--- Log opened Mon Jun 18 00:00:02 2018 00:52 < codyrutscher> I have a question 00:52 < drac_boy> hi 00:53 < drac_boy> sorry if this is silly question but is there ever such thing as outdoor cat-5/-6 location or not so much? like I mean waterproof rj45 connections and wind/rain-tolerable ports 00:54 < RJ45> drac_boy: wow, that is such a dumbshit question 00:55 < RJ45> drac_boy: you trully are a neanderthal bone-headed retard 00:55 < RJ45> such a tragic waste of a human brain 00:55 < RJ45> (JK) 00:56 < RJ45> drac_boy: funny enough though, I actually stumbled upon one of those yesterday on AliExpress 00:56 < RJ45> yeah, they're a thing, not really standardised or anything, but a thing for sure 00:57 < codyrutscher> can i ask a question 00:57 < codyrutscher> in all seriousness 00:58 < RJ45> https://www.aliexpress.com/item/IP68-RJ45/32750619132.html 00:58 < RJ45> codyrutscher: no 01:00 < drac_boy> rj45 hm yeah interesting aliexpress source. anyway I was just wondering .. I know that usually remote network towers have a sealed waterproof box that you put all the normal cables&hardware in then effectively use a lot of rubber to seal the front access door and any grommet holes .. right? :) 01:00 < RJ45> drac_boy: you f****** idiot 01:01 < RJ45> I mean, sure, lol 01:01 < RJ45> (´・ω・`) 01:01 * drac_boy smacks rj45 back stoogies-style for saying that :P 01:01 < drac_boy> heh 01:01 * RJ45 drops a few packets 01:01 < drac_boy> anyay rj45 doing anything atm or just a quiet time now? 01:02 < RJ45> ah jus chillin, watchin a cockumentary about Japan orphans 01:02 < scientes> my moca network isn't working but internet is. What am I doing wrong 01:03 < RJ45> scientes: if the mocca isn't working, try a latte or espresso instead 01:04 < drac_boy> rj45 or java if you don't mind having to deal with oracles afterward :P 01:04 < drac_boy> heheh 01:05 < RJ45> funny thing, IRL I can't stand hot drinks, at-all, I only drink cold soft drinks 01:06 < drac_boy> rj45 not just you .. health-wise I only have water, milk, or certain soft drinks 01:07 < RJ45> I don't avoid hot drinks for a health reason though, I just can't stand them 01:08 < RJ45> but I'm really weird with food and drink, I also hate cheese and cream, despite not being lactose intolerant . 01:08 < codyrutscher> security question 01:08 < RJ45> yup, I'm that one fucko who orders a damn cheeseless pizza 01:33 < drac_boy> rj45 I've had a few pizzas with no tomato sauce used :) 01:34 < RJ45> no tomato sauce?, not even barbecue sauce?? 01:36 < drac_boy> basil sauce twice and I forgot about the others :) 02:36 < BenderRodriguez> it should be a federal crime to eat pizza that's lacking tomato sauce 02:41 <+pppingme> alfredo sauce is a big thing around here.. 03:45 < strixdio> If I use a raspberry pi as a wifi -> ethernet bridge so my pfSense box can use wlan as a 2ndary WAN, would that perhaps make the rpi vulnerable, or perhaps "more" vulnerable, if I'm connecting to my ISPs wifi? 04:40 < darkmeson> strixdio: thanks to issues like hole 196, sharing wifi with untrusted third parties DOES bring with it far more potential insecurities, but that's more to do with your "ISP's wifi" than the device that's connecting to it 05:03 < Nitter> hey have you used httpbin.org? 05:03 < Nitter> I'm doing some silly tests, but I'm surely missing something 05:03 < Nitter> $ nc httpbin.org 80 05:03 < Nitter> then I send this: 05:03 < Nitter> GET /delay/5 HTTP/1.1 05:03 < Nitter> Host: httpbin.org 05:03 < Nitter> Connection: keep-alive 05:03 < Nitter> Accept: application/json 05:03 < Nitter> Accept-Encoding: gzip 05:03 < Nitter> and I get this: HTTP/1.1 505 HTTP Version Not Supported 05:05 < myxenovia> hi 05:05 < myxenovia> im trying to mixed sound through voip 05:05 < myxenovia> is it possible to mix pcm raw data with wav file data? 06:11 * rE-BoOt wonders why this place is so silent...ಠ_ಠ 06:16 < winsoff> net's down, rE-BoOt 06:21 <+pppingme> rE-BoOt start talking, then it won't be silent 06:23 < rE-BoOt> HELLO Darkness, my old friend.. 06:23 <+pppingme> E1ephant around? 06:27 < majculluh> water 06:28 < adleff> anyone know if 802.3ae/D3.2 is mandatory in the standard? 06:28 < adleff> in other words, do I really need to turn on udld on 10G links? 06:30 < majculluh> that requires equipment 06:30 < majculluh> tonjo 06:30 < adleff> what? 06:31 < majculluh> you must pay to know these answers 06:31 < majculluh> your looking at fallout crystals 06:31 < adleff> are you referring to the ieee documents? if so I am aware 06:31 < majculluh> they are nearly all unique 06:32 < majculluh> the hardware 06:32 < majculluh> pay for tests 06:32 * adleff casts hurtmore at majculluh 06:33 < majculluh> beautiful lie, huh? 06:35 < majculluh> they might have life 06:35 < majculluh> or maybe? 06:35 < majculluh> keep locking memories, in search of a companion 06:36 < majculluh> "in search of" with leonard nimoy 06:37 < majculluh> bro. frank can say "clean water" 06:37 < melissa666> what would be equivalent of this command using ip instead of ifconfig? --> `ifconfig wlan0:avahi netmask 255.255.255.255` 06:37 < majculluh> mel 06:37 < majculluh> why you rw rw rw 06:37 < majculluh> you need work for me mel 06:38 < majculluh> 700 club 06:38 < majculluh> might have life 06:39 < melissa666> a life with you as a boss wouldn't be worth living. 06:39 < majculluh> maybe, huh? how deep can you go 06:39 < majculluh> deep as I? 06:39 < melissa666> majculluh, You read my mind. Exactly. 06:39 < majculluh> what if you met the Father of I 06:40 < melissa666> majculluh, Well, generally the fathers of people such as yourself are even worse. 06:40 < majculluh> life can have a much deeper meaning 06:41 < majculluh> how deep and perfect and crystalline can your memory go 06:41 < majculluh> and then what do with it 06:41 < melissa666> My mind is a shimmering crystal majculluh. It's very shiny. 06:41 < melissa666> That's what shimmering means. 06:41 < majculluh> but rw,rw,rw 06:42 < majculluh> what is a free agent 06:42 < melissa666> None of us have free will. We are all controlled by Jeebus' daddy. 06:43 < majculluh> what if life does have free will 06:44 < melissa666> majculluh, I know you're lonely and craving attention, and I was taking pity on you. But I have to go now. I suggest you take up roller derby if you want to make some friends. 06:44 < majculluh> might have life? 06:44 < melissa666> majculluh, probably not. but afterwards, there is eternal sleep. 06:44 < melissa666> cya 06:45 < majculluh> melissa 06:45 < majculluh> light me 06:45 < majculluh> me light 06:46 < majculluh> nonina 06:46 < majculluh> started a war broke the rules 06:47 < majculluh> meliza! 06:49 < majculluh> the publinux is working 07:10 < senaps> i have my centos 7 machine reciving ICMP echo reply(tcpdump) but i don't have the ping command showing any data. how can i check why is that? 07:11 <+pppingme> senaps what are you expecting to see? 07:12 < senaps> ping responses. the ping command doesnt return anything. just blank screen unticl i ctrl+c it. but tcpdump shows that the data is comming through the interface! 07:12 < senaps> i am testing some routing configs. 07:13 < senaps> pppingme ^^^ 07:13 <+pppingme> sounds like firewall 07:14 < senaps> firewall's are clear. i have disabled it. i just got one reply back after about 20-30 seconds, no other replies has come yet 07:15 <+pppingme> whats the time on that reply? 07:16 < senaps> 64 bytes from 192.168.30.30: icmp_seq=186 ttl=127 time=0.549 ms 07:16 < senaps> 463 packets transmitted, 1 received, 99% packet loss, time 461998ms | rtt min/avg/max/mdev = 0.549/0.549/0.549/0.000 ms 07:17 < linux_probe> lol 07:18 < linux_probe> how r to firewall 07:18 < senaps> we have traceroute disabled on firewall, and another machine in my subnet can ping the machine im pinging without problem. whatever the problem is, it's mine. 07:47 < senaps> https://pastebin.com/c80Ju9L1 this is my route table, `.30.X` and `.50.X` subnets have routes, so two machines on these subnets can ping and request/reply each other. but my machine with 2 interfaces on both subnets can't. i have huge packet lost! and can't ping machines on other subnet(i ping from specific interface and a dst from another subnet) 07:53 < detha> senaps: tcpdump, and see what is happening. maybe redirects, maybe asymmetrical routing, who knows 07:58 < majculluh> i.e. "no dude i dont think that" 07:59 < adleff> majculluh, hey 07:59 < adleff> did you drink too much asshole juice 07:59 < adleff> always be sure to follow the directions on the label 08:00 < senaps> detha i did, packets come in, they get lost in the os! and arent delivered to application layer. i watched the packets come through the interface. 08:02 < detha> senaps: if you see the packets on the interface, but not further up the stack, the next most likely culprit is the firewall (and specifically established/related rules with asymmetric routing) 08:03 < bane5000> anyone here have any experience setting using pfsense's openvpn client to route traffic from one particular interface through a vpn? 08:13 < spaces> morning chicks! 08:13 < spaces> linux_probe are you late or early ? 08:17 < linux_probe> both spaces 08:18 < linux_probe> at one point I rolled out the door by 10 after 5am 08:19 < linux_probe> and was wprking like a slave by 6:30 latest long drive! 08:19 < linux_probe> worked 14 to 17 hours and drove home, then went out partying 08:20 < linux_probe> hard on a man roling in at 3am and waking up for work at 5am again ;) 08:20 < spaces> hehe 08:20 < spaces> so you are screwed up ? 08:21 < linux_probe> that was 20 years ;) https://www.youtube.com/watch?v=ZeAM1vwEcFg 08:22 < linux_probe> Mel Blanc, The Man of 1000 Voices [1981] - AMAZING TALENT !! 08:23 < linux_probe> real actor there ;) 08:23 < linux_probe> not he darwin idiots that are flaunted over today 08:24 < spaces> linux_probe you need sleep it seems 08:26 < linux_probe> so does ur mum @ spaces 08:27 < spaces> linux_probe no she did some others after you passed away after 2 min 08:28 < spaces> and she needs her sleep, keeps her sexy 08:31 < senaps> if any of you guys able to help me with this problem in centos/networking/routing! https://pastebin.com/MhPcnzZE 08:41 < spaces> linux_probe but are we sexy ? 08:46 < detha> senaps: haven't looked at it in great detail, but your problem appears to be the "some of these subnets have routes to each other(connected via a router)". Asymmetric routing, and things arriving at interfaces the machine doesn't expect it on 10:01 < huwjr> hey, I have some servers co-located to host a few websites.. they are reasonably powerful servers and have ssds with gigabit NICs. my switch is gigabit but my uplink is only 100Mbps. the DC have some graphs showing that I use hardly any of the available bandwidth, but I was wondering whether having such a small pipe might impact page load times? I’m finding that ‘time to first byte’ is always slow(er) on my kit. 10:05 < b0bbytables> huwjr: have you run anything on the server(s) to check it's render time? and a traceroute both ways between your desktop and the server may give some hints if there are any other points of lag 10:29 <+catphish> morning! 10:31 < Apachez> huwjr: not reqally 10:31 < huwjr> sorry guys. sidetracked as usual! 10:31 < Apachez> Im running a site on a p3 733 mhz thats like 15 year old installation 10:31 < Apachez> check coding of your site 10:31 < Apachez> and use good settings 10:31 < huwjr> nope, I suppose I haven’t /strictly or completely/ ruled out previous servers being faster :) but on some occassions it’s been a huge upgrade in specification 10:31 < Apachez> deflating is good to lower bandwidth impact 11:01 < Nothing4You> is there an "easy" way to use nfs4 with custom user mapping? i have user foo@host1 which i'd like to map to bar@host2, different uids 11:02 < Nothing4You> on linux 11:03 < Atro> wrong channel 11:04 < Atro> try the linux channel 11:33 < majcull56> why did you move? 11:34 < majcull56> some networks need a reboot out of the vm 11:44 < majcull56> we need to be getting Sphinx available 12:07 < djph> o/ 12:16 < tya99> would an unmanaged switch strip VLAN tags? 12:16 < djph> it might 12:17 < Atro> it does 12:17 < tya99> right. 12:17 < djph> *might just simply drop the frames 12:17 < tya99> i thought that might be the case 12:17 < Atro> djph: but im curious as to why, actually 12:17 < Atro> for an unmanaged switch does no packet validation 12:18 < Atro> im thinking it cannot just be about the length 12:18 < tya99> so i have a bunch of these on my network https://www.cisco.com/c/en/us/support/switches/sg-100d-08-8-port-gigabit-switch/model.html 12:18 < Atro> the switch being a grill where only specific length packets can go through 12:18 < djph> Atro: dot1q frames are (IIRC) 1522 bytes, instead of 1500 (1508?) 12:18 < tya99> i wanted to put a host in that (packets leave host tagged) pass through unmanaged switch into tagged port on the managed switch 12:18 < tya99> and then leave through to the router on port 1 (also tagged) 12:19 < Atro> jesus christ why does that switch exis 12:19 < djph> Atro: too big = it's not gonna get thru 12:19 < Atro> djph: are you implying only managed switches support jumbo ? 12:19 < tya99> lol 12:20 < Atro> and, the switch being stupid, it'll drop the packet instead of fragmenting it, i guess 12:20 < djph> Atro: I'm implying "old enough" switches may only pass 1500 byte frames, and nothing more. *newer* dumb-as-a-rock switches *may* pass through dot1q frames unmolested. But then, you have fucking unmanaged switches on your network (ewwww) 12:21 < Atro> djph: yeah i was thinking about those ancient unmanaged switches, close to 100mb ports lol 12:21 < tya99> and wait that's not the one i have 12:22 < tya99> because it said something about 802.1q support 12:22 < regdude> dumb switches should ignore VLAN tags and forward packets only based on MAC addresses, anything past the DST-MAC should be ignored. Of course, expect everything, I wouldn't be surprised if there exists a weird switch 12:22 < Atro> regdude: yes but that implies it actually looks at the packet content and doesn't just drop it off based on length 12:23 < regdude> true, if the hardware MTU on a switch is set to 1500, then FCS is stripped off and a switch can drop the packet since it not a Ethernet packet 12:24 < regdude> but... again, I wouldn't be surprised if such switch exists 12:25 < djph> regdude: "such a switch" ... in terms of? 12:26 < regdude> I imagine if they label that dot1q is supported, then hardware MTU is set to 1504 at least 12:26 < djph> 1508, IIRC 12:26 < regdude> 4 bytes 12:26 < tya99> oh wait 12:27 < djph> the other 4 are for something else that came out around then too 12:27 < Atro> wiki says tagged is 1518 12:27 < tya99> hmm 12:27 < tya99> The Cisco SG 100D-08 delivers Quality of Service (QoS); all received packets are examined for QoS priority encoding. The switch reads the priority level and forwards the packet based on that priority level. For example, during heavy loads voice and video traffic are given priority over data traffic. (The switch is configured to comply with 802.1p, VLAN tagged frames.) This ensures that time-sensitive 12:27 < tya99> traffic gets the highest level of service. 12:27 < Atro> tya99: ye u can do tagged on that shit 12:27 < tya99> so that gave me the impression it would not touch the VLAN tags. 12:27 < djph> Atro: yeah, that's the one ... 12:27 < tya99> if they exist coming in it will leave them there 12:28 < regdude> 1500 is L3 MTU, 14 bytes for mac src+dst, 4 bytes the VLAN tag 12:29 < Atro> tya99: naw 12:30 < SwedeMike> one always has to know how each platform calculates MTU, some do L3 (1500), some count ethernet header minus CRC (14 bytes), then some do or do not count the vlan tag (4 bytes each), and for rate calculations some needs to add the IFG and other on-wire things that happen per-packet. 12:30 < Atro> Yeah, so we can just assume the switch has a fixed MTU slapped on it, and drops intead of fragments 12:34 < tya99> those cisco switches yay they don't strip the packets 12:35 < tya99> i think what happened when i clicked apply in the web ui it didn't get committed because i cut myself off :) 12:35 < SwedeMike> Atro: yes, if the MRU (maximum receive unit) is lower than the packet size, then the packet will be silently dropped. 12:46 <+catphish> MRU has always seemed a bit pointless to me, if you received a packet why throw it away 12:47 <+catphish> only throw it away when it won't fit in a buffer somewhere 13:07 < screwsss> whaddup gang 14:38 < laddite> I have a issue where 2 hosts share the same failover IP, the problem is that when the request in made from within any of the two hosts to itself (to the DNS with A record pointing to failover ip), it will immediately think it is the IP and the traffic will "resolve" to the current host, which breaks the failover 14:39 < laddite> is there any way to prevent the host from considering the IP connected to the interface 14:45 < mawk> maybe don't assign the ip to the host laddite 14:45 < mawk> else it is possible to not consider the local ip, but it's pretty tricky 14:45 < mawk> you need to prevent the loop that will inevitabily happen 14:46 < mawk> so you need to differentiate packets coming from loopback and packets coming from ethX 14:46 < mawk> but it can be done 14:46 < mawk> albeit extremely dirty 14:46 < mawk> so you take a look at the list of policy routing rules with ip rule, you see "0: from all lookup local" at the top 14:46 < mawk> that means the local addresses have the highest priority for routing 14:47 < laddite> mawk: so, probably a better approach would be to use a script to add/remove the entry from interface based on the current state? 14:47 < mawk> you'd need to move that rule and add a new rule before 14:47 < mawk> that doesn't seem too right either 14:47 < mawk> who's doing the failover ? 14:47 < mawk> a box before the two machines ? 14:47 < light> keepalived 14:47 < TotallyNotKim> or any sort of virtual ip manager 14:48 < laddite> I was thinking of keepalived, currently it's all manual :/ 14:49 < laddite> but it seems that having it attached for the both them is the wrong approach, right? 14:50 < mawk> sometimes some derivative of that approach is unavoidable, but here it can be avoided for sure 14:57 < laddite> thanks, mawk 14:58 < screwsss> does this net limiter shit actually work? 14:58 < heller_> hey guys 14:59 < djph> screwsss: what net limiter shit? 15:00 < heller_> What does it mean if i get alot of STP port X stp port state is set to disabled or forwarding? 15:00 < heller_> someone is creating a loop? 15:00 < djph> probably 15:00 < djph> and/or the switches are fighting with each other 15:00 < heller_> There should be no other switches 15:00 < heller_> only routers 15:01 < screwsss> https://www.netlimiter.com/ 15:01 < djph> spanning tree is a switch thing ... 15:01 < heller_> its a main switch, where clients get one port to their area 15:02 < heller_> they basically cannot do a loop 15:02 < heller_> they only have acces to one port 15:02 < regdude> a bridge has STP, initially only bridges had STP, then switches started to have STP as well 15:02 < regdude> what kind of routers and switch are you using? 15:03 < heller_> I dont know a client is connecting to the swith 15:03 < heller_> but the swith is a planet branded 15:04 < heller_> But it seems to trigger STP immediately, because i'm not getting the MAC address to the mac table 15:04 < regdude> port can go into a disabled state if the physical port is flapping or it received its own BPDU (loop) 15:04 < regdude> BPDU will work a bit faster in most cases than MAC learning 15:04 < Reventlov> Hi 15:05 < heller_> BPDU guardi is disabled 15:06 < Reventlov> Is there a faster way to count packaets in a pcap (and do some filtering) in python than using tshark? 15:06 < Reventlov> like, counting wifi retransmissions 15:06 < screwsss> djph supposed to be a program whereby you can throttle your upload / download speeds 15:06 < Reventlov> (iterating with pyshark over the packets takes something like 180 seconds, while just using a read filter using tshark is a matter of seconds) 15:06 < screwsss> handy if you're on an adsl connection and your uploads interrupt your download speeds 15:07 < screwsss> in my case, it almost totally chocked it. so therefore i cannot upload a large file to youtube 15:08 < djph> ouch, upload crushing down ... 15:08 < regdude> heller_: BPDU guard is a feature on top of STP, BPDU are the packets that STP uses to determine the netowork's topology and to detect loops 15:08 < screwsss> yep. exactly. 15:08 < djph> sounds like a local-pc thing to do QoS maybe? 15:10 < heller_> ah okay 16:14 < acpowerr> Hello all. My isp is set up in such a way that multiple people can be behind the same IP at the same time. This prevents the outside world to directly connect to a home pc. Is there any way to enable access to my pc from the outside? 16:14 < Atro> acpowerr: you must have a static WAN ip or a dyndns name 16:14 < acpowerr> I do have ddns 16:15 < acpowerr> It just doesn't work 16:15 < acpowerr> Because it points to the external IP 16:15 < Atro> okay, then you need to port-forward 16:15 < acpowerr> I do not have access to the external IP 16:15 < Atro> but be advised, without security, you're at risk 16:15 < acpowerr> It's controlled by the isp 16:15 < acpowerr> And it only forwards packets 16:15 < acpowerr> To my pc 16:15 < Atro> Okay, buy how do you connect on your router? 16:15 < Atro> *but 16:16 < acpowerr> Router - >nanostation 16:16 < acpowerr> Then another nanostation 16:16 < acpowerr> And then I don't really know 16:16 < Atro> i assume the nanostations are the ISP's ? 16:16 < acpowerr> Yeah, thought mine is on the roof 16:16 < acpowerr> It connects to another one a few miles away 16:17 < Atro> if you only control the router, you need to find out what WAN ip it has 16:17 < Atro> if it's an internal or external one 16:24 < acpowerr> I control the router only 16:24 < acpowerr> But the Wan IP is internal 16:24 < acpowerr> As in something like a nat 16:25 < acpowerr> So I am behind probably a quadruple nat 16:25 < acpowerr> Or something of the sort 16:27 < acpowerr> OK so it is like this router - nanostation-another nanostation miles away which connects to the router that is visible to the world 16:27 < acpowerr> So i am behind three devices 16:28 < acpowerr> Two of which I do not control 16:28 < acpowerr> Well, three I suppose 16:28 < acpowerr> So ddns doesn't appear to work for me 16:29 < acpowerr> And even if it points to the external IP 16:29 < acpowerr> That router cannot forward the packet to me 16:31 < djph> gotta config that router. if you can't, then you're SOL 16:34 < lasdam> hey, I have a medium long network programming question about epoll and stuff. it might be more than 1 paragraphs long. do I post it here, pastebin it, or post elsewhere like ##programming ? 16:36 < acpowerr> djph that is bad 16:37 < djph> acpowerr: what is? 16:46 < simbalion> Is there a "easy" way to determine what local processes are initiating a TCP connection on 127.0.0.1:25? 16:56 <+catphish> simbalion: netstat -anp 16:56 <+catphish> or netstat -anpl to include listening sockets 16:56 <+catphish> if you run those as root you will see which process is using each socket 16:57 < Roq> lsof -i also works 16:58 < spaces> all networks sexy and rocking ? 16:59 < fantus> what would be the reverse mx record/ ptr be used for ? is it important ? 17:00 < spaces> fantus sure it is, if the IP/domain you are sending from is a valid combination 17:00 < spaces> server also 17:00 < spaces> hostname 17:03 < fantus> spaces: i get this : ERROR: No reverse DNS (PTR) entries. no reverse (PTR) detected on my domain...the domain in question has google mx records setup and its working but https://intodns.com is giving me the result like an error 17:03 < spaces> fantus dns cache, try mxtoolbox.com 17:04 < fantus> spaces: https://mxtoolbox.com/ReverseLookup.aspx do i enter my cPanel/website IP here? 17:04 < fantus> it routes back to my NameServers if its website ip 17:05 < fantus> all is green 17:05 < fantus> seems good 17:05 < fantus> intodns.com still gives me the error on PTR tho 17:06 < spaces> then your DNS servers are not working properly 17:06 < spaces> do you have a reverse DNS zone ? 17:06 < spaces> ZONE! 17:07 < fantus> i guess i'll have to ask my service provider 17:07 < fantus> unless its smth i can do in WHM spaces ? 17:09 < spaces> you need to indeed 17:09 < fantus> and last question, how can this impact my email system? will i still be able to send/receive emails ? spaces 17:11 < spaces> yes but they probably will be blocked tagged as spam 17:11 < fantus> ok tks 17:12 < spaces> np 17:19 < simbalion> catphish: Thanks! 17:25 < lasdam> does it make sense to combine epoll and select calls in an application, epoll for "outer" calls, select for "inner" ones? 17:31 < ash_worksi> when I dig ANY my server I get 'HINFO ... ANY obsoleted'; if that's true, shouldn't that also be the case if I dig google.com ANY ? 17:33 < ||cw> ash_worksi: no? servers can choose to support obsoleted command if they want 17:33 < ash_worksi> hmm 17:33 < ash_worksi> thanks 17:34 < tpr> I suppose cloudflare is one of the few who say it's obsoleted. 17:34 < ||cw> ANY works against local 2012 level AD too 17:35 < ||cw> and a somewhat recent bind9 17:38 < Apachez> most want to block ANY due to possible size of reply 17:40 < ||cw> I can see how that would add up. HE doens't block it either though 17:40 < Apachez> most arent 17:41 < Apachez> its similar to blocking ping echo requests (and replies) 17:41 < Apachez> the proper way is to throttle like max 10/s/ip or so 17:41 < Apachez> but with more being behind CGNAT that will fuck things up too 17:41 < Apachez> and ANY isnt really used by any real world application 17:41 < ash_worksi> why would my server not get an answer from dig ANY while my localhost can? 17:41 < Apachez> I mean most knows if its A/AAAA or PTR they ask for 17:41 < Apachez> or MX 17:41 < Apachez> or some other 17:42 < Apachez> ANY is handy for troubleshooting only 17:42 < ash_worksi> specifically ANY 17:42 < Apachez> your server = ? 17:42 < Apachez> is it isp maintained server? 17:42 < Apachez> or one you are admin for? 17:42 < Apachez> the localhost dns client cache is dnsmasq or something 17:42 < Apachez> I doubt that will filter anything except for srcip asking 17:43 < ash_worksi> it's in a data center; I have permission on it 17:44 < ash_worksi> I find it weird that I get an answer for A but not ANY 17:44 < ash_worksi> even if it's an HINFO obsoleted answer 17:44 < epaphus> Hello all. If I set 3 Wifi APs with same SSID, different channel (1,6,11) but instead each gives out its own IPs in different subnet (192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24) would I still be able to achieve roaming? I understand that the practice is to eave a single AP do the dhcp. 17:44 < Apachez> if its your server then check its config 17:45 < TotallyNotKim> Apachez: I think he _wants_ the different subnets 17:46 < ash_worksi> Apachez: what am I looking for exactly? 17:47 < TotallyNotKim> epaphus: I'd say yes, if whatever is behind the ap's is able to route the packets to the appropriate destinations 17:47 < TotallyNotKim> why-ever one would want this 17:47 < epaphus> TotallyNotKim, why is it that the recommendation is to have a single dhcp server? what difference does it make? 17:48 < TotallyNotKim> epaphus: it's not about what's done usually or what's recommended but what you need and how you get there 17:52 < ash_worksi> Apachez: I mean, I guess the server I'm digging from is blocking ANY like you said, but I don't know where/how to configure that... can you give me a push in the right direction? 17:56 < DocScrutinizer05> off topic: please sign https://www.change.org/p/european-parliament-stop-the-censorship-machinery-save-the-internet?utm_source=share_petition&utm_medium=copylink&utm_campaign=share_petition - read https://blog.github.com/2018-03-14-eu-proposal-upload-filters-code/ for more context. 17:59 < epaphus> TotallyNotKim, ok thanks... 18:02 < epaphus> Btw, I have an issue with a AP that I put as a test. When there is only 3 users on it, get good performance. When the rest of the office users hop on it (12) latency starts increasing a lot, some packet loss occurs. These are all cellphone users and their consumption is 1-2 mbits out of 25mbits of my WAN. I suspect that one wifi user is mafunctioning and putting noise into the network or something like that. How can I be sure? 18:03 < compdoc> turn off each users pc one at a time? 18:04 < compdoc> maybe the AP doesnt have the horsepower needed? 18:04 < djph> ^ either of those 18:18 < TandyUK> hmm.. 14x 4tb sas disks, on a hp p420. I can decide what raid layout to go for.. 14x4 r5, 2 sets of 7x4 in raid 50, 14x4 raid 6, ... 18:19 < TandyUK> this is going to literally expose the resulting array to the os, for it to be lvm'd and have lv's exported via iscsi 18:19 < UncleDrax> HBA mode, ZFS ! 18:19 < UncleDrax> ;] 18:19 < TandyUK> im leaning towards raid50 for speed/safety balance 18:19 < TandyUK> my homelab, so i dont have room to back it up :P 18:20 < UncleDrax> sounds reasonable tome.. but i'm not a storage guru (and my arrays usually stop around 8 disks per.. so way easier MTBF gap to combat) 18:21 < heller_> hey guys 18:21 < UncleDrax> .. and smaller disks 18:21 < UncleDrax> the larged prod disks I have are still 1TB 18:21 < heller_> can you explain why edgeswitch has option to set ports as trunk OR tagged 18:21 < heller_> but tagged works also as trunk? 18:21 < TandyUK> yeah thats why raid50 appeals too, raid 60 id just be losing too much capacity 18:22 < TandyUK> yeah but at home ive got lots of meadia to store 18:22 < UncleDrax> and people won't not get paid if the whole thing dies 18:22 < TandyUK> you may have just convinced me to do 2 arrays though... 8x10tb or whatever the biggest i can get it, in raid 6, and 6x 1tb 15k disks for speed 18:23 < TandyUK> well not entirely lol, its also hte iscsi store for my homelab esxi cluster 18:23 < TandyUK> hence i do want _some_ speed 18:23 < UncleDrax> ah ok, so you do need performance.. ya 18:23 < TandyUK> i think 2 arrays is the way to go 18:23 < TandyUK> one for bulk, one for speed 18:23 < UncleDrax> heller_: sorry, not a EdgeSwitch user 18:24 < UncleDrax> yeap, you could config your 'speed' as 10 or whatever if you thought that little extra on write would matter 18:26 < UncleDrax> huh that P420 is suprisingly inexpensive for a 'real' controller 18:26 < gef3233> Hello! I was doing some tests and I found a sawtooth pattern on the ping RTT, apparently is a known problem when the network is saturated but I couldn't find the reason (is it buffers?, polling?) can anyone help me? 18:26 < gef3233> This is an image of what I mean: https://www.pingplotter.com/themes/pingman/images/manual/interpret_bandwidth_sat_1.png 18:30 < UncleDrax> I'm not a network queuing expert, but could be a queuing issue. You have the ability to change your queuing method? 18:30 < UncleDrax> also see: Bufferbloat (maybe) 18:31 < UncleDrax> but I guess the P420 becomes 'real' once you slap on that flash cache module 18:32 < UncleDrax> ok that's enough HPE talk for me today.. any more and I'll have to update mine 18:33 < gef3233> UncleDrax, but we have tried with a slower datarate and according to our findings it only depends on time and not on the throughput 18:34 < gef3233> We have ruled out application buffers at least 18:34 < gef3233> Is by no means an issue to us, but I am incredibly curious as to why this happens 18:35 < UncleDrax> time as in 'time of day' or 'duration of test' 18:36 < gef3233> As duration of test and as packets/unit of time 18:36 < UncleDrax> well keep in mind if it is a buffer issue, it could be with any device along that path. 18:36 < gef3233> If it were a queing problem we would have seen it go worse with a higher datarate 18:37 < UncleDrax> rgr 18:37 < gef3233> It only happens on the wireless part of the connection, pinging within the lan gives us stable ping rtt 18:38 < UncleDrax> ah, well you said the magic word 18:39 < UncleDrax> (which is also a queue for me to excuse myself and take care of some other stuff.. I'm trying very hard to purposely not delve into Wireless troubleshooting ;] ) 18:39 < gef3233> Sure :) The only thing that worries me is the cyclic nature of this behaviour 18:41 < Atro> someone help me, im stupid with IPv6 18:41 < UncleDrax> ya, well clearly at least you isolated it to a single segment and pair of devices, so that helps the t-shoot 18:43 < gef3233> It helps indeed, hopefully I will be able to understand it better :) 18:44 < UncleDrax> Atro: was there a question, or just a statement? 18:46 < Atro> UncleDrax: yeah but i ran outta internet 18:47 < UncleDrax> Atro: fair enough. the Internet is a fad anyway 18:47 < Atro> If i get an ipv6 /48 from an ISP, i can toss it directly to my clients(I have a home router) ? 18:47 < tds> well if that's legacy internet you've run out of, v6 is much bigger ;) 18:47 < Atro> If so,how does the dns work? 18:48 < Atro> I got via dhcp client over pppoe, a /48 that i can relay(?) To clients? 18:48 < tds> you'd typically have a /64 out of that /48 on-link per VLAN 18:48 < tds> so if that's a "normal" home network, just a single /64 on the lan network 18:49 < tds> then you can enable sending router advertisments on your router, and if you set the autoconfiguration flag then devices should generate themselves addresses within that /64 18:51 < Atro> Oh. 18:52 < Atro> And the flag should be like "take dis ip and dns and im defaults gw" 18:52 < tds> that's what the RA contains, the flag is just something you can add to the RA to tell devices to automatically generate addresses 18:52 < Atro> I probably messed up the lan side 18:52 < tds> (otherwise they'll point a default route at the router, but not generate an address) 18:53 < tds> what router is this? 18:53 < Atro> A mikrotik 18:53 < tds> ah, I'm not familiar with their stuff, sorry 18:53 < Atro> It's alright, i only spent 2 hours on the wan stuff 18:53 < tds> i'm guessing you have some kind of dhcpv6 client doing prefix delegation to get that /48 routed to you? 18:54 < Atro> I believe so, i can put a pool on what i get from the isp 19:20 < luke-jr> Is there a modern bus-topology Ethernet? 19:21 < BullHorn> i set up an OpenVPN server on Windows 10 and im able to connect to it from a client - however the traffic doesnt actually go through the server 19:21 < BullHorn> then i added the following line to the server configuration to enforce ALL traffic from clients goes through the server: push "redirect-gateway def1" 19:22 < BullHorn> what happens now is that clients connect to the server but are unable to send or receive any traffic whatsoever... what am i missing ._. 19:25 < ALowther_> Am I understanding correctly that passive PoE Out will just blindly send power through as soon as anything is plugged in, regardless of it's compatibility. Same for passive PoE In, which will just start receiving power regardless if it's too much or too little?...Whereas active PoE Out/In will only start sending/drawing power, respectively, one it has done a "hand-shake" to verify compatibility? 19:26 < turtle> yep 19:26 < turtle> you can always test passive poe by putting the cable in your mouth 19:26 < ALowther_> turtle: ;). 19:27 < ALowther_> turtle: So it's sending power even if nothing is plugged in? 19:32 < detha> ALowther_: 'passive' PoE is just 24V or 48V between two pairs. 19:34 < ALowther_> detha: & what is active? 19:35 < UncleDrax> turtle: I like to do that with the high-power stuff we run up cell towers.. good times 19:36 < detha> a small probe voltage that checks for a 250 ohm resistor, if it sees one applies a little bit of power, and starts negotiating about how much to apply for full operation 19:37 < detha> UncleDrax: if it doesn't light up a fluorescent tube, it's not high power ;) 20:00 < sovereignentity> I have an Arris SB8200 Modem. when I plug a laptop into the Modem I can connect to the internet. But if I disconnect the laptop and connect the roku I have no connection. what could be the reason? 20:01 < Mr_Midnight> sovereignentity: Are you getting an external IP from the modem? It could be your provider only allows one mac address to pull a public IP 20:02 < obcecado> sovereignentity: it might need a reset 20:02 < S_SubZero> they may have differing IP setups 20:02 < sovereignentity> the roku is the only thing connected 20:03 < sovereignentity> I have not reset the modem 20:03 < Mr_Midnight> but you connected the laptop at some point and it gave the laptop an IP... could be it doesn't hand out a second until the other IP has expired which could be up to a week sometimes in ISP DHCP pools 20:03 < Apachez> detha: its not the amount of V that kills you, its the amount of A 20:04 < sovereignentity> Mr_Midnight, and everyone thanks I'll reset the modem 20:15 < Johnjay> 400 Mhz is a really weak frequency 20:15 < Johnjay> it barely seem to penetrate a wall 20:16 < fattredd> Hey guys, I'm ubable to consistantly connect to my web server. I think my ISP is blocking protocols. Does this make sense? I'm able to connect via OpenVPN, but not via ssh, http, https, etc. consistantly. Every once in a while it will work again. Any ideas? 20:17 <+pppingme> fattredd where are you tryinig to connect from? 20:17 <+pppingme> Johnjay I wouldn't say thats true 20:17 < fattredd> From my work to my home 20:18 <+pppingme> fattredd you sure your ip isn't just changing? 20:18 < Johnjay> pppingme: i'm using a key finder from amazon that uses 2 AAA batteries 20:18 < Johnjay> it can't work through 2 walls 20:18 < fattredd> Yes. I've got a dynamic dns, and on top of that I've double checked the current IP through teamviewer 20:18 <+pppingme> Johnjay its probably not because its 400mhz, but just an incredibly weak signal to start with, you'd have the same issue at any frequency with such a weak signal 20:18 < Johnjay> fattredd: did you double check all router and firewall settings? try multiple devices with the server? 20:19 < Johnjay> pppingme: i was a bit disappointed because i thought this device could double as a car finder if i left the unit on my car 20:19 < Johnjay> but unfortunately it's too weak for even that 20:19 <+pppingme> fattredd isp's don't tend to randomly block, its going to be way more consistent 20:20 < fattredd> Johnjay: I've done both. The wierd part is the inconsistancy. Sometimes I can get the http fine, other times I can't 20:20 < fattredd> I can always get openvpn though 20:20 < Johnjay> sounds like your router is dying 20:20 < fattredd> Oh shit no 20:20 <+pppingme> fattredd whats your firewall/router/nat device? 20:20 < fattredd> edgeRouter X 20:20 < jason85> How does sslstrip work under the hood? Does it simple strip https from links or rewrite 302 redirects? 20:21 <+pppingme> fattredd whens last time it was rebooted? 20:22 < fattredd> About 5 days ago 20:23 < mnemon> jason85: yes, just http link and redirect rewriting. 20:24 < fattredd> Is there a way to check the edgerouter's logs? 20:24 < jason85> mnemon, Ok, thanks for confirming 20:29 < mnemon> np 20:31 < fattredd> Found the logs. Looks like I'm not getting the http request at all? 20:31 < Johnjay> fattredd: is your internet all line or is there a wireless part? 20:32 < Johnjay> i know when i reboot my router and antenna i get less packet loss from my company 20:32 < fattredd> I've got both. I'll try the reboot 20:33 < fattredd> Thanks Johnjay 20:44 < Apachez> interresting evidence https://mitti.se/nyheter/biljettkontroll-vagen-domstol/?omrade=hela-stockholm use google translate if you dont know swedish 20:45 < tds> Atro: I only just thought to ask, did you get v6 working in the end? 20:47 < Apachez> Johnjay: the lower the freq the more likely to penetrate a wall 20:47 < Apachez> if it doesnt in your case then its most likely due to too small tx power 20:47 < Johnjay> no the opposite 20:47 < Johnjay> higher freq means high energy 20:47 < Apachez> and too bad antenna on receiving side, use directional antennas instead of omnidirectional 20:47 < Johnjay> which would penetrate more right? 20:47 < Apachez> not really 20:48 < Apachez> for a given amount of tx power, lets say 1 watt, a lower freq will penetrate deeper into/through a wall than a higher freq 20:48 < Apachez> for a higher freq to penetrate as deep as a lower freq the higher freq must use far more tx power 20:49 < Apachez> thats why 10 meters of water is enough to shield against x and gammarays from a nuclear reactor 20:49 < Apachez> while it wont stop a submarine from communicating with its surroundings while being submerged 20:49 < kamura> also lower hz can diffract around obsticales much easier 20:50 < Johnjay> interesting 20:50 < Johnjay> ok i was wrong then 20:53 < ALowther_> detha: Okay, sorry. I was away for a bit. Just for some clarification. passive PoE is either sending 24V or 48V and hoping for the best, whereas active PoE can negotiate a range of applied voltages? 20:54 < Atro> tds:im drunk at ripe 20:54 < tds> ah, have fun :) 20:55 < UncleDrax> sometimes 'hoping' for the best with passive PoE means 'frying the device on the other end'. 20:56 < ALowther_> UncleDrax: Exactly my thoughts, which is what I am trying to understand. 20:56 < UncleDrax> which is really just a warning to make sure you match the kit appropriately 20:57 < ALowther_> UncleDrax: But if you know your device requirements does active PoE offer more options are far as voltage? Or it is just a safety mechanism to make sure a device is compliant with the standard and if not it doesn't work. 20:59 < UncleDrax> well afaik, 'active' means 'a standard that was designed and published' so it complies to 802.3af or 802.3at - which also happen to have handshaking and stuff in addition to voltage/wattage requirements. 21:00 < UncleDrax> so you can go read those documents.. I am not a PoE expert 21:00 < UncleDrax> (todays trend, for those following along, is I am not an expert in anything) 21:01 < UncleDrax> tbh as an operator, so long as the devices at each end agree, I don't care. I prefer activePoE since it handshakes and I can't accidently set 56vDC on a 24vDC radio 21:01 < tds> since passive poe also just uses one of the pairs for power, you'll normally be limited to 10/100 with most equipment 21:02 < tds> I think there are some passive poe implementations that can do gigabit, they're less common though 21:03 < UncleDrax> for standard PoE, there's a chart: https://en.wikipedia.org/wiki/Power_over_Ethernet#Standard_implementation 21:18 < ALowther_> tds, UncleDrax: Thanks for info & links 21:36 < Capprentice> Hi! Im trying to advertise the default route from Core Switch to Server Switch using default-infomation originate always in OSPF. All interfaces as shown in the picture - https://imgur.com/a/XHuM4fN are in area 0. When I look for defult route I only see one in AGGREGATION_SWITCH. Why the server switch does not get the default route? 21:43 < rcr_> does anyone know why the table of contents line for rfc2459 looks the way it does? https://www.ietf.org/rfc/rfc2459.txt 21:43 < rcr_> there are ^H (backspace) characters in between the extra chars too 21:43 < rcr_> strange 21:44 < UncleDrax> formatting or charset issue. *shrug* 21:49 <+pppingme> Capprentice does "server switch" already have a default route that you're expecting the learned one to over-ride? 23:02 < BenderRodriguez> pppingme: teach me VXLAN 23:04 <+pppingme> did you google it? 23:29 < LonGrangeAntenna> i have question 23:29 < fattredd> Okay 23:29 < tds> assuming it's related to networking, just ask :) 23:29 < LonGrangeAntenna> so my laptop has antenna for wifi, im trying to plug the wifi to my dekstop via ethernet (this works) but the question is 23:30 < LonGrangeAntenna> will it give me latency problems 23:30 < LonGrangeAntenna> how siginificant 23:30 < LonGrangeAntenna> there are reasons why im not just plugging the antenna adaptor into the desktop 23:30 < fattredd> Should be roughly the same as the wifi was 23:30 < LonGrangeAntenna> ok that all 23:31 < Harlock> wat? 23:32 < Harlock> you mean you are bridging the wifi to eithernet on the laptop right 23:32 < tds> are you actually bridging, or doing routing + nat? 23:32 < LonGrangeAntenna> wifi signal goes to antenna that is plugged into laptop 23:33 < LonGrangeAntenna> pipe the connection from laptop through ethernet cable into my desktop 23:33 < LonGrangeAntenna> im using the basic windows10 connection sharing feature on laptop 23:33 < Harlock> is your pipe abs or pvc 23:33 < LonGrangeAntenna> just wasnt sure if it would give known issues or delays that i didnt know about 23:33 < Harlock> oh it's nat then 23:34 < LonGrangeAntenna> yea by pipe i just meant ethernet cable 23:34 < LonGrangeAntenna> from my understanding piping means to connect to system in some manner 23:34 < Harlock> i meant inside the laptop 23:34 < tds> you might have more issues with nat traversal (and other related nat mess) if you're doing double nat, otherwise you're probably fine 23:35 < Harlock> the most latent part of the path is the wifi anyway 23:35 < LonGrangeAntenna> yeah 23:35 < Harlock> but you won't be able to access the desktop from the rest of the nework without port forwarding if that matters 23:36 < Harlock> you can "bridge" 2 interfaces instead 23:36 < tds> if you're able to set static routes on the first router, that's a much nicer solution --- Log closed Tue Jun 19 00:00:04 2018