--- Log opened Sun Jul 08 00:00:29 2018 03:10 < Whoroo> anyone familiar with the netgear 810s and dc112A? 03:13 < Whoroo> I have a pfsense box behind those (no adsl available here) in double nat, just evaluating if I can (or need to) bridge it 05:22 < abdulhakeem> So I think I generally grasp the concept of DDNS and Port Forwarding to be able to access parts of my network remotely, but how do I access my actual router? just forward a port to my router's internal IP address? 05:22 < abdulhakeem> and would that be port 80 I assume because it's a web interface? 05:22 < abdulhakeem> or 443 idk 05:26 < light> you can configure your router to listen on the WAN IP 05:26 < fryguy> 1. never allow access to that stuff on your router on the public internet. 2. if you want to not listen to us and do number 1 anyway, you don't need to port forward, just ensure that the interface is listening on the wan interface. 3. really really listen to number 1 05:26 < light> but you can also setup a VPN into your LAN 05:28 < abdulhakeem> yeah I guess I can't really think of a situation where i'd need to change router settings remotely 05:29 < abdulhakeem> but I do have a server that I'd like to be able to access remotely 05:29 < abdulhakeem> that's okay right? 05:29 < fryguy> assuming you know what you are doing security wise, wsure 05:29 < light> you have my permission 05:30 < abdulhakeem> thanks dad 05:31 < abdulhakeem> as far as security, aside from router password and server password, what else should I be looking for? 05:31 < fryguy> well router password won't matter for this, as for server password, that depends on what you are exposing 05:32 < abdulhakeem> I have an Ubuntu server that I'm primarily using as a file server, so I'd like to be able to access that remotely if possible. 05:32 < fryguy> access how 05:32 < abdulhakeem> like FTP or something 05:32 < abdulhakeem> access the files remotely if i need to 05:33 < abdulhakeem> also to be able to SSH into it remotely 05:33 < light> use sftp instead of ftp 05:34 < abdulhakeem> yeah 05:40 < abdulhakeem> when setting up port forwarding in an ASUS router, what is the 'Source Target' field? 05:40 < abdulhakeem> if anyone has an ASUS router 05:41 < abdulhakeem> I have Service Name, Source Target, Port Range, Local IP, Local Port, and Protocol. I think I know what all of them are for except for Source Target 05:43 < abdulhakeem> nvm found it 05:43 < abdulhakeem> https://www.snbforums.com/threads/asus-rt-n66u-firmware-version-3-0-0-4-380-7266.37527/ 06:26 < Psyb3rN41> anyone here? 06:28 < chuckx> Lotta idling 06:29 < Psyb3rN4ut> chuckx: you know about systemd routing? 06:30 < chuckx> Not my specialty 06:31 < chuckx> Best just to throw your question out, if someone knows about it they may chime in 06:31 < Psyb3rN4ut> i am switching from openrc to systemd on my LAN routers....and from MikroTik to gentoo linux on gateway WAN router that i built...gateway works fine...but routing within the LANs is givin me some issues 06:50 < mohnish2> Anyone here? 06:50 < skyroveRR> Yes. 06:50 < mohnish2> Oh hello 06:50 < skyroveRR> Kaisa hai? 06:50 < mohnish2> How are you? 06:51 < mohnish2> Acha hu 06:51 < skyroveRR> Abey main terese pucha. 06:51 < mohnish2> Indian ho kya? 06:51 < skyroveRR> Main bhi theek hoon re. 06:51 < skyroveRR> Haan. 06:51 < skyroveRR> Mumbai se kya tu? 06:51 < mohnish2> Acha hu yaar 06:51 < mohnish2> Jodhpur se hu 06:51 < skyroveRR> Accha. 06:52 < mohnish2> Tum Mumbai Se ho? 06:52 < skyroveRR> Haan. 06:52 < mohnish2> Aur, kya chaal raha hain? 06:53 < mohnish2> skyroverRR: Aur, kya chaal raha hain? 06:53 < skyroveRR> Chai, paani, nashta. 06:53 < mohnish2> Oh wah 06:53 < skyroveRR> Tera? 06:53 < mohnish2> Kitne saal ke ho? 06:53 < mohnish2> Bas mast 06:54 < skyroveRR> 20 aur 30 ke beech, tum? 06:54 < mohnish2> Main 15 06:54 < skyroveRR> Acha. 06:54 < skyroveRR> Idhar ##networking mein kaise aana hua? 06:54 < mohnish2> Aise he 06:54 < skyroveRR> Ok :) 06:55 < mohnish2> Maje karne 06:55 < mohnish2> :D 06:55 < skyroveRR> :D 06:55 < skyroveRR> D: 06:55 < mohnish2> XD 07:08 < LissajousPattern> how effective is setting your ttl to 65 in regards to making all traffic to a mobile hotspot look well ...."the same"? 07:09 < LissajousPattern> does it "mask" anything? 07:14 < light> nobody is spying on your ttl 07:15 < LissajousPattern> so its a mute point... 07:15 < LissajousPattern> is there a benefit to setting it to the same as the phones? 07:15 < light> a what point? 07:15 < LissajousPattern> performance wise 07:15 < LissajousPattern> moot 07:15 < LissajousPattern> woot woot 07:17 < scientes> how do i use airodump-ng with wireshark 07:17 < scientes> to capture all traffic 07:17 < scientes> i have network passwords 07:18 < AndrzejL> Hey guys 07:18 < AndrzejL> I know i am probably in a wrong place but I don't even know how to search for it... 07:18 < AndrzejL> So here is my problem - I have nginx running on a server inside my network - you can access it at https://andrzejl.eu:30303 - its accessible to the machines that are outside my network as in not connected to my router but not to the machines that are connected to my router. I changed router recently and I know that the router setting is a culprit but I have no idea how to phrase the question / google it. 07:18 < AndrzejL> If I disconnect from wifi on my phone and use 3G - site works in If I connect to the wifi on the phone - site times out 07:18 < AndrzejL> If I use the proxy like hidester - I can see the website on my PC 07:18 < AndrzejL> If I try to connect without the proxy - site times out 07:18 < AndrzejL> I suspect something relating to routing or some sort of crossscripting protection not working correctly on the router. 07:18 < AndrzejL> Ever heard of a router setting that could cause such behaviour? 07:18 < AndrzejL> Thanks in advance for any help provided. 07:20 < light> AndrzejL: hairpin nat 07:20 < AndrzejL> light: the only settings for nat on this router are NAPT / Full Cone / Disabled... 07:21 < AndrzejL> I tried NAPT and Full Cone - both are not allowing the connection to the site from LAN 07:22 < AndrzejL> I will google hairpin nat see if I missed something - thank you 07:23 < AndrzejL> Light - you are right... https://www.boards.ie/vbulletin/showthread.php?t=2057670180 07:23 < AndrzejL> that's the same router I have and the guy has the same issue 07:23 < light> welcome 07:32 < AndrzejL> light: any idea if there is something I could do from the router's configuration page that would fix this? Dynamic / Static routing rule perhaps? 07:33 < AndrzejL> The ISP does not allow for the ssh access to the router unfortunatelly plus the software is locked tight 08:03 < ThePortWhisperer> whats up 08:04 < system16> . 08:05 < skyroveRR> . 08:38 < Whoroo> netgear 810s aircard > dc112a cradle > pfsense > switch > two machines - currently double nat, works ok with only one machine online at a time, flaky with two, is this due to double dhcp? 08:40 < Whoroo> I will contact my isp and see about bridging, not sure if that's possible atm, just attempting to understand the issues here 10:14 < winsoff> How massive is the performance loss incurred by using a VPN? How much is that performance loss due to the operating system using the same port for everything? 10:14 < winsoff> I assume that has to have some sort of computational toll, right? 10:18 < skyroveRR> The processing power, the bandwidth, the encryption level, the software, the OS..... everything. 10:18 < longxia> but not "the same port" 10:22 < xtrWrithe> winsoff: you should see that the different VPN softwares works differently, so a fast one is wireguard, 10:26 < winsoff> xtrWrithe: Does wireguard not work on a single port? I guess I could read up on it. 10:27 < xtrWrithe> winsoff: didnt read your OP but yes it does 10:29 < winsoff> Could someone write a protocol similar to how wireless phones typically hop around from channel to channel, in which the next port to use is transferred cryptically? Obviously, this only fools some terrible scanners, but it would make following the TCP stream harder, right? 10:29 < winsoff> Maybe it doesn't matter for encryption, though. 10:30 < xtrWrithe> winsoff: give it a try, code some 802.11 rare implementation 10:30 < winsoff> lol 11:13 < FightingFalcon> it appears that all those parameters in sysctl.cof have absolutely zero effect on the system? I load test my system with and without tuning sysctl and all the results are the same 12:15 < Naan> hi is it okay to do this: local_user@local_host$ ssh -N -f -L localhost:8888:localhost:8889 remote_user@remote_host 12:15 < Naan> where the remote machine is my desktop and the local is my laptop 12:16 < Naan> or am I opening up 8889 to the world 12:16 < Naan> I use an rsa key and only allow 1 user and disabled root on the sshd_config 12:17 < Naan> specific user* 12:31 < TandyUK2> localhost says no 12:31 < TandyUK2> if you put in the lan/wan ip of one of those machines rather than localhost, then maybe 12:32 < TandyUK2> but otherwise, nothing outside those 2 machines can use that tunnel 12:32 < TandyUK2> (without other stuff being setup anyway) 12:33 < Naan> thanks Tandy 12:33 < Naan> you're a star 12:33 < Naan> :) 12:34 < spaces> Morning ulgy peepz, hopefully your networks are sexy as what you wished for :) 12:35 < bazook> morning :) 12:35 < spaces> life is hard :P 12:35 * shtrb coffee to bazook 12:35 < spaces> I cannot wakeup @ 8am anymore 12:35 < shtrb> spaces, Is that a bad thing ? 12:36 < ZaliM> hiii.. 12:36 < bazook> guys my first time in channels... 12:36 < spaces> if you are an entrepeneur, yes :P 12:36 < bazook> this is the only channel active so far lol 12:36 < ZaliM> who is expert here in router Firmwares 12:36 < shtrb> spaces, If you are a successful entrepreneur you should know that sleep is overrated 12:37 < spaces> bazook yap and all the fools from #cisco left that channel because we are more crazy :P 12:37 < pclover> define expert? 12:37 < spaces> shtrb I know and I am :) 12:37 < bazook> lol 12:37 < ZaliM> define define? 12:37 < pclover> ZaliM, 12:38 < shtrb> you guys manage to push 52 hours into each day 12:39 < shtrb> I met one recently, he managed to squeze gim before work and swimming after the work day (according to him it is no use to be stuck in traffic during rush hour he would better use it for training ) 12:41 < shtrb> *gym 12:41 < spaces> shtrb then he doesn't care and doesn't push a lot of hours, traffic is there for 3 hours at least twice a day... he should be hbehind his computer 12:41 < spaces> I walk 2 hours a day with my dog total, the rest is behind my PC 12:41 < spaces> dayin day out 12:42 < spaces> okok, now I got so much thing automated as I wanted I have some more social time and as I live into the woods I have much more productive hours then most people 12:43 < XCE> I wish I lived in the woods 12:43 < XCE> property tax probably cheaper 12:43 < shtrb> lol 12:43 < shtrb> they will find you, and they will tax you 12:43 < spaces> nah not really, I have neigbours but I cannot really see them, I love on the property of a Chateau 12:43 < spaces> I have my own property there, so my own forest :D 12:44 < shtrb> I hate when people use ch instead of sh$!@ 12:45 < shtrb> spaces, no roaming rights for the common folks ? 12:45 < shtrb> "Right to roam" or what ever it is called now days 12:46 < XCE> you cant own property man 12:46 * shtrb sends some capitalism to XCE 12:55 < adham> Hello everyone, do anyone know the alternative of "/usr/sbin/ipconfig set tap0 dhcp" in ubuntu 18.04? 12:56 < shtrb> nettools .. 12:56 < adham> nettools? 12:57 < light> systemctl enable dhcpcd@tap0 ? 12:59 < adham> light: "/sbin/ip link set tap0 dhcp" wouldn't work? 12:59 < light> there's more than one way to skin a cat in linux 12:59 < light> e.g. strip /usr/bin/cat 13:00 < adham> light: I tested it out and I got Failed to enable unit: Unit file dhcpcd@tap0.service does not exist 13:04 < TandyUK2> [11:41] shtrb then he doesn't care and doesn't push a lot of hours, traffic is there for 3 hours at least twice a day... << Whats the moron doing not working 2 mnutes away from his bed 13:04 < TandyUK2> Sometimes I have a hard commute to work because my flatmate is coming down the hallway at the same time lol 13:06 < adham> do anyone know the alternative of "/usr/sbin/ipconfig set tap0 dhcp" in ubuntu 18.04? 13:08 < abdulhakeem> I have an Ubuntu Server that I'd essentially like to have NAS functionality. Is it better to use NFS or Samba share? Or is there perhaps a better option than those two? Didn't want to go with FreeNAS because I need the sevrer to do other things too (like CUPS print server for example) 13:09 < abdulhakeem> I have both Linux and Windows machines on my network but Linux is my primary (my laptop is dual boot, wife's laptop is Windows) 13:13 < adham> do anyone know the alternative of "/usr/sbin/ipconfig set tap0 dhcp" in ubuntu 18.04? 13:24 < shtrb> sorry , intellectually chalenged power management feature 13:24 < shtrb> TandyUK2, You guys all work from home ? 13:26 < shtrb> TandyUK2, do even have stable internet connection there ? with the recent news I'm not sure who has worse internet access UK or China 13:27 < adham> do anyone know the alternative of "/usr/sbin/ipconfig set tap0 dhcp" in ubuntu 18.04? 13:28 < shtrb> adham, does ip work for you ? 13:28 < shtrb> and why do you need an alternative ? (did you remember to install nettools ? ) 13:28 < shtrb> net-tools to provide 13:28 < shtrb> feces - that is ifconfig not ipconfig 13:29 < adham> shtrb, I googled around and came up with "/sbin/ip link set tap0 dhcp" but it's not working for me 13:30 < shtrb> can you please express what does it mean "not wokring for me" ? 13:30 < adham> Error: either "dev" is duplicate, or "dhcp" is a garbage. 13:30 < adham> Sun Jul 8 21:30:17 2018 us=842729 WARNING: Failed running command (--up/--down): external program exited with error status: 255 13:30 < adham> Sun Jul 8 21:30:17 2018 us=842774 Exiting due to fatal error 13:30 < adham> this is the error I receive 13:31 < adham> I have an openvpn config file with .sh file that has that command line 13:31 < adham> I can tell that this command line is mainly for older versions of ubuntu, i am trying to update it to 18.04 13:31 < light> your syntax is wrong 13:31 < adham> so I can use it 13:31 < adham> light: what would be the correct syntax? 13:36 < shtrb> adham, ip link set tap0 up; dhclient tap0 could be one option (you can install net-tools to get ifconfig back) 13:36 < Gvigis> I need help 13:36 < light> Dial 911 13:36 < Gvigis> i want to get my router like reverse function 13:37 < Gvigis> Get wireless isgnal in antenna and get internet in wire 13:37 < adham> thanks shtrb, I"m testing now 13:37 < Gvigis> Dont know how to explain 13:38 < Gvigis> i want ot make my wireless router like wireless signal receiver 13:38 < Gvigis> how to do that? 13:38 < Gvigis> any have some solutions? 13:39 < shtrb> Gvigis, set your router as dhcp client , plug the ethernet into your wan and disable all the ISP configuration 13:39 < shtrb> you need to choose if you will run a dhcp server or not on the router level 13:40 < adham> shtrb: would it take too long? 13:45 <+pppingme> Gvigis "wireless signal receiver" ?????????????? 13:45 < Gvigis> jup 13:45 <+pppingme> define that 13:45 < Gvigis> And send that signal in wire to pc 13:46 < shtrb> pppingme, wireless acess point 13:46 < Gvigis> i want to receive wifi signal to my router and send by wire to pc 13:47 < shtrb> Givis , oh you wish for it to act as a wireless client ? 13:47 < shtrb> as it it was a WiFi card ? 13:48 < Gvigis> idk. :D My english is too bad to understand you! :D 13:48 < Gvigis> In my pc i have wifi card, but i have useful router with one antenna, and i want that router like signal receiver 13:48 < shtrb> Gvigis, is your goal to have your WiFi router to recieve an address from someone elses wifi and allow any ethernet client to connect to it ? 13:49 < Gvigis> and then use this router like modem, use network from him 13:49 < Gvigis> idk how to explain 13:49 < Gvigis> im sure yu understand my broken english! :D 13:50 < skyroveRR> He wants to use his friend's wifi... 13:50 < Gvigis> yes 13:50 < shtrb> can you try using ascii art to describe it (over pastebin or something) ? 13:50 < Gvigis> you got me 13:50 <+pppingme> Oh, trying to steal neighbors wifi, I get it.. 13:50 < skyroveRR> Using less-than-legal means. 13:50 < Gvigis> i already use my neighbors wifi. :D 13:50 <+pppingme> yep 13:50 < adham> shtrb: can you please see https://pastebin.com/cW3JbVZh and let me know how to fix it? 13:50 <+pppingme> we can't help you break the law 13:51 < shtrb> adham, that is openvpn config ... 13:51 < shtrb> broken one I must say 13:51 < Gvigis> my neighbor allow to use his wifi, only i have a weak signal in my room, and i want to fix it 13:52 < skyroveRR> Oh 13:52 < skyroveRR> Gvigis: use a wireless repeater than. 13:52 < skyroveRR> * then. 13:52 < Gvigis> i want this router like repeater, only use lan cabel from this router 13:52 < adham> yes 13:52 < shtrb> Gvigis, you can setup your router (if it support it) as a repeater 13:52 < adham> this is the original config 13:52 < Gvigis> and catch signal with antenna 13:53 < adham> at my side, it is now ip link set tap0 up; dhclient tap0 13:53 < skyroveRR> Gvigis: you will need a repeater between his router and yours, how far is his router? 13:53 < Gvigis> Next house 13:54 < Gvigis> Not so far 13:54 < skyroveRR> How far is it in feet/metres? 13:54 < shtrb> Gvigis, next house like 1'km or 25 meters ? 13:54 < Gvigis> I use with my pc wifi card, but signal is weak 13:54 < Gvigis> 20 meters 13:55 < skyroveRR> Gvigis: where's your router placed? And his router? 13:55 < skyroveRR> Inside your house, I know, but where? 13:57 < shtrb> brick wall, concrete, elevator shaft etc 13:58 < shtrb> masonwall .. 13:58 < skyroveRR> I think he's gone to ask his buddy. 13:58 < shtrb> lol 14:00 < adham> shtrb: are you able to help or you don't know? 14:00 < shtrb> why is it bad practice (or not recommended ) to relay on apache authorization/authentication when there is of php (instead of using php framework auth capabilities) ? 14:01 < shtrb> adham, it seems that you didn't finish your config (first time) ? 14:01 < adham> I downloaded this config 14:02 < adham> this config works for android 14:02 < shtrb> it didn't work in the past for you (correct) ? 14:02 < adham> in ubuntu 17.04 14:03 < adham> I had help from someone in this channel before and he helped me to get it to work 14:03 < adham> unfortionately I lost my backup including the os 14:03 < adham> this is a new installation 14:15 < shtrb> adham, you can remove the up script and manually start it (ofc change server/port) 14:16 < adham> i tried 14:16 < adham> this is what I received: https://pastebin.com/MzaEpvQL 14:16 < shtrb> ipconfig should never work under ubuntu (ifconfig would have worked), you can write ifconfig $interfacename up (and get the interface name using openvpn verbs) and then do dhclient $interfacename 14:18 < adham> I understood that, and changing the ipconfig from "ip link set tap0 up; dhclient tap0" to "dhcp-client-request.sh tap0 1500 1592 init" 14:18 < adham> sorry, changing it to the line given above, it hangs on init 14:18 < shtrb> ip link set $dev up; dhclient $dev -r (if passed over up script) 14:19 < adham> you mean change from "ip link set tap0 up; dhclient tap0" to "ip link set $dev up; dhclient $dev -r" 14:19 < shtrb> and instead of the ; replace it with a new line please 14:19 < shtrb> drop the -r I put it by mistake 14:21 < adham> it's hanging on init again 14:21 < shtrb> without the -r ? 14:21 < adham> yes 14:21 < adham> shall I add -r? 14:21 < shtrb> no 14:21 < shtrb> maybe it didn't finish (the dhcp sequence) 14:21 < shtrb> try opening a second terminal and try accessing the network 14:24 < adham> ping is just hanging on PING .... 14:24 < adham> but no sending or receiving 14:25 < shtrb> check your logs , and maybe also ask at #ubuntu 14:25 < Apachez> check shtrb's logs they said, it will be fun they said... 14:26 < adham> trust me, i'm in #ubuntu (who was helping me gave up), #vpn and here 14:26 < adham> #vpn no response 14:26 < adham> you're the last hope :D 14:26 < shtrb> Apachez, ? 14:26 < shtrb> adham, check your logs maybe there is some error spitted there 14:27 < shtrb> adham, I also remember that you need to pass security 2 and some sleep time to allow dhcp to finish it's job 14:30 * Apachez puts on his leia headphones 14:30 < Apachez> adham: so we are your only hope you say? 14:30 < Apachez> adham: Im too lazy to scroll back so what do you need help with? 14:31 < shtrb> setting up openvpn client 14:31 < adham> I am going to send you a log soon 14:31 < Apachez> read the manual? 14:31 < shtrb> yep 14:31 < adham> shtrb: https://pastebin.com/dVerAsdthttps://pastebin.com/dVerAsdt 14:31 < adham> sorry https://pastebin.com/dVerAsdt 14:32 < adham> Apachez, there is a clear documentation about this 14:34 < Whoroo> netgear 810s aircard > dc112a cradle > pfsense > switch > two machines - currently double nat, works ok with only one machine online at a time, flaky with two, is this due to double dhcp? 14:34 < Whoroo> I will contact my isp and see about bridging, not sure if that's possible atm, just attempting to understand the issues here 14:34 < Apachez> then follow the clear documentation then? 14:34 < shtrb> adham, I'm not sure but there is a good chance your client.conf is not related to what ther server is adverstizing ? 14:35 < shtrb> Add a keep alive in your config, and try to access the internal network (over the vpn) 14:36 < shtrb> it says completed but you say there is no traffic 14:36 < adham> shall I add "keepalive 10 60" 14:37 < adham> ? 14:37 < shtrb> example try doing ping to 192.168.1.1 14:38 < adham> that's what I try to ping 14:38 < adham> what I receive is "PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data." and then it hangs 14:38 < adham> lately "440 packets transmitted, 0 received, +75 errors, 100% packet loss, time 449422ms" 14:39 < Whoroo> well you couldn't say you didn't give it a good try :P 14:41 < shtrb> can you verify you are running only one dhcp client and your local lan is not 192.168.1.0/24 ? 14:43 < shtrb> Who manges your server ? 14:44 < adham> good point shtrb 14:44 < adham> 192.168.43.33/24 brd 192.168.43.255 14:45 < adham> and if I'm 192.168.1.x, how can I get through with it? 14:52 < adham> shtrb 14:52 < adham> any ideas? 14:53 < shtrb> adham, to contact the person who set up your server and get the client or reading the manuals 14:54 < shtrb> but 192.168.1.0/24 and 192.168.43.0/24 can coexist (no issue there) 14:54 < shtrb> there might be a routing issue on your side, I think it would be wise to add a route to your vpn server before the openvpn script runs 14:55 < adham> but the windows and andoid/ios works fine 14:55 < adham> only ubuntu 18.04? 14:55 < shtrb> on windows you have setup a valid config file 14:56 < shtrb> they are also different oses and can have different setup , (like how it behaves when it get a route for 0.0.0.0 ) 14:56 < adham> windows, it's almost the same config 14:57 < shtrb> that "almost" could be what make the difference 14:57 < FightingFalcon> Google analytics say that there are currently 100 clients in my website. But netstat -anp says there are 15 connections to port 80. whats up? 14:57 < shtrb> FightingFalcon, proxy ? 14:57 < Apachez> FightingFalcon: define client? 14:57 < Apachez> 1 visit within 1 hour? 14:57 < shtrb> same ip serving different devices ? (smartphone , access point) 14:58 < Apachez> while your http server have default timeout of 120 seconds 14:58 < FightingFalcon> sorry 100 active users 14:59 < Apachez> so you can have like 1 visit /min 14:59 < Apachez> google analyutics will agregate that into "100 active users" 14:59 < Apachez> while your server only shows 2 connections 15:00 < tds> looking through your webserver logs is likely to be more useful for checking stats 15:00 < FightingFalcon> isnt it "current" users? 15:00 < Apachez> thats why I prefer awstats over google analytics 15:00 < Apachez> you dont leak to google who visits your site and what they visit 15:01 < Apachez> and you get a more trustful stat based on actual requests 15:02 < FightingFalcon> Apachez, can i get it with apt-get ? 15:06 < adham> thanks shtrb 15:06 < adham> I'll go home and continue trying from home 15:06 < adham> thx for your help 15:06 < adham> appreciated ! 15:07 < shtrb> I didn't actually do anything , but I suggest you to check the manual 15:07 < adham> I did and I'll dig nore 15:07 < adham> more* 15:45 < Apachez> http://blogs.bl.uk/digitisedmanuscripts/2012/04/unicorn-cookbook-found-at-the-british-library.html 16:38 * spaces checks Apachez his sexyness for the day 16:40 < Apachez> spaces: stop staring at my sexy back! 16:44 < EdLin> Hi. My motherboard has two NICs and now that teaming is fixed in Windows, which is better for me to use, dynamic link aggregation or static link aggregation? I think my router, running DD-WRT, supports both. 16:46 < EdLin> I'm having a hard time finding on Google something that explains the difference. 16:46 < EdLin> other than ESXi incompatibilities... 16:46 < myrat> hi guys i have problem with netplan 16:47 < myrat> can anyone help 16:57 < skyroveRR> What's netplan? 17:16 < myrat> skyroveRR its network utility 17:17 < myrat> after his installation my laptop starts very long 17:17 < myrat> about 5 minutes man 17:17 < myrat> i tired 17:22 < ashleyk_> holy carp, why is perf3 so buggy 17:24 < Apachez> it is? 17:25 < Apachez> myrat: then uninstall netplan, problem solved? 17:25 < tds> myrat: out of interest, is this with a distro using netplan by default for desktop install now? 17:25 < tds> i'd have thought plain network-manager would be more common, especially with the DE integration for it 17:26 < myrat> Apachez no..in startpanel ubuntu shows 2 users 17:26 < myrat> Apachez first me second netplan daemon user with password.. 17:29 < myrat> tds man i don't know my friend install it 17:29 < Bahgin> Hey All, I have a question re: my home networking setup (some reason, after 20 years IRC is still where I go for legit advice - but it's been a while!) 18:00 < jvwjgames> I am trying to get IPV6 working so that i can give them out to anyother network of mine is this possible? 18:01 < ashleyk_> Bahgin, do you really have a question or are you just trolling 18:01 < Dagger> it's possible to get v6 working, yes 18:13 < jvwjgames> i know it's possible but can i make a tunnel from a v4 oinly network to a v6 network and that through DHCPv6 route the v6 address to the other network 18:25 < tds> sure, you've got various options, a plain 6in4 tunnel is likely easiest if there's no NAT at either end 18:32 < ashleyk_> riveting stuff 19:06 <+catphish> jvwjgames: yes, you can make a tunnel (lots of type of tunnel can be used) between wherever you have ipv6 connectivity and where you need it 19:08 <+catphish> as tds says, 6in4 is probably the simplest / most common option 19:09 <+catphish> Bahgin: you seem to have forgotten to ask your question 19:20 < buu> ok 19:21 < buu> If A) my gateway is set to 192.168.1.1 B) my resolver is set to 192.168.1.1 C) I can receive ping replies from 192.168.1.1 D) why can't I look up hostnames 19:24 < lupine> is there anything listening on 192.168.1.1:53 ? 19:25 < buu> yes 19:25 < buu> Is there a simple test query I can send via nc? 19:25 < lupine> does its logs indicate that it is seeing an incoming packet and sending a return packet? 19:26 < lupine> I'd just use `dig @192.168.1.1` 19:26 < lupine> and I'd probably use tcpdump on both sides rather than bothering with logs 19:27 < jvwjgames> catphish is there a tatorial i can follow somewhere 19:27 < buu> lupine: Yeah.. 19:27 < buu> The set up is, of course, complicated 19:28 <+catphish> buu: maybe 192.168.1.1 isn't running a DNS server, or can't access the internet 19:28 <+catphish> buu: you should use dig to see exactly what response you receive from the dns server 19:29 < buu> Hmm 19:29 <+catphish> jvwjgames: no idea, but if you google 6in4 tunnel i'm sure there will be tutorials, it's trivial on linux 19:29 < d3fragg3d> so, if I have a 10GB video file on one machine and I want to stream this over the internet, is there a decent way to do it? i.e can you encode it on the fly or something so it doesnt buffer? Not sure if this is the right channel to ask this question btw. 19:30 <+catphish> d3fragg3d: well you can just stream it as is if its bitrate isn't faster than the connection 19:30 < buu> catphish: I can ping but I can't get tcp traffic.. 19:30 <+catphish> buu: what tcp traffic? 19:30 < buu> wait 19:30 < buu> I lie 19:30 <+catphish> buu: there are plenty of things you need to test 1) does the internet work? can you ping 8.8.8.8? 19:30 <+catphish> buu: 2) what error does the dns server return? 19:31 <+catphish> d3fragg3d: if you need to transcode there are definitely servers that can do that, but it's often not necessary 19:31 < d3fragg3d> catphish: what do you mean by that? Its a mkv and its around 10GB, a bluray 19:31 < buu> catphish: A) Yes B) Yes C) it times out 19:31 < d3fragg3d> 10GB over say 1 and a half hours, is quite a throughput no? 19:31 <+catphish> d3fragg3d: right, the whole thing is 10GB, but you don't download a whole video to watch it, you stream it 19:32 < buu> inet 192.168.1.1/16 brd 192.168.255.255 scope global eth1 19:32 < buu> Is the /16 nd the 255.255 bad? 19:32 < d3fragg3d> yeah sorry, just if you work it out, its got to be quite a few MB a second. 19:32 <+catphish> buu: well its not a huge problem, but probably should be /24 everywhere 19:32 < buu> catphish: Why? 19:33 < buu> I really want /16 19:33 <+catphish> buu: well depends how big you want your network, it can be /16 as long as its the same everywhere 19:33 < buu> ok 19:33 < jvwjgames> catphish I found one thanks. 19:33 < buu> I'm just trying to change over to a /16 19:33 < buu> And that broke my dns 19:33 <+catphish> buu: but why would you want that? you're just making it harder to extend the nework, or connect to a VPN 19:34 <+catphish> buu: well you didn't mention that before 19:34 <+catphish> buu: most likely you need to rememver to change it everywhere 19:34 <+catphish> mismatched netmasks can cause weird problems 19:35 < buu> catphish: I want something on 192.168.2.3 to be able to ping 192.168.3.2 19:35 <+catphish> buu: why is this subnet so large though? 19:36 <+catphish> and if you really need to use that many addresses, why not /22 19:36 < buu> catphish: virtual devices 19:36 <+catphish> buu: anyway, it doesn't matter, but you do need to make sure you update it everywhere 19:36 < buu> kubernetes needs like a /24 per machine 19:37 < buu> catphish: I think I just confused dnsasq 19:38 <+catphish> proably 19:38 <+catphish> i tend to just reboot when i change IPs, avoids any lieteners getting confused 19:40 < buu> I'm about to 19:40 < buu> I just can't find the reboot button lol 19:46 < buu> hmmmmmmmmmm 19:46 < buu> Interesting 19:52 < buu> So what happened is this stupid isp router was pretending to be in bridge mode and passing along the actual routable IP but it was also acting as a dns server on 192.168.254.254 19:53 < buu> So when I changed my netmask to 192.168/16 it couldn't find the isp dns server any more 19:53 < buu> Is there a "Best" non isp dns server to use? 19:55 < kerframil> cloudflare is very good, preferably with dnscrypt-proxy 20:03 < buu> Does using 8.8.8.8 prevent geodns optimizations? 20:05 <+catphish> buu: no 20:06 <+catphish> 8.8.8.8 is the obvious choice imo 20:08 <+catphish> cloudflare's is likely quite good, but its quite new and i don't have any experience with it, and i don't know how well it handles geolocation, i tried 9.9.9.9 and it's actually very unreliable, overall 8.8.8.8 is proven and reliable 20:09 <+catphish> buu: also, this is why you don't set crazy wide netmasks that you don't need :) 20:10 <+catphish> but glad you figured it out 20:17 <+pppingme> I've seen a lot of equipment not let you set a network larger than /24 (or scarier, let you set it, but not actually work) on a 192.168 ip.. 20:18 <+catphish> lol 20:19 <+pppingme> cause it is "class c" after all 20:22 < buu> catphish: I need it! 20:22 < buu> pppingme: I'm so glad that concept died 20:22 <+catphish> buu: nobody needs a /16 broadcast network, but i can see how it might be easier not to bother to size it correctly 20:23 < buu> =[ 20:23 < buu> Ok that's true, I only need like /20 20:23 <+catphish> i made a /9 broadcast network once :) 20:23 < buu> But that math sucks 20:23 <+catphish> the math is the same 20:23 < buu> NO 20:23 < buu> THE MATH IS HARD 20:23 <+catphish> you're just not doing the math ;) 20:24 <+pppingme> if using rfc1918 addressing, I've set /16's a few times.. not because I needed that size pool, but because it keeps the masks simple 20:24 < buu> true 20:24 < buu> pppingme: see? 20:25 <+catphish> personally i always use 10.0.0.0/8, easier to make big networks and avoid conflicts 20:25 <+pppingme> avoid? I think you mean create!! 20:25 < buu> Then why are you complaining about my /16 20:26 <+catphish> i don't make my broadcast networks /8, i just use that range 20:27 <+catphish> ideally with /16 per site and /24 per LAN 20:27 <+catphish> because it just aligns nicely :) 20:27 < buu> oh 20:27 < buu> Yeah, but I was already on 192.168 20:27 < buu> dunno 20:28 <+catphish> yeah 192.168.0.0/24 or 192.168.1.0/24 are such common defaults, that's why i avoid them 20:29 <+catphish> like, i don't want every access point i plug in to conflict with my default router 20:29 < buu> I kinda feel the opposite, 10/8 conflicts with everyone's vpn 20:29 < buu> but yeah 20:29 <+catphish> not really 20:29 < buu> Bring on the infinite ipv6 addrs 20:30 <+pppingme> only because the openvpn sample config has 10.0.8.0/24 (or is it 10.8.0.0/24).. 20:30 <+pppingme> its a sign of LAZINESS 20:30 <+catphish> VPNs usually route 10.0.0.0/8, but that doesn't matter if your LAN is 10.134.6.0/24 20:30 < buu> A company ago they had the vpn set up to route *all* traffic over the link 20:31 < buu> so I couldn't talk to my lan 20:31 <+pppingme> unless, by some slim chance, there's some stuff on the vpn/wan at 10.134.6.x 20:31 <+catphish> pppingme: i think openvpn default is 10.8.0.0/24, my home LAN is actually (coincidentally) 10.0.8.0/24 because my company uses 10.0.0.0/16 in /24 blocks for staff LANs 20:31 <+catphish> buu: that's a common setting for cisco VPNs, it's usually a deliberate choice to improve security 20:31 < buu> It made me very sad 20:32 < buu> It'd be one thing if I was in the office 20:32 <+catphish> reduces the possibility of bridging anything unsafe between the outside and the VPN 20:33 < buu> i eventually put the vpn inside a vm 20:33 < buu> and bridged to that 20:34 <+catphish> well ideally you have a work VM on the VPN, and do your work in there, security++ 20:35 < buu> yeah 21:34 < spaces> yeah catphish :) 1+ ! 21:34 <+catphish> don't do that 21:36 < spaces> it's at least not a minus :) 21:37 * spaces always wonder why people complain when you give them a positive feedback out of the blue 21:37 < spaces> be positive 22:08 < fly_agaric> hello guys, i have a problem with site to site vpn. the sap connector is not working WSAECONNRESET: Connection reset by peer 10054. telnet to the port where sap conenctor connects is working and also ping is working 22:10 < Holo> more info is needed 22:10 < Holo> theres like a dozen VPN stacks 22:11 < fly_agaric> its a site to site vpn between a Checkpoint and a Cisco asa 22:11 < Holo> so l2tp? 22:11 < Holo> gre? 22:11 < Holo> IPSec? 22:12 < fly_agaric> Holo its IPSec 22:13 < streuner> hello 22:13 < streuner> i've problem with iptables 22:13 < fly_agaric> i tried to debug with ikeview software on checkpoint side. it shows phase 1 and phase 2 is up with the same parameters like lifetime 22:13 <+catphish> streuner: go on 22:13 < Holo> fly_agaric https://archive.sap.com/discussions/thread/1571790 22:14 < streuner> here's my config for ipv4 -> http://dpaste.com/1EWTRWF 22:14 < streuner> i'm getting error ssh: Could not resolve hostname atypical@autisticstory.net: Name or service not known 22:15 < jorja> hello 22:15 < streuner> i'm unable to ping ipv6 address 22:15 <+catphish> streuner: one thing at a time! ipv4 and ipv6 are totally separate 22:16 < streuner> sorry, it's my ipv6 config for iptables http://dpaste.com/2FVW00A 22:16 < Dagger> don't drop any ICMPv6 22:16 < Dagger> it is kinda used for stuff 22:16 < Holo> kinda? lol 22:17 <+catphish> so the problem is you can't resolve autisticstory.net? can you resolve anything else? 22:17 < streuner> catphish, i can resolve 81.2.239.90 but i can't resolve 2001:15e8:110:75a::1 22:17 < jorja> I am having an issue with my wifi. I have hree device hooked to the wifi barrt of it (one is Chromecast) the other two are androd device. I had just used one less then an hour ago went to look at it and I have no wifi on it but the oter android device has wifi connected. Is there a way to get the other android to connect to the wifi? It does see it and tries to connect but the then goes to save secured 22:18 <+catphish> streuner: no, that's nonsense 22:18 < Dagger> (if you absolutely must, follow RFC 4890) 22:18 < streuner> ping4 autisticstory.net works 22:18 < streuner> i can't resolve ipv6 but i can resolve ipv4 22:18 < Holo> catphish unless his dns is setup wrong :P 22:18 < Dagger> streuner: what does `getent ahosts autisticstory.net` say? 22:19 <+catphish> streuner: ok, so your DNS server isn't returning ipv6 addresses? what happens if you run "host google.com" 22:19 <+catphish> also, this has nothing to do with iptables 22:21 <+catphish> streuner: so, lets actually test ipv6 resolution, run "host google.com" and run "dig google.com aaaa" and paste the full output 22:22 < Dagger> (note that host and dig only test DNS. ssh goes through NSS) 22:23 < eliaselof> I am looking for something like samba, but I want to use it over the public internet. What should I use? 22:23 < streuner> http://dpaste.com/3BH61JR 22:23 < Dagger> eliaselof: sshfs is usually the easiest route 22:23 <+catphish> eliaselof: you can use samba, or sftp, or maybe http with DAV 22:24 < streuner> http://dpaste.com/0T97DM8 22:24 < eliaselof> Will check that out, thanks! 22:24 <+catphish> i don't know if samba does server authentication, i'd hope so 22:24 <+catphish> streuner: interesting, DNS works fine at least 22:25 <+catphish> so what happens if you run ping6 autisticstory.net 22:25 <+catphish> maybe you set a hosts entry and forgot about it :) 22:26 < streuner> http://dpaste.com/2Z3CQD4 22:26 <+catphish> ok, your ipv6 resolution works fine 22:26 <+catphish> ping works anywy 22:26 < tds> Can you ping other stuff (eg Google) over ipv6? 22:27 <+catphish> so resolution isn't the problem 22:27 <+catphish> can you ping6 googe.com 22:27 < eliaselof> +catphish: I want it to be seamless like a windows file share. 22:27 < streuner> yes http://dpaste.com/3WB51RD 22:27 <+catphish> eliaselof: well you can always just use samba 22:27 < streuner> ipv6 packets are dropped by ip6tables 22:28 < eliaselof> +catphish: yes, but over the intenet? 22:28 <+catphish> eliaselof: why not? 22:28 < tds> As dagger said earlier, dropping icmpv6 is generally a bad idea 22:28 < eliaselof> *internet 22:28 < streuner> http://dpaste.com/0QMC34P 22:28 <+catphish> streuner: change your icmp6 rule to allow all icmp 22:29 <+catphish> A INPUT -p ipv6-icmp -j ACCEPT 22:29 <+catphish> i don't know what type 8 is, but it might be ping, or it might be ND, but you need at least both of those for ping to work 22:30 <+catphish> i suspect that's the only problem, you've not allowed enough icmp 22:30 < eliaselof> +catphish: "Opening SMB over the internet is a very, very silly thing to do. It's the IT security equivalent of leaving your car unlocked, a door slightly ajar, in a bad neighborhood, with a note in the window saying "Free to a good home". " 22:30 <+catphish> eliaselof: citation? 22:30 <+catphish> if samba was insecure, they'd surely fix the bugs 22:30 < eliaselof> https://arstechnica.com/civis/viewtopic.php?f=15&t=1257257 22:31 <+catphish> that's wimdows SMB i assume? 22:31 < eliaselof> i just donĀ“t want to do something stupid 22:31 < jorja> I am having an issue with my wifi. I have hree device hooked to the wifi barrt of it (one is Chromecast) the other two are androd device. I had just used one less then an hour ago went to look at it and I have no wifi on it but the oter android device has wifi connected. Is there a way to get the other android to connect to the wifi? It does see it and tries to connect but the then goes to save secured 22:31 <+catphish> i honestly don't know how secure samba is though 22:31 <+catphish> eliaselof: consider using samba plus a vpn 22:32 * eliaselof slaps catphish around a bit with a large trout 22:32 < eliaselof> oopps 22:32 < eliaselof> sorry 22:32 <+catphish> streuner: if you feel like you must filter icmp, you need to do a bit more research first 22:32 <+catphish> hahaha 22:33 <+catphish> eliaselof: anyway, SMB is traditionally highly insecure (because windows), it may be much better in samba, but maybe not ideal 22:33 < tds> Certainly by default I don't think samba has any kind of server certificate checks or encryption 22:33 < tds> So a vpn is probably the best way forward 22:33 < streuner> why if I disallow icmpv6 other services over ipv6 don't work? 22:33 <+catphish> eliaselof: look into webdav, you can mount that pretty natively on windows i think 22:33 < Dagger> streuner: because ICMPv6 is used for stuff 22:33 < Dagger> if you block it, stuff stops working 22:33 < eliaselof> +catphish: Or some software which make somthing like sftp "seamless"? 22:33 < Apachez> how rude 22:33 < Apachez> "stuff" 22:34 < eliaselof> will look into webDAV, thanks 22:34 <+catphish> streuner: ICMP is used for all sorts of control messages needed to make other things work 22:34 < fly_agaric> according to pingtest the mtu to sap server is 1438. 22:34 <+catphish> streuner: most importantly "neighbor discovery", the equivilent of ARP 22:34 < tds> You can spend the rest of your life setting static address and routes and neighbours if you really want to, but that's a bad idea and you'll still have issues ;) 22:35 <+catphish> the ESTABLISHED/RELATED rule will take care of a lot of things 22:35 < Dagger> NDP is part of the stuff, but it's not the only part of it. my recommendation is to just accept all ICMPv6 22:35 <+catphish> but you definitely need to allow ND 22:35 < streuner> ipv4 stuff with dropped icmp can work 22:35 < Dagger> if you *absolutely must*, consider rate-limiting and make sure you follow the requirements in RFC4890 22:36 < Dagger> and v6, as you can see, can't 22:36 <+catphish> streuner: sure, and your kettle will work without it too 22:36 <+catphish> but ipv6 will not 22:36 < streuner> why? 22:36 <+catphish> i literally just explained 22:36 <+catphish> streuner: most importantly "neighbor discovery", the equivilent of ARP 22:37 <+catphish> that's the one most people get caught out by 22:37 < tds> catphish: you never know these days, might be an iot kettle with v6 ;) 22:37 <+catphish> but also, other control messages which make things work better 22:38 <+catphish> if you feel you need to block icmp6, you need to research which types to block 22:38 < eliaselof> +catphish: I have found a piece of software called NetDrive. So should i use sftp or WebDav? 22:38 <+catphish> the same applies to ipv4 really, but it kinda works without it 22:38 <+catphish> eliaselof: it doesn't really matter, both are good, make sure you use TLS if you use webdav, SFTP has its own encryption 22:39 < tds> eliaselof: if your clients are windows, they should be able to mount WebDAV natively without extra software 22:39 <+catphish> ^ this too 22:39 <+catphish> if your clients are linux you can probably mount both without extra software :) 22:39 < tds> :) 22:39 <+catphish> but definitely sftp 22:39 < eliaselof> I think i will go with WebDAV then! thanks for the help 22:39 <+catphish> good luck :) 22:40 < tds> And make sure you use certificates you trust rather than self signed ones (be that your own internal CA, or ones from let's encrypt or another CA) 22:41 < eliaselof> will do 22:41 < compdoc> let's encrypt is amazing 22:42 < compdoc> anyone set up haproxy to allow multiple servers validate with let's encrypt? is that possible? 22:43 < tds> Acme http verification should work fine behind a reverse proxy if that's what you're asking 22:43 < Holo> I use a reverse proxy setup 22:43 < jorja> I am having an issue with my wifi. I have hree device hooked to the wifi barrt of it (one is Chromecast) the other two are androd device. I had just used one less then an hour ago went to look at it and I have no wifi on it but the oter android device has wifi connected. Is there a way to get the other android to connect to the wifi? It does see it and tries to connect but the then goes to save secured 22:43 < Holo> works just fine 22:44 < Holo> the public internet only sees the proxy, thus has valid certs 22:44 < Holo> the rest is docker internal networking stuff 22:45 < jorja> HELLO 22:45 < Holo> jorja its wifi 22:46 < jorja> i DONT HAVE WIFI THAT IS THE ISSUE 22:46 < Holo> too many things can go wrong with wifi 22:47 < Holo> start off by capturing your network with Wireshark or something 22:47 < Holo> and reproduce the issue 22:47 < Holo> then we can talk 22:47 < Holo> it could be device side, router side 22:48 < Holo> neighbor misconfigured network on a channel besides 1,6,11 22:49 < Holo> its freaking WIFI aka the blackmagicfuckery of networking 22:49 < Holo> it could be the android device acting like iPhones do now 22:49 < compdoc> aww, wifi is easy when you spend years learning networking and access points 22:50 < Disconsented> Holo> Help troll 22:50 < Disconsented> Ignore him and move on 22:50 < compdoc> use network manager if its ubuntu 22:50 < Holo> compdoc yes its easy once you know it but still a pain because every device handles it differently 23:05 < scientes> The NAT that I am using with wireguard isn't working right 23:05 < scientes> is it because I am forwarding traffic that is on a differn't subnet? 23:05 < scientes> i can ping fine 23:07 < jorja> I do not know what the issue is to reproduce it but it happens about once ever couple of weeks 23:24 < jorja> and never withe the same device 23:26 < jorja> I am having an issue with my wifi. I have hree device hooked to the wifi barrt of it (one is Chromecast) the other two are androd device. I had just used one less then an hour ago went to look at it and I have no wifi on it but the oter android device has wifi connected. Is there a way to get the other android to connect to the wifi? It does see it and tries to connect but the then goes to save secured 23:53 < WinNoob> hey guys, this is not exactly a question, but I'd like if some input on this: I am getting pop-up ads on some freenode sites. Now I think all http (unsecure) pages have this issue (occasionally). My phone and mom's phone have also seen these. Hence I'm suspecting some mitm going on (as opposed to all these devices being infected). I hard reset my router earlier today and the problem persists. 23:53 < WinNoob> I think using mobile data stops this (not sure, because it doesn't happen reliably). I'm suspecting the ISP's routers are infected. 23:53 < WinNoob> opinions, views, inputs, etc, please? 23:56 < WinNoob> said freenode sites were confirmed to not have ads by other viewers admins --- Log closed Mon Jul 09 00:00:31 2018