--- Log opened Thu May 31 00:00:38 2018
00:44 < brianx> catphish: email is set up and working end to end.  even most of the spam filtering is working. :-)
00:44 <+catphish> cool
00:48 < Harlock> what spam filtering product?
00:55 < brianx> iptables. :-)
00:55 < brianx> i maintain a rather extensive blacklist.  around 99% of the internet should not be sending me mail.
01:11 < FrostCyborg> Anyone here have decent experience with HP/Aruba Procurves with modules?  I'm trying to figure out if using "stacking 1 flex-module remove" will cause any issues to the production of the switch if I've removed all GBICs and cables from the ports in the module.  It's a stack of two 3810Ms and I'm entering a realm of middling experience.
01:15 < spaces> FrostCyborg huh ?
01:15 < spaces> explain again
01:17 < FrostCyborg> I have two 3810Ms, 16 SFP+ port models with an additional 4 SFP+ port module in one of the two module slots.  It currently thinks it has the GBIC transceivers still in place even after removal and this was after a reboot.  So I wanted to reseat the module, but it's not hot-swappable.  You need to run the removal command first.  I've never had to remove a module from any of the modular switches I've used in our environment, and I
01:17 < FrostCyborg>  wanted to know if anyone else had any experience with it.  I'm hoping it's just as simple as it cleanly disconnects the module and allows me to remove it.
01:18 < FrostCyborg> But since this stack contains our storage array and VM hosts I REALLY don't want to run into any gotchas.  This stupid issue is already weird in of itself.
01:20 < FrostCyborg> @spaces I hope that was clearer... I apologize for not being clear in the first place.
01:21 < spaces> sec, reading
01:22 < spaces> FrostCyborg it's a a failover stack ?
01:23 < spaces> what I don't get is, is it still in or out ?
01:23 < FrostCyborg> No.  It's more of a management/ease of configuration stack.  The switch in of itself is fine as far as I can tell.  It's one of the expansion modules that's "stuck"
01:23 < FrostCyborg> The switches have backplane stacking cables for interswitch communication
01:24 < spaces> stuck but out of of the chassis ? you removed and rebooted it ?
01:24 < spaces> I don't get it
01:24 < FrostCyborg> No, I have not removed the module.
01:24 <+catphish> that sounds horrible, i thught all those modules were hot swappable :(
01:24 < spaces> catphish they should be
01:24 < spaces> but as it's stack module.... it could be it needs it from boot
01:25 < spaces> the cisco ones are not hotswappable as well wasn't it ?
01:25 <+catphish> oh, i'm thinking of the transceivers, not the line card itself
01:25 < FrostCyborg> I apologize for not being clear...
01:25 < FrostCyborg> The stack module is not stuck
01:25 < spaces> ah
01:25 < FrostCyborg> the SFP+ expansion module is.
01:25 < spaces> ok
01:25 < spaces> no the port
01:26 < spaces> it's no module
01:26 < spaces> it's a port on a card
01:26 <+catphish> i'm not familar enough with procurve to advise, but if there's a command to remove the card, that seems sane enough
01:26 < spaces> FrostCyborg show us pics
01:28 < FrostCyborg> @catphish That's what I was hoping.  Just wanted to see if anyone else dealt with this before
01:28 < FrostCyborg> spaces pics of?
01:29 < FrostCyborg> The switch? Module? both?
01:29 <+catphish> afraid my advice is worthless as i've never used a hp stack
01:29 < spaces> FrostCyborg switch, I'm not sure what expansion you mean now
01:29  * spaces did in the 4000/8000M days 
01:30 < FrostCyborg> https://marketplace.hpe.com/pdp?prodNum=JL083A&country=us&locale=en&catId=329290&catlevelmulti=329290_5318692_4179423_1008605445
01:30 < FrostCyborg> This module
01:30 < spaces> FrostCyborg so that module "tells" you that it sees a gbic which is not in there
01:31 < FrostCyborg> Yes!
01:31 < spaces> aha ok, then reboot the modulefrom the commandline
01:31 < spaces> that should be possible
01:31 <+catphish> FrostCyborg: pretty poor that it didn't detect the right module after a reboot, maybe the stack master remembers
01:32 < FrostCyborg> Yeah, except this is on the stack master. @catphish
01:32 < FrostCyborg> catphish commander technically
01:32 <+catphish> FrostCyborg: well if you rebooted it, wouldn't that mean the other one beceme master in the meanatime?
01:32 <+catphish> and hence the running config would have remained
01:32 < FrostCyborg> @catphish No, in Procurve world, rebooting reboots the stack
01:33 <+catphish> oh ok
01:33 < FrostCyborg> You can technically do one at a time
01:33 <+catphish> then i have no idea :( seems like an eject command is the only option
01:33 < spaces> FrostCyborg the stack dies when you reboot the master ?
01:33 < spaces> yeah should be
01:33 < FrostCyborg> catphish That's what I was thinking... I'll just wait until later in the day in case I have "issues"
01:34 < spaces> it's not HA
01:34 < FrostCyborg> spaces No, one of the additional switches becomes the "commander"
01:34 < spaces> I have read about this about half a year ago
01:34 < FrostCyborg> But if you reboot the stack as a whole which is default behavior then you get the same commander back when they come up
01:34 < spaces> FrostCyborg then reboot the freaking thing
01:34 <+catphish> sounds like he did
01:35 < spaces> take it down
01:35 < tds> if by any chance anyone in the uk has monitoring pointed at google's resolvers, has anyone else seen an increase in latency (to both a and b resolvers) since ~5:30pm?
01:35 < spaces> FrostCyborg I think you are just afraid of the "failover" never tested before ?
01:35 <+catphish> tds: how much increase?
01:36 < spaces> tds it's because of the Brexit, hell we are gonna nail them :P
01:36 < tds> one box went from ~2ms to ~7ms
01:36 < FrostCyborg> spaces I will probably have to.  I'd prefer to try the command to down the module for removal first since there are no active connections on it.
01:36 < tds> oh wait, I just remembered that ripe atlas is a thing, I'll go check there :P
01:37 < spaces> FrostCyborg it's simple, connections for storage are on both switches ?
01:37 < spaces> for each device
01:37 <+catphish> tds: i see 7ms right now, but dont know what it was before
01:37 <+catphish> frankly, 7ms is fast, so "meh"
01:38 < TandyUK2> tds: yes, just tested it here and i seem to have gone from ~7/8 to ~13/14
01:38 < TandyUK2> 2>7 is one hell of a jump
01:39 <+catphish> tds: looking at a traceroute, its going a long way :( i suspect they downed their london resolvers
01:39 < tds> yeah, I suspected that might be the case
01:39 < UncleDrax> (obligatory: brexit?!)
01:40 < tds> oh well, someone at google is probably having a far worse evening trying to fix it
01:40 < spaces> UncleDrax as I said, we are goign to nail them
01:40 <+catphish> it doesn't help that google's network has no rdns :(
01:40 < tds> yeah :/
01:40 < spaces> huh ? why no rdns ?
01:40 < FrostCyborg> spaces Yes. I've already rebooted both switches to solve another problem.  This module situation seems to have persisted through.  It's really frustrating too because the config for this stack is stupid simple... VLANs, ports tagged and untagged, IPs for the switch on each VLAN, and spanning tree... It's like 40 lines long.  It's literally for 10Gb for storage and VMs...
01:40 <+catphish> spaces: ask google
01:40 < FrostCyborg> all layer 2 no less, no layer 3
01:41 < spaces> catphish I just did, I'm waiting for their reply, I hope they have a long TTL
01:41 <+catphish> tds: i see this: https://paste.ubuntu.com/p/6t8MfXPwWS/
01:41 <+catphish> tds: i can't explain why it doesn't reach 8.8.8.8, that makes no sense
01:42 < spaces> FrostCyborg so it's simple then, turn of the freaking switch, rip out the module, boot it, see what happens... turn it off again, put module back in and done
01:42 < tds> yeah, I see the same behaviour as well, yet I can ping 8.8.8.8 fine
01:42 < spaces> is about 30 min woik max
01:42 < tds> and I've seen mtr show ??? as intermediate hops before (but still show the last one), so that's just weird
01:42 < spaces> work
01:42 < spaces> I need to brush teeth
01:42 <+catphish> tds: that's very odd, i'd guess they're sending it off outside the great kingdom
01:43 < FrostCyborg> spaces LOL, that's a simple way to solve it.  Thank you.
01:45 < tds> I'm sure I can get to a pretty ui showing a change in the route, but only if I can ever get the ripe atlas search page to load ;)
01:45 <+catphish> tds: looking at that route, i'd expect a responde of 2-3ms if they were resolving in london, probably just maintenance, and still impressively fast
01:46 <+catphish> also looking at that route, i feel i'm being a but hypocritical about rdns :)
01:47 < tds> heh, it's still a little bit useful like that I guess, it at least shows ownership
01:47 < tds> though so does mtr -z :P
01:47 < spaces> FrostCyborg you didn't thought about that ?
01:48 < spaces> meb my dog want to lie against my legs all the time
01:48 < spaces> meh
01:49 <+catphish> i've never seen mtr -z
01:49 < FrostCyborg> spaces I did... I just was trying to see if the other options might be preferable.  The command to just tell the module to shutdown/remove seems pretty straightforward but since this is a production environment, I really was hoping maybe someone had some specific knowledge that "yeah, it's easy and won't cause problems"
01:49 < tds> shows the ASN next to each hop
01:49 < tds> can be slow to do lookups sometimes though
01:49 <+catphish> just tried it, doesn't seem to work well :(
01:50 < spaces> FrostCyborg stuck means, take out and failover
01:50 < spaces> you need a hard reset
01:50 < tds> some times it seems to work pretty much instantly, other times mtr just displays a blank screen for ages, I don't know why
01:50 < spaces> mtr is not always that reliable
01:51 <+catphish> i got a blank screen for ages, eventually it worked, but doesn't know my ASN
01:51 < spaces> it seems my laptop fan needs some new Olive oil after 1,5 year!
01:52 <+catphish> and it's a cool mystery to me why it's not getting a response from 8.8.8.8
01:52 < spaces> are they changing routes ?
01:53 <+catphish> my guess, too many hops, and it gives up
01:53 < spaces> nah doubt it
01:53 < tds> oh, from my desktop I get a load of missing hops, then a response
01:53 <+catphish> doesn't work even with -m 50
01:54 < spaces> I think they are changing routes
01:54 < spaces> or maybe even failover
01:54 <+catphish> -m 50 doesn't work, it doesn't send 50 requests :(
01:54 <+catphish> wonder when mtr "gives up"
01:54 < tds> https://pastebin.com/wwZiydix
01:55 < tds> that's what I see from my desktop, weird
01:55 < tds> oh, oops, I didn't use the raw link :(
01:56 <+catphish> eww he
01:56 <+catphish> peer with google you savage :)
01:56 < tds> heh, maybe they'll reply to my email eventually ;)
01:57 <+catphish> lol, oh we had this conversation didnt we
01:57 <+catphish> i see them via linx rs
01:57 < tds> haha, yeah
01:57 < tds> last one I got told to update my records on peeringdb (which should be up to date anyway), I suspect their automatic provisioning won't like the lack of a v4 address on the IX port entry
01:58 <+catphish> nobody likes non-dual-stack-peering
01:58 < tds> yeah, I guess I'll wait a while and see if they reply, failing that I could always add the address and just set it up not announcing anything
01:59 <+catphish> i should sleep now
01:59 <+catphish> went to sleep on the sofa in my office today, oops
02:00  * tds has finished exams now, so can have an even worse sleep schedule than normal
02:01 <+catphish> i also threw myself on the ground playing tennis today and have a bloody elbow
02:02 < tds> :(
02:02 <+catphish> thusly: https://i.imgur.com/5gS6nVr.jpg
02:04 <+catphish> i'll probably live
02:05 < spaces> or it's your bot who is responding here...
02:05 < spaces> catphish skateboarding is for teenagers
02:06 < spaces> or dogs
02:06 < tds> skateboarding and tennis are rather different, though ;)
02:07 < spaces> UK people are weird, it's or a reason they exit ;)
02:08 < spaces> *for
02:09 <+catphish> i voted to exit because i dont like coloured folk coming here, stealing my job, eating my quarter pounder with cheese
02:11 < spaces> you sound like you want to live with Trump :P
02:11 < tds> I wasn't old enough to vote, so never had a say in it
02:12 < spaces> I still love this one: xenial-updates/main amd64 linux-firmware all 1.157.19
02:12 < spaces> linux-firmware... sure, oh don't touch my hardware
02:12 <+catphish> tds: how annoying for you, well good thing us oldies were able to screw it up just in time for you to enter the workforce
02:12 < spaces> are you old then ?
02:12 <+catphish> 31
02:13 < spaces> are you like Benjamin Button ?
02:13 < spaces> damn I want to cuddle with my dog
02:13 <+catphish> and in case it's not obvious, i rather liked being in the EU, but i'm sure things will be ok
02:14 < spaces> I think there will be a lot of difficulties too
02:14 <+catphish> i've been forced to develop and apathy towards it
02:14 <+catphish> it won't really affect me
02:15 < spaces> hehe
02:16 <+catphish> except possibly to reduce my retirement income by some amount we'll never know, and make me need to fill out the occasional visa
02:17 <+catphish> tds: what exams did you just finish? i levels i assume
02:17 <+catphish> or is it too early for that
02:17 <+catphish> i forget
02:18 < tds> 1st year uni exams, I don't think a levels/gcses start for another few weeks iirc
02:18 <+catphish> i remember the day i finished a levels and realised i'd never have to go to school again, best thing ever
02:19 <+catphish> not that i went to school for much of my final year anyway
02:20 < tds> I quite enjoyed a levels, this year has been pretty boring though in terms of subject content
02:20 <+catphish> i didn't go to university
02:21 <+catphish> realised at the end of a levels that school just wasnt for me
02:21 < tds> lots of interesting people and technical societies doing cool things, the actual subject seems boring though so far :/
02:21 <+catphish> yeah sounds fun, but screw the cost
02:22 < tds> yeah :/
02:22 <+catphish> £27,000 minimum, no way
02:22 <+catphish> although it was a lot less when i would have gone
02:22 <+catphish> but still not for me
02:23 < tds> that reminds me, I still need to post off a thing to student finance that's been sitting on my desk for 2 months, I should probably do that
02:23 <+catphish> lol
02:26 < spaces> FrostCyborg fixed ?
02:26 <+catphish> good buy for now
02:26 <+catphish> zzzz
02:26 < spaces> cu
02:28 < FrostCyborg> spaces Nope, I need to wait until a little later after normal biz hours
02:59 < spaces> FrostCyborg screw those hours, it could go wrong realtime as well
03:02 < spaces> and it should not go wrong, you have failover
03:08 < tds> looks like google dns is alive again in london, I'm seeing <1ms rtt again now
03:09 < tds> interestingly, both times the routing switched, some of my monitors for nat64 (which does lookups against 8.8.8.8 through nat64) went off
03:12 < spaces> tds weird
03:14 < spaces> tds check the route again
03:14 < spaces> tds and why don't you cache your DNS lookups ?
03:15 < tds> I do, I don't use google's resolvers myself, I run my own internally
03:15 < tds> 8.8.8.8 is just a nice target for ping monitoring
03:15 < tds> lol, routing looks like it's changed back again
03:17 < spaces> tds didn't I say ?
03:17 < blocky> does anyone know what linux (arch) is supposed to do when it receives an ICMP redirect? is there a flag somewhere that i can enable to get it to add a route to the routing table?
03:17 < spaces> some people say it's not good to use google dns servers for ping monioring, use root DNS servers instead
03:18 < tds> hmm, I'd be interested to know how much icmp traffic google gets to their resolvers
03:19 < spaces> tds there are lots of cache servers in front of them ;)
03:20 < spaces> I have serious sleep issues atm
03:22 < tds> this routing is all over the place, rtt dropped for maybe 20s and then went back up again
03:23 < spaces> ok, this woman is seriously bloody :P https://github.com/BloodyHel
03:23 < spaces> or hell
03:57 < blocky> can someone suggest a good resource on how to design a vpn? installing the software is not as hard as figuring out which subnets should be used for what and how the routing tables should look
04:05 < blocky> is there such a thing as a book on architecting ip networks?
04:26 <+pppingme> blocky sure
04:38 < blocky> i have a home network with a private subnet and a gateway which is doing nat so all traffic general flows to that gateway, but i want to have a vpn gateway on the same subnet but not on the same gateway. is there a "correct" way to get data destined for the vpn subnet (which is different from the regular lan subnet) to flow to the vpn gateway and not the regular gateway?
04:47 <+pppingme> you add a single route to the main router with the subnet of the vpn, and its next hop would be the ip of the vpn server on the lan
04:50 < blocky> so someone else suggested i do that, and it seems like it should work, but whats happening is when a host inside the lan sends a packet (addressed to the vpn gateway but forwarded to the normal gateway, because this host doesn't have that custom route) the normal gateway doesn't seem to forward the packet back to the vpn gateway, and instead just sends an icmp redirect back to the lan host
04:59 <+pppingme> it does both..  it forwards the packet *AND* sends the icmp redirect
04:59 <+pppingme> it does its job, but at the same time is telling client there's an easier way
05:10 < blocky> i think something is not working, because on the vpn gateway using tcpdump i do not see the packet arrive
05:31 < ahyu84> hi guy
05:31 < ahyu84> anyone had idea
05:31 < ahyu84> why windows 10 hardly join domain?
05:31 < ahyu84> I already put DNS to point to the only 1 domain IP address
05:31 < ahyu84> still its state error
05:32 < ahyu84> my windows 7 PC working well with all auto ip and auto dns
05:32 < ahyu84> so weird
05:33 < ahyu84> even I tried reformat to windows 10 its still same issue
05:33 < ahyu84> so weird
05:41 < myxenovia> is voip is just a voice from mic and then turned into bytes to be sent to other end?
05:44 < ahyu84> @myxenovia
05:44 < ahyu84> yes
05:45 < ahyu84> tat why its called Voice-Over-Internet-Protocol
05:45 < phocking> lol
05:45 < ahyu84> in short Voice Over IP
05:47 < Apachez> in short VoIP
05:47 < Apachez> in short wtf is wrong with this shit?
05:51 < myxenovia> ahyu84 well is there other way to send voice instead over ip?
05:51 < myxenovia> in mobile phone
05:53 < myxenovia> well the reason i asked about voip is becuase i dont understand this "Microphone audio source tuned for voice communications such as VoIP"
05:53 < myxenovia> i mean what kind of tuning is it
05:54 < skyroveRR> Analog to digital.
05:54 < ouemt> myxenovia: it probably means the mic is tuned to emphasize frequencies that make the voice more understandable after compression
05:55 < myxenovia> well, if the sender and receiver are both mobile phone, tuning isnt needed because they can both read the same sound
05:55 < ouemt> information is lost during compression. Choosing the right filter or mic response before compression can make a big difference
05:55 < skyroveRR> Compression never occurs over GSM.
05:56 < skyroveRR> The towers would be doing too much work, and too many resources would be needed.
05:56 < ouemt> skyroveRR: https://en.wikipedia.org/wiki/Adaptive_Multi-Rate_audio_codec
05:57 < ouemt> the towers don't have anything to do with the compression, the phone does it before sending it to the tower
05:57 < myxenovia> gotta read more i guess
05:57 < myxenovia> ll
05:57 < myxenovia> lol
05:57 < myxenovia> yea
05:57 < skyroveRR> ouemt: ... I see.
05:58 < skyroveRR> I stand corrected!
05:59 < ouemt> myxenovia: an important part of that article I just linked: "Sampling frequency 8 kHz/13-bit (160 samples for 20 ms frames), filtered to 200–3400 Hz"
05:59 < ouemt> that means that any audio outside 200-3400 Hz is filtered out before compression, so you want a microphone that concentrates its response in that range. The shape of the response will be tuned to maximize comprehensibility after AMR (or similar) compression
06:01 < skyroveRR> So is the phone doing all this before sending it over the network?
06:01 < skyroveRR> Or is the network involved, too?
06:02 < ouemt> skyroveRR: all on the phone
06:02 < ouemt> It's super basic computation
06:03 < jaelae> soo my personal home network but the past two nights by the end of the night my internet speed drops severely to like 1 Mbps down. I check everything but ultimately the fix is to reboot my cable modem and then viola. back to 120+Mbps
06:03 < ouemt> I'd be shocked if the phones didn't have dedicated chips for it
06:03 < skyroveRR> ouemt: so what final output is the network getting? Just the audio?
06:03 < ouemt> skyroveRR: packets of data
06:04 < skyroveRR> Yeah, I mean the conversion, but still.
06:04 < ouemt> skyroveRR: https://en.wikipedia.org/wiki/LTE_(telecommunication)#Voice_calls
06:05 < skyroveRR> ouemt: what about plain basic 2G?
06:06 < skyroveRR> LTE is over my head.
06:07 < lorfds> https://paste.debian.net/1027371/
06:07 < lorfds> Any thoughts on what would cause something like this?
06:07 < ouemt> skyroveRR: my understanding is that GPRS uses IP, PPP, and X.25, so it's all packetized too
06:09 < ouemt> lorfds: that's a router advertisement coming from 192.168.60.170, and the log suggests that it shouldn't be sent to 224.0.0.1
06:09 < lorfds> ouemt: why does it think it shouldn't be sent to 224.0.0.1?
06:10 < lorfds> i think this might have something to do with our vpn setup
06:10 < lorfds> but i inherited this mess, so not quite sure what's going on
06:12 < ouemt> lorfds: unsure http://www.networksorcery.com/enp/protocol/icmp/msg9.htm
06:12 < ouemt> pretty noobish when it comes to networking
06:15 < ossifrage> Another weird verizon outage?
06:16 < Tegu> lorfds: at least 224.0.0.1 is a multicast address, and apparently ICMP responses are not allowed in response to multicast packets  http://www.icir.org/fenner/mcast/icmp.html
06:19 < ossifrage> teaearlgraycold_, are you having some sort of weird outage with verizon again?
06:41 < backtrack_> hi
06:41 < backtrack_> https://forums.macrumors.com/threads/wi-fi-sync-randomly-stops-working-fixed.1252394/
06:41 < backtrack_> "I repaired my wireless internet connection which refreshes the cache stored between your computer and router. This brought my phone back into iTunes again. I suggest you try this as well trem."
06:41 < backtrack_> what cache he is talking about?
06:46 < blocky> dns maybe, although not sure why that would make itunes recognize a phone that it wasn't before
06:46 < backtrack_> dns you mean multicast?
06:47 < blocky> no, the dns resolver cache
06:48 < blocky> the local list of pairs of domain names and ip addresses that have been retrieved from a remote dns server and stored can be out of date if something changes on the remote server
06:51 < backtrack_> blocky, but itunes does not use dns
06:51 < blocky> all applications that use the internet use dns
06:51 < blocky> most, anyway
06:51 < backtrack_> and i'm not talking about internet
06:51 < backtrack_> who is talking about internet?
06:51 < backtrack_> it's a LAN
06:52 < blocky> 21:41:43       backtrack_ | "I repaired my wireless internet connection
06:52 < backtrack_> then he is wrong
06:53 < blocky> ... he is you
06:53 < backtrack_> itunes wifi sync is a system to sync an iphone to PC over a LAN
06:53 < backtrack_> i do not written that sentence, it's a quote
06:53 < backtrack_> *did
06:53 < blocky> i understand. if you think he is wrong then why are you asking us to figure out what he is talking about? that post is from 7 years ago also
06:54 < backtrack_> i just need to know what cache he is talking about, and how to refresh it
06:54 < blocky> why don't you ask him?
06:54 < backtrack_> ...
06:55 < blocky> i was just guessing when i tried to answer your question before, which is all anyone here can do: guess
06:56 < blocky> if you think that what this person posted is accurate, then he explains how to do it in his post. if you don't think his info is trustworthy, then why would you even try to guess what cache he is talking about?
07:02 < blocky> anyone know why my gateway would send ICMP redirect packets without actually forwarding the packets that are causing the redirect to the appropriate nexthop?
08:18 < godSend23> hey all
08:27 < godSend23> anybody know of a free web hosting service?
08:31 < DoctorDick> AWS and GCP are free ish
08:31 < DoctorDick> They're both free for the first year
08:31 < godSend23> oh wow
08:31 < godSend23> thanks
08:31 < godSend23> and i can get any url name?
08:32 < DoctorDick> godSend23, No
08:32 < DoctorDick> You need to purchase your own domain if you want to do that
08:34 < godSend23> hmm
08:35 < godSend23> right now i'm using square
08:35 < godSend23> or did
08:35 < godSend23> and now i just want to transfer over the name to a free web host
08:35 < DoctorDick> So who's your domain registrar?
08:36 < godSend23> wouldn't square use the same one?
08:36 < DoctorDick> I have no idea
08:36 < godSend23> ok
08:36 < DoctorDick> You're the one who's suppose to know
08:36 < godSend23> how do i find out?
08:36 < DoctorDick> Because you know, it's your site
08:36 < godSend23> i mean the details of which
08:37 < DoctorDick> ?
08:37 < light> What's your domain?
08:37 < godSend23> it's inactive now
08:37 < godSend23> since nov '17
08:37 < DoctorDick> So then you don't have a domain
08:37 < godSend23> but square still has a backup of my site
08:38 < godSend23> so i want to reupload it to a new free onee
08:38 < light> try geocities or anglefire
08:39 < light> angel*
08:39 < godSend23> hmm
08:39 < godSend23> if i do that, i won't have rights to www.[domanName].org
08:40 < DoctorDick> What is/was your domain name?
08:40 < light> what's domanName?
08:40 < godSend23> it was "kingdentistry.org"
08:41 < DoctorDick> So do you still own the domain?
08:42 < godSend23> only if i renew it w/ square
08:42 < DoctorDick> You don't need to do that
08:43 < DoctorDick> https://webmasters.stackexchange.com/questions/95457/can-you-renew-a-domain-through-a-different-company
08:43 < light> You can't renew the domain because it doesn't exist
08:43 < godSend23> hmm
08:43 < light> NOT FOUND
08:43 < light> >>> Last update of WHOIS database: 2018-05-31T06:42:34Z <<<
08:43 < light> NOT FOUND
08:43 < light> >>> Last update of WHOIS database: 2018-05-31T06:42:34Z <<<
08:43 < light> oops
08:44 < light> just register it with anyone
08:44 < DoctorDick> You better buy it before someone else snatches it up
08:44 < light> like doctordick.com
08:45 < DoctorDick> Yeah, I'm not too worried about that
08:45 < potatoe> detha are you still around? I didnt get time to look at the ipfw problem, did you have any new ideas?
08:46 < detha> potatoe: I am around. However I am only on my first dose of cafeine, so brain is still in slow mode
08:47 < detha> trying to remember what the problem was
08:48 < potatoe> lemme compile a paste with the information
08:48 < potatoe> one sec
08:48 < godSend23> hmm ok
08:48 < detha> something natd?
08:48 < godSend23> so there's no free domain name service?
08:48 < godSend23> combined w/ web hosting?
08:48 < light> there are lots
08:48 < light> you can have kingdentistry.doctordick.com
08:48 < godSend23> well DD told me to buy it
08:49 < light> yeah why not buy it?
08:49 < light> It's like $9 for a domain
08:49 < light> surely a dentist can afford it
08:49 < DoctorDick> light, hard no
08:49 < light> why? because denists aren't real doctors
08:49 < DoctorDick> It's like 6.22 Canadian on namecheap
08:49 < DoctorDick> Which is like 3 USD
08:50 < light> lol
08:50 < godSend23> heh
08:50 < godSend23> good pt
08:50 < godSend23> for how long?
08:51 < light> are you tight?
08:51 < DoctorDick> It's 3 fucking dollars
08:51 < DoctorDick> Just buy the fucking domain
08:51 < godSend23> i understand guys
08:52 < godSend23> how long will i have it for?
08:52 < DoctorDick> Depends how long you buy it for
08:52 < light> for as long as you have money
08:52 < godSend23> oh ok
08:52 < potatoe> detha yeah, natd running but the reply from the resolver is not making it back in the jail
08:52 < potatoe> https://bpaste.net/show/260d567fd2d2
08:53 < potatoe> ipfw ruleset, natd, tcpdump etc in that paste
08:53 < momomo> Don't block me. One line. Looking for a Linux Sysadmin in Europe, for a great job oppurtonity in Stockholm city. Well payed, permanent / temporary (based on your preference). Immediate Accommodation. One crux, has to also know Elastic Search. Need to be filled immediately.
08:53 < potatoe> momomo sounds tempting, I do know ES and am an SRE but im quite happy with my job
08:53 < godSend23> do u guys recommend a place to buy it?
08:54 < light> momomo: how many pesos?
08:55 < potatoe> shekels
08:55 < DoctorDick> Can I get paid in tacos?
08:55 < light> pour que no los dos
08:55 < momomo> light: lot
08:55 < momomo> good pay
08:55 < DoctorDick> Por que tacos son deliciosos
08:55 < light> be specific
08:56 < light> when people are vague about pay it usually means it's not very good
08:56 < DoctorDick> 14 pesos per year
08:56 < DoctorDick> That's like 12 whole tacos
08:56 < regdude> my company is also looking for a sysadmin, cannot find it still after a half of year, there simply is none
08:57 < light> you might need to increase the pay to attract more talent
08:57 < momomo> light: I sent you a pm
08:58 < regdude> we pay more than we should, there simply is none left in this side of Europe
08:58 < DoctorDick> If you can't tell us the salary in channel, then the pay is way too low
08:58 < momomo> light: not true, we will  pay whatever is needed for you to be satisfied
08:58 < screwsss> ##cycling sorry guys just trying to setup mirc to auto login my nick
08:59 < godSend23> do u guys recommend a place to buy it?
08:59 < shtrb|work> regdude, or maybe he works for a us company and he is forbiden to say his salary (contract)
09:00 < regdude> well I work in EU and it is forbidden for us as well. But we pay sysadmins twice the average in our country, which is about 10 times the minimal wage
09:00 < shtrb|work> I thought it was only in the UK where they put that in the contract, intellectually chalenged  corporate priks
09:02 < regdude> I think it is everywhere these days for any decent company, because why would you pay more to someone if they don't ask more
09:04 < shtrb|work> I see
09:08 < momomo> light: check you pm
09:08 < shtrb|work> Would SIT or GRE tunnel work If I'm behind CGNAT (ipv6 over ipv4) ?
09:11 < detha> potatoe: in theory, that should work. Assuming all the various sysctl things for  routing etc are set up, otherwise it probably wouldn't get out. Also assuming it picks the right 1.1.1.1 from /etc/resolv and puts that in the rules
09:12 < potatoe> yeah it does i checked
09:12 < potatoe> wait do i need any routing things for sysctl?
09:12 < potatoe> I have gateway_enable=YES
09:13 < momomo> light: where are you residing? and don't worry about the pay. to get you onboard I will give you whatever salary is needed to get you onboard ... that is the least of our problems and usually not the first thing that is discussed
09:13 < detha> some googling got 'firewall_nat_enable=YES' in rc.conf
09:16 < potatoe> detha i think that is for inbuilt nat in ipfw
09:17 < potatoe> but I don't have the kernel option enabled for that
09:18 < detha> ah, ok.
09:19 < potatoe> also detha routing was enabled, just to confirm, # sysctl net.inet.ip.forwarding=1
09:19 < potatoe> net.inet.ip.forwarding: 1 -> 1
09:22 < detha> then I don't know. Only thing I can imagine is that the keep-state doesn't catch it; you could try an 'allow from any to any diverted'
09:25 < momomo> DoctorDick: Salary is between 3-4000 eur per month .. but can be more depending on options you want .. we are very flexible depending on if you want to be employed or as a freelance (lower tax hit)
09:25 < momomo> netto
09:25 < potatoe> oh
09:25 < potatoe> thats low
09:25 < momomo> netto?
09:25 < momomo> meaning a salary of 5-6000 pre tax
09:26 < momomo> if not more
09:26 < potatoe> ah thats more like it
09:26 < momomo> hehe
09:27 < potatoe> detha i added allow any to any diverted as rule 1, still not getting caught
09:27 < potatoe> as in detha, still the same as before
09:27 < momomo> can be more netto, if rather than salary we invoice you
09:29 < shtrb|work> If he takes the self employed/freelancer , before deciding please for the sake of all what is holly consulte a tax person
09:30 < shtrb|work> When you choose to take jobs not as an employee you need to handle tax by yourself, and to see if that works for you correctly
09:31 < detha> potatoe: hmm. trying to see where it blocks it - maybe put a 'deny log from 1.1.1.1' at various places, to see where it stops
09:31 < potatoe> detha gotcha, i was also thinking of it and added it after natd divert, let me get the log
09:36 < potatoe> detha even though ive deny from 1.1.1.1 i only ever get this logged
09:36 < potatoe> May 31 23:35:25 alexbsdtest2 kernel: ipfw: 802 Accept UDP 10.0.2.15:48315 1.1.1.1:53 out via em0
09:36 < potatoe> May 31 23:35:30 alexbsdtest2 kernel: ipfw: 802 Accept UDP 10.0.2.15:27467 1.1.1.1:53 out via em0
09:36 < potatoe> that means that the outgoing is getting natd correctly
09:36 < potatoe> but nothing for incoming
09:39 < potatoe> well tcpdump obviously sees the incoming packets but why isnt it logged even though deny log from 1.1.1.1 is set as rule 2
09:39 < detha> odd. and if you temporarily remove rule 50, does it start hitting the deny?
09:39 < potatoe> :/
09:40 < potatoe> detha yeah if you remove 50 then the deny is caught
09:41 < detha> even though it is later in the list... so 50 rewrites the 1.1.1.1 ?
09:41 < potatoe> seems like it
09:41 < potatoe> that is so weird
09:41 < detha> ok, maybe without rule 50 and a 'allow from any to any diverted' ?
09:41 < potatoe> going to deny log from any
09:42 < potatoe> to see what pops
09:44 < detha> ah wait, 50 will probably rewrite the incoming packet to pretend to come from $EXT
09:44 < potatoe> detha allow from any to any diverted has a syntax error
09:46 < potatoe> detha okay so i added 50 allow ip from any to any diverted and now its getting denied at 799
09:46 < potatoe> meaning it skipped my skipto
09:48 < detha> ok, so that catches it. ehm, skipto 801 ip from any to any diverted ?
09:51 < potatoe> detha it doesnt get caught as diverted
09:51 < potatoe> ipfw: 799 Deny UDP 1.1.1.1:53 10.0.2.15:19336 in via em0
09:51 < potatoe> 00101 skipto 802 ip from any to any diverted
09:52 < potatoe> this is so werid
09:52 < potatoe> what is natd even doing here
09:53 < potatoe> detha sorry i have to go for another meeting so I will be afk for a bit
09:53 < detha> np, chat later
09:54 < potatoe> but btw detha when I try to drill from my normal host it works
09:54 < potatoe> ipfw: 802 Accept UDP 1.1.1.1:53 10.0.2.15:13217 in via em0
09:54 < potatoe> but thats my normal host and not the jail
09:54 < potatoe> but when its from the jail its the exact same deny message
09:55 < potatoe> ipfw: 799 Deny UDP 1.1.1.1:53 10.0.2.15:58660 in via em0
10:03 < dminuoso> Im talking to a friend whose ISP is giving him only a /58 prefix - supposedly their reasoning is "you dont need larger prefixes"
10:03 < dminuoso> What is your opinion?
10:04 < detha> potatoe: it rejects the response, maybe you need to add the keep-state to diverted, in 801 ?
10:04 < dminuoso> Why not simply dish out a /48 for every customer. Residential, business..
10:04 < dminuoso> who cares. IPv6 prefixes are for free
10:04 < dminuoso> future proof this..
10:05 < dminuoso> This line of "this will be enough" is exactly what lead to IPv4 exhaustion. The solution is to dramatically oversize everything so it will definitely last...
10:06 < dminuoso> 16 VLANs can quickly be exhausted when you ahve one for your wifi, one for smart home devices, another for your computers..
10:06 < dminuoso> All this proves to me, is that their admin is a complete moron and doesn't get IPv6.
10:08 < dminuoso> oops. s/vlan/subnet/
10:08 < shtrb|work> dminuoso, do not connect your home appliences to your router if you care about privacy or dosing yourself
10:09 < dminuoso> shtrb|work: my point is: if you are an ISP and assign /58 prefixes you are seriously limiting choices in what a customer can do network wise - in the digital age where you might have more and more devices with every year, /58 is anything but not future proofing.
10:09 < shtrb|work> "smart home" applinces that have internet access are a pain in the gluteus maximus (remember how the smart HVAC could be disabled form outside)
10:09 < dminuoso> ISPs get IPv6 prefixes for free.
10:09 < dminuoso> So there's no reason to dish out /48 to everyone
10:10 < dminuoso> *not to
10:10 < shtrb|work> they could ask more money for that
10:10 < dminuoso> shtrb|work: so if you start flinging around prefixes with different lengths that increases network complexityu
10:11 < dminuoso> homogenous solutions are just so much easier to set up and reason about
10:16 < ahyu84> hi
10:17 < Gollee> ahyu84: hi
10:17 < ahyu84> LOL
10:17 < ahyu84> cool~
10:17 < godSend23> howdy
10:17 < ahyu84> office electric down
10:17 < ahyu84> so no working
10:17 < ahyu84> haha
10:19 < godSend23> do u guys have xperiences w/ AWS vs. GCP?
10:25 < Gollee> https://kinsta.com/blog/google-cloud-vs-aws/
10:25 < Gollee> https://hackernoon.com/aws-vs-google-cloud-platform-which-cloud-service-provider-to-choose-94a65e4ef0c5
10:26 < Gollee> it's not like there's a lack of resources on that very question godSend23
10:26 < godSend23> i guess i'd like to hear ur own experiences
10:26 < Peng_> Put their sales people in a room together and see what kind of discount falls out ;)
10:26 < godSend23> not some potentially baised report
10:27 < godSend23> based on who paid the reporters
10:28 < Gollee> so how do you know we're not paid or otherwise inclined to be biased?
10:28 < TandyUK> Peng: after long enough it will turn into a bidding war for who gets to pay you for using them
10:28 < Peng_> :D
10:29 < shtrb|work> I donate an open space just for that, who going to grab them to put them inside said room ?
10:31 < godSend23> i guess i trust IRC
10:31 <+catphish> morning
10:31 < shtrb|work> godSend23, cloud is just a fancy rig at someone elses place
10:32 < godSend23> heh that's prob true
10:32 <+catphish> not necessarily fancy :)
10:32 < godSend23> i just want to host a website
10:32 < shtrb|work> rasberi pi + solar panel + modem
10:32 <+catphish> one doesn't "just host a website", it rather depends on the website
10:33 < godSend23> true
10:33 < shtrb|work> he only wish to see a static HTML + some css and js
10:33 <+catphish> if it's plain html or php, there are approximately 1 billion companies who sell that service
10:33 < godSend23> are there an 'open source' equilvane to GCP?
10:33 < shtrb|work> catphish, why not a pi with a solar panel ?
10:33 < godSend23> w/ all their functionalities?
10:33 < godSend23> liek machine learning and AI?
10:33 <+catphish> shtrb|work: because sanity
10:34 < shtrb|work> catphish, as if dealing with php or maintance will leave you sane
10:34 < shtrb|work> it's worse than retail
10:34 <+catphish> well plain html, you can host for free on github
10:35 <+catphish> or just use any shared hosting provider :)
10:35 < Disconsented> Sounds like a good excuse for a static site gen
10:35 < godSend23> what about ML and AI?
10:35 < shtrb|work> some isps let you put stuff under your account site.com/~username
10:38 < godSend23> brb
10:48 < azizLIGHT> when i launch utorrent, everyone on the LAN cannot browse internet anymore... chrome says no connection and some things fail to load partway or load forever. i put utorrent on throttle but its still happening. problem stops when utorrent quitted
10:49 < TandyUK> your router sucks
10:49 < TandyUK> Ive had this a lot in the past with smaller sonicwalls - they simply cant handle the number of active connections bittorrent uses
10:49 < TandyUK> forget the speeds, but limit the total number of connections utorrent is allowed to make
10:49 < potatoe> detha the keep-state doesn't work either
10:50 < azizLIGHT> oh. is there a way to test what the max might be
10:50 < TandyUK> the fact it struggles at all, I wouldnt waste my time trying to find out, id simply replace the router off the bat
10:50 < TandyUK> im guessing this is some ISP-supplied piece of crap
10:51 < azizLIGHT> i cannot do that unforunately... we only have this internet connection availble here
10:51 < TandyUK> ok, so why cant you replace the router
10:51 < TandyUK> nothgn about the provider, just removve their cheap shit hardware and put in your own router
10:51 < TandyUK> if its cable or something, put the isp supplied PoS into 'Bridge mode'
10:52 < djph> mornin' TandyUK
10:52 < TandyUK> and plug this into the WAN port of your router
10:52 < azizLIGHT> its adsl and the isp is not someone who will cooperate
10:52 < TandyUK> if its adsl, just replace it with any other adsl router
10:52 < djph> (IOW, they won't do it for him)
10:52 < TandyUK> enter your login details, and off you go
10:52 < azizLIGHT> if theres settings to be set, any login to be put in. i cannot obtain it
10:52 < TandyUK> fuck that isp then lol
10:53 < azizLIGHT> not much choice for me unforunately
10:53 < TandyUK> well no torrenting for you then, quite simply
10:53 < dminuoso> azizLIGHT: What country do you live in?
10:53 < azizLIGHT> so how can i test the max # of connections and do the best i can do here
10:53 < azizLIGHT> saudi arabia
10:53 < dminuoso> Yeah well. Deal with it.
10:53 < TandyUK> if you cant/wont replace the router, youre not going to have any real sucess
10:53 < azizLIGHT> like i said... how do i test the max... and make do
10:53 < dminuoso> In Germany you can simply compell the ISP to tell you all details necessary to switch out the router.
10:54 < TandyUK> you make lots of connections, and whe nthe router fals over, you hit the limit lol
10:54 < detha> potatoe: very odd. you have lo1: going towards the jail?
10:54 < azizLIGHT> right thats great for germany
10:54 < shtrb|work> azizLIGHT, you can "guess" the setting if that is ADSL
10:54 < TandyUK> he cant really guess the radius user/pass
10:54 < dminuoso> TandyUK: *PPP
10:54 < TandyUK> the rest, sure
10:54 < dminuoso> CPEs dont speak radius
10:54 < TandyUK> huh
10:55 < shtrb|work> no no, what I meant was the connection settings (the ppp / radius / what ever he already get - printed on the buttom of the device or in the paper you get with the ISP)
10:55 < TandyUK> ADSL logins use radius, whether you thing the CPE 'speaks radius' or not
10:55 < TandyUK> yeah thats what he says isp wont give him
10:55 < TandyUK> sounds like a bullshit isp / monopoly
10:55 < dminuoso> TandyUK: Your modem/router at home does not speak RADIUS generally.
10:55 < shtrb|work> It's printed on the devices (buttom side)
10:56 < dminuoso> TandyUK: They set up PPP (the other endpoint may use RADIUS, DIAMETER or whatever to authenticate you)
10:56 < TandyUK> dminuoso: the username and password for the connection, is checked, on isps end, in their radius database
10:56 < dminuoso> TandyUK: RADIUS is not a database either.
10:56 < dminuoso> TandyUK: You are conflating so many things. Please stop.
10:56 < TandyUK> so he still needs the username and password, which he said ISP wont give him
10:57 < TandyUK> dminuoso: are you trying to help this guy, or just confuse the fuck out of him?
10:57 < azizLIGHT> im using ZTE ZXV10 adsl modem on 10240	kbps down / 860 kbps up (up is definitely a lie)
10:57 < dminuoso> TandyUK: You also dont know whether he needs a username or password at all.
10:57 < TandyUK> Im attempting to use terms a normal noob might actually understand, whether its 100% accurate or not
10:57 < shtrb|work> dminuoso, radius is a feces load of things, it does the accounting , authntication and authorization
10:57 < dminuoso> Some ISPs dont do any authentication and merely identify you through some port id
10:57 < TandyUK> some dont use radius, sure.  99% DO
10:58 < dminuoso> TandyUK: RADIUS is not a database. It's just a protocol. And routers you typically have at home dont understand RADIUs.
10:58 < dminuoso> They dont speak RADIUS.
10:58 < TandyUK> oh fuck me, i never said they did, YOU did
10:58 < TandyUK> I just said he needed to know the user/pass
10:58 < shtrb|work> azizLIGHT, is that a custom firmware , do you remember your talk with the rep when they have installed it at your side ?
10:59 < azizLIGHT> shtrb|work: its a ZTE brand adsl model (chinese). no custom firmware. they set it up and hand it to me and hope for the best
10:59 < dminuoso> azizLIGHT: Can you look at the settings?
10:59 < shtrb|work> dminuoso, I didn't see a single ISP that did not use radius (and the ones that uses Diameter had a translator unit installed)
10:59 < dminuoso> azizLIGHT: Check if there's any credentials.
10:59 < azizLIGHT> yes i guessed the logins: admin:admin
10:59 < azizLIGHT> i see them but they are all ***s
10:59 < dminuoso> shtrb|work: Some dont authenticate at all.
11:00 <+catphish> azizLIGHT: if they only support their own router, i don't see what option you have apart from just complaining to them that it's broken :(
11:00 < TandyUK> azizLIGHT: if the router is _that_ shit, you might find the password in plain text embedded in the html code of the relevant page
11:00 < azizLIGHT> hmmm that actually is a good idea. but it means downtime for me
11:00 < shtrb|work> dminuoso, I was talking about RADIUS (the access-request is auth )
11:00 < dminuoso> shtrb|work: I have a working understanding of RADIUS. Thank you.
11:00 < azizLIGHT> TandyUK: ill look
11:00 <+xand> yeah view the source of the HTML, it might show the password etc
11:01 < shtrb|work> dminuoso, ok then
11:01 < shtrb|work> azizLIGHT, is that router + modem or just a router ?
11:01 < TandyUK> you'll be looking for an <input type="password">   field, with hopefully a value="something"  param
11:01 < azizLIGHT> its a modem + router, but i use my own router because that one is shit
11:01 < azizLIGHT> i have jsut 1 client for it, my 2nd rotuer
11:03 < shtrb|work> Sometimes when you choose the backup setting in the routers, the file will have the credntials there (the password might be hashed)
11:04 < shtrb|work> azizLIGHT, What is the exact model ?
11:04 < dminuoso> shtrb|work: it cant be hashed because then its irrecoverable
11:04 < azizLIGHT> ZTE (brand) ZXV10 (model)
11:04 < shtrb|work> tell that to juniper (the backup file uses a hash)
11:05 < dminuoso> shtrb|work: how would it recover the original password then?
11:05 <+xand> it could only use hashes for passwords that are used to access the router
11:05 <+xand> not for passwords the router uses to access other things
11:06 < dminuoso> shtrb|work: The fortinet VPN client for example does some pretty obfuscation, but it's 100% recoverable if you understand the algorithm.
11:06 < shtrb|work> he won't but, with ADSL routers many times password = account number | phone numberetc
11:06 < shtrb|work> dminuoso, ok
11:06 < dminuoso> but thats not hashing
11:07 < shtrb|work> azizLIGHT, google says access comands are "admin/admin, zxdsl/zxdsl, Administrator/admin"
11:08 < azizLIGHT> yep im in the administration area already
11:08 < azizLIGHT> with admin admin
11:09 < azizLIGHT> the pre-filled ****'s for the password dont seem to have a value="" in the html
11:09 < azizLIGHT> for the pppoe
11:09 < azizLIGHT> i can see the username though
11:10 < shtrb|work> do you have several "circuit configurations"?
11:10 < azizLIGHT> if you mean pv0 through pvc7, yes
11:10 < azizLIGHT> *pvc0
11:10 < shtrb|work> go over ALL of them , sometimes you have several setup there
11:11 < azizLIGHT> they put the internet on pvc1, everthing else is bridge mode
11:12 < shtrb|work> I wonder if you could select a bridge mode to be active, setup pppoe on your router with that username to see if that will work
11:12 < shtrb|work> and try password='username' password='' password='accountid' password='phonenumber'
11:12 < shtrb|work> etc
11:13 < azizLIGHT> well i wouldnt want to mess up how it is now. because it would mean i would be offline for months
11:14 < azizLIGHT> for them to replace things... and wait time
11:14 < azizLIGHT> and its ramadan
11:14 < azizLIGHT> they dont do shit in ramadan
11:14 < shtrb|work> they don't work on ramadan ?
11:14 < azizLIGHT> hardly...
11:14 < shtrb|work> so call after night fall
11:15 < azizLIGHT> meanwhile i put utorrent on max # of connections to 15, and it seems to be ok for other comptuers on the LAN for browsing now
11:17 < azizLIGHT> its a low # of connections sure, but at least we can browse while do some downloading
11:19 < shtrb|work> I don't think if you choose a different active circuit you will not be able to go back or if it will overwrite the other ones
11:19 < shtrb|work> So if you have pvc0 - internet , and you select pvc1 as active - if there is a problem you should be able to select pvc0 again
11:19 < shtrb|work> but there is no gurntee for it
11:20 < djph> probably best to do that on the router he owns
11:20 < djph> err *on a modem* he owns
11:21 < azizLIGHT> yeah, can i just get any adsl modem?
11:21 < shtrb|work> just make sure it support your profile but yes (Vdsl XXX or ADSL xxx)
11:22 < shtrb|work> 99% the ones sold in your contry should support ALL isps
11:22 < azizLIGHT> ive found that when i browse on my vpn to USA, i dont get those errors from chrome about no internet, or partial loading, or loading forever
11:23 < azizLIGHT> works just fine on VPN
11:23 < azizLIGHT> so ive been doing that but some things i cant be doing on the VPN, like torrents
11:25 < shtrb|work> Google says Zain has forgot my password
11:26 < shtrb|work> maybe your ISP also have such an option
11:26 < azizLIGHT> if its possible to reset/obtain without interacting with a human, then id consider it
13:50 < afidegnum> hello, i have a debian where proxmox kvm is installed, i have a WindowsVm with it's own public IP, i have also manually configured the IP address, DNS etc.. but i can't access my IP publicly, what can be the cause? what do i need to do?
13:51 < djph> your entire network has public IP addresses then?
13:53 < afidegnum> when i ping that ip address, i get an empty response
13:57 < djph> and you 'own' the addres; you have properly set up routing for it; you're not in a situation where the IP has to be on your edge
14:06 < afidegnum> djph: i have 2 ips, one for the dedi server and one for the VM
14:09 < djph> and you've properly set up routing for them / they are actually routed to you?
14:10 < Rayben> AustNet
14:10 < varesa> Is the VM bridged to the dedi interface?
14:11 < varesa> Also some providers require you to give the VM MAC address to some interface of theirs
14:20 < afidegnum> yes the VM is bridged using Vmbr0
14:20 < afidegnum> i have configured the IP mac address as well
14:29 < varesa> can you pastebin the output of "ip a" on the host?
14:34 < v0Lk> varesa: yes, but you'll have to use the pastebin API
14:34 < varesa> v0Lk: that was a request to afidegnum :)
14:35 < v0Lk> kk
14:44 < Rayben> Interpretatio graeca (Latin, "Greek translation" or "interpretation by means of Greek [models]") is a discourse[1] in which ancient Greek religious concepts and practices, deities, and myths are used to interpret or attempt to understand the mythology and religion of other cultures.
14:56 <+catphish> azonenberg: is your switch design all private at the moment? couldn't find on github
14:57 <+catphish> oh, i'm an idiot, never mind, found it
15:04 < afidegnum> varesa: here is the output https://ghostbin.com/paste/ytd8o
15:06 < afidegnum> varesa: the second ip address is configure inside the Windows 7 VM' network properties
15:07 < varesa> looks fine. Can you ping the VM from the host or the other way around?
15:07 < `whoami`> hey, sorry to ask such a question, but anyone in europe being able to access "news.ycombinator.com" ? It still worked for me yesterday.  And I'm not even able to connect to "downforeveryone..." (just as half the websites i'm used to browse, now timing out).  Is that GDPR effect ?
15:08 < afidegnum> vare
15:08 < afidegnum> varesa: it goes with no response
15:09 < afidegnum> no return
15:10 < afidegnum> you can check at your end
15:10 < afidegnum> 136.243.58.48
15:12 <+catphish> `whoami`: news.ycombinator.com wfm
15:12 <+catphish> `whoami`: sounds like your internet is broken :(
15:13 < tds> fine for me as well, I get a records pointing to cloudflare
15:13 < varesa> afidegnum: I think that the VM is not bridged for some reason
15:14 < tds> what's the output of brctl show, assuming you're doing normal linux bridging on proxmox rather than openvswitch?
15:14 < Rayben> Tellurocracy (from the Latin tellus "land" and the Greek κράτος "power") is a type of civilization or state system that is clearly associated with the development of land territories and consistent penetration into inland territories. Tellurocratic states have a certain territory and the state-forming ethnic majority living on it, around which further expansion takes place. The opposite of tellurocracy is thalassocracy (maritime empi
15:14 < Rayben> res), although in the pure type of a particular state is rarely observed. Usually there is a combination of tellurocratic characteristics with thalassocratic.
15:14 < varesa> atleast with KVM/libvirt the VMs create vnetN interfaces on the host that are part of the bridge, don't see that in your paste
15:15 < tds> yeah, pve will create tap interfaces for each vm, should be tap<vm id>i<interface #>
15:15 < afidegnum> varesa: i don't get  you
15:15 < tds> are the vms running at the moment? what's the output of qm list?
15:16 < afidegnum> ok, from the interface, i can launch the VM, have access to it
15:16 < Cooler> Hi
15:16 < afidegnum> but the IP doesn't populate outside,
15:16 < Cooler> Is there a way to find out what's happening on your lab using nmap?
15:16 < afidegnum> strange enough installed teamviewer on the VM and had access to the server from outside,
15:16 < `whoami`> thanks for checking. Yeah, I face strange issues with this ISP. I'll call them. Thanks again :)
15:16 < Cooler> Lan*
15:17 < Rayben> Maritime history is the study of human interaction with and activity at sea. It covers a broad thematic element of history that often uses a global approach, although national and regional histories remain predominant. As an academic subject, it often crosses the boundaries of standard disciplines, focusing on understanding humankind's various relationships to the oceans, seas, and major waterways of the globe. Nautical history records and interprets
15:17 < Rayben> past events involving ships, shipping, navigation, and seafarers.
15:17 < Cooler> I can't ping my default gateway
15:17 < tds> afidegnum: could you start the vm again, then post the output of ip a, brctl show and qm list?
15:17 < djph> seems your gateway's down
15:18 < djph> or at least not responding to ICMP
15:18 < Cooler> Yeah so what can I do
15:18 <+catphish> Cooler: does your internet work?
15:18 < Cooler> Can I scan the lan using nmap
15:18 < Cooler> I am using my University
15:19 < Cooler> Lan and some people are destroying the network by using rid
15:19 < tds> scanning a university network generally sounds like a bad idea
15:19 < Cooler> Routers
15:19 <+catphish> routers aren't as evil as you think they are
15:20 <+catphish> you can nmap your LAN, but i don't think you'll achieve anything
15:20 <+xand> > destroying the network using routers
15:20 <+xand> WTF does that mean
15:20 <+xand> a network requires routers to work...
15:20 < Cooler> What is the command
15:20 < Raybin> Maritime history is the study of human interaction with and activity at sea. It covers a broad thematic element of history that often uses a global approach, although national and regional histories remain predominant. As an academic subject, it often crosses the boundaries of standard disciplines, focusing on understanding humankind's various relationships to the oceans, seas, and major waterways of the globe. Nautical history records and interprets
15:20 < Raybin> past events involving ships, shipping, navigation, and seafarers.
15:20 <+xand> (to talk to other networks)
15:20 <+catphish> xand: maybe they're using them to bludgeon other routers?
15:20 < Cooler> Well no the routers are personal routers
15:20 < afidegnum> tds: here is the result, https://ghostbin.com/paste/ytd8o
15:21 < Cooler> They interfere with the actual University routers
15:21 < tds> i'd guess students attempting to use their own routers and running dhcp servers on the shared network or something?
15:21 <+catphish> Cooler: and if you can't ping your gateway, likely it just doesn't respond to icmp, weirdly mine don't, never cared why not
15:21 <+catphish> Cooler: no they don't
15:21 < tds> afidegnum: oops, sorry, those first two are separate commands
15:21 <+catphish> Cooler: that's not someting routers do
15:21 < Cooler> Well it was working a while ago
15:21 < Cooler> A few hours ago
15:21 <+xand> yeah they are probably running rogue DHCP servers. but if that's a problem, your uni can stop it using switches that prevent that.
15:22 < Cooler> What's the command to scan the local network using nmap
15:22 <+catphish> oh yeah, could be rogue dhcp servers
15:22 < afidegnum> tds: yes, seperate results i posted
15:22 <+xand> rogue DHCP servers are easily stopped with proper switches
15:22 <+catphish> Cooler: if you don't know that, i fear you're not going to understand the results
15:22 < Cooler> Yeah there's a notice telling people not to use routers
15:22 <+catphish> but: nmap x.x.x.x/yy
15:22 < tds> afidegnum: sorry, I meant that the two commands were brctl show; qm list
15:22 <+catphish> where x.x.x.x/yy is your network's address
15:22 < tds> not one command
15:22 < Cooler> Isn't there like -sP
15:23 <+catphish> Cooler: there's lots of switches
15:23 < afidegnum> brctl show and qm list
15:23 < afidegnum> and ip a
15:23 <+catphish> but i can't recommend any without knowing what you need to discover
15:23 < tds> afidegnum: yeah, I worded that badly, you need to run those first two as separate commands
15:23 < afidegnum> ok
15:23 < afidegnum> have you seen the output?
15:24 < Cooler> Well I think if I manually set the default gateway
15:24 < tds> afidegnum: yes, that looks fine so far
15:24 < Cooler> That might fix it
15:24 <+catphish> Cooler: you'd need to know what the correct gateway was
15:24 < Cooler> Trial and error
15:24 <+catphish> also, you'd need to know you're actually on the right subnet to begin with
15:24 <+catphish> Cooler: have you tried just asking network staff
15:24 <+catphish> they are likely quite good at fixing these things
15:25 < Cooler> They don't really respond to complaints
15:25 < tds> and they can probably disable the port of whoever's running a dhcp or whatever :)
15:25 <+catphish> Cooler: complain louder :)
15:25 < Cooler> I tried nmap 172.16.57.253/23
15:26 < Cooler> It printed the current time and it hasn't done anything else
15:26 <+catphish> it takes a while
15:26 < afidegnum> tds: it's ok now, strange earlier
15:26 < Cooler> Only like 512 addresses right?
15:26 < Rayben> Maritime history is the study of human interaction with and activity at sea. It covers a broad thematic element of history that often uses a global approach, although national and regional histories remain predominant. As an academic subject, it often crosses the boundaries of standard disciplines, focusing on understanding humankind's various relationships to the oceans, seas, and major waterways of the globe. Nautical history records and interprets
15:26 <+catphish> Cooler: yes
15:26 < Rayben> past events involving ships, shipping, navigation, and seafarers.
15:27 < Cooler> -2
15:27 <+catphish> if you only want to discover a list of IPs, -sP will make it run faster, it'll only ping each host
15:27 <+catphish> but you might as well wait
15:27 < Cooler> Shouldn't it be printing progress reports
15:28 <+catphish> Cooler: no
15:28 <+catphish> it might print things as it finds them
15:29 < tds> iirc with nmap if you push enter you should get a count of how many hosts it's scanned
15:29 <+catphish> tds: i don't recall seeing it do that, but maybe i never tried
15:30 < Cooler> Ok now how do I do a port scan
15:30 <+catphish> you already did
15:30 < Cooler> Of a particular ip
15:30 <+catphish> nmap does that by default
15:30 <+catphish> same command you used before, just specify a single IP
15:31 < Cooler> Actually I specified -sP
15:31 < Cooler> So it didn't port scan
15:31 <+catphish> oh, then yeah, remove -sP and specify a single IP
15:31 <+catphish> if you just ran it the way i said it would have port scanned everything it found automatically :)
15:32 < Cooler> Yeah but that was taking too long
15:32 < afidegnum> tds: varesa thanks a lot, we are on track now
15:32 <+catphish> you're quite impatient aren't you :)
15:32 < tds> afidegnum: I don't think I did anything, but sounds good if it's working now :)
15:32 < Cooler> All 1000 scanned puts are
15:32 < Cooler> Filtered
15:32 < Cooler> Ports*
15:33 <+catphish> so nothing responsed
15:33 < Cooler> And the other one says all 1000 scanned ports are closed
15:33 <+catphish> that means they all responded saying they were closed :)
15:34 < Cooler> So tp link is filtered and tenda is closed
15:34 <+catphish> none of this information is useful to you really
15:34 < Cooler> Well what do I do then
15:35 <+catphish> refresh your DHCP lease, if you still can't access the internet, compalin to the provider
15:35 < Cooler> How do I do that
15:35 <+catphish> depends on your OS
15:35 < Cooler> ipconfig /renew
15:35 < Cooler> ?
15:35 <+catphish> i assumed you were using linux since you had netmap
15:36 <+catphish> but on windows, yes
15:36 <+catphish> *nmap
15:36 < Cooler> Nmap is cross platform
15:36 < djph> yeah, but windows people knowing about it ...
15:36 < Cooler> An error occurred
15:37 < Cooler> Unable to contact DHCP server
15:37 < Cooler> Request timed out
15:37 <+catphish> reboot maybe
15:37 <+catphish> but sounds like your network is just down completely
15:37 <+catphish> hence why you can't ping the gateway
15:37 < Cooler> I need to find the actual DHCP on the network
15:37 <+catphish> windows does that for you, it's clearly not there
15:37 < Cooler> Not the bogus ones created by personal routers
15:38 <+catphish> it seems far more likely there's simply no DHCP server at all
15:38 < bezaban> or out of leases
15:38 < Cooler> What makes you think that
15:38 <+catphish> unless you're on wifi, then maybe you're accidentally connected to the wrong access point, or a rogue one, or a broken one
15:38 < Cooler> No this is Ethernet
15:38 <+catphish> ok, then the network is just broken
15:38 < bezaban> nmap has a dhcp discovery script that may be helpful
15:39 < Cooler> Ok
15:39 <+catphish> first gateway didn't respond, then dhcp didn't respond
15:39 < Cooler> What's the command
15:39 <+catphish> seems like the network is just "down" to me
15:39 < bezaban> but I would check the dhcp server first
15:39 <+xand> you could use wireshark to monitor DHCP requests/responses
15:39 <+catphish> but you did discover some other hosts, right, so not totally sure
15:40 <+catphish> yes, i'd definitely be watching with wireshark as xand says
15:40 < Cooler> Yeah there's several hosts up
15:41 <+catphish> interesting
15:41 <+catphish> maybe their router is broken
15:41 < tds> if it is a rogue dhcp server, could be that other devices have picked up addresses in the wrong subnet as well
15:41 <+catphish> or maybe there was a rogue dhcp that's now gone
15:41 <+catphish> in my experience most OSs suck at renewing DHCP, hence the reboot suggestion too
15:41 <+catphish> it may be triying to connect to the (now absent) rogue dhcp
15:42 <+catphish> hard to guess really
15:42 < tds> either way, this sounds a lot like a question for whoever runs the network, and try and get them to filter dhcp + RAs while you're there :)
15:43 <+catphish> is it common for firewalls to close active TCP connections after exactly 60 minutes?
15:43 < Cooler> Can i just run the dhcp script?
15:43 < Cooler> Whatsthecommandforthat?
15:43 <+catphish> have you tried turning it off and on again?
15:43 < bezaban> --script=broadcast-dhcp-discover
15:43 < bezaban> but that will look for DHCPOFFER, so if it's a question of DHCP gone or out of leases then that won't help
15:44 < Cooler> So reboot then?
15:44 < bezaban> but will detect rogue dhcp
15:44 <+catphish> Cooler: call it what you like
15:44 < Cooler> It found 0 ips
15:44 < Cooler> I will reboot
15:45 <+catphish> it really is worth a try
15:52 <+catphish> i have questions, like why cooler dropped off IRC when he rebooted, despite having no internet connection in the first place
15:52 < Cooler> Ok that didn't work
15:53 <+catphish> welcome back
15:53 <+catphish> shame :(
15:53 < Cooler> Yeah I dropped from IRC because I am on my phone and the keyboard was acting write
15:53 < Cooler> Weird*
15:53 <+catphish> i see
15:53 < Cooler> Had to reboot the phone as well
15:54 < Cooler> Running the windows network troubleshooter doesn't do anything
15:55 < Cooler> It just says can't communicate with device or resource (primary DNS server)
15:55 < thelucky1ike> hey, is there a way to limit outgoing rd gateway traffic, without blocking tcp443 completely ?
15:55 < Cooler> I have manually set DNS to be 1.1.1.1 with 1.0.0.1 as backup
15:56 < Cooler> What is I flushed ARP
15:56 < Cooler> And also dns
15:56 < Cooler> And renewed
15:57 < Cooler> If*
15:58 < tds> I think all of those happen on reboot anyway with windows
15:59 < tds> did you actually get assigned an IP via dhcp after you rebooted, just with the gateway down again?
15:59 < Cooler> I don't know
16:00 < Cooler> It says 172.16.56.253
16:00 < Cooler> 235
16:00 < Cooler> I think that's the same as before reboot
16:01 < Cooler> The default gateway is 172.16.57
16:01 < Cooler> .253
16:01 < Cooler> Which looks suspicious
16:01 <+xand> does it?
16:02 < Cooler> My IP is 235 and the gateway is 253
16:02 < tds> that's perfectly valid
16:03 <+xand> so
16:03 < Cooler> Can't do anything, same as before
16:04 < tds> if you suspect it's a rogue dhcp server, worth checking with nmap or just doing a packet capture and making windows send a dhcpdiscover
16:05 < tds> seeing as you got an address, you should get at least one response
16:06 < Cooler> Can I scan all IPs in my network for a particular port
16:06 < Cooler> The University uses port 8090
16:06 <+catphish> that gateway sounds correct
16:07 <+catphish> Cooler: what happens when you ping 8.8.8.8
16:07 < Cooler> Can't ping it
16:07 <+catphish> yes you can
16:07 < Cooler> Times out
16:07 < Cooler> Request timed out
16:07 <+catphish> ok, that doesn't help much then
16:08 < Cooler> What's the nmap command to scan all hosts on 8090
16:08 <+catphish> Cooler: try reading the manual, it's probably trivial to find
16:09 <+catphish> search for "port"
16:09 <+catphish> Cooler: also, can you paste your arp table?
16:10 <+catphish> this will tell you if the gateway is totally absent, or just not forwarding your packets
16:11 < Cooler> How? ARP -a
16:11 < Cooler> ?
16:11 <+catphish> i don't know windows
16:12 < Cooler> So I scanned 8090
16:12 < Cooler> It's saying TCP filtered ops messaging
16:12 < Cooler> On all hosts
16:13 < Cooler> Can you tell me what I need to look for in the ARP table
16:14 < Cooler> It's kinda hard for me to post without a net connection
16:14 < tds> an entry for the gateway's ip
16:14 < Cooler> The gateway entry says dynamic
16:14 <+catphish> does it have a MAC address
16:14 < Cooler> Along with the Mac address
16:15 < Cooler> Yes
16:15 <+catphish> ok, so i'd say the DHCP and gateway are working fine, but there's just no internet connection
16:15 < tds> so the router is at least replying to arp, that will also tell you the router vendor
16:16 <+catphish> network broken upstream, or... the router is deliberately blocking your traffic because you triggered some kind of security mechanism
16:16 < tds> might be worth looking up, if it's tp link or something then that sounds like rogue dhcp (assuming the uni isn't running tp link routers)
16:16 < Cooler> I should mention that I tried opening Wireshark and it's stopped responding
16:16 < Cooler> Every time
16:16 <+catphish> my best guess says because of the obscurity of the subnet, it's probably legitimate
16:17 <+catphish> either the upstream internet is broken, or the router blacklisted the client
16:17 < tds> ah, good point, people running rogue dhcp servers probably all have them on 192.168.0.0/24 or something
16:17 < Cooler> It's stuck at "initializing external capture plugins"
16:17 <+catphish> tds: not necessarily, but most likely if its an accident
16:18 < tds> catphish: yeah, I was just thinking of the scenario of pulling a tp link thing out the box and plugging it into the uni network
16:18 < Cooler> The University uses tenda
16:18 < Cooler> I have seen students with tplink routers
16:18 < Cooler> The use it to get WiFi
16:18 < Cooler> From the Ethernet
16:19 < Cooler> They*
16:19 <+catphish> that's a pretty normal thing to do
16:19 <+catphish> i do that at home :)
16:19 < tds> that sounds quite common, shouldn't cause issues with the wired network as long as they configure them correctly
16:19 <+catphish> Cooler: you can look up the MAC of the router to check who the manufacturer is
16:19 < Cooler> I don't think anyone configs anything
16:19 < Cooler> Just plug and play
16:19 <+catphish> thats usually fine too
16:20 < tds> as long as you plug the uni network into the right port, should be fine
16:20 <+catphish> defaults are pretty sane, as long as you plug in the right port
16:20 <+catphish> if you use the LAN port, you break everything :)
16:20 < Cooler> I wonder if my network card is borked
16:20 <+catphish> it's not
16:20  * tds hopes most unis have switches configured to filter dhcp at this point
16:20 < Cooler> Wireshark stops responding every time I open it
16:21 <+catphish> tds: you'd hope so
16:21 < tds> here they filter dhcp, but apparently forgot about RAs ;)
16:21 < Cooler> I can't ping the default gateway
16:21 < Cooler> Request timed out
16:22 < Cooler> Something is up
16:22 < Cooler> Maybe an ARP poisoning?
16:22 <+catphish> Cooler: see my comment about checking the mac manufacturer
16:23 < Cooler> The Mac of which router
16:23 < Cooler> Look it up where
16:23 <+catphish> routers don't always respond to ping, they really should, but some don't, my best guess here is that you pissed off a security mechanism and got blocked
16:23 < Cooler> It says tenda and tp link when I nmap scan
16:23 <+catphish> Cooler: https://macvendors.com/ or https://www.macvendorlookup.com/
16:24 <+catphish> it can't be both surely
16:24 <+catphish> it must say one or the other
16:25 < Cooler> It's Dell inc
16:25 <+catphish> well that's unexpected
16:25 < tds> do dell even make routers?
16:26 < tds> could be a l3 switch I guess
16:26 <+catphish> i don't think do
16:26 <+catphish> *so
16:26 < Cooler> 3417eb51fd75
16:26 <+catphish> 1) this would explain why you lost internet access *and* stopped being able to ping the router, even though it's there and 2) the fact you knew you could ping the router earlier, and you have nmap installed implies that you were testing things and could have tripped an IDS
16:26 < Cooler> That's the Mac address of the default gateway
16:27 <+catphish> that is indeed dell
16:27 < Cooler> I wasn't testing anything, the net just stopped working a few hours ago
16:27 <+catphish> but you said you could ping the router before
16:27 < Cooler> I have nmap installed because its required for lab work
16:27 <+catphish> that alone wouldn't be a problem though
16:28 < Cooler> I could ping the router yes
16:28 <+catphish> anyway, the facts here are simple: you're connected to the network, you can see the router, but it's not routing your traffic to the internet
16:28 <+catphish> you can only complain
16:28 < Cooler> I don't think I can see the router
16:28 <+catphish> you can
16:28 < tds> well you can see something claiming to be the router
16:28 <+catphish> its in your arp table
16:28 < Cooler> You said l3 switch?
16:29 <+catphish> well yeah, something claiming to be the router, it's probably the router
16:29 < tds> whatever it is, sounds like you need to talk to whoever runs that network
16:29 < Cooler> Well like i said the University uses tenda
16:29 < Cooler> Not dell
16:30 <+catphish> also, there's really nothing you can do about this :(
16:31 < Cooler> Well yes there is something
16:31 <+catphish> as i said to begin with, this is beyond your control unfortunately
16:31 < Cooler> I can find the tenda router
16:31 < tds> you could try sending an arp request for the gateway and seeing if you get multiple responses, then add a static entry for one you think is right, that doesn't really fix the actual problem though
16:31 < Cooler> And manually set the gateway
16:31 <+catphish> well did you find that in nmap?
16:32 < Cooler> 172.16.57.20 is tenda according to nmap
16:32 <+catphish> i'd guess that's far more likely an AP
16:33 < Cooler> 56.20
16:33 < tds> having a gateway in the middle of a subnet would be unusual (assuming that's a /24)
16:33 <+catphish> it's /23 but yes
16:34 < Cooler> Can I set just the gateway?
16:34 <+catphish> not usually
16:34 <+catphish> but maybe, i don't know windows well
16:34 < Cooler> It's asking me to set IP and subnet mask as well
16:34 <+catphish> well you can set that to your current IP (temporarily)
16:36 < s7rawman> catphish: You were correct. (vpn issue from yesterday) The hosts aren't aren't routing back through the tunnel.
16:36 <+catphish> s7rawman: did you get it working?
16:36 < s7rawman> Negative.
16:37 <+catphish> s7rawman: you need to add a route to the VPN clients on the default gateway of that network
16:37 < Cooler> Well that didn't work
16:37 <+catphish> (probably)
16:37 <+catphish> Cooler: i still bet that's an access point
16:37 < Cooler> WiFi access point?
16:37 < s7rawman> Alright.
16:37 <+catphish> people don't put routers on .20
16:37 <+catphish> Cooler: yes
16:37 < s7rawman> thank you
16:37 < Cooler> Is .20 special?
16:37 <+catphish> no
16:37 <+catphish> and that's the point
16:38 <+catphish> routers normally go right at the start or the end, .20 would be a bit random
16:38 <+catphish> .1 .2 .3 .252 .253 .254 are common places to see routers
16:38 < detha> catphish: I distinctly remember some vendor having 192.168.1.20 as default after factory reset
16:39 < Cooler> Why
16:39 <+catphish> detha: eww, but ok :)
16:39 < Cooler> Because they are near the start and the end?
16:39 <+catphish> Cooler: it just makes sense when you're designing a network, leaves a continuous range for clients with dynamic IPs
16:40 < Cooler> Netgear is an access point that shows up
16:40 <+catphish> if you put the router on .20 then you have to exclude .20 from DHCP, plus it's just confusing and unnecessary
16:40 <+catphish> ok
16:40 < detha> ah. https://community.ubnt.com/t5/The-Lounge/Factory-Default-IP-Address/td-p/198719
16:40 <+catphish> but access points are no good to you
16:41 <+catphish> you need to find the router
16:41 <+catphish> and i bet it's where DHCP says it is
16:41 < tds> detha: are those APs or something?
16:41 <+catphish> yes they are
16:41 < Cooler> What is wsdapi?
16:41 < tds> I guess if you're selling routers and APs, giving the routers say .1 and the APs .20 by default would make sense
16:41 < detha> tds: little APs
16:42 <+catphish> Web Services on Devices allows a computer to discover and access a remote device and its associated services across a network. It supports device discovery, description, control, and eventing. The WSD API functionality is implemented in the WSDApi.dll module in Windows, and is used by several services and applications.
16:43 < Cooler> For what
16:43 < Cooler> Is it part of windows 10 home edition
16:43 < Cooler> Sounds like something for Windows server
16:44 <+catphish> you'll have to research it, not much love for windows here
16:44 < Rayben> Maritime history is the study of human interaction with and activity at sea. It covers a broad thematic element of history that often uses a global approach, although national and regional histories remain predominant. As an academic subject, it often crosses the boundaries of standard disciplines, focusing on understanding humankind's various relationships to the oceans, seas, and major waterways of the globe. Nautical history records and interprets
16:44 < Rayben> past events involving ships, shipping, navigation, and seafarers.
16:45 < Cooler> Ok things started working suddenly
16:45 < Cooler> I can reach the University login server now
16:45 < Cooler> On 172.16.0.1
16:46 < Cooler> Maybe whoever was messing things up disconnected their router?
16:46 < tds> could be, do you still see the same mac address in the arp table entry?
16:47 < Cooler> Suddenly there's a lot more entries
16:47 < Rayben> Since the turn of the millennium, the construction of stealth ships have occurred. These are ships which employs stealth technology construction techniques in an effort to ensure that it is harder to detect by one or more of radar, visual, sonar, and infrared methods. These techniques borrow from stealth aircraft technology, although some aspects such as wake reduction are unique to stealth ships' design.
16:47 < Cooler> Oh it changed
16:47 < Cooler> The Mac address changed
16:48 < Cooler> 0004966cf77e
16:48 < Cooler> Extreme networks
16:48 < `whoami`> ahah some guy was trying to mitm but didn't enable forwarding ? :p
16:49 <+catphish> Cooler: interesting, i guess someone fixed something, or quite likely someone accidentally configured a server on that IP and it's not been removed
16:49 <+catphish> *now been removed
16:50 <+catphish> now we know the real router is Extreme, the dell was likely just a server with a misconfigured IP
16:50 <+catphish> make a note of the extreme's MAC, if it ever happens again, you can manually add that MAC to your arp table :)
16:52 < Cooler> Ok
16:55 < Cooler> Actually it's tenda
16:55 < Cooler> c83a354cd040
16:55 < Cooler> I had the wrong Mac before
16:56 < Cooler> And it's on 172.16.56.20
16:56 < Cooler> And it's listed as dynamic
16:57 < Cooler> So somehow the access point is now working as a gateway
16:58 < Cooler> Also why is there an entry for the broadcast address in the ARP table
16:58 < tom_ato> i'm sure the answer to this is "it depends" but how many clients should one be able to squeeze out of a single public IP
16:58 < Cooler> It's set to FF FF FF FF FF FF
16:59 < Cooler> Also there are entries for IPs 224.0.0.2
16:59 < Cooler> 224.0.0.22
16:59 < Cooler> 224.0.0.251
17:00 < Cooler> Etc, but why? They aren't even in the same subnet
17:00 < mAniAk-_-> tom_ato: a lot
17:00 < Cooler> Also one for 239.255.255.250
17:00 < tom_ato> mAniAk-_-: so if i'm seeing socket errors with 100 clients
17:00 < mAniAk-_-> tom_ato: something wrong then
17:01 < tom_ato> indeed
17:01 < mAniAk-_-> but also depends on nat type, but its usually the good one
17:01 < tom_ato> just PAT, meraki MX
17:01 < mAniAk-_-> several types of PAT
17:01 < mAniAk-_-> :)
17:01 < tom_ato> rip
17:01 < mAniAk-_-> but i guess meraki should be okay
17:01 < tom_ato> well issue started as people randomly unable to send / recieve in outlook for 10-20 minutes
17:02 < tom_ato> doing a speed test at the same time, site reported back socket error
17:02 < tom_ato> so just gonna do some pcaps and see if anything else jumps out
17:02 < mAniAk-_-> just get wireshark/tcpdump out on client and meraki and see whats going on
17:02 < tom_ato> ayyyy
17:03 < Cooler> catphish why are there entries in the range 224.x.x.x
17:03 < Cooler> In the ARP table
17:03 < mAniAk-_-> but, established connections should be okay if you were hitting some resource limitation on the amount of connections you have
17:03 <+catphish> Cooler: multicast
17:04 < Cooler> What
17:04 <+catphish> you asked what 224.x.x.x addresses were
17:04 <+catphish> they're multicast
17:05 < Cooler> That's weird
17:22 < Cooler> It's weird that there's no entry for 172.16.0.1 but there is one for 224.x.x.x
17:23 < tds> that 172.16.0.1 address will be multiple hops away
17:23 < tds> so it won't appear in your arp table, only the gateway will
17:25 < Cooler> TDS the gateway is listed as .20
17:25 < Cooler> The tenda access point
17:26 < Cooler> It's all very weird
17:26 < tds> if you do traceroute 172.16.0.1, you'll probably see the first hop being the gateway?
17:27 < Cooler> Yeah but isn't it supposed to be
17:27 < Cooler> .1 .2 .3 etc
17:27 < tds> did you get that gateway from dhcp, or set it yourself?
17:29 < Cooler> I did ipconfig
17:29 < Cooler> I didn't set it manually
17:29 < Cooler> I mean I did set it manually but that didn't work so I set it to automatic and rebooted
17:36 < Cooler> And as usual I can't do anything about networking
17:36 < Cooler> It's down to hoping whoever is screwing things up just decided to stop
17:36 < Cooler> Decides*
17:39 < tom_ato> mAniAk-_-: so pcap shows that client sends traffic, server replies. 2 retransmissions with PSH, ACK flags happened from the client PC but thats pretty much it
17:44 < s7rawman> catphish: Thanks for your help. I got it figured. It wasn't a true site to site, it just mimiced it.
17:46 <+catphish> s7rawman: well that's really up to you, i guess you used NAT or bridging instead
17:54 < s7rawman> catphish: Well I didn't build the tunnel, it's a client server vpn, with some aweful routing rules stuck on the hosts. The Data center I'm using has explicitly stated that it's not possible to build a site to site on their end unless we pay some exorbant maintenance fee. So I'm stuck here for now.
17:58 <+catphish> i see, well running NAT on the VPN server will likely make it work, but i guess you figured something out anyway
17:59 < s7rawman> Thanks for your help. I appreciate it.
18:17 < Xiretza> does anyone know how management VLAN works on netgear switches? so far I've had the experience that it always answers untagged (even if the request comes in tagged) on my SOHO switch, are professional ones better?
18:18 < tds> what netgear switch is it?
18:18 < tds> their cheapo smart one (gs108e I think) behaves like that, you can only manage it sending untagged frames, but regardless of the vlan the port is on
18:19 < tom_ato> might be more of a sysadmin thing...but any more bites on this issue? Outlook randomly disconnected from exchange (cloud) for various users at all times, for short periods.
18:19 < Xiretza> ah yeah that's the one I have right now, looking to buy a GS516TP
18:19 < Xiretza> tds: ^
18:20 < tds> probably worth looking through the manual to see if there's a management vlan setting
18:20 < Xiretza> there is, but what do I know, maybe that's just a receiving filter
18:20 < tds> yup, the manual mentions a setting for it, so you'll probably be fine
18:21 < fattredd> I've got something weird happening. I'm connected to my home openvpn server, where I was sshing into a server. When I connect the server to a third party VPN (PIA), I can no longer ssh in from work. I CAN, however, ssh into another local machine that is able to ssh into the server.
18:21 < Xiretza> tds: thanks for the insight :)
18:21 < tds> Xiretza: it says "When the management VLAN is set to a different value, an IP connection can be made only through a port that is part of the management VLAN", so yuo have reasonable grounds to complain to netgear if it doesn't behave like that
18:21 < tds> s/yuo/you/
18:23 < Xiretza> tds: yeah but a port only being part of a VLAN could also be "PVID is X and it's assigned to X untagged", in which case it would work even if it's broken /shrug
18:23 < fattredd> Did I word that okay? I realize that's sort of ambiguous
18:25 < Xiretza> fattredd: so your VPN server can no longer connect to the problematic server, but another local machine can?
18:40 < plujon> I'm shopping for a router.  Any advice, in the wake of VPNFilter news?
18:45 < fattredd> That's right Xiretza
18:45 < fattredd> no wait
18:45 < fattredd> My work PC cannot connect to the home server
18:46 < fattredd> It is able to connect to other home devices
18:46 < acos> Howdy all
18:46 < fattredd> Other home devices are able to connect to the home server
18:47 < Xiretza> fattredd: sooo you're trying to connect directly from work to home server? so your home VPN is irrelevant?
18:47 < acos> Wow sounds secure.  Good luckkk
18:48 < fattredd> No. I'm connected from work to my home network through a vpn
18:48 < Aeso> acos, o/
18:48 < acos> Not you hahahhaha
18:48 < Aeso> :)
18:48 < acos> Tis i
18:49 < Xiretza> fattredd: ok, and now you're trying to connect to your home server (let's call it orange unless you have a better name) through your home VPN (which runs on, let's say blue, which is in the same network as orange)?
18:50 < acos> Throw some NAT in there shell be right
18:50 < fattredd> Why don't I draw up a chart
18:50 < Xiretza> great idea
18:50 <+catphish> morning
18:50 < Xiretza> heya
18:53 < acos> Morning cat
18:57 < fattredd> Okay. https://imgur.com/a/ugvJOkW
18:58 < fattredd> Here's what I got
18:58 < tds> I like the "magic internet box" :)
18:58 < fattredd> heheh
18:58 < fattredd> SO. Work laptop is connected to home VPN
18:58 < guideX> I'm confused on how to prevent http traffic from going around the firewall on my sonicwall firewall for specific users
18:59 < tds> from a quick glance, it sounds like you're missing a route on the "home server" towards the vpn subnet via the home router
18:59 < tds> so running openvpn on the server will replace your default route, but you'll keep your on-link route to the local network, so you can still reach stuff there, just not anything else via the home router
18:59 < guideX> so far, we setup the local os firewall to block traffic not coming from the proxy, but it's a pain
18:59 < fattredd> work laptop is totally capable of sshing into home pc, and home laptop
19:00 < fattredd> Hold on
19:01 < shanee> Hi. I'm trying to setup a router connecting to another router I don't control. (For a different ssid and guest network.) The main router has dhcp for 192.168.1.* if I set ours to 192.168.2.* is this all I need to do? Are there any other gottchas?
19:01 < fattredd> So because home vpn server gives me a 192.168.2.0/24 IP address, the home server (192.168.1.0/24) is unreachable?
19:02 < fattredd> interesting
19:02 < tds> I suspect it's the inverse of that, you can route to the home server fine, but it can't route back to you
19:02 < fattredd> Weird. Okay I buy that. So I can fix that with a new route?
19:02 < tds> something like "ip route add 192.168.2.0/24 via 192.168.1.1" (assuming the vpn server is 192.168.1.1 on the lan) may solve it?
19:02 < tds> (running that on the vpn server)
19:04 < Xiretza> fattredd: so home PC can reach home server, but work laptop (with home VPN internal IP) can't reach home server?
19:04 < fattredd> That's right
19:05 < Xiretza> ugh weechat was being hangy, lemme catch up
19:05 < fattredd> tds: Okay I'll see what I can get
19:05 < tds> if you're able to reach other devices on the home lan over the vpn, and then jump from there to the home server, but not go directly, that sounds a lot like a missing route to the vpn subnet from the home server to me
19:06 < Xiretza> yeah, that's exactly it. all other home devices have default route through home router, which tunnels 192.168.2.0 through VPN, but home server just encapsulates 192.168.2.0 rightaway
19:07 < fattredd> I'm not sure I get why a route on the router would change things though. Shouldn't the route be on home server?
19:07 < Xiretza> fattredd: yes
19:08 < Xiretza> the router already has that route
19:09 < fattredd> Sweet
19:09 < fattredd> Looks like it's working with the new route
19:09 < fattredd> Thanks guys
19:10 < tds> Depending on what the home server is using for networking, it may be a bit of a pain to add the static route nicely
19:11 < tds> For ifupdown you can probably just use post-up hooks
19:12 < fattredd> I'm not sure I know what you mean
19:13 < tds> For adding it permanently (if you added it with ip, the route will be lost on reboot)
19:13 < fattredd> Looks like Ubuntu uses netplan
19:14 < tds> Ah, is this 18.04 server?
19:14 < fattredd> Yes indeedy
19:14 < fattredd> I have no idea how netplan works though lol
19:15 < tds> Haha, me neither, my only experience is with uninstalling it so far ;)
19:15 < fattredd> hue hue
19:21 < plujon> I have a Motorola SB6141 and a D-Link DAP-1720.  Can I setup a wifi network and use the Internet using only these 2 devices?
19:21 < fattredd> Actually not bad. It's just a .yaml file
19:21 < plujon> If I plug the latter into the former, my linux laptop gets an ipv6 address, but not ipv4 address.
19:22 <+catphish> plujon: you really need a router too
19:23 < plujon> catphish: That's what I thought.  I'm a little confused about what hardware qualifies as a "router".
19:24 <+catphish> plujon: well any device that calls itself a router would be a good start
19:24 <+catphish> plujon: the normal home setup is a modem, like you linked, plus a "wireless router", which is a router and a wireless access point in one device
19:25 <+catphish> like these: https://www.tp-link.com/uk/products/list-9.html
19:25 < plujon> Since I already have an AP, I wonder if I should buy a router without wireless.
19:26 <+catphish> yes, you can do that if you prefer
19:26 <+catphish> you will find that most home routers come with wifi included though
19:27 <+catphish> so there might be no benefit
19:28 < plujon> Interestingly, I could access the Internet over ipv6 whilest using only these 2 devices and a wifi connection, but only for a short period of time.
19:29 <+catphish> that setup would in theory work, the main problem is that the ISP will only give you one IPv4 address, so it's not very practical
19:29 <+catphish> maybe the AP itself got the IP before you did
19:30 <+catphish> i'd expect ipv6 to work because IPv6 addresses are essentially unlimited
19:31 <+catphish> if you're looking to minimize cost, mikrotik make cheap wired routers
19:31 < tds> it's also likely you have no firewall between you and the internet at that point, which isn't a great solution
19:31 < tds> s/solution/situation
19:31 <+catphish> or you may be able to get a tp-link router with wifi very cheap too
19:31 < tds> apparently I can't english today
19:32 < grawity> fortunately all the good operating systems have host firewalls active by default
19:32 <+catphish> indeed, you really want a router to firewall your device(s)
19:34 < plujon> Thanks for the tips.  I guess I'll buy a router.
19:34 < tds> grawity: don't desktop debian/ubuntu still not include a firewall enabled by default?
19:34 < tds> that may not fit your definition of good though ;)
19:34 < grawity> let's say I define "good" as "has a firewall active by default"
19:34 < tds> heh :)
19:34 <+catphish> it doesn't have any services running by default, and doesn't have a firewall either, i think they consider than a sane compromise
19:35 <+catphish> seems like running a simple outbound only fiirewall would be a better default
19:44 < plujon> Routers seem to vary widely in price: $30 vs $90 vs $200.  E.g., https://www.newegg.com/Product/Product.aspx?Item=N82E16833320168 is $30, https://www.amazon.com/NETGEAR-Nighthawk-AC1750-Gigabit-Ethernet/dp/B00R2AZLD2/ref=sr_1_3?s=pc&ie=UTF8&qid=1527788176&sr=1-3&keywords=ac+router&refinements=p_72%3A1248879011 is $90
19:45 < DoctorDick> What's your point?
19:46 < DoctorDick> And you're comparing a Wireless N router with AC
19:47 < plujon> N has a lower maximum, right?
19:47 < DoctorDick> https://www.linksys.com/us/support-article?articleNum=135534
19:49 < plujon> I don't anticipate getting anywhere close to 450 Mbps with my current ISP.  I anticipate more like 20 Mbps.
19:52 < plujon> With my old router, after awhile, I couldn't get more than 7 Mbps.  But I don't know the reason.
19:53 < plujon> It was a Buffalo router, circa 2011, with DD-WRT installed.
19:55 < coogle> Hello all! Can someone please help me with a networking issue I'm trying to solve with my DD-WRT router?
19:55 < coogle> I'm not very good with routing tables and I'm so close to getting this stupid thing working!
19:55 <+catphish> plujon: pretty much any router will do if your internet speed is that slow, but more expensive routers will likely have better reliability and wireless range too
19:56 < coogle> My problem is this: My DD-WRT router seems to have a bug where if I change the WAN connection from the default to my tethered cellular modem (vlan2 to eth4), the whole system crashes. It looks like it's botching the routing table up and everything dies
19:57 < coogle> If I manually do a "route add default gw 192.168.2.1 eth4" and "route del default gw 172.16.0.1" I can ping 8.8.8.8 from the router
19:57 < coogle> (as in when I ssh into the router I can ping the IP)
19:57 < coogle> but I can't ping the IP from a computer connected to the router via WiFi
19:57 < coogle> thoughts?
20:01 <+catphish> coogle: you likely need to add a NAT (masquerade) rule on eth4
20:01 < coogle> catphish: can you help explain? Networking was never my strong suit lol
20:02 <+catphish> coogle: first of all, don't use dd-wrt, it's an abomination, but since you are, i'll try to help :)
20:02 < coogle> catphish: I'm open to recommendations on that -- I don't have a lot of options however it seems for my router (ASUS AC5300)
20:02 <+catphish> openwrt if possible, it's similar but not proprietary
20:03 < coogle> Doesn't seem supported unfortunately for my router :(
20:03 <+catphish> that's unfortunate :(
20:03 < coogle> Yeah... well you do what you can right?
20:03 <+catphish> coogle: so, your router has an IP address on eth4
20:03 < coogle> Yeah I statically assigned it
20:04 <+catphish> so, when your router sends packets out on eth4, it uses eth4's IP address, and that works
20:04 <+catphish> but... when your PC sends a packet, it uses its own IP address, and the tethered modem doesn't understand that
20:04 < coogle> okay, makes sense. Throws the packet away
20:04 <+catphish> so, if you run: iptables -t nat -A POSTROUTING -o eth4 -j MASQUERADE
20:05 < coogle> it's going to pretend the packet came from my static ip attached to eth4
20:05 <+catphish> this causes all packets forwarded by the router, then leaving eth4 to have their IP rewritten to eth4's IP address
20:05 <+catphish> then the cellular modem will understand
20:05 <+catphish> and know where to send the replies back to
20:05 <+catphish> yes, what you said :)
20:06 < coogle> okay let me give that a shot.. I may drop because I literally have to switch to my router's WiFi that obviously isn't working, ssh in, try this, and then switch back to the hotspot's WiFi ;)
20:06 < coogle> brb
20:12 < coogle> catphish: Not sure my last messages made it through because of the network bounce
20:13 < coogle> but it didn't work, and the MBP is trying to route the packets through what looks like the old and incorrect IP
20:14 < tdoirc> I'm just wondering, would a 1Gbps POE injector work for a 10Gbps link? Considering the difference between 10/100 and 1Gbps POE injection is number of pairs used for data, could 1Gbps POE and 10Gbps POE be the same for injection?
20:15 < coogle_> catphish: Check that! It worked!
20:15 < coogle_> Thank you very much!
20:15  * coogle_ is now on his real LAN connection, routing through his hotspot
20:29 <+catphish> coogle: cool
20:43 < Aeso> tdoirc, I wouldn't bet on it. The modulation scheme is considerably different between gigabit and 10GBASE-T
20:46 <+catphish> why not just use 10GBast-T but slow down time by 10x
20:48 < detha> Now I am wondering what sort of device a) speaks 10GBase-T and b) needs PoE.
20:48 < Aeso> detha, any wave 2 WAP could potentially qualify
20:50 < detha> heh, show me any wave 2 AP that practically does over 1Gb/s outside the faraday-cage lab
20:50 <+catphish> not many wifi devices run at more than 1Gbps, but something like an airfiber might
20:50 <+catphish> https://www.ubnt.com/airfiber/airfiber24-hd/
20:51 < detha> can't remember offhand, but I would expect that to draw more than standard PoE can supply
20:51 <+catphish> probably
20:51 < Aeso> detha, MU-MIMO makes that more likely than you might think. I've seen a Wave 2 WAP with 4 3x3 clients saturate a gigabit uplink in the wild
20:52 < ryao> detha: Unifi AC HD
20:52 < E1ephant> a single AP, in deployment of 1000s?
20:52 <+catphish> most i've ever seen was about 500Mbps
20:52 < E1ephant> yeah not buying it either
20:52 < ryao> A 3 stream client could exceed 1GbE on the Unifi AC HD, although I don't know offhand if it supports better than 1GbE backhaul...
20:53 < E1ephant> as a real req for the real world
20:53 < detha> interesting, AF24 only takes 40W and can run off PoE. Not bad.
20:53 < ryao> It doesn't. It just supports LACP.
20:53 <+catphish> detha: the spec i'm reading says 50W
20:54 < E1ephant> do solar :
20:54 < E1ephant> :P
20:54 < ryao> This one does though: https://ruckus-www.s3.amazonaws.com/pdf/datasheets/ds-ruckus-r720.pdf
20:54 < detha> catphish: I looked ar the datasheet from the link you posted
20:54 < detha> *at
20:54 <+catphish> https://dl.ubnt.com/datasheets/airfiber/airFiber_DS.pdf
20:54 < ryao> They use the same radio chip.
20:54 < Aeso> EIRP for non-licensed devices is capped at 36dBm (4W), no?
20:55 < ryao> The airfiber is fairly amazing, but it does not exceed 1Gb/s duplex.
20:55 <+catphish> Max. Power Consumption 50W Power Supply 50V, 1.2A PoE GigE Adapter (Included)
20:55 < ryao> Aeso: I recall reading that directional devices are allowed to go higher.
20:55 <+catphish> Data Port (1) 10/100/1000 Ethernet Port
20:55 < Aeso> if your antenna gain is even 6DBi you should only need a 1W transmitter, which you should be able to drive will less than 10W
20:55 <+catphish> so i assume their 2Gbps claim is duplex
20:56 < detha> Aeso: it's not only RF you need to feed, DSPs are power-hungry beasts
20:56 <+catphish> the raw throughput is 1500Mbps each way, so after overhead i guess it aims to saturate 1Gbps each way
20:57 <+catphish> impressive, but still only 1Gbps :)
20:57 < Aeso> detha, for sure, especially at the higher modulation schemes.
20:57 < ryao> High power output is needed to support high order modulations over long distances. The directional antennas do not replace the need for that after a certain distance and amount of obstructions.
20:57 < ryao> Aeso: You beat me to it.
20:58 < ryao> detha: You can control the power output, so if you don't need high power output, you don't need to use it.
20:58 <+catphish> "airFiber AF-24HD" claims 2000Mbps raw throughput, but still only has 1 x 1Gbps port
20:58 < Aeso> don't forget fresnel zones, etc etc
20:58 < Aeso> tl;dr point to point wireless communications is some complicated shit
20:58 < ryao> catphish: That is because it is duplex. It uses 2 different frequencies simultaneously.
20:58 < ryao> One is RX and the other is TX.
20:59 <+catphish> ryao: you're right, 2000 Mbps = 2 x 100 MHz channels
20:59 < ryao> catphish: I remember reading up on these a while back out of curiosity.
20:59 <+catphish> "* Aggregated capacity in Full-Duplex mode"
20:59 <+catphish> so yeah, i was mistaken, its 1Gbps each way
21:00 <+catphish> which is really quite impressive, as i suspect they actually achieve that over significant distances
21:00 < ryao> catphish: They reportedly do.
21:00 < ryao> catphish: The Ruckus Zoneflex R720 should be able to sustain >1Gbps speeds over wireless, although only in special cases, like only 1 client using bandwidth.
21:01 <+catphish> ryao: i did an install with high end ruckus, can't remember the model, it sustained 500Mbps under "normal" conditions, ie from a pole to a laptop on a beach nearby
21:02 <+catphish> which i thought was very impressive
21:02 < ryao> catphish: It was likely the R700.
21:02 <+catphish> sounds familiar
21:03 < ryao> catphish: I have the R710, which does like 610Mbps from a laptop. The R720 has the same chip as the Unifi AC HD, which can do amazing throughput.
21:03 <+catphish> nope, wasn't r700
21:03 <+catphish> i'll have a look
21:03 < ryao> catphish: Wait... A pole? The T700 I guess.
21:03 < ryao> The R series is indoor.
21:04 <+catphish> yes, it was T700 or T710
21:04 < ryao> It sounds like the T700 given that my R710 outperforms it.
21:04 <+catphish> it was about 4 years ago, so whatever was current then
21:04 <+catphish> T700 seems likely
21:04 < ryao> Anyway, the QCA9994 Wi-Fi radio chip is amazing in terms of link efficiency. I have no idea how qualcomm did it.
21:05 <+catphish> qualcomm have a time machine, they just bring tech  from the future and sell it
21:05 < ryao> catphish: Well, it is the future. :P
21:05 <+catphish> i used to work there, i'm not supposed to tell anyone
21:05 < ryao> catphish: Did you work for them?
21:05 <+catphish> yep
21:06 < ryao> This isn't part of the future joke, is it?
21:06 <+catphish> https://uk.linkedin.com/in/charliesmurthwaite
21:06 < ryao> Cool.
21:07 <+catphish> i was in their internet division though, didn't have anything to do with their main radio tech
21:09 < ryao> This should be a fairly amazing radio for either an AP or a client: https://www.compex.com.sg/product/wle1216v5-20-i/
21:10 < ryao> It is cheap enough off eBay that you could likely get a routerboard and save money given the premium that Ubiquiti charges...
21:11 <+catphish> yes that is a nice radio
21:11 <+catphish> how many money?
21:12 < ryao> catphish: I found it for $90: https://www.ebay.com/itm/like/253574681468
21:13 < ryao> The listing has an error though. It claims it has the QCA9984, but the manufacturer says the QCA9994: https://www.compex.com.sg/product/wle1216v5-20-i/
21:13 < ryao> These only cost $80: https://mikrotik.com/product/RB912UAG-5HPnD
21:13 < lumake> hey two days ago my PXE server started acting funny and attemts at ssh'ing into it would time out as well as clients tring to boot from it would time out. the issue comes and goes and i'm having trouble diagnosing it. i was wondering if anyone had any ideas as to how i should go about troubleshooting this issue?
21:14 < detha> lumake: logfiles, dmesg
21:15 < lumake> dmesg doesn't seem to show anything of interest
21:15 <+catphish> lumake: bonded ethernet?
21:15 < lumake> sorry, im a bit of a noob when it comes to the terminology
21:16 < lumake> yes it's ethernet
21:16 <+catphish> a normal physical server?
21:16 <+catphish> does it have just one network connection?
21:16 < lumake> yes just one network connection
21:16 <+catphish> ok
21:17 < lumake> it's a "server" only iin the sense that is running server-ish software
21:17 < lumake> heh.
21:17 < detha> lumake: for how long does it disappear each time?
21:18 < lumake> hrm, i haven't timed it... but it's definitely more than 5min
21:18 <+catphish> the first debugging step would be to see if you can ping it when it's otehrwise unresponsive
21:18 < lumake> i can't even ping the darn thing
21:18 < lumake> yah , can't ping it
21:18 <+catphish> this will tell you if its a connection problem, or a problem with the services
21:19 <+catphish> ok, so it's a network connectivity problem
21:19 <+catphish> ideally you want to get a local console on it
21:19 < detha> try with arping, to see if it is a duplicate IP
21:19 <+catphish> so you can do debugging locally when its unresponsive
21:21 < detha> if it was cable or other L1 stuff I would expect interface up/down messages in dmesg, so L2/L3
21:22 <+catphish> i'd get tcpdump running on it on a local console
21:22 < detha> what happened 2 days ago? any kernel updates or something like that?
21:22 <+catphish> and observe when its broken
21:23 <+catphish> detha makes a good point
21:23 < lumake> ok, i'll describe the network a bit. i have a cable modem/router that feeds a wireless router for the wifi in the lab. the PXE server is connected via ethernet to the modem as is the wifi router.
21:23 < lumake> dertha no idea, no updates as far as i know, i checked file changes and there was nothing
21:24 < detha> do you have anything else connected via ethernet you can check from?
21:24 < lumake> the PXE server is on 10.1.10.1/24 and everything that connects to the wifi AP is on 10.0.0.1/24
21:24 < lumake> i USED to be able to connect to wifi and ssh into the PXE server without issue
21:25 < lumake> now , since two days ago , i'm getting these weird timeouts
21:25 < lumake> the networking is not optimal since i am noobish
21:26 < detha> what routes between those two ranges?
21:26 <+catphish> " the PXE server is connected via ethernet to the modem as is the wifi router." that's a very odd config
21:27 < lumake> heh.
21:27 < lumake> the wifi-router-AP is just to provide wifi for the lab
21:27 <+catphish> why does the router even have a private IP on the WAN side?
21:28 < lumake> the modem-router does not have wifi
21:28 < lumake> i need wifi in the lab so i attached a wifi-router-ap
21:29 <+catphish> oh, i missed that, the modem is also a router
21:29 < lumake> yes
21:29 <+catphish> so you have 2 levels of NAT
21:29 < lumake> yes
21:29 <+catphish> that definitely should work fine
21:30 < lumake> do you have any suggestions what log file i should check first or what to grep for?
21:30 < lumake> dmesg comes up empty for anything "obvious"
21:30 <+catphish> can you ping the server from other network?
21:30 < lumake> yes when it's not hung up on whatever it's hanging up on
21:30 <+catphish> ie the  10.1.10.1/24 network
21:30 <+catphish> i meant when it was crashed
21:31 <+catphish> or can you not ping it from anywhere? can it ping out to the internet?
21:31 <+catphish> you need to catch it when its broken
21:31 < lumake> i can ping the wifi-router-ap which has a 10.1.10.1/14 addy
21:31 <+catphish> and see what (if any) connectivity it does have
21:31 < lumake> yea i can ping eveyrthing exept the pxe server
21:32 <+catphish> when its broken 1) can you ping the pxe server from anywhere at all 2) can you ping out to the internet from the pxe server
21:32 < lumake> so when it's hanging up, i go to the pxe server and try to ping a WAN addy/website and there are no issues
21:32 < detha> does the PXE server have its address set statically?
21:32 < lumake> yes
21:32 <+catphish> so it *can* connect out, but nothing can ping it from either network?
21:33 < lumake> yes
21:33 <+catphish> that's strange
21:33 < lumake> wait
21:33 < detha> does it runs things like fail2ban?
21:33 < Windy> anyone use aruba IAPs ?  is it possible to send syslog via the VC address rather than each individual IAP address?
21:33 <+catphish> feels like firewall if it can connect out, but things can't connect in to it
21:33 < lumake> machines that have been served from the PXE server CAN ping it even if it's unaccessible from other locations
21:33 < lumake> detha no
21:34 <+catphish> this makes surprisingly litte sense
21:34 < detha> ARP issues, duplicate IP or something like that
21:34 < lumake> catphish, that's what's making me confused as well
21:34 <+catphish> all clients on the 10.0.0.0/24 network will all appear to the the same client, since they are NAT'd
21:34 < detha> things that have its MAC still work, but ARP fails
21:34 <+catphish> detha: but there's a router in between
21:35 < detha> true
21:35 < lumake> oh forgot to mention the pxe server get's it's connectivity from a dumb switch that's directly connected to the modem-router
21:35 <+catphish> that doesn't matter (hopefully_
21:35 <+catphish> )
21:35 < detha> weird indeed
21:36 < lumake> so it goes modem-router->switch->PXE server
21:36 < detha> what else is on that switch?
21:36 < lumake> PXE server's clients
21:36 <+catphish> to clarify, some clients on 10.0.0.0/24 can ping it, and others can't?
21:37 < lumake> when it's gummed up nothing on 10.0.0.0/24 can ping it
21:37 < lumake> everything on the switch can ping it
21:37 < lumake> afaict
21:37 <+catphish> oh, well that's a bit different!
21:37 < detha> quite so.
21:37 <+catphish> that makes more sense
21:37 <+catphish> maybe it's firewalled the NAT IP
21:38 <+catphish> or the router IP is duplicated
21:38 < detha> that would make sense
21:38 < lumake> the router ip is 10.1.10.13 and pxe is 10.1.10.12 (static)
21:38 < lumake> the wifi-router*
21:39 < lumake> the modem-router = 10.1.10.1
21:39 < detha> when it is broken, can you still ping 10.1.10.13 from 10.0.0.0 ?
21:39 < lumake> hold on , i have to wait for it to break XD
21:40 < lumake> shouldn't be long lol
21:40 < detha> when it breaks, try traceroute, see if you can still ping modem/router from 10.0.0
21:41 < detha> also, if there is some form of diagnostic on that modem/router, see if you can ping the PXE server from there
21:50 < lumake> great. now when i want to diagnose it decides to behave.
21:53 < lumake> so i can ping to the server from the 10.0.0.0 net but i can't ping FROM the server to the 10.0.0.0 net
21:53 < GoopAway> I want to run some sort of peer-to-peer network between me and my friend, so we can send data without an ISP.
21:55 < GoopAway> I've seen some yagi antennas talked about online and they're supposed to go for a few miles. There's about 4/5 miles between us (direct), but there's some city in the way. We don't have man you tall buildings in the city
21:55 < GoopAway> Many tall*
21:55 < GoopAway> Would it be possible?
21:56 < lumake> also , i can not ping the wifi-router-ap (10.1.10.13) from the PXE server (10.1.10.12)
21:56 < phocking> GoopAway: a direct line of sight is the most important thing for wireless links
21:56 < lumake> it just hangs
21:56 < phocking> if you have a perfect shot you can hit 8-10km with a 400mw integrated device
21:57 < phocking> if you have 'some city/trees in the way' that can very quickly become less than half a km
21:58 < GoopAway> phocking: is that with both send/receive using yagi antennas?
21:58 < phocking> nobody uses yagi for 2.4
21:58 < phocking> do you have a line of sight?
21:59 < GoopAway> No, I do not. I might be able to, if I can mount something on some tall poles.
21:59 < phocking> i mean some people do im sure, but they really shouldnt; an integrated panel antenna will get you more bang for buck. a yagi is for painting a wider area
22:00 < GoopAway> Oh, I thought yagi gave you directional benefits.
22:02 < Harlock> it does
22:03 < Apachez> https://github.com/teslamotors/linux
22:05 < godSend23> hey all
22:09 < godSend23> is GCP a bit overboard for hosting a site?
22:11 < tdoirc> Aeso: I haven't been able to find any resources that state one way or another for POE unfortunately, and it doesn't seem like there are very many, if any, 10Gbps POE injectors (I haven't been able to find anything)
22:14 < godSend23> ??
22:16 <+catphish> ??
22:17 < Aeso> ??
22:17 < DoctorDick> ??
22:18 < godSend23> should I use GCP for hosting?
22:18 < Aeso> godSend23, that's a _really_ open-ended question
22:18 < Aeso> here's a really open-ended answer: maybe
22:18 < Aeso> :)
22:19 < godSend23> i mean is there OS that has AI and ML too?
22:20 < Aeso> firstly, GCP isn't an OS?
22:20 < Aeso> secondly, your website needs ML to operate?
22:20 < qman__> Hosting a site and machine learning are two completely different things
22:22 <+catphish> should i use a donkey to ride into town?
22:23 < godSend23> it doesn
22:23 < godSend23> doesn't
22:23 < godSend23> but it'd be nice to have
22:23 < godSend23> uder the hood
22:24 < DoctorDick> I don't think you know what those are
22:24 < godSend23> i think 'light' suggested GCP to me
22:24 < godSend23> b/c of it's vast features
22:38 < TwoIce> Hi. Anyone know about any proxy/tunnel that obfuscates the traffic to look like html (no tls)?
22:42 < qman__> Machine learning is not an "under the hood" feature
22:43 < qman__> Your wordpess blog is never going to ytilize machine learning
23:31 < subunit> will HFC networks ever compete with fiber in the future?
23:41 < TandyUK> as in cable? not a chance
23:42 < TandyUK> what do you think the majority (if not all) cable networks use for their backhaul?
23:43 < S_SubZero> I didn't understand the question
23:44 < S_SubZero> HFC is "fiber is part of the run, copper is another part of the run".  The fiber part of HFC is... fiber!
23:44 < TandyUK> right, so compared to pure fibre end to end, theres no contest
23:45 < Aeso> unfortunately CMTSes are here to stay, at least for the next 10-15 years
23:45 < TandyUK> pure fibre will always be faster (speed or latency) than anything involving copper
23:45 < Aeso> tbh it's pretty incredible how much bandwidth you can stuff down 40 year old coax
23:46 < TandyUK> what pisses me off, if the virgin media adverts on UK tv, talking about their "super fast fibre broadband", all the while showing a fucking coax cable on the screen
23:46 < S_SubZero> my wiring is from the 70s and handles 175Mbit down without issue
23:46 < TandyUK> at least BT dont mislead people, by naming it "Fibre to the Cabinet" (not your house)
23:49 < Aeso> if you look at the modulation scheme, DOCSIS 3.1 really should have been DOCSIS 4
23:49 < Aeso> 2 to 3 was a smaller change than 3 to 3.1
23:51 < Aeso> 3.1 will do QAM-1024 on the same SNR that 3.0 required for QAM-256 due to improved FEC
23:52 < Aeso> plus the channel bandwidth shrunk significantly while the total range grew, meaning more customers on the same CMTS
23:52 < Aeso> more bandwidth more better :)
23:54 < koala_man> subunit: yes, they're way cheaper in the near future
23:54 < TandyUK> hmm thats not my experience of customers actually using it
23:54 < TandyUK> latency went up, overall reliability went down, pretty much
23:54 < TandyUK> assuming virgin went from 3 to 3.1 whe nthey started doing their "up to 300mb" services
23:54 < badsekter> if someone gets your ip (because you visit their website say) can they hack your home network by changing your router's dns or something?
23:55 < mr_sm1th> So I asked my domain registrar to set glue records. My nameserver is at ns1.box.domain.net, but the registar set the glue record to ns1.box with the ip.
23:55 < TandyUK> badsekter: if your home router security is horrifically bad, sure
23:55 < mr_sm1th> Shouldn't it be ns1.box.domain.net?
23:55 < TandyUK> mr_sm1th: why on a subdomain?
23:56 < TandyUK> ie why not ns1.domain.net
23:56 < varesa> badsekter: IPv4 address space is small enough that it's constantly being scanned and "attacked"
23:56 < TandyUK> you know what glue records are used for right??
23:56 < badsekter> tandyuk, not by remote admining, but by teaching it a false dns server
23:56 < mr_sm1th> TandyUK, That's just the way it is.
23:56 < TandyUK> mr_sm1th: WHY is that "the way it is", its stupid imho
23:56 < mr_sm1th> TandyUK, It's used so that I can use my own nameserver for the domain of the nameserver itself.
23:57 < mr_sm1th> TandyUK, It's not relevant.
23:57 < TandyUK> right, but the domain of the nameserver isnt a domain, its a sub domain
23:57 < Aeso> TandyUK, 'up to 300mbps' was what we got with DOCSIS 3 here. Not sure what virgin is doing.
23:57 < varesa> badsekter: you can't teach devices DNS servers outside the ISP network (and even then only if it uses DHCP for DNS servers)
23:57 < mr_sm1th> TandyUK, Correct.
23:57 < varesa> the attacker would have to be between the ISP and you
23:57 < TandyUK> you answering your own question yet?
23:57 < TandyUK> and it should be ns1.box.domain.net.
23:58 < TandyUK> but what then resolves "box.domain.net"?
23:58 < TandyUK> what are the nameservers for that?
23:58 < mr_sm1th> TandyUK, ns1.box.domain.net
23:58 < TandyUK> urgh
23:59 < TandyUK> ok, so you set glue records for "domain.net."
23:59 < mr_sm1th> Yes.
23:59 < mr_sm1th> I set ns1.box.domain.net and <ip> as a glue record.
23:59 < TandyUK> stop usign a damn subdomain
23:59 < mr_sm1th> But they set ns1.box and <ip> as a glue record.
23:59 < TandyUK> box.domain.net is the host
--- Log closed Fri Jun 01 00:00:16 2018