#networking

Im gonna be using it for gigabit lmao

But also, fibre cables will probably fit through existing tubing, while copper does not

yes in west & central divisions 😬

WTF how so much dang I want it

lots of $$$

so uhhhh sigh... Is the preferred 2+gb/s home FW/router gonna be pfsense on some box? - I can't seem to find any other reasonable way to do it, my asus ax11000 has a 2.5Gb/s interface it lets you use for WAN but it is basically maxed out in the 900ish range.

Got the VPS set up, have the 4c24g ARM instance running, setup as pihole+unbound, openvpn community server, tailscale DERP relay server and zerotier MOON relay server all on the same instance ^^ OCI is awesome. Still under 300MB RAM usage and barely any CPU usage, linux is amazing. I can do a lot more with this stuff too.

Openvpn comm. server (not the access server) wasn't easy to setup the way I wanted it to work, but I managed to make the server and client configs such that I can either use it as just a tunnel to my VPS (w. pihole DNS) and as a route to other friends connected to it, or route all internet traffic through it as well, however I want (2 diff. configs on client side).

Also, ZT Relay server is well optimized, friends now get around 40ms ping to my self hosted minecraft server, no matter what's going on. Next plan is to move the mc server itself onto the cloud and limit it's access through openvpn tunnel only.

So - thank you for this suggestion ... 😄 Helped me out a lot!

Just wish it'd be possible to get a windows VM running on it too

@sudden kayak @sudden kayak I can neither confirm nor deny an apple pilot taking place that may or may not be using a Korean made smartphone instead of their own....

Specifically for 6e

at the same time... apple already has AX support on the 16" macbooks

(I'm communicating through such right now)

perhaps they just found it unnecessary for their phones

everything recent has AX (regular wifi 6), but specifically 6E is what the new iphones don't have

but yeah my s21 doesn't have 6E, but iirc the ultra does (that is apparently the only thing we could find internally for testing/demoing our 6E hardware)

Cries in 100Mbps 😔

with more people watching today I'll repost, Really want somethign that has the flexibility to possibly be 5gb/s capable as well

so uhhhh sigh... Is the preferred 2+gb/s home FW/router gonna be pfsense on some box? - I can't seem to find any other reasonable way to do it, my asus ax11000 has a 2.5Gb/s interface it lets you use for WAN but it is basically maxed out in the 900ish range.

pfsense is less than optimal

fortigate 😉

@clear igloo @hollow marlin IT still hasn't fixed this issue

and its a week

to get there on a fortigate it looked like a 200F was the lowest I could get, at about 3700$

I mean I work for Cisco, cheapest I can get anything that has enough power is even more than that lol, at my employee pricing!

I have an ASR900 somethign in my garage I could throw at it, but lack of anything other than simple NAT and ACL's will kinda suck

kinda mad that asus advertised this 11000AX as 2.5g WAN, and while it DOES let you use it, it falls on it's face after about 1.2 ish

lol

firewalla?... sigh... I'm just grasping at straws right now

I could really burn the house down and just use the built in AT&T "firewall" functions.

Could look at a pfsense 1537 or similar, they're cheaper than that and do a good job once you figure things out a tad like not having a static route still up when the interface is down causing all your DNS return traffic to die 😄

epp for meraki isn't half bad but I've not seen anything else outside of repo depot for purchase 😦

EPP on meraki is suspended right now to due to shipping, I was all meraki up until about 6 months ago. I'm still meraki switches and APs

Oh yah, duh, lol
I should know that since I just bought some licenses the other day

the licenses are still available, not hardware unfortuantely

Yah

I mean I have an ASA 5512X sitting in the garage too but seriously this is just my 4 bedroom house here I don't run a lab at the house anymore, this is more like greed at this point ;P

@clear igloo I love non VOIP phone call quality

Haha, yah, I've got an 1150 on loan from the lab for stuff but I just don't need need it so I swapped over to pfsense so I can return it

It was fun but after a while just meh, keep it simple at home

the reality is I need an edge device that will support at least a 2.5G WAN interface and at least a 4g port channel to my switch since I don't have a 10G meraki switch.

Good or bad where you're at?

bad

the netgate 6100 will do it, I'd have to find some 10GT sfp's and that may be what I end up doing. I haev a beast of a linux server, tempted to run PFSENSE in a VM, if i were smart I would rebuilt it to an ESX server, but it was supposed to just be my NAS/PLEX box

or.... hear me out, I downgrade to 1gb/s symetrical and save 40$/mo

So netgate 6100 it is 😄

haha likely

I have. ghetto amazon knockoff showing up today

@clear igloo i just now realized they labeled near the AP

Nice

I'm skeptical - but it has 4x2.5 so we'll find out

Ah, I saw a few of those, a buddy of mine got one recently says it's pretty good

will PF sense let me link ag?

yes

might be okay then...

Yah

1 job 😄

Its intentional i think

now I guess I go jack a 93108 out of the lab and throw that in the attic, 10G for everyone!

Nice! 😄

FX3 I hope

93108FX3P is now POE too, can power my meraki AP's lol

not sure who the ehll they built that box for, it sure isn't my customers.

Yup, 60 or 90 watts, I forget which off hand

the meraki 36's only need like 16.

I know who :>

oh I know who, but it's useless other than one use case, the rest of my web customers tell me to pound sand because the power requirement is MASSIVE on that box, and that's what all the racks have to be scoped for

I keep trying to figure out if they will ever get a non P version, I keep hearing "on it's way"

Haha, yah, 1900w PSUs I think are the max

the cost of getting to 10g meraki, even intenral pricing just is too much.. I do miss being able to ruin my kids days by monitoring them though!

Haha, yah, the hardware isn't too bad but the licensing for the switches and firewalls is just x.x

I mean even the hardware to get 24x10g ports in a meraki switch, at epp is still probably 3500$ - but MX and MS licenses kill it

and the lifetime max is gonna be a problem if I tried to upgrade to mgig/10gig everything

yah, especially with mgig all the things

@clear igloo <_< this network has so much broadcast

Dang right, broadcast all the information!!

oh god please tell me this pfsense setup eventually let's me land in a GUI somewhere... I can't bring myself to go back to writing ipchains

Yes

it won't let me advance because I don't actually have a WAN interface to give it on my virtualbox...

Initial setup is a bit of a pain but once you setup one inside interface you're good

Ah, I was thinking you were installing on a physical box for a moment, yah you need two to move past that part

I'm assuming it wants to see or receive dhcp maybe? it just keeps me in a loop. I have a physical box showing up, but amazon is like 10pm at my place

Even just a dummy interface going nowhere that you set to "wan" with DHCP should work though

was just throwing it in a virtual box to mess with it

I know I setup my appliance without a physical WAN connected at first so it's possible

it only had a single nic in the profile, trying again

added a second private only

pfSense wants at least 2 NICs or 2 VLAN interfaces on a single NIC for setup

So it can set WAN and LAN1

@clear igloo @waxen scroll 😳

There's a SuperMicro box for Crestron NVX director lol

hmmmm, I have this bad ass hades canyon intel NUC just sitting here, can I get 10g interfaces on it somehow, has a bunch of USBC ports.

literally on my desk in front of me, been unplugged for 3 months

geez, 199$ per interface, cheaper to buy the miniPC lol

what do we like for cheap 5 or 10g ports? I really only need a few, and something that is managed and will let me 802.3ad to my house fabric

alright well I cheaped out, did an 8port 2.5g qnap which is really all I can run anyway, has 2x10g - will let me agg 4 ports to my meraki fabric with spares.

Nice!

@rocky badge computers take over the world.

https://www.youtube.com/watch?v=ec-UctiSM5s

lol

@waxen scroll @clear igloo

reboot all the stuff

Does anybody know how to bridge the LAN port on a Mikrotik device running RouterOS 7 to the wireless? Using a Groove52 ac and trying to use it was a wireless AP and router to run a mixer but in the default Home AP and WISP modes that seem like they would be the best options I am unsure how to bridge the single LAN port so I can communicate to the wired device I need to acce3ss

The only modes that offer to bridge the LAN are supposed to be used to bridge networks wirelessly (aka the antenna is set for P2P mode, not broadcasting SSID

had this issue over multiple devices and os's, failure to ssh when on battery, or just on wifi, depending. whenever i go around the router or via ethernet it's fine, but strangely enough phone hotspot via the same wifi also works? is this a driver issue or a router issue?

Learned about SANs today. Saw something in a picture about them then hit google. Trying to actually visualize the difference from a nas. Like i get it, but only mostly. Would something like Whonnok (or however you spell it) be considered a SAN? Or is it just a term noone really uses anymore

SAN is usually more block storage over network providing storage to servers etc whereas NAS is providing network shares/storage to end users.

Admittedly the difference seems to be more blurred these days

The backblaze article i was reading just made it seem like a nas but with so many features you needed another machine to handle metadata

https://www.backblaze.com/blog/whats-the-diff-nas-vs-san/

Right, block devices are basically drives :)

Like it says you mount them as local storage too, but im pretty sure i did that with my Unraid server already in windows. I may have technically added "shortcuts to different directories on the nas" or whatever but it functions the same

So think iSCSI for example, is something a SAN would deliver and the backend might be dozens of servers and hundreds of drives for a single disk mount

I kinda figured. Blocks on a single drive being storage areas, so when you scale it up those areas become dedicated drives.

@peak cloak @hollow marlin My university literally just disabled the firewall for the student center building.

Because we are having issues with latency sensitive applications (gaming).

(The firewall is causing the issue and not having it on is "fixed for now")

I basically have a san setup for my ESX cluster

I guess why i dont hear it much/at all anymore. No reason to confuse users with something like that. Just call it "the server" if its beyond nas capabilities and be done with it

San

Or im just not in the space that uses it. Either way.

Eh, it's all good

Curious what disabled means. Just put in an any any rule or actually moved to different hardware

no fuckin clue

I finally have a second hop of 10.0.2.37 though

Unless maybe it's a proxy that isn't inline

Which I never had before

Ah

I wonder what it is

🤔 When does pinging the loopback address become relevant for trouble shooting? This one dude claimed it can be pinged to see if the NIC adapter itself is working, but I'm not sure how true that is.

its not

all it tells you is all links to the router are probably dead

it will not tell you a single link is dead

proper way is to ping loopback to check if the router is unreachable and SNMP or syslog to determine if there are single link issues

😕So when the loopback says "unreachable", what is the next troubleshooting step exactly? Network+ didn't really explain the usefulness of loopback addresses that well. It just tells you to ping the default gateway to see if the modem/router is active.

if its a router at a remote site and its the only one, ask local contact to verify power, possibly reboot, and then call ISP

if its at a site thats still online, check the devices its attached to for port status. if up, is there a mac address learned? is there arp learned?

is the config wrong, does it need to be on another vlan

if you dont have a loopback that means you need to use multiple interface IPs to manage the device and thats a pain in the ass

if one goes down that IP wont work, so you need to use the next IP

with a loopback theres no problem like that

🤔 I mean, I'm not sure I even follow. 😅 Like, what if the loopback address is unreachable for your own personal computer or laptop? @waxen scroll

They're not used on hosts. Only network equipment

😕 I mean, I'm seeing some websites claim it has something to do with the TCP/IP stack in the operating system itself. And if its not reachable, it probably wasn't installed correctly. But it has nothing to do with the network adapter I now see. 🧐

And that's why some claim the loopback should be pinged first when troubleshooting connectivity issues? 🤷‍♂️

😂Damn, its a lot of bad info out there about the loopback. Kind of feel sorry for it.

Very confusing.🙃

@waxen scroll @peak cloak
1GB of RDP and 477MB of MC

oh behave

Got a question, my ISP provides a 400mbps connection (typically actually 450mbps), and I have had no issues for the past several months. Recently I noticed though, the connection specifically over ethernet has been on average 80-90mbps or less. This has me confused because I haven't found any issues with out cables, including damage or crimping. I haven't had any issues with packet loss either which I assume would be the case if a damaged cable was causing signal degradation. Does anyone have any ideas? Is it possible the ISP is throttling devices connected over ethernet? I haven't tried plugging other devices I don't normally use in yet.

Milim is so good ❤️

lol

next season gonna be lit

indeed

My issue is resolved, after checking each possibility I have found out that its the port on my router
for whatever reason port 1 is now at a reduced speed while any other port is fine

you used the same cable?

?

I'd be inclined to blame the cable anyways

You can check the pins on port 1 I guess, if one of the pairs is bent or dirty that might do it though idk how that could be the case if it failed suddenly while connected and in use

Maybe the port is set itself to half duplex but it's more likely to just be the cable I'd imagine

GTA as in the game?

but for ISPs it all depends on availability in your area

yeah idk, it's heavily area dependent

ik for the US the FCC kinda has a list of available ISPs at an address although it's not accurate all the time

it's like that most of the time, just don't expect the promotional price all the time

If you're a network engineer, read this.
https://poa.st/@josh/posts/ANQljCv9dCZ8q8fis4

from my uneducated POV sounds like they just don't know what they are doing?

but then again it's zayo

yep. both sounds like they dont know what they're doing and zayo is like D tier provider

"about 40% of traffic goes directly through HE." HE is also bottom tier from what I've heard

@clear igloo the comments section LOL

@waxen scroll I wish NDI was more reliable

Huh, I thought they were higher

What are like the top ones?

how can i set up a ddos protection?

https://www.akamai.com/products/prolexic-solutions#contact-us

What type

Raw TCP, HTTP(S)?

A ddos protection for a game/web server

Tcp and https

You can get free http ddos protection through cloudflare

TCP for game? What game?

Gmod and mc

You can have a look at tcpshield

Ah ok thank you

sure you could do all that, or you can buy akamai and sleep well

I'm not made of money....

Just.gonna go on record and say F sonos and their BS implementation using spanning tree.... Are they serious with that crap?.

Yes, spanning tree your wifi 😄

Hi everyone. In need of some advice. I do astrophotography and I use a mini computer that uses raspberry pi 4 and some software. It function on my phone using a WiFi connection but the problem is that I have to within ten foot for it to work. I'm at the point where I have everything set up and working at a permanent position. I wanted to run an Ethernet cable outside but considered an idea and then realised that if lightning struck near by that would cause issues. I'm under the impression that I would need to use armoured. I was going to bury it but I'm thinking because of the bends it would just be easier to run it through some PVC. Advise, please and thank you.

whenever i goto browse the internet my browser is low as shit doesnt matter which one. Internet speed is perfectly fine. I dont get it.

Looking to replace my rogers router with something nicer to get full speed on my 1gbps connection. Currently max speed on wifi is around 250ish mbps but wired is 1g

Does this look good for 129CAD?

i've never dealt with that kind of scenario, but my understanding is that armored cable is more about physical damage and probably wouldn't do much for ESD protection... this kind of thing is a much better bet (and waaay cheaper to boot) https://store.ui.com/collections/operator-accessories/products/ethernet-surge-protector

So apparently, running hyper-V disables multicast. Anyone know of a solution other than to remove Hyper-V?

can anyone recommend any good wifi cards preferably around £50 or under? i’m clueless 🙃

i just grabbed the tp link one https://www.amazon.com/TP-Link-Bluetooth-Ultra-Low-Archer-TX3000E/dp/B07ZV2CJL2 and it seems to be fine. no particular glowing endorsement or detailed review but it's a solid option

it's an intel chipset so it should be pretty reliable and driver support should be great

shoot no I'm sorry i actually got this one https://www.amazon.com/TP-Link-Archer-TX55E-Bluetooth-Ultra-Low/dp/B0B1NRGDQ4/

sorry you can tell how little i actually care as long as it does the job. but it seems totally fine

the part about intel chipsets is true for both so they should be very solid

afaik the only difference is external antenna on a separate little stand vs just sticking directly out of your pc

The best solution to this if lightning is a serious concern in your area is probably to use fiber media converters and run multimode fiber if the cost-benefit makes sense for your use case. Second best is an optoisolator which is basically that scaled down, you'd want one at both ends. Do keep in mind your power cables if you're running power out to the Pi as well. Probably overkill and none of this helps if your pi eats a direct lightning strike though in the case of fiber optic it won't be its fault

a cheap amall 1Gbit switch

How many ports?

Does it need to be managed?

no

like 4 would be enough

Frankly those are commodity parts, just buy whatever's cheapest on Amazon/whatever if price is your only concern

Just... don't assume it has STP

well

spanning tree

Spanning Tree Protocol

oh ok

AKA don't flood my network with an stream of broadcast packets if you plug the thing into itself/otherwise make a loop

ok

stick out antenna all the way. my current antenna is magnetic so this one seems like a solid choice! thanks :)

Lol

I have a mesh network (Google) If I connect my PC or PS5 direct to the AP its blazing fast like 350mbps, but when I use this D-Link switch I bought it drops to under 100mbps the switch is advertised as Gigabit but doesnt look like it is , using cat 7 cables from AP to switch and from switch to both devices, can anyone recommend a good switch that will give me the same speeds as if I was connected to the AP?

I had an issue with Google Wifi where it would randomly re-negotiate the port speed to 100Mb/s and leave it there. Get yourself a descent managed switch and you should be able to force the port speed instead of letting it auto-negotiate. This works well: https://smile.amazon.com/dp/B00K4DS5KU.

I try not to wifi anything unless I have to, so it was all wired up until this past week - when I started noticing my MS Switch had started shutting down the sonos switch ports lol...

I'm all meraki in the house, so it's a decent managed switch - but the current meraki MS trains don't support old non RSTP, and for whatever reason sonos uses STP - so basically meraki put them in blocking mode, but yes I have noticed all the sonos devices negotiate at 100mb/s which is odd at best.

they may just not have gigabit interfaces

ik my roku only has a 10/100 interface

well I Notice the xbox's all drop to 100 meg when they "sleep" too - but from a manufacturing perspective, 100mb/s phy costs more than a 1gig phy, I'm literally on a call right now about this same issue lol

sonos one

only 10/100, must be cheaper

@peak cloak yeah, I've noticed my smart tvs and some other equipment only have 10/100 ports still. This isn't generally an issue as streaming audio or video on a single device only needs 100Mbps max. 4k@60fps maxes out at 51mbps.

yeah, it's never been an issue for me either

@wooden condor i can see where an Xbox dropping to 100 might be a problem.

10/100 phy chips believe it are not cheaper - their use is so limited they get spun at significantly lower quantities, today I can buy 10k 1gig phy chips for less than I can buy 2k 10/100 phys. It baffles us at people still spin 10/100 devices. There are significant features that don't work properly at 10/100 - for example, modern cisco MGIG switches have a significant feature drop off if an interface drops to 10/100 - AVB being a big example.

I mean they must be if manufacturers use them, surplus or something

my gut says that they may have contracted for a kajillion of them at some point when they may have been pennies cheaper and are still spending that contract

I know nothing of the pricing, but I work in the industrial sector and 10/100 is still the defacto standard for most industrial communication bus protocols (Ethernet/IP, EtherCAT, Etc). Almost all the hardware we buy, thousands of drives a year, all have 100Mbps speed. I would imagine companies still putting 10/100 chips into their products at consumer level signed very long licensing deals for acquiring the hardware.

yeah, cheaper for them

but if i were to buy them TODAY, and look at something like a Marvel PHY, they are more than 2x the cost - now the one thing that probably is also holding them back is just simply respinning hardware design to support a new phy.

we see it a lot in industrial controls from rockwell for example - or even in the entertainment industry where because there is no need for more than a 15mb/s stream to an IP speaker, there is no reason to respin it and support a new phy

but the actualy cost of the phy itself is definitely not cheaper.

True, but rockwell just passes that cost onto the consumer at greatly inflated margins, so they have no need to change it.

but with things liek the sonos ARC, and new subs, those designs are all jsut years old, it's weird to me they started with an old tech.

Meh, rockwell uses a ton of Cisco stuff, I like them a lot actually from a controls perspective, they are probably the most modern of them at least lol.

Rockwell is descent for anything inside a panel. Anything outside and you're probably paying more for worse performance than literally anyone else.

well don't talk shit about their BOP network, i designed that! lol.

I think my biggest problem with Rockwell is that very few people in the entire company actually understand what it takes to implement their hardware in a real production environment, and when you find problems with it (which you inevitably will), their answer is almost always "too bad, we may fix that down the road in a few years". The other problem I have with them is the fact that they release alpha-level hardware/software to market, then flat-out refuse to do anything to fix it, forcing their distributors and implementer partners to come up with very expensive, elaborate work-arounds......but now I'm just ranting.

Take, for example, their network switches. They are 'supposed' to be Cisco rebranded hardware. What they don't tell you is that for whatever reason they didn't license all the software features, so the switches actually have less functionality than their equivalent cisco counterparts. Once you run into this limitation, you either have to change out all the hardware (with significant 're-stocking' fees for the stuff that you can't use) or you have to come up with band-aide workarounds to go without the features.

Ok....I'll stop now.

I mean that's just generally manufacturers as a whole though isn't it? The development cycle is obscenely long for hardware solutions so if a. partner/distributor can work around that .

They aren't supposed to be, they actually are cisco switches, and if you have that problem, DM me, lol

they are LICENSED with only a specific set of features like all cisco switches

Never had that issue with any other manufacturer as much as Rockwell.

I jsut mean in general, like it's an issue with Cisco too

not that this every happens

but if cisco releases a product that has a shortcoming

it theoretically COULD take a year or more to fix through our dev cycle

and often by the time we've fixed it partners or even our sales teams have figured ways around the deficiency

that of course never happens

I forget what problem we had, but the only solution Rockwell gave us was "We aren't fixing this, if you want the feature, go ahead and buy the actual Cisco version".

I understand that too an extent, but there's a difference in the level of 'work-around'. Using Weiss linear motors on allen bradley hardware, for instance, requires the addition of a filter (Capacitor and ferrite core) in the feedback cable. A simple and effective workaround, if a little bit annoying. Using an Allen Bradley linear motor in a vertical orientation on an Allen Bradley controller requires building an elaborate counterweight system because the motor can't physically hold up it's own weight for more than an hour without a drive thermal overload.

Lots of really low-end SoC's still have only 10/100 MACs

Plus there's the "tried and tested, sufficient for the use case, permits reuse of a hardware platform" argument

Lots of home IoT/"smart" stuff runs on really crap hardware because it was cheap/easy/they could get away without doing something new

can anyone help me port forward lol im so confused

@jade canopy what's your issue?

so my problem is know what to put in these boxes

and im trying to port forward for destiny

Internal IP Device is the IP of device you are forwarding to, Internal Port is the port you are forwarding to, remote address you can restrict what IPs to allow, you can just do *.*.*.* like it says for all. Remote port is the port to listen on I think

ohhh ok so one more question

when i pull up a port a list for destiny it looks like this am i supposed to use tcp or udp numbers

I guess they want both

port forwarding for games is a mess I don't bother with

lol ok thanks for the help

Hyall. does anyone know if zigbee relays over the same wireless band or does it switch bands ?

It supposedly says it's on chnannel 6/2.4ghz

iirc zigbee can use both 2.4ghz and 900mhz ish depending on region

europe

i think 900 is licensed in europe

yeah just checked its mainly used for 4g long bands

hmm okay

i was wondering since due to neighbors i have quite the interference and i thought maybe if it stays on one channel across all lights it would be better

i was wondering if anyone here has attempted at running an ids on 10 gig uplinks?

and if i were to do it the custom way what would be the hardware requirements

i was thinking of vyos running suricata

currently i have an udm pro but it does not handle more than 4gbps with ips turned on with the ruleset almost full because in reality its not full even when you select everything

a friend of mine said suricata at 10 gbps on a 5900x ate up 1900% CPU (24threads) while running 10 parallel iperf3 tests

and he didnt have the entire ruleset

best bet is proabably to wait a bit for ARM servers to become more popular then make one on an ARM host

I mean I'm having to gimp along with some half ass celeron j4125 box, that still hasn't arrived from amazon

It's gonna be fine

biggest complaint is really I have to basically get off my 100% meraki stack, back to open source shenanigans since even at employee discounts I can't afford to upgrade my own house lol

My biggest fear is having to learn VyOS after using BIRD for so long

I mean it's the same concept but I need to redo my automations

I don't think VyOS can run as a flowspec client?

But at least it should be able to reflect flow tables

flowtab4 and flowtab6

So I was watching Linus’s new video about Plex media storage server thing, and I was wondering can you use it to access files without having to download them and stream them from your server from states or hundreds of miles away?

yes

Would I have to leave the server on all the time?

well idk how linus does it, but I use a zerotier or tailscale to access my hosted services from anywhere

yes, that's kinda what a server is

Ok thank you

@rocky badge they have POE enabled on dorm ports....

Plugged in router in my friends dorm, no power yet and it booted up...

they have PoE enabled on all of the access ports here too

@peak cloak @waxen scroll 😐 The AV racks room has two doors, because the racks are in the middle and you can't get to the other side of the room, but the doors are keyed differently and nobody knows what the door that can get access to the front of the rack is. We've tried every key in the building, the master for the building, IT key, utility keys...nothing.
You can get into the door that gets to the back of the rack but not the front LOL

yeah, if you have port forwarding enabled and can connect to the IP

anyone found the cheapest 20gb mobile plan in australia? been trying to find one for days

also someone explain to my dad that opening up the mc port (25565) is not the worst thing in the world for our internet... i keep asking and he keeps on saying no because "we are going to get hacked"...

Just don't tell him.

do an off-site tunnel

hello network guru's I need a bit of advice:
I have a ISP router (gr241ag) a D-Link DIR880L and 1 unifi AP.
I wanted to get a Unifi managed switch like a 8 port one or 16 to go "crazy" but they are crazy expensive for my home use case.
So I looked at this one TP-Link TL-SG108E
Is it decent?

how should my networking be?

ISP port 1-3 to living room things like tv/console/tvbox then port4 bridged to the DIR880?
or just bridged to DIR880 and let it do all the work and connect all to it + the new switch?

I've got a couple SG108E's and they work fairly well. No complaints. All the basic managed switch features. As far as your network in concerned that's really a personal choice. Your first option creates some separation without any extra configuration, but if you don't need that specifically, then just bridge the ISP router and let your D-Link handle everything.

I was thinking I could use the first 3 ports on my IPS router to connect the closest things like tv etc BUT that would mean those devices would be in 1.X vlan and the dlink (i will flash it with DDWRT) will be in Vlan 2.xxx

will that cause any issue or its wtv?

I think you are confusing vlan and subnet

best is to bridge ISP device and use own router for everything

double-nat is something you want to avoid

I ve seen cases where the isp modem does PPPoE and it assigns the UDMP the allocated ip from isp

So UDM gets it's ISP IPv4 via DHCP

yeah but they say it's a router so it's doing NAT

do i plug a wireless access point into my network switch by ethernet

yes, how else would you do it?

I have a cable tester because my brother was having issues. I plugged on end in and then the other into the remote. It's showing 7-8 as a solid colour. I read the instructions multiple times and was confused. A video I saw said it should cycle from 1-8. The thing is him and I both get an internet connection just fine. Was would complain about high ping. Every single cable shows the exact same thing, including a brand new cat6 I got today. What's going on?

broken tester?

First time using it. Just bought a battery and got home to test the cables.

also

It came in a kit that I bought about a year or so ago

could be a short in the cable

but you say it's working fine

A cheapo tester won't be able to help with ping issues

it just tests if the pairs are fine

no shorts, and everything is 1 - 1

I wanted to make sure the cable wasn't dodgy which I was hoping this tester than came with a kit I had would check that.

My brother has been playing games and talking to his friends, so I'd assume a dodgy cable wouldn't let him do that?

@hollow marlin hit a nasty cisco bug

it would process a TTL=0 packet and send it right back to where it came from

made like an 18Gbit or something loop of TTL=0 packets

Just picked up my Fortigate 60F for home! Config time

😮 no rack mounts.. thingiverse please save me.

@rocky badge dumb. https://www.reddit.com/r/homelab/comments/xcuvqx/newest_addition_to_the_lab_time_to_learn_cisco_cli/

@clear igloo virtualization in 2022;

@rocky badge lol I hear there's a flood of companies trying to run away from VMware this quarter

didn't Broadcom acquire them?

@waxen scroll I meant, sorry

Would this be considered fast

It's decently fast yes

K ty

Tester doesn't work. I borrowed one from someone local last night where I saw his working. All the cables show them being completely fine with his one. I used my one again and showing the same thing. Going to see if I can get a replacement. Bought it over a year ago but only just used it. You never know, they might send me a replacement.

Yup, that's why they're flooding away

I am assuming it was sending the packet with TTL 0 back to another device that was also experiencing the bug? Thats the only scenario I could see where it would loop like that

Im doing some research but im stuck as Solarflare was acquired by Xilinx and then Xilinx was acquired by AMD.

Basically im trying to find if any of these cards(excluding the BASE-T ones) support 10GBASE-LR Transceivers because I currently have a SFN5122f and it wont link to my switch using a LR 1310nm transceiver on both ends. The switch is not the issue as it detects the SFP module.
Any research you do would be greatly appreciated as I am completely stuck when it comes to finding documentation.

----------------------------

The drivers, utilities and applications contained in this package
support the following adapters:

-   Solarflare Onload server adapters:
    -   Solarstorm SFN4112F SFP+ Server Adapter
    -   //Solarstorm SFN5111T 10GBASE-T Server Adapter
    -   Solarstorm SFN5112F SFP+ Server Adapter
    -   //Solarstorm SFN5121T 10GBASE-T Server Adapter
    -   Solarstorm SFN5122F SFP+ Server Adapter
    -   Solarflare SFN5322F SFP+ Precision Time Synchronization Server
        Adapter
    -   Solarflare SFN6122F SFP+ Server Adapter
    -   Solarflare SFN6322F SFP+ Precision Time Synchronization Server
        Adapter

-   Solarflare Performant server adapters:
    -   //Solarstorm SFN5151T 10GBASE-T Server Adapter
    -   Solarstorm SFN5152F SFP+ Server Adapter
    -   //Solarstorm SFN5161T 10GBASE-T Server Adapter
    -   Solarstorm SFN5162F SFP+ Server Adapter```

nice

What do you want us to do? Tell you the password?

@clear igloo @waxen scroll yummy IP

yummy apipa 😄

@clear igloo @waxen scroll IT fixed the latency & packet loss issue in the firewall but they did not elaborate

its an ASA so they probably overloaded the internal ethernet connection between the firepower module and the ASA

😂

are we sure its an ASA?

I thought you said it was

I mean, I just assumed since they are all Cisco

my job is all cisco but we use palo

nobody wants to use ASAs

Provide and manage network services through specialized (Cisco) devices including: Traffic filtering devices, VoIP Gateway, wireless networking, Wireless LAN controllers, management and monitoring devices, etc.

if they need expensive consultants to fix their constant network issues, juan, lurick and I are available.

Starting at $80,000; commensurate with education and experience.

for sr network engineer

lmao what

https://jobs.etsu.edu/postings/22352

no. current market is $130-140 base + 5-10% bonus + all the usual benes

115+ HSU Buildings, 18+ remote sites, 10+ medical facilities. Manage 221 communications rooms

Open Date 06/27/2022

This is why its stil not filled

💀

for 80k you'll get an average engineer who probably is coming from a NOC. they could probably do the job but not in the senior way they expect

@clear igloo "including: I0S updates" lol 0 not O

yeah

Probably so they don’t get a bunch of iOS devs on a keyword match

Cisco wrote Internetwork Operating System long before the iPod and iPhone (they also already had a product called iPhone before Apple)

But they more or less let apple have those names, and I can imagine the algorithm just seeing iOS and spamming mobile devs with that posting

My most experience with FWs are with Juniper SRX but having had to assist a few customers with their ASA and experiencing the CLI... I do not know who would ever want ASAs.

its not even the CLI its the centralized management or lack of

other products have a controllers with your rule objects and you can make one update that affects many firewalls

with ASA thats not really a thing

@waxen scroll @clear igloo 😩

@rocky badge why they blow public IP

we get publics on wired

the uni has 151.141.0.0/16

I hate universities.

@rocky badge ask them for ipv6

lol

the ethernet in our dorms are public IPs

2 ports in a dorm, one for each person

I just switched internet providers yesterday. Upon initial install, the guy said speeds of both up/down could be low for a bit, but would eventually go up to full speed 200/200. It's been about 24 hours, and it's still sitting at 50/50. Is that actually a thing, or was he lying to get home?

lying

I once had a cable tech try to upsell me on 100mbit+ during my install (2013) because im a gamer and it would make games work way better

problem is i'm a network eng so I started grilling him. "oh really?"

I hate how comcast sells plans with "1-3 devices", "5-10 devices". How many people fall for that scam

Yeah I know that stuff is garbage. Was just hoping I didn't have some guy rewire the apartment for nothing

I must have just got an idiot installer, everybody else who switched from Spectrum to Ziply in my area love it

they probably just screwed up on the back end. support can probably fix the setting

Okay, I'll try contacting them

Ziply: "I'll transfer you to our technical department. Be rest assured. Our technical department will definitely help you. Please stay connected."

...

Ziply: "Hi! How may I assist you today?"

Me: "My internet speeds are slower than I am paying for."

Ziply: "I am so sorry, I wish I could help you in this but it looks like out of our support boundary and as we are from billing department we don't have access for further assistance , I kindly request you to please contact our voice team for better assistance bye"

y i k e s

wow

rude

Should be fun! Is there any harm in plugging my desktop directly into the cat5 cable coming out of the wall to test if it's a router issue? I want to cover all possible bases before I wait on hold for hours

no, but its possible that you need to power cycle the modem after doing so

my modem locks to one device until rebooted

Unfortunately, I don't have access to the modem. It's ONT down in a shared electrical closet for this whole apartment complex. An ethernet cable just plugs straight into the WAN port of my router

I don't even know if it is a conventional modem

dunno then. if it doesn't work that's probably why. I dont have experience with ONTs

I imagine they have to handle device changes gracefully

Well, thanks for the advice, I'll see what happens when I get home. I just wanted to make sure I wouldn't get flooded with viruses of some sort

as long as you set the network to public when the question comes up it should be good

Hey for some reason both my of internet browsers are slow but internet speed seems fine

i mean yeah that doesn't sound like a network issue then

try checking over your extensions & plugins, fully quit your browser and launch again with one tab and see what happens

Can I add a new NIC to my VM and bind my webserver on it's IP yo port 443 and 80, while another program uses the same ports everywhere else?

Ubuntu 22.04 and this is the last idea I have before going for a separate VM

Stuff tries to bind on all interfaces and idk if this idea's going to work

It's per an IP so yes

If you restrict the ips

The better solution is to use a reverse proxy

This. Like NGiNX or HaProxy, which is what I use

HaProxy is really hard to fingerprint as well

And, it's very light, as well

is there a way i can host an assetto corsa server over ipv 6?

Has anyone used this Zigbee hub for HA? https://www.aliexpress.com/item/3256803608304045.html?gatewayAdapt=4itemAdapt

Nope, I used the ConBee dongle

There is an integration with it

How's your latency(ping)?

hello guys I have a DynDns, and if I go to app.abomy.com it works and opens my webapp(its hosted on windows) But I cannot reach any of the webapps that are containers on docker with the same method
TLDR i can reach windows apps but not docker containers

any idea what can it be?

You need to do port address and network address translation on the host

any guide or what i could follow?

kinda new on networking and docker

Probably should do an NGINX proxy so you don't actually open ports to the internet.

When you port forward to the internet you only have 1 IP that you can host things on port 80 and 443. What you need is to either port forward other ports and manually specificy them (as well as exposing them in docker) OR (the better option) is to setup a reverse proxy. So myapp.example.com would go to one container and myapp_two.example.com would go to another

If using docker you need to specify the ports to forward using the argument -p <app_port>:<main_port> usually you d do just 80:80 or 443:443 and so on

first port is the listener IN the container itself and the second one is the port that's going to be open on your computer s NIC

Otherwise, just create a docker bridge network and connect the containers to that

They will then get their own IP addresses in your lan

@clear igloo @waxen scroll

“just use 2 udmps for ‘HA’”

“active and passive” bruh that’s literally a cold spare

well it looks like they dont have it plugged in

so yeah, network outage

So much for no network outage

im doing it this way

and it works for the windows apps (all besides heimdall)

since heimdall is a docker container it doest reach it

a reverse proxy could work BUT i never set one up

@clear igloo

network good between uni and home

33ms, not too shabby

on wifi too

CS building -> Main Campus -> internet

how do you have 30ms in the same state/zone

¯_(ツ)_/¯

I have 20ms to Frankfurt lol

I mean, it's the US

ok

that's jank

i already have 6ms to the first hop gateway lol

Yeah well it's wifi

What wifi standard is it

Yes 🙂

WiFi 6

Oh ax

Mmh

Can you trace the route to 74.119.149.1?

I saw it gets 90 Ms from Chicago

Pretty good for GSL

@rocky badge

Never set up a reverse proxy...

If u have guidelines

Why? That's perfectly feasible @thick minnow

What you already have set up

You just need to make sure you specified -p 8989:8989 while starting the container

also is this for LAN only?

because the setup you have now won't work for accessing externally, which defeats the whole purpose of dynamic dns

But I can reach it outside of lan

I have a wireguard vpn

via vpn, then yeah that makes sense

I just can't reach the containers

what's "cloak"

To show sonar. Abomy..... Instead of 192.168.2.1....

Just a ip and port cloak nothing more

yeah disable that

I feel that's the issue

and why does it work for the others

BUT ican try

yeah because it's proxing

so it can't proxy to a LAN ip from their web servers

disabled not working

; <<>> DiG 9.16.1-Ubuntu <<>> radarr.abomy.freeddns.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53609
;; flags: qr rd ad; QUERY: 1, ANSWER: 12, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;radarr.abomy.freeddns.org.     IN      A

;; ANSWER SECTION:
radarr.abomy.freeddns.org. 0    IN      A       162.216.242.206```

it may take a while for it to propogate

also, this is a web redirect

so actually it may not, idk

do you think its better just ot reverser proxy it?

open the network tab in your web browser and look at the request to http://192.168.2.1

obv it fails for me

I mean the whole setup I would overhaul

setup a reverse proxy

traefik?

an easy one is nginx reverse proxy manager

has a web ui

never used traefik

damn I wish npm ran in my lzct

Lxc***

I should consider updating to proxmox 7... Umm. Be right back

can yo uget me a tutorial for it?

dumb down plz 🙂

https://nginxproxymanager.com/setup/

actually https://nginxproxymanager.com/guide/#quick-setup

thx, I will have a nice evening now 🙂

I think this is a networking issues.

Im trying to setup a port forward. I have everything correct on the interal side, that I know so far, and I am using a Linksys Smart Wifi router. Currently I am in WV, but my external IP says that I am in Chicago, IL, and I am trying to figure out why that is, becuase when I normally setup servers at home, it is simple Xfinity has port forwarding tools for games, and the external IP actually works. I confirmed already that I can join the server on the system that it is hosted on.

I contacted Linksys and ISP, but they were no help.

Anyone know how I possible could find the correct external IP if that one is wrong.

on the router you are port forwarding on what is the WAN or Internet IP?

Just the first 2 octects is enough

facepalms hard Damn it Nintendo https://twitter.com/TarZangief/status/1569801181903347713

Anyone see what's wrong with the Official guide?

yes

Nintendo really needs to hire some PROPER Networking people

So I have a custom x86 router running openwrt, which is doing awesome and supports everything I need.
However, I am going to be moving soon and also in the unique position to pick up some dual port SFP+ PCIe cards for extremely cheap; wondering if it might be worth it to grab them?
Initial thought was to install one card in the router, another in my server, and then I could pick up a media converter if I needed one for connecting up my desktop switch or direct connecting my PC.

My big concern is idk if openwrt would support these cards, and I have minimal experience with fiber networking. I also wonder if the cards would support generic Cisco 10gb SFP+ modules?

tbh since you're running a media stack (it would seem) it might be worth using an OOTB setup like Swizzin, Saltbox, or Dockstarter 🙂

although they are targeted at Linux setups instead of Windows, the software itself that you are running seems to be better suited for that kind of 'headless' setup.

might also be worth looking at docker compose with SWAG or Nginx Proxy Manager, although I will say SWAG seems to be the easiest way for a beginner to get into reverse proxying. First I'd recommend moving all of your applications to docker, then serving everything internally (on the docker network) and accessing via reverse proxy from anywhere beyond there; of course with some kind of authentication enabled at every level of your setup, be that basic auth, authelia, or application auth itself (I'd go for basic auth if you're just starting out)

the thing is I cant reach any container from my VPN

just the windows apps

Mail Server Question:
Are some email usernames (maybe not the correct term) more likely to get sorted into SPAM than others?
Excluding the content, configuration etc. Just purely by having that email address.

E.g. is marketing@domain.com more likely to be sorted to spam than john.doe@domain.com?

Networking was the channel I thought was most likely to know the answer as I've seen mail server questions here before

That’s likely because you haven’t forwarded the port to the host.

Although this is the perfect case for a reverse proxy, as others have said.

Not that I know of

Maybe?

Like like if it google in the name maybe they'll mark it as spam

But the primary methods are DKIM, rDNS, DMARC, and SPF checks

Also checking if the sending IP is on a blacklist

Does anyone know how to make it so you can get to the webui of your modem from hosts connected to the router?

Like assume that i have a host connected to a router. That router controls 192.168.0.X. The router connects to the modem which has an ip of 192.168.1.100 ... If i connect directly to the modem, i can get to the modem's webui, but if i connect to the router, i can't get to the modem's webui.

I can't change the modem's ip unfortunately. I also tried to change the router to control 192.168.X.Y instead of 192.168.0.X... but i still couldn't get to the router's webui

I also tried doing a static route in my router to help: ... but that didn't do it either

On the router itself, its kind of funny: i can ssh in, but then i can't nc or ping the modem either. ... I can send an ARP though and get a reply

the ARP reply's mac matches the modems mac address so that seems ok

Change the gateway

It should be upstream, not your router

Is the gateway just the host that can go through the static route?

like change the gateway to what?

The isp router

What's the gateway rn

192.168.0.1 = router. 192.168.100.1 = modem

Not for PC

No, for the router

Can you check the routing tables on router

like the wan ip?

default gateway is blank in the router's webui:

Yeah it gets it from DHCP

oh ok so the public ip

No

You may find it by doing a trace route

traceroute to where?

Anywhere

Tracing route to GT-AXE11000-22A0 [192.168.0.1]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  GT-AXE11000-22A0 [192.168.0.1]

Trace complete.

unless you mean somewhere external

Tracing route to api.ipify.org.herokudns.com [3.220.57.224]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  GT-AXE11000-22A0 [192.168.0.1]
  2     8 ms    13 ms    13 ms  96.120.14.77
  3    16 ms    10 ms    10 ms  96.110.159.161
  4     9 ms     9 ms    11 ms  96.216.129.18
  5    19 ms     9 ms    11 ms  96.216.129.21
  6    12 ms    13 ms    13 ms  be-36431-cs03.sunnyvale.ca.ibone.comcast.net [96.110.41.105]
  7    13 ms    11 ms    11 ms  be-1312-cr12.sunnyvale.ca.ibone.comcast.net [96.110.46.30]
  8    12 ms    14 ms    13 ms  be-303-cr12.9greatoaks.ca.ibone.comcast.net [96.110.37.178]
  9    14 ms    14 ms    13 ms  be-1212-cs02.9greatoaks.ca.ibone.comcast.net [68.86.166.145]
...```

yep

                                       192.168.0.1```

They let me setup static routes, #networking message .. but i must be doing something wrong

hello, i can i make my net faster its lower than average when its at night time for some reason.

I'd figure out networking nerds here might be a good chance. I've come across some scam attempts on my relatives, it involves the scammer telling the user to run netstat on the computer. And the scammer would go on and say there's many hackers already logged onto the system.

Ofc I knew it was bogus, luckily relative was smart enough to doubt and asked me about it. I just told them it was BS. But I couldn't really give my relative a reason why it was bogus since I had no idea what the netstat command entails.

If I ran it on my Surface it'll look like this

  Proto  Local Address          Foreign Address        State
  TCP    127.0.0.1:49690        phox:49691             ESTABLISHED
  TCP    127.0.0.1:49691        phox:49690             ESTABLISHED
  TCP    127.0.0.1:49692        phox:49693             ESTABLISHED
  TCP    127.0.0.1:49693        phox:49692             ESTABLISHED
  TCP    192.168.17.203:62564   91.108.56.185:https    ESTABLISHED
  TCP    192.168.17.203:62566   ec2-54-187-160-31:https  ESTABLISHED
  TCP    192.168.17.203:62708   sd-in-f190:https       ESTABLISHED
  TCP    192.168.17.203:62709   sd-in-f119:https       TIME_WAIT
  TCP    192.168.17.203:62710   sd-in-f132:https       TIME_WAIT

If I had to assume, it's telling me what 'foreign address' i'm talking to for web content?

for any content really

I know 127.0.x.x is the local address, 192.168.x.x is the gateway. But what I can't decipher is what the heck is my local address connecting to

I guess it's just talking to itself it seems?

Since my hostname is phox

That's my guess. Sorry I'm very noobish when it comes to networking lol.

This traceroute shows it doesn't go to 192.168.100.x. this means it doesnt have any routes for that

If you mean doing PPPoE then you will only see a point to point to the nearest ISP node

@peak cloak isn't this what csm is asking?

Not true

Ik what they mean, since I had a similar situation

Well does that gateway just spoof TTL?

Modem I mean

It's not a gateway

Modem

I don't get it

Router.. sorry

I honestly still don't 100% percent know how it worked

Yeah well

He says he has his wan on the main router as lan on the moden

But the moden spits out rfc1918 isp

But in theory anything that isn't in local network will be forwarded upstream

ips*

No, you don't understand

Let me read again one second

I had this same situation if I read correctly. When I connected to modem I would get a public IP via DHCP. However I could still connect to the modem's webui via 192.168.100.1 I think it was

Maybe it's ISP forwarding back

No

Ye no

OH so dhcp is passed through the modem, from the ISP routers?

Aka his .1 in the subnet he s in

No?

Or whatever idk

He says he gets a public wan ip while connected to the modem

The modem isn't doing any routing or nating

@hollow marlin I think i remember asking you how it works a while back.

Ok. So it's just a network terminal

For converting the coax/dsl to ethernet

So bridge mode

Yes, a normal modem

It could be link local

What?

I don't see how accessing 192.168.100.1 would work if the routing is done already at the isp

It's not

You said the modem doesn't do any routing/nating

All traffic goes through modem. Modem would pickup any traffic destined for 192.168.100.1

Yeah, it doesn't

Ohhe

Oh then he just has to write in a static route for 192.168.100.1 in his main router to go to his ISP node or first hop after the router

Yeah that was my idea

Cuz it shouldn't by default route rfc1918 anyway

Yeah

I understood now

It varies greatly depending on the SP and their custom firmware slapped on the modem. It either handles it via proxy-arp, multiple interface addresses or simply PBR. There is a lot of software nonsense going on that I cannot give a good answer for.

That is already covered by the default route.

If their router's LAN subnet is say 192.168/16, then that would explain why it's unreachable behind the router because routing is not involved from the host perspective. A static route would not change anything.

To be 100% clear about the network layout:

192.168.100.1 is the modem... there are no settings to change anything on it. It's a Motorola MB8611. 192.168.0.1 is the Router which all devices connect to. It's an Asus GT-AXE11000.

If i unplug the router from the modem and plug a computer directly into the modem, it can go to 192.168.100.1 to get to the modem's webui

The issue is that devices connected to the router (once its plugged back in like the diagram), devices can't get to the webui for the modem (192.168.100.1)

I don't understand. Does your 192.168.0.1 router get a public WAN IPv4 address or an rfc1918 private IPv4 address allocated by the modem (otherwise known as double Nat)

it gets a public WAN IPv4 as far as i can tell

in the router settings it says 'WAN IP' then it lists my public IPv4

Sounds like a bridged modem

I disabled all static routes, renewed my ip configuration... and now i can ping it but and tracert to the modem, but can't tcp/GET it

Tracing route to 192.168.100.1 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  GT-AXE11000-22A [192.168.0.1]
  2     2 ms     2 ms     2 ms  192.168.100.1

Trace complete.```

But wait, can you connect both your router and your PC to the modem at the same time?

nope, the modem only has one ethernet port

(and that normally goes into the router)

I mean you really shouldn't need to access the modem configuration in normal usage

Well this means the routes are good for upstreaming to that but are you sure the router you have SNATS to itself instead of the local lan ip?

agreed... though i have a particular case where i'm trying to get something from the modem webui

its not supposed to. According to the manual/webpage it should still be accessible via a router

i checked, my LAN is currently a /24 with the modem on 192.168.100.1 (i.e. in 192.168/16)

dunno if that's coming from the modem w/ some kind of ARP manipulation or if the router set that up for convenience

i can ask around internally but idk i think it's probably hard to nail anything down because it depends on the modem vendor and all bets are off for COAM equipment

uhh

so you re saying your main router is routing 192.168.0.0/16 ?

the whole subnet, then the 192.168.100.1 modem just appears as there in the already existing one?

the subnet is just /24

then some arp weirdness seems to be passing through 192.168.100.1?

you can pcap it

@clear igloo @waxen scroll i love the overly complex crestron setup to let students plug in switches/consoles/laptops lol

behind it is DM NVX Video over IP

lol, can't make it easy

and tbh you can’t tell it’s video over IP

the latency is so low

network, encode, and decode

HDMI TX goes into the decoder directly but we can also route it over the network to the main matrix and send to any destination

Nice

@clear igloo :(

rip, no speed for you!

is game mode on?

idk

@clear igloo I have to interview someone who put ISDN on their resume. Should I ask hard ISDN questions?

Yes

they put python so im going to ask about it too

"why would I use a method?" or "why would I use a dictionary instead of a list?"

some person who edited someone elses script will trip on that much

the crestron shit is so annoying it's been nothing but nightmares at work

we have this crazy multi media demo room/studio with a fancy crestron setup

they put it in when they built our current building and it has literally never fully worked

maybe our AV people are just incompetent idk

but from everything I've seen it's like a rats nest of weird proprietary stuff that can't coexist with anything else (but claims to be able to)

@waxen scroll ❤️ Dante

can someone explain a little bit about p2p connection? like if u play a game with no region control i would assume that both of the recipients have equal delay on the other hand, if u play in a game with region control and it was specified to be in asia between an eu player and asia player, would it prioritize the asia player being dominant instead of being equal in delay? i edited it to be more understandable

How would it prioritize asia

i meant if it had region control and it specified to be in asia region

Covering a hole in the wifi coverage with this

Do you want to use an existing router manufactured by a known brand or from scratch?

Cheapest way is an intel NUC or something that has two interfaces

Any linux box works

You can install pfsense if it's beefier or something lighter like openwrt

No, just overall

It's similar to ddwrt

Do you have an access point already?

But having your own still has to go through that one

you could turn that into a dumb AP with ddwrt or openwrt and set this as the gateway

Do you want local LAN speed or internet speed fast?

If you dont need VLANs or anything advanced, you can go to openWRT or ddwrt although i dont think ddwrt works on nucs never tried it it could please let me know if im wrong

Then just get a switch

5 port gigabit switch is like $20

then probably any layer 3 switch would do if you don't want your packages routed trough the router

Yeah a switch is the best for this purpose

If your main router only has a FE port you can use that as its uplink and the rest of the devices on the switch will be gbE

You only need L2 switch unless you want a different subnet and to add more complex routing to the network, packets stay local on the same subnet

@clear igloo I wish they gave us more yellow ports in the AV booth :(

(yellow ports = AV network)

What is your family's router?

If you're lucky enough for it to be supported you can flash openwrt/ddwrt onto it

they only gave us enough to have everything plugged in with no extras

no extra for you!!

No pressure

https://wiki.dd-wrt.com/wiki/index.php/Supported_Devices

You can look for your router here

:(

😦

they were stingy about it lol

and i would think about adding a switch if i knew if it wouldn’t affect anything

I mean if you just want to connect the two you could in theory add a second network card to your pc and assign a static ip to them, see the jellyfish video

@clear igloo did u see the dante stuff

Nah

Any switch will work, as long as you aren't doing routing between subnets

@hollow marlin have you seen this extreme switch before

10gb & power on rear

https://youtu.be/c5PnP5bKz6k?t=935

( attached a timestamp )

Ltt

Wouldn't take advice from them...

Yah

Are those stacking ports perhaps?

i love IP

idfk

i thought extreme stacking was more than 10g

and why fiber for stacking

depends, I know some cisco catalyst switches do that with front panel ports, it's weird though since you'd think dedicated stacking ports would provide more bandwidth

i know the extreme summit switches my high school had were 22 gig stacking

https://extremeportal.force.com/ExtrArticleDetail?an=000087326

hmm

Moving this from the public-chat
I recently revamped my old ASUS desktop and turned it into a NAS using TrueNAS Scale. It seems to be running okay and I have SMB sharing set up. Yesterday I installed a couple 8TB Seagate IronWolfs to have some actual storage (Rather than the 32GB thumb drive I was using to test) and now I'm in the process of transferring all of my data from a 4TB External drive to my server. The problem is that my transfer speeds are painfully slow, barely hitting 12MB/s. Is this normal or is there something that may be wrong that could increase my transfer speed?

Oh heckin' yeah, disabled WiFi and hitting almost 100MB/s now. Thanks @waxen saddle!!

@clear igloo

chungus /20 on wifi

lol, yah, almost surprised it's not like a /19

i seem to be isolated on the AP

@clear igloo

1 hop to 1.1.1.1

first hop is literally just 1.1.1.1

lol, disable all the internal hops 😄

17 to google 8.8.8.8

lol

wot, lol

yeah it’s so weird

1.1.1.1 is the only one i’ve seen do that

Hmmmm, that's pretty strange then

and it’s not any cloudflare

it’s just 1.1.1.1

not even 1.0.0.1

@clear igloo huhhhh it’s just wifi

interesting, I wonder if they use it internally for something and advertised it by accident

wired

wifi i can’t hit 1.1.1.1 website so yeah

that's even more odd, lol, maybe a 1.1.1.1 loopback on a controller or something by accident but that should still be hit by wired unless they're airgapped routing wise or something

wired we get public IPs on 151.141

WiFi we get NAT behind 216.145.71.x

hmmm

i wouldnt be surprised if someone forgot 1.1.1.1 is a valid address and just decided to use it internally

they proabably set up a dns server in the building

and gave it 1.1.1.1

and statically routed 1.1.1.1 via that

and that dns server proabably caches / logs traffic

can someone elaborate on this?

1.1.1.1 is used for health checks internally a lot

especially on ASAs

I would also use 1.1.1.1 for testing myself

what os should i install on my nas thats very power efficient and easy enough for a idiot to use

also still an operating system that can be used

like for web browsing

Physical networking question. I can pickup wifi on my desktop. Am I able to share or output that signal through the Ethernet port on the back, to a second wifi router to use as a repeater?

Yes

Depending on the os, it can be really easy or kinda painful. Depending on whether you want your pc to nat or not, you need to bridge the 2 network interfaces or masquerade the incoming requests. In linux Bridging is really easy, in windows i‘ve never done it. I know it‘s fairely easy to use the „share network“ function in the adapter properties, but i don‘t have a windows machine on hand right now to check

That's the weird part lol

it's just WiFi only, wired 1.1.1.1 works

Yeah. Probably using it as a captive portal IP or something

Does anyone know if I would be able to bypass the router function on a "NBS AT&T BGW-320 500" and keep the modem? I was thinking in terms of having a pfsense box for better security if I was going to be hosting vms and servers that would be using a lot of bandwidth. I didn't think my ISP router would be able to handle the network traffic if I was hosting all of that from my house. (I have gigabit internet)

you can always not use the LAN ports

how should i remote connect to a server on a different network

#linux message
you've asked it in linux

it was answered there

what channel do you plan to ask it next

?

Sounds like a DNS server bound to the ip 1.1.1.1 to mimick it

Proabably forwards to 1dot but it could be a guest DNS with some rules set

anyone know what i should do after this

Hi, anyone using "Flame" as their dashboard with nginx reverse proxy?

My problem is, that my custom css is not applying outside of my local network.

might be a local network custom css

Whats the best wifi 6e router

Hey there

I do

But I don't use a custom css

If you have the cache just restart nginx

what budget?

kk

I'll try it

$179.99

what was the price for the u6 enterprise?

you could get away with just getting a 6e capable AP

Nvm that's 275 euro

Does does tp link ac750 re230 support wifi 6?

its in the name

AC750

so no

Hello, I have a TV box from a friend that I don't trust as being secure. Given that a LAN has no other devices what is the difference between being in a DMZ and not being in a DMZ? (DMZ setting is in the ISP provided router with no settings other than to add devices)

DMZ usually just forwards any traffic to the device from the internet without firewall or port forwarding rules

so would i need to connect another router between the main dmz one and the device?

Hello. I have an old router which has a little usb port, and I'm hosting a local ftp on it. I have made it so that my main router is wirelessly bridged to this old router, so I can also access it's interface and everything. Problem is I need to forward that ftp server to the web, and I've tried doing it on my main router through the internal ip of the router that is hosting the ftp and port forwarding that, to no avail. Is there a better method to this? It doesn't work when I port forward on the router that's hosting either. (Please give me a ping if you respond)

Dont expose ftp

VPN into your network

I wouldn't trust the old router's ftp server on the internet - who knows how old or vulnerable the software is?

Plus FTP in general kinda sucks on that front, being unencrypted and all

I agree with using VPN, or add your files to cloud storage - or at least get a modern build of openWRT on the router so you know what you're dealing with and idk... SFTP and cert-based auth?

If it's too old for up-to-date openWRT, it's too old to be exposed to the internet

what does this mean for a device that i connect via the dmz?

Everything the firewall does not explicitly block will go to that host

Using a DMZ is functionally equivalent to forwarding all ports not already forwarded to something else.

So the local (local to the dmz) ports become public ports?

Kinda?

For your use case, a DMZ is less recommended than forwarding explicitly the ports you need.

I assume you do not have complete control over the device's firewall and operating system.

If you put it in a DMZ, you are likely to expose services you don't intend to expose, which poses a security risk.

No I don't, so I don't want it to have access to the LAN. I don't think the router supports vLAN's

I guess a vlan would be the recommended setup?

I'm confused. You said that the TV box was the only device behind the router.

What LAN are you trying to isolate from?

Or that's how I parsed this:

I was asking from that single device perspective for comparison sake.

Anyone know how I can go past 512 receiving buffers? My PC seems to love to restrict me.

The LAN is a home network

That would be an application-specific problem, you likely need to reconfigure the application

Ok, so there's other devices on the network?

I'm trying to configure my network adapter

Yes. The real question/problem I am trying to solve is: How to connect a potentially dangerous device to the internet without compromising the security of my home network?

Is this Windows?

I think you want a firewalled off seperate subnet. A vlan is just a way to have multiple LANs/subnets on one wire

It's always going to be a risk, but it's not one you can mitigate further using a home router unless you use a VPN rather than exposing it.

Yes, windows 10.

Windows 10 Professional 64 bit

So you've opened ncpa.cpl, selected the adapter in questions, went to properties and then selected... I think it's adapter properties?

Yup

Going from memory here, having breakfast

Ok, so you see the adapter setting in question?

How would I connect such a subnet/LAN to the router without it having access to the main LAN?

It gives me the same error for changing transmit buffer

What error?

Yes

What is the inherent risk without a vpn?

Let me take a screenshot

You setup the router in such way

Exposed service may be vulnerable, you don't trust the device

Your router may not have the ability

^, If you have to ask, 99% chance it can't I'm afraid

It's not a common home feature

Yeah no

I can easily do it on mine

The only features that i have found are, Port forwarding, VPN and DMZ

What's your router though?

@pseudo blade

Ok, well it looks like a driver limitation

That's for transmit buffer

Or hardware, or both

services on the router or on devices in the lan? Wouldn't those devices need to be port forwarded to be at risk? please could you explain more?

Your intent is to port-forward the TV box?

An ee brightbox 2

Or just plug it in and use it?

just use it

Oh

Well in that case why are you concerned about the TV box?

i am not worried about the risk to the box. i am worried about the risk to the rest of the lan

Is it from an unknown source?

yes

Hm. All I can suggest is either putting a small router between it and the rest of the network preventing the tv box from accessing anything local, or replace your router with one that can do proper network segregation like vlans or multiple LANs

These are cheap and cheerful if you just want something to act as a firewall for one device: https://mikrotik.com/product/RB931-2nD

Only 100mbps though

How should the small router be setup such that it can't access the home network lan as though it is a wan?

*can't

You add a new private IP range for the TV box, set up NAT so it can get out of the subnet, set up a firewall rule to block outbound connections to your outer LAN's IP range, bind the management interface to only be accessible from your outer LAN

I have an old home hub 5 that i could maybe put openwrt on to do this? would that work?

If it can run openwrt I can't see why not

Would it need multiple NIC's to be setup correctly, or is the switch in the router sufficient?

Ah yes

If the switch is manageable you'll be fine

If not you can't perform isolation

they look like this

it has a wan port and lan ports

would they be configurable in openwrt?

I have no idea but that WAN port suggests it probably has at least two interfaces connected to the router's CPU

Or it's a managed switch

Either way it'll work

I doubt the vendor-supplied firmware will help you here though, it's a rather backwards ask vs. a regular home network. It'll need openwrt or something

I think it depends

Like my er-x has an internal switch, but you choose what ports the switch is connected too

going back to the dmz feature in the ee router. If the tv box doesn't have any open ports would that mean it is safe to put in the dmz instead?

Matter of both hardware and software

If openwrt has switch drivers it'll be fine, and with that layout I'd give it a 90% chance the WAN port is discrete

Yeah I would be surprised if it wasn't

(i think its one of these, ill have to find it) https://openwrt.org/toh/bt/homehub_v5a

I'm still not sure I understand the risk of connecting the dangerous device to the internet without a vpn? What difference does port forwarding the device make?

A VPN is not applicable unless you want remote access.

Oh, i see. your talking about a vpn in the conventional sense?

not a vpn service?

Yes

I meant if you wanted to remotely access the untrusted device and were concerned about its security versus online threats, use a VPN and don't port-forward

I see. No I'm not connecting to it remotely. I assume it has no open port, I am yet to check. If it doesn't then is it safe to put it in a DMZ and rely on its own security/lack of open ports?

A home router's DMZ feature does not provide additional security, it just pokes a giant hole into your network

please can you explain to me what a giant hole is/means for security? isn't it only a (all ports open) hole to a specific device?

…which, if that device is sitting on your internal network and gets compromised, is a problem.

Just do port forwarding and if you can, set up your Internet-facing services on a separate network, fire walled off from your internal network.

Ideally, you want your attack-surface to be minimal.

I don't want to remote access anything. I just want to separate a device such that it can access the internet but can't access or be accessed by anything on my LAN. The router has minimal features (only Port forwarding, VPN, DMZ afaik). I am trying to understand if simply putting the device in DMZ would achieve what i want.

Does a DMZ class as sitting on your internal network?

Some “DMZ”’s are just “what IP should I forward unsolicited connections to?” Others force you to create a separate network. So… it’s really up to the manufacturer how they define “DMZ”

So the putting a device in DMZ doesn't necessarily stop that device from seeing other device on the lan? I thought that was the purpose of a DMZ?

Depends on how the router handles it. I’ve seen some that actually isolate the DMZ from everything else, and others that only let you specify an internal IP on the local LAN and do no isolation at all.

Run a test and see how yours handles it.

okay. is the test simply, can i / can't i ping LAN devices form the selected dmz device?

hi, im trying to get wireguard pivpn setup. i seem to be able to connect and use the vpn via local network, but traffic isnt going through on non local network. the server is recieving udp packets, but the client doesnt seem to receive from the server. i checked port forwards and everything seems fine though?

it seems to transfer enough data to get the "last seen" on wireguard updated

but does not succeed handshake?

There a way to purposefully sabotage a cable internet connection to make it appear slow to convince someone to switch to fiber internet?

I don’t think we can answer that type of question here.

I don't mean "throwing the router down" or anything criminal. I mean is there something in the router admin settings that I can tweak.

Like the slowest lane of traffic

no malicious activity

Yes it's possible but depending on circumstances there is definitely legal liability.

If you have to artificially degrade a circuit for it to become a problem, then there is no problem if whoever is fine with their current connection.

I am uncertain about the legal implications (quite possibly if you're trying to impact the person paying for the connection) but for me there's moral ones also.

ask them
"hey can I slow down our internet so I can convince you to upgrade"

lol that'll go great

from what I can assume, this might be a kid trying to convince his parents to upgrade their internet

Seems obvious to me

I'm not a kid

Thats my guess as well

We split the bill each month.

Oh. Well in that case pay for your own fiber.

couldn't you say you're okay with paying more to upgrade

They don't agree. They think its fine as is.

Pay for it yourself then.

If it costs too much to do so... oh well guess you don't need it that badly then

Pay for the fiber, tell them you won't pay half for the cable, offer to split the fiber

Be prepared to pay the full price if they say no

yea, if you're not a kid. then talk to them like adults and convince them

I've tried.

They've already said no

Sounds like a you problem, and not a networking one ¯_(ツ)_/¯

Have them pay the same, you pay the rest.

Yep, can do that

indeed my point, cover the upgrade

The main beef is the installation costs.

Offer to shape them to cable speeds if they pay what they pay now, full speeds if they do half

Sounds like your price to pay

You care about it

They do not

so you're on DSL and want Fiber

👆 This tbh, I pay the whole internet bill in my house

Cable

But its spectrum. And I keep getting host crippling ping spikes in NeosVR.

The issue isn't continuous.

Again, this problem only impacts you

yea, sounds like a you problem so just cover everything then make them pay the same price

Any idea what the source is? For example, maybe your roommate opened a YouTube video? Or a tree moved in the wind?

might be a bee on the otherside of the earth

Microwave turned on?

Too often to be considered opening a YouTube video.

Someone breathe and affected the cable

Besides it happens when they're not home too.

tbh, I agree with them. Why would I want to pay more if the current one is fine and can do internet things