--- Log opened Wed Jul 04 00:00:24 2018 00:00 < afidegnum> what is the default port for urd ? 00:00 < Apachez> urd? 00:01 < GoopAway> I'm looking into long-distance wireless network solutions, and apparently there is a new IEEE standard coming out (or already came out) in the 900Mhz range. I read that it provides at least 150kbps, and I wanted to know if that's a reasonable speed for an encrypted SSH connection for text. 00:01 <+pppingme> afidegnum urd 465/tcp smtps # URL Rendesvous Directory for SSM / SMTP over SSL (TLS) 00:01 < afidegnum> ah, thanks 00:01 < Apachez> GoopAway: check out airfiber from ubnt.com 00:02 < atsu> GoopAway: How far? Is there line of sight? 00:02 <+pppingme> wifi can go 100's of miles if you have LOS 00:02 < GoopAway> No line-of-sight. I'm thinking 0.5-3 miles away. 00:02 < atsu> 900Mhz equipment has been out for a very long time 00:02 < djph> 900MHz is crap. Don't do it! 00:02 <+pppingme> actually, almost any radio signal can at almost any frequency 00:03 <+pppingme> 900Mhz has its advantages 00:03 < djph> 0.5 to 3 miles is kind of a ... well, wide range 00:03 < djph> pppingme: yeah, in cordless phones 00:03 < atsu> Yeah. You can shoot through a ton of trees, but so can the interference 00:03 < atsu> A lot of power companies have started to use 900Mhz for smart meters 00:04 <+pppingme> djph 900Mhz will work well if you have direct line, but not actual LOS 00:04 < afidegnum> mysql? 00:04 < GoopAway> djph: all I need is a secure connection that I can have a laptop send like a 40 character code to, along with maybe downloading a really stripped down web page with text-only. 00:04 < afidegnum> oh i thought it was a bot who replied :D 00:04 < djph> pppingme: oh, I know ... 00:05 < djph> GoopAway: errr, "to a laptop", like you're looking for wifi? 00:05 < atsu> Ubiquiti has some 900Mhz stuff that isn't terrible for the price. It will get destroyed if there is interference. Look at their NSM loco that's 900Mhz 00:05 < Kryczek> GoopAway: https://www.winlink.org/ 00:05 < atsu> Cambium makes the best 900Mhz equipment in my opinion. But you'll pay a lot for it 00:07 < korans> GoopAway: encrypted data hardly adds much if any size to the data transferred it's mainly just a few padding bytes also ssh can use compression so figure out how many bytes you're expecting te send receive a second 00:07 < atsu> https://store.ubnt.com/products/900-mhz-loco 00:08 < superkuh> I have a couple of those. 00:08 < superkuh> I use them with a 25w bidirectional amp at the basestation (home) sometimes. The other one is in my car. 00:09 < korans> at the theoretical maximum you're good but you have to factor interference packet loss and packet/frame size inc. headers 00:09 < superkuh> There's a good open firmware for 'em, broadband hamnet. http://www.broadband-hamnet.org/ 00:10 < superkuh> (re: Ubiquiti 900 MHz loco) 00:10 < superkuh> GoopAway, what is goint o matter most for you is antenna height. 00:10 < superkuh> Nothing else. 00:10 < UFC> Hey guys, is it possible to create a site to site VPN with a fortigate 50e and a ddwrt router? The reason I ask is because this company has a very low budget but I do have serveral dlink routers lying around that I can flash ddwrt to for one of the branch offices... or is there a cheaper 100-200$ range device that would be better suited to use with the fortigate? 00:10 < atsu> superkuh: Agreed 00:11 < superkuh> Get some cheap transceivers and an expensive extensible pole on a roof or a tower. 00:12 < atsu> UFC: Could look at Mikrotik or Ubiquiti. Or you can put together something with pfsense with that budget 00:12 < superkuh> Er, extendable/collapsible. I use the one made for flying kites. 00:12 < superkuh> Just secured it to a porch wooden post with a bunch of UV resistant heavy zip ties. 00:13 < atsu> UFC: Although I'm not familiar with Fortigate/Fortinet, if it can do IPsec, IPsec is IPsec 00:14 < atsu> Personally I would not use DDWRT for a branch, or anything that isn't personal 00:15 < atsu> Plus the CPU in those routers can't be great (which you'll need for the encryption) 00:16 < tds> Whatever you do with that gear likely won't be great, but personally I'd be much happier doing that with openwrt than dd-wrt 00:17 < Kryczek> UFC: you could use IPsec Transport (end to end, from each computer to each other computer) and have the routers just do firewalling :) 00:17 < Kryczek> UFC: IPsec is already supported natively in Windows, Linux, BSD etc... no need to buy anything more 00:17 < Toadisattva> I've really liked dd-wrt but people keep suggesting open wrt is superior 00:17 < Toadisattva> should I consider upgrading my routers? 00:20 <+pppingme> openwrt is mroe actively developed and has more features 00:22 < Toadisattva> sounds like a winner to me 00:27 < afidegnum> wait, can you please explain this to me? 00:27 < afidegnum> using nethogs, this is what i m getting https://pasteboard.co/HsO2BDW.png 00:28 < xamithan> Looks like your connection speed is slow 00:29 < afidegnum> xamithan: ? 00:30 < afidegnum> xamithan: slow how 00:30 < afidegnum> ? 00:36 < afidegnum> this look like an ongoing traffic to a destiation, right ? 00:40 < xamithan> at 2.5 KB sent Doesn't look like much of anything 00:40 < xamithan> More like keep alive packets, heh 00:44 < afidegnum> ah, ok, i was getting panicked :) 00:44 < afidegnum> what monitoring tool would you reoommend to scan and detect malicious codes ? 00:44 < afidegnum> and traffics 00:44 < afidegnum> ? 00:44 < afidegnum> i m trying to install ossec 00:44 < afidegnum> but i don't know if you hav an alternative 00:45 < turtle> probably goatse 00:45 < afidegnum> goat? 00:46 < afidegnum> :D :D 00:46 < djph> turtle: tubgirl? 00:46 < xamithan> Depends what you trying to detect, a decent IDS works fine 00:46 < turtle> yum 00:47 < afidegnum> turtle: and besides, goatse is a Penetration Testing distro 00:48 < turtle> wow, that's golden right there. 00:48 < turtle> that's the kind of shit that belongs on bash.org 00:52 < djph> turtle: IKR 00:53 < mgolisch> funny seems like all those smart/easy managed switches are just the same garbage 00:54 < mgolisch> guess ill have to go with a proper managed switch instead 00:57 < brentaarnold> mgolisch p sure everyone's been saying that for years 00:57 < brentaarnold> smart switch isn't a managed switch 00:58 < mgolisch> why do those things exist at all, why have vlans if the ip interface is accessible everywhere or they come with questionable config utilities that can reset the switch and garbage like that 00:58 < mgolisch> >* 00:59 < djph> mgolisch: because "my nephew can do this, why should we pay for a pro?" 00:59 < brentaarnold> well idk about interface being available anywhere, afaik the smart switches I've used (Dell X series) were basically just stripped out managed switches 00:59 < brentaarnold> the interfaces were controlled the same as any others 01:06 < mgolisch> any recommendations for a 8port poe+ switch that isnt too expensive but is not total garbage? looked at some hpe/cisco stuff but thats sort of out of my budget 01:12 < atsu> what's the budget? 01:13 < xamithan> ubiquiti makes some nice PoE for pretty cheap 01:13 < mgolisch> id like to stay under 200eur 01:13 < xamithan> the 8 port is 197 USD 01:13 < djph> +1 for a UBNT UniFi Switch 01:14 < mgolisch> have some of their APs they are nice, never used the switches though, but i heard mostly good things about them 01:15 < djph> have used ES and US 01:15 < djph> prefer ES, but mostly because I never really liked the UniFi approach 01:15 < djph> *controller 01:15 < djph> it's SIGNIFICANTLY better now 01:16 < atsu> Yeah, ES is more "traditional" when you're use to 01:16 < atsu> CLI 01:16 < djph> *today* I'd really look at the US 01:17 < mgolisch> as long as you can configure the management interface to a vlan iam happy 01:17 < atsu> If power and noise isn't an issue, have you considered like a used 3750. Or maybe Juniper EX4200 01:19 < atsu> I am not crazy about Unifi stuff either 01:19 < mgolisch> plaing to plug my cable modem in one of its port to trunk it through to my rack switch to my router vm 01:19 < mgolisch> its going to sit in my living room, it rather not have a too noisy device 01:21 < mgolisch> i will look at the unify 8 poe thing 01:21 < atsu> Ubiquiti ES‑8‑150W probably is best bet, even though it pains me to recommend ubnt 01:21 < mgolisch> looks nice 01:23 < atsu> Unifi vs ES, really depends on if you want to go into the whole Unifi controller deal 01:23 < atsu> Or manage on CLI 01:24 < atsu> They did add CLI to Unifi line, but feels like an after thought 01:24 < mgolisch> i see 01:28 < atsu> If you want to go full into the Ubiquti koolaid with Unifi APs, Unifi switches can make management a little simpler 01:29 < atsu> Same controller software 01:41 < strixdio> any hope of using a cisco 1921 with something other than cisco firmware? 01:41 < strixdio> maybe, like, pfsense or openwrt" 01:41 < strixdio> ?* 01:41 < E1ephant> but why? 01:42 < E1ephant> for something like 1921, no, I highly doubt it. 01:42 < strixdio> I prefer pfsense 01:43 < E1ephant> I think a 1921 is better as an ebay sale 01:43 < E1ephant> or doorstop 01:43 < strixdio> pI also have cisco MS220-8 and MX64, those any "good"? 01:43 < E1ephant> then just pop pfsense on some vmhost :) 01:44 < E1ephant> meraki boxen? 01:44 < strixdio> yeh 01:44 < strixdio> idk anything about that "cloud" crap from cisco 01:44 < E1ephant> not very beefy from a systems perspective 01:44 < strixdio> makes it sound like $$$$ubscription! 01:44 < E1ephant> but if the license is valid, it's good gear and softwatre 01:44 < E1ephant> software even 01:45 < E1ephant> maybe feature incomplete relative to other NOS 01:45 < E1ephant> but it's "simplicity" (lol?)_ 01:45 < strixdio> are they $ub based? 01:45 < E1ephant> yes 01:45 < strixdio> ew. 01:46 < E1ephant> once the subscription/license runs out, they stop forwarding completely 01:46 < strixdio> ... 01:46 < E1ephant> yeah it's perhaps non traditional 01:46 < strixdio> That's the worst ever. 01:46 < E1ephant> but tbh maybe a godsend for enterprises that most nerds seem to be discounting 01:46 < strixdio> well, it is only pissing me off now. 01:46 < E1ephant> if the license runs out and it becomes a brick, it stops the accouting firm from having a firewall live 10 years past it's EOL 01:47 < strixdio> idk what to do with this gear. 01:47 < E1ephant> realistically in a business you should be refreshing gear 01:47 < strixdio> yeah true. gotta milk that 01:47 < E1ephant> I believe the meraki gear can run openwrt 01:47 < E1ephant> or some of it can 01:47 < strixdio> interesting. 01:47 < E1ephant> (MX?) 01:47 < E1ephant> but yeah, they aren't particularly quick or memory heavy (relative to intel NUC) 01:48 < strixdio> huh.. that would be cool to put openwrt on those. 01:48 < strixdio> I have two 01:48 < E1ephant> good for just openwrt though probably without issue, just probably not a great kvm/container host? 01:48 < E1ephant> yeah 01:48 < E1ephant> at least they would be non-bricks :D 01:48 < strixdio> lol 01:49 < strixdio> darn, the switch doesn't look like there's anything for it. 01:49 < strixdio> That's the thing I was hoping to use really. 01:49 < strixdio> PoE is something I don't currently have. 01:50 < strixdio> would be nice to run my ubiquiti APs off PoE 01:50 < strixdio> well, a switch with PoE, rather. 01:50 < E1ephant> aye indeed 01:51 < E1ephant> I am just using injectors still though, only two APs 01:51 < strixdio> Yeah 01:51 < mgolisch> then again some of them use passive poe, so a poe switch will not realy help there 01:51 < E1ephant> yeah yucky :S 01:52 < strixdio> ouch, doesn't look like the mx64 is actually supported for openwrt 01:52 < strixdio> haha, of course, all the stuff I got for free is useless anyway. 01:52 < strixdio> (no wonder I got it for free :P) 01:54 < strixdio> I also got some cisco cable modems.. dpq 3925 .. 8 downstreams 4 upstreams. Think there would be much of a difference between that and a 12 downstream 4 upstream modem for 100mbit service? 01:55 < strixdio> and I got a Cisco WS-C2960-24TC-L 01:55 < strixdio> sadly only 10/100 :/ 01:56 < strixdio> still enough to practice with I guess. 01:57 < E1ephant> depends on the carrier 01:57 < E1ephant> I would be surprised if you got a config file for a dpq? 01:57 < E1ephant> but maybe 01:58 < E1ephant> check out eve-ng and VIRL 01:58 < afidegnum> hello, i m having some strage behavior 01:58 < E1ephant> for labbing 01:59 < afidegnum> I have flush, and written the ip tables but i don't know a script which is overriding my configurations 01:59 < afidegnum> how do i trace such activities on my server? 02:01 < strixdio> afidegnum: might want to try #linux 02:05 < E1ephant> which distro, check messages/dmesg for scripts firing? 02:07 < afidegnum> Elephant inside /var/log? 02:07 < afidegnum> using debian 02:07 < E1ephant> yeah 02:08 < E1ephant> are you rebooting and they disappear? 02:09 < mgolisch> ordered the edgeswitch, lets see how it works out 02:09 < mgolisch> :) 02:12 < strixdio> damn.. so I got a cisco 1921, two cisco miraki mx64's, and a cisco miraki MS220-8 for free, and they're all useless. 02:12 < strixdio> le sigh. I thought I was getting cool stuff. 02:15 < xamithan> You did get cool stuff. Stuff that was cool 15 years ago 02:17 < Henry151> howdy ##networking 02:19 < Henry151> I've noticed that sometimes when I connect to my VPN (I'm using PIA and on a debian system using OpenVPN) that sometimes, usually after it's been connected for some number of hours, my other devices that are connected to the same wifi network will experience huge slowdowns, almost stopping entirely. As soon as I disable the VPN on the debian laptop, the other devices connected to the network are 02:20 < Henry151> restored to full connectivity, and if I restart the VPN, it doesn't immediately cause interference, but usually only after a few hours, it happens again (sometimes longer, like 8 hours) 02:20 < Henry151> Anybody have any idea what could be causing that sort of a problem? 02:20 < QuinnStorm> Henry151: could something broadcast be leaking out into the LAN like DHCP? 02:21 < QuinnStorm> that is, are you doing any strange client side routing, iptables, etc? 02:21 < Henry151> QuinnStorm: I'm not sure what that means, sorry for my ignorance on the subject. I vaguely grasp the terms you're using there 02:21 < Henry151> oh 02:22 < Henry151> not that I'm aware of... I do usually have three separate SSH connections open in terminals 02:22 < Henry151> through the vpn 02:22 < QuinnStorm> also are you possibly just overloading your router? if yiu're asking it to upnp through a udp conection or even to handle one lkngrunning tcp link (and it has a bit of a memleak somewhere)... 02:22 < QuinnStorm> *longrunning 02:23 < Henry151> that sounds like a possibility; i am using the router my ISP gave me which I don't think is anything great 02:23 < QuinnStorm> openvpn? as I haven't had huge issues with it in the past...ahhh 02:23 < QuinnStorm> if you are also routing to your LAN via it without individual VPN connectio s at lezst through a local gatesay (unencrypted works too), you can easily end up with things all fubar 02:24 < Henry151> I bought a WRT54G to play with but it turned out to be the V5.0 which apparently is "neutered" or something, no good for running openWRT which was what i bought it for 02:24 < Henry151> but I also have a Netgear R7000 that's unused that I could set up if it might help me solve these problems 02:24 < Henry151> but all the traffic ultimately has to pass through the router from the ISP because it's also the DSL modem 02:25 < QuinnStorm> think about it like this...if you are a host out there kn the same wap/segment, how do you know which arp replies are for you? (l2vpn) or at leadt which ip bcast messages to ignore (dhcp, other l3) 02:25 < QuinnStorm> avahi could be storming even 02:25 < QuinnStorm> who knows (someone more experienced than I) 02:25 < Henry151> this is hard for me to grasp but i can start googling these terms to try to understand better what is happening 02:26 < Henry151> also if there are any suggestions for how to diagnose, commands I can run and look at for abnormalities, or anything like that 02:26 < QuinnStorm> sounds like a resource leak, a prptpcol message reflection/amplification bug avalanching and causing a flood 02:26 < QuinnStorm> well lets start with your network mao 02:26 < QuinnStorm> *map 02:28 < Henry151> QuinnStorm: does that mean running the nmap command in some way? or just describing what I have connected to my network in what way and what each device is doing? 02:29 < QuinnStorm> no, other way around 02:29 < Henry151> I'm probably overloading the heck out of the poor router XD 02:29 < QuinnStorm> tell me what hosts you have, how they're plugged and intended to be addressed etc 02:29 < QuinnStorm> yep 02:29 < QuinnStorm> rofl I tldr'd you 02:30 < QuinnStorm> #B sorry 02:30 < QuinnStorm> and while I do mean 2, B%2==2%2==0 so 02:30 < QuinnStorm> oh nevermind 02:31 < QuinnStorm> woe is me who arithmetic do cannot the three avoid from two and two oft receiving sadly 02:32 < QuinnStorm> also cannot type so turned it into awdullf pppoetry 02:33 < Henry151> so I've got three laptops connected to the wifi network with no VPN, one of which is running a bitcoin full node, the other two are each just running one firefox browser with a price chart shown on the screen (so it's getting live updates pushed from the website in some way, because it's ticking new price data every few milliseconds)... then I've got the debian machine with the VPN running and three 02:33 < Henry151> SSH connections open through the VPN, and also a browser with tabs open for Gmail, facebook, etc. ... then I've got an android cell phone connected that's using the network for wifi-calling; and then I'm playing video games on the Xbox that's plugged in to the router with an ethernet cable (see where my priorities are XD) 02:33 < Henry151> oh and on the debian machine through the vpn also Slack is running, and discord 02:34 < Henry151> I think i just solved my own problem by stating it 02:34 < TandyUK> yeah, use some cables :) 02:34 < Henry151> this is just way way way too much stuff for my poor little router 02:34 < TandyUK> the vpn part, quite possibly if it is doing the crypto 02:35 < TandyUK> but with a cable theres little benefit to it from the sound of it 02:35 < TandyUK> i assume youre worried about people spying on your wifi data or dsomething 02:35 < Henry151> so ethernet cables will possibly help alleviate the problem? I was thinking that maybe it was just alltogether too much for my 20Mbps DSL line 02:36 < TandyUK> the wifi (and vpn) is just adding latency to everything though 02:36 < Henry151> TandyUK: no actually, the VPN is primarily for accessing websites that block USA IP addresses 02:36 < QuinnStorm> well dont forget the radios are only fooMbps single-duplex one device per channel....[afaik] 02:36 < Henry151> I'm not worried about anybody trying to snoop on my wifi; i'm in a rural area with nobody nearby, and i think i'm the only person in a 40-mile radius who knows what linux is 02:37 < QuinnStorm> i.e. you're sharing that band no matter what or how many channels you bond, and ALL the hosts hear all the data, it s like an old school hub 02:37 < Henry151> besides which it is WPA2 secured 02:37 < Henry151> QuinnStorm: ok, so if I plug things in through ethernet cable, does that separate them? 02:37 < QuinnStorm> and as the data rate and radio counts go up, so do retransmits 02:38 < QuinnStorm> well it helps. also ethernet phy is wag less cpu intensive even tha mostly-in-firmware wifi boards 02:38 < QuinnStorm> *way 02:39 < QuinnStorm> and...well...bugs exist 02:40 < djph> Henry151: for sone definition of "separate" 02:54 < Henry151> QuinnStorm, djph, thanks for the input, I had a phone call, I'll buy some ethernet cables and plug it all in and see if it resolves the issue, thanks for the advice 04:15 < wsx> So i am trying to download this torrent for 3rd time it's 25GB and i use qbittorrent this time with the option for recheck on finish. 04:15 < wsx> well it has finished around 5-6 times now and it always finds error 04:16 < wsx> so it starts on 99.6--99.9 and goes to 100% 04:16 < wsx> checks....error...again from the beginning 04:16 < wsx> wtf is going on 04:17 < djph> drive errors perhaps 04:19 < rewt> sounds like it could be intentional bad seeding 04:20 < wsx> no i tried it on 2 drives 04:20 < wsx> yeah that is what i am thinking bad seeding 04:20 < wsx> but how do i counter that ? 04:20 < qoxncyha> let's say you have a VPS and it's working great. 04:20 < wsx> what's vps ? 04:20 < rewt> you can't... the source is sending bad data 04:21 < qoxncyha> wsx: don't worry about it 04:21 < wsx> well there are many seeds 04:21 < qoxncyha> all of a sudden your VPS gets hacked, and you scramble to rebuild it. 04:21 < wsx> how do i get from the none bad ones 04:21 < rewt> media companies do this to frustrate people hoping they'll buy instead 04:21 < wsx> well they can keep hoping but what do i do meanwhile 04:22 < qoxncyha> what are some software that can provision a VPS network? 04:22 < qoxncyha> i'm looking for something with complexity between setting it up yourself, and terraform 04:28 <+pppingme> wsx a part it thought it dl'd ok is probably bad, erase the whole thing and start over 04:28 <+pppingme> qoxncyha you know how they got it? 04:29 < qoxncyha> pppingme: it doesn't matter, i just want to autoprovision my services 04:29 < dogbert2> LOLOL - -a-bear-spent-the-day-in-the-backyard-of-a-california-hotel-soaking-in-the-tub-and-drinking-a-margarita 04:40 < spaces> I hate these devs on IRC that ask too much about whatever you want to do if you ask what a function can return in situation X 04:40 < spaces> do these people have some issue with interpretation or something ? 04:40 < djph> yes? 04:40 < spaces> djph I think as well 04:41 < djph> or situation x is undefined? 04:41 < spaces> djph no defined 04:41 < djph> fun times 04:42 < spaces> it's like, should a connected switchport light on on a switch with default settings 04:42 < djph> is the port connected to anything? 04:42 < spaces> then they start asking, did you put the cable in a device ? 04:42 < spaces> djph didn't I say, connected switchport ? 04:42 < djph> I mean "connected to the patchpanel" doesn't neessarily mean "actually connected to something" ... 04:43 < djph> *necessarily 04:43 < spaces> djph where did you read patchpanel ? 04:43 < spaces> djph are you a dev ? 04:44 < djph> spaces: After having been in this channel (among others) where seemingly "obvious" answers like that turned out to be the culprit (or "oh, the cable was broken") .... 04:44 < spaces> djph I know what you mean but the basic question should be asnwered with yes 04:45 < spaces> otherwise you cannot do any fault checks 04:45 < djph> until "okay thanks, bye!" is the response; and then the guy comes back whinging that you lied to him ... 04:46 < spaces> djph not everyone is like that, I see more regulars on IRC whining someone didn't have proper information 04:46 < spaces> *gave 04:46 < spaces> like the regulars know it all 04:46 < spaces> do you get my point ? 04:47 < spaces> they try to act perfect and if they fail, they try to find whatever reason to not be the one that had overlooked something 04:47 < spaces> or try to act "not invited here" when they don't know it 04:48 < spaces> but I need to run :P Like those people also do when they don't know at all :P 04:48 * spaces needs sleep! 04:48 < spaces> later guys 04:50 <+pppingme> qoxncyha it kinda does, if you provision it the same way as before, and that included some vulnerability, its gona happen again 04:51 < qoxncyha> pppingme: we did it differently 05:18 < GlenK> bob dobbs? 05:18 < GlenK> be odd if it's the bob I know from me being glen k 05:19 < GlenK> tacos and all that work stuff 05:20 < GlenK> man, cisco network academy is nonsense. they say they support firefox and chrome. well, chrome only works. 05:21 < GlenK> and then my chap 6 exam needs jnlp files to run or something, but nope. not happening. so now I need to go to the school lab just to take the exam 05:22 < GlenK> I'm very disappointed with guys that are supposed to be networking experts that can't even get websites to work proper 05:23 < GlenK> ah well. so it goes on my end. I'm stubborn and will continue to run linux 05:26 < GlenK> since I'm here. I want to ask. a /30 mask means 4 addresses? is that right or wrong? 3 addresses and 1 broadcast? 05:28 < rewt> /30 has 2 bits for host portion, so yes, 4 total, minus 1 for network and 1 for broadcast, leaving 2 usable 05:28 < GlenK> chap. 7 should enlighten me, and I'm some what enlighted already, but anything other than 8, 16, 24, and 32 for a netmask confuse me still somewhat 05:29 < GlenK> rewt: ah, right. one for the network. gotcha gotcha. thanks 05:29 < scientes> ipv6 has it too, the global addressing is 2000::/3 05:29 < scientes> you just have to understand binary 05:30 < rewt> all of them other than 8, 16, 24, and 32 work exactly the same way as those 4 05:30 < scientes> gnome-calculator has a binary mode you can you understand it 05:30 < rewt> it's just cisco not teaching things properly, still going on about classes 05:30 < rewt> which were deprecated over 25 years ago 05:31 < GlenK> scientes: yeah I get binary and all that. still trying to come to grips with netmasks fully 05:31 < scientes> but yeah when and when not is there a broadcast address? 05:31 < scientes> and why is the router ad 192.168.0.1, not 192.168.0.0? 05:31 < scientes> what is the 0 reserved for? 05:32 < GlenK> I thought I was clever once upon a time when I put my pc at .0. hidden sorta maybe sorta? 05:33 < GlenK> oh, right. let me ask this. I thought I was clever too when I put a hub in between my router and firewall. then put a pc on there and ntop. I could find all the jerks doing bit torrent or whatever 05:33 < GlenK> my teacher said very bad idea. he didn't exactly explain why though. any ideas why that's bad? 05:33 < scientes> cause hubs suck 05:34 < GlenK> well sure, but if you want all the traffic to go to ntop, then a hub seems like a good idea 05:34 < scientes> just use Linux as a router and do it that way 05:35 < ozzhates> wtf 05:35 < scientes> you can connect your modem to the same switch, and turn on PPPoE mode and then use Linux as a router with a SINGLE interfafe 05:35 < GlenK> but so I wanted this thing to be secure, with no ip. pretty hard to jerk me up when my ntop box doesn't even have an ip 05:35 < GlenK> I had no control of the router by the way. that was network dudes 05:36 < scientes> oh i c , this wasn't a home network 05:38 < GlenK> eh, I'll keep studying. maybe I'll understand one of these days. or maybe my teacher is a dummy. either way, nice to be learning networking stuff because I've been lacking for a while 05:49 < zumba_addict> is there an online tool where we can tell where fqdn has already propagated? 05:50 < Peng_> No. 05:51 < linux_probe> https://www.whatsmydns.net/ 05:51 < linux_probe> that's about as close as you'll get and it doesn't mean all the dns caches worldwide will have it up to date 05:52 < Peng_> It's impossible to get a complete picture because you aren't ruler of Earth and nobody's obligated to take part in such things. 05:53 < Peng_> If you know how your DNS servers work just wait however long and it'll mostly be fine 06:03 < drathir> zumba_addict: just lower dns cache time before planned changes... but normally 12-48h propagation time good counting ofc that not rule... 06:06 < drathir> zumba_addict: if You trust cloudflare use their ttl0 instant upgrade style... 06:10 < zumba_addict> just got back 06:10 < zumba_addict> thank you drathir 06:10 < zumba_addict> thanks Peng_ 06:10 < zumba_addict> thank you linux_probe 06:11 < Peng_> drathir: Cloudflare can lag if there's an outage. :P 06:13 < linux_probe> that too Peng_ 06:14 < zumba_addict> i guess it will take more than 24 hours since I just purchase the domain today 06:14 < linux_probe> cloudfail :)) 06:14 < zumba_addict> purchased 06:14 < linux_probe> 24 at minimum and possibly add whatever the TTL ontop of that is 06:14 < Peng_> Depends. Usually new domains don't take long. 06:14 < linux_probe> plus it;s july 4th now in USA 06:14 < zumba_addict> i set 1800 ttl 06:14 < zumba_addict> got it 06:15 < linux_probe> may not get a button pusher to hit the yes/no for a day lol 06:15 < zumba_addict> hahaha 06:15 < linux_probe> actually, wait, it;s likely all outsourced to india or elsewhere 06:16 < zumba_addict> i remember my officemate said(from devops), when he made a change to one of our dns, he said it will only take 5 mins to propagate the entire internet because of the ttl he set. Could he be correct? 06:16 < Peng_> Mostly. 06:16 < zumba_addict> is it different from my situation? 06:16 < drathir> Peng_: not so big fan of cloudflare mitm style, but as interestng one could mention it, also its work only under using 1.1.1.1 as good remeber... 06:16 < linux_probe> there's always still caches that ignore the TTL and set their own minimums 06:16 < Peng_> Some bad resolvers ignore low TTLs. Though I have a feeling it's uncommon nowadays. 06:16 < zumba_addict> k 06:17 < linux_probe> yeah most are set to 0 seconds by defaut now 06:18 < drathir> zumba_addict: not matter if domain activated already... default ttl mostly max 48h... 06:18 < zumba_addict> got it, thanks 06:18 < linux_probe> so if ttl is set to nearly nothing, it will not cache, I go with a minimum of 30 seconds mysel;f 06:18 < linux_probe> but who knows what ancient things you'll run across abroad 06:19 < drathir> zumba_addict: domain name ? could take a look locally ;p 06:19 < Peng_> You'd have to check your TLD, of course, but many of them set the negative TTL to 900 seconds. (And use NSEC3, so aggressive NSEC isn't a factor.) 06:19 < zumba_addict> i did, no good replies from dig 06:20 < Peng_> Give it a few minutes for them to process the change and you can often have a new domain working in 20 minutes. 06:20 < zumba_addict> I bought it like 12 hours ago 06:20 < zumba_addict> i'll check it on thursday 06:20 < drathir> zumba_addict: in theory, but depend too at remote dns servers configs ;p that You get fast upgrades and send to others correct one dont mean remote servers will honour that ;p 06:21 < zumba_addict> even namecheap.com where I bought still doesn't have it, LOL 06:21 < zumba_addict> i used their nameserver 06:21 < zumba_addict> what a cheap company I picked, lol 06:21 < zumba_addict> read so many good reviews about it 06:21 < linux_probe> it could possibly takle 24 hours for them ot even OK the purchase 06:22 < zumba_addict> yup 06:22 < Peng_> Why would it take more than like 2 seconds 06:22 < drathir> zumba_addict: also isnt worth lower too mucch ttl if not needed... 06:22 < zumba_addict> it's 1800 which i think was the default 06:22 < zumba_addict> that's true since I won't be updating it much 09:17 < Guest78594> hi everyone 09:24 < skyroveRR> Hi Guest78594 10:06 < dionysus69> is this secure enough for spiped key ? dd if=/dev/urandom bs=512 count=1 of=/home/user/spiped.key 10:09 < ren0v0_> Hello, if i have a socket proxy setup using SSH to a machine on another network, how can i then use that to SSH into another machine on the same network ? 10:39 < tds> ren0v0_: if you're doing ssh port forwarding, you'd typically just ssh into the port ssh is now listening on on localhost, which will get forwarded through to the remote server 10:39 < tds> on recent versions of ssh ProxyJump or -J is very useful though, on older versions you could achieve the same effect with ProxyCommand 10:40 < amosbird> hello, anyone uses pdnsd ? 10:40 < amosbird> how can I avoid negate cache entries ? 10:46 < TandyUK> dionysus69: use bs=32 and make sure youre doing this on a machine with eg a mouse which you keep randomly moving to generate entropy 10:46 < TandyUK> if you really want a longer key, increase count 10:47 < TandyUK> but imho its unnecesary 10:53 < bezaban> I'd be surprised if a symmetric key uses the full 4096 bits 10:54 < bezaban> 256 should be fine and is a valid aes key size :) 11:11 < dodococo> Hey all, I recently read about subnetting and realized that network id and subnet id could be different, In routing process how is subnet id used? 11:49 < Apachez> any of you with experience from broadcom 3008 and 3108 raid controllers? pros/cons with both? 12:53 < dionysus69> TandyUK: ok sounds good :) but what's the specific reason behind 32? not more not less? 12:57 < skyroveRR> I'm trying to understand how PTR delegation works between APNIC, ISP and the customer. Suppose the customer asks an ISP to assign a PTR record, the ISP is able to assign a PTR record only because that record is known by APNIC? I mean, how does APNIC come into play here? 13:06 < Phil-Work> skyroveRR, isp.com would use APNIC to set the NS record into DNS that says that 3.2.1.in-addr.arpa. points at ns1.isp.com 13:06 < Phil-Work> isp.com then define 4.3.2.1.in-addr.arpa as a PTR record in ns1.isp.com 13:07 < Phil-Work> or indeed sub-delegate with NS records 13:21 < skyroveRR> Phil-Work: thankies. 13:35 < Atro> CRAWLING IN MY SKIN 13:35 < Atro> THESE PACKETS, THEY WILL NOT PROCESS 13:44 < avu> RIP 13:45 < Phil-Work> catphish, hSo are ignoring me :( 13:45 < Phil-Work> clearly not interested in the business 13:45 < Phil-Work> any other recommendations for someone who would use a Virgin last mile? 13:50 <+catphish> Phil-Work: i'm afraid i don't know, apart from them and SSE i don't have any experience of leased lines 13:57 < Capprentice> An L2 Backhaul (Switched) vs L3 Backhaul (Routed) network which is better for ISP segment? 14:03 < Windy> any aruba wlan users here? i'm wondering what the appropriate design is for remote branch offices. we will have controllers and mobility master at HQ, but it seems preferrable to have remote site traffic switched locally rather than tunneled back site-to-site 14:48 < chris_99> Hi, i'm just wondering i'm doing 'up ip -6 addr add $(generate-ipv6-address -r)/128 dev wlan0' in my /etc/network/interfaces file, which seems to work fine if i specific a static ip via 'address' as well but not if i don't, anyone got an idea why? 14:51 < Dagger> /128? not /64? 14:53 < chris_99> that's just what the guide said to use, i'm very new to IPv6. i just found though if give an unspecified address such as 'address ::/128' the script works 14:54 < Dagger> are you doing "iface X inet6 static"? that requires an address. use "iface X inet6 manual" if you want to do it manually 14:54 < Dagger> also what are you trying to do? if you just want a randomized IP, use privacy extensions 14:54 < chris_99> it's for a wireless mesh 14:55 < chris_99> i'll try manual though cheers 14:59 < Dagger> ...right, good luck with that, I get the impression looking from the outside that meshes tend to do things a bit funkily 15:01 < chris_99> heh. i'm trying to use Babel for the routing protocol and ad-hoc wifi, but annoyingly i couldn't get wpa to work atm with the Pis ive got 15:04 <+catphish> chris_99: this seems like a very odd way to configure a network, if you just want interfaces to have a random IP, they already do (link-local) there's no benefit in assigning another one afaik 15:05 <+catphish> chris_99: also, it's not clear what you mean by "works fine", what works, what doesn't? 15:05 < chris_99> im following this - https://github.com/jech/babeld i mean as in it now has an ipv6 generated address when i do 'ip' 15:09 <+catphish> i guess generating random /128 addresses makes sense if you want the nodes to be reachable on a routable address, so this all makes perfect sense 15:10 <+catphish> chris_99: try running it manually, run: ip -6 addr add $(generate-ipv6-address -r)/128 dev wlan0 15:10 <+catphish> and see what happens 15:10 <+catphish> this really should work 15:10 < chris_99> yeah that adds an address too 15:10 < chris_99> i tried that version earlier 15:11 <+catphish> so it only fails when you do it through your init script? 15:11 <+catphish> my guess would be that generate-ipv6-address is not in tha PATH used by the init script 15:11 < chris_99> when i did it through /etc/network/interfaces it failed but that's working now 15:11 <+catphish> try specifying the full path to it 15:11 <+catphish> oh ok 15:11 <+catphish> well then everyone's happy 15:11 <+catphish> and this is a perfectly reasonable way to configure things :) 15:12 <+catphish> i would normally put /128 addresses on the "lo" interface, but this way works fine too 15:33 < hagbard> Anyone here ever use Lucera Connect? 15:50 < asahi> hello, I'm using a raspberry pi running raspbian as a router. It has 2 physical wireless interfaces, wlan0 (for AP), wlan1 as well as a tun0 interface that is connected to openvpn. I want traffic to/from my fire tv stick to go through tun0 and everything else to go through wlan1. Is there a way for me to set up a rule like this? 15:55 < rewt> asahi, look up source policy routing 15:56 < asahi> thanks. I'll look that up 16:21 < shambat> in a linux routing table, what is the difference between a route that just sets a device and a route that also sets a gateway? 16:21 < bezaban> shambat: the route with the gateway will route via the gateway 16:21 < bezaban> otherwise it's expected to be on link 16:21 <+xand> unless the device is ppp 16:22 < bezaban> or tun 16:22 < shambat> bezaban: ok, so on link means directly connected? 16:22 <+xand> same broadcast domain 16:22 < shambat> (I am trying to fix a routing table for a vpn-connected machine) 16:22 < shambat> ok I see 16:22 < bezaban> shambat: yeah, for a small variety of directly connected networks.. 16:23 < shambat> so if the destination needs more routing, I should add a gw? 16:24 < bezaban> that would be a requirement if you want to reach another network via a remote router 16:24 <+xand> if it needs any routing 16:24 < bezaban> but you also need return routes, remote routers need to know your network is on the other end 16:25 < bezaban> or remote devices 16:25 < bezaban> & hosts 16:25 < bezaban> (on a call, not very focused here..) 16:26 < shambat> I had the correct settings, but the connect-script was changed and now some of the routes dont work anymore ... I'm trying to figure them out myself since admin is out of reach right now 16:26 < shambat> route -n 16:26 < shambat> or ip route? 16:26 < shambat> they are the same right? 16:29 < bezaban> the same yeah, ip route replaces route 17:25 < TandyUK> outputs are totally different though, which screws up anything scripted 17:26 < TandyUK> ip a/r needs a 'give me old fashioned output format' flag imho 17:28 <+xand> ifconfig-style? 17:28 <+xand> which is much more legible :P 17:29 < TandyUK> legible or not, its been parsed by scripts for decades 17:33 < mcdnl> TandyUK: if you need old style ouput just use ifconfig 17:34 < mcdnl> but there are some handicaps. before, to assing multiple ips to a single interface, you added the ip to intf:indx 17:55 < im0nde> Hi, I have a server in my lan and want to access it from outside. I thougt about a VPN, is that the best option? If o, what kind of vpn would you recommend on a linux box, there seem to be a few options (openvpn, vpnc...). Some of them seem very complicated to set up 17:58 < lupine> vpn is probably overrated 17:58 < lupine> you might be able to get away with a bit of port forwarding on your router, depending on your specific circumstances 17:59 < UFC> how common is it to create site to site vpn tunnels with mixed gear? And is site to site vpn the only way to connect offices together other than being on a MPLS ? 17:59 < obcecado_> it is common enough 18:00 < obcecado_> keep in mind some ipsec implementations are at least selective regarding functionality 18:00 < UFC> ever heard of cyberoam equipment? 18:01 < obcecado_> nope 18:01 < UFC> I have a fortigate 50e and a cyberoam cr25wing 18:02 < im0nde> lupine: configuring the router is complicated, as its not mine and I have to ask evertime i want to change a port. Also I dont want to expose the services running on it to the internet 18:02 < UFC> https://www.cyberoam.com/downloads/datasheet/CyberoamCR25wiNG.pdf 18:03 < UFC> it looks like it supports vpn tunnells 18:03 < lupine> then perhaps consider a type of vpn, noting that you'll probably need to expose the vpn's port 18:05 < UFC> you talking to me? 18:05 < im0nde> lupine: is there something simpler than openvpn? 18:05 < lupine> dunno, I just use openvpn every time 18:06 < UFC> this cyberoam is worth 1k on ebay still 18:06 < obcecado_> eew 18:06 < obcecado_> that cyberoam has some pretty deprecated encryption algorythms listed 18:06 < obcecado_> not something i'd buy :> 18:08 < UFC> already own it 18:09 < UFC> it supports 3DES and SHA1 18:09 < obcecado_> exactly 18:11 < UFC> its not that bad 18:11 < UFC> and this is a small company also 18:11 < UFC> this will do the trick 18:11 < obcecado_> your job, your decision :-) 18:11 < UFC> well they dont want to buy any new routers or firewalls 18:12 < UFC> so I gotta work with what they have 18:15 < scientes> wireguard 18:15 < scientes> wireguard is the shit 18:41 < jackbrown> Does anyone knows a reliable sourch with and high bandwidth so I can test my internet connection speed downloading a file? 18:43 < drathir> scientes: lol any examples ? 18:44 < drathir> jackbrown: use online/ovh/hetzner torrents.... but best isp test files for internal conn link speed... 19:07 < goldstar> has anyone setup policy based IPsec tunnels on a linux box before ? I am wondering how I can route packets without a vti 19:08 < goldstar> the SAs are established, just stuck on the routing bit 19:15 < detha> goldstar: once the SA's are in place, it should pick up things automagically(tm) 19:16 < ciscam> Hi! DHCP Wikis say, the servers' DHCPOFFER and DHCPACK packets are broadcast, but my wireshark says its target is the newcomer. Which is it? 19:18 < goldstar> detha: im running strongswan on two endpoints and loopback interfaces as the traffic selectors, SAs are up, when I ping a host in the policy, it doesn't reply. 19:19 < scientes> drathir, it can do what most people use openvpn for and ipsec 19:19 < scientes> and its only 4000 lines of code 19:20 < detha> ciscam: both. see rfc2131 paragraph 4.1 19:21 < detha> goldstar: create a route with the other side's loopback address, going anywhere (like your default gw) 19:23 < detha> oh, and 'src " 19:27 < drathir> scientes: advantages are faster crypto and higher speed not nention easier link establishement and les chit-chatty tunnels... 19:34 < goldstar> detha okay let me try that 19:52 < ciscam> detha, thanks that helped me out:) 20:07 < scientes> drathir, not just less chatty, but zero chit-chat 20:07 < scientes> wireguard only sends packets when there is traffic 20:23 < QuinnStorm> Henry1512: just following up, any luck? 20:27 < zenix_2k2> i have a nooby question, so i heard that each wrapped layer of the data's encapsulation contains a header and a body and, the header contains the protocol information needed for that layer and the body = data, so what are those "protocol information" all about and why do i need them ? 20:28 < zenix_2k2> can't the destination host just automatically unwrap it ? 20:34 < koala_man> zenix_2k2: the destination address is a piece of protocol information on the IP packet. a TCP packet can't arrive if it's not in an IP packet with address info 20:34 < varesa> zenix_2k2: as an example an IP header contains the source & destination IP addresses for the packet and it also has a field for the protocol contained in the data (e.g. TCP, UDP, ICMP, etc.) 20:35 < varesa> while the data itself contains the TCP/UDP/ICMP/... frame where the header might contain some protocol information like the TCP source/destination port 20:38 < varesa> look up for example ethernet frame, ipv4 header or UDP packet structure to see what kinds of fields the header contains 20:38 < varesa> and you'll see how they're important for thet packet to get delivered to the right place and interpreted the right way 21:07 < _TheDudester> anyone ever put a new windows machine together with a new motherboard and new samsung 860 and windows will NOT recognize it. 21:09 < _TheDudester> Mobo bios picks it up fine 21:09 < _TheDudester> windoze 10 ... 21:09 < linux_probe> someone needs to add chipset drivers 21:09 < _TheDudester> it game with the disk and we've tried to tell doze to use them but it still doesn't work.. MSI gaming mobo too 21:10 < _TheDudester> I've never heard of a windows installation not picking up an ssd before but picks up HD's fine 21:10 < linux_probe> more specifically, raid/sata drivers or the mode setting in wrong 21:11 < _TheDudester> Yeah he's tried that too 21:11 < _TheDudester> Going to format the drive on another computer to see.. just not finding much info on this online thought I'd ask if anyone saw it before 21:12 < jackbrown> hello 21:13 < jackbrown> maybe I'm forgettin/missing something. How can I check if an UDP port is properly opened ? 21:13 < tds> you can't really 21:14 < tds> you can try sending stuff to that port and see if you get icmp destination port unreachable or whatever back 21:14 < tds> or try sending something specific to that protocol and see if you actually get a proper reply 21:14 < tds> if you have access to the server, you can check easily with netstat/ss/whatever 21:15 < jackbrown> tds: this will works only on TCP ports ? https://portchecker.co/ 21:16 < tds> not a clue, try running it against yourself and doing a packet capture on your router/server to see what it actually tries 21:17 < tds> dns is typically udp on 53 (though sometimes tcp), so I'd sorta expect that to test UDP 21:17 < tds> though I guess a proper dns server should be listening on tcp anyway, so meh 21:21 < zenix_2k2> also guys, i heard that with datagram socket which uses UDP, you can't be sure that the data arrived in the same order as it was sent or not, is that true cause i have built a UDP server in my localhost and test it out but it worked well for me 21:23 < jackbrown> zenix_2k2: tds do you guys suggest me to enable the uPNP port option for on the router ? 21:23 <+pppingme> zenix_2k2 what are you building and why are you wanting to use udp? 21:23 < jackbrown> pppingme: emule 21:23 < UFC> you built a UDP server? 21:24 < UFC> but dont know how UDP works... 21:24 < zenix_2k2> pppingme: well actually i wasn't building it on purpose but i was just testing whether to see if that quote above is right or not 21:24 < UFC> what exactly are you considering a "UDP server" 21:24 < ^7heo> wtf do you call the list of the directives that have already been executed? 21:24 < UFC> UDP is meant for stuff like streaming 21:24 < UFC> where packet loss is ok 21:24 <+pppingme> UFC I'm pretty sure he means a server/daemon that uses udp.. 21:24 < UFC> so when youre streaming a youtube video and it loses quality for a second or glitches out its because it lost packets 21:24 < ^7heo> UDP is where packet loss happens, it is only beaten by UPS. 21:24 < UFC> but continues to receive new ones 21:25 < zenix_2k2> ya, a servers that use datagram sockets... sorry for the terms :P 21:25 <+pppingme> zenix_2k2 its absolutely true, but you're not likely to see the issue testing on a lan 21:25 < zenix_2k2> so when will it happen ? 21:25 < UFC> zenix_2k2 depends on the receievers end 21:25 < jackbrown> anyone can help me please? 21:26 < zenix_2k2> jackbrown: so what is your problem ? 21:26 < ^7heo> hi catphish 21:26 < ^7heo> wtf do you call the list of the directives that have already been executed? 21:26 <+catphish> hi :) 21:26 < UFC> jackbrown go on your firewall and open the port? 21:26 < ^7heo> like, the opposite of a backlog 21:26 < jackbrown> zenix_2k2: can't connect the KAD emule network, and I activated the uPNP on the router and it seems that all the required ports are opened 21:27 <+catphish> i was just pondering whether it's illegal to go into someone else's house without their knowledge or permission, and i don't think it is, isn't that odd 21:27 < zenix_2k2> UFC: the reciever's end ? so in which case that the receiver's end can effect my transmission, only 1 example is ok 21:27 < ^7heo> catphish: it totally is. 21:27 < UFC> trespassing 21:27 < ^7heo> yes. 21:27 <+catphish> trespassing isn't a crime here 21:27 < ^7heo> Here it is. 21:27 < UFC> well dont try that in america 21:27 < ^7heo> also, can someone PLEASE tell me what the fuck you call the list of the directives that have already been executed? 21:27 < UFC> they can shoot and kill you and nothing will happen to them 21:27 < Tegu> illegal here as well 21:27 <+catphish> UFC: that's not really true 21:27 <+pppingme> catphish so I can come sit on your porch or in your living room any time I want, even if you don't want me to? 21:28 <+catphish> UFC: you have to be in danger to legally use that kind of force, but yeah, it happens 21:28 < UFC> if you broke into/walked into someones house uninvited 21:28 < UFC> they can shoot and kill you out of fear 21:28 < ^7heo> okay, fuck you all. 21:28 < ^7heo> laters. 21:28 < UFC> ^7heo fuck you 21:28 < tds> catphish: my understanding is that as long as it's not breaking and entering, it's probably legal? 21:28 <+catphish> UFC: they'd have a legal fight on their hands in most places 21:28 < UFC> dumb question 21:28 < tds> that's more just a vague guess though ;) 21:28 <+catphish> pppingme: yes, technically you can, as long as you don't force your way in 21:29 <+catphish> at least i think you can 21:29 <+catphish> ^7heo: already been executed in what context? 21:30 <+catphish> i may have missed some of your query 21:30 < tds> catphish: iirc I've also heard of people getting injured when doing that and suing the property owner, which seems a little insane 21:31 < ^7heo> catphish: in the context of a delivery company for example 21:31 < ^7heo> catphish: like, there's a backlog, then you execute the order, and then it goes to... ? 21:31 <+catphish> tds: people have difficulty separating the 2 issues in their minds 21:32 <+catphish> like, if i'm watching tv without a licence, and someone drives their car into my house killing me, they can still be sued for negligence, right 21:32 <+catphish> just because one person is comitting a crime, doesn't mean they can't be a victim of negligance at the same time 21:32 < ^7heo> Not if you ask Warner Bros. 21:33 < ^7heo> or the Fox. 21:33 <+catphish> lol 21:34 <+catphish> the same legal principle applies, the breaking and entering, and the neglegent injury are totally separate 21:34 <+catphish> or so is my understanding 21:34 <+catphish> anyway, i was just pondering it, i thought it odd that if someone's house is unlocked, it's perfectly legal to wander in at night and look around 21:35 <+catphish> hence door locks i guess :) 21:35 <+catphish> ^7heo: i don't think i understand the context of your question at all :( 21:36 < ^7heo> nevermind 21:36 < ^7heo> I heard that if you die, nothing matters anymore. 21:36 < ^7heo> And I also heard that eventually everyone dies. 21:36 < ^7heo> So it's just a temporary problem. 21:36 <+catphish> ^7heo: no, things still matter, just not to you :) 21:36 < ^7heo> Is there someone else alive? 21:36 <+catphish> of course, ultimately the universe collapses, and nothing matters 21:36 < ^7heo> Also that. 21:37 < ^7heo> I'm gonna call that a "fucklog" 21:37 < ^7heo> someone will eventually correct it. 21:38 <+catphish> ^7heo: on an unrelated topic, you you happen to have a spare copy of Northgard? 21:38 < ^7heo> Not sure 21:38 < ^7heo> I'd have to check 21:38 < ^7heo> I have a shitload of spare copies of things 21:38 <+catphish> i have no idea why you have so many spare games, but it's cool :) 21:38 < ^7heo> humble bundle mostly 21:38 < ^7heo> that and sales 21:38 < ^7heo> too much cash, not enough time. 21:39 <+catphish> lol 21:39 <+pppingme> _TheDudester you sure the drive isn't bad? 21:40 <+catphish> ^7heo: i have a similar problem, but i mostly stopped, especially the bundles 21:40 < ^7heo> https://en.wikipedia.org/wiki/DARPA_Shredder_Challenge_2011 21:40 < ^7heo> I wonder why they would ask people to devise such methods... 21:40 <+catphish> i think the page says why 21:41 <+catphish> The aim of the challenge was to "assess potential capabilities that could be used by the U.S. warfighters operating in war zones, but might also identify vulnerabilities to sensitive information that is protected by shredding practices throughout the U.S. national security community". 21:56 < user1132> hello 21:58 < user1132> anyone who use a pi-hole? 21:58 < Apachez> nope 21:58 < Apachez> I use the upgrade a-hole 21:59 < motte> i have a thomson tg784 router i'm trying to use as a switch, for some reason i cannot ping any client connected to that router. is this a matter of port forwarding or am i missing something? 21:59 < user1132> i want to add a local dns address on the router (tplink c5400) but i get an error message 21:59 < user1132> dns server ip address and lan ip address cannot be in the same subnet 22:07 < Dagger> motte: if you're using it as a switch then no port forwarding is going to be involved. NAT is an L3 thing, switches are L2 22:13 < motte> Dagger: what should i do then? the router doesnt have "switch mode" 22:14 <+pppingme> motte is everything plugged into a "lan" port, or is something plugged into the "wan/internet" port? 22:16 < motte> pppingme: an ethernet cable is plugged in to the wan port. that ethernet cable goes to the main router, so the "switch" acts as a client of the main router 22:16 <+pppingme> motte thats not how it works.. move everythig to a lan port and it will work like your'e expecting 22:17 < Dagger> (just make sure to disable DHCP and RAs on it) 22:17 <+pppingme> yeah, do that too.. 22:19 < motte> pppingme: yeah i probably should have mentioned that i'd like the "switch" to also work as a wireless ap, this won't be possible this way i guess? 22:19 <+pppingme> motte same hookup, same advise.. 22:19 <+pppingme> plug *everything* into lan ports, ignore wan port 22:19 <+pppingme> disable dhcp 22:20 < motte> pppingme: ok, thanks for your help! i'll do that 22:21 <+pppingme> as for wifi setup, my advise, set the lan IP to something reasonable for your network, ignore any wan settings, set all wifi parameters EXACTLY the same as your other AP's, except for channel, and space your channels out to 1-6-11, don't use same channel 22:21 <+catphish> i just realised it's USA independence day today, enjoy your self-governance :) 22:23 < motte> pppingme: would devices switch aps seamlessly doing that? 22:23 <+pppingme> seamless is a bit of a strong word, but mostly.. 22:24 <+pppingme> you'll probably notice a "glitch" when it does it.. but should mostly work without assitance and mostly not interrupt anything 22:33 < motte> pppingme: i connected everything to lan ports, now i can't connect to the web interface of the "switch" router any more, can't ping it either 22:33 <+pppingme> whats the lan IP set for? 22:34 < motte> for the main router it is 192.168.0.1, for the "switch" it is 192.168.1.1 22:35 <+pppingme> the lan IP on your 2nd device needs to be something reasonable for your lan.. 22:36 <+pppingme> if your lan is doing 192.168.0.x/24, then that second device should have a lan IP of lets say 192.168.0.2/24.. and be sure your dhcp range starts well after that, make sure .2 isn't part of your dhcp range 22:36 < motte> right, that makes sense 22:44 < drathir> pppingme: just ot: wonder if dhcp servers checking arp somehow before assign from pool ip? 22:44 <+pppingme> drathir its not part of the protocol 22:49 < drathir> pppingme: thanks that kinda mean blind standalone counting lease ip mac in internal db than i guess... 22:49 < nostrora> Hi folks! i have a beautiful new opnsense router and starting to configure it. what is a good choice for ip of home router ? 192.168.0.0 or 192.168.1.1 ? 22:50 <+pppingme> nostrora neither 22:50 < drathir> nostrora: depend probably at size of network ^^ 22:50 <+pppingme> too common 22:51 < nostrora> drathir: 50 hosts 22:51 < nostrora> max* 22:52 * linux_probe has been using 192.168.1.x for years and been bashing my head over it for years 22:52 < nostrora> I know private network is 192.168.0.0/16. As my router is my "beginning" of the network. is it logical to give it the ip 192.168.0.0? 22:52 <+pppingme> you probably shouldn't use a /16 for any network without good reason.. 22:53 <+pppingme> its always best to start at a /24.. 22:53 <+pppingme> keeps things simple, but still a decent size network for most situations 22:54 < nostrora> Then it is also 192.168.1.1/24. the beginning is 192.168.1.0 22:58 < nostrora> and do you prefer static, dhcp or static dhcp ? 23:00 <+pppingme> noo such thing as "static dhcp", do you mean dhcp with reservations? 23:00 <+pppingme> dhcp is always best 23:01 < c|oneman> I hate how something as simple as DHCP is confusing to setup 23:01 < Apachez> mostly because those who wrote original code were stoned 23:03 < c|oneman> I like to have a DHCP "range" for automatic assignment, and then a section that is never used automatically but used for only for certain MAC addresses, but this isn't an option in some routers 23:03 < UFC> dhcp is pretty simple 23:03 < turtle> how is it confusing? you just fill in the values 23:03 < turtle> then you turn it on 23:03 < c|oneman> I don't like having to guess if the reservations will be honored or not 23:04 < c|oneman> I like for the reservations to have their own "section" 23:04 < c|oneman> while still being in the same subnet. 23:04 <+pppingme> dhcp is incredibly simple.. if you're having problems with it, I'd challenge that you're missing some basic understandings of IP 23:04 <+pppingme> then you're doing reservations wrong.. 23:04 < c|oneman> I don't use CLI 23:05 <+pppingme> reservations should NOT come out of the scope 23:05 < c|oneman> well, they do on some shitty hardware, I guess. 23:05 < c|oneman> I've seen it before 23:05 <+pppingme> here's a typical setup: dhcp range might be 192.168.1.100 to 192.168.1.254... 23:05 <+pppingme> now any reservations should stdart at .99 and below 23:05 < c|oneman> yeah, that's exactly how I like it. 23:06 < c|oneman> I think many ISP supplied junk routers don't offer that option 23:06 < c|oneman> the reservation is in the scope in their shit 23:06 <+pppingme> there's no guess if a reservation would be honored.. if its not, then you got the HW address wrong 23:07 < c|oneman> it's not a catastrophoe, but I still don't like it 23:08 < c|oneman> for example someone could easily manually set an IP address on their device and most setups won't block that 23:08 < c|oneman> or accidentally connect a rogue DHCP server 23:08 < c|oneman> most networks that I've seen in production don't prevent this 23:08 < Apachez> comare gear blocks that shit 23:08 < Apachez> by default 23:08 < Apachez> but yeah 23:09 < Apachez> its up to you as netadmin to fix that shit 23:09 < Apachez> option82 23:09 < Apachez> dhcprelay 23:09 < Apachez> dhcpsnooping 23:24 < drathir> nostrora: than for easy setup go for /24 You have plenty to chose 192.168.10-254.0/24... free to chose ;p 23:34 < motte> pppingme: https://i.imgur.com/Mi0v1Sx.png in what order should i edit these? 23:38 < motte> pppingme: if i try to edit dhcp settings i get action failed: could not set server. if i try to set the lan ip to 192.168.0.2, the router resets and won't give me an ip 23:40 <+pppingme> motte this is your real main router, or the one you're trying to use as an ap/switch? 23:41 < motte> thats the one im trying to set up as a switch 23:41 <+pppingme> disable dhcp server, and set the IP to something sane for your network 23:43 < motte> yeah i tried that, after setting these i can't access the web interface any more or i cant even ping the switch, depends on which order i do these 23:44 <+pppingme> motte you're probably not setting something sane for your network, like I'm telling you.. 23:44 <+pppingme> stop.. question time.. 23:44 <+pppingme> whats your rreal router's ip? 23:44 < motte> 192.168.0.2 is what im trying to set 23:44 <+pppingme> whats your rreal router's ip? 23:44 < motte> 192.168.0.1 23:44 <+pppingme> whats yourj pc's ip at the moment? 23:45 < motte> 192.168.1.64, just did a factory reset to the switch router 23:45 <+pppingme> stop, no changes.. 23:45 <+pppingme> until I say.. 23:45 <+pppingme> do you have a cable between your main router and this 2nd device? 23:46 < motte> not at the moment, if i connect the cable i cant access the web interface 23:46 <+pppingme> **where** were you connecting the cable to the 2nd device? 23:46 < motte> where you told me, lan ports, NOT the wan port 23:47 <+pppingme> ok, step by step: 23:47 <+pppingme> disable dhcp server 23:47 <+pppingme> change IP to 192.168.0.2/24 23:47 <+pppingme> hook cable up 23:47 <+pppingme> REBOOT PC 23:47 <+pppingme> then try to ping/access 23:47 <+pppingme> if I'm reading that screen right, you have about three ip's set on that device, REMOVE THE EXTRAS.. 23:50 < linux_probe> lol 23:51 < motte> holy crap it worked 23:51 < linux_probe> unsure if troll, drunken/drugged or braindeads 23:51 < motte> braindead 23:51 < linux_probe> lol 23:51 <+pppingme> of course it worked 23:51 <+pppingme> why would there be doubt 23:52 < linux_probe> when in doubt pull out yer hammer and bash one out 23:52 < motte> not *that* braindead 23:52 < motte> im just new at this 23:52 < Johnjay> linux_probe: i was tempted to do that yesterday. i installed a usb/pro duo/sd card reader in my pc 23:53 < Johnjay> of the 8 screw holes only *two* would take a screw 23:53 < linux_probe> "installed" there's your problem 23:53 < Johnjay> I didn't think it was possible for screws to be badly designed 23:53 < linux_probe> i've unhooked and thrown awaymore internal readers than known to man kind =p 23:53 < Johnjay> but i learned the same day that iphones are actually deliberately designed to have screws go to specific holes 23:54 < Johnjay> and if you do the wrong one it "self-destructs" 23:54 < linux_probe> and most of them were infact supplied in OEM machines, HP, compaq, dell, etc. 23:54 < Johnjay> i.e. it punctures a small hole in the mainboard that makes the iphone not boot 23:54 < Johnjay> well the one i ordered from amazon wasn't terrible in terms of reviews. but yes most of them had bad reviews 23:54 * Johnjay isn't sure why reading sd cards is a big deal in 2018 23:55 < linux_probe> most of them had funky firmware that didn;t work with newer OS/upgrades and cause all sorts of issues 23:56 < Johnjay> actually that reminds me, i have to go leave a bad review for that reader 23:58 < linux_probe> unfortunately, the best ways is using "x" devices usb port plugged to the computer and using their internal card communication device :) --- Log closed Thu Jul 05 00:00:26 2018