 < batch> NAT on the pi 03:15 < batch> but that's just not working 03:16 < tds> if you have ethernet, don't mess with nat, just do bridging 03:16 < batch> idk 03:16 < batch> vbox spoiling me cause in there it works 03:16 <+pppingme> batch ok, then there's a million very simple examples of setting up a linux router, just follow one of those.. 03:16 < batch> but not on my hardware 03:16 <+pppingme> and watch your interface names as you setup your rules and interfaces 03:16 <+pppingme> linux is linux... there's nothing special about a pi that would not make this possible 03:17 < batch> yeah i don't understand it either 03:17 < batch> these are cheap adapters though 03:17 < batch> could blame that but got no proof lol 03:18 < tds> what have you set up so far? 03:18 < tds> if you're doing routing + nat, can you upload the output of "ip a" and "iptables-save"? 03:19 < fnDross> is this possible? DUN on a Cell phone >> cell phone call to another phone>>usb>>lede>internet? 03:20 < fnDross> lede or other 03:20 < batch> oh tds i have completely nothing anymore 03:20 < batch> wait i had ifconfig 03:20 < tds> ok, I certainly wouldn't blame the hardware then, as pppingme said there are plenty of guides around for configuring a router to do routing + v4 nat 03:21 <+pppingme> fnDross a data call between two cell phones would require CSD and is SLOW... whats this for? 03:21 < fnDross> price of payin data in an away zone 03:21 <+pppingme> batch yes, linux is linux for the purpose of this question.. the ONLY drawback of the pi is that it might not keep up at full interface speed.. 03:22 < batch> pppingme yeah that's not really big of a deal for this project atm so 03:22 < fnDross> and curiousity 03:22 <+pppingme> fnDross when I say "would require CSD" I should clarify, that takes support from phone *AND* carrier, and is largely non-supported anymore.. in the USA I know of only ONE carrier that still supports it 03:23 <+pppingme> fnDross and I don't think current android or iphone supports CSD 03:23 < fnDross> we could bring back modem chatter sounds! 03:23 <+pppingme> the last phone I had that I know supported it was a nokia flip 03:24 < batch> tds http://ix.io/1a5R 03:25 < spaces> world domination! 03:25 < tds> yeah, bridging together wifi and ethernet interfaces won't work properly (in that direction), you'll want to do routing + nat 03:25 < batch> i might be a little off about static vs manual and weather i need to run a seperate dhcp server and what i need to use in iptables 03:25 < spaces> I'm going to cache all google maps queries 03:25 <+pppingme> if you have to nat, iptables becomes the answer 03:26 < batch> oke pppingme tds thx for suggestions allready 03:28 <+pppingme> if you can do ethernet on both sides, bridging becomes easy 03:33 < batch> pppingme they are both same chipset and same id for the adapters 03:33 < batch> i hope that doesn't conflict the r8152 module in linux 03:34 < batch> but yeah maybe that's a better plan 03:44 < batch> ok i think last question 03:45 < batch> do i give address to br0 or ethx1 ? 03:46 < tds> for routing you don't want to have a br0 interface at all 03:46 < gildarts> Is it possible to setup a router to allow access to an outer router? I have to use my ATT router and want to use my ubiquiti router, but I need to access the config page of the ATT router. 03:47 < batch> tds ok noted 03:54 < Project86__> gildarts: this is sorta what pppingme was talking about. Turning pi into a router. Except you don't need to make it one. You just need to configure it 03:57 < gildarts> Project86__: I just joined so didn't see the conversation. Also, not interested in any other hardware. 03:57 < Project86__> Was no conversation 03:58 < Project86__> Just my reply. 03:58 < Project86__> Had nothing to do with adding hardware either 04:01 < Project86__> And batch what pppingme had said about turning your pi into a router was the exact solution I got that I was trying to find earlier to show you lol. Same person too 04:01 < batch> i could put openwrt on it Project86__ 04:02 < batch> if the chip supports it 04:02 < batch> i bet it does 04:02 < batch> might even be an easier solution 04:02 < batch> much easier configuration 04:03 < Project86__> Project86__: but mine would only be using wireless connection, no eth0. So a router is my best option. Also considered nat'ing it. But I've just been gathering responses and piecing stuff together slowly 04:03 < Project86__> I mention myself lol 04:03 < Project86__> That was at you batch 04:03 < batch> i see yes great idea 04:04 < batch> looks like everyone is into it but nobody is able to make it work LOL 04:04 < batch> it's like the arduino hype to make a led blink 04:04 < batch> a million tutorials about a stupid led 04:04 < Project86__> Lol 04:05 < batch> technology got us this braindead yeah 04:05 < batch> i blame social media 04:05 < Project86__> I'm trying this week to see if I can get it to work like I want. I'll update you 04:05 < batch> Project86__ nice to know you are into this stuff aswell, love to keep contact yes 04:06 < batch> thx :) 04:06 < Project86__> Yes 04:16 < moosebumps> im homeless and i have $5 04:16 < moosebumps> what drugs can i buy in Jerusalem 04:23 < moosebumps> I NEED MY SHIT 04:24 < xamithan> Wait for a bowel movement 04:24 < moosebumps> 20 SHEKELS 04:30 * linux_probe pours castor oil into moosebumps 04:30 < linux_probe> or is that xamithan 04:35 < moosebumps> אני יכול לקנות כמה תרופות 07:40 < scientes> what does it cost for the equitment to send internet over my own coaxial cable 07:40 < scientes> i have coaxial already run 07:40 < scientes> can two docsis cable modems talk to each other? 07:43 < scientes> https://www.amazon.com/Actiontec-Ethernet-Adapter-without-Routers/dp/B008EQ4BQG 07:43 < scientes> ahhhh 08:04 <+pppingme> scientes no, two modems can not talk to each other, what are you trying to do? 08:27 < skyroveRR> Morning. 08:27 < skyroveRR> Almost afternoon. 08:27 < bl00dh0ney> hello 08:27 < skyroveRR> :) 08:27 < skyroveRR> Suppy 08:28 < codebam> I'm using wpa_supplicant directly to connect to WiFi, how can I automatically change my MAC address when connecting to a new access point? 08:28 < codebam> is there a daemon I can use? 08:29 < skyroveRR> You can write a simple sh wrapper that invokes a mac changing program every time you need to connect, codebam :) 08:30 < codebam> skyroveRR: I'm running wpa_supplicant as a daemon, how would you suggest I do that? 08:33 < skyroveRR> Hmm... 08:34 < skyroveRR> codebam: are you talking about hooks that wpa_supplicant could invoke? 08:34 < codebam> I just want it to work seamlessly, I don't actually care how it works. I'm asking for a good solution 08:34 < skyroveRR> (Which I don't think wpa_supplicant supports anyways) 08:35 < skyroveRR> There isn't a good solution, you'll have to write a wrapper, and it depends on how messy the end result is. 08:35 < codebam> hmm okay 08:36 < skyroveRR> codebam: it would have been great if wpa_supplicant supported hooks, but I guess it doesn't. 08:36 < codebam> hmm yeah 08:36 < skyroveRR> If that would have been the case, you wouldn't be asking this question ;) 08:38 < codebam> well yeah, it sucks that wpa_supplicant doesn't have all these features. if frontends like networkmanager didn't have to come along maybe it would 08:38 < codebam> because no distro I know of still uses wpa_supplicant directly 08:39 < skyroveRR> Just write a wrapper, it's messy, but works. 08:41 < codebam> I might just write a script to watch wpa_supplicant logs and change mac addresses when it disconnects from a network 08:42 < wyseguy> hey all 08:43 < skyroveRR> Hi wyseguy 08:48 < wyseguy> I have a ubiquiti edgelite 3 router as my main router, i want to hook up a unifi security gateway for DPI 08:48 < wyseguy> hi skyroveRR 08:48 < wyseguy> im thinking of setting a dmz on the main router to route to the security gateway, but thinking i may run into a double nat issue 08:48 < wyseguy> which i dont want 08:49 < wyseguy> maybe ill just replace the main modem with the USG 08:51 < Project86__> Someone had asked way earlier, if there's ever been a phone rom built on security. My reply for Ubuntu was wrong. However, there is the Pwnie Express Pwn Phone that cost $1096, before they decided to make it free open-source project. However. It has been seen no activity on github or wherever for like 2 years.... wonder if it'll still work. 08:52 < skyroveRR> Project86__: I wouldn't use stuff from an inactive (probably dead) project... 08:52 < Project86__> That's the phone Mr. Robot used in season 3 08:52 < Project86__> Ya, was thinking the same sky 08:53 < Project86__> Wonder why no pull request as were done to update and keep active? Was an awesome idea 08:56 < quackslikeaduck> why not just get a custom box with proper cpu/ram and network ports and load em up with IDS/DPI-software as seen fit , instead of depending on these third-party hardware-providersr threat-/sig- feeds for such.. aren't those, esp. these non-enterprise grade devices, likely prone to neglect somewhat and likely better with some custom setup or possibly mix of security-based OS thru virtualization on 08:56 < quackslikeaduck> .single box setup by oneself instead .. ? 08:58 < quackslikeaduck> ...home routers ...$100-$300 .. shitty stats/specs..often proprietary software .. even worse track record for remote root exploits, not to mention the related common-ness being a gr8 weakness by itself 08:59 < quackslikeaduck> ...mmh.. yeah, best setup a vm and set nic to use that as gateway.. try just two low resource opnsense and securityonion vms for them basics and possibly monitoring/honeypots? 08:59 < skyroveRR> quackslikeaduck: :) 08:59 < quackslikeaduck> ..tleast what i'd..! ..never mind me tho; im a n00b tbh.. =| 09:07 < Project86__> Lol. I wanna be that n00b 09:09 < Project86__> But I agree, a personalized one would 've the way to go. If only I knew enough for all that 09:13 < quackslikeaduck> try #opnsense , u could download virtualbox or something to play around with it on at least! 09:31 < Apachez> bwahahahhaa :D https://www.youtube.com/watch?v=-X3DDJXzcxk&t=40m00s 10:08 < ljc> can anyone recommend a good adsl2+ router? 10:10 < quackslikeaduck> try opnsense; they even got a chan here; #opnsense ? 10:11 < quackslikeaduck> otherwise,. on a simpler level, i thnk theres some android apps with most features ud need covered too , pppoe wifi n all aye ^^ they go wrm real quick tho so watch for house fires;) 10:16 < joro_> Hi guys, is it secure to use ruby-mail in conky ? 10:16 < skyroveRR> ljc: none of them are. And none of them are open source :( 10:17 < skyroveRR> joro_: conky is used for local purposes, so why not? 10:17 < quackslikeaduck> as long as its cabled, heavily isolated cables .. u'll be safe, pal. no stress. 10:18 < skyroveRR> haha 10:18 < quackslikeaduck> ..given u've got oversight and control over them cables from start to end that is ofc. 10:18 < joro_> skyroveRR, because... i put my username in a config file as well as my password 10:18 < skyroveRR> joro_: well, is the computer operated only by you? 10:18 < skyroveRR> :D 10:18 < joro_> yes 10:18 < skyroveRR> Then you'll be fine. 10:19 < skyroveRR> Just don't share them with us ;) 10:20 < joro_> :D i meant secured point of view 10:20 < skyroveRR> Fine as long as you are the only user of that computer. 10:20 < joro_> keeping a password in ~ is that a good idea ? 10:20 < quackslikeaduck> mail no good, no safe... too many relays amidst the chain may not be secure.. & as always,never trust automated "end to end encryption"-solutions by itself, doubly or triple up with crypto .. just in case! -- just enable urself easy of use as such or it ain't gna be used....any less-commonly used bit to add in the mix of security b good bro 10:20 < skyroveRR> Should be ok. 10:22 < quackslikeaduck> no good, no swap ... and ascertain solder all input ports ("cold boot attacks"; DMA .. all kindsa shady side channel openings gon get ya...). pop in a lil device; or some remote axx for a short bit to get lil mem dump n ya 0wnd 10:23 < quackslikeaduck> github.com/scipag .. unsure if that's the page/guy, but may wna look into the mail header fingerprinting basics and try evade n counter at least some eh. hmm 10:24 < skyroveRR> quackslikeaduck: whoa! 10:24 < quackslikeaduck> and always, anything not cabled .. bluetooth,nfc,wireless, fm radio... . . 'ts all bad news, consider nearby LANs compromised. just my 2cs 10:24 < quackslikeaduck> and as always* , just good precautionary measures I thought, considering all dem vulns these days....... 10:25 < skyroveRR> True that. 10:25 < scientes> are there any cheap 5gz wireless adapters with in-tree linux drivers 10:26 < skyroveRR> Not easy to find.. 10:26 < Capprentice> HI, how to burn a ONU to a OLT so the ONU can never be used with another GEPON OLT? 10:26 < skyroveRR> scientes: 10:26 < skyroveRR> quackslikeaduck: is that your repo btw? 10:26 < quackslikeaduck> no 10:26 < skyroveRR> Capprentice: when the hell did you get into fiber stuff? 10:26 < scientes> instead of this out-of-tree rtl stuff 10:26 < skyroveRR> Capprentice: and hi. 10:27 < Capprentice> skyroveRR: hehe! hello 10:27 < Capprentice> Do you know the answer? 10:27 < quackslikeaduck> the vulscan (for nmap) there at least is nice,if don't know of that already! 10:27 < skyroveRR> Capprentice: you mean you want to do a vendor lockdown of the ONU? 10:27 < Capprentice> yes 10:28 < skyroveRR> Hmm.. don't think that's possible yet. 10:28 < Capprentice> Oho! 10:28 < skyroveRR> It's a bitch to modify their firmware already. Forget about locking them down. 10:31 < quackslikeaduck> sry unsure if related (or watcha upto at all really..), but in regards to general wifi firmware stuffz... this guy, among a couple others, seems to have a good and well-updated collection of fancy stuff may fancy a look if havn't chekked'em alrdy~> https://github.com/0x90?tab=repositories 10:31 < skyroveRR> Nice repo. 10:39 < joro_> ow heaven https://github.com/0x90/esp-arsenal 10:44 < mast> Anyone have experience working with IBM's x3550 or x3650 line? Pre M4 10:45 < trae32566[w]> maybe. what's up? 10:45 < trae32566[w]> actually no, just the newer stuff :/ 10:45 < mast> Ah 10:46 < mast> Just wondering if there's some kind of fan overide. A unit I just received has a defective fan, and I believe the unit is shutting down when it detects this 10:46 < mast> Which is super fun because its one of the fans for the second CPU that I'm currently not using 10:47 < trae32566[w]> I would expect if there is, it would be in the IMM 10:47 < trae32566[w]> I have no clue what that IMM looks like, but I would think you can tell it to ignore certain sensors 10:47 < mast> And not the bios? 10:47 < trae32566[w]> it could be, but often those things are either in both, or IMM / IPMI 10:48 < trae32566[w]> assuming it's possible 10:49 < mast> I'll have to dick. I would love a fan bypass here. Can't really get a replacement quickly 11:17 < rhineheart_m> Hello...I need help in FOC deployment 11:18 < skyroveRR> What the hell is FOC deployment, rhineheart_m ? 11:18 < quackslikeaduck> Greetings, stranger. Please, do elaborate . . . 11:18 < rhineheart_m> If there are like 6 buildings...do I need to cut the fig 8 per location? 11:18 < rhineheart_m> Hahaha. Sorry. 11:18 < quackslikeaduck> Apology accepted. 11:19 < rhineheart_m> Thank you. 11:20 < Apachez> https://www.youtube.com/watch?v=FHRtZ-butGk 11:22 < codebam> how can I host a local dns server? (literally only used by my laptop) 11:22 < skyroveRR> codebam: what OS? 11:22 < codebam> skyroveRR: void linux, can I just follow the arch guide on BIND? 11:23 < quackslikeaduck> maybe something like https://github.com/Angristan/Local-DNS-resolver for a 1-click install kinda thingie? 11:23 < skyroveRR> no, BIND is too heavyweight for that shit, try dnsmasq. 11:23 < quackslikeaduck> ..& dnscrypt-proxy ^^ .. n ya good2go 11:23 < rhineheart_m> Anyone who is interested to answer my inquiry earlier on? :) 11:23 < codebam> skyroveRR: ah okay, I've used dnsmasq before. thansk 11:23 < codebam> s/thansk/thanks 11:30 <+pppingme> rhineheart_m its not a straight forward answer 11:30 <+pppingme> lots of variables 11:31 < joro_> hi guys, i found script which return the interface...(wlp1s0), if i write 'ip addr' the interface is wlp2s0(different from the one the script returns) 11:35 < detha> That is what happens when one switches this silly udev 'consistent interface names' on I guess 11:36 < joro_> what do you mean ? 11:41 < detha> that things were more consistent when it was wlan0, or eth0, than with the 'consistent' unpronouncable names 11:45 <+pppingme> nah, you slap in a new nic and your naming could shift around 11:48 < mast> I dislike that I cannot use this server right now because of an $8 fan 11:48 < detha> pppingme: yes. but one generally knows when one installs a new NIC. One does not always know when some random dev somewhere pushes an update that changes the contorted naming scheme 11:48 < skyroveRR> detha: Somebody should have stopped this stupidity, but thought that it looked cool. 11:49 <+pppingme> thats the idea, that it *shouldn't* change.. its based on physical location of the nic 11:52 < detha> pppingme: yeah. which only helps for some of the use cases. And is totally unhelpful when dealing with VM configurations generated by some tool 12:01 < Apachez> d 12:03 < skyroveRR> d 12:03 < test1337> d 12:05 < justanotheruser> For devices connected to a router, is there some heartbeat mechanism? Or how does my routers software determine the current state of its client list? 12:06 <+pppingme> justanotheruser it generally doesn't care 12:06 < justanotheruser> what do you mean? 12:07 <+pppingme> routers generally don't keep track of clients long term.. if its running dhcp server, it will maintain that list, but its not a valid showing of client state (client could turn off and dhcp server not know) 12:09 < justanotheruser> mhm. So how should I determine the ip address of a device I just connected? 12:10 <+pppingme> you could look at the dhcp list and look for the newest entry, or just check the device itself 12:10 <+pppingme> do you know the devices mac address? 12:10 < justanotheruser> no, I need to ssh into it 12:13 <+pppingme> you could always run nmap on your subnet and see what devices have tcp/22 open 12:20 < justanotheruser> I will try that when my update is done :) 13:36 < revoltingPeasant> grawity: Hello sir, I'm still trying to get host only netwrork 13:37 < revoltingPeasant> to play ball 13:38 < revoltingPeasant> I have set the static route on my router and I've set the vm's network to host-only. I still can't ping the vm and the vm has no internet connection 13:39 < djph> what do you think "host-only" means? 13:41 < revoltingPeasant> djph: I was following grawity's invaluable advice 13:44 < djph> revoltingPeasant: OK ... but again, what do you think "host-only" means, in the context of the VM, hmm? 13:45 < revoltingPeasant> from the virtualbox website "It can be thought of as a hybrid between the bridged and internal networking modes" 13:45 < revoltingPeasant> djph: ^^ 13:46 < djph> something's screwey there then, as "host-only" has only ever been "keep the network on this VM host only". If you wanna get out, you use either bridged, or NAT'd 13:48 < djph> https://www.virtualbox.org/manual/ch06.html <-- see table 6.1 (although this is for virtualbox) 13:48 < revoltingPeasant> djph: unfortunately, I'm trying to develop for a server software that runs in the vm. this server software has been configured by a 3rd party with a static IP, this was fine in the work env but I want to continue at home. 13:48 < djph> revoltingPeasant: that's fine, you just have the wrong network type for the VM 13:49 < revoltingPeasant> the networks are different so a bridged adaptor will not work 13:49 < djph> so then use NAT 13:50 < revoltingPeasant> ok, I'll have to do some research so. networking isn't my strong suit 13:50 < djph> no worries ... you are using virtualbox right? Or is it some other VM solution? 13:51 < revoltingPeasant> yes virtualbox 13:52 < djph> it sounds like you really want to use "NAT" (or "NAT Network") then, based on wanting the VM to get to the internet (and the table on the page I linked) 13:53 < revoltingPeasant> ok I'll have a look at that, thanks, I'll be back 14:18 < zamanf> I am testing a udp application with 2 remote pcs and I need to verify the mac address of them. Only problem is my router 14:19 < zamanf> I see only my router's mac address. Is there any way to bypass it? 14:19 < zamanf> some settings maybe I need to check in my router? 14:20 < detha> No. That is how it is supposed to work, mac addresses only have significance on the same network segment. 14:21 < djph> ^ 14:21 < kiokoman> idk but i think there is no way 14:21 < kiokoman> it's only used for communication in your local network 14:21 < kiokoman> the router only transmits the IP packet to "the Internet". When connecting to the internet your router will not use your computers, but its own MAC address to forward the packet. 14:21 < djph> you're only ever going to see MAC addresses on your local network segment. Soon as you need to go through a router, "all hosts(tm)" will have your router's MAC address. 14:22 < zamanf> if I set my router to work as a modem? 14:22 < djph> s/all hosts/all ethernet frame destinations/ 14:22 < kiokoman> happens on all routing points, so your ISP will take your packet, get the IP packet out and put it into another MAC packet and so on 14:22 < tds> if the remote host is v6 with slaac (and non privacy), you can work out the mac address from the v6 address, otherwise there's no way to know it 14:23 < djph> not that knowing the MAC address is really useful off the local segment anyway 14:23 < zamanf> I see 14:24 < zamanf> the problem is that, the remote hosts have dynamic ip addresses 14:24 < zamanf> is there any way I can verify that they are the same pcs? 14:25 < kiokoman> using something like dyndns ? 14:25 < zamanf> I have thought of that, but I prefer something hard-wised 14:26 < detha> Give each device/user an individual certificate, solve it in your L7 protocol 14:26 < zamanf> hardware* 14:29 < djph> if it's across network boundaries, no there is no way to do that - unless you have the hosts respond with their MAC addresses (or provide them) as part of the comms 15:05 < chen08> hello can you help to reset my linksys E1200 router? 15:05 < light> have you tried the reset button? 15:06 < djph> light: that's so crazy it might just work! 15:07 < kiokoman> lol 15:11 < kurahaupo> zamanf: remotely log into some device on the same LAN, ping the device you want to check, and check the arp table. 15:12 < kurahaupo> zamanf: but why? MAC addresses aren't routable? 15:13 < kurahaupo> (unless you have really old auto conf for IPv6, in which case yes the MAC address is the bottom 64 bits 15:31 < pauliunas> hey people :) is there a network protocol that can negotiate connections between 2 changing IP addresses? what i mean is that the IP of either machine can change at any time, and the connection should be re-established as soon as possible, and ideally i could use this protocol from my application as a regular socket 15:33 < djph> no 15:33 < detha> pauliunas: what is being used as the 'central point'? DNS? some server? 15:33 < djph> I mean, you could probably have a keepalive, that if it falls uses DNS... 15:34 < b0bby__> Does anyone have the full stratum mining protocol documentation? 15:34 < pauliunas> ideally one of the two machines would be the server and the other the client... or it could be peer to peer, but there's no need for that.. if that's not possible, i might think of having a central server with static IP that transfers the packets 15:35 < detha> on a broadcast-enabled network, there's plenty discovery protocols. Outside that, there is always some central fixed point, be that DNS, some vpn server, STUN server, or whatever 15:35 < pauliunas> and those two machines are basically computers with 4G sticks moving around 15:38 < detha> no such thing without some central point or out-of-band comms then 15:39 < pauliunas> hmm ok thanks 15:41 < pauliunas> i thought that the machines could detect when their IP changed and re-negotiate the connection with the other one, but if i need to write that myself, i'd rather rely on an external server 15:42 < detha> They can probably detect that. And what happens when they both change IP at the same time? 15:42 < pauliunas> that would be a very rare case... in that case i could have a failover server 15:42 < pauliunas> the thing is, i don't want to increase the latency too much. if i can avoid external server, i want to avoid it 15:53 < april_> how to reset linksys E1200 with openwrt firmware? 15:54 < Apachez> use a hammer 15:54 < Apachez> semtex/c4 will work too 15:57 < precise> Damn matrix, settle the fuck down 15:58 < april_> how to reset linksys E1200 with openwrt firmware? 16:00 < Apachez> april_: use a hammer 16:00 < Apachez> april_: semtex/c4 will work too 16:00 < april_> Apachez? 16:01 < apache2notworkin> hello im using linux and i have set up apache2 exactly as the manuals say. i have set up a crossover ethernet cable between the server and the client , like so, server 192.168.2.2, mask 24 and client 192,168.2.1 mask 24. no gateways or routes are set. is my network correct? 16:02 < apache2notworkin> i can ping both machines and all firewalls are off 16:02 < skyroveRR> apache2notworkin: yup, setup looks fine. 16:03 < apache2notworkin> so what am i doing wrong here? 16:03 < at0m> apache2notworkin: and can you visit http://$serverIP ? can you visit it from the server, ie. http://127.0.0.1 ? is apache even running? 16:04 < apache2notworkin> yes from the server i can view the html 16:04 < apache2notworkin> but not from other pc 16:06 < at0m> so you can ping $serverIP but not browser to http://$serverIP ? 16:08 < at0m> apache2notworkin: on the server, check what interface:port apache is listening to: "netstat -tlp | grep apache" (0.0.0.0 is for all interfaces) 16:09 < batterylow> hi! I'm getting my domain twice in an RSS feed, if the domain is xyz.net, it appears to be xyz.net/xyz.net/ any ideas what should I do? 16:11 < skyroveRR> Recharge your battery. 16:12 < batterylow> That's my problem. You should be minding your own work if you don't know anything. 16:13 < skyroveRR> I am minding my work by annoying you, partner. 16:14 < compdoc> nobody wants to be my partner :( 16:14 < qman__> you should seek the documentation or support for whatever software you're using to produce said RSS feed, or if you're doing it yourself, read the RSS standards 16:21 < dogbert2> anyone got a recommendation for a keyboard/mouse combo wireless...I have an HP, but the mouse is a bit flukey 16:24 < dogbert2> brb...system restart 16:32 < ben8472> dogbert2 : uh K710 i have at work, so far so good, but its not with a mouse, i would take a wired keyboard and mouse unless i have a real need for it (laptop usecase) 16:33 < dogbert2> yeah...the mouse is probably bad, IMO... 16:35 < qman__> yeah, I don't get wireless unless I have a specific need for it 16:35 < dogbert2> looks like it loses connectivity a lot, for some reason... 16:36 < ben8472> since i got a G910 i kind of hate any other keyboard 16:36 < ben8472> i type alot and usually buy 1 new keyboard /year 16:37 < qman__> I do have one of these, and quite like it - the exact one I have isn't listed anymore but it's basically the same thing https://www.amazon.com/Beastron-Wireless-Keyboard-Touchpad-Rechargeable/dp/B06ZY8V83H/ 16:38 < qman__> better than my folding keyboard and those silicone rubber ones 16:39 < dogbert2> I can pickup up a logitech MK270 wireless keyboard and mouse combo for $20 16:40 < qman__> far as actual workstation keyboards, I have a couple unicomp model Ms and a das keyboard II 16:42 < tds> I'm using a model m here, I quite like it :) 16:42 < tds> the ssks are rather appealing as well, but far too expensive 16:43 < dogbert2> interesting :) 16:48 < ben8472> i need a new mouse, i saw a few new logitech models got out, but i dont want to dish out 80-100 bucks again and be disappointed 17:10 < Guest5744> hi guys 17:14 < dogbert2> meh...this mouse is gonna get destroyed :P 17:52 < inq> somebody fucking talk 17:52 < inq> I need help 17:52 < inq> before I ask my question 17:52 < Emperorpenguin> inq 17:52 < Emperorpenguin> wasssaaaaaaap 17:52 < inq> I cant seem to get into my router settings 17:53 < inq> my browser just says page not found when entering my routers default ip 17:54 < inq> the end goal is to bridge this router wirelessly to the main AP router 17:54 < Emperorpenguin> inq: what address does it have? 17:54 < inq> 192.168.1.1 17:55 < inq> I have also tried .1.2, 0.1 etc 17:55 < inq> it worked the other day 17:55 < Emperorpenguin> inq: what IP does your router have 17:56 < Emperorpenguin> are they in the same subnet? 17:56 < inq> 192.168.1.1 17:57 < inq> accordingnto the sticker 17:58 < Emperorpenguin> ok so inq basically you have your router and an AP right? 17:58 < Emperorpenguin> and you want to connect the AP wirelessly to the other device? 17:59 < inq> yeah 17:59 < inq> the AP is also a router 17:59 < Emperorpenguin> you say it worked in the past? 17:59 < inq> once yeah, to get to the router settings 17:59 < Emperorpenguin> ok so do this 17:59 < Emperorpenguin> connect to your router and post your DHCP lease 18:00 < Emperorpenguin> connect to the AP by itself 18:00 < inq> ok 18:00 < Emperorpenguin> disable DHCP, enable bridge mode, set its static IP exactly as the DHCP lease you get from the router except for the IP address 18:00 < inq> Lease Obtained. . . . . . . . . . : Saturday, May 12, 2018 3:55:45 AM Lease Expires . . . . . . . . . . : Tuesday, May 22, 2018 4:22:48 PM 18:01 < Emperorpenguin> i need ip address, netmask and default gateway 18:02 < inq> IPv4 Address: 192.168.0.66(Preferred) Subnet Mask: 255.255.255.0 Default Gateway: 192.168.0.1 18:02 < Emperorpenguin> ok 18:02 < skyroveRR> Hey Emperorpenguin :) 18:02 < Emperorpenguin> so put the same gateway and netmask on your AP 18:02 < Emperorpenguin> hi skyroveRR 18:03 < inq> that is the AP 18:03 < Emperorpenguin> and give it a similar ip address, same 3 first numbers, change the 4th 18:03 < inq> I did ipconfig 18:06 < inq> it says the ethernet is 'media disconnected' 18:06 < inq> but the routers plugged into it adn turned on 18:24 < djph> you configuring the right ethernet port? 18:25 < dogbert2> hey djph 18:25 < djph> o/ 18:26 < detha> djph: "it depends". it may be the left one, depending on board layout. 18:27 < djph> detha: that's what I was afraid of. 18:27 <+xand> so long as it's not in the middle. 18:42 < revoltingPeasant> So I have a vm attached to my home router using a bridged network and a static ip of 192.168.1.33/32 and my host machine has 192.168.1.100/32 the vm has internet. I cannot however reach a running service on the vm from the host and cannot make contact in either direction using ping/tracert. could my home router be blocking the traffic? 18:44 < hazzardousmonk> Hello - I have a question.(Noob alert). This is about firewalls and routers. Why are computers behind a firewall able to browse the web? Does that mean that port 80 is open on the firewall? 18:45 < revoltingPeasant> I should add that the vm's firewall is completely disabled 18:46 < revoltingPeasant> hazzardousmonk: As far as I know, the browser can make connections out but nothing can instigate an unsolicited connection from outside the lan 18:47 < revoltingPeasant> hazzardousmonk: the firewall is like a 1 way door unless configured otherwise 18:47 < hazzardousmonk> @revoltingPeasant - but there must be some way for the packets from the remote server to come back to the computer initiating the request. How does that work? 18:48 < revoltingPeasant> hazzardousmonk: the router will allow the traffic to flow back if the connection was intitiated from inside the lan 18:48 < revoltingPeasant> but not vice versa 18:48 < hazzardousmonk> Alright - thanks a ton! 18:48 < revoltingPeasant> np 18:49 < revoltingPeasant> I'm no expert btw 18:49 < djph> revoltingPeasant: they're on two different networks. use /24 instead ... 18:50 < djph> hazzardousmonk: no, http (and many other protocols) are stateful, and the firewall lets things through based on various rules 18:50 < revoltingPeasant> djph: aha! of course thanks 18:50 < hazzardousmonk> Do you have any idea what mechanism verifies that the incoming packets are indeed a flowback of a connection initiated from within the LAN? 18:50 < tds> on a linux router, conntrack 18:50 < djph> they have a flag set ("established" or "related") 18:51 < Project86__> djph: I didn't even know any Ethernet slots were different besides the main "IN" one.. (unless that's what u mean) 18:51 < djph> as well as some identifying information about what solicited that request. 18:51 < djph> Project86__: huh? 18:52 < Project86__> djph: read back where there was a discussion of configuring the right Ethernet, not the left. And whatnot 18:53 < hazzardousmonk> great - thanks ...just read up about stateless and stateful. Thanks for pointing me in the right direction 18:53 < djph> Project86__: yeah, I was asking if the guy was configuring the right (as in *correct*) interface. detha made a joke that it was the left (positional) one. 18:54 < tds> djph: random thought - is conntrack only able to track tcp/udp/icmp, or can it do other protocols as well (with plain routing, not nat), eg would sending 6in6/4in6 packets outbound from a network mark incoming 6in6/4in6 packets from the same ip as related/established? 18:59 < detha> tds: nothing stopping it from doing that - it can track on the (ip, protocol) tuple. Now if you want it to look /inside/ the 4in6 packet, that's another story 18:59 < djph> ^ 18:59 < detha> same applies to, e.g. GRE 19:01 < tds> ah yeah, I was only thinking of tracking the 4in6 traffic, rather than the encapsulated packets 20:08 < ScriptGeek> I have an alfa awus036nh wifi adapter and I want to connect to a specific access point, which is one of many sharing the same SSID. Is there any way I can do this? 20:09 < localhorse> hey, does anyone have an idea why websockets aren't working over my TP-Link MR3020 with OpenWrt? https://superuser.com/questions/1319690/websocket-connection-timeout-problems-over-wifi-routers 21:03 < Apachez> eurovision: ON 21:11 < spaces> Apachez ok, I join you, let's be gay together :P 21:13 < edumass> Hello, I have this situation: BroadbandConnection1 router with ip 10.0.0.1 dhcp disable (BC1), BroadbandConnection2 router with ip 10.0.0.5 dhcp enable (BC2), another router (R1) with wifi and ip 10.0.0.3 with eth1 connected to eth1 of BC1, another router (R2) with wifi and ip 10.0.0.7 with eth1 connected to eth1 of BC2, and eth4 of BC1 connected to eth4 of BC2. When I connect to BC1 or BC2 or R1 or R2 i get the dhcp values of BC2, if I connect 21:13 < edumass> to R1 is there a way to have BC1 as gateway to internet instead BC2 ? 21:17 < ScriptGeek> I found NetSetMan, it allows me to connect to a specific access point that shares the same SSID as many other access points. No thanks to Microsoft, this solution works great. 21:18 < ScriptGeek> My otherwise worthless wifi connection has turned into something quite nice 21:52 < djph> if the wifi has a bunch of APs, and you're connecting to one with shitty signal, the APs are set far, far too high. 21:53 < djph> edumass: mind drawing a picture? try draw.io 21:56 < mehwork> if people use 1.1.1.1 to avoid dns providers selling their data, does that mean if i typed in an IP address manually that they can't sell it? Because my ISP is my dns provider, so i don't see how it matters? 21:57 < djph> depends if the target IP will serve up a webpage if you hit the IP directly or not 21:57 < spare> you need dns hostnames for tls commonname signing and you can have more than one domain on the same ip 21:57 < mehwork> good point 21:58 < spare> if they only get ip data they cant really correlate what you actually requested or prove what the address returned but the domain leaks in http/s regardless supposedly 22:01 < mehwork> So using the example of a porn site, if you wanted to block that you went there from an ISP, you have to use a vpn or a proxy, rather than just using 1.1.1.1? 22:01 < mehwork> or would it only be hidden using 1.1.1.1 if you used the encrypted dns setup version? 22:06 < Peng_> spare: HTTP requests and TLS handshakes include the hostname, yes 22:07 < spare> you cant hide http domain requests from your isp regardless then 22:08 < mehwork> so a vpn is the only sure fire way? 22:08 < djph> VPN just moves who knows your fetishes 22:09 < spare> yeh or just tunneling eveything in general would hide it from your isp then give that data to the vpn and the isp they use then every ad agency with javascript running on the site the site itself etc ;P pretty much everything running a share on social media javascript plugin gives data to facebook and twatter etc 22:09 < mehwork> i thought the point of encrypted dns over http can hide the domain name from the isp 22:09 < mehwork> but i'm still reading up on it 22:09 < tds> mehwork: it also helps if the isp intercepts dns requests and responds with their own records 22:10 < tds> eg if they're returning their own IPs of a web server that displays ads when they should return nxdomain 22:10 < spare> you can attempt to stop outright logging and data hording by individuals but it doesnt stop the individuals from scraping that information from all the sites just changes data collection as a model 22:12 < mehwork> i guess i'm wondering if i should ever feel "safer" if i'm using 1.1.1.1 over my ISP's or some random provider. Or privacy is dead and it's more just for performance boost 22:12 < spare> you can still make a vps that returns different content based on the observer filtering specific domains or cookies to return completly different websites so its not really viable as ad data 22:45 < edumass> djph: http://movius.com.ar/lan.png 23:54 < sqed> Is this a good channel for asking how to configure sendmail correctly? 23:54 < TandyUK> edumass: any particular reason you have 4 routers, and not 1 router, some switches and access points? 23:58 < Capprentice> Hi! This is a topology im doing in GNS3 - SW1 -TRUNK - SW2, port1 trunk allowed vlan 1000, interface vlan having ip 1.1.1.1-2 respectively wth a mask of /24. Ping is not working bothways 23:59 < Capprentice> What is wrong? 23:59 < Capprentice> https://justpaste.it/5ad2s\ --- Log closed Sun May 13 00:00:10 2018