#networking

any raid? replication?

No raid but replication of the most critical data across 5 HDDs, 2 offline (stored away) and 3 online (laptop/desktop/server)

I plan to get a single 16TB SMR HDD to copy everything entirely and store it in a different city

No geographical replications/backups though. If an earthquake was to destroy everything in my room, I'm quite sure I won't be able to escape in time 😂 My data would go with me

The only event of me losing data was when I was 14, trying to fix a friend's HDD and accidentally started a full-erase on the wrong serial number. I was still able to recover everything besides mp4 videos which were strange due to fragmentation... Random parts of random videos would be recovered as one. It was just a few game recordings so nothing much lost

also luckily I've never had any drive fail on me yet... 🤞

The old 1TB dell HDD from 2012 is still online 24x7 without problems

I want to setup my desktop in my room, but my modem in downstairs so I took my laptop and did a internet speed test (the one built into google if you search “internet speed test”) and tried to download a steam game and I was getting almost the same exact speeds as I was downstairs albeit this was down via laptop and not my desktop.

But my question is, will my desktop likely share the same results?

If it has the same or better wifi chip and the same size or larger antennas, then it's just a matter of moving the antennas if you get slower speeds
The problem with wifi isn't usually the speeds you see on the speed tests (bandwidth)
The problem is usually latency which is often much more noticeable but harder to measure

The Wifi modem's performance and behaviour, antenna behaviour, exact position and time all affect the performance in both cases.

Inconsistency is practically guaranteed.

I would however take this test as being "encouraging".

Sorry just come across this and new to the server. What is it you’re trying to do?

@clear igloo

All of that fiber and power 😳😳

Just a tad 😛

My initial question was regarding port forwarding and ipv6 since I wasn't able to access anything from my Ubuntu server from external ipv6 but tailscale ipv6 worked fine.

Someone suggested using a cloud provider and recommended OCI free tier, the exact service that deleted all my stuff without warning for no reason and with no explanations just a few days ago...

Wow

dya know the server specs? 👀

If you have the recourses. Could do ESXi free on workstation but the networking gets buried with OS. But then again. Have no idea what the config was for the VM before it got flattened.

if you plan on playing games on that desktop, I'd recommend a cable... Makes a difference

@glacial linden about ipv6 it could be router not supporting it correctly?

since v6 doesn't require port forwarding

Not sure, first I was waiting on ISP to give me static IP. Now I do have static IPv4 (FINALLY) but I can't connect to myself from that IP, everything times out, including ssh, even with the correct port forward settings 🤦‍♂️ I've hosted minecraft externally like this before, no idea what's wrong but ill have to figure it out

wait, so you are try to connect to your MC server that's hosted on LAN, from LAN

I know, I used tailscale for comparison since it's IPs are also considered external, and was able to connect to http from both ipv4 and ipv6 in tailscale so iptables settings are correct

using public IP?

No no... 2 years ago I set up port forwarding 25565 and gave friends my external ipv4 (which wasnt static but was dedicated) and we played for 4-5 months

Just as an example of - I know these routers and I have made something work before

yes ik, but I'm confused about the "connect to yourself" thing you said because that may be the issue

Ah I don't have any money... I do have old hardware at home so selfhosting it is. Specs were 4 VNICs (4 external static IPv4/IPv6 addresses), 4 cores ARM A1 Flex and 24GB RAM with 200GB storagee

because if you are in LAN, trying to connect to your MC server using the WAN IP, but the MC server is also in your LAN, then the router needs to support NAT Loopback in order for it to work

Ahhhhhh YES FINALLY this was it... Didn't realize my phone went back to WiFi 😂

Just SSH'ed into my own network from phone on mobile data... it's working 😄

I can't connect to myself from external IPv4 for anything it seems

Which is a problem because I plan to host websites on here which I'll also use myself 😐

yes, you need enable NAT loopback

or use split horizon dns

also called hairpin NAT

I'm very sure there's no such setting on my ISP router

Doing a quick search through anyway

how would DNS make a difference here

NAT Loopback / Hairpin NAT settings aren't anywhere on my ISP router

basically you can do something like this:

internal dns server gives different answer than external

Would HTTPS work through this?

Since domain name and IPv4 both need to match

no? pretty sure only domain does

although if anyone is using encrypted dns or not your dns servers it won't work

yeah no it can be to domain only, since how else would the let's encrypt DNS-01 challange work

I'm considering getting protonvpn and staying always-on-connected to my nearest location... Quite sure then ill be able to access my own website being in the same internal network

why... that's needless complexity

true... it will waste a lot of bandwidth too...

I plan to set up nginx HTTPS, HTTP, DNS over HTTPS (DoH), DNS over TLS (DoT) and configure all of this on my phone atleast, would be a headache to change settings while im at home all the time

So if I host nginx https here, will I be able to connect from internal network if I figure out split horizon DNS?

yes

I hope DoT/DoH also work fine since I plan on doing one-time settings on my laptop and phone for when ill be on the go... Hopefully wont have to change 10 things once im back 😂

easiest option is just nat loopback, but that requires hardware that support it

If my ISP router itself doesn't have an option for that... I don't think any hardware I get can help with this

replace the ISP router

That'd be a big big headache... this ISP router has baked in credentials, fiber settings, etc

Basically settings I can't even reveal. Controlled by ISP externally

so it's not just a router

router/ONT basically

it should be possible it put it into passthrough mode and use your router instead

that way your router still gets the public IP directly

Route mode vs Bridge mode?

I have that setting and I can enable it per-LAN port

sounds like it, but be aware you need to have a router to go between it and your home network for you to still be able to use the internet

I would read the manual if there is one for your combo unit

My secondary router (ArcherC6v2) is what everything's connected to. Quite sure it also doesn't have NAT Loopback settings, im giving it a quick glance again

so that one is routing or just in like AP mode?

because if it's doing NAT you have double NAT rn

Yes, double NAT

Internet --> ISP Router --> ArcherC6v2 --> Everything else

I have port forwarding configured in both

so yeah in theory if you put ISP thing in bridge mode you will have public IP directly on archer

Awesome, but I still need some hardware that allows hairpinning or NAT loopback right?

https://community.tp-link.com/en/home/forum/topic/157747?replyId=558272

so apprently it supports it somewhat?

idk

I just checked the exact same thing lol

if the archer supported custom NAT rules then there could be a way to hack something together

It's supposed to support NAT loopback by default but the firmware mine is on, has a bug where that stopped working according to someone from that same forum

There is a firmware update from 2022 as well

Starting with the firmware update... I can manually go back if I need to

quick question with networking and DNS pointing, How do i point my domain to a certain ip and port, i try to do a A record and with ip:port but doesnt work. what record could i do?

http://www.example.com:8080/webpage

where Port is 8080

for IPv6 you can do https://[fe80::1]:8080/webpage and replace fe80::1 with your IPv6 address

also you can't point a domain to a port as far as I know... port number has to be specified manually when requesting a page, and custom ports dont work with HTTPS

Oh, okay.

I'll enable bridge mode and configure everything accordingly first, firmware update on ArcherC6 is done and it's working just as before without problems. Even if this router doesn't work, I can always use bridge mode and just get a router that supports this / has more features relevant to self hosting 😌 I can finally go and rest in peace for 12 hours 😂

Also, my guess is that my Archer C6's buggy firmware from 2020 was the reason why NAT loopback isn't working, and I'm guessing my ISP router supports NAT loopback too. If that is the case, I won't have to use bridge mode either... though bridge mode will be more efficient, ill enable it when I have time if this is the case

Thanks for all the help! 😄

@burnt dew you kinda can

it depends, like https you can't

but like minecraft java you can with the use of srv records

because mc will lookup the srv record first

pretty sure the original intent of srv records was for it to be used everything and get rid of dedicated ports

What should i make Priority and weight

Doesn't really matter

Unless you have multiple

If I have a domain regestered with cloudflare, will reverse lookups work? if so, how can I disable them? Don't want bots doing reverse lookups and not getting blocked since they no longer give "missing server name" TLS error when spamming HTTP ports on random IPs

Reverse loopups are configured based on the IP and by the IP owner so no

Your ISP owns the IP

Can't I block it on the domain level?

Like as of now there is no domain that points to my new static ip

So reverse lookups will return nothing

No?

ah that sucks... will have to find something else for security then

Wdym?

How would that be for security

👆

When I hosted my website on cloud, I saw a LOT (more than over 5k in a week) requests to the IP. Bots trying all sorts of malformed queries and stuff

That's what happens...

Cloudflare should handle it for you

The internet is full of bots just scanning

So I setup a python script that scans logs for "missing server name" or any such errors and the moment a new error is there, that IP gets added to the iptables DROP list and rules get updated

Now if bots can just reverse lookup the domain name, "missing server name" will no longer happen

It was like security by obscurity, no one knows my domain name

personal use so I intend to keep things that way too

I don't think you know what a reverse lookup is

I mean if you created a firewall and the actual server is protected behind CF. what's the matter with knowing the domain is

also this^

rdns gets a domain from an IP

Reverse lookup = enter IP and the registered domain will come up?

Yes, but for any residential IP it will be like theip.fios.verizon.com

Not your domain, because you don't control the record

oh...

your ISP doesn't care for the most part that you have a server behind.
why would they udate their records for you

Do an rdns on your IP, you'll see

Only business would do it

It's mainly needed for mailservers

I remember seeing an updated 123.45.67.89.myisp.etc

exactly, and I would assume this guy is a private citizen

didn't know reverse lookups give those domains for normal people

Yup I am...

ah ok nice...

that's what a non normal citizen would say

@meager ginkgo finally got it installed.

Is it working now?

bro my school uses deep packet inspection on their wifi

no games for me 😢

My uni has a datacap on campus, but it doesn't seem to apply to eduroam, which is also available on campus.

cant you use vpn?

So I had to move the one port from the basement, through the weekend I also purchased a coax tester and traced the lines. Unfortunately the one in the bedroom appears to be a line-in from street and doesn't go to any of the cables down in the basement.. (weirdly)

But. I did manage to get three working at once so yay.

Cool.

That and the power in needs shielded cable that's properly made, I guess the ends that I have were not compatible.

ANY possible way I can port forward... a port?
this sounds weird let me explain

for example, i want
000.000.000.000:6969 to be port forwarded to 111.111.111.111:4200
more specifically

domain1.tld:6969 to domain2:4200

context: trying to make multiple pterodactyl servers able to use default Minecraft ports 19132, is it at all possible through an SRV record?

🤢 rip your university has limits on the WiFi

Apparently, though my understanding is that nothing prevents me from using eduroam instead.

Yeah

Maybe only if you needed to access internal resources that may be limited on eduroam

Possibly. Though 100GB should be enough. I am not updating my Steam library on campus.

you can't run multiple servers on one port, however you can open up multiple ports, one for each server and use srv records for mc

yours has limits on devices...

only for residential in the resident halls

on the main WiFi they don't give a shit

I'll stick to a tiny router forwarding all my traffic through a VPN for the accomodation.

also who wants to fight with me
WPA3-Enterprise is supposed to be secure, right?
If so, why does iOS allow the username AND password to be shared?

because your device stores it with reversible encryption?...

On EVERY single Android device, however, there's not even a share button on those networks
Not even Windows allows it

its gonna have to eventually send it over plaintext (usually wrapped in a secure transport i.e.: PEAP, TLS, etc)

Windows allows you to view .1x creds

I mean you shouldn't share it

oversight maybe on apple's part

but it's possible to view it either way

It doesn't do the easy setup and share from my experience

like it does for PSK

(the one where it will prompt you if you're contacts with someone nearby to share the password)

Like, if I go to my school's WiFi network, click the more information button, and click on the username and password, it asks for the device password and that's all that protects it

The encryption standard used for the network is entirely separate from how any given device will store the details.

well yeah...

but those are your unique credetials

as I understand it, your traffic is encrypted uniquely compared to other people's with different credentials

Just because you can view your creds doesn't mean Apple is suggesting sharing them

unlike a home wifi, where you have 1 preshared key/password

no it's not
it's the same username and pass for all WiFi devices with the CA installed

well then it's not setup correctly

replying to this btw

that 100% defeats WPA enterprise

yes, that's not how it should be setup

just clicking WPA enterprise enable does little to nothing if using 1 preshared key

WPAx Enterprise is meant so each client is sending its wireless traffic through its own encryption key

yep

you would have a radius auth server setup

or similar

No-one should be able to snoop on the traffic unless the client accepts a malicious server certificate

and proboboly connect to some directory system

Speaking of CA
why can i install a certificate regardless if it requires a private key
iOS allows it
Android bitches about not having the private key

because you shouldn't have the private key

You should never have the private key for a CA

I think you are misinterpreting what android is saying

in a perfect world, any private key for anything would always stay on the same device

I was given the CA for my school to find exploits in the network because I'm that one kid who got staff wifi by the most dumb method ever

...

the private key?

no

just the certificate

u wanna know how i got staff wifi? (my it dept is very smart btw /j)

it's not hard to get some preshared secret, k-12 often has terrible security

i've done the same

Thankfully they have WPS disabled

but that didn't stop me

WPS isn't even a thing on APs

No, it's not
They use home routers because my school is cheap

and they enable bridge mode

...

it's as easy as finding a sticky note with all the passwords

Staff wifi was easy to get, too easy
y'know the windows advanced file sharing?

In the user catalog, in the description of the user, is their password.
WHAT

Can I fire the IT dept?

doesn't sound like there is an IT dept

Fine, can I fire everyone who had anything to do with computers at any point

PLEASE do, idek how they expect us to stay off wifi on personal devices when I was GIVEN the certificate, and they put passwords in user descriptions

they prob don't realize that's public

reminds me of a post I saw recently on r/sysadmin

I should check that out
Needless to say, when I'm 18, I'm going to apply for networking team, and unfuck their network

it is bad

I doubt there is a dedicated network team or even person

OH ONE MORE THING
staff wifi username and passwords are the same on ipad setup payloads and i kinda abused that

I mean you could also report the issues

I'm going to

Their MDM is actually good
jamf and apple business manager ;-;

the IP speakers in my school were on a seperate subnet but not firewalled off properly

and the credentials were default

LMAO
that's what a VLAN is for

it was on a vlan probobly

schools in the US are surprisingly dumb when it comes to device management and networking. Keep in mind, I'm 15 and I know more about the network in my school than the whole team does. That says something

ehh idk

you didn't know what a vlan is exactly

I actually found out later that the cams for my K12 was directly connected to the NVR which is actually common practice depending on the install.

VLAN separates a network
but like
my school didn't even try

VLAN all the way back to the NVR and have the NVR do DHCP & its not doing NAT so no Internet path for the cams

not really

all a VLAN is it allows multiple physical LANs over one physical interface

where it gets tagged and untagged

most common usecase of VLANs is to have multiple subnets on them

then my school's networking class is also wrong
guess from now on ima do my own research

cuz my school don't know their shit well, clearly

you can separate a network without the use of vlans, it will just require a bit more hardware..

Its funny how vastly different K12 and higher university is

IT wise

most unis have their own IP block

I mean my HS did as well

My university: Actual redundancy, firewalling, proper IP management, MDM (Intune for everything), patch management & deployment, utilizing cloud & on prem, etc

K-12 IT department in my school, decent for most people who aren't trying do dick around like I am. I'll give them credit for MDM and content filtering, however.

ewww, content keeper...

@peak cloak Uni is doing VRRP

Everything starting at access layer is redundant

aight before i hop in VRChat or Beat Saber do one of u wanna properly teach me networking xd

That requires a lot of time and work

Redundant Level3 links, redundant core & multiple BGP edge routers, multiple paths from access stacks, etc.

They also have a failover ISP but no redundant links to them

Idk much about ours, I have other things to worry about

networking is art of making fancy magic rocks that we teached math talk to each other

Before I go fr, my parents Xfinity router keeps rebooting specifically at 2:42 AM and it's pissing me off, funny thing is that there's no reboot schedule

can i split the coax into 2 routers to have a fallback router

No

Unless you pay for a second line

that sucks

but you could probably put your router into bridge mode and have your own router that doesent have reboot schedule

That's because I guess it's a modem/router

So they can manage it, so it's probably updating or something

it's one of the default AIOs with the coax uplink, switch, and AP

Yep

it's 12:03AM
i gotta go to bed, i didn't realise it was this late

i hate school

It is 6am, I was supposed to go to bed early.

ah ur one of the "I'ma pull an all nighter on a school/work night" degenerates like me, huh?

I was going to repack my luggage. Hotel check out is by 11am, and I am due to fly out in the afternoon.

i have also done a couple of those
but then i just skip sleep time and go to sleep next day normally

Which is likely what I'll have to do. But I still don't know when I will go to bed as I have a lot of time zones ahead.

pack yo shit, sleep, and go

Having dozens of K12 and a handful of Uni customers which we provide some manage services for at the edge, there is a night an day difference between them IT wise.

Yeah

University usually runs somewhat as close as to a regular business

That's what I've been saying to myself for the last 4 hours, clearly that didn't work.

Money helps with that

Yeah lol

University IT also has to manage FERPA, HIPAA, and PCI data as well and all of their network & storage requirements

FERPA for both university & the university school

They then provide "Internet" for the dorms but which the managed ISP for the dorms runs BGP on top of.

We have to comply with them as well (from a purely provider standpoint) on top of our own compliance.

Yeah

The university i attend is a big medical school

Most K12/Uni circuits are still primarily L2 between sites which makes me sad

K12 was like that yeah

Idk what uni is

University

Yeah I know what uni is but like idk what my uni is doing for site to site

Gotcha. Most likely L2 circuit primarily used for L3 adjacency which is almost always the case. I've yet to seen a customer, either ours or many other providers I have friends at, utilize L3VPNs.

I know we have a S2S to AWS

idk about to other campuses though

@hollow marlin @peak cloak One thing I want that we'll never get is a fiber connection between two specific rooms across campus lol.

If there is conduit that can be utilize, easy. If not... 💰

Tried enabling bridge mode but couldn't get IP on my router even if I manually entered settings. Apparently I need PPPoE login credentials from the ISP after going through some forums... is there any other way to solve this problem? Could DMZ possibly help? I'm trying to avoid asking ISP for this because they don't understand these details, get confused and waste a lot of time

Sooo I installed Zentyal on a VPS via SSH, or, tried to. It doesn't wanna work anymore

I asked my ISP for "dedicated IPv4" instead of "static" ... they didn't understand. I was like ok, static IP would also be fine, won't need to enable DDNS. They said it's static but it has changed 3 times today 🤦‍♂️ Time to set up ddns again

any1 know what kind of ethernet cable i should get i have xfinity 1000mbs plan and a 100ft cable

Pretty much any ethernet cable you can buy will be fine at gigabit. Cat6 is cheap now so I'd go for that

Yeah I just don’t think there’s conduit directly to there and idk if there’s an indirect path

I'm about to go from an MR9000 to a R8000

well, that went pretty well

On seperate subnets? Yes, your router still needs to route between subnets

That's what L3 switches help with

mfw i forgot to no shut an interface, and re did my packet tracer twice cause the switch wasnt communicating with the router

Place I worked was MPLS

You spent money on a 2.5Gb switch that can't do VLANs when you knew you were going to use VLANs?

iirc "Q" is...Trunking?

i forget

802.1q is just the vlan standard

It's not about VLANs

You can do VLANs, just it won't be 2.5gbe between subnets that are in VLANs because they gave to get routed through the router

from what i was reading, that switch is supposedly l2+, which includes 802.1q which is the vlans. so the switch can do vlans, its just bottlenecked by the router

"The switch can do VLANs"
"it's bittlenecked by the router"
what?

A router is needed to route between subnets... The router is only 1gig

the situation you're describing doesn't sound like the switch can actually "do VLANs", but rather, they're advertising a "feature" that most any switch should be able to do normally...

so the switch can segregate ports based on VLAN, but it can't actually route across VLANs

that makes sense...i guess

The switch can create multiple vlans. Vlans are separate networks that require routing to go between. Since its only a layer 2 switch, it doesnt have its own routing. The issue is that he wont get the 2.5 gig between vlans. Just because its bottlenecked doesnt mean it cant do it

Routing needs a l3 switch

When I mention L2 from a SP standpoint, it's either MPLS/EPL/EVPL. L2 just from the customer's perspective

a switch that supports vlans doesn't need to be able to route between

L3vpn bro

Need more customers asking for it

It's not their job to ask. It's your job to recommend

What would this be considered?

i was under the assumptions that unless it can do routing, it isn't Layer 3

That's just normal vlan

It can't route between VLANs

Layer 3 adds routing to the switch. But layer 2 switches can still do vlans

I guess port based vlan just means port isolation, between 2 or more ports

Kinda stupid really

then why did you say "that's a lyer 3 switch"?

I meant that for it to route it needs to be L3

My bad, kinda confusing

yeah

yeah, quoting in Discord is weird when each message doesnt have a header

can someone help me with wireshark filtering? i want to try and identify a layer 2 loop by only looking at broadcast messages, but i want to exclude the ip on the laptop im currently using at the same time.

Hello, I’m looking into getting a network but watch several videos and still confused

Me too, buddy, me too

I’m going for something for home and also for outside (to separate my personal systems) - like Minecraft server / nas stuff etc….

It’s not quite clear what you are trying to accomplish. Do you have an ISP? Do you have a router?

currently- just got at&t fiber and I have default company router

does anyone have a small script that can update ipv6 for duckdns too?

Didn't keep mine around when old computer died. The API's dirt-simple though.

Yup it's awesome 😄

Welp ISP finally configured static IP so I can stop worrying about ddns

Ipv6 is a bit different

It doesn't work the same as v4, since every LAN device gets it's own unique global IP address

ah ok... nvm though because my half brain ISP disabled IPv6 because they dont configure it when they provide a static IPv4

slowmode

@clear igloo "why is the WiFi shit in this room" oh the AP was disconnected LMAO the status LED isn't on

Thinking about recommending the Synology RT2600AC to my mom, who I am currently living with. I'm tech-savvy myself, so I can set things up like a better WiFi password than default and changing the login configuration and whatnot. Thoughts?

I'd get a better wifi 6 asus router for that price

https://www.amazon.com/ASUS-RT-AX3000-802-11ax-Lifetime-Whole-Home/dp/B084BNH26P/

I see, thanks for the advice

Any idea what'd PrivateInternetAccess' Hostname be to add their DNS IP in DNS over TLS?

I found these on this page, but don't see PIAs https://adguard-dns.io/kb/general/dns-providers/?clid=mdw3MR&utm_campaign=dns_kb_providers&utm_medium=ui&utm_source=home

maybe they don't offer such service

Synology's software is great, though the hardware's not great for the money. Synology's Wifi 6 product is eye-poppingly expensive if this is for someone who doesn't need all the fancy features, and the Wifi 5 one you listed isn't much better. By the way, you'll get better responses here if you say what internet speeds you actually need to serve, what kind of space needs to be covered, expectations for functionality etc.

Synology is mostly for if you want the provided app services, filesharing etc or if you just really like the "window and desktop-based" interface, otherwise it doesn't offer much over its competitors

Hello! I have a friend that needed some temporary backup storage space so he could re-configure his setup, I offered some space on my TrueNAS server and setup the SMB Share as well as opened ports in my router.

He couldnt connect from his house using his M1 Mac so I ran a test from a MacMini on my cell phone hotspot as well as LAN and had no issues. He came over the next day and we were successful testing both local and wan-side connection through a cellular hotspot... We both have the same ISP and honestly dont live all that farfrom each other. I am able to traceroute his WAN IP from my house but he isnt able to trace mine from his.

Any thoughts or advice greatly welcomed and appreciated as I'm totally lost where to look

It’s likely your ISP is blocking SMB traffic (and they probably SHOULD be doing this as well).
Set up a VPN between you two and you should be fine.

I just spent some time analysing some unexpected increases in traffic on my management network and was wondering if someone was trying to bruteforce access to one of my systems. Nope! It was just me!

I left a management page that receives a stream of data up for a few days and didn't notice

Wouldnt that also block the attempts made through my cell hotspot tho?

Either way exposing SMB is probably not a good idea.

I'll make my peace with it, any thoughts on what could be causing the problem?

Corewyyn could be correct, you could have a bad firewall or masquerade rule on either router, or you have a firewall rule on your NAS which is interfering.

Try and see if SSH works by forwarding ports. If it does, ISP might be blocking SMB specifically (I second that - should be done for security), but if SSH doesn't work, might be some complicated or messed up network rules that allow one way connection from you to your friend but not the other way around...

ISPs can be very annoying regarding this since they don't expect anyone to do anything advanced networking related... they end up making the bare minimum work - your browser/etc and are clumsy, cheap, want as fast as possible solutions, and are also lazy.

I suggest - use tailscale or zerotier one - these two services, both work really well. They're free to use, and allow you to create a VPN network which can establish direct connections, and both have a very easy to use web interface. So wherever you go, your devices can stay connected, and internal addresses stay the same so no need to change any configs. If direct connections aren't possible, their free relay servers are used but keep in mind they're very very slow. CGNAT would be one reason why tailscale and zerotier can't establish direct connections which I dont think you have.

You can check if connections are direct in tailscale by pinging using tailscale ping computername and you can check if connections are direct in zerotier one by checking zerotier-cli peers which will list DIRECT or RELAY. I'd say this is easier than setting up a wireguard or openvpn server and more efficient as well.

Im not sure if these can be directly installed on truenas, but with tailscale, you can install them on your laptop or mac and expose routes to your truenas, which would be tailscale up --advertise-routes 192.168.123.0/24 and after this, all devices on your "tailnet" will be able to connect to truenas through your device acting as a route between them. Zerotier doesn't have an easy way to do this so I'd recommend Tailscale for this.

At last, if you go with tailscale, use Github and multi-user tailnet.

Oh and no port forwarding is needed for tailscale and zerotier to work. Enabling UPnP in your routers would help

They can automatically open ports as required too

I see, thank you. I currently only get 300 Mbps down and 10 up, but I nay upgrade to 500 Mbps down.

my domain name & ip were not found entirely. I'm sure its something in the settings cause I have the same ISP and SMB is not blocked over WAN. Tested and confirm via cellular hotspot, so I doubt he'd have the block since we have the same ISP.

@pseudo blade I am running Freshtomato which has masqerade. Mostly running all default settings so im not sure if theres a rule I need to enable?

domain name? do you mean NETBIOS computer name in windows? Also I'd still recommend tailscale, it's still easier to do than figuring out what's being blocked where / what settings have problems

You can also use something like ngrok or playit.gg as a temporary free relay server... they're made for stuff like hosting minecraft servers at home, and ngrok doesn't even support UDP... Problem is, SMB only works on fixed ports as far as I know, so you will need a VPN setup to work through this

I've been with PIA for like a decade, all these free services have DoT. Didn't consider that, hmmm.

Is ubiquiti dream router any good for $500 budget?

I wouldn't. Ubiquity just had a world wide zero day that affects most of their commercial equipment. I'd be wary of using their stuff right now.

NetGear Orbi 6 is pretty good, but pricey. The router alone is about the same price. If you get a package with a mesh network satellite, it's another few hundred.

from bleepingcomputer: "The data breach report from Ubiquiti in January is allegedly a cover-up of a massive incident that put at risk customer data and devices deployed on corporate and home networks."

netgear is worse...

Really? I haven't read about any exploits on their equipment for a while now.

yes Ubiquiti isn't perfect, it's a bit expensive, but it fits the prosumer market

it has barely any features compared to ubiquiti

@wintry fiber what features do you need

Me just want wifi 6 with perfect interface

tp-link omada is also in that market and it's pretty nice as well

like Ubiquiti

"perfect interface" ?

ubiquiti is not perfect, nothing is

Same here, just wanted WiFi 6. I get great speeds on Wifi (I'm using it as an access point, have my own Linux router/firewall)

I just use a tp-link omada AP

not perfect is whitewashing their coverup and lying about the exploit. It pissed off corporate network security people seriously

they are pretty nice

at the same time I heard there was someone was lying about the databreach

trying to get show ubiquti in a bad rep

it's confusing

yeah, that was the coverup

the company was lying. It was an employee whistleblower who broke the news.

they teried to cover up the news, because it would hurt their stock prices

but ubiquiti products in general are not bad, def better than netgear crap

that alone makes me not want to use their products anymore.

Tbh I have net gear nighthawk xr1000 right now

And their firmware buggy as and now my wifi having dropping out issue even router reset 2x this month

I haven't had a single issue with the Netgear Orbi 6, or their ethernet switches. I know they were not known for great quality 20 years ago, but I don't find that true today.

I have a network switch from them, pita to work with

if you just want faster wifi you could look at tp-link omada APs

Tplink doesn’t last long either. That why I avoid them

tplink consumer is meh

omada is actually descent

what a decent brand for alot traffic

what traffic are we talking?

10gig, 1gig? routing/ switching?

firewall rules?

Asus wifi 6 should be fine

Just don’t get their tuff gaming 1, they don’t last long.

If ur hardcore gaming i wouldn’t suggest tplink deco for latency 😂. My parent has 1.

But still playable though

Just get wifi 5 if u just running 50 megabit for netflix streaming

If you got alot people household then wifi 6

WiFi 5's fine for 200mbps tbh, and going much faster per device rapidly gets more complicated

Wifi 6/6e is definitely an improvement but certainly can't make a good connection from a bad signal

Can you even take advantage of the 2.5Gb ethernet ports on unmanaged switch if the router port is just rated for 1gb and both PC's are on a 2.5Gb jack?

Yes

As long as you are in the same subnet

nice tnx

And going from PC to PC

Can't do more than gig to router to Internet

just in lan

like pc to pc over the same switch in the same lan

Anyone can help with moca set up

Read the instructions for your devices?

big brains only

@clear igloo I like how our @pseudo blade brings a little bit of r/networking into LTT

I haven't actually looked at r/networking much lol so I'm not sure how that's intended

anyone know of any alternatives to the crs504 in a similar price bracket but with roce support?
i only need 2 qsfp28, i dont even mind 1g as the other ports

What should I use as a pfsense router?

I have a old Dell 8010 but I cannot open it

Or can I use a virtual machine

how you "cant open it"?

Figured it out

Required some prying though

I saw this mentioned as not being supported in a STH video and honestly don't get it - research is currently telling me that this is a NIC feature implemented over Ethernet/TCP/UDP so the switch itself doesn't really seem to be involved bar flow control, which is mostly a stability thing?

As far as I can tell, if you're just doing RDMA and basically using the switch as an extender with two ports, flow control isn't particularly relevant

If I'm mistaken please tell me why

I know I'm asking a question just after someone else did.

But can I use the xfi box that came with my Comcast subscription as the modem, and use a opnsense box as my router?

Put the ISP modem router in bridge mode, then connect to your opnsense router's wan interface

Ah alright

Thank you

And would there be any advantage to eventually getting my own modem

Other then it being my hardware

You can swap any dumb issues the ISP modem has with those of any compatible one.

So basically not unless you have problems with theirs

Roce packets are udp, but if there is any packet lost ever, very bad things happen
You are directly modifying the memory of the system...

You can still drop packets on any switch, bandwidth and buffers remain finite. All Nvidia does to handle this is notify that the buffer is full with lower latency.

Go buy their $40k switches if you must

Except with rdma, it prevents the packet from being dropped

It's flow control - it just reduces traffic requested to match throughput

Yes but it doesn't do that by dropping the packets even tho it's udp

Yeah forgive me but I don't buy that

Yes, it signals to the hosts when buffers are full

But you'll still drop traffic sometimes

Here are the 3 802.1q features that are required to support roce
Afaik dcbx is only required when you have to have roce traffic crossing multiple switches

No clue how it works, but the docs say it needs to be lossless so I say the same thing unless better docs can be found

lol

should we tell them?

I mean wired standards are basically just the old versions of wireless standards lel

No, I turned NetBIOS off using only WD and mDNS

Port forwarding in TP-Link Archer A6, should the internal and external port numbers be same? Trying to forward these ports https://support.rockstargames.com/articles/206210548/How-to-Resolve-Errors-in-GTA-Online-about-Strict-NAT-Type

Yes

Thanks!

Hello.

So I am looking to use my ISPs modem/router as just a modem and a wireless AP. Then use a OPNsense router

Would this be possible

And would it be possible to get a few wireless APs and use them all "all on the same network"

So I do not have to transfer wifi connections if I want to move around the house

Kinda like how schools do ot

that would be difficult using the isp device

highly recommend using the isp device only as a modem and get aps that support mesh mode, or wifi routers that support bridge and mesh mode

no

because it needs to be modem -> router -> APs

yes, you can have multiple APs, same SSID

the client device will pick a AP to connect to automatically

and mesh is not the same as roaming

I don't see why I can't use the modem, then a OPNsense router, then back to the same device as a wireless access point

technically

you can

but that would require the modem to support vlans

for the wifi to be on a seperate vlan than the internet/WAN

which it definitely does not

and for the ISP device to support turning off routing without disabling WiFi and pinning the wifi to a specific port that OPNsense connects to

I have a hopefully quick question. I'm planning on getting a modem with 2.5gb rj45 and linking it the dream machine pro. However, the dream machine only has 1gb rj45 and 10gb sfp+. Is there some sort of converter that takes 2.5gb rj45 and converts to sfp+?

Not if the dream machine doesn't support NBase-T, no

so is there a way to use 2.5gb with the dream machine?

There are NBase-T capable transceivers but you'll need to see if they'll work in the dream machine successfully

ok, what's the best way of figuring that out, I'm a bit over my head

this may work, no clue tho https://mikrotik.com/product/s_rj10#fndtn-specifications

Yah, a couple people here mention it might work as well:
https://www.reddit.com/r/Ubiquiti/comments/j84ega/good_way_to_convert_5g_baset_to_sfp_for_udm_pro/
but it's not a guarantee by any means unfortunately

oh perf, thanks

guys, I have wifi in my bedroom and a cable that sends internet to the TV in my living room. My bedroom's door is right to the living room, and everytime I open my door, the internet in the tv starts to lag... it' really weird, since it's plugged by a cable >_<

OpenVPN is angry at my phone

Does the pingplotter app also track packet loss from your PC to the modem/router, or does it only track packet loss beyond the default gateway?

well packets have to go though your modem and router so that will be reflected in the result

@peak cloak @clear igloo

I love how the AP lights look like RGB in the photo lol

Can I use my xfi gateway in bridge mode and still use it as a wireless access point

Because I am getting mixed messages on Google about it

Spent 3 hours trying to figure out what was blocking tcp 443 externally and it turned out to be the last, and my own router in the NAT chain... SPI Firewall decided to hard-block TCP 443 for some reason 🤦‍♂️

You need a router, so no

I am using my own OPNsense box

@peak cloak

Which is why I do not want to use the xfi gateway normally

But it still needs to do modem duties no?

Yes it does

pats @peak cloak on the head - keep going strong.

Like I said before, you can't

The traffic goes through modem, then to router, how would you separate internet traffic, from NATed LAN traffic. You can't without the use of VLANs which the modem doesn't support

Any reccomentions for cheap wireless APs then?

TP-Link omada APs are pretty good

That's what I have

On wifi

Can someone help me deal with this situation?

I want to host both tailscale DERP server and nginx on the same server. Problem is, I have only 1 static external IPv4 available and I want to host both things together. Both work fine when individually used.

Tailscale "derper" does acme/autocert on it's own.
I also used certbot to create https certificate through nginx.

server {
    server_name relay1.example.com;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host https://relay1.example.com:443;
    proxy_set_header X-Forwarded-Proto https;
    proxy_redirect off;
    proxy_http_version 1.1;
    proxy_pass https://10.0.0.45:443;
}

# Followed by ssl certificate lines ahead

Derper wants something.crt and something.key,
And with certbot on nginx, I have 4 files,
cert.pem, chain.pem, fullchain.pem and privkey.pem
I have no idea how to make these work together.

If I get these two things - hostname and keys working, my struggle will come to an end and everything should work fine after that.

Any ideas/suggestions?

When I did this on VPS, I had the option to get a 2nd VNIC with a separate public ipv4 which was super easy to do

I'm trying to proxy https to https... is that possible

Yes, it is possible.

How...

using proxy_pass to a secondary bound ip address on the machine. (or use docker, or k8s)

cant see how that'd be different than binding to a wireguard tunnel... my main problem is with both servers using different formats of certificates and domain name not matching after the reverse proxy

you have to use sni on the nginx end, and add a vhost to proxy derp

i have a couple 48v poe access points, but my switch is not poe. I bought a multi port poe injector, but it did not come with a power cord. do I just need a 48v power supply? what do I need to power the inector and all my access points (4)?

Every vpn can be broken by a scriptkiddie.

They all run off the same bull crap which is crackable.

for sni to work, I'll have to rebuild nginx from source it seems 🤦‍♂️ with those features included

Does DERP not allow operating on a non-standard port? Seems the simplest solution to me.

it does allow it but doesn't work

Atleast doesn't work on my end... it works fine when it's listening on 443

In what way does it not work?

Connections simpy time out and it doesn't use secure flag... basically no tls

and are you specifying the port when attempting to use it? i.e. https://my_address:my_port

discord is adding that extraneous /

So if I use a custom port, all I can do is access it either over HTTP only which is just a static webpage, but in my tailscale policy, I can specify derpPort:12345 and then specify my domain, it'll then connect there

Sadly my ISP has zero support for NAT Loopback / Hairpinning so I have to poison my own DNS to make my own website work for myself

hairpinning would happen at your router, which should be providing your NAT.

I have double NAT in my room because ISP doesn't allow bridging 🤦‍♂️

So, walk me through DERP/Tailscale, as I am not familiar with them.

and static IPv4 only

Tailscale is basically a noconfig VPN which allows direct connections between clients. = Traffic is going straight from one device to the other. This worked quite well until these ISPs switched to a messed up CGNAT which didn't allow any direct connections via such VPNs

Ok, so a zerotier or wireguard alternative.

Introducing Relay (or DERP) servers. Tailscale has many free ones but they're dead slow. Barely 2 Mbps throughput with too much lag and dropping packets all over the place. Might be fine for just ssh but for copying 100s of GBs of files, it's impossible to do anything with

Now these relay servers can be self-hosted and all other relay servers can be "omitted". Meaning now my own relay server is solely responsible for helping all devices connect to each other

Yup. and that is not functioning if you use a custom port for DERP?

Using a STUN server and a HTTPS page (TCP) to auth

I think it has something to do with TLS because my local systems (with poisoned DNS) are able to connect to each other. But can't connect to anything outside LAN. Port forwards are working fine, tested with wireguard/openvpn/etc

https://github.com/tailscale/tailscale/issues/3232
Seems relevant.

My own phone on mobile data can't connect to the relay server = cant connect to any of my devices including the server thanks to the hairpinning/nat loopback problem

I've been up since 31 hours now... Have eaten only once and haven't slept. 😂 I've been through all of those and couldn't get to a good enough solution

Toss me a pm real quick

So this solution simply disabled secure port = no TLS = http only = anyone can connect to it, which I don't want

ok 🤔

Is anything more than cat 7 overkill for a Gigabit Internet?
I just thought it will be a good idea to future proof,or is cat 8 really not worth the price difference?

Cat6a can already do 10g at 55 meters. Cat7a just extends that distance and MAYBE supports 25/40. Cat8 isn’t intended for general purpose cabling runs

I thought it will be a good idea because my dad wants to run cables in a house he owns,It will be a pain in the ass running cables later on.

Just put in conduit, and fish new cables in 20 years as the need arises

ok

btw is moca a good alternative or should I just run cables

Are the walls finished or just framed?

I have a phone ports in every room so I thought it will be a good idea to fish out the phone lines and run cables? is it related to the walls? because I have 0 knowledge about home construction

Could be a pain in the rear. In an ideal world you put in conduit before finishing. In your situation I would probably just fish cat6a or cat7a where the existing phone lines are run. They are most likely stapled within the wall, though, so you may need a fiberglass poke rod to convince your cables 😊

It might be a good idea to get an electrician this time around,Thank you

how can you run a honeypot on azure they closed my student accou fore that

🤔 Right, because I always see the tracking start at the modem, instead of the PC itself.

Does anyone have experience with NexusLink GPL-2000PT? I'm having troubles with getting the connection to be established as I just got it

@clear igloo @peak cloak I hate this awful dorm wifi

100-300ms spikes every so often even to the gateway

https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-axe7800/techspec/

If I buy this off in American market, will this work overseas?

Hey guys, if I run an ethernet cable from my router to my pc, will that neuter the wifi for the rest of the house?

No?

I just meant will it soak up all the bandwidth

Hey, I'm currently running OPNSense as my main router on an old PC I got but I'm looking at a few rack-mount servers, and already configured one.
For a Gigabit connection, would the following configuration enough?
https://www.bargainhardware.co.uk/quanta-stratos-s210-x12rs-v2-1u-4x-3-5-lff-configure-to-order?c_b=52006

No, it's the same as with wifi

Or even better, since wifi radio space is a shared resource

But if you let's say have a gig, and 2 devices downloading for example, both won't get gig, but it will get split somewhat

For gigabit: wildly unnecessary for routing, even core 2 duo is enough unless you're doing more than just routing (IPS/IDS). And even then you don't need that much lol

Alright, thx. I'm actually running a i5-650 and 8 gigs of RAM, with CPU usages between 0-10% and spikes upto 60%, but about 60-70% RAM usage, I'm running Zenarmor and stuff like that

Yeah that has 2 cores, I don't think 12 slightly newer cores is necessary just for routing

Though I am curious - what are you doing that's using that much memory?

I'm doing nothing with it, actually I'm not running Zenarmor, 2-4GB should be enough, but you never know

Not super familiar with pfsense, could be including disk caching or something

Just checked again, sounds kind-of weird, but I could get 2 E5-2620 V1 for half the price of an E5-2603 V2

Not a fan of big servers for simple routers, it's wayyy overkill and can be really expensive for what it does

I suggest trying to get a modern core i3 or similar and popping it and necessary parts in a rackmount case

It'd be nice and quiet, not too expensive

Plenty fast

Or I'll just buy a rack-mounted case and throw my existing components into that case

Could do that

Small problem though: that PC is a HP Compaq 8100 Elite (or 8300? I'm not sure) and I don't know if the holes for the motherboard will line up, and let's not talk about that typical pre-built psu

random google image

Lazy solution is to put it on a shelf

It already has solid directional airflow

I put my ONT, router and servers, and ups on shelfs

Only real thing rack mount rn is switch

That‘s my temporary setup until I get my rack

And here my „servers“

Also by shelfs I meant rack mounted shelfs

As in what I have

Yes, I know what you meant, but I'm still waiting until my friend tells me when I can pick it up

Ah yeah

...You've probably heard it before, but mechanical hard drives really should be actually screwed into place so they don't vibrate against stuff

I know, I know... It's more or less a proof of concept design for now. I have real servers here, yes, but I can't really deploy them without the rack for them

Reminds me of my 3 8300 sff's I used for my uni project c. 2018, i5 3rd gen but I just used 2 drives, one in the mount under the optical drive, one in the rear mount under the PSU

Believe me, you don't want to see the inside of my TrueNas PC...

Ran a Hyper-V cluster with iscsi storage on them

The teacher for the subject was someone I knew from elsewhere, asked me to talk to another student who had tried to virtualise 3 hypervisors on his old rackmount server he'd bought

Clearly that didn't go well for him as he dropped the course before I got a chance to do so.

I really need to say that the 8100 SFF is somewhat quiet, I‘m rigjt next to one right now, and even my fridge is louder then that PC

Yeah 1U rackmount servers are not, especially older ones

Got an old Fujitsu server here, collecting dust in my basement, damn you could hear that server like a few hundred meters away when the door is open

That was my server-setup a few weeks ago before we moved

My WAN IP and Public IP are different, is it possible to set port forwarding (for playing GTA 5 online)?

Nope, not without something to VPN to a service that does have a public IP which you can port forward on

You shouldn't need to portforward just to play online.

p2p multiplayer

It supports STUN, should work on most NAT as-is

Though I am aware GTA's a bit of a mess on the networking front

huge mess

https://www.amazon.com/dp/B08RHZBHTM

How is this kit?

What are you expecting it to do for you, namely speeds and setup?

These are not top of the line, but are reasonably priced and offer WiFi and a small switch

Homeplug/ethernet-over-power has its limitations

I'm looking for a seamless playing experience, router is downstairs, I play upstairs in my room where I don't have the best Wi-Fi signal, Ive been using this no name chinese brand relay it gave me lag issues

My current internet speed plan is 1,200 Download & 40 Upload

Provider is Xfinity

You'll probably get less than half those download speeds no matter what

As long it gives me seamless experience I'm fine with that

House wiring will impact performance

True about that

my house was built in '67

What ethernet-over-power adaptors are you using now? Maybe they use a recognizable chipset you can compare.

They're no name

Lemme get a pic of it

Doesn't say what brand

Can I get a much closer picture? Maybe unplug it and show us the other side as well?

That one's not useful

It shows mac address on the back

What am I going to do with your MAC address exactly?

Who cares

Fair ig

Alright that is basically useless

yea

You probably should delete that picture actually, it says ssid and pass

Could be in a drive by database

Yeah sorry that's far too generic to say much

Yeah its fine, but anyways the tp link kit i sent would be sufficient?

Hang on I just noticed something

Your existing plug is just a repeater, isn't it?

Yes pretty much

So it's connected to your WiFi, doesn't have powerline

Ah

Powerline could be better, or you could just get a better WiFi repeater/mesh

If you have spare coax connections for televisions look into MoCA

I don't have coax connections, my dad removed it when we renovated

only 1 for the router iirc, my router atm is xb7

I'd see if you can arrange to get a powerline kit and return it if it's not suitable

Will do thank you

And if you must return it look at getting a router that can act in station mode/otherwise a better repeater

👍

i setup natforwarding

but i can't access it

On your router, does your "external IP" start with 100 and have a number between 64 and 127 as the second digit?

If so it's behind a CGNAT and won't ever work unless you convince your ISP to give you a public IP.

in my WAN settings though the ips are blank under dynamic ip

Protip: scribbles are ineffective censorship. Use paint and draw a nice big solid rectangle over it. But that doesn't look like a CGNAT, so should be fine.

how are they inefctive

Can see through them

im just lazy and lightshot doesn't have squares

so it should be the top ip with the port 8096 right?

i have other options too idk if they are necessary

Possible causes:

• You may have DHCP enabled without a reserved lease and the IP can change, and did.
• You could be running Jellyfin on Windows and didn't allow external IPs to connect in Windows Firewall, or didn't allow it through at all on that port.

it's not jellyfin i configed it and it doesn't work through the routers ip when on lan anyway

dhcp probably

That's common, hairpin nat isn't enabled on many routers.

Without it you must be outside the network to use services on your public IP.

it is indeed enabled

so does that mean i can't port forward?

oh wait no

that's what generated the local ips for the clients right?

192.168.0.169:8096 works fine

it's the router that is the issue

do i need ip passthrough

Port forwarding may be working

You just can't access it using the WAN IP on your LAN

You can test by maybe using mobile data on phone

No hairpin nat

why

why would the ip be blocked on lan

It's not

Router just doesn't know what to do with the traffic

just tested no luck

i would use the ip ending in 127 right?

.

Yeah

X.x.x.127:8096

Also you have one router right?

i have a mesh in-between which is also set up to nat forward

that one works

meship:8096 loads my localip:8096

im trying to forward the mesh

bro I'm done... I can't download mp4's that are over like 10gb. tried different browsers, other laptops, every single solution on the internet and it just keeps saying failed - network error idek what to do

So you have double nat

yes

So if you would need to port forward on each router

which ive done

With the correct IPs?

The IPs are different on each

yeah

Main Internet router needs to port forward to the second router IP

this is on the main router

169 is the ip of the mesh

and that ip successfully forwards to my target

if it helps my isp is verizon and my router is whatever router they give their business plan

can anyone help?

should i use ipv6 maybe?

my ip just changed

no luck tho

Idk, it's something on your end

Make sure you are not testing from lan

Mikrotik made a bigger hAP lite with WiFi 6 and gigabit ethernet https://mikrotik.com/product/hap_ax_lite

It's more than twice the price, so idk if it'd really target the same people.
On the other hand it's not using the crappiest garbage hardware that will still run RouterOS

I'm not sure exactly what you'd use it for really, no 5ghz is a bit of a dealbreaker and the hap AC2 is $20 more for dual band with WiFi 5 and 4 cores instead of 2 and a USB port, or the same price as their hAP ac lite with 2.4ghz and single-chain 5ghz and USB.

I guess if you wanted the cheapest possible gigabit router with RouterOS and WiFi was an afterthought...

My router will only work when it's plugged in to a non-IP-passthrough (bridge mode) port on my modem-router combo. What I mean by that is that none of my devices have no internet and my router will tell me there is no internet. It has been working fine for years but suddenly today it only works in ports without bridge mode enabled on it.

My router is the TP-Link AX10 and it's on it's latest firmware. My modem-router combo is the CODA-4589. My ISP is Cogeco

• I have already tried to reboot them multiple times
• I have changed the modem's IP passthrough port to a different port and when trying that port I still get the issue
• I tried duplicating my modems MAC address on my router incase they blocked it somehow
• I have factory reset my modem and it works fine without IP passthrough but as soon as I enable it my router stops working.
• My ISP's website says nothing is down in my neighborhood and downdetector does not report anything.
• My modem has internet access no matter what port my router is plugged into

ok weird port forwarding just worked

GTA 5 online shows NAT Type strict and rockstar asks you to forward ports https://support.rockstargames.com/articles/206210548/How-to-Resolve-Errors-in-GTA-Online-about-Strict-NAT-Type

I tried ProtonVPN, connected and launched GTA 5 online. It still shows NAT type strict and additional line UPnP disabled? Now how to setup portforward/NAT type to open

Is there any way I can setup Proxmox to get its IP by DHCP instead of statically setting it up when I first configure the server? I'd perferrably not always want it to be bound to that IP.

https://www.google.com/search?q=proxmox dhcp

Hi there everyone! I'm not well versed in the network-tech side of world but since I'm young I've been tasked by my father to setup remote work server for his business.

His tech friend recommended that we buy a router and switch for that purpose, so now my setup looks like this - Hitron router gets the signal and sends it to Synology router which then sends it through Cisco switch to all the devices, including the supposed server.
We do have static IP adress bought from ISP, but for the best of me I can't find a way to make the computer that's supposed to be working as a server to have that adress.
I've tried manual assignment in Windows settings, but can anyone point me in the correct direction - where am I supposed to get stuff like Subnet prefix length (for IPv4 connection), or Gateway / preferred DNS/ Alternative DNS ?

have you tried using zero tier?

I don't know what that is, but no. There's a dedicated app for the field of work of my father ( architecture) and to my understanding all I need to do is make that computer have a static IP address and then set up the app

Yes

https://wiki.debian.org/NetworkConfiguration

The router will get the static IP

I'm not sure what you are trying to do

Tell your dad to stop violating labor laws.

lmao

I'm trying to get fixed public adress IP for that PC so people from outside of the building can connect to the server and work remote. For now all the PCs in the building have the same public IP adress which is network adress to my understanding. We have bought a static IP adress which is different from that network IP adress, and I'm trying to assign it to the specific computer that is supposed to be working as the server.

It goes on the router

Ok, so that is possible but you need a much better understanding of networking. The router gets a public IP on it's wan and then does NAT to allow all computers to share that IP. In order to do what you want, it will take a much more advanced setup and isn't as simple as just typing the IP into the PC. Plus what is it that you need to access? It could probably do it just by port forwarding.

And if this is for business sounds like you need professional IT

Or hire an MSP

Or at least a consultant

What's the Mac terminal commands needed to bypass the permissions for wireshark?

I tried to Google them by keep getting download guides

Where would I find how to enable it? I saw something on Dnsmasq server integrating with Proxmox. I dont know if it's something i'm installing through CLI or not

You need to hire a consultant or MSP.

You just edit the /etc/network/interfaces file

I would show how mine is setup but I can't at this moment

One problem with proxmox DHCP is that the IP shown in terminal upon startup is wrong

That's the only one though, but make sure to add a DHCP reservation in the router so the IP doesn't change

        bridge-ports enp5s0
        bridge-stp off
        bridge-fd 0```

That's what it would look like somewhat

Why would I need to hire someone? That seems like a waste of money

I think they thought you were a different person

Ah. Gotcha. Should I expect to login using thr same port?

Yeah

I did indeed mistake you for someone else, my bad.

Been a long day

No problemo

any reason i am getting 5mbs download my motherboard does 10 and i have 60 wifi im using power over ethernet or whatever it is

so i should atleast have 10 right

Probobly is the power line

so my power means i cant get anymore than 5

my network boot is stuck on trying to boot from my pc it keeps asking for a user and password

there is not even a password on my pc, password sharing is off extr

there is no requirements for a password or user account i have no idea what it wants

it loads the windows 11 setup then asks for the boot in the network drive

ive tried adding a new user account to lusrmgr and using its username and password and it just says the networth path is incorrect or does not exist

fixed

I am planning to change my ISPs to ziply from Xfinity. Would I need a complete system overhaul to set that up. Or can I just plug the OST into my router and have a good time?

Should be able to plug in as long as it's DHCP

I'm using a OPNsense router

Still just in the learning process though

No

Does unplugging and replugging a router cause it to re assign itself a new public IP adress?

Only if your DHCP lease time is ridiculously low.

How else do i go about reseting my IP?

Contact ISP?

How often do ISPs change the public adress on a router anyways

If your router allows you to assign a different MAC address on the WAN interface, that'll do it. On the assumption that you are just pulling dhcp, that is.

I havent got a clue what that means

I have seen anywhere from 5 minutes to 3 days, and everything in between, for residential isp's

Ill wait a few days and see if it changes

Dare I ask why you want a new ip?

Well lets just say, ive been IP blacklisted on an online service

So...use nordvpn

Damn i gotta pay $13 a month now

$100/2years, but whatever 🙂

Would reseting my IP do anything? Because i assumed that your IP adress only gives an approximate location

So theres no way for a website to track down a single house

eh, now you are conflating ip banning with geoip location services. Two different things.

I dont know nothing about how the internet works

geoip databases/services vary wildly in their accuracy and resolution. It's all based on self-reporting from the entities that own the ip address space, some of the databases add their own granularity on top of it with wifi triangulation based on SSID's near you, etc.

So back to my original question “how not get blacklisted from a service without buying nordvpn”

"don't do dumb crap online"?

I called a rich ceo some uhh, “unpleasant words” and reddit decided to ban me and any account i make on any of my email

I have like 8 different emails from 5 different providers and they all dont work, so i assumed reddit just blacklisted my IP

If it is indeed an ip-based ban, you can use TOR. Not that I would recommend it, especially with your level of knowledge.

You could possibly release an IP lease

Oh yeah TOR, havent used that in a long time

Tor exit nodes are often automatically blacklisted

If it's a smaller ISP, perhaps! I haven't seen dhcp releases honored on the WAN side in forever

yup

From what I heard it works on Verizon

Its Bell Canada, like one of the top 3 popular isps in the nation💀

Which is a pretty big ISP here in the northwestern US

Yup. Doesn't hurt to try, either way

How do that

What router do you have

an isp provided one

“Bell 3000” is written on the front of it

You need to log into it and release the dhcp lease. It may not even be exposed as an option, depending on just how badly the ISP has neutered your CPE

https://help.ncf.ca/Bell_Home_Hub_3000_Configuration
Looks pretty neutered to me. Also, if your system uses PPPoE, a simple dhcp release/renew cycle may very well not do anything anyway.

I am having trouble accessing my webgui

On my OPNsense rig

The computer I have setup connected to the server does not show anything

It's all based on self-reporting from the entities that own the ip address space

Not true at all. Entities that own the IP space will specify their physical address with their RIR that they purchased the space from as well as a few additional IRRs databases. In the end, the physical location is meaningless for the most part.

GeoIP databases are all third party services that use a wide range of metadata to "guess" the GeoLoc for IPs. This can be from various telemetry sources like user tracking, advertisements or agreements with other services like Facebook or Google.

The data is highly unreliable and does nothing but cause problems. Because these 3rd party databases are so popular, they have more power to say where an IP is physically located and the owner of that space has to fight for weeks to months to say otherwise. I despise GeoIP.

@clear igloo @peak cloak BOOOOOOO

ITS blocked ZeroTier

RIP!!

imagine blocking stuff...

although our IT is kinda stupid since they block google drive on virtual desktop

and the response they gave was nonsense

I've seen them block one thing which made sense to block

but blocking zerotier for "personal VPNs" bruh

tailscale?

All of my stuff is zerotier I'm not changing

Dorm is still up since ITS doesn't manage the dorm networking

@peak cloak @clear igloo LOL SINCE ITS JUST UMBRELLA CHANGING DNS WORKS I forgot umbrealla is literally just dns filtering they don't have anything doing layer 7 & sni inspection

an they don't do any tunneling or anything, that's cool

Yeah

Call your ISP and ask them to change your public IP. There are other ways services track your identity with though. My protip is to not do things that cause bans.

Hola to the networking channel. I am solving a fun problem this morning. Not asking for assistance, just enjoying the puzzle. I have a client on one subnet and a license server on another subnet. Over a site-to-site VPN.

small pp Reddit admin, I ain’t do nothing wrong that deserves an IP ban

The software itself doesn't support this but I bet I can finagle something

small PP reddit admin gets to decide that

then also, circumventing the ban is a bannable offense as well. Maybe submit an appeal instead of making it worse

I did twice and both got rejected

then there is your answer

I'll give you a tip for free. Reddit doesn't track bans by IP.

Good luck

I’m assuming they track based on MAC addresses and also your digital footprint and patterns?

If I doesn't support over L3, could use some proxy?

MAC addresses are a Layer 2 construct and don't traverse across the internet unless encapsulated first which they aren't in your case, they're point to point (in modern cases) only and are not passed across multiple hops

So that boils it down to just tracking habits, patterns, and other footprints

Should be easy enough to circumvent those

There's something called cookies and local storage

Thanks for the idea. I uhhh did a little bit of manual reading and found where to enter the license server by IP address. Smoothest sailing.

nice new 1gbps semetrical internet
but powerline adapters limit it

is powerline actually better than wifi for you?

i can highly recommend playing with some aluminum foil

this, my friend was using powerline when wifi was actually faster

powerline is way better than wifi is
routers all way in other corner of house

planning out how ima run a few fiber lines to the isp router to fix that issues tho

why not ethernet

planning in minecraft coz why the hell not

fiber has brsgging rights

fiber isn't that friendly to work with vs ethernet

also future proofing

what type of fiber were you planning then?

found a 50m roal of fttp fiber for £25 so going to use gpon

that's not how it works...

gpon isn't a type of fiber

also if it's just a roll, you will have to terminate it yourself

pre termnated

would extend the exsisting isp fiber run but i dont wanna toutch that and snap it
if im going to snap a fiber run rather it be my own lol

you're here

Switch upgrade

try using some foil to make an antenna, you would be shocked how much it helps
only way it couldnt end up faster is if your wifi device is wifi n 300 or worse

While it is true you can make "an antenna" out of foil.. if you want something with any guarantee of working well with WiFi just buy an antenna, they're cheap.

alreddy tryed stupid stuff like that but thst only gets 1 bar and somethings dont even connect

Any good aps under 140$ usd?

What range do you need, poe capable?

poe and 3000sq ft

Mikrotik?

See what they have

Not many options on amazon for me

Tho I was looking at Ubiquiti any good?

Maybe getting a mesh system will be a good idea then.

Why ? I'm getting higher then the speed then we pay for while using Ethernet with a fiber connection.

Can be hit or miss

well first i need to fix my r7000 now since that decided to just die fml

ISP fiber connection I assume?

I'm saying that running fiber in walls is harder to work with than Ethernet. You can cut it, easily terminate it, while with fiber you can't

Hey does anyone here had an issue of having no wifi on your new pc? I installed my motherboard and Intel wifi drivers, I had the adapter plugged in and yet still doesn’t recognize connection

https://www.fs.com/products/139650.html https://www.fs.com/products/41733.html?attribute=843&id=18795 https://www.amazon.com/TP-Link-Ethernet-Converter-Supporting-MC220L/dp/B003CFATL0/ref=sr_1_1_sspa?

will all of these function together?

You don't have an adapter to convert from fiber to optical, the first link is SFP to rj45

i have a media converter in that message

isnt that what it's for?

The 2.5gbase-t is for plugging rj45 cable into SFP plug

ah

it isnt two way?

Sure

But why the optical then?

because

the network cable needs to run parallel to power

and there would be interference with rj45

thats fine its not vga

i was told running a cat6a cable next to ac power is bad news