--- Log opened Fri Jun 01 00:00:16 2018 --- Day changed Fri Jun 01 2018 00:00 < TandyUK> ns1.box.domain.net is a host withing the subdomain box.domain.net, NOT domain.net 00:00 < mr_sm1th> I'm running an e-mail server Mail-in-a-box that also includes it's own nameserver, and it recommends putting the web interface at a subdomain. It also puts this nameserver at that subdomain. 00:00 < TandyUK> a) you missed off the final . and secondly youre using a damn subdomain 00:01 < TandyUK> sorry what 00:01 < TandyUK> this is an "all in one email server, nameserver, etc, all in a SINGLE box???" 00:01 < mr_sm1th> Yep. 00:01 < TandyUK> you have any idea how retarded that is, do not use that for DNS period 00:01 < mr_sm1th> It's so that I don't have to set up DNS somewhere else manually. 00:02 < TandyUK> you are required by RFCs to ahave a minimum of 2, preferably 3, up to 7 nameservers, geographically distributed 00:02 < mr_sm1th> But it can handle all that. 00:02 < TandyUK> a single box _CANNOT_ do that 00:02 < TandyUK> do dont do it 00:02 < mr_sm1th> Yeah the two name servers are on the same box. 00:02 < TandyUK> use a DNS provider to provide that for you 00:02 < TandyUK> or if your dns goes down, expect 24-48H of problems, you can do _nothing_ about 00:02 < mr_sm1th> It also supports external DNS. 00:02 < TandyUK> use it then 00:02 < mr_sm1th> Well... I'd have to copy all the records manually. 00:02 < mr_sm1th> I did that thus far. 00:03 < TandyUK> thats better than a glaring SPOF right at the core of your network 00:03 < mr_sm1th> OK. Thanks for the advice. 00:03 < TandyUK> i mean the "all in one box" is bad enough to begin with 00:03 < mr_sm1th> I have backups and I can easily spin up another box. 00:03 < TandyUK> but at least if your dns is external and it dies, you can put up some "down for maintenance" page 00:03 < qman__> yeah, that screams security nightmare 00:03 < TandyUK> with everything on the same box, you cant even do that 00:04 < mr_sm1th> Thanks. 00:04 < TandyUK> (regardless whether you have backups)... dns goes down, you cease to exist for 24-48H for most of the world 00:04 < mr_sm1th> Yeah I'm happy e-mail has to be delivered for like a week. 00:04 < TandyUK> depending on your TTL's ofc, but it could be as high as 2 WEEKS in some exceptional cases 00:04 < mr_sm1th> Having quite a bit of downtime now. 00:05 < qman__> Public DNS on an all in one server is a really, really bad idea 00:05 < mr_sm1th> Thanks. 00:05 < qman__> Private DNS, sure 00:05 < qman__> Not public 00:05 < TandyUK> mr_sm1th: drop the "all in one" shit, and employ a hosting provider to set this up for your properly 00:05 < mr_sm1th> Really? 00:05 < TandyUK> yeah really 00:06 < TandyUK> I wouldnt trust my internal email to a single server 00:06 < TandyUK> and dns, minimum of 4 imho 00:06 < TandyUK> thats _physical_ servers, not vms, or ips pointed at the same box 00:06 < qman__> Scale is important here 00:06 < TandyUK> if tiny scale, maybe vms on 2 different providers absolute minimum 00:07 < TandyUK> again, that would be for internal shit imho 00:07 < qman__> But if.you'clve gotnmire than a dozen users, one single server probably isn't going to cut it 00:07 < mr_sm1th> I have 4 users besides me. 00:07 < TandyUK> heard of office 365? 00:07 < mr_sm1th> I don't do proprietary stuff. 00:08 < TandyUK> rare for me to suggest that, but youre the perfect size to actually benefit from it 00:08 < qman__> For 5 users, a paid service is ideal 00:08 < TandyUK> fuck the proprietary stuff, its the hosted exchange that would solve your major SPOF's here 00:08 < Dat> I have been running a mailserver for some years now. 00:08 * Dat likes postfix 00:09 < mr_sm1th> Dat, with a SPOF? 00:09 < qman__> If you must run it yourself, one mail server is probably fine, but you should still use paid services for public DNS 00:09 < TandyUK> Dat: do you entrust your postfix, control panel, spam/virus scanners, and ALL dns to a single box, on a signle connection? 00:10 < mr_sm1th> It's even running on a storage VPS in Lithuania. 00:10 < Dat> TandyUK: I know better than to do that now. :) I have things spread out across providers 00:10 < Dat> been burned a few times. 00:10 < Dat> mr_sm1th: what is a SPOF? 00:10 < TandyUK> ^^^ see mr_sm1th :) 00:10 < mr_sm1th> https://en.wikipedia.org/wiki/Single_point_of_failure 00:11 < Dat> oh 00:11 < mr_sm1th> I'm guessing it's this. 00:11 < TandyUK> correct 00:11 < Dat> nah I don't do that 00:11 < Dat> thats bad idea 00:11 < Dat> ;/ 00:11 < Dat> as for dns I found he.net free dns service to work fine for my needs 00:12 < Dat> and I get to control things 00:12 < TandyUK> DNS is the one place you *do nto* want any kind of SPOF 00:12 < qman__> Yep 00:12 < Dat> yup 00:12 < mr_sm1th> I used to use ns1. 00:12 < qman__> You can restore a server from backup 00:12 < TandyUK> everywhere else, its bad, but given your size, you could live with it 00:12 < mr_sm1th> OK I'll go back to NS1 00:12 < qman__> You cannot un-break your public DNS in less than 24 hours 00:13 < TandyUK> ^^^^ and as ive seen whe nsome providers put up 2 WEEK TTL's on glue records, it can take weeks, sometimes even motnhs to fix a complete failure 00:13 < qman__> Yep 00:13 < mr_sm1th> I am experiencing this now. 00:13 < Dat> ;/ 00:13 < mr_sm1th> Should I have them delete the glue records? 00:14 < TandyUK> yeah, there is literally nothing you can do anbout it, apart from design your replacement network better 00:14 < mr_sm1th> Is it important that I have them delete the glue records? 00:14 < TandyUK> when it comes to DNS, dont do anything on a whim 00:14 < TandyUK> make sure you have a proper plan for when they delete them, what replaces them?? 00:14 < mr_sm1th> noip 00:15 < mr_sm1th> uhm 00:15 < mr_sm1th> NS1* 00:15 < varesa> I use Route 53 for my more important DNS zones, then 2x AWS instances on the different sides of Europe for the less important stuff 00:15 < mr_sm1th> I can't change my nameservers in their control panel. It says "nameserver update ongoing" 00:15 < Dat> hrmm 00:15 < TandyUK> Ive seen so many "too big to fail" providers have serious issues over the years, DNS is the one thing I wont entrust to any third party 00:15 < Dat> route 43 I'll have to note that down 00:16 < varesa> the only time my DNS dropped to 50% (or anything <100%) capacity was caused by a bug in cloud-init 00:16 < Dat> ahh from amazon 00:17 < varesa> got cloud-init enabled and IPv6 on the instance? "yum update && reboot" -> your instance no longer connects to the network, neither IPv4 *nor* IPv6 00:17 < Dat> ouch 00:17 < varesa> took me a couple of hours to figure out a) what happened b) how to fix it 00:17 < TandyUK> hardware ftw :P 00:18 < varesa> noticed some weird looking cloud-init output in the serial console and saw in logs that cloud-init was updated 00:18 < TandyUK> with KVMoIP switches connnected ofc 00:18 < varesa> mounted the root volume to another instance (which was a PITA with UUID-based disks since I tried to use another instance from the same image), chrooted and did a yum downgrade 00:19 < varesa> rebooted fine afterwards :) 00:19 * varesa is happy that he has 2x DNS servers and that he decided to check that the first one works properly before rebooting the second one 00:20 < TandyUK> aye, good move :) 00:21 < TandyUK> Ive got 4 primary (physical) dns servers, with 2 hot-spare vms ready to go in the event of hardware issues, and am considering adding another couple of servers on other continents as we see international load start to rise 00:22 < TandyUK> I'd describe my dns setup as "ok" for a medium sized network 00:22 < mr_sm1th> Did anyone here read "Computer Networking - Problems and Solutions" from Russ White and Ethan Banks? 00:22 < TandyUK> "good" would require 7 physical servers, on different continents, with 7 backups ready to go 'just in case' 00:22 < varesa> I considered adding a third server to Azure or GCP (or some other provider than AWS) but decided that it probably isn't worth the cost and effort 00:23 < varesa> as all the domains hosted on these are some low-traffic vanity/for fun stuff 00:23 < TandyUK> yeah so theres nothing really critical 00:23 < TandyUK> like voip phone systems 00:24 < TandyUK> pretty sure my customers would notice if our dns went down, and they were unable to make phonecalls 00:24 < TandyUK> though our support desk would hopefully be quite quiet due to their lack of phones :P 00:24 < varesa> yeah, that isn't production 00:24 < varesa> :P 00:26 < TandyUK> life was much simpler when all our stuff wasnt reliant on our own dns cluster, BUT, when shit happened, there was sweet FA we could actually do about it 00:27 < TandyUK> DNS related shit anyway 00:27 < varesa> DNS is thankfully fairly simple to keep running 00:27 < varesa> at least it can be 00:27 < varesa> like it usually doesn't catastrophically fail under its own complexity 00:28 < TandyUK> aye 00:33 < varesa> something could break in a way that prevents you from making consistent (or hopefully in that case at all) changes to zones but the servers will still keep serving what they had 00:37 < TandyUK> and then theres caching lol 00:37 < TandyUK> even if you do break something critical, is not necesarily instant fail 00:38 < varesa> on the other hand, there is caching which means that if you on a logical level break your zone it will stick for some while ;p 00:41 < varesa> at least it is unlikely I'll do the same mistake of doing DNS/server changes too quickly without taking TTL to account taking down a production website for 15 minutes again 00:43 < varesa> "cool, works for me. Let's check with my phone just in case. Weird... Oh... F***" 00:47 < duso> ISP <--> Bridege Modem <---> pfsense (IPv6) \\ My wan interface on pfsense is set to dhcpv6, pulls in a IPv6 address in my delegate /56 from my ISP, gets the correct IPv6 DNS servers but gets an fe80: address for the default gateway - Is this correct? Is the bridged modem somehow intercepting the dhcp response and putting in the its link local address to make itself the default gateway or has my ISP stuffed up its DHCPv6 server somehow? Why wouldn't they 00:47 < duso> just advertise a proper public ipv6 address for the default gateway? 00:48 < Dagger> fe80:: is normal for the default route. the default router has to be on the same link, after all 00:48 < varesa> I've seen some ISPs use fe80: for the gateway 00:48 < varesa> why? no idea 00:50 < Dagger> also DHCPv6 has nothing to do with the default route. machines set their default route to the source of the RAs they receive 00:50 < duso> Wouldn't the fe80: address have to be the link local between the pfsense box and the ethernet port on the modem? 00:50 < varesa> if the modem is set up as a bridge, no 00:51 < Dagger> for client machines on the local network, presumably it would be the pfsense box 00:52 < Dagger> for the pfsense box, it'll be whatever the immediate upstream router is (which is presumably at the ISP's end, assuming your modem is a modem) 00:52 < CrazyCow9> Hi i'm physically in South America and I need to connect to an Italian website as fast as possible. Would a paid VPN service enhance my connection? I have a good stable Inernet connection tho very high ping on international servers. 00:52 < duso> my understanding of a modem in bridge mode is it is layer 2 only so I do not understand how it can still have an IP address and I can still log into the web interface while it is in bridge mode 00:53 < duso> TG789 v2, cheapie from the ISP - I am starting to think that is where my problems are 00:53 < varesa> CrazyCow9: generally if the lines between you and your destination are slow/bad, VPN isn't going to help 00:54 < varesa> however VPNs can in some cases help the connection get routed differently which might mean less hops for example 00:55 < varesa> I've heard about some people VPNing even just to a DC/VPS nearby when the VPS provider has had significantly better peering/transit connections than the other ISP 00:55 < CrazyCow9> varesa: hmm in Gaming i usually get 30 ms of lag in local servers, but at least 200 ms in international servers. I'm thinking my ISP has a shitty "out link" outside of the continent. I was wondering if I can somehow know if a VPN would mean that my PC conencts to VPN-PC1 with good "out link" and thus I get a better response. 00:56 < varesa> duso: it could act as an switch with an internal switch port to the management interface 00:56 < Dagger> duso: the modem can give itself an IP on the bridge. it won't be doing routing but you can still reach it (like you could any other machine on the same link) 00:56 < CrazyCow9> basically as you said less hops or same amounts of hops but with better bandwidth 00:56 < varesa> CrazyCow9: in that case you'd want to find some other "local" place to connect through 00:57 < varesa> there are also managed L2 switches which have an IP :) 00:58 < CrazyCow9> oh ok thanks! 01:01 < duso> Well, I am at work at the moment so I can not test it out, but as I left it I could nslookup and hit the ISP DNS servers but if I tried to curl google I would have to route to host. 01:20 < duso> *no route to host 02:29 * CuriosTiger decides to be cheeky and name his IoT WLAN 'insecure.bigrig.org'. 02:53 < subunit> TandyUK : the last mile, do we ever get over the GHz range? can we compete with fiber? yes, i think you're right. ithe ammount of lightwave will far surpass the electrical domain, 02:56 < subunit> can we push HFC into the 10Gbps range? i think 5G will ta that space anyways. 03:04 < S_SubZero> I don't know what you are asking, but 10Gbit copper ethernet exists, so if you convert 10Gbit fiber into 10Gbit copper, well then there ya go 03:10 < CuriosTiger> 10G copper is really finicky. 03:10 < CuriosTiger> I've had so much trouble with it just due to patch cables marketed as Cat6A that aren't. 03:11 < varesa> DAC or fiber or gtfo :P 03:20 < spaces> CuriosTiger use fiber instead! 03:23 < CuriosTiger> spaces: I do as much as possible. 03:26 < spaces> CuriosTiger you do latex as well ? 03:26 < spaces> as much as possible ? 03:27 < spaces> CuriosTiger I'm thinking about even fiber all my servers 03:30 < alazyworkaholic> I'm trying to set up a lighttpd server on my device and run an app. The server seems to work, but instructions to install the app include running 03:30 < alazyworkaholic> │ | "lighttpd-enable-mod ". That command doesn't exist. What to do? 03:31 < spaces> alazyworkaholic wrong channel ? 03:33 < precise> spaces: Wrong window lol 03:33 < alazyworkaholic> spaces: Tried #openwrt #dokuwiki & #lighttpd with that question. Getting desperate, sorry. 03:34 < spaces> alazyworkaholic try some alcohol, skip the ic ;) 03:36 < alazyworkaholic> Good suggestion. But assuming #networking ppl may know something about this, any idea what to do about my problem? 03:37 < alazyworkaholic> Or a better channel than the dead one's I've tried? 03:57 < batch> hey, i'm thinking, is it possible to block wake on lan with iptables? 03:59 < rewt> isn't wol at a lower level? 04:00 < rewt> and caught by the nic before it gets to the kernel? 04:00 < rewt> the kernel which is presumably not running, because you're waking it 04:01 < batch> so ehm is it possible then? 04:01 < batch> or anything else then iptables that can prevent it 04:01 < batch> this just keeps me curious hehe 04:03 < rewt> you could unplug the network cable 04:03 < Poster> wake on lan happens at layer 2, iptables is layer 3, you might be able to use ebtables or something else to manipulate layer 2 04:03 < batch> like iirc it uses port 7 and/or 9 04:03 < batch> i read that most routers block it 04:04 < Poster> If you are wanting to block something from waking your system up, the system would already be on to do so 04:04 < batch> depending from where i want to wake it 04:04 < GenteelBen> rewt: no, WoL is TCP/IP. 04:04 < batch> like in the network would be nice to make it wake but like from outside i just don't want that 04:04 < rewt> orly? 04:05 < Poster> There are implementations to push it over IP, but natively it's layer 2 https://en.wikipedia.org/wiki/Wake-on-LAN 04:05 < GenteelBen> Isn't WoL a broadcast, anyway? 04:05 < GenteelBen> It's been so long since I cared about it. 04:05 < Poster> yep, ff:ff:ff:ff:ff:ff 04:06 < rewt> it can be in just an ethernet frame, below tcp and even ip 04:06 < batch> yeah like hmm is it still used anywhere lol 04:06 < GenteelBen> Oh, WoL is looking for a MAC address? 04:06 < batch> probably usefull in big offices 04:06 < Poster> it can be, what I mean is iptables does not filter ethernet frames, which is where wake on lan operates 04:06 < GenteelBen> "Since the magic packet is only scanned for the string above, and not actually parsed by a full protocol stack, it may be sent as any network- and transport-layer protocol, although it is typically sent as a UDP datagram to port 0,[6] 7 or 9, or directly over Ethernet as EtherType 0x0842.[7]" 04:07 < batch> so it's an empty packet with just info in the header or what 04:07 < batch> hmm that didn't sound good i think 04:07 < rewt> and the fact that it's caught by the nic before the packet makes it anywhere near the kernel to be filtered, makes it somewhat difficult to filter it in the kernel 04:08 < batch> i see 04:08 < batch> weird 04:08 < Poster> plus the system would need to be on to block the power on request =S 04:08 < rewt> batch, it's a packet that contains a special byte sequence (102 bytes) specific to the machine you want to wake 04:08 < batch> OH 04:08 < batch> oke nice to know this thx 04:09 < Poster> If you were to place an ethernet bridge between the system requesting the wake on lan and the system listening for it, you could probably block the broadcast frame, but that would probably block other things you may want, like DHCP 04:15 < RtMF> aaandthere go my earbuds fsck I hate stupid little pieces of copper... 04:16 < batch> Poster how so ? 04:17 < Poster> an ethernet bridge passes ethernet frames, meaning layer 2, if you were to apply ebtables filtering at layer 2 to not pass ethernet frames to ff:ff:ff:ff:ff:ff, you will prohibit the wake on lan frame from traversing the bridge 04:17 < Poster> but that same ethernet frame address is used to discover DHCP servers 04:49 < Celmor> when connecting to an access point the gateway will see packets send from the client as having its mac address changed to the access point, right? 06:46 < screwsss> is filezillas speed limited 06:47 < Stryyker> generally no 06:47 < Stryyker> Do you find other FTP clients faster? 06:48 < qman__> it has a feature to set a speed limit 06:51 < screwsss> Stryyker. its the only one ive tried so far. but what i found is, the speed at which a single file seems to transfer is roughly the same 06:51 < screwsss> meaning lets say im sending video clips, i can send one at 15 MB/s and i can receive one simulstaenously at the same speed 06:51 < screwsss> but no matter what it never goes above roughly that speed 06:51 < screwsss> neither* do 06:52 < screwsss> and if im sending 4 files its not like they are divided amongst the bandwidth no.. 06:52 < screwsss> the speeds of them are all roughly the same too 06:53 < Stryyker> Some servers also have speed limiting. Part of the reason some download accelerators work 06:53 < Stryyker> could be a path issue 06:53 < screwsss> path issue... 06:53 < qman__> filezilla is unlimited by default, but does have the option to set limits, so make sure they're not set 06:54 < screwsss> whats the limit of HDD 06:54 < screwsss> qman__ - shouldnt be. its a fresh install. 07:01 <+pppingme> screwsss depends on drive and how its interfaced, but 150MB/s isn't hard to acheive 07:02 < screwsss> hrm. 07:02 < screwsss> it only goes through 1 router and 1 switch 07:02 < screwsss> maybe ill try a more direct connection see if that makes any meaningful difference 07:02 <+pppingme> if its a 100meg switch, then that works out to just under 12.5MB/s 07:03 <+pppingme> not accounting for any compression that some protocols might do 07:07 < screwsss> hrm 07:11 < screwsss> https://vishcomputers.com/wp-content/uploads/2018/03/20.jpg 07:12 < screwsss> says gigabit.. 07:51 < screwsss> https://vishcomputers.com/wp-content/uploads/2018/03/20.jpg 08:17 < cmj> 12.5 * 8 08:17 < screwsss> you mean they split the speed amongst the ports 09:16 < heller_> hmm, common reasons why a gigabit port gets only 10Mbps link? 09:16 < heller_> cable or connector is bust? 09:16 < heller_> both ends are gigabit 09:17 < screwsss> yep 09:17 < screwsss> all ports are gigabit 09:23 < potatoe> detha im going to try and debug it again 09:23 < potatoe> I got quite busy yesterday sorry 09:27 < arunpyasi> web 09:43 < kartikay> Hi guys, I want to understand how Atom's teletype works. It says that the clients first connect to a central server and then the server disconnects and the clients are joined by a peer to peer network. 09:43 < kartikay> Like this: https://cdn.discordapp.com/attachments/239245015707025408/451989756276899840/unknown.png 09:44 < kartikay> I want to implement something similar for my game, how would I do that? 09:46 < ziggylazer> How much real network knowledge do you have= 09:46 < ziggylazer> *? 09:46 < ziggylazer> Thats not something you put together in an afternoon 09:50 < kartikay> ziggylazer: I don't have very much of networking knowledge, I only know the basics. 09:51 < kartikay> But i'm willing to put in effort to learn whatever is needed for this.. 09:51 < ziggylazer> Okay. So I got the books you need 09:51 < kartikay> Could you just give me some pointers, what should I read or search for? 09:51 < ziggylazer> Let me check the names 09:52 < ziggylazer> ICND1 and ICND2 they exist as PDF's 09:53 < ziggylazer> And guessing you got some sweet hardware to? 09:54 < kartikay> No, I don't get what you mean. I want to join two computers via the internet. What hardware do I need for that? 09:55 < ziggylazer> I thougnt you wanted something of a larger scale. 09:56 < ziggylazer> Still, you need some networking knowledge, And CCNA is the bible 09:57 < kartikay> Haha, no, I don't want to go to that much depth in networking ... 09:58 < kartikay> Basically right now I just want to understand that in what way does Atom's Teletype extension join two computers after initially they are connected to the central server 09:58 < ziggylazer> So deduce what they do. 09:59 < ziggylazer> I dont know what Atom is even. But listen to whatever traffic you can. Read up on services and protocalls needed 10:00 < kartikay> umm-hmm 10:00 < Stranger789> https://stackoverflow.com/questions/29794964/how-do-webrtc-peers-connect-to-each-other-if-none-have-opened-ports 10:02 < Stranger789> Atom use WebRTC, that use upnp and end of story 10:02 < Stranger789> if im not missing something 10:03 < kartikay> Stranger789: Oh, that's what I was looking for, Thanks a lot! 10:03 < ziggylazer> Saw something about some tunnels= 10:04 < ziggylazer> Or a server to hold and share the IPs 10:04 < ziggylazer> First and foremost 10:05 < ziggylazer> Then just use upnp and presto? 10:08 < Stranger789> you can simply look for how torrent works 10:08 < Stranger789> the atom is like a torrent tracker 10:09 < Stranger789> it do the management but it doesn't know what you really "say" to other peer 10:12 < Stranger789> after understanding just by googling around how torrent works then take a look about WebRTC and boom! you got everything you need to know without reading tones of blah blah on books 10:12 < ziggylazer> Well. Knowing CCNA is never a bad thing atleast 10:12 < ziggylazer> You get a hatered for Cisco but that about it 10:14 < Stranger789> yes books especially cisco's one have EVERYTHING but you dont need that!! normally a random person who are curious about something just cant read how tcp/ip works on transmition layer just cause the book says it 10:16 < ziggylazer> Yeah. I did not understand how a torrent functions to I thought he would need more conf 10:17 < Stranger789> books are great for level up monitors :P no kidding, some books and especially cisco ones are great but tooooo much if you want to find about a single thing and not the science behind it 10:17 < ziggylazer> Very true 10:17 < ziggylazer> And they are so very boring 10:18 < ziggylazer> Dont have the cert but read all that is included in CCNA and more. And been tested. Just not officially 10:19 < Stranger789> as i said.. blah blah... too blah. BUT Datasheets ROCKS! they have totally everything you could ever imagine in a compact way 10:19 < ziggylazer> I agree. As long as nothing breaks 10:20 < ziggylazer> Had to setup .1x with Radius auth against AD where all servers and clients were VM's 10:21 < ziggylazer> That took more time then I would like to admit 10:23 < Stranger789> anyway im just a passenger that trying to configure the irc client right this time. and i just saw hat question. 10:24 < Stranger789> if there is anybody here willing to solve some strange noobis probably questions fell free to msg 10:25 < ziggylazer> Stranger789, what do u need help with 10:25 < Stranger789> ziggylazzer: test 10:25 < ziggylazer> I bounce my connection over a ZNC 10:26 < ziggylazer> Need more info. What are you doing and what not working 10:27 < Stranger789> basically i think the problem is i might be bored to read more manuals about hexchat and learn a totally new thing for me 10:28 < Stranger789> so im shy to start spamming questions i didnt found from just googling 10:28 < ziggylazer> Pm me and I help you out. 10:29 < ziggylazer> Or keep googling. Whatever you want man ;) 11:06 < haaning> Is it possible to configure a web server to only serve its contents given a DNS registered hostname and not its IP? 11:07 < detha> haaning: vhost setup 11:07 < Stranger789> yes 11:08 < Stranger789> or iptables 1 line 11:08 < Stranger789> if on linux ofc 11:08 <+xand> how would iptables help? 11:09 < Stranger789> just accept trafic for the spesific port only from an ip 11:09 <+xand> what 11:09 < Stranger789> the ip genarated on startup or rules refresh ? 11:09 < haaning> detha: virtual host like in apache? 11:09 < Peng_> haaning: yes 11:09 < haaning> How would that look, just pseudo-syntax? 11:10 < Stranger789> what is your web server application ? 11:11 < haaning> Apache 11:11 < Peng_> Every tutorial should cover it 11:11 <+xand> make the default vhost not have any content and create one for the name you want 11:12 < haaning> So just to confirm, it is possible to reject content served given a direct IP addresses that maps to the hostname in the DNS registry? 11:12 < haaning> Ah 11:12 < haaning> Perfect 11:12 <+xand> then if you went to the IP address you'd get 403 Forbidden, or just a blank page... 11:15 < Stranger789> ow damn i misread the whole question. SRRY :) 11:35 < mexx> Hello, the #linux guys sent me over. I have a what looks to me like a routing problem with linux. I'm tethering my iphone but when I'm connected to the lan, I can't access anything through the phone. I played with metrics and lowered the default route provided by the phone but then I can't access anything on the lan even if I add a static route that goes through the lan's nic 11:36 < ziggylazer> https://www.techwalla.com/articles/how-to-ping-your-network-from-an-iphone 11:36 < ziggylazer> See if the ICMP is there 11:36 < ziggylazer> If so it narrows it down a bit 11:37 < mexx> Destination Host Unreachable 11:38 < mexx> Oh my phone's connection is ok 11:39 < ziggylazer> And you can ping the adress from another device ? 11:40 < ziggylazer> I would say no 11:40 < mexx> Not from my laptop, unless I setup the default route with a lower metric than the lan one 11:40 < mexx> But then the lan is unreachable 11:41 < ziggylazer> I need to see that config if metrics is a part of the problem. 11:41 < ziggylazer> Clearly not a linux issue 11:43 < mexx> https://paste.debian.net/1027554/ 11:44 < ziggylazer> So going over this might take a moment or two. 11:45 < mexx> Take your time, thanks for your help 11:52 < aruns> Hey guys, since yesterday, none of my Apache virtual hosts seem to resolve anymore on Windows 10 - only localhost seems to resolve. 11:52 < aruns> I am running Apache 2.4, MySQL 5.7.21 and PHP 7 on WSL and was accessing the virtual domains for the past couple of weeks just fine from my Windows 10 host. 11:53 < aruns> I have cleared both the DNS cache and the NetBIOS cache, I have cleared the DNS cache on Firefox as my testing browser and enabled XAMPP to see if a test domain I set up would resolve - it did not. 11:57 < mexx> aruns: local data? 11:57 < aruns> mexx: ? 11:58 < mexx> do your virtual hosts resolve on the internet or only on your local resolver ? 11:58 < aruns> Before yesterday, they were resolving in the browser. 11:58 < aruns> But now not even ping works with them. 11:59 < aruns> So it looks like neither. 11:59 < mexx> maybe you're using the wrong name resolver 11:59 < aruns> I changed DNS Server settings so that it fetches the DNS servers automatically 12:00 < aruns> Rather than using Google's public DNS servers. 12:00 < aruns> Did not make a difference. 12:00 < mexx> so if they're public I should be able to resolve those name too 12:06 < aruns_> mexx: No, they are not public. 12:07 < mexx> aruns_: so you're probably asking the wrong rver 12:14 < aruns_> mexx: I fixed the issue. 12:14 < aruns_> It's an issue I encountered earlier this week. 12:14 < aruns_> Not sure how it popped up again. 12:14 < mexx> What was it? 12:14 < aruns_> But basically, Windows refuses to read any lines in the hosts file that contain non Windows line endings. 12:14 < aruns_> Which is really stupid IMO. 12:15 < mexx> Oh 12:15 < mexx> Well it's just one line to it 12:42 < djph> windows refuses to read lines it can't parse ... is not exactly "stupid". 12:54 < dminuoso> aruns_: Windows has a clear definition of what constitutes a line ending. 12:55 < dminuoso> aruns_: In a way Windows has the most sensible notion of line endings if you think about what CR and LF actually mean. 12:55 < dminuoso> The main problem is that we are trying to use a character used for terminals to represent text files. 12:58 < dminuoso> "\n" is not really a text character, its a control sequence in a way. 13:00 < dminuoso> How weird this mess is becomes apparent when you try to think what `vim` should do when you open a file containing a BEL character. 13:00 < dminuoso> ASCII is just weird. 13:01 < detha> So, if you had a time machine, could go back to the days ASCII was standardized, and could remove *one* character, which one would you remove? 13:10 < TandyUK> NUL 13:10 < TandyUK> and watch the C programmer cry lol 13:14 < potatoe> detha i figured it out 13:14 < detha> potatoe: what was it ? 13:15 < potatoe> i ditched natd 13:16 < potatoe> inbuilt nat, ipfw nat 1 config if em0; ipfw add 50 nat 1 ip4 from any to any in via em0; ipfw add 800 nat 1 ip4 from any to any out em0; then just the usual skipto 800 in between 13:16 < potatoe> the first line is important 13:16 < potatoe> for some reason the handbook stuff really sucks for this 13:17 < benoliver999> Really dumb question... if I have a device that is tagging packet with a VLAN, but the VLAN is not actually configured anywhere yet, does it matter? 13:17 < benoliver999> I'm guessing 'no' but I'm in a bit of a chicken or egg situation atm lol 13:17 < detha> potatoe: interesting. I suspect things were 'improved' at some stage, and the handbook hasn't kept up 13:18 < potatoe> detha but if we want to continue natd im game too, but it really is upto the 50 divert natd ip from any to any in via em0 13:18 < potatoe> if i remove that rule then atleast the incoming is fine 13:18 < potatoe> if i have that rule the incoming isnt working even on the host box 13:18 < potatoe> ive checked the usual suspects, gateway_enable, IPDIVERT in loader.conf etc 13:18 < detha> benoliver999: the packet will just be ignored by everything else on the network 13:19 < benoliver999> Ah right 13:19 < turtle> you haven't needed to use natd in years 13:19 < detha> potatoe: hmm. it should, but yeah, the whole natd thing is a bit of a kludge 13:20 < potatoe> yeah, well i suspect that inkernel nat maybe better since 11.x anyway 13:20 < potatoe> but cant run any benches because i cant get natd to work 13:20 < potatoe> oh well 13:20 < potatoe> not sure if this bug has been fixed yet or otherwise as well: https://lists.freebsd.org/pipermail/freebsd-ipfw/2017-August/006582.html 13:23 < alexandre9099> hi, my isp router says 2001:----:----:----::1 on it's IPv6 IP and on the IPv6 Prefix there is 2001:----:----:----::/56 (masked the ip for, i guess obvious reasons :D) does this mean that i got all the IPs on that prefix? 13:25 < djph> more or less 13:25 < alexandre9099> what you mean by more or less? 13:28 < djph> It's the ISP's range, so yeah, you can use it ... but they're still "the ISPs" (kinda like how if you get a /29 in v4) 13:28 < djph> You can do a lot with the range, but there are some things (e.g. rDNS) that might not work. 13:29 < alexandre9099> but i mean, all those ip's are mine in the sense that my devices can be reached trought the internet with that ips 13:29 < alexandre9099> (rdns would imply static ip, no?) 13:29 < djph> alexandre9099: oh, in that case, absolutely 13:31 < djph> even if you lease statics from an ISP, they might not set the rDNS for you (so 192.0.2.64/29 that they gave you will still point to "yourisp.com" if you did an nslookup on one of the IPs) 13:31 < alexandre9099> hmm nice, i need to learn more about ipv6, for some reason my tplink is a little bit awkward with ipv6, maybe i am accustomed to IPv4 where i only get 1 ip and i need to use nat to get into the device :D 13:31 < alexandre9099> djph, that's one of the reasons for "home made" email servers don't work, right? 13:32 < djph> works fine here :) 13:32 < alexandre9099> i did almost everything that i could but for some reason my emails would always go to spam folders :/ 13:33 < alexandre9099> maybe the domain was .tk ? not sure if that would be the problem 13:33 < djph> the biggest reason is that most "residential" blocks are known to the blacklists (i.e. the ISPs may tell them "hey we're using these for residential setups") 13:33 < alexandre9099> i only found my ip on one blacklist, one that listed dinamic ips :( 13:34 < djph> you kinda have to cover all the bases - DKIM / SPF / etc; and (a) not be on *any* blacklists and (b) sometimes gain trust as a known sender. 13:34 < djph> although that won't fix everything. Gmail seems totally ok with mine, and that gets nearly everyone I talk to. 13:34 < bezaban> residential lines sometimes block 25, also a dynamic ip add for email is a bad idea 13:35 < alexandre9099> hmm, i might try again some day :D (i got all of those things configured, dkim, spf...) 13:35 < bezaban> as a reply to 'reasons why not', but I see it was put forth as 'one of' :) 13:35 < alexandre9099> bezaban, my ip is kinda static, lease time is giant 13:35 < bezaban> alexandre9099: yeah, the problem is when it changes 13:35 < alexandre9099> bezaban, hmm, don't email servers trust the domain? 13:36 < djph> bezaban: good thing email retries a few times then, huh? 13:36 < bezaban> djph: yeah, unless you get spf fail. You can rely on retires ofc 13:36 < djph> although, it changing may move you from an "okay" address to one of the blocked ones. 13:36 < bezaban> and can automate the dns record updates, but I would expect some email servers to give up when they reach conditions like 'server not there' 13:37 < djph> although, I think I've had the same IP for a year now even though it's "dynamic(tm)" 13:37 < alexandre9099> :D 13:37 < alexandre9099> djph, fiber? on my isp, adsl changes ip more frequentely than fiber (i got fiber :D) 13:37 < djph> yeah, I have two servers - my personal, and a company one. 13:38 < bezaban> or well, retries would work, but depends on implementation if it does a new dns lookup I guess 13:38 < bezaban> problem is you'd never know 13:39 < bezaban> and some prince in nigeria may want to give you a lot of money 13:39 < djph> personal (@home) uses the "company" one as a low-priority node, which just sends back SMTP 50x "down for the moment, please try later" for my personal box 13:54 < moosehumps> excuse me 13:55 < moosehumps> i have a question 13:55 < moosehumps> can i ask it or do i have to PM 13:55 < TandyUK> defintely do not PM 13:55 < TandyUK> just ask 13:55 < TandyUK> like everyone else does lol 13:55 < moosehumps> well i have a bit of a problem 13:55 < moosehumps> so like 13:55 < moosehumps> do i ask or wat 13:56 < TandyUK> ask your fucking question 13:56 < alexandre9099> just ask ffs 13:56 < alexandre9099> Topic says "If you have a question, ask it!" :) 13:56 < bezaban> before asking I'd like to refer to the topic 13:56 < bezaban> aaaw 13:56 < bezaban> TGIF 13:57 < moosehumps> the problem is that i am highly successful in life. i have an impressive array of sports cars, objects of art, real estate items and a full head of hair 13:57 < moosehumps> i also have an impressive 8.5 inch large penis 13:57 < TandyUK> I instantly call bullshit 13:57 < moosehumps> i am not lying about this 13:57 < mardraum> what cars? 13:57 < alexandre9099> well, instant kick, i guess 13:57 < alexandre9099> :D 13:57 < dminuoso> detha: The problem is not that ASCII is bad, its just that it's bad for text encoding. 13:58 < dminuoso> detha: ASCII is basically a terminal control format. 13:58 < dminuoso> Or maybe even a protocol rather. 13:58 < moosehumps> i also own an impressive range of designer clothing, furniture and chinese porcelain of the nigger kind 13:58 < moosehumps> the question is: 13:58 < TandyUK> moosehumps: we're still waiting for your actual question, we dont give a fuck about your life story 13:58 < moosehumps> why am i so brilliant 13:58 < TandyUK> if that were true, you wouldnt need to ask 13:58 < moosehumps> in every way 13:58 < moosehumps> and in every facet 13:59 < avu> the real question is, why haven't you been kickbanned yet 13:59 < moosehumps> excuse me 13:59 < dminuoso> detha: In a way a text file amounts to "terminal commands" - so displaying a text file can be considered executing in within the context of a terminal (emulator) 13:59 < moosehumps> sometimes i look in the mirror and i ask 13:59 < moosehumps> why 13:59 < moosehumps> why God 13:59 < dminuoso> But that's simply not how anyone thinks about text files 13:59 < moosehumps> why was i born this amazing 13:59 < alexandre9099> just a bad troll :D 14:00 < TandyUK> you're certainly great at wasting peoples time 14:00 < moosehumps> listen alrite 14:00 < moosehumps> its a problem that i struggle with constantly 14:00 < detha> dminuoso: true. I remember bubbling beer glasses done in VT-240 codes. 14:00 < moosehumps> and i was hoping for some kind of constructive answer 14:00 < moosehumps> as opposed to your rudeness 14:00 < TandyUK> im not sure how a bunch of network engineers can help what you clearly need to see a psychiartist for 14:01 < moosehumps> i just am so good looking and extremely good at fitness and network engineering 14:01 < moosehumps> i am extremely successful in life 14:02 < djph> TandyUK: I think the keys you're looking for are "/", "i", "g", "n", "o", "r", "e", " ", "m", "o", "o", "s", "e", "h", "u", "m", "p", "s", "\n" 14:02 < dminuoso> detha: Heck even nowadays you can do things like '\033[;i' 14:02 < dminuoso> detha: iTerm2 implements that VT100 escape sequence. It' 14:02 < moosehumps> thats cute djph 14:02 < moosehumps> how many hours in wardrobe for u 14:02 < moosehumps> sugar tits? 14:02 < moosehumps> you like SUGAR on your tits 14:02 < moosehumps> ? 14:02 < dminuoso> detha: I once was running tail on an SSH'd machine on a log. And the server had a bug spamming the log with a bytesequence by accident. It contained that exact escape sequence. 14:03 < dminuoso> My system hung up, and then I got an almost infinite stack of print dialogs.. 14:03 < dminuoso> You cant imagine the look on my face. 14:03 < moosehumps> well u should have used the appropriate spectrum to make the right decision 14:03 < moosehumps> u didnt think of this? 14:03 < detha> dminuoso: I have an evil plan of putting that in some error message.... 14:04 < moosehumps> so? 14:04 < moosehumps> what's holding you back, young man 14:04 < moosehumps> do u need counselling? 14:06 < moosehumps> detha you must be one of these lesbians 14:06 < moosehumps> with the shave head they look like they smell or something 14:06 < dminuoso> detha: It took me maybe 20 minutes to realize what was happening - mainly because you dont think about terminal drivers anymore. 14:06 < TandyUK> he'd have to be a lesbian trapped in a mans body 14:06 < moosehumps> its disgusting 14:07 < dminuoso> detha: In those 20 minutes I was staring at the screen in disbelief. 14:08 < dminuoso> Largest "wtf" moment in my life. =) 14:09 < regdude> how would one test if 802.1p in a network working properly? Sending CoS7 right after CoS1 doesn't seem to be the right method 14:09 < moosehumps> to be honest with you i am not homophobic but im not a huge fan of the lesbians 14:09 < moosehumps> like unless maybe if they were hot 14:09 < moosehumps> but most of them look like truck drivers 14:09 < moosehumps> its gross 14:10 < detha> regdude: send lots of both. tcpdump on both sides. compare. 14:11 < moosehumps> regdude are you quite content with that response 14:11 < moosehumps> feel like where you're happy at in life? 14:11 < regdude> detha: how would I compare that? If a significant more amount of CoS7 has arrived? The amount of traffic should be near the interface limit, right? 14:11 < moosehumps> regdude we have internships coming up 14:11 < regdude> wat 14:11 < moosehumps> internships 14:12 < moosehumps> regdude have u got references? 14:12 < regdude> should I be worried about internships? 14:13 < moosehumps> well yes 14:13 < moosehumps> you dont even understand CoS7 14:13 < detha> regdude: compare order in which they arrive 14:15 < regdude> detha: but the problem is that I can generate packets how I want, but I will always send out each packet with a slight delay so always one will be first 14:15 < detha> you will have to load the link pretty much to 110%, so things start buffering 14:16 < moosehumps> regdude do u understand 14:16 < regdude> detha: if I'm sending it through a switch, then the switch will look at its inner buffers and see that there is no point to hold the packet, the switch can forward easily both by using FIFO 14:16 < moosehumps> regdude 14:16 < moosehumps> think about what you're saying 14:17 < regdude> so yeah, I suppose I really need to overload the device to be sure 14:17 < detha> regdude: then send from two ports into one 14:17 < moosehumps> regdude 14:17 < moosehumps> why dont you think 14:17 < moosehumps> before you act 14:17 < detha> A sends to C, B sends to C, compare order for A's packets between A and C 14:18 < moosehumps> a before e 14:18 < moosehumps> except after c 14:19 < moosehumps> regdude 14:19 < regdude> detha: good points ,thanks! 14:19 < moosehumps> why didnt u thank me also 14:20 < regdude> thank you too 14:20 < detha> if you have iperf at hand, you could run two udp streams at say 450Mb, from two different machines, then start another instance on one machine and see what starts dropping 14:20 < detha> pretty sure iperf can set qos on things 14:21 < regdude> I ran two streams from one device and tagged one stream with different CoS, but the results were inconclusive, will check when using two devices 14:24 < moosehumps> your annihilation is set for sure 14:26 < moosehumps> regdude 14:26 < moosehumps> wots the prob 14:26 < moosehumps> regdude i am highly successful in life. i own an impressive array of sports cars, computers, and computer network asset shit 14:26 < regdude> don't we all? 14:27 < regdude> I mean, networking pays well 14:27 < moosehumps> u should be worshipping the fact that my networking shit is superior to yours 14:27 < moosehumps> are we clear? 14:27 < regdude> no, make it more clearer to me 14:28 < TandyUK> moosehumps: (Nobody cares!) 14:28 < moosehumps> you should be worshipping the fact that i can do what i want when i want how i want. im not some loser pieee of shit like u 14:29 < TandyUK> oh I so wish I was a op at this point 14:29 < regdude> but we all can in this channel, networking pays well 14:29 < moosehumps> i live in toledo Ohio and i am the most highly respected network engineer in town 14:29 < moosehumps> you should start worshipping me 14:30 < TandyUK> thats lucky, cause im going to go out o na limb here, and say youre not very respected at all on irc 14:30 < regdude> Ill pass 14:30 < moosehumps> i insist 14:31 < moosehumps> regdude we r waiting 14:31 < TandyUK> s/we/you 14:32 < moosehumps> regdude 14:33 < moosehumps> im going to give you one last chance to apologize 14:33 < moosehumps> for your rudeness 14:33 < regdude> you can apologize anytime 14:33 < Kingrat> feeling a bit narcissistic this morning huh moosehumps? 14:33 < moosehumps> i want my apology and i want it now 14:33 < moosehumps> we do not quibble over this kind of bullshit 14:35 < moosehumps> i am 14:35 < moosehumps> regude 14:35 < moosehumps> what they call 14:35 < moosehumps> a person's nightmare 14:36 < regdude> no, you are just a pest 14:36 < moosehumps> people think they can get by me 14:36 < moosehumps> but once they try 14:36 < moosehumps> its too late 14:36 < regdude> sounds like a loner 14:36 < moosehumps> they already hit the stop sign 14:36 < moosehumps> because once i make a decision to attack 14:36 < moosehumps> regdude 14:36 < moosehumps> i do not turn back 14:37 < moosehumps> do u understand me, sugar tits? 14:37 < regdude> I uderstand that you don't have nothing in your life 14:37 < moosehumps> once i take the gun 14:37 < moosehumps> and i approach u 14:37 < moosehumps> there is no turning back 14:38 < moosehumps> and once i do approach u 14:38 < moosehumps> you'd better kill me 14:39 < moosehumps> regdude are u paying attention sweetheart? 14:39 < regdude> should I? 14:39 < moosehumps> once i take a weapon and i approach you 14:39 < moosehumps> i do not turn back 14:40 < moosehumps> because the point is you striked first 14:40 < moosehumps> due to being a negroid 14:41 < moosehumps> i dunno 14:41 < moosehumps> its just the shit your into 14:41 < moosehumps> or watever 14:43 < moosehumps> regdude 14:43 < moosehumps> i noticed u have become excessively quiet 14:43 < moosehumps> like a mouse 14:43 < moosehumps> have u been discussing this with your therapist? 14:44 < TandyUK> [13:36] no, you are just a pest +1 14:45 < TandyUK> moosehumps: you are quite clearly the one who needs to see a therapist 14:45 < regdude> Im bored and you are not entertaining anymroe 14:45 < TandyUK> and racist fro mthe sounds of things 14:45 < moosehumps> regdude we are going to need u keep this at a professional level 14:46 < moosehumps> you have become abusive 14:46 < moosehumps> and i find this unacceptable to the nature of your enquiry 14:46 < TandyUK> you started the abuse long ago lol 14:46 < TandyUK> pppingme around? 14:46 < TandyUK> and xand 14:46 < TandyUK> or* 14:46 < moosehumps> regdude we're going to ask that u keep this at a professional level 14:47 < moosehumps> and chill with the bullshit 14:47 < TandyUK> moosehumps: take the lead then 14:47 < moosehumps> r we clear? 14:51 <@TandyUK> ooh scary 15:09 <+catphish> what does anyone here use for collecting and reporting netflow data? 15:09 < TandyUK> softflowd for collecting on my pfsenses, and nfsen for analysis/reporting 15:10 <+catphish> i currently use ELK, it works really well but haven't been able to make good reporting dashboards 15:10 <+catphish> just found https://github.com/robcowart/elastiflow which might be ideal 15:11 < TandyUK> that looks pretty cool 15:12 < TandyUK> we use ELK for everything else atm 15:12 <+catphish> i do love ELK, though i currently use graylog for logs for some reason 15:12 < obcecado> have you looked up elastiflow catphish ? 15:13 <+catphish> obcecado: ... 15:13 < obcecado> missed a few lines 15:13 <+catphish> lol :) 15:13 < obcecado> eh 15:14 <+catphish> but yeah, it looks really good, i'll give it a try now 15:14 < grawity> someone's not having a good day http://www.hostingukstatus.co.uk/incident/1 15:15 < tds> that sounds very similar to iomart's issue a month or two back 15:15 <+catphish> is this the fibre that got hit by a farmer? 15:15 < TandyUK> ouch 15:15 < TandyUK> diverse routes eh lol 15:16 <+xand> yeah 15:16 <+catphish> "the convergence of two diverse fibre paths" 15:16 <+xand> fail 15:16 <+catphish> nasty 15:16 < tds> oh wait, is hostinguk the same company as iomart? 15:16 <+xand> it's actually hosted in catphish's shed 15:16 <+xand> tds: looks like it 15:17 < tds> this whole thing happened over easter iirc 15:17 <+catphish> xand: my shed ironically has quite good connectivity 15:18 < tds> heh, yeah, the marketing team have made pretty pictures both times: https://twitter.com/iomart/status/979342358750859265 https://twitter.com/hostinguknet/status/1002305738994266114 15:18 <+catphish> i was seriously tempted at one point to host our offside kit in my house 15:18 < obcecado> ouch 15:21 <+catphish> tds: idiots on that thread 15:22 <+catphish> in that case there is clearly a redundant fiber ring with 2 breaks, and everyone commenting saying everything relies on a single fiber 15:23 < TandyUK> but its a single ring lmao 15:23 < TandyUK> noobs (makign the comments) 15:24 < tds> yeah, I don't know if they ever announced what happened there, eg if there was an unnoticed break before the second one, or if they were just unlucky 15:24 < TandyUK> tbf though, i do agree with the guy who pointed out they should have a cross-link between manchester and nottingham 15:25 <+catphish> i really know nothing about designing a national network like that 15:25 < TandyUK> I was also under the impression, that they had a direct link between maidenhead and nottingham 15:25 < TandyUK> so im not conviced that map is 100% accurate, apart fro mthe fibres affected 15:25 < detha> rule: get as close to a full mesh as affordable 15:25 < Aeso> it's pretty easy from a network topology standpoint. Just costly and time consuming. 15:26 < Aeso> L3 all the packets, build a big mesh network 15:26 <+catphish> well yeah, more mesh is always better :) 15:26 < TandyUK> (and that was from before they had the leicester DC) 15:31 < AlexPortable> What would be better, two different routers for guest and private network, or one router and two different SSIDs ? 15:31 < djph> one router with VLANs 15:31 < djph> less kit to buy 15:31 <+catphish> one router, one access point 15:32 < Aeso> ^ 15:32 <+catphish> with that said, the technically better solution depends on how many devices you have and how congested the spectrum is 15:32 <+catphish> if you have lots of devices, and lots of spare spectrum, then i'd use 2 access points and put one on each channel 15:33 <+catphish> but normally, you would use a single AP to serve both 15:33 <+catphish> much cheaper and simpler to manage too 15:35 <+catphish> i have a new server with 2 TB of SSD storage, should be able to put together a nice netflow setup with elastiflow 15:36 < AlexPortable> well not much cheaper since i have to buy a device that can do both 15:36 <+catphish> yeah, that's true 15:38 < regdude> I would say it is better to have separate APs and a single router is easier to manage 15:39 < mete> does anybody know a software like smokeping, but with multi hop support? so that every hop is reported, like in mtr ? 15:41 < biax_> ive never used port triggering before. i have many clients behind the nat with port 30000. does port triggering "forward" traffic to multiple internal ips accordingly without fail? someone told me it does, but i dont understand it 15:41 <+catphish> separate APs maybe ok if you just have one of each, but when you want to cover more area it becomed impractical 15:42 <+catphish> *becomes 15:42 <+catphish> at that point you pretty much always want one device doing all your VLANs 15:45 < AlexPortable> well i do have a router and separate ap, but ap has no support for guest network vlan 15:46 < djph> biax_: if you're setting up port forwarding, one tuplet (sourceip;destip;destport) can only ever forward to one host. 15:46 <+catphish> AlexPortable: well if your router has enough ports, you could just get a second basic AP, or get an AP that supports multiple VLANs, it really doesn't matter that much, but remember for 2 APs you'll need 2 free wireless channels 15:47 < AlexPortable> yes because of interference im wondering 15:47 < Ramus-> ahr okay nice, can you zyxel nas 520 whre? when yes is god, i have on my nas the kernel deleted, with tftp can the kernel new installed, my nas have zero ip :-( driver is deleted (kernel) 15:47 < AlexPortable> is it bad to put one on channel 1 and the other on channel 6 ? 15:47 < djph> AlexPortable: no, that's exactly how to do it ... 15:47 <+catphish> AlexPortable: there are 3 channels that don't overlap, 1, 6 and 11, so you can have up 2 3 access points on one place 15:47 < AlexPortable> but this 'problem' wont be there if i use a single AP with VLAN support 15:47 <+catphish> *up to 3 15:48 <+catphish> AlexPortable: if you use a single AP with VLAN support it just uses one channel for both networks 15:49 < AlexPortable> hm okay 15:49 <+catphish> so if you're a company with lots of access points, you would want the VLAN support, but if you're only going to have 1-2 APs, it doesn't matter so much, but depends on your neighbours too 15:49 <+catphish> IMO a single AP is the "correct" way to do it 15:49 < AlexPortable> another 'complicated' problem, router has dhcp server, dns server is in vlan1, guest network in vlan2, but router tells the AP clients to get dns at the IP in vlan1 (which it cant reach)d 15:50 <+catphish> AlexPortable: there are many obvious ways to fix that :) 15:50 < AlexPortable> preferably while keeping vlan2 separated from vlan1 15:50 <+catphish> the most trivial is just to point guests to 8.8.8.8 instead 15:50 <+catphish> that's what i do 15:51 < djph> I use openDNS, but same difference 15:51 < regdude> if both VLANs are on the same router, then you could use firewall to unblock this IP address (and port) from VLAN2, but depends on the router 15:52 <+catphish> well yeah, you could make the dns server public by opening the firewall, but not ideal 15:53 < AlexPortable> so i need an AP that has support to set DNS servers 15:53 < djph> no 15:53 <+catphish> no, that's the DHCP server's job 15:53 < djph> ^ 15:53 <+catphish> in your case i guess the DHCP server is part of the router 15:54 < djph> an AP ONLY bridges between the wired and wireless components of your LAN 15:54 <+catphish> but nothing to do with the access point 15:54 <+catphish> it seems very unlikely you'd have a router that supported multiple LANs but not changing the dns servers 15:54 <+catphish> but possible i guess 15:55 < djph> catphish: maybe one of those consumer ones that have "guest wifi" ? 15:55 < Epic|> Ugh consumer WiFi 15:56 < djph> Epic|: IKR? 15:56 <+catphish> oh, maybe, but then he wouldn't be looking to create it with a second AP 15:56 < Epic|> I'll never go back 15:58 < djph> catphish: AlexPortable has been all over the place over the last week or two; from not knowing basic stuff to "I'm gonna set up a RADIUS Server!" I ... don't really know what to expect from him anymore 15:58 <+catphish> maybe we should just kill him and bury the body in the desert 15:58 < djph> I'll get the lime and the carpet 15:59 < djph> Have the PFY get the van. 15:59 < regdude> we can always use a pair of hands in a data center while we don't want to fly there 16:00 <+catphish> regdude: i can cut off his hands before i bury the body and you can have them 16:01 < obcecado> ha 16:01 < regdude> could work 16:03 < AlexPortable> Please refrain from harassing or offensive comments. 16:05 <+catphish> AlexPortable: were you offended by my murderous intent? 16:05 < djph> perhaps he was offended at the choice of carpet? 16:06 < regdude> lime must be it 16:06 <+catphish> i like limes 16:06 < AlexPortable> djph: yes consumer guest wifi 16:07 <+catphish> AlexPortable: i'm a little confused, if you have guest wifi on your router, why would you need another AP? 16:07 < AlexPortable> not on my router 16:07 < AlexPortable> on an AP 16:07 < AlexPortable> router using as AP 16:08 <+catphish> the AP has the guest functionality? 16:08 < AlexPortable> so basically it will just set it to 'guest' and 'private', while separating it from the devices that are on the switch, but everything that goes to the router is still the same vlan 16:08 < regdude> what kind of devices are you using anyway? 16:08 < djph> I've never seen a consumer AP capable of running a "guest network" 16:08 < djph> ... barring the newer all-in-ones --> but then they don't do VLANs for a second AP (that I've seen ... stopped caring what with moving to UBNT) 16:08 <+catphish> i don't see how that would work, unless it does a second NAT and firewalls connections to its immediate WAN subnet 16:09 <+catphish> that would be messy at best 16:09 <+catphish> but effective i guess 16:09 < AlexPortable> I think this way yes 16:09 < AlexPortable> the problem with this is that on the location of my 'WAN subnet' is my actual router 16:10 < djph> catphish: and still allow guests to connect to the main LAN 16:10 < Zedax> hey there, i have one small doubt, i'm cabling my home and i'm going to be using poe to power a few devices about 15m away of the poe switch, i have to get the cable.. and i'm a doubt, will cat 5e utp and cat6 utp have any difference if both are 24awg? 16:10 < potatoe> detha, if you are still around 16:10 < potatoe> i realized I can only drill from the jail 16:10 < potatoe> tcp doesnt seem to work 16:10 <+pppingme> I"ve seen consumer routers that support the concept of a guest network, ip's seem to be out of normal dhcp range, and they just seem to have some variety of extended ap isolation going, so devices can't talk to other wifi or lan hosts.. 16:10 < djph> Zedax: no 16:11 < regdude> Zedax: make sure that the poe switch does not have any issues with shielded cables, some are not able to detect 802.3at/af properly if grounding and shielded cables are used 16:11 < djph> pppingme: yeah, on the newer things sure ... it *sounds* like alex is trying to use a secondary router to create a secondary network though. We should probably get a picture... 16:12 <+catphish> this is too messy for me, i can probably only cope with "ubnt or better" when it comes to multiple VLANs and SSIDs 16:12 < AlexPortable> okay so, [actual router/modem] -> [what pppingme described, but then also switch functionality] 16:12 < Zedax> djph: thanks, that was my thought 16:13 < djph> Zedax: cat5e is easier to work with, if you're not familiar with cabling. 16:14 < djph> Zedax: however, cat6 may offer a slight advantage in "future proof" 16:14 < Zedax> regdude: mm my primary idea is to use just utp because for the sftp or ftp shielded ones to work, for the shielding to work you need proper grounding in each end right? and i can´t ground some of the devices, at least the wifi ap doesn´t have any grounding connector or screw, unless the rj45 slots provide the grounding? 16:15 < Zedax> djph: my doubt was because the cat5e is at half the price the cat6 for some reason, even being the same awg 16:15 < Zedax> djph: and in theory both are copper, not the aluminium ones 16:16 < regdude> Zedax: ideally you are supposed to ground the device and the Ethernet cable (by using shielded cables and metallic Ethernet prots). Somewhat acceptable case is when you have a shielded Ethernet port, shielded cable and one side is grounded 16:17 < djph> Zedax: the shielded cable is what provides the grounding. Honestly I only use it where it's absolutely necessary (e.g. outdoors, or industrial) 16:17 < regdude> to be honest, if a lightning strikes your mast, then you are lucky if your device survives 16:17 < djph> Zedax: cat5e is cheaper to produce -- less strict standard for the twists, etc. 16:18 < djph> regdude: nah, the grounding is for static buildup from the wind 16:22 < Zedax> actually the long cable is going outside in a terrace for a wifi ap.. , i haven't used the shielded cabled before, are they much harder to use than the utp? like to go through corners 16:22 < djph> nah 16:23 < djph> the shield is just usually an extra metallic foil wrapped around the pairs (between the outer jacket and the pairs) 16:24 < Zedax> djph: i was looking at it, crimping that doesn't look as easy as with the utp i guess 16:24 < djph> it's exactly the same 16:25 < TandyUK> ^ this (with the exception of having to snip off the extra shielding, the process is identical) 16:25 < TandyUK> with utp you have less work to do :P 16:26 < TandyUK> though the fact you are mentioning outside, i would suggest using STP, and making sure your patch panel/switch/cabinet/etc are properly grounded 16:27 < TandyUK> Ive had a lovely week of dealing with fallout from the massive storms the uk has had 16:27 < TandyUK> usually where STP cable and prpoer grounding might have saved whatever device 16:28 < djph> funny how there's never enough money to do it right the first time 16:28 < TandyUK> i know right 16:28 < Zedax> TandyUK: i'm just a bit in the south, south of spain :) 16:29 < TandyUK> like one site, it has taken us 4 years to get them to connect the 2 main buildings properly (via fibre, instead of a horrific daisy-chain of switches and 99.9M runs) 16:29 < Zedax> lets see if i can find a store that sells both the sfp cable and the metallic connectors, i'm just seeing the transparent plastic ones in amazon and aaround 16:30 < Asuran> hi, wavemon showed me therss packets transfers going on which tcpdump doesnt show. what can i do to get this packets shown? 16:30 < djph> Zedax: whereabouts are you? 16:30 < TandyUK> not sure how you'll do finding stp in shops, if you get stuck and would settle for a 305M roll, let me know and I could get it shipped 16:31 < TandyUK> excel networking 16:45 < AlexPortable> catphish: so the router needs to have support to tell the AP a different DNS IP for each vlan? 16:46 < djph> AlexPortable: that's what the DHCP server for those VLANs would do ... 16:47 < AlexPortable> hmm, router has no support for vlans so i would have to replace that then 16:51 < potatoe> detha for some reason it cant NAT incoming tcp 16:51 < potatoe> UDP is fine 16:52 < detha> potatoe: any rules that catch it before the nat rule? 16:52 < potatoe> detha let me add a log deny to make sure 16:55 < potatoe> detha $cmd 30 allow tcp from any to any established breaks the NAT 16:55 < potatoe> without the rule the incoming is translated properly 16:56 < potatoe> detha i moved that rule behind the nat rule 16:56 < potatoe> now its fine 16:56 < potatoe> i have a feeling this was what was wrong from before too.. 16:57 < detha> it could be, but that was a rather complex thing to trace. 16:58 < potatoe> im wondering why does allow established tcp connections break nat 16:58 < detha> it sees an 'allow any any', and stops there? 16:58 < potatoe> i suppose, but it wasnt established tho right? 16:58 < potatoe> oh wait 16:58 < potatoe> yeah it was 16:58 < potatoe> right 16:58 < potatoe> makes sense 16:59 < potatoe> cant believe we missed it 16:59 < detha> firewalls are confusing. iptables takes first matching. pf takes last matching 16:59 < detha> ipfw also takes first matching I think 16:59 <+catphish> AlexPortable: if the AP is making the public network, i have no idea 17:00 <+xand> detha: and the awesome windows firewall does "most specific" 17:00 <+xand> lol 17:00 <+xand> windows firewall is rubbish 17:00 <+xand> lack of ordering means you can't do certain things 17:01 < detha> firewall is not the only rubbish thing in windows.... but I digress 17:01 <+xand> of course 17:09 < Adluc> Hello guys, I have 4 coax cables running somewhere, can I use middle wire of each coax and solder there green/green-half/orange/orange-half wire and put RJ45 connectors on it? approx. 30m 17:09 < Adluc> shield will be grounded on all coaxes 17:10 < Adluc> Does anyone have experience with such bizzare combination? 17:16 < Apachez> you have a koax with different colors? 17:19 < potatoe> detha interestingly 17:19 < Adluc> ofc not :D But the wire in the middle is thick, so I will solder there a few cm of regular UTP wires so I can terminate both sides with an RJ45 17:19 < potatoe> with natd, even the outgoing packet was not being sent 17:20 < potatoe> thanks for all your help, really appreciate it 17:22 < detha> potatoe: no problem 17:23 < kuahara> I have 4 machines in a network. 1 linux server and 3 windows workstations. The gateway is a Cisco Meraki. All 4 machines can talk to the outside world. They can all ping 4.2.2.2 and get replies. 1 windows workstation can ping the linux server and get replies. The other 2 windows workstations cannot ping the linux server. No replies. They cannot access the web server for work. 17:23 < kuahara> I do not manage that cisco device, but would I be correct in the assumption that it's the only point in the network that might be stopping the connection between the other 2 windows workstations and that linux server? 17:24 < kuahara> software firewalls (windows firewall) are off on the workstations for the moment. 17:24 < detha> kuahara: can the two windows machines see the third one that works? 17:24 < kuahara> let me check 17:25 < kuahara> good question. and the answer is no :) 17:25 < kuahara> Maybe they were divided into vlans that can't talk to each other? 17:25 < detha> are they all in the same range and have the same netmask? 17:26 < kuahara> yes, that was the first thing I checked. I forgot to mention that. they are in the same subnet 17:26 < kuahara> 10.1.1.0/24 (not that it matters) 17:27 < detha> can you swap cables between 3rd and one of the other two machines? 17:27 < kuahara> I am not on site, I was throwing layer 1 out the window though since all 4 can talk to the outside world without issue 17:27 < compdoc> did you make the cables? 17:27 < kuahara> no 17:28 < detha> it's not L1, but swapping ports on the meraki box may indicate vlans or similar 17:28 < kuahara> at this point, I feel like I can go ahead and turn it over to their local IT 17:28 < kuahara> Thanks for the feedback though. Glad you asked that first question. 17:47 <+catphish> further to my question earlier, have now installed elastiflow and it's awesome 17:48 < TandyUK> [14:18] heh, yeah, the marketing team have made pretty pictures both times: https://twitter.com/iomart/status/979342358750859265 https://twitter.com/hostinguknet/status/1002305738994266114 17:48 < TandyUK> just confirmed that map in the picture is NOT a complete map of that network 17:49 < TandyUK> the iomart bit that is 17:49 <+catphish> or is it 17:50 < TandyUK> 100% its not 17:57 <+catphish> or is it? 18:13 < UncleDrax> heh 'diverse' 'network diverse' and 'route diverse' are different things.. and even the might be a lie 18:14 < UncleDrax> only takes one train|semi|boat?|vandalism where the 2 fiber paths are close enough to take them both out 18:40 < tds> Looks like zayo have taken out some talk talk services now: https://managed.mytalktalkbusiness.co.uk/network-status-report.php?reportid=17857 19:02 < dajinn> anyone bored and wanna help a newb out with vlans 19:05 < UncleDrax> maybe. ask. 19:05 < Apachez> https://twitter.com/iomart/status/979342358750859265 https://twitter.com/hostinguknet/status/1002305738994266114 lets blame the russians =) 20:09 < spaces> Apachez I blame you 20:21 < infinmed> What's the best router bandwidth grapher 20:21 < Atro> librenms is alright 20:22 < Atro> depends on your router SNMP availability 20:22 < infinmed> mrtg or cacti is what i was thinking 20:22 < infinmed> I'm going with cacti 20:22 < infinmed> Never used it but I will try it 20:22 < UncleDrax> I'd hope if you had a router you wanted to graph, you would have at least SNMP to it 20:22 < ^7heo> in my experience, collectd + grafana works well 20:22 < spaces> cacti 20:22 < UncleDrax> Cacti is graphs+other stuff. if you want _just_ graphs, that MRTG 20:22 < infinmed> Not really because the router is a vps, it's a vpn router and I can run and sample from there 20:22 < spaces> then mrtg 20:23 < infinmed> Thanks 20:23 < infinmed> I setup mrtg a decade or more ago but i have never used cacti 20:25 < spaces> I need coffee! 20:25 < spaces> and some chick but happely I have my dog :D 20:25 < ^7heo> happely. 20:25 < ^7heo> sure. 20:26 < UncleDrax> fortunately SNNP polling into a RRD hasn't really changed much in the last couple decades 20:26 < UncleDrax> *SNMP 20:26 < TandyUK> somoene needs to add TR069 to librenms :) 20:27 < TandyUK> that would be awesome 20:27 < spaces> TandyUK they remove whatever they want you you can suck it 20:27 < UncleDrax> if they do, lemme know 20:27 < spaces> their dev is bad, I went to Zabbix 20:27 < TandyUK> oh really 20:27 < spaces> yap 20:27 < spaces> they are crazy 20:28 < spaces> one main dev which doesn't even respon on IRC but lives in his own IRC flood 20:28 < TandyUK> im using observium atm, and was considering a switch 20:28 < spaces> the idea is good tho 20:28 < TandyUK> maybe time to fork the fork then lol 20:28 < tds> librenms devs have always seemed pretty friendly to me 20:28 < spaces> they started libre because abservium even sucks more these days 20:28 < spaces> tds they are but its going too fast! 20:29 < tds> assuming there's a linux utility that'll work as a TR-069 client, you could probably write a little snmp extend script for it, then write an application to read that data 20:29 < TandyUK> tbf observium is pretty solid ive found, im monitoring about 300 sites with it 20:29 < spaces> they went too commercial 20:30 < TandyUK> in what way? 20:31 < TandyUK> I have more issues with my deployment of observium because the vendor who makes our ip phones (yealink) decided to remove SNMP support 20:31 < TandyUK> in favour of TR-069 because "everything else uses it nowadays" 20:31 < TandyUK> everything except like every NMS Im aware of (that doesnt cost five figures) lol 20:32 < spaces> dunno anymore, I just went zabbix and don't waste time anymore about it... I think it's on the librenms website why 20:32 < tds> I've heard bad things about the observium devs, iirc librenms is a fork of the last gpl version of observium, the librenms devs/community have always seemed friendly to me though 20:33 < spaces> tds I said they are friendly but they are moving too hard forward 20:35 < tds> ah yeah, there have been a few big projects making changes (eg the rewrite with laravel), I don't think I've hit any issues/removed features from that though so I'm not too bothered 20:37 < spaces> my dell 6024's were just not working anymore from one version to another update 20:46 < TandyUK> If anyone knows of a UK South Coast based experienced sysadmin who is looking for a new job, get them to send me a message :) 20:47 < TandyUK> might as well ask that here lol 20:47 < spaces> TandyUK why not global ? we live on the interns 20:47 < spaces> internets 20:47 < TandyUK> someone one the interns can go do site visits 20:47 < TandyUK> cant* 20:47 < TandyUK> 99% ofc is going to be remote if e can help it :) 20:47 < spaces> that sucks 20:47 < TandyUK> but they need to be able to go out lol 20:47 < spaces> ok, no option for me 20:47 < UncleDrax> TandyUK: I'd be willing to relocate and work PT in about 18 months.. not that I'm keeping track 20:48 < spaces> what kind of systems ? 20:48 < TandyUK> linux 90% 20:48 < TandyUK> debian and centos mainly 20:48 < spaces> ok, doing what ? 20:48 < TandyUK> pfsense, draytek, hpe, and a little d-stink on the networking front 20:48 < felda> PFSENSE YES 20:48 < TandyUK> plus some hyperv/esxi 20:49 < TandyUK> basically i need an apprentice to replace me 20:49 < spaces> ok easy stuff 20:49 < TandyUK> so I can actually have a holiday lol 20:49 < spaces> haha 20:49 < TandyUK> so to most of us i nhere, i suspect id be right saying "basic day to day admin / monitoring / checking" 20:50 < TandyUK> I already have a front line phone support guy, who would continue doing that 20:50 < TandyUK> but the idea is to let me get out in the field / getting new business more thn actually managing 50+ networks myself 20:51 < TandyUK> longer term, its hopefully going to become a team 20:51 < spaces> I'm smelling something strange and I get the feeling it's actually me 20:52 < TandyUK> well nobody else here can smell what you're smelling lol 20:52 < spaces> TandyUK aren't you happy because of that ? 20:52 < TandyUK> if its a bad smell, yes im glad i cant smell it lol 20:53 < TandyUK> bacon for example, id be wuite happy with the smell of 20:54 < spaces> I'm totally meat baby 20:54 < spaces> on some special places it's also pickle and salty ;) 20:55 < TandyUK> nice lol 20:55 < spaces> and full of aroma! 20:55 < spaces> every day a different and unique one 21:06 < TandyUK> UncleDrax: loving the current contract? 21:09 < spaces> TandyUK I heard he hugs and faps on it every day... so I think yes 21:09 < spaces> I feel sorry for those letters that try to stay in order 21:09 < UncleDrax> TandyUK: current contract is a 20yr-and-out pension. 21:10 < spaces> UncleDrax out-of-prison you mean ? 21:10 < UncleDrax> hah. no. 21:10 < spaces> typo's come with age 21:10 < UncleDrax> true 21:14 < spaces> I wonder if Whiskey`is in for a date tonight 21:33 < Apachez> fedex.com is down, its zie russians!? 21:33 < S_SubZero> um, Russians want to track their fedex stuff too ya know 21:35 < Poster> might be F5 APM acting up, that error looks vaguely familiar 21:36 < TandyUK> i hope its not another farmer lol 21:37 <+pppingme> I quit using fedex a long time ago 21:37 < tds> sorta works for me in the uk, took a long time to load though 21:38 < tds> fun chain of cnames as well 21:42 < zeldafan78> Is there some way to instruct the e-mail client (through the e-mail) that the user can unsubscribe by clicking a button which sends an e-mail back as a reply with a specific subject line filled in, so the user doesn't need to type "unubscribe" in the subject line themselves? 21:43 < infinmed> Well I added http/2.0 support to apache on logiplex.net :D 21:43 < tds> you can have a mailto link with a prefilled to address and subject 21:44 < zeldafan78> No links. Plaintext only. No HTML. 21:47 < infinmed> The web is quite unoptimized. Pingdom tells me that from new york logiplex.net loads faster than 99% of websites. China cache says that more than 85% of websites do not load in less than 5 seconds in china. logiplex.net loads in half that directly accross the world in New Jersey. What is to be made of that. 21:48 < infinmed> It's a $6 vps. I mean I optimize it well and it is on SSD, but damn. 21:49 < infinmed> It's apache too lol. It's not even like these are records being set with nginx which might prove much more easy under some conditions 21:50 < Poster> I suspect some of the latency is introduce by the "great firewall" of China 21:50 < TandyUK> a client once asked me why their site was slow. the 1.6MB BMP background image wasnt exactly helping metters :P 21:51 < infinmed> Yea, I mean logiplex doesn't have much content but there are two rather large SVG images .. all gzip compressed albeit 21:51 < TandyUK> some of the web is really well optimized, but most of it, no, not at all lol 21:51 < infinmed> I guess they also probably mean sites that have slow advertisers 21:52 < infinmed> Right 21:52 < TandyUK> yeah theres a difference between latency and page load, if you have som JS that blocks the render o nthe client end 21:52 < tds> large sites with people accessing them from around the world will have anycasted dns returning different records based on country/whatever (or just anycasted web servers), so that'll help with both latency and bandwidth 21:52 < TandyUK> the worst imho is where (eg) "shareme" buttons from 3rd party api, goes down, and it blocks your rendering 21:52 < infinmed> Yea I think that's what china cache was advertising when I read that... CDN services pretty much 22:23 < Zedax> hello, do you think this is a quality cable? i need about 30-40m for a home install and i´m having trouble finding anything good in rolls of 100m or less (pure copper.. legit datasheet..), mouser farnell digikey sell mostly the 305m rolls, and the random networking online stores i see use noname zero info chinese cables 22:23 < Zedax> https://www.tme.eu/en/details/helukat450-sstp-sf/telecommunication-cables/helukabel/82501/ 22:27 < djph> if you need it for "inwall" installation, the only place to get it is a 305m roll. NOW you may be able to find a local shop that'll sell you 50m at whatever cost ... 22:28 <+pppingme> I don't know if you can order from monoprice, but they sell almost everything in 500 ft rolls, which is 152 meters.. 22:28 < djph> ooh, forgot about them ... 22:29 <+pppingme> here in the USA, they seem to be one of the cheapest places to find real cable (not cca crap) 22:35 < TandyUK> i dunno if you can find an Excel networkign reseller/distributor in the US, thats all I use pretty much 22:35 < TandyUK> but +1 kudos points for looking for decent cable :) 22:36 < TandyUK> way too many people just go with the cheapest shit they can find, and then destroy it during the install 22:38 < Zedax> djph: i have seen a few online, locally they only had the crappiest aluminium ones (and they were trying to sell it as copper..) 22:39 < Zedax> mm i can check on monoprice dunno if they ship to europe, but the customs taxes can be high just for that 22:39 < TandyUK> tbf any local electrical wholesaler should be able to egt proper copper, especially if you ask for it 22:39 < TandyUK> Zedax: youre in europe? 22:39 < Zedax> i was looking around in amazon and some 100m rolls that claim to be cat7 bought by a ton of people.. but is highly suspicioys 22:40 < Zedax> TandyUK: i'm the one that asked before about the cat5 vs cat 6 for a poe run :) 22:40 <+pppingme> sadly, almost anything you find on amazon is cca 22:40 < TandyUK> ahha :) 22:40 < TandyUK> well, I can have a roll shipped to you if you wanted, direct from Excel 22:40 <+pppingme> in general cat6 is better for PoE runs, because cat6 is 23 guage, better for power 22:40 < TandyUK> ^^ +1, and shielded if run outside (especially if buried) 22:41 <+pppingme> if you bury, get direct burial cable, or even better, run it in conduit, makes it WAY EASIER to replace in future 22:41 < TandyUK> +10000 for the conduit :P (thats what i meant when i said buried tbf) 22:42 < Zedax> TandyUK: yes but i guess you sell the whole 305m rolls at minimum right? the problem of that lenght is that i don't have any use for the 250m left :/ 22:42 < TandyUK> yeah cant help with that im afraid 22:42 <+pppingme> sell it 22:42 < TandyUK> and tell that to the 4km or so of various types of cable sitting in my garage lol 22:42 < TandyUK> yeah, sell it on ebay lol 22:42 <+pppingme> or go ahead and wire your whole house 22:44 < Zedax> pppingme: wire 10x for a fault proof network lol 22:46 < TandyUK> maybe a tad overkill, but the rule of thumb i use is 4 ports anywhere there is a tv, and 8 ports by the 'main tv' for any house. plus any other random stuff, such as 2 ports anywhere there are existing phones, access points, etc etc 22:47 < Zedax> i have been seeing said by people that you have to be more careful bending, or with the bend radius of cat 6.. but i fail to unerstand why if it is true, if you can have cat5 and cat 6 of the same gauge, maybe it matters more for 10G links, but it does at all for 1G? 22:48 < TandyUK> cat5 and 6 arent the same gauge 22:48 < TandyUK> 24 and 26 awg iirc 22:49 < Maarten> CAT5e supports up to 2.5 Gbit/s, for 5 and 10 Gbit/s CAT6 is required. 22:49 < Zedax> TandyUK: most of the cat5e i saw was 24awg too, or even 23 22:50 < TandyUK> google it lol, but ct6 is thicker cable 22:50 < TandyUK> cat6* 22:52 < spaces> I'm too sexy for my shirt 22:53 < electricbear> same 23:18 < spaces> electricbear let's exchange them and see if it works 23:18 < spaces> I hope you didn't sweat much in it 23:23 < dajinn> anyone wanna legit walk me through some vlan and networking stuff...i'll buy you a couple of beers 23:26 < djph> thatfeel: beers first 23:27 < thatfeel> that's cool, check PM 23:29 <+pppingme> thatfeel vlan == the imaginary splitting of a physical switch and corresponding network into two or more logical switches or networks. 23:29 < djph> pppingme: hold up mate, we need more beers to explain this stuff ... 23:30 < djph> or, just skip to the liquor 23:30 < thatfeel> haha, i get the definition but i need to see it in action and be able to ask someone a bunch of questions...like i said willing to pay for some time 23:30 <+pppingme> vlan == trading in your 24 port switch for three 8 port switches 23:31 < djph> thatfeel: its simple really. take 3x 8 port switches. lets call them red, blue, and green 23:32 <+pppingme> tagging == putting stickers on the cables that go to the brand new 8 port switches.. 23:32 < djph> aaand, ima shutup and let pppingme have at it :) 23:32 <+pppingme> trunking == bundling the three new cables with zip ties.. 23:33 < thatfeel> so should you always have an interface be a trunk between a router and a switch? 23:34 <+pppingme> sometimes.. is the switch L2 or L3? Did you split your network into vlans for performance or security? 23:34 < djph> no. but its generally done. 23:35 < thatfeel> i feel like i might end up repeating my scenario again and annoying some members of this chat although i dont remember if i posted it or not 23:35 < thatfeel> or asked it 23:35 < djph> hehe 23:36 < thatfeel> so i'll state it i guess 23:37 < thatfeel> this my diagram, super fancy (actually basic AF). https://tinyurl.com/yd87mdnd. i'm splitting things for security. there's a slight problem. on the 10 GbE switch module, the default-gateway MUST be set to 10.1.0.3 otherwise the web UI is not accessible with the OOB ip. the dell manual says it's used for management. 23:37 < thatfeel> if i set the default gateway to 10.1.0.3 and then add a route in the switch for my VMs, hosts, etc to get back up to my user network, then i can't access 10.1.0.3 anymore. 23:38 < thatfeel> solution is to leave the switch as layer 2 and do all the routing at the asus router...not really clear on how to do this. or to get rid of the OOB interface and just manage it via a VLAN interface 23:39 < thatfeel> on the 10 gbe switch module i have like vlan 2 for AD, vlan 3 for VMs, vlan 3 for other stuff, etc. each with their own subnet 23:41 < djph> that makes ... no fucking sense. 23:42 < djph> wait, is 10.0.1.3 the actual gateway's ip on 10.1.0.0/24? 23:42 < djph> ... err 10.1.0.3, even 23:42 < thatfeel> wait sorry i misspoke 23:42 < thatfeel> when i said MUST be set, i meant to say 10.1.0.1 23:43 < djph> is that the gateway for that network? 23:43 < thatfeel> yeah technically it is 23:43 < djph> there ya go then. 23:43 < thatfeel> but if i start adding other routes to the switch for my VMs to go out, then i can't hit that address via web ui 23:43 < thatfeel> even if ihave routes/multiple gateways 23:44 < djph> uwot? 23:44 < djph> youre either using a word wrong, or im not drunk enough to puzzle out what you mean. 23:45 < thatfeel> it's pretty clear what i'm saying i think 23:45 < thatfeel> the switch module. if i have the default-gateway set or default route set to 10.1.0.1, i can access the web management interface no problem. but remember, i also have other subnets on this switch, like 10.2.0.0, 10.3.0.0, so on. 23:46 < djph> sure, on other vlans 23:46 < thatfeel> for those to get out to my user network, i need a route. ip route 192.168.1.0 /24 10.100.10.1 23:46 < djph> no... 23:47 < qman__> Your diagram indicates a confusing mess - 10.1.0.0/24 is between the tomato and the thing on the left, so why are you using addresses in that range elsewhere? 23:47 < djph> unless 10.100.10.1 is running 192.168.1.0/24 23:47 < thatfeel> the oob interface is a virtual port that's electrically connected to a chassis management controller 23:47 < djph> AND its not an IP local to the switch 23:47 < thatfeel> unfortunately it's not physical 23:48 < thatfeel> but it IS local to the CMC 23:49 < thatfeel> the cmc is basically like a repeater or something i guess. all of the iDRAC modules operate normally 23:50 < qman__> Well, what you've depicted isn't going to work, you have one address range being used across separate segments 23:51 < qman__> Whether that's accurate or not given vendor secret sauce I can't say 23:51 < djph> wait, what, the switch's oob cintroller is just 'idrac for switches' ... 23:52 < djph> ... fuck, im making no sense myself... im out before i set fire to something 23:52 < thatfeel> lol 23:53 < thatfeel> im trying to find the page i saw the other day 23:56 < qman__> https://c1.staticflickr.com/4/3281/2560613949_258d66e81f_b.jpg --- Log closed Sat Jun 02 00:00:41 2018