--- Log opened Fri Jul 06 00:00:27 2018 00:10 < Apachez> well there ya go 00:16 < Some_Person> I was wondering... how hard would it be to wire a house for ethernet? 00:18 < Apachez> not at all 00:18 < Apachez> you hire some competent dude/dudette to do that for you, throw some money at it and hey presto! 00:19 < lordvadr> Some_Person: That varies wildly depending on the house. If there's an unfinished basement or it's new construction, not hard at all. If it's an old house with plaster walls, slab foundation, it can be a lot of work. 00:19 < Some_Person> Talking about 1930s construction here 00:20 < Some_Person> 2 stories, no basement. 00:21 < lordvadr> You are in for a treat. 00:21 < lordvadr> Does it have a crawl space? 00:21 < Some_Person> Don't know yet 00:21 < lordvadr> How do you not know? 00:21 < Some_Person> Because we get the keys on the 15th 00:21 < lordvadr> You didn't look at the house before you bought it? 00:22 < Some_Person> It's rented 00:22 < lordvadr> You mean you rented it? 00:22 < Some_Person> Right 00:22 < lordvadr> You didn't look at it before you rented it? 00:22 < Some_Person> Of course we did, but I wasn't really thinking about wiring 00:22 < Apachez> since you dont own it you should speak to the one renting it to yolu first 00:23 < Some_Person> Apachez: Of course. I wouldn't do anything without their permission or anything 00:23 < Apachez> its shitty if you put up $1000 to install a fixed network and then 1 year later you must trash it when you leave 00:23 < lordvadr> Yeah, you'll be sinking a lot of time and money into a project that really ony benefits the landlord all that well. 00:23 < Some_Person> lordvadr: What's the alternative? MoCA? HPNA? Powerline? 00:24 < lordvadr> What are you trying to accomplish? 00:24 < Apachez> wifi? 00:24 < Apachez> fiber? 00:24 < Apachez> gammarays? 00:24 < Apachez> xray? 00:24 * lordvadr has a fddi ring in his basement 00:24 < Apachez> gayporn? 00:24 < Some_Person> I've always had bad experience with Wi-Fi 00:24 < lordvadr> You've always bought cheap crap then. 00:24 < Some_Person> although admittedly we currently live in an apartment complex where the airwaves are way, way oversaturated 00:25 < Some_Person> lordvadr: You could buy the most expensive 802.11ac gear there is and I bet it would still be shit in our current apartment 00:25 < lordvadr> Yet somehow, corporations, campuses, governments seem to be able to pull that off. I wonder how that works? 00:26 < Some_Person> lordvadr: lol... the Wi-Fi at my college was beyond horrid 00:26 < Peng_> Just get a paint-melting fire control radar array from an old guided missile cruiser 00:26 < Apachez> its a bout tx power :) 00:26 < lordvadr> Some_Person: I didn't say they *all* did it well. 00:26 < Peng_> lordvadr: Because they have one system managed by professionals? 00:26 < Some_Person> lordvadr: And as I said, oversaturation. What can you do when there are >50 SSIDs detectable? 00:27 < Some_Person> okay, 50 might be a stretch, but I have actually counted over 30 00:27 < Peng_> And you haven't even counted the cracked microwaves or 1990s cordless phones 00:28 < Some_Person> It might not be that bad in the new place, but still... I kind of have a distrust of Wi-Fi 00:28 < lordvadr> Some_Person: Yeah, it's a tricky problem. In those scenarios, you have to get field strength near your users...which means running some ethernet anyway. 00:29 < Some_Person> It's fine if you don't care about what speed you get, but I feel like wired is a better solution all around 00:29 < Apachez> go for fiber while you are at it :) 00:30 < Some_Person> I wired up our current apartment by running cables under the >22 year old poor condition carpet 00:30 < Some_Person> Will rip it up when we leave and they won't know the difference 00:31 < lordvadr> Wired is certainly superior for everything usable for wired. But a good AP 10 feet from you will have an big advantage over 50 AP's 100 feet from you. 00:31 < S_SubZero> 5ghz can handle a lot of SSIDs. 00:32 < Some_Person> lordvadr: Range of APs also concerns me. Can a single AP cover a two story house reasonably? 00:33 < Some_Person> I've been wondering if we would want to get a second, in order to make sure things like phones and tablets work everywhere 00:33 < lordvadr> Some_Person: All AP's are not created equally. 00:33 < Some_Person> lordvadr: True, I am aware 00:34 < Some_Person> What we have right now is an ASUS RT-AC68U running everything 00:34 < lordvadr> I haven't upgraded to .ac yet, but I cover a 2000 sqf home with a 2000 sqf basement with a single AIR-AP1142N-A-K9. It's old by every standard these days, but it worked great when it was new, and it works incredibly well now. 00:35 < Some_Person> Looks like enterprise gear 00:35 < lordvadr> When it was new, it was a $2,000 AP. 00:35 < lordvadr> It is. But they can be had for $25 now. 00:35 < Some_Person> Okay, I'll keep that in mind 00:35 < lordvadr> So, yes you can, but if you buy equipment whose primary engineering goal is minimum cost, you'll have a minimum experience. 00:36 < Some_Person> Understood 00:37 < lordvadr> There's some really good enterprise gear out there that can be had for cheap cheap now because the wifi world just isn't moving that fast. You'll have to learn how to configure one or use the shitty UI. 00:37 < lordvadr> I've also heard very good things about ubiquity's AP's, but the handful of times I've used them I was not as impressed as I was with my Cisco's. 00:38 < Some_Person> Yeah, I considered getting a uniquity router and AP when I was looking into things last time. But ended up with the ASUS because it was a lot cheaper, and I figured with the shitty apartment I'd never end up with Wi-Fi that great anyway 00:38 < Some_Person> this was several years ago 00:39 < Some_Person> The 5 GHz does work fairly well for the most part, although speeds can drop seemingly randomly. The 2.4 GHz is near-useless 00:40 < lordvadr> There's a lot to consider. Metal in the walls, ceilings--think hurricane strapping in Florida--causes a lot of problems with penetration...is one example. 00:40 < lordvadr> I've recommended some of Asus's router+.ac to some friends, seems the loved them, but they're usually in houses. 00:41 < Some_Person> I mean, I'll definitely set up what we have first and see how it goes. Would be nice if we don't have to buy too much equipment 00:42 < lordvadr> Can you configure a cisco AP? 00:44 < Some_Person> I've never done so before, but can't imagine it would be hard to figure out 00:45 < lordvadr> There's some effort/skill/knowledge to getting everything working, for sure. Depends on everything you want to do with it. Hunting down the latest software can be the hardest part. 00:45 < lordvadr> If you don't know what you're doing, finding a friend that'll configure it for you would be very worth your while. 00:49 < Some_Person> lordvadr: I'd rather learn how to do something like that myself. Besides, I'm a rather technical person... can't imagine it would be too hard. 00:50 < Some_Person> lordvadr: Can't be more difficult than getting an L2TP/IPsec VPN server working on a Raspberry Pi, right? 00:52 < Leagueofassasin> Where should i start network and security 00:53 < light> Unplug your computer. 00:53 < light> Then you're safe from most network attacks 00:54 < Leagueofassasin> Hey light are you a security guy 00:54 < light> Yes, I'm very secure 00:54 < Leagueofassasin> Where r you from 00:55 < light> Macondo 00:55 < Leagueofassasin> Oh great 00:55 < Leagueofassasin> Are you studying college 00:55 < Leagueofassasin> Or like in high school 00:56 < Leagueofassasin> Maybe we can do some projects together 00:56 < Leagueofassasin> You can give me some knowledge about network security 01:03 < LambdaComplex> is this a good place to ask about DPDK? 01:06 < spaces> damn I have dreamed as fuck because of these boys in that cave 01:09 <+pppingme> LambdaComplex sure 01:09 < LambdaComplex> sweet 01:10 < LambdaComplex> unfortunately i know so little about it that i can't ask any good questions 01:10 < LambdaComplex> wait, maybe i have one 01:11 < LambdaComplex> if i have a single-board computer with multiple NICs that i'm planning on using as a router, how can i utilize DPDK? 01:11 < LambdaComplex> (can i utilize it at all?) 01:12 < xamithan> Find some software that utilizes it 01:12 < xamithan> Doesn't pfsense use it for ipsec ? 01:14 < Some_Person> Also, this may be renting a place, but it's hopefully going to be a long-term thing. We were in the crappy apartment for 22 years 01:26 < scientes> Is there a reason a gigabit port (on mips rtl8198 https://source.wifihell.com/workdir/RTL8198_Datasheet_Cleaned_0.91.pdf ) would be giving only 50 mbps while i can get 100 mbps (internet speed) over wifi??? 01:32 < S_SubZero> yes 01:33 < scientes> it even says 1000baseT/Full 01:34 < scientes> http://paste.debian.net/1032395/ 01:34 < scientes> i tried reducing the mtu, no luck ---its connected to the internet via moca 01:34 < scientes> but the wifi on the same AP gets 100 mbps 02:06 < brentaarnold> I have a question concerning SFP DAC cables 02:07 < xamithan> So ask it 02:07 < brentaarnold> I have an SRX 320 and an EX 2200 I'd like to connect via an SFP DAC for port conservation purposes 02:07 < brentaarnold> However the EX 2200 doesn't support 10GB SFP 02:07 < brentaarnold> And 10GB SFP is all I can find 02:07 < brentaarnold> (SFP+) 02:08 < brentaarnold> Were GbE SFP DAC cables ever a thing? 02:08 < brentaarnold> I can't find them anywhere. Only optics and SFP+ DAC cables. 02:11 < Fizzik> I'm not expert by any means. Couldn't you just drop the link to 1GB? OR does the sfp not work at all? 02:13 < Kingrat> why not just run fiber sfps and get a patch cable 02:17 < brentaarnold> Kingrat I can do this, and it's probably what I will do. I just wanted it to work via DAC and cut out the transceiver to optics business. 02:18 < Fizzik> 1gb sfp should be pretty cheap 02:18 < brentaarnold> It can't be found anywherrrre. 02:18 < Kingrat> i think he means for fiber, not a DAC 02:18 < brentaarnold> Fizzik the SFP+ cable will not work at all 02:52 < spaces> shall I get my 3rd icecream of the day and the second one in bed ? 02:53 < spaces> it's 3am :P 02:53 < brentaarnold> 'I can hear you getting fatter' - David Spade in Tommy Boy 02:54 < spaces> David is wrpng 02:54 < spaces> wrong 05:02 < BustyLoli-Chan> I have comcast internet... in theory I get 300 Mbps with a 13 Mbps upload... I've often thought about getting DSL, but the best speeds offered in my area are 20Mbps even at the lines most congested hour, would I ever see a benefit from DSL at this speed? 05:03 < light> Benefit of DSL? 05:06 < Kingrat> what could the possible benefit be? the latency is higher, its slower, and its typically less reliable if you are thousands of feet from the dslam in a dense area 05:07 < Kingrat> it can be more reliable if the dslam is basically nextdoor, and they can bond multiple vdsl2 circuits together, typically 2 with the modems ive seen, but the speeds still dont come close 05:08 < Kingrat> now if your cable is oversubscribed and your speeds are crap, thats another story 05:17 < IamKing> BustyLoli-Chan: there is no benefit in going to DSL (unless you have no other broadband option available in your area) 05:17 < BenderRodriguez> why does my cable ISP constantly flood the WAN link with arp requests 05:20 < light> BenderRodriguez: flood? or just IPDT? 05:21 < BenderRodriguez> i don't know what IPDT is 05:21 < BenderRodriguez> what's that? 05:21 < light> using ARP to check if devices are alive 05:23 < BenderRodriguez> light: this is what i see: https://i.imgur.com/iBo9Nvx.png 05:23 < BenderRodriguez> and also, that sounds like a horribly inefficient way of doing a ping 05:23 < BenderRodriguez> the mnac points to a CMTS box 05:24 < BenderRodriguez> so I'm assuming that's what it indeed is 05:24 < BenderRodriguez> i guess pinging the modems for their status? 05:24 < BenderRodriguez> mac* 06:29 < iateadonut> i'm getting faster response times on an ab test from an outside server than i'm getting from the origin server - i explain a little better here: https://stackoverflow.com/questions/51194779/ab-gives-slower-response-times-from-origin-server-than-from-another-server - i'm not sure what could be causing this 07:57 < metaphysician> Hello, I want suggestions for a pure 4G LTE modem only (there should be no Wi-Fi/router component) USB interface with Linux support. Preferably the USB interface should support SMS, USSD, signal strength info functionality of the 4G LTE modem. 08:01 < Apachez> USB? 08:01 < Apachez> I would go for RJ45 08:02 < RJ45> try me, faggot 08:02 < Apachez> :D 08:02 < metaphysician> Apachez: Ok, RJ45 is fine too. Do you know any? 08:03 < Apachez> sure 08:03 < RJ45> right here, nibba 08:04 < Apachez> working on a link 08:05 < Apachez> http://netgear.com/home/products/mobile-broadband/lte-modems/ 08:05 < Apachez> those are great, external signal monitoring (those leds), can attach external antenna (if wanted) and NO WIFI :) 08:05 < Apachez> http://netgear.com/home/products/mobile-broadband/lte-modems/LB1120.aspx#tab-techspecs 08:06 < metaphysician> Apachez: cool, thanks! Will have to check if it supports the LTE bands/frequencies of my country.. 09:51 < Fr0stBit> I got a linux box that listens to the port 80 no one in the external world can connect to it. If i try to connect localy from the same box it connects fine (thus i suppose the listen happens successfully). I contacted my IAAS support but they say they did not find any networking problem 09:51 < Fr0stBit> What can i do? 09:51 < Fr0stBit> Also i got no firewall on, iptables is off and flushed 09:52 < kerframil> perhaps check which address your http daemon is bound to, to begin with 09:52 < trae32566[w]> ^ 09:53 < Fr0stBit> I tried both with an apache and a netcat listening to all interfaces... 09:53 < kerframil> ss -ltn '( sport = :80 )' 09:54 < Fr0stBit> LISTEN 0 1 0.0.0.0:80 0.0.0.0:* 09:54 < trae32566[w]> tcpdump 09:54 < trae32566[w]> tcpdump for port 80 traffic and try to hit it externally 09:57 < MikeSeth> Fr0stBit: did you check your NAT table? 09:58 < MikeSeth> also, are your firewall policies ACCEPT and not DROP? 09:58 < Fr0stBit> trae32566[w]: Ok tcpdump -i eth1 'port 80' on the linux box and hitting it extenally just showed my ip 09:58 < Fr0stBit> MikeSeth: i did iptables -F 09:59 < MikeSeth> Fr0stBit: -F does not reset policies 09:59 < kerframil> that's not necessarily complete. check the output of iptables-save. 10:00 < kerframil> watch out for adverse built-in chain policies as MikeSeth mentions. also, ensure that there are no unwanted rules in tables other than the filter table. iptables always operates on the filter table unless instructed otherwise. 10:00 < kerframil> the point is that iptables-save shows you everything 10:01 < Fr0stBit> First off, i see no iptables process running, is iptables inside the kernel? 10:01 < Fr0stBit> Also how do i see if its on or off 10:02 < MikeSeth> iptables is the UI, the actual firewall is a part of kernel network stack 10:02 < MikeSeth> it isn't either on or off, there are sysctls controlling packet filtering but they are very unlikely to be interesting or relevant 10:03 < kerframil> it's never "off" unless the kernel is built in a module fashion, and none of the modules pertaining to the Netfilter framework are loaded 10:03 < kerframil> modular* 10:03 < kerframil> or if the kernel is built without Netfilter at all, which would be unusual 10:03 < MikeSeth> pastebin your iptables-save output 10:04 < MikeSeth> and if there's nothing in it, the next step would be looking carefull at the IP configuration of your network interfaces, and then upstream 10:04 < Fr0stBit> MikeSeth: Yeah iptables-save shows the fishy stuff: -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 10:04 < MikeSeth> well 10:04 < MikeSeth> that should answer your question 10:04 < Fr0stBit> But iptables -L shows nothing 10:04 < Fr0stBit> Why is that?? 10:04 < MikeSeth> your port 80 is redirected to 8080 10:05 < MikeSeth> I am assuming the box had a proxy on 8080 that isn't running 10:05 < kerframil> because you're looking at iptables -t filter -L 10:05 < MikeSeth> a common (and equal part idiotic) configuration 10:05 < kerframil> compare and contrast to iptables -t nat -L 10:05 < kerframil> also, read the man page (it's good) 10:06 < MikeSeth> Fr0stBit: unless this is your box and you know exactly what youre doing you need to stop and reconsider what youre looking at, because chances are there is something about the setup on this box you dont know 10:06 < MikeSeth> this is very likely to be a dual web server configuration 10:06 < Fr0stBit> MikeSeth: i had a docker instance of something i don't remember running about 2 years ago 10:06 < Fr0stBit> Its my box 10:06 < MikeSeth> Fr0stBit: oh, then just delete the rule 10:07 < Fr0stBit> I should read more about iptables 10:07 < MikeSeth> yes, you should 10:08 < Fr0stBit> MikeSeth: Any good article? 10:08 < kerframil> start with the iptables(8) manpage 10:08 < kerframil> it covers the basis on not so many words 10:08 < kerframil> er, basics 10:09 < MikeSeth> Fr0stBit: the manpages 10:09 < metaphysician> Apachez: It doesn't support the LTE bands I need. Do you have more suggestions? 10:41 < regdude> what do you guys use to test IPTV through PIM and IGMP Snooping? 10:44 < MikeSeth> aw hell naw 11:44 < swiftkey> hi there 11:45 < skyroveRR> Where? 11:50 < swiftkey> I have 2 routers 1 is 192.168.1.1 and the other 1 is 192.168.0.1, router 2( 192.168.1.1) is using the internet of router 2(192.168.0.1)I can ping from router 1 to router 2 but cannot from router 1 to router 2. I want to access my files vice versa. 11:51 < light> wat 11:57 < bhuddah> regdude: vlc, tsreader, wireshark 11:58 < regdude> bhuddah: so you set up a bunch of VLCs that send out random videos to multiple multicast addresses? 11:58 < bhuddah> regdude: i mostly receive stuff. so i usually don't set up senders. 11:59 < regdude> bhuddah: this is how I test the sender part, thought someone have a better option 11:59 < bhuddah> better on what scale? 12:00 < regdude> well I would like to test full 1Gbps with it, so I would require about 100 VLCs running if using 720p or so 12:05 < bhuddah> whyyy? 12:07 < bhuddah> i think you could just send out any data at a higher rate though. you'd be hard pressed if you need real tv data at 1gbps 12:09 < regdude> I could, but things change with multiple streams. A lot more IGMP messages are generated and with IGMP Snooping this can cause very little traffic spikes, which is what Im after for 12:16 < bhuddah> https://wiki.videolan.org/Documentation:Streaming_HowTo/Advanced_streaming_with_samples,_multiple_files_streaming,_using_multicast_in_streaming/#Special_multiple_files_description_configuration_file 12:16 < bhuddah> you mean like this? 12:32 < obcecado_> anyone here uses netdisco? 13:26 < BullHorn> i have a strange situation. i have a modem plugged into my router and usually i dont touch the modem. now i do want to look into its settings, so i plug a laptop into the modem but it doesnt give me a Default Gateway IP 13:26 < BullHorn> and so my IPv4 address remains 169.254.*.* 13:27 < BullHorn> i tried this on 2 different computers and its the same scenario 13:27 < bezaban> some modems need to power cycle when swapping connected devices 13:27 < BullHorn> yeah that was my first step. i restarted the modem twice already 13:29 < BullHorn> i wonder if perhaps i can access the modem through a different IP - considering the modem is pluggede into my router 13:42 < qman__> some modems are available via 192.168.100.1 13:49 < MikeSeth> BullHorn: what kind of modem 13:54 < almostdvs> BullHorn: do you know if the modem was in 'bridged' or 'passthrough' mode? 14:12 < BullHorn> ok solved by resetting the modem to default 14:12 < BullHorn> i googled and found tons of pages asking the same question with not 1 clear answer 14:12 < BullHorn> how can i access my bridged modem via my router? 14:14 < Roq> It depends which router you have, and if it even has a GUI available when it's in bridged mode. 14:15 < BullHorn> thats not what i understood at all 14:16 < Roq> uh sorry, which modem 14:16 < BullHorn> i think thats whats happening: https://i.stack.imgur.com/P260D.png 14:16 < BullHorn> so when i enter the modem's IP, it takes me to the wrong destination 14:17 < BullHorn> it tames me to 192.168.1.0 on the LAN instead of on the other network that leads to the modem 14:17 < BullHorn> takes* 14:17 < djph> what's the modem's IP address? 14:17 < BullHorn> 10.0.0.138 14:17 < BullHorn> my LAN is 192.168.0/24 14:18 < djph> so then go there, after checking your router isn't dropping RFC1918 packets on the outbound. 14:18 < BullHorn> going to 10.0.0.138 leads me nowhere 14:18 < BullHorn> only if i connect to the modem with an ethernet cable directly 14:19 < tds> if you connect directly, are you setting an ip on your device? 14:19 < djph> then your router's quite likely dropping RFC1918 destinations to the WAN (which is typical) 14:19 < tds> you may need to add an extra ip and on-link route on your router on the wan interface, if the modem exposes the web ui directly there 14:19 < BullHorn> no, my device gets the default gateway of 10.0.0.138 automatically 14:26 < Roq> BullHorn: Can't you connect your laptop to your modem now that you know the IP? Configure a static address on your laptop? 14:27 < BullHorn> i can 14:27 < BullHorn> thats not the point 14:27 < Roq> It's not? 14:27 < BullHorn> the point is i want to be able to access the modem's web interface while its only connected to my router, without having to also connect the modem to the same PC 14:29 < dogbert2> that's normally only done during initial setup... 14:29 < djph> so check the router to make sure that it's not dropping RFC1918 destinations out the WAN ... like I said 15 minutes ago 14:30 < amosbird> Hi, why can't I visit github.com in browser while ping github.com works just fine ? 14:31 < djph> ping <> http 14:31 < dogbert2> yeah, that too... 14:31 < wallbroken> hi 14:31 < Roq> BullHorn: Check what djph said about the RFC1918. And you might need to add static routes on your modem / router 14:31 < amosbird> djph: but why 14:31 < dogbert2> hey djph 14:31 < BullHorn> yeah i dont know what that means, my router doesnt have a meny for that 14:31 < wallbroken> do you know how Wake on WLAN work? 14:31 < BullHorn> menu* 14:31 < wallbroken> i need that the router supports that function? 14:32 < djph> amosbird: because HTTP is not ping. Who knows WHY their apache server isn't running right now. Probably MSFT having trouble converting to IIS. 14:32 < djph> Wake on LAN is a "magic packet" sent to the target device. 14:33 < amosbird> hmm, I have this rule in iptables though 14:33 < amosbird> -A PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-ports 10800 14:33 < amosbird> is it compliant to -A POSTROUTING -s 172.24.0.0/16 -j MASQUERADE 14:33 < amosbird> ? 14:34 < djph> that's not a masquerade rule - it's just setting ports based on some match set. 14:34 < MikeSeth> REDIRECT means reflect to the local host 14:34 < MikeSeth> so no 14:34 < amosbird> djph: yeah, I mean I have those two rules 14:34 < amosbird> are they compatible ? 14:34 <+catphish> amosbird: those would be unrelated 14:34 < amosbird> hmm 14:34 <+catphish> compatible, yes, just unrelated 14:34 < amosbird> ok 14:35 < amosbird> well this is the gateway machine though 14:35 < amosbird> it works fine accessing github 14:35 <+catphish> one redirects things into the router itself, the other does NAT on things that actually leave the router 14:35 < dogbert2> consult the user manual also...the private IP address for my modem (Arris SB6183) is 192.168.100.1 (my private network for everything else is 192.168.1.0/24) 14:35 <+catphish> hence they never both apply to the same packet 14:35 < BullHorn> any google search with 'packet loss' leads me to completely irrelevant pages ;/ 14:36 < amosbird> catphish: how does packet find a way back to the source before REDIRECT ? 14:36 < MikeSeth> BullHorn: you need to have a route in your routing table to be able to reach a LAN that is on a different subnet than your interface is 14:37 < MikeSeth> BullHorn: add an IP in 10.x on your interface and add a route saying that subnet is reachable via that interface 14:37 < djph> BullHorn: what router do you have? 14:37 < MikeSeth> at that point you should be able to reach the router, provided it doesnt block access otherwise 14:37 < BullHorn> that makes sense, ill try to figure that out 14:37 < BullHorn> i have a TP-Link WR1043ND 14:38 < djph> ah, a consumer box. $10 says it's dumping RFC1918 destinations as an un-alterable "feature", so that you don't spam your ISP with garbage. 14:38 < MikeSeth> tp-link usually has 192.168 as default IP 14:38 < MikeSeth> also it's garbage 14:38 < MikeSeth> throw it out and put in a mikrotik 14:39 < BullHorn> im very happy with it so far 14:39 < mellotto> hi there. I have been reading about gentoo git hub incident. Is this 100% solved by now? 14:40 < mellotto> I want to give gentoo a try... so I can learn more. 14:41 < djph> o...kay 14:42 < dogbert2> djph...not all consumer routers suck :) 14:43 < BullHorn> the router in my modem sucks, thats why i got the tplink 14:43 < BullHorn> and it solved all my problems 14:43 < regdude> you are going to have a good time learning with Gentoo, especially with all those wiki pages out there 14:43 < MikeSeth> BullHorn: consumer tplinks are garbage. They cant even terminate VPNs. You'd literally be better off by wiping TP-Link software and putting openwrt on it 14:43 < BullHorn> its easiest to say 'it sucks throw it away, it does X to avoid Y' 14:43 < BullHorn> without even explaining how to set it up 14:43 < BullHorn> :thumbsup: great advice 14:44 < MikeSeth> stuff like installing openwrt is quite documented 14:44 < BullHorn> thats not what im talking about 14:45 < BullHorn> i dont want to install openwrt, im happy with the router as-is 14:45 < MikeSeth> except that you've been banging your head for an hour trying to figure out how to reach it right? :D 14:45 < BullHorn> he's assuming the router is dropping RFC1918 destinations as an un-alterable "feature" so that i cant spam my isp with garbage 14:45 < BullHorn> no 14:45 < BullHorn> i can reach it just fine 14:45 < BullHorn> i cant reach the modem thats connected to it 14:46 < MikeSeth> the modem might be in the bridge mode 14:46 < BullHorn> it is 14:47 < djph> dogbert2: lies. 14:47 < BullHorn> i can still access it if i plug an ethernet cable to it directly and go to 10.0.0.138 14:47 < dogbert2> LOLOL 14:47 < BullHorn> but i want to be able to access it from PC <-> router <-> 10.0.0.138 modem 14:47 < MikeSeth> BullHorn: oh. Then you need to configure tplink to route between wan and lan interface. Which you probably cant because tplink is garbage 14:48 < djph> BullHorn: "plugging a PC directly into the ISP Box" removes the TP-Link from the equation, and DOES NOT refute that it's dropping RFC1918 destinations out the WAN port. 14:48 < BullHorn> but your assumption doesnt prove it either 14:49 < MikeSeth> BullHorn: is there an IP on the wan interface of tplink? 14:49 < djph> nearly all consumer routers *do* that, because RFC1918 addresses are not supposed to be sent out to the Internet at large. 14:49 < BullHorn> the IP address on the wan interface on the TPLink is my external IP address 14:50 <+xand> you need to add a second one 14:50 <+xand> within 10.whatever 14:51 <+xand> but it probably doesn't support that. 14:51 < MikeSeth> or plu the whole thing into a cheap switch and be done with it 14:52 < BullHorn> im not sure how to add a second one. i get that IP automatically from the modem upon connecting to the ISP via PPPoE 14:52 < MikeSeth> BullHorn: because that's probably not the right interface 14:52 < BullHorn> unless the 'secondary connection' feature in that WAN menu is for that 14:53 < MikeSeth> look in the routing table 14:53 < MikeSeth> what tplink shows you as "WAN IP" is probably the pppoe interface address, not the ethernet interface facing the modem 14:53 <+xand> BullHorn: you most likely cannot because the software is too limited. 14:53 < MikeSeth> which is again because tplink is garbage 14:53 <+xand> on linux you would run "ip a a 10.0.0.2/24 dev eth0" or similar. 14:54 < drathir> BullHorn: add ad pc to routes 10.0.0.0/24 via router should pass if o fw restrictions... 14:54 < swiftkey> I have 2 routers 1 is 192.168.1.1 and the other 1 is 192.168.0.1, router 2( 192.168.1.1) is using the internet of router 2(192.168.0.1)I can ping from router 1 to router 2 but cannot from router 1 to router 2. I want to access my files to both networks how can i do that? 14:54 < MikeSeth> drathir: wont happen, the 10.x segment is on the other side of the router 14:55 < BullHorn> is this the place to do this https://i.imgur.com/MnhMIHp.png 14:55 < drathir> MikeSeth: in some cases just switch wan to lan for edit purposes... 14:55 < MikeSeth> swiftkey: wrong network setup, you probably have an invalid netmask on router 1, if you had the right one you wont be able to ping from 1 to 2 either 14:55 <+xand> BullHorn: no 14:55 <+xand> I bet you it does not have the option you want 14:56 < MikeSeth> xand: because as I said, tplink is garbage 14:56 <+xand> yes. 14:56 < BullHorn> is there a name for the feature im looking for? something that i can google ._. 14:56 < MikeSeth> BullHorn: try this. plug the modem into one of the LAN ports, and drive a jumper from another LAN port to the WAN port 14:56 < drathir> MikeSeth: best price ratio to hw quality... 14:56 < MikeSeth> drathir: mikrotik 14:56 < swiftkey> MikeSeth: so need to follow same net mask to both router? 14:57 < drathir> MikeSeth: mikrotik soon™ ;p 14:57 <+catphish> amosbird: i don't understand, sorry 14:57 < MikeSeth> swiftkey: that'd be the correct setup in your case, and you'd be facing the same problem as BullHorn if you're talking about cheap consumer "routers" 14:57 < MikeSeth> which are really "routers" in a very very narrow sense 14:58 < swiftkey> yeah it's a tplink and a linksys home router 14:58 < drathir> swiftkey: put both in lan and set correct wan gateways by hand should works... wan connect could natting it... 14:59 < drathir> swiftkey: keep on mind with such config You loose fw caabilities... 14:59 < swiftkey> drathir: I've read static route? I'm not sure how to do it though 14:59 < BullHorn> ok lets move on to the next step 15:00 < BullHorn> i have the following ports forwarded and my OS firewall completely disabled: https://i.imgur.com/PedoXQ6.png 15:00 < BullHorn> when i check from outside, it only shows the first 2 ports open and the other 2 arent 15:00 < BullHorn> what am i missing :| 15:01 < drathir> swiftkey: "bridge" the both routers together connecting them lan-lan not lan-wan... 15:01 < BullHorn> it says 'connection refused'. if i removed those ports from the forward list, instead it says 'connection timed out' 15:01 < BullHorn> so... there is a difference, something is just not right 15:02 < MikeSeth> BullHorn: there's no such thing as open ports, it's a dumbed down explanation for consumers that makes people confused. If the .100 box doesnt have processes bound to a socket on a specific port then it will not respond to incoming NAT connections and the NAT will therefore not respond to the incoming connections 15:02 < MikeSeth> if it says connection refused it means the .100 box proactively rejects them, as is the case with unfirewalled OS that has no service listening on that port 15:02 < swiftkey> drathir: Thanks, so router 2 must disable dhcp then? 15:02 < drathir> BullHorn: if Your modem not in bridge mode that probably You need put dmz to chosen ip device to made it works... 15:03 < BullHorn> my modem is in bridge mode 15:03 < MikeSeth> drathir: his problem is on the other side of the network 15:04 < drathir> swiftkey: mostly yep if is in the same pool range will colide... 15:04 < swiftkey> Okay, So example if i have 3 separate networks I cannot really connect them using cheap routers ? 15:05 < drathir> BullHorn: than all initial config need to be maded at first router in chain after modem, all port redirections... 15:05 < swiftkey> I got one more which is really separated and has its own internet the 2 routers ang sharing 1 internet via lan to wan and sure thing it is natted 15:05 < MikeSeth> swiftkey: if they are physically distinct and are in different broadcast domains, no, most routers would not actually route between them 15:06 < BullHorn> MikeSeth: i have an OpenVPN server currently running on port 5555 and its forwarded in the router settings but it still shows as closed 15:06 < MikeSeth> consumer CPE "router" is about "routing" NATing your LAN to the internet 15:06 < MikeSeth> BullHorn: openvpn tcp or udp? 15:06 < BullHorn> udp 15:06 < MikeSeth> BullHorn: and you defined that in your router settings? 15:06 < BullHorn> im not using 1194 because i had the same problem before 15:06 <+xand> shows closed where? 15:06 < drathir> swiftkey: You can cheap routers on eth ports act like dumb switches... the problem is You cant assign port to different dhcp server... but static assigment wiill works... 15:06 < BullHorn> it would show 1194 as closed. then i set it to 5555 and forwarded 5555 and it worked 15:06 < BullHorn> and now........ it doesnt :| 15:06 <+xand> you can't just connect to a udp port like a tcp one 15:07 < swiftkey> MikeSeth: Alright, thanks for the help. 15:07 < BullHorn> im using canyouseeme.org to check the ports 15:07 < MikeSeth> BullHorn: and it probably tries the TCP port 15:08 <+xand> doubt it works with udp 15:08 < MikeSeth> which is once again why you should not rely on anything that uses the "open/closed" port terminology 15:08 < BullHorn> hmmm ok weird stuff is going on heh 15:09 < drathir> BullHorn: best just try to setup openvpn p2p connection and take a look on logs... 15:09 < BullHorn> by forwarding 5555 udp im able to connect to the server but no traffic passes through the vpn 15:09 < MikeSeth> BullHorn: that would be a problem with the vpn itself, look in the client logs and make sure it is able to configure the interface correctly 15:09 < MikeSeth> as is often the case with windows, if executed on a non-privileged account it wouldnt be able to 15:10 < drathir> openvpn is nice in errors reporting... it will detect port mismatch in case something natting somewhere... 15:29 < wallbroken> do you know bonjour protocol? 15:31 < drathir> wallbroken: streaming video one... 15:32 < wallbroken> the problemis that in my case, it works as a pain 15:32 < wallbroken> sometimes detects my devices inside the lan 15:32 < wallbroken> sometimes not 15:32 < wallbroken> sometimes looses them 15:32 < wallbroken> some other times is slow in detecting those 15:38 < drathir> wallbroken: thats not surprising ;p all multicast could be hard to cooperate good probably would be use igmp proxy for it just in case... 15:38 < wallbroken> no, that's not an igmp proxy problem 15:38 < wallbroken> i tried it 15:39 < drathir> wallbroken: lets say that way multicast could kill cheaper devices sometimes... 15:41 < drathir> wallbroken: mean not like only that one service not working but whole wifi/lan performance... 15:50 < abdulhakeem> So I think I understand how to set up DDNS so I can access my router remotely, but how do I access other devices on my home network remotely? namely my Ubuntu server? 15:51 <+xand> IPv6 15:52 < compdoc> abdulhakeem, a vpn might be best 15:53 < abdulhakeem> not port forwarding of some kind? 15:54 < UncleDrax> you can, but that's not really the best way to do it. VPN would be more ideal 15:54 < compdoc> depends on how you want to access them 15:56 < abdulhakeem> I'm not sure, a lot of this is unknown unknowns for me lol I'm familiar with Linux but still learning a lot of the networking side of things 15:56 < compdoc> theres lots to learn 15:58 < abdulhakeem> okay easier question. on my LAN, how can I get my server to be known by it's hostname instead of having to type in it's IP address? either in terminal or a browser 15:58 < Aeso> abdulhakeem, you'll have to add an A record to your DNS resolver 15:58 < abdulhakeem> do I need to be running a local DNS server? 15:58 < Aeso> Yep. 15:59 < UncleDrax> alternatively, and requires doing it for every computer you want to do it from, you can put an entry in your Hosts file 15:59 < UncleDrax> location will vary by OS, but google will help you there. 15:59 < drathir> abdulhakeem: most secure setup vpn on router... 15:59 < abdulhakeem> yeah I've done that for my laptop but that felt ineffecient ll 15:59 < UncleDrax> it is 15:59 < abdulhakeem> my router only supports PPTP VPN, but iirc PPTP isn't secure anymore? 16:01 < drathir> abdulhakeem: or just hosts file override kinda faster than dns setup ;p 16:01 < ne2k> abdulhakeem, PPTP has been deprecated for over ten yeras 16:01 < drathir> abdulhakeem: lede 16:01 <+xand> PPTP was never very secure 16:02 <+xand> it never verified the identity of the server 16:02 < drathir> abdulhakeem: and most of routers should support ipsec too... 16:02 < abdulhakeem> Okay so my laptop uses PIA's DNS servers to prevent DNS leaks when connected to PIA VPN. So if I setup a local DNS server, can I still somehow point it to PIA's DNS servers? 16:02 < abdulhakeem> drathir: I have a really basic router lol 16:02 < drathir> but again ipsec is a pain and nightmare to setup ;p 16:03 < abdulhakeem> or basically can I somehow use my local DNS, PIA's DNS, and OpenDNS (content filtering purposes) all at the same time? 16:03 < abdulhakeem> or can I choose only one? 16:04 < drathir> abdulhakeem: in theory yea You can add forwarders... 16:04 < drathir> abdulhakeem: but im aware pia will overrride all outgoin queries... 16:05 < abdulhakeem> is that bad? I just want to prevnet DNS leaks whenever I'm connected to PIA VPN 16:06 < tda> you can set you clients to use your DNS server, and set that server to forward to PIA or Open. you can set both if you want, but that probably wont work the way you want 16:06 < abdulhakeem> I see, that makes sense 16:06 < drathir> im not sure hoever it does that... but if even if You set opendns it could silenty redirect dns queries to own one... local resolve should works just fine.... 16:07 < drathir> abdulhakeem: in short it depends ;p 16:09 < abdulhakeem> lol fair enough 16:11 < Thuryn> man i just about had a heart attack 16:11 < Thuryn> i thought i had deleted this object group on the data center firewall that lets, like, dozens of servers get access to things. 16:12 < Thuryn> turns out i just renamed it O_O *whew!* 16:12 < regdude> read-only friday 16:15 < Thuryn> not a bad idea 16:15 < Thuryn> irony is i was working on getting this new system working so i'm not messing with existing sytsems. 16:15 < Thuryn> but everything goes through the firewall, so... 16:20 < drathir> Thuryn: save fw config before edit could sometimes help too... unles You "right secure way configure" in way even admin cant access ^^ 16:24 < bn_work> hi, for a 3rd-party hosted DNS, is there any reason one *shouldn't* set TTL to fairly low values, ex: 5, 15 mins? the only drawback I can think of is that it will increase internet traffic for everyone/load on DNS servers, are there any other reasons? 16:25 < NeilHanlon> If you're paying for DNS queries (like w/ Route53, etc), then depending on how many lookups you have, a low TTL could cause your bill to spike 16:25 < detha> some places ignore anything less than 1 hour, and change it to their default (often 8 hours), so it can be counter-productive 16:25 < NeilHanlon> afaik, there's no practical/technical reason to have a TTL of any value low or high--just depends on your use case. 16:26 < drathir> detha: thats tricky ^^ 16:26 < Thuryn> drathir, i think this is a box that saves as you make changes automatically. i'm fairly new at adminning this kind of firewall, so I don't know for sure. 16:27 < Thuryn> bn_work, do you expect to make changes to DNS that NEED to be visible quickly? 16:27 <+xand> yes 16:27 <+xand> wrong window 16:27 < Thuryn> lol 16:27 < bn_work> detha: thanks, didn't know that, that sounds deceptive, hope they would at least tell you that that is what they will do. 16:27 < Thuryn> bn_work, who would they tell? 16:27 < bn_work> NeilHanlon: well, having a short value would make it easier for any DNS changes to take place more quickly 16:28 < drathir> Thuryn: but just local cp is nice too just in case remote factory default needed... 16:28 <+xand> if they do that... that's their problem :X 16:28 < drathir> bn_work: You always can get lower just before planned changes... 16:29 < bn_work> Thuryn: at the rate we've been bringing up new boxes, I make DNS changes maybe once a month? although in this case it's a bit different, it's a `TXT` record for letsencrypt certbot's DNS validation, so it's a bit more urgent 16:29 < Thuryn> bn_work, you don't need to worry about TTLs on NEW records. they'll appear instantly. 16:29 < bn_work> Thuryn: the customer? 16:31 <+pppingme> bn_work for "new" stuff I tend to set ttl's low, then once I'm happy everything is stabalized (days to weeks later), I'll bump TTL's. When I anticipate changes (I don't do last minute "fires"), I'll bring TTL's back low before changes are to start (again, days to weeks before), make changes, so they *should* reflect with minimal delay, then once I'm happy, bump ttl's back up 16:31 < Thuryn> bn_work, they're changing *incoming* DNS. not their own customers. 16:31 < Thuryn> which is evil 16:31 < bn_work> Thuryn: define "instantly"? I've been waiting 2.5 hours for this "new" change to propagate now, which is unusual (most other non-TXT changes seem to propagate within 5 mins with this provider) 16:32 < Thuryn> bn_work, if you query 8.8.8.8 for a name that you just created, Google won't have that name in its cache yet 16:32 < Thuryn> so it'll fetch the name from the authoritative name servers right away. 16:32 < Thuryn> HOWEVER... 16:32 <+pppingme> bn_work what was TTL on the record *before* you changed it? 16:32 < Thuryn> if you were trying to hit that name BEFORE it was in your name servers, then Google will have cached the "NXDOMAIN" response, which could be there for a while. 16:32 < bn_work> pppingme: not a bad strategy, do you manage your own DNS servers? or do you use a 3rd-party? if latter, why not just leave them set low? 16:33 < Thuryn> "no such name" is still a response, and that response is cached, based on the values in the SOA record for its parent zone. 16:33 <+pppingme> bn_work its a mix.. I consult, so I'm not working with just one company or small handful of domains 16:34 < Thuryn> pppingme's approach is sound. that's what TTLs were designed for. 16:34 <+pppingme> but overall, I prefer high ttl, better chance of it being cached, and slightly faster response, but thats not acceptable when making changes (which should ALWAYS be planned ahead) 16:35 < Thuryn> the one time i used low TTLs on normal production stuff was with DNS-based load balancers. 16:35 < bn_work> Thuryn: so moral of the story is don't `nslookup` before you add the record? :) 16:35 < Thuryn> don't "nslookup" ever. use "dig." 16:35 < Thuryn> but yes. don't ping it, either. ;) 16:37 <+pppingme> yeah, any kind of "dynamic" changes justifies low ttl as well 16:38 < bn_work> pppingme: agreed, planning ahead is good :) 16:38 < bn_work> unfortunately we don't have much of a process here yet... but then again our server count is still a bit small and we don't have many "prod" stuff... yet :) 16:39 <+pppingme> stability is all about planning.. you can throw all sorts of hardware, software, whatever at a problem, but if you don't plan, its not stable 16:39 < bn_work> Thuryn: `dig` does seem more detailed, what's wrong with `nslookup`? 16:40 < Thuryn> bn_work, nslookup hides a lot of what's going on from you. if you're a DNS admin, the extra detail (and control) provided by dig is invaluable. 16:40 < Thuryn> nslookup is deprecated by ISC, though it's still better than nothing. 16:42 < qman__> Nothing's "wrong" with nslookup, dig is just a better tool 16:43 < Daedbffe> Hi, edge case issue: I have a Dell R640 with the Intel X710 4 x 10G SFP+ NDC, I need to attach it to a legacy 1Gig BASE-T switch and run LACP. I've managed to get the individual links up and working fine with the aid of RJ45 to SFP+ modules from FibreStore, however I cannot get LACP to work at all 16:43 < Daedbffe> Does anyone know if RJ45 to SFP+ devices are passive or if they actually do anything to LACP packets? 16:44 < UncleDrax> they should just pass your traffic. I can't imagine them going out of thier way to be smart enough to worry specifically about LACP control traffic. are both your ends configured correctly? 16:44 < regdude> they have a small microcontroller that translates signals, they don't filter LACPDUs 16:45 < Daedbffe> Hmm 16:45 < Daedbffe> the configuration is identical to a working server that has on board 1GigE RJ45 and the config on that server is identical to this one :/ 16:45 < Daedbffe> Let me grab pastebins anywya 16:45 < Daedbffe> maybe I'm being blind 16:47 < regdude> do note that Intel likes to make vendor locks 16:48 < Daedbffe> https://hastebin.com/ugixezupeg.coffeescript 16:49 < Daedbffe> oh, in host hardware too? :( 16:49 < bn_work> thanks for the tips NeilHanlon, detha , Thuryn , pppingme 16:54 < Daedbffe> Hmm, not seeing LACPDUs being sent when I tcpdump on the member interfaces on the host :/ 16:54 < Daedbffe> I can see them coming in mind 17:01 < cousteau> How do I check if a TLD exists? 17:02 < cousteau> `nslookup com` (or net, org, es, co.uk, tech, and some other weird TLDs I remembered) yields "No answer", whereas `nslookup asdf` says "NXDOMAIN". Does that mean that that TLD is not registered? 17:03 < drathir> cousteau: dig domain. should report SOA 17:06 < cousteau> well, `dig` here returned some unreadable bunch of lines starting with ;; which I'm unable to parse 17:07 < cousteau> what am I looking for exactly? Didn't see anything "SOA" or with S O A as initials 17:07 < cousteau> er sorry, found it :P 17:08 < cousteau> so much text confused me. So I got "a.root-servers.net" for `dig asdf.` whereas I get "a.gtld-servers.net" for `dig com.` 17:10 < Thuryn> cousteau, do this instead: "dig domain. NS" 17:13 < cousteau> I see, thanks! No ";; ANSWER SECTION:" for asdf. 17:13 < cousteau> I guess that means it doesn't exist, right? 17:13 < Thuryn> correct. 17:13 < cousteau> yaaay! 17:14 < cousteau> (was hoping my last name was available as a TLD so that I could register john.doe) 17:15 < Thuryn> you can always get firstname.lastname.name 17:15 < Thuryn> (.name is a TLD) 17:16 <+xand> I have firstname.uk >.> 17:16 < cousteau> well, lastname.net happens to be registered so that I can buy a firstname@lastname.net address for $35/year 17:17 < cousteau> but that site looks shady 17:17 < Thuryn> yeah that sounds creepy. 17:19 < cousteau> there are many people with my last name though, but still, it's weird that going to mylastname.net just to see if it existed so I could register a mail address just happened to show a site for registering mail addresses 17:20 < cousteau> hm, firstname-lastname.net is available for $13/year 17:21 < tda> all the good names are taken. or squated 17:21 < cousteau> firstname-lastname.net isn't half bad though 17:21 < Thuryn> yeah jump on that. $13 is cheap. 17:23 < cousteau> then again, if it's only going to be for a mail address, I'd rather pay $35/year for first@last.net (and have all the mail related stuff managed) than $13/year for mail@first-last.net (and install my own server) 17:24 < tda> if its just email i would rather just pay protonmail 17:25 < cousteau> I'd also need to rent a server, install the mail server (or request it to be installed)... too complicated 17:25 < cousteau> meh, I'll register my full name at gmail and then *consider* the lastname.net thing 17:26 < Thuryn> just because you buy the domain separately doesn't mean you have to host your own mail. 17:26 < Thuryn> you can probably find someone to host mail for a domain you own, 17:27 < tda> nobody uses email anymore anyway. only thing its good for is getting spam and site registrations 17:27 < Thuryn> it's not that difficult to set up on an existing mail server. i'd be highly surprised if that isn't a service someplace. 17:27 < Thuryn> *I* use e-mail. 17:28 < system16> hi. i wanna buy a modem/router combo. my budget is 50 $. (pls NO DLINK) 17:28 < system16> a dsl modem 17:29 < Thuryn> what's wrong with D-Link? 17:29 < system16> i hate them 17:29 < system16> my current modem is a dlink 17:29 < Thuryn> they don't hate you 17:29 < system16> it always hangs.. freezes... overheats 17:30 < system16> i have to restart the damn thing like every hour 17:30 <+xand> I remember buying a dlink dsl modem/router back in like 2005 17:30 <+xand> it was OK... 17:30 < cousteau> Thuryn, well yes, but I'd need to rent a server rental service (or buy?). Maybe I manage to get a page that does all for me (register domain, provide server, install and handle mail server), but well, I guess that's more money. 17:30 < Thuryn> i have a D-Link router that has been pretty good for many years. i just use it as an AP though. 17:30 < system16> yeah in 2005 17:30 <+xand> later I used a dlink dsl modem, that was fine 17:31 < system16> i prefer linksys or netgear or even tp link 17:31 < Thuryn> i'm just thinking that nobody has a perfect record. Netgear, LinkSys, ec. all of them are going to have lemons. 17:31 < halftroll> Ok, is it possible that I put 127.0.0.1 facebook.com www.facebook.com in /etc/hosts and when I enter into facebook using my browser it leads me to the real facebook instead of localhost? 17:31 < Thuryn> that router that I have? It used to have an admin password bug. 17:31 < Thuryn> very annoying. they did finally fix it in a firmware update, though. 17:31 < system16> oh and i must support vdsl and wireless AC 17:31 < Thuryn> halftroll, restart the computer. 17:31 < system16> it* 17:33 < halftroll> Thuryn: can't I just restart the service or similar ? 17:33 < system16> im interested in these modems. are they good ? https://www.netgear.com/home/products/networking/dsl-modems-routers/ 17:33 < Thuryn> halftroll, you have both browser-level and system-level DNS caching. 17:33 <+xand> halftroll: what do you mean "is it possible"? you mean you want that to happen or what? 17:33 < Thuryn> halftroll, far simpler to just restart hte machine. 17:33 < halftroll> xand: I want it not to happen... I want to enter my localhost when i type facebook.com 17:34 < system16> who uses netgear in this chat room ? 17:34 <+xand> try using curl to access that URL and see what happens 17:35 < halftroll> xand: even ping gives me the correct facebook ip isntead of the one assigned by me... I will try to restart the pc :[ 17:35 <+xand> mmmm 17:38 < system16> is this one good ? NETGEAR N750 Dual Band 4 Port Wi-Fi Gigabit Router (WNDR4300) 17:41 < Thuryn> system16, yes, it's decent. 17:41 < Thuryn> has a lot of features that I would probably turn off, but you might find them useful. 17:41 < system16> a vpn is very usefull 17:42 < system16> useful* 17:42 < system16> ok thanks 17:42 <+xand> doesn't have DSL though 17:42 < regdude> strange, usually everyone recommends UBNT or nothing else for consumers 17:42 < Thuryn> true. it's just a router. 17:43 < system16> xand i found a model like that that supports dsl 17:43 <+xand> oh 17:46 < halftroll> Thuryn: I reboot 17:46 < halftroll> ./etc/hosts is not working :s 17:46 < halftroll> I mean, it doesn't work like I believed 17:46 < Thuryn> put an extra leading / to use /etc/hosts in IRC 17:46 < Thuryn> /etc/hosts <-- like that 17:47 < Thuryn> halftroll, what does "ping" do? 17:47 < halftroll> if facebook.com exists globally as a domain and I change it, I want facebook.com to lead to my localhost... 17:48 < halftroll> ping points to the real facebook website 17:48 < regdude> there might be a syntax error in hosts file that prevents it from working. Do other entries work? 17:48 < Thuryn> if ping doesn't work, then it means /etc/hosts is either being ignored or you don't have the syntax correct. 17:49 < halftroll> it's being ignored... 17:51 <+xand> check /etc/nsswitch.conf 17:52 <+xand> that tells the resolver how to look things up. 17:52 <+xand> the "hosts:" line 17:52 <+xand> it should have "files" before "dns" 17:57 < wallbroken> somebody knows how bonjour discovery works? 17:58 < regdude> check for loops, that could cause bonjour to fail 17:59 < wallbroken> regdude, what? 18:01 < regdude> well you complained about it before that it fails sometimes. Since it depends on multicast, then in a loop that can cause such side effects (not only that) 18:02 < wallbroken> regdude, i'd like to know more precisely what happens 18:02 < regdude> if it wasn't working at all, then I would blame a switch not forwarding local multicast addresses 18:03 < regdude> I would check switch/router logs if a loop is not detected. Or at least look for traffic spikes 18:03 < wallbroken> what loop? 18:03 < wallbroken> there is no loop 18:04 < regdude> then look for "224.0.0.251" in packet dumps, that might give a clue what is happening to the traffic 18:13 < drathir> storm control triggering ;p 18:14 < drathir> or router goes to picnic mode... ;p 18:14 < drathir> router/switch* 18:47 < maryo> Is there a way to find all allowed ports in my Local Network? 18:47 < ||cw> maryo: "allowed" in what manor? 18:48 < ||cw> by your firewall? read the firewall config. 18:49 < tda> nmap 18:50 < ||cw> nmap only tells you what's listening or actively being blocked 18:51 < maryo> ||cw: yep allowed by my firewall 18:51 < ||cw> them the only way to know for sure is to read the firewall config. 18:52 < maryo> ||cw: how about using wireshark and scanning the ranges? Will it help? 18:53 < ||cw> wireshark only listens. 18:54 < ||cw> I'm not sure what you're looking for though 18:54 < ||cw> on the LAN, your local PC firewall is all the matters. 18:55 < ||cw> on the WAN side, your router firewall and its forwarding/routing rules is what matters. 18:55 < tda> linux? 18:55 < maryo> ||cw: sorry I wanted to find out the allowed ports in my WAN 18:56 < ||cw> then audit your router config. you can't scan for this, that's the whole point of a firewall. you can only scan for what's actually in use. 18:57 < ||cw> also, this sounds a lot like an XY problem. just say what you're actually having an issue with 18:57 < system16> so i wanna buy my modem from canada. (im gonna visit there in a few months) 18:57 < system16> what things should i look out for ? 18:57 < system16> modems are not regionally locked right ? 18:58 < tda> no. as long as the isp supports it or it at least meets their requirements it should be find 18:58 < tda> fine 18:59 < system16> i know that i should buy a modem that supports ADSL 18:59 < maryo> ||cw: Actually, I have certain services running on port 8085 in one of our server which is accessible in public network. But this service is not accessible in certain public networks. When checked I got to know the port is "8085" blocked.. So I am trying to figure out the opened port in the network so that I can tweak the service port or configure reverse proxy on the allowed ports. 18:59 < detha> what things should i look out for ? - customs 19:00 < system16> detha, ?? 19:00 < system16> for a 50 $ thing ? 19:00 < detha> import duty is import duty 19:00 < tda> so look at your firewall nat/port forwarding 19:00 < ||cw> maryo: the only way you can "scan" that is trial and error. make a server listen, try to connect. repeat. 19:01 < system16> detha, my country wont charge for a modem 19:01 < tda> you need to check with customs in YOUR country 19:01 < system16> unless i buy a 1000 of them 19:01 < ||cw> public networks often block most ports. 80 and 8080 should be allowed, maybe common VPN ports, ssh, ftp, common things like that 19:01 < tda> i doubt canada cares about a $50 thing they probably didn't even make 19:02 < system16> i bought a ip camera from malaysia and no one said a thing 19:03 < system16> im interested in these modems : https://www.netgear.com/home/products/networking/dsl-modems-routers/dgnd3700.aspx 19:03 < system16> and https://www.netgear.com/home/products/networking/dsl-modems-routers/dgnd4000.aspx 19:04 < system16> they look promising 19:04 < ||cw> do adsl modems have encryption? that's about the only thing canada would care about when taking it out of the country, and only if you're taking it to an export restricted place 19:05 < system16> like ? 19:05 < system16> yes 19:05 < system16> wpa 19:05 < system16> (WPA/WPA2—PSK) 19:06 < ||cw> like, vpn? idk, encryption laws are kinda dumb. 19:07 < system16> ||cw im pretty sure i can buy a modem from canada. after all im not gonna buy 100s of them 19:07 < ||cw> I'm just theorizing on why canada might care 19:08 < system16> oh 19:08 < spaces> meh these instagram wannabe famous artists/models today acting like they are not lonely... 19:17 < wallbroken> anybody know how sleep proxy server of Bonjour works? 20:24 < Donjuanal> anyone here got some time to help me with a problem with vrf rt import and export not working? 21:03 <+catphish> i can't believe you can still buy a black and white only broadcast licence 21:03 <+catphish> who owns a black and white monitor :| 21:04 < ||cw> well, everyone's monitor can display black and white.... 21:06 < ||cw> wait, you're talking about BBC receiving licenses? TIL 21:06 < ||cw> https://www.theguardian.com/media/2013/jan/10/black-and-white-tv-13000-homes 21:06 < ||cw> I do wonder what that number is 5 years later 21:06 < PlopCapt> Hi guys, i got a little trouble understanding DMZ, i made a scheme of what i want to do, can anyone tell me if it's ok ? 21:07 < tds> tv licensing site says 8242 as of 31st march 2017 21:07 <+catphish> ||cw: they claim it's not legal to use a device capable of displaying colour 21:07 < ||cw> yeah, seems if you own any color device, you have to get the color license 21:08 < tds> the whole situation seems a little insane with iplayer 21:08 < ||cw> so the Q really is: who still owns ONLY a B&W set, and it seems about 8,000 people 21:08 <+catphish> tds: they literally say you can watch iplayer on a b&w monitor with w b&w licence :) 21:08 <+catphish> and yeah, only 8,000 left 21:08 < tds> oh, I just meant tv licensing in general with the iplayer mess ;) 21:09 <+catphish> tds: it's not too complicated, you need a licence for broadcats, or for streaming from the bbc 21:09 <+catphish> (broadcasts from anywhere) 21:10 < tds> yes, it's the difference between streaming from the bbc and other providers that seems odd to me (but it being applied to everyone for broadcasts) 21:10 <+catphish> tds: i guess that's the best they could get into law 21:10 <+catphish> would've been too unpopuar to try to require a licence for youtube 21:10 < tds> yeah, and I think lots of people were slightly abusing it by only using iplayer previously 21:11 < tda> so much money and time wasted making and enforcing that law. sad. 21:11 <+catphish> the stupid irony is that it's a crime to watch a tv program from iplayer, but not to torrent it 21:11 <+catphish> i wish they'd just pay for the bbc with tax money 21:12 <+catphish> and do away with the stupid thing 21:12 <+catphish> for the first time in many many years i actually want to watch a couple of things that would require such a licence, but i'm too stubborn to buy one 21:12 < ||cw> is that an annual license? 21:13 < tds> I've also got no idea how they really intend to enforce the regulations with iplayer 21:13 <+catphish> ||cw: yes, though you can apply for a refund if you no longer need it 21:13 < tds> iirc at one point someone claimed they had a magic tv licensing van that could detect it based off wifi ;P 21:14 < tds> ah yeah https://www.theregister.co.uk/2016/08/06/bbc_detector_van_wi_fi_iplayer/ 21:14 < ||cw> that's feasible 21:14 <+catphish> tds: the only way they've ever enforced them is 1) to send intimidating letters if you don't pay and 2) send people door to door to question you and look through your windows 21:15 <+catphish> the detector van thing is a cool myth, but only a way to scare people, no truth in it 21:15 < tds> I'm sure people would prefer a detector van to people looking for tvs though :) 21:15 <+catphish> tds: the original claim was they could detect the signals given off by running TV tuners, while technically feasable, they've never actually employed it 21:15 < ||cw> I bet that technique for snooping LTE would work on wifi too 21:16 <+catphish> you could snoop packet sizes, or detect the colour patterns coming through people's curtains 21:16 <+catphish> but they don't, it's all FUD 21:17 < tds> actually, I wonder if anyone's been prosecuted for the new iplayer laws yet 21:19 < Mad7Scientist> 95% of the people on the Internet in the US are now clueless shortsighted idiots I think 21:19 < Mad7Scientist> I wonder if they will ruin it for the few remaining percent 21:20 < Aeso> nice bait 21:20 < tda> plenty of people around the world helping that. 21:20 < Aeso> prove you're human in the next 10s or get kicked :) 21:20 < tda> do you think the next billion will make things better or worse? lol 21:20 < Mad7Scientist> Would you like to have free Internet access for 3 years, and then double the cost of access after that with massive censorship? YES! 21:21 < Mad7Scientist> Aeso, prove you're not the 95% 21:21 < Aeso> Oh wait, I don't have ops here. Boy, that's embarrassing. 21:22 < tda> i probably wont be alive then. your problem lol good luck 21:22 < Mad7Scientist> Have you seen how people take care of, or don't take care of, their cars? 21:22 < Aeso> cc catphish pppingme 21:22 < Mad7Scientist> pppingme is very reasonable 21:23 < Mad7Scientist> Anyway, I need to generate a list of all Comcast IP ranges 21:23 <+catphish> Mad7Scientist: that's not too hard, look up their AS then find their announcements 21:24 < E1ephant> weeeeeee 21:24 * catphish eats Aeso with a soup spoon 21:24 < tds> bgpq3 may be handy :) 21:24 < E1ephant> Aeso is the IRC police 21:24 < E1ephant> lookout 21:25 <+catphish> nee nor 21:26 < Aeso> everybody scatter, it's the internet police! 21:26 < E1ephant> oh noes! 21:26 <+catphish> Mad7Scientist: https://bgp.he.net/AS7922#_prefixes 21:26 <+catphish> there ya go 21:26 < Mad7Scientist> will check it out thanks 21:27 < E1ephant> rekt son 21:27 < Mad7Scientist> Then to convince the Gnutella people to add all those as hostile nodes 21:29 <+catphish> yeah you can't 21:29 <+catphish> those are a huge number of north american home users 21:29 < Mad7Scientist> huh? The hostile node list can store many ranges 21:30 < E1ephant> right, just not ranges that make no sense to include 21:30 < Mad7Scientist> All Comcast residential addresses should be blocked 21:31 < tda> because they all chose to use comcast? 21:31 < E1ephant> Mad7Scientist: can you make sense? 21:31 < Mad7Scientist> Because they are hostile nodes as Comcast DPI mangles the Gnutella traffic? 21:32 < Aeso> 'chose', what I would give to live in a world where I could choose my residential ISP lol 21:32 < E1ephant> Aeso: so move? 21:32 < tda> gnutella still has traffic? 21:32 <+catphish> Mad7Scientist: also, people still use gnutella? 21:32 < E1ephant> also, is napster still usable? 21:32 <+catphish> as in original napster? 21:32 < Aeso> E1ephant, not really a practical choice for most people. 21:32 <+catphish> if no, no pretty sure that was centralized 21:33 < E1ephant> Aeso: so you wouldn't give much? 21:33 < E1ephant> don't be so dishonest 21:33 < E1ephant> then 21:33 < Mad7Scientist> Much less with Limewire activating a remote kill switch, frostwire discontuning Gnutella, and Comcast blocking upload related activities with packet mangling 21:33 <+catphish> Aeso: you mean country :) 21:33 <+catphish> Aeso: there are plenty of places in the world you can choose an ISP 21:33 < Aeso> catphish, that's fair. :) 21:33 < E1ephant> yeah obviously you don't care too much 21:33 < tda> i think most serious file sharers have gotten vpns or seedboxes 21:34 < tds> there's at least a vaguely decent attempt at that here 21:34 <+catphish> if my isp were mangling my packets i'd have a permanent support ticket open :) 21:35 < tda> that wont do anything. get a business line if that really bothers you. 21:35 < tda> vpn is cheaper and better now anyway 21:37 <+catphish> tda: you can't really know what nagging might or might not achieve :) 21:38 <+catphish> wow comcast have a lot of prefixes 21:38 < E1ephant> they split each region into it's own ASN as well 21:38 < E1ephant> so gotta query those asn too 21:38 <+catphish> i was looking at AS7922 21:38 <+catphish> it was the first one that came up when i looked 21:38 < tds> surprisingly large number of v6 announcements as well 21:39 <+catphish> that's not that surprising is it? i assume they offer it now 21:40 < tds> I was just surprised at the number of small announcements 21:40 < hagbard> Would people here say that optical dual speed 1Gbps/10Gbps SFP+ transceivers are more common than the 10Gbps only or not? 21:40 < tds> iirc bt for example only announce a few very large prefixes 21:42 <+catphish> hagbard: in my experience, you don't have a fiber line without deciding what speed you're going to use at both ends, i didn't even know dual speed SFPs existed 21:42 <+catphish> tds: i think it all depends on your traffic engineering needs 21:43 < tds> yeah, I can imagine it's more of an issue for comcast if they're serving a larger geographical area 21:43 < hagbard> catphish: while I agree and, I, too, prefer to be so deliberate in my planning, unfortunately sometimes we have to deal with people who are less well prepared. 21:43 <+catphish> i just announce my full length prefix everywhere, but i can see why people would want to break it down to manage ingress traffic speed 21:44 <+catphish> hagbard: well i've never seen a dual speed device, or if i have, i didn't realise it was dual speed 21:44 < tds> I sorta wish I could do that, but stuck with a little /48 ;( 21:45 < Mad7Scientist> Is it hard to get a commercial Internet connection where I pay for bandwidth and I can resell it to others? 21:45 < jurislav> anyone knows something about LDAP(S) from Azure AD Domain Services? 21:45 <+catphish> my network is simpler :) https://bgp.he.net/AS60899#_prefixes 21:46 < jurislav> i'd like to use it as a backend for on-prem wifi radius 21:46 < tds> heh, mine breaks that page ;) https://bgp.he.net/AS204345#_prefixes 21:47 <+catphish> tds: what even is that network? ipv6 only? 21:47 < hagbard> catphish: You likely have seen dual speed devices without realizing. You may well be using one right now. :) 21:48 < tds> catphish: yes 21:48 <+catphish> hagbard: right now i'm only using 1G because i'm at home :) 21:48 <+catphish> tds: how do you even have an AS for that network 21:48 < tds> v6 only internally, I have various routers doing nat64 at the edge (on other providers' v4 networks) 21:49 < tds> it's multihomed, so ripe are happy with that at least 21:57 < E1ephant> hagbard: tri-rate copper is fairly common (10/100/1G) 1G/10G optical transcieves are very rare afaaik 21:58 < E1ephant> hagbard: you need a port that supports this as well 21:58 < E1ephant> which is also not always the case 22:01 < cortexman> what might cause your computer to repeatedly forget the wifi password 22:03 < Poster> I would guess a complete lack of detail regarding the system in question 22:04 < cortexman> that doesn't sound like a diagnosis to me 22:05 < cortexman> ..except of depression. go see a doc. 22:06 < Poster> Oh, you're right sorry, there is only one possible OS you could be using with the single wireless card manufacturer with only 1 version of the given driver 22:06 < cortexman> to be fair, you don't know the operating temperature either 22:07 < cortexman> nor the disposition of the operator 22:07 < cortexman> could be anything 22:08 < E1ephant> lets be more vauge 22:08 < E1ephant> it will probably help 22:09 < Poster> ^ 22:09 < cortexman> why isn't my internet working?!#@! 22:09 < cortexman> in any case, the provided info is basically all that's needed 22:10 < E1ephant> cool story 22:11 < cortexman> you know what IRC needs? 22:11 < cortexman> tables, chairs and beers 22:11 < cortexman> at least then when people are jerks in IRC you can beat them up for it 22:12 < cortexman> "that sounds like.... " 22:12 < cortexman> "could possibly narrow it down further if i knew ...." 22:12 < Poster> So I am not sure how it's worked out for you thus far, but insulting those who you seek help from probably isn't going to get the result you want. 22:12 < cortexman> ^ gaslighting 22:13 < Poster> You've had two of us hint at the absence of detail to be able to even begin to help, but yeah at this point you can just enjoy your forgetful wireless settings 22:13 < cortexman> "... that's interesting, not sure i've encountered it before. could be problem XYZ with your router" 22:13 < Poster> if you knew the answer you would not be here 22:13 * Poster wanders off 22:21 < ||cw> cortexman: you want speculation? corruption. someone told it forget, you're being pranked. permissions issues in where ever it stored. 22:21 < ||cw> I'm sure I could imagine some other things, but at least knowing the OS would help 22:22 < ||cw> and whether or not you're using the OS's wifi manger or some dell or lenovo peice of crap software 22:34 < cortexman> ChromeOS 22:34 < cortexman> Chromebook Pixel 22:34 < S_SubZero> is the OS up to date? 22:38 < E1ephant> cortexman: weird... you're still here 22:38 < E1ephant> even though the chairs and beer are over there 22:43 < gale__> hi 22:43 < gale__> how radius works for application auth? 23:53 < scientes> killer deal on moca 2.0 adapter with wifi https://www.ebay.com/itm/Hitron-Network-WiFi-Extender-2x2-MoCA-2-0-Gigabit-Ethernet-Black-HT-EMN2/ 23:53 < scientes> just got one myself 23:53 < E1ephant> wtf 23:53 < E1ephant> 404 23:54 < E1ephant> I need that MoCA! 23:54 < diverdude> hi. i have 2 machines directly connected via cat6 ethernet cable. on one machine i have IP 192.168.51.100 and on other i have 192.168.51.101. On both machines i have subnet 255.255.255.0 but i cannot ping one machine from the other - is what i am doing not correct? 23:54 < scientes> no power adapter, but cheap 23:55 < scientes> you can get 5 power adapters for $10 23:56 < scientes> https://www.amazon.com/DVE-UL-Listed-Switching-Supply-Adapter/dp/B00FEOB4EI --- Log closed Sat Jul 07 00:00:28 2018