#networking

So what are peoples true opinions on Ubiquiti products as we have a couple of access points directly from them and I honestly cant tell if they were worth such the high price

My dad has used their products in all of his networking projects for other people. It’s totally worth the price.

After upgrading some people’s Wi-Fi we sometimes see extreme changes in speeds, it’s kinda crazy to see

TL;DR

totally worth

Their prices are lower than most other reputable brands? (Aruba, Cisco etc) I have no issues with my UniFi 6 Pro APs, in fact I just ordered a Dream Machine Pro to go with it.

IMO they are great for the price.

my dad uses all of their products, I’d assume so

i moved it back upto my room and way faster network speeds
then being pluged directly into router
tf

ping also way better and not 1.4s ping time

The "Apple" of networking, nice easy management console, gradually building ecosystem though the cool new bits though I don't love the business model for their telephony stuff much.
I've found some devices just will not work with UniFi APs and disconnect randomly and generally suck while behaving otherwise.
No direct Web UI makes managing just one or two of them harder than it might otherwise have been, though if you have more just get a controller.
Cheaper than serious large enterprise vendors but more expensive than Mikrotik's equivalents, which offers a more flexible feature set.
Both offer more than your typical budget/consumer product.
Sits in a prosumer+SME niche and does well there but not really compelling at scale.
Their APs aren't expensive except vs consumer shit and their higher-end kit has no consumer equivalent.

Once you get to a certain size everything I've seen becomes Cisco or similar

I first forayed into the ecosystem in January of 2021.
Just did a simply switch, access point, and hosted the software on an always on VM.
Hosting the software on the VM has not been the best. Most people have a better experience with a Cloud Key or a Dream Machine (I'm moving to this).
Most of the setup is pretty simple and well documented.
Relatively few headaches.
So, I was happy enough for the past two years to expand and continue my reliance on it.

Yes, there are more feature rich systems out there, and/or cheaper ones, but other have a steeper learning curve than I actually want to deal with for my network.

So, I'm really okay being at the prosumer level.

I want the UniFi G4 Doorbell Pro 😂

does anybody have an older iso version of esxi

like version 5.5

i have a dell poweredge 1950 and i want to run esxi on it, but the last known version that i know works is 5.5 and i cannot get it on the site

I'd seriously consider scrapping it even for an i3-12100 system or a more modern used PC - more max RAM, better hypervisor support, beats out the fastest CPUs a 1950 can socket, drastically lower running cost - don't have to run unsupported and insecure hypervisors.
Failing that consider using Proxmox or similar as not much else modern will run on your kit.

The fans are too small for it to even be a good space heater, old 1U servers just kinda suck and that one's really old.

An accountancy place near me got rid of their 8th gen micro PCs with NVMe storage for $50AUD a year or two ago and I'm super jealous I didn't hear of it in time to secure a couple.

ping still kinda bad but tinkerboard has way faster network speeds than pi with all same cables

Idk if I’d fully rely on Speedtest.net for benchmarking network speed. They’re not bad but tbh just downloading a big file from a repo with good hosting will tell you more most of the time.

Not really, because then you're bringing storage performance into it (though it's a good benchmark if downloading large files is what you plan to do)

@clear igloo ahaha

https://www.forbes.com/sites/jenamcgregor/2023/04/19/dont-call-it-an-office-cisco-aims-to-draw-workers-and-customers-to-new-experience-centers-with-a-return-on-commute/?sh=7b02cf8022de

It's an "experience" 😛

so is the nexus 9k platform

they keep inviting me to their chicago experience center but I dont want to pay for parking and get shot

they had a building right on the edge of chicago and the burbs which was perfect to reach all customers and for some reason they moved deep into the city in a building that has 0 parking

Where is this in Chicago?

Most places should be accessible via public transit.
And I highly doubt Cisco has anything in the high violent crime bits.

the old post office building

"public transit" is not really convenient for people in the burbs, especially if its a middle of the workday visit

there are quite a few major companies in the burbs so the decision to go that deep into chicago is perplexing

their old building is in rosemont

still accessible by public but easy for a car

When my family lived in the suburbs of Chicago my dad always commuted by train.
When I went to law school I always commuted by train.
Cisco has a lot of access to major companies and their office staff and would be convenient to get to for anyone in the Loop, South Loop, or North Loop.

To expect people to provide you free parking in a city... takes an entitled perspective, in my opinion.

Also, I would not consider the old Post Office building to be in the unsafe bits of Chicago. (Which are relatively small, and, per capita, violence in Chicago is pretty low.)

My Nintendo Switch can't connect to my Wifi because it doesn't support WPA3, should I switch back to WPA2, is it still secure enough?

or in other words, what are the differences between the two

https://www.diffen.com/difference/WPA2_vs_WPA3

guys, is there anyone who can fund me $79 for my discord server? please? I would have made that money myself, but i can't even make a paypal account, have to wait a year. only adults can open it seems.

is anyone aware of something I could plug into a wall socket, and then plug an ethernet cable into to upgrade my WiFi similar to a range extender? my isp provided router only supports WiFi 5 but I wanted to upgrade to WiFi 6 without needing to mount another router above my current one lol

Discord servers are free.
Either you are ignorant, being scammed, or trying to scam.
Why are you asking for money both here and at least #cars ?

access point

are you aware of any that don't require me to create any holes in my walls? ideally I'd want a mounting system that can just stick on

or something small like those range extenders that stick out of a power socket

OH, you mean plug into power

yeee

I hear wall socket and think ethernet jack

are there APs that small?

There are Powerline APs I think that are wifi 6 but those are probably going to be very hit or miss

@uncut pendant or @hollow helm please take note of this user's behavior. I assume it is against the rules?

yeah my parents actually use one of those, but can you use those as a normal AP without powerline

are they any good?

Well they need to plug into something either via another node to connect to your router or via ethernet cable

I just want to get closer to the gigabit speed I pay for over wifi because routing an ethernet cable to my room is impossible kekw

well they are using it for powerline so I cant speak for the quality of the AP component itself

I meant whether you can directly connect them to the router without using powerline

there are wall mounted ones

size of a standard wall box

hmmm I could probably mount something like that with those velcro picture hanging things

If you can plug in an ethernet cable you can get an AP and then a PoE injector (or some APs have a barrel plug for power instead)

but that's a standard AP, ethernet in, wifi out

oh, and it needs poe

Aren't you the person who we provided a lot of information for access points vs mesh networks for the 40m long apartment?

yes

https://www.nytimes.com/wirecutter/reviews/best-powerline-networking-kit/
No promises on how well or securely any of it works.

Im not sure if a different powerline device could really improve it, maybe the issues are just with using powerline in that building in general

realistically isn't only ~100mbps possible over powerline adapters?

at least that's what I've read online

MoCA adapter?

my home only has 1 coax socket

Do you have a coax port by the router and in the room you want the Ethernet connection?

ah. Rip

We'd be happy if we got that much in my parent's situation lmao

yikes

powerline is quite capable of gigabit, but it highly depends on what other devices are running and how your house wiring is set up

Any telephone jacks? @young rampart

yesn't, there's two in my room but not near my router

Sometimes those can be converted to Ethernet

yeah sometimes in the wall they just use cat5 or similar

and then get split

yeah I'm quite certain that is the case

when we tried putting powerline directly into the rooms at that end of the building it was even worse, we presumed that it might have something to do with the breaker box being there, so the powerline adapter is actually not all the way at the end of the corridor

ain't no way money dude is typing

Do you have the option of moving the router?

I am really sorry, it's just that I need to get premium for mee6 bot, and i can't make any money of my own. atleast not yet. Ig after i turn 18, i'll do some freelancing

no, the fibre cable is only 20cm long 💀

mee6 is shit

They make extensions you can buy

super cheap.

I got one for my AT&T Fiber.

at that point I might as well route a cable to my room lmfao

yeah that’s fair.

like the router is right outside my room door

what type of flooring do you have?

but getting a cable across the hallway and into my room without drilling is difficult

If it’s carpet you can run it under the molding

just typical fake wood laminate

any room under the baseboards?

or is it flush to the ground?

flush to the ground

Hmm. That’s tough

if only ethernet cables were as thin as the fibre cable that goes into my router

They make ones that are super thin.

then I could have taped it to the ceiling and put it above my door

Just avoid flat cables. Look into Monoprice SlimRun CAT6a cables

the Monoprice are highly rated- I use them for my patch cables

and would they be capable of gigabit?

the cables are on the left here

That’s the only pic I could find 😛

10 gig

sheeesh

do you know how thick they are in terms of diameter?

I believe the wires themselves are 28 or 30awg

a typical wire gauge of a cat6 cable is 23awg or 24awg

0.149 inch @young rampart

lemme convert that to something I understand brb

4mm, wow that's thin

there's no way there isn't a 4mm gap above my door

They work like magic lol

there might actually be hope

no one thought they would be able to push 10 gig but they do somehow

thank you so much for this valuable information

👍

If you need more than one Ethernet connection you can get a cheap unmanaged 5 port switch for $10-15

I think I'd also need to buy some cheap switch too because currently my nas is connected directly to my computer with a cat 6 cable kekw

beat you to it!

😂

thank you

A 5 port switch will give you 4 usable ports to add devices.

idk how but my nas somehow gets 600mbps over wifi 5 with the door closed

You must have a pretty good router.

my computer gets 300-400mbps

i have an 8 port 1 gig switch that's 20 bucks

cuz my router only has 2 ethernet ports

yeah unmanaged switches are cheap

Managed is where it starts to get expensive.

or if you want anything above 1 gig

yep

my nas is currently connected over 2.5 gig

though it's very much unnecessary

because it only has 1 hard drive 😂

A 5 port 2.5gig switch will run you about $100 for an unmanaged one

yikes

yeah

2.5x the performance for 5x the price 💀

is the bandwidth shared or separate for each port

before I got wires in the wall I ran ethernet under my door along the moulding

I want a UniFi switch but I can’t justify spending the money on one with a 10GB uplink

should be separate

ehh, kinda complicated to answer

technically each port has a dedicated link

on my 1 gig it says 16 gbps total throughput with 8 ports

then there's the aggregate throughpout

aggregate throughput?

lets say you have 4 devices connected. 2 are transferring at max speed (lets say 1 gig), and the other 2 as well. Even though each port is gigabit the aggregate throughput would be 2 gig

iirc

?

That’s why he said it’s complicated 😂

I would assume that this number comes from 1 gig up/down per port

well not necessarily, you could have a switch with less throughput than ports*bandwidth

although I believe that's pretty rare since switching is basically done in dedicated chips

yeah you could

the wording on mine is "switching capacity: 16 gbps"

happens alot with mikrotik where they allow you to use the management ports as switched ports if you want

If I recall, one of the recent Ubiquiti enterprise switches' switching capacity was half the interfaces capacity. Forwarding rate is probably worse too.

what does forwarding rate mean?

Switching capacity = Max total fabric throughput. It should be able to handle all interfaces at their max rate in both directions (duplex).
Forwarding rate = The rate in packets per second (pps) in which it can forward the minimum frame size (64bytes). Line-rate would mean it can forward frames at all sizes in hardware

Why is this a need?
I'm part of many Discords that don't use this bot, for free or at a premium level.
Why do you need it at a premium tier?

so, how does linus do his pcs at home. i saw he uses fiber optics to run a dock, what dock is he running where can i find it.

like fiber optic to use your pc at multiple places in the house sounds like a dream ngl

what impact does forwarding rate have in practice?

@clear igloo @peak cloak https://youtu.be/d5Pq7QhqHvk

When Snazzy Labs has a server (although less storage) that is more redundant by itself than a LMG server

lol, who needs redundan

that's just wack

If you exceed it, traffic will be dropped. However, the rates include the most extreme conditions and for most will never be experienced in the real world. It's really a metric for enterprise equipment as if it can't handle line-rate, its an automatic no.

I have a unifi network controller and switch behind a pfsense firewall. My local network is 10.0.0.1. Just plugged a dahua IP camera into the switch and it was assigned a 192.168.1.x address, but this ip address is of course not leased in my firewall. In fact, the device hasn’t been leased an IP at all in pfsense DHCP leases. Any tips for troubleshooting?

is the camera set to a static ip maybe?

Check if the camera has a web interface where you can configure one

It does have a web interface and that can be configured but how do I get to 192.168 if I’m on 10.0?

can you still go to the camera's ip in your browser?

No I cannot

Any chance you can create a VLAN in pfsense to access the camera?

Ooooo and make the network 192.168?

yeah. That may work

Creative. I’ll try and report back

See if you can set the camera to DHCP so the router controls the IP

I don’t see the device MAC address in my dhcp leases

I do know some apps like Fing and WiFiman can do device scanning and will show the ip

Yes

Unifi controller

I agree but it’s not in there

Correction. The unifi controller does show the mac addresss

My pfsense router has not leased an IP to that MAC address

More specifically the MAC address is not in the list of DHCP leases on pfsense

Set your computers IP to the same range

Lots of cameras and stuff will use an IP like that

As long as you are on the same layer 2 domain as the camera you can access it no matter what you give out via dhcp

That’s a lot of work damn

How do I set my computers IP to something outside of the lan range?

it doesn't matter, you can still set it

So for me, in pfsense, just set a static IP of my machine?

no, on the computer side

hm, can you please share how I’d go about doing that?

Windows?

Yes

just go into your network interface properties and set a static ip there

Ok I’ll try that first, thank you!

I didn’t even think of setting the computers ip to the range lmao

I bought a UDM Pro blob

lol

Yeah, I’m still at a loss. My switch sees the camera at 192.168, even when I change my ip to that subnet I can’t connect to it

what camera is it

Dahua

according to the docs it should get IP from dhcp. Have you reset the camera?

After much banging my head on the wall… I got it

I was trying to access the camera from a machine other than where my unifi network controller lives

As soon as I changed my ip on the same machine as my unifi network controller, I was able to get in

Has anyone ever successfully make pi hole work on an ISP router (Like the Xfinity router)?
I’m planning to buy a libre computer (alternative to raspberry pi) that should work, but I want to get some input from people before starting this project this summer

As long as you can either modify the DHCP DNS address, disable DHCP and run your own, or manually configure clients to use Pihole, you should be fine. Just point the Pihole DNS upstream to either your ISP DNS/cloudflare/Google.

I like two Pi-holes for redundancy with both having their upstream pointed to my router DNS so that reverse works for DHCP client hostnames on the network.

If you run dual stack with IPv4 and IPv6 on the LAN you have to make sure that IPv6 clients don't bypass the Pi-holes. It's not tricky, but it's easy to overlook.

Anyone have thoughts on routers? I plan to run opnsense. If I CAN, I'd like to run via proxmox. I can put pihole, home automation and a couple other containers on the router. Today I use my NAS with Docker.

I see two options:

1. A VP2420 from Protectli. I get coreboot, low power usage, 2.5G. Should be enough for opnsense. Probably need to keep using my NAS for Docker?
2. A used Lenovo m720q tiny with an 8700t. I can use a PCIe riser to add a 2.5G or a 10G NIC. I might need to modify the case to add vent holes since these NICs can run hot. Should be able to do opnsense on proxmox + pihole and stuff.

Any other ideas or input? Should I just keep my extra stuff in my NAS Docker containers? Is opnsense on bare metal going to be better than on proxmox?

I wouldn't recommend running something as critical as main router virtualized. You mess something up, and everything comes crashing down and it can be a PITA to get it back up and running, especially when you are new

Yeah, good point.

I think it's probably also bad because I'm relying on proxmox being secure.

protectli it is

Virtualized router is amazing if you've got redundancy. At my last house I ran virtualized opnsense on a 2 node proxmox. I could live migrate the router from pve1 to pve2 and only drop one ping.

More reliable than the appliance I had been using

I'm not sure I want to go that deep down the rabbit hole, but that is interesting.

I was really happy with it as a solution

I used zfs on the pve hosts, no shared storage or anything. I just set up snapshotting every 5 minutes (proxmox does this natively) so if a box just flat-out died, I'd never have lost more than 5 minutes of logs

The key is knowing what to do

a redundant router setup is not super easy to setup

I didn't have a redundant router set up

Just a router that was virtualized and not tied to specific hardware

ah yeah, redundant pve in general

it wasn't even a proxmox "cluster." Just two pve nodes

I do agree that virtualizing a router onto a single hypervisor is probably not worth the hassle. You lose the whole internet just because you need to update the box, and if the upgrade goes badly it makes recovery a lot harder without being online

but with two hypervisors it's a lot more resilient

you know how you can get a new public IP address by unplugging your router for a bit and then your isp will give you a new one. how long does that usually take.
everything online says 7-14 days but i assume they are talking about a different process

That’s going to be different for every isp

Ubiquiti AP Long Range, weren't these things like $90 recently? Now they're $190?

Could you perhaps be thinking of the "AP lite" models?

yo why my internet so bad

Have you tried guessing why it might be and testing to see if your guess is right?

I find this is more helpful than going into chatrooms and saying "my shit broke" with zero thought or attempt at figuring out things myself.

this is not the case with my ISP, had the same IP for around 6 years, and I don't even have a subscription with static IP

because it's not good

define bad though, what are we talking here? latency? slow downloads? random disconnects?

Same with my ISP. It doesn't matter how long you turn off your modem/router or change it, it will always get the same IPv4 and IPv6. It only changes when you migrate to another technology (for example, copper -> fiber) or move to another location.

yeah, it's just their DHCP/IP assignment routines that decides this, so perhaps if I left it disconnected for a year, I would get a new one, but it really depends

idk why I would want a new one either tbh

Is y2mate safe?

my ping spikes

yeah, impossible to tell, you need to provide more details

when im in game

my ping spikes and I get packet loss

First of all, if you are using a modem, make sure it is not on this list: https://networkshardware.com/intel-puma-modem-chipset/

nope

yeah, can be pretty much anything... bad route, bad servers, unstable wifi (assuming you use wifi), something else on your network that causes your connection to spike

alright

thanks for trying

you're not really being very helpful in solving your problem, you have pretty much told us nothing

what game(s) are you playing? what servers (if applicable)? does it happen in all games?

it mostly happens in valorant

my ping is stable in siege

now that narrows things down more, next step is probably to figure out which IP you're connected to while playing Valorant and run a traceroute to that IP, which lets you see the hops it takes and how long it spends

additionally you can ping it to see what the ping is, and if you still have packet loss

idk if it's trivial to find the IP for Valorant servers, don't play the game, so can't help much there - other than resorting to tools like WireShark

then there is also the "mostly happens in valorant", with emphasis on the "mostly" part

Naw, I figured it out. I was thinking the Access Point AC Long-Range which was(discontinued?)/is now $109 , this Access Point U6 Long-Range is the newer one I didn't know about. How big is the advantage on one over the other if I will absolutely NEVER have more than 100Mbps out here, maybe 400Mbps if T-Mobile get's a tower closer to me.

Anyone know of a way to do an unattended Windows install deployment via Linux?

vms :/

yeah if you just leave it your ISP will give renew your lease with the same IP so you dont get logged out of accounts etc.
but if you leave your router unplugged for a bit your ISP takes back the IP and gives it to someone else. hence you get a new IP when you reconnect

It depends on ISP

Account sessions are usually based on cookies not IP

yeah but a lot of services go wahhh new IP wahhh

I’m aware how DHCP works 🙂 Still isn’t the case on my end - had it fully disconnected multiple times, for hours at a time

hmm weird

Plugged the fiber directly into my own equipment, so nothing could’ve been connected either

But it’s probably either configured to manually expire the lease or to do it after losing contact for X period of time, which could be 24 hours, 2 weeks, or whatever else they decided

So..what is the DHCP lease period on your DHCP lease? Divide that by 50%, and stay disconnected for at least that long (or change your MAC), and you should be issued a new ip. This assumes you are just handed an address via DHCP lease, and there is no PPPoE or similar involved.

huh. Thats bizarre.

VMConnect.exe aka Hyper-V

is getting past my WFP filtering rules.

Got the UDM Pro installed

hey guys need networking advice. I have a 10/100 switch and a 10/100/1000 switch. Suppose I connect these two switches to a router, will any device I plug into the gigabit switch get upwards to 1000 mbps or will the 10/100 switch limit the maximum speed of ALL devices connected regardless of which switch I connect a etetnet cable to?

ethernet*

the data flows from one device directly to the other
so if there isnt a 100m port in the way, itll flow at 1000m
only the devices connected to the 100m will be limited to 100m

I have a travel router (GL.Inet AX1800) and there's a laptop acting as a file server and my phone on the network, both are connected wirelessly. When I SCP a file directly from the file server to my phone, it's only at 5 MB/s. Why could that be? It should surely be faster, right?

Blade system 👌🏼😂

No. It only affects the speed traffic that passes through it. Your router's inbuilt switch (and all others) can negotiate speeds individually on each port. In the event of sending traffic from a fast port to a slow one, the switch will buffer (temporarily store until sendable) or discard excess traffic.

It also needs to do that when a given port is otherwise congested, say two devices on a 100mbps both trying to send 100mbps through the uplink to the router, which they can't do simultaneously due to sharing that uplink port.

i have a spare router lying around that i wanna turn into an AP on my network. ive tunred AP mode on but it still broadcasts the same SSID so i have to connect to it manually.
i want it to work so that a device will connect to whichever it has the strongest signal to. how do i go about this?

Same ssid and password as your main router

Client device should automatically switch to strongest station

:| what hell

Hey guys if anyone here is knowledgeable in WiFi speed issues, could you give my ticket up in the tech-support channel a look? I would really appreciate it because I am just about at my wits end lol

I also have the question posted to the forum here: https://linustechtips.com/topic/1505372-computer-download-speeds-are-getting-bottlenecked/

y'all who use a "dual vlan" type setup (i.e one seperate vlan for all IoT stuff) what do you do for chromecasts, and the like that would like access to your main network?

I've given up (for the most part) on IoT vlans. Consumer devices these days seem to pretty much require a flat topology or they won't play. I use vlans now to segragate management Uis and things like that, plus one for security cameras/nvr.

so it's all flat, even the sketchy IoT stuff, but I put as much as I can in the "admin" vlan like the UI for the router, and the TrueNAS web, and proxmox, etc.

That won't work on all clients though right? A lot of clients will stay on the current, weaker signal than hop to a new one. There's a specific protocol for this IIRC.

segregate mgmt uis?

I use mDNS to allow AirPlay/Printers/Chromecast to connect to devices on my IoT VLAN

I have two "IoT" VLANs

One VLAN is just IoT (has Internet Access) the other is NoT (no internet access)

yea thats actually worked for my printer but i think some things don't like it...or i'm setting up wrong maybe idk. chromecast and the like have stopped working of late

I'd recommending watch something like this where you can configure firewall rules: https://youtu.be/r9CKLv68Z8I?t=865

if you don't use unifi it may be named slightly differently

oh yea so far i just do "allow everything but 'destination=non-iot network' it's worked well enough chromecast and the like have issues

All the things you wouldn’t want guests or untrusted devices access to. The web ui for your managed switches, the proxmox web ui, sshd listeners, etc.

I found that an IoT vlan just breaks too much stuff. My ceiling fan app won’t find my ceiling fans, for instance, unless they’re in the same network. There are many examples and mdns can’t help all of them.

Yeah I have no interest in that sort of thing for that reason - the firmware and apps are near uniformly crap or cloud-based and therefore have a very limited lifespan.

My home network is too many routers, a phone and a computer or two. The printer and loaded shotgun in case it misbehaves were not necessary.

Can someone suggest a good WiFi card for laptop?

The Intel AX210 is what I have installed in all my laptops. It can supposedly do 2.5 gigabit, although that is measuring all total bandwidth not any useful measurement.

this?

@faint bronze

yeah that’s fine

@meager ginkgo thanks will order it

Yes.

hi
I am trying to compare two dns servers
is there a way to check the line of dns gateways they use until they find the requested address?

nevermind
it is just a simple command

nslookup

i thought i would need some packet sniffer or smth

Anyone know any good gigabit PCIe NICs that work with windows 11?

nslookup is actually deprecated now. Most systems come with "host" instead now, and nslookup is left in the repos for people unwilling to learn the new tools. If you want to know even more about DNS, you might look into the "dig" utility. It's not as user friendly as "host", but it tells you everything in the DNS request and reply.

Anything tp link tbh is a decent buy

Tbh you’re better off buying a 10 gig nic they’re about the same price depending on the brand

how are 10g nics not standard on mobos yet

should be soon

Price and the market for them I believe. Not many people have 10 gig internet so not many people have a need for 10 gig wifi. 2.5g would be more common I’d think

The simple explanation is 10 gig is pretty overkill for 99% of people. It would bring up the cost of the motherboard.

2.5 gig is becoming more and more common now though on motherboards

Intel desktop CT gigabit adapter

Using it at the moment with Windows 11

https://www.newegg.com/intel-expi9301ct/p/N82E16833106036

Ok so I took put a contract woth E E with mobile broadband now I find Vodafone are cheaper and better reception

How do I cancel it

Can I state that they are not providing the speeds they offer

Or the reliability of the connection

Asking because genuinely curious, what is the situation where you need one of those on win 11 machine? Most have built in nic right?

Ok so new opnsense box, fully up to date. Mostly default settings. On boot up, everything works. After 5-10 minutes, I cannot open any websites. Existing downloads work fine, as will a ping session if it’s already started. If I try to do a new ping, new download or load a new page - nothing. What am I missing?

On board Ethernet died

dns issues?

I tried cloudflare and comcast's DNS servers

Busy installing proxmox and then opnsense right now on the box....

I may regret this. Not fully sure it's wise on this protectli box.

The opnsense protectli installed had TWO gpt tables on the SSD somehow

Eh, it's not that bad of an idea, especially if you'll back up the router image every now and again.

Hey guys, why is the light in my ethernet port on my pc orange?

Depends on your NIC, but usually for a gigabit port it means that the port's running at 10/100 due to the upstream switch being 10/100 or a cable problem.

I am connected to a switch with a gigabit port, but yes, my speed is only 100 mbps. The switch is connected to a modem router

Also, that modem router has another switch connected, which is only a 10/100. Is there any chance that is affecting my speed?

Found the reason!

I am getting this error code for my WiFi card (laptop) is it a hardware issue or driver bug?

whats with the watermark?

@light rover it's my phone

It's an image

why is your phone leaving watermarks tho

@light rover 😶

is it the xiaomi poco x2

Ya

can you not disable it tho

I will

But can you pls tell me the issue

With the wifi

settings>apps>system app settings>camera>watermark>turn off "device watermark"

oh with the pc

ok, looks like the error can be ignored if it still works

according to this help article

https://learn.microsoft.com/en-us/answers/questions/690214/windows-10-rndis-fatal-error-the-miniport-has-dete

@light rover but my card doesn't walk up

It's get disconnected

And it will not show until I reboot it

Also sometimes it straight up will be disconnected and would not even sow in device manager

hmmm

have you tried all the normal troubleshooting steps

update windows to latest, driver updates, the hardware troubleshooter

@gentle river

Yup

Every step

Even did a clean install

what did the troubleshooter say

No error found

then its likely not a software problem'

💀

I guess I have to buy a new wifi card then

have you tried physicaly inspecting the card

Ya

nothing seems broken

I couldn't see any physical damage

Even the antenna wires are fine

the wires have a case around them, the actual bare copper inside the case could be damaged

did you check the card on another system

Nope

try it

Will try it

it could be a mobo issue too

Hey a curious question
I wanted to plan making my own router and using bridged mode with my ISP and using that as my main. I plan on using a 1G NIC to allow for faster speeds, but is there really a point? Is it better if I leave it alone or is there any advantage of setting one up

dont know much about that except it will take a long time to get it working correctly

That’s fine

I just wanna know if theirs actually a benefit

When you say making your own, you mean as in taking a desktop type system with network equipment and using a networking distro?

Correct

a Oniplex system with a 1GB Nic to be specific

I've always thought that might be fun... and then remember how much time I spend on maintaining my various projects...
And then remember why I buy some things off the shelf.

Lmao so do I get ikr

Like actual speeds or is there not much of a point

can someone help me with a weird issue with minidlna? I'm running this on freebsd. The only change to the default config is media_dir=A,/usr/local/public/audio

permissions on the relevant folder:

root@djhwty:/usr/local/public/audio # ls -la

drwxrwx---    8 tharihar  media    11B May  8 15:34 .
drwxrwx---    7 www       media     9B May  8 14:33 ..
-rwxrwx---    1 tharihar  media    12K Sep 19  2019 .DS_Store
drwxrwx---   47 tharihar  media    52B Nov 12 00:14 FLACs
drwxrwx---    5 tharihar  media     6B Oct 30  2019 Misc (do not touch)
drwxrwx---  258 tharihar  media   267B Nov 28  2020 Offline
-rwxrwx---    1 tharihar  media   504B Jun 24  2021 desktop.ini
drwxrwx---    2 tharihar  media    28B Sep 23  2019 downloads
drwxrwx---    2 tharihar  media   727B Jul 27  2017 music

as a test the following works fine:

su -m dlna
touch /usr/local/public/audio/testfile

however, unless i run dlna as root, i get this:

However, i keep getting:
Code:
[2023/05/08 15:25:56] monitor_kqueue.c:227: error: open(/usr/local/public/audio) [Permission denied]

here are the permissions of the enclosing folders to /usr/local/public/audio in order:

drwxrwx---   7 www         media            9B May  8 14:33 public
drwxrwx---   8 tharihar      media         11B May  8 15:34 audio

both dlna and tharihar are members of the group media

Has anyone gotten OPNsense or Pfsense working with Xfinity? I gather my issue might be due to the modem ignoring ICMP pings.

The symptom is that the system is fine when I boot up. After 10 minutes or so finally internet just dies. No more DNS, no more data unless it was an already ongoing stream (eg, a download can keep going).

I've tried turning off the gateway monitoring and that's not helped so far.

What do you mean?
Do you get actual speed for building your own?
No, you're limited by whatever NIC you use for speed.
On the other hand you can do all sorts of other fancy things in terms of routing, vLANs, pre-downloading and caching of updates, and firewall rules.
But speed is first and foremost based on the NIC and then any bottlenecks you have in terms of switching/routing. This is why so many high end switches run dedicated purpose built application-specific integrated circuits (ASICs), so as to minimize this type of bottleneck.

guys what do i put in Metric in Static Routes (Static IP for servers) in netgear admin

A number lower than the metric for a less desirable route for that network.

is it worth asking for help with wireguard here? (ping me if you respond, i don't check this server regularly)

@clear igloo
PFB details -
Salary range : 75k-85k Base + 4% bonus
Duration : Direct Hire - FULL TIME
Location : Chicago, IL (Mostly Remote)
Tech Stack : Cisco Meraki and Azure

a little low to put up with meraki, let alone azure

@rocky badge

Talk about a bad start to a day. Cisco notified a big customer of a bug that impacts their SDwan head-end devices at all the CNFs (no other devices are impacted). Cisco has a certificate on a TPM chip that expired on 9-May that will cause the data plane on the devices to fail in the event of a power reload or a clearing of the control connections. This bug is impacting all vEdge 2000 (and other models) and an RMA of the same type of device will not correct this issue.

this reminds me of those cisco devices with exploding CPUs

lol, yah it's a mess from what I hear

rip

@clear igloo Moved fortigate management to a loopback interface

https://i.ryois.me/Oe78KsnshD.png

So that way nothing else is in the layer 2 domain with it, it always stays up even if there are no physical interfaces up, and I can control what VLANs/resources have access to it better

Nice!

Since anything in the native VLAN would have access to management since its in the same layer 2 domain

Yup, that makes since

do docker containers get their own private IP address on my network

if they're all in the same VM

docker containers run on thier own nated subnet

alright

so can i assign a container its own private IP on my network, if so how would i go about doing that

Iirc best practice is not to do that

why not

its not being port forwarded and if it doesn't have its own IP how am i going to access it from my PC

its just for a local thing im just messing with stuff, security isn't an issue

You expose it via docker

how

https://docs.docker.com/config/containers/container-networking/

thanks

but i dont want them on the same ip, i cant setup dns entries on my local dns server without an ip

can i, wait

0.0.0.0#8080, that sets the port right

You would point it to the same IP

As local

aight

In case anyone sees the same issue as me, the fix:
https://forum.netgate.com/topic/171690/comcast-bridge-mode-sudden-packet-dropping-dhcp-release-renew-solves-it/4?_=1683668466427

"Had the same problem. It only happened with their modem, only when in bridge mode and only with pfsense (opensense too). As someone else figure out, toggling on/off block private networks was making the connection temporarily OK. I was able to figure our that the issue is due to their modem starting to drop packets if it doesn't get ARP request for the modem's IP in the preceding 5 min. Turns out that freebsd is confgured by default to cache ARP entries much longer than linux/windows. Something like 20 min vs 1 min. So the fix was fairly trivial for me. I added the net.link.ether.inet.max_age tunable set to 120 (seconds) and the modem was happy. No more packet loss."

With the ARP timeout set to 120seconds, I see no issues now.

I think specifically it's using a comcast modem/router in bridge mode. It also doesn't respond to ICMP pings which is...well, wrong. So you need to monitor something like 8.8.8.8 or 75.75.75.75 instead of the gateway to determine if the gateway is up

Either way, yay pfsense is working now. I WAS going to use opnsense but tried pfsense as a desperate "Is opnsense just broken right now?". But now that I found my answer (and generally MORE answers) on pfsense forums and pfsense reddit....I'll stick with pfsense.

I wonder if the comcast modem would show the arp issue

of fucking course comcast doesn't let me see the logs.

Well, my old surfboard modems had logs i could read.

WG fiasco?

Is it generally a better idea to just use opnsense then? Most pfsense "fixes" should work on opnsense still I think

I rarely update my mikrotik stuff so more updates isn't going to be somethign I keep up with lol

Anyone here host a media server for themselves? Plex, jellyfin ect... I wanna know about your experience

what you want to know?

not super networking but shoot

Best server software to use, ease of use, that kinda thing

yes...

what are you trying to do is a better question

what is the outcome you are after

Personal netflix type experience

So plex or jellyfin are going to do that

but on what devices with what hardware

what do you have access to

what is your level of technical ability? Are you going to run it in docker on a vm do you know how to attach storage

I have a 22 core Xeon server

transcoding

what hypervisior or is it baremetal?

128gb ram, will have a raid array of 3x3tb with a nvme cache drive

yep that is hardware

ATM it runs windows, looking to swap it to Ubuntu

It will also be a folding server which benefits greatly from linux

So you really need to ask yourself what is the outcome you are after and work backwards

so you want the hardware to do xyz + media

how do you get there

So if you go down ubuntu you can install docker or k8s and containise all the things

so you could have a plex install, radarr, sonarr, etc and share the storage with each if you do it correctly

just need to start reading up on options with the end goal in mind

Yeah

so you can do unraid

out of the box just works

I'm thinking jellyfin which be my end goal because I'm a FOSS fan

or you can just do freenas (i have not used it)

just remember you have to pay for transcoding on them all I am pretty certain

Jellyfin is free

unraid is meh

Although with 22 cores software transcoding software transcoding is easily achievable

I use jellyfin

it's nice

host it ontop of proxmox

storage is on a zfs pool

i have a fair bit of sunk-costs in unraid

but if i was to do it again I would probably just do ubuntu with docker and zfs

I like proxmox due to all it's tooling and GUI, can host VMs via KVM and containers

to each their own

docker-compose 🙂

Ubuntu I'm highly familiar with so that makes the most sense for the host OS

if the hardware is spare just give something a go

if you want to try and have time

you will learn something and find out if you like it or not

The hardware was bought for this task

few hours or days and you learn something new

then go for goal

I should mention I have a degree in networking

well this is not networking 🙂

this is server admin

I was more wondering about the different software's

I got one of them fancy degrees some where

The degree was useless tbh, went into social care in the end

it says I do BGP - Bridge gap protocol!

any who I Joke. I would just give something a go and work out if you like it or not

do some reading

what some youtubes

Can someone help with Hyper V? I tried to install pi-hole on my windows 10 pc via Docker using the guide on Andrew Denty’s blog. After installing docker and setting up all the hyper-V stuff, my pc cannot access the internet. I’ve tried to fully undo everything I did but I cannot delete the VMswitches, they keep coming back even after uninstalling them via device manager. I’ve tried doing a network reset and reinstalling my motherboard network drivers and nothing is working.

Add/remove programs > Windows features > Uninstall Hyper V.

I’ve went nuclear and reinstalled windows and the issue is persisting, so I think it’s a router issue at this point

I’d guess DNS settings and DHCP DNS settings.

how do u set up a extended acesss control list on a Cisco switch

i have a dell poweredge 1950 and i wanted to use a usb wifi adapter to connect to the wifi, but the onboard nic does not have wifi (but it does have ethernet). would it be a good idea to get a wifi bridge to connect the ethernet to wifi?

(also btw, the nic is detected in the bios)

why tf would u use wifi

A bridge/mesh node would be better than USB WiFi (though neither is optimal, USB2 is slower than gigabit and most USB dongles really suck).

A good idea? Probably not. The PowerEdge 1950 is not merely old, but e-waste.

I think all bar one of its configurations didn't work properly on Server 2012 due to dropped disk controller drivers.

Old 2S Xeons so it's hot and power-hungry, 1U so it's loud...

If you have cable to the room the server's in MoCA would work better than both.

(tested on version 15.2)
on cli:
#access-list * whatever list you made in numerical form, typically 100-200 * permit/deny ip any/ip address and subnet

Yeah, my issue was the bell router. Giving my pc a new manual IP and setting it to the same on the router fixed it. I guess homehub 4000s take a while to clear/purge old dns settings?

would a ubiquiti wap be much better for gaming than a consumer router? cant use ethernet sadly. anyone have experience with this?

freenas is pretty good in general, i've got it running on a machine and i haven't had any issues and it was quite easy to setup

why cant you use ethernet

i might have a simple solution for you

depending on the reason

starlink is in the garage. moca is an option, but no coax in my room

powerline adaptors

sends the ethernet through the mains electrical system

might try

its what i use and i get pretty solid speeds

my house is brand new so maybe it would work well

well my house is about 400 years old and it works well on 1800s - 1900s electrical system

so probably

They are both connected with ethernet to the same router btw

Could be: Limited performance of the CDN, the path to Speedtest server is different (peering, location) resulting in different congestion, intentional shaping of game traffic by your ISP, problems with an ISP caching server...
Hard to say sorry

Of course, another is that it could be using WiFi anyways and you didn't notice

BEHOLD: THE ROUTER FOR ALIENS

2.5GbE uplink and 2.4ghz WiFi 6 attached to an 800mhz dual-core ARM CPU

So definitely a device you'll want to do switch-chip routing on

It's a baby RB5009 with WiFi basically, it's replacing the ancient RB2011 people keep buying at roughly the same price but significantly improved guts (still pretty crap though, 600mhz MIPS isn't hard to beat).

But yeah 2.4ghz WiFi kinda sticks out on a device with 2.5GbE SFP and seemingly just capable of 2.5GbE NAT with stock and probably fairly easily if you can in fact enable L3HW on it and it seems like you can

You can also get it without the 2.4ghz WiFi for US$10 less (~$119) and that makes a lot more sense as a basic 2.5GbE-capable switch-router for nerds with some basic container support

Probably the RB2001's parts are getting hard to buy and making this sort of thing was cheaper for filling that niche despite the spec bumps, because it did optionally have WiFi

RB2001 made me so angry back in the day. Not the best choice for gig fiber internet 😄

It's awful

People keep buying it for the port count but it's actually terrible

I'm glad it's finally dead

indeed

rb5009 is my current edge, replaced my opnsense vm with an i350-t4

It's available for pre-order in Aus and of course they just doubled the US RRP because no matter how crap our dollar is they've got to price it even worse

My 5009 was €231

AUD was worth more than USD 10 years ago, now this is $229AUD

Even when it was all resellers charged us more of course

yep

We (Sweden) get the shaft too, don't feel bad

Wait does it really not support 5ghz?

That's a bit of a miss imo

No 5ghz

Hopefully they will have an upscale model with 5 (can I hope for 6ghz?)

And 10g Poe in?

Yeah that's not even a real standard yet probably not 😦

Your best bet is the wireless version of the RB4011 if you want that

https://mikrotik.com/product/rb4011igs_5hacq2hnd_in

But it's WiFi 5 and not 6

No 6ghz stuff in their AP lineup yet I'm pretty certain

They probably will refresh it

Almost certainly

I can wait

Is anyone aware of a Plugin for OPNsense that will show me my exact NIC info (spe: model/chip)?

I got a fake NIC previously on Amazon and want to make sure it doesn't happen a second time.

lspci is probably your friend though programming hardware to lie to you isn't that hard

My beautiful setup!

Isn’t it just the greatest thing you’ve ever seen!

Broke my internet updating Opnsense

Looks like I should be online I think but I'm not getting anything

You want internet off my network?

._.

What

It’s 10 gigabit

Probably

I can ssh into the box and do a ping test to Google fine

Did you unplug it and plug it back in?

Like the whole building

Reboot from GUI

Literally lite it on fire. Problem solved.

#tech support

Is your packet size to much?

Try plugging Ethernet into someone’s router and try that.

How do I go about figuring this out, under Interfaces/Diagnostics/DNS Lookup I am getting a reply back

first have to figure out the error

Well, I'm not 100% certain why but I'm back online by turning off Unbound DNS, AdguardHome, and adding a DNS of 1.1.1.1 in OPNsense Settings and under DHCPv4 Settings.

I didn't have a DNS server in either of those places, I was somehow setup to grab it from Adguard Home...

I could ping everything on my network, but nothing outside of it, so I figured I would reset everything that had some control over DNS.

Any input on this, I am very new to networking and overall security in general.

Id like to host a dedicated game server from within my network (varying games, minecraft, conan exiles, etc), and wanted to know the best way to go about this.

I only need one connection (just me and a friend playing), so do I port forward but with a rule only allowing their IP address in?

Do I setup some sort of VPN/Tunnel into my network for them to connect through?

Any input greatly appreciated, trying to learn some about networking and have more control than some of the cloud game server providers give!

I mean you can port forward it and then use iptables on the server to block all Ips but one on the port the game uses but I would guess that your friend has a dynamic Ip and will mean you would have to change it every so often

it would probably be better to just use something like Ngrok since thats pretty simple to set up and can be turned on and off only when you need it, and it only lets you use one port inless you pay for primum

I have no experience with other proxies/tunnels but ngrok have been fine for my mc server I host with my mates every so often

all I will say is that you dont get much bandwith but idk if thats ngrok or my bad internet

0.5Mb/s upload moment

other than that you showld just be fine to port forward the machine and just not have it on when its not in use and that should be good enough.

How versatile is ngrok? Along with that, I plan to have the system running for most of the time, maybe doing a restart or two daily for updates and such, do you still think its a good option?

Hey, maybe someone here has a suggestion for me:
I have an ESXi server with a bunch of VMs. One of the VMs can only run when a Synology NAS is running. I want to be able to turn both on in sequence with a single button click in a web ui from my phone. Synology supports WOL, ESXi supports API calls and SSH commands.

Any ideas? Ansible and Terraform comes to mind, but I'd like to have something smaller, easier for a "simple" task like that...
Also, this only has to work for me when I'm in my LAN, so no VPN, Reverse Proxy or anything like that needed.

You could use a container. Run the dependency right on the NAS if it fits. If not, you could stick a container on there with a shell script and have it hit ESXi's API on startup to start your VM.

Thanks, that's actually useful advice. The Synology is quite limited resource-wise but a docker container should fit easily!

the free version can be installed on linux cli with like 3 commands cuz you need to make an account and then get a key to put it on the system for it to work. other than that its one command to start it. you can set the port and the server location ( where the proxy tunnels out i mean ) to the usual regions usa eu and so on. these settings can be set in the start comand arguments. the only issue is that everytime you start the proxy you get a random ip/url for others to connect through. the good news is that you can just leave the server on and the ip only changes when you kill the server and reboot. its very simple to use and I do recommend but if its a comon game you are using I would suggest using a custom port on the game as if other people use ngok for the same game and you happen to get their old ip you can get people accidentally joining your server instead of their own.

that happend a couple times during lockdown when mincraft was peaking in popularity again and everyone had servers on ngrok because of that so a coupel people joined my server by mistake and I joined a couple random servers too

what is a dedicated ip for a minecraft server

IP addresses are how computers find servers on the internet. If your IP isn't "dedicated" it might change occasionally or even worse - it might be shared by your ISP between multiple houses, which would mean nobody can find your server even with the correct address.

The real-world analog is street addresses - I live behind a shopfront and we share a street address, so I can't receive parcels directly and they have to be relayed to me by the shop - but with a shared (CGNAT) IP it's worse because there's are hundreds of routers with the same address and the internet company won't redirect incoming traffic where you want them to, only outgoing.

what

Care to be a tad more specific on what's confusing?

i dont know what any of what you wrote means

is it worth 5 dollars

If you want to run servers yes

If you don't... no

i just want to run one

for my friends and i

You want it then

okay thanks

You can do without, but it's much more complicated and you don't strike me as the sort to have much patience for it

Many don't.

@pseudo blade @sturdy torrent I think ik what you mean, and no you don't need one

Dedicated means you get the IP just for yourself

Shared means that you are sharing the IP with others and you just get a port

💀💀

Do I need a crossover cable for a router-WAP connection or will straight through work?

auto-mdix

so unless it's from the early 2000s or earlier, no
straight through works

ah yes that does exist

Thank you

damn u spotted that right

I've bought some powerline transmitters, hoping I could get the connection from my house to the garage some 30m away, but however I try them they would only work next to each other, separated by like 2-3m of mains cable, any further and they still sync up but no ping goes through. Are they supposed to be this crappy or did I just get a crappy model? I mean I'll return it anyway but I'm wondering if the technology itself is this crappy and buying a different moel won't help

Powerline networking has a few caveats. The less “connections” the better, and they don’t like crossing breakers. Best case scenario is to plug them directly in to wall outlets that are on the same breaker.

Anyone else here working with 32gb FC yet? The new LTT video with the apex card is cringe

If the garage is on a different phase it generally will not work with powerline. >2-3 meters is absolutely possible but most likely another model won't help and it's a physical problem.

I dont know if this belongs in networking but

Best bet is to stick a point-to-point wireless link on each side and link them up that way.

I heard malware can spread through your router

Yes. Routers are computers.

If I connect through making a guest wifi and then run malware

I should be safe, if possible it could spread through wifi

I heard thats the case, but wanted to make sure

They won't run Windows software, but if the malware is designed to run on the router, has bad configuration for the guest network and it's vulnerable to an exploit yes it can traverse.

Unlikely combination but not impossible.

alright

I actually (for fun, used exclusively on my own devices) built an exploit targeting a network vulnerability on an old Mikrotik RouterOS version that could itself run on ARM/MIPS routers, and did.

Well it's not that I want to run the malware, but I just want to report it without having to download it on my main machine

You can tether from a phone via WiFi, that's probably safe.

idk what you mean by that lol

You can google it

i mean idk how that would help me

It would use your phone's 4/5G connection instead of using your ISP's one with your other devices on it

Traffic shaping any use with T-Mobile swinging from an average of 50Mbps middle of the day and 2Mbps at what I can only guess is peak hours?

Could be perfectly ordinary and boring congestion.

Not much you can do for it if you're just using a phone or other omnidirectional antenna setup

TMHI Arcadian thing, ._. metal building

I’ve seen some people mount outdoor antennas to their gateways, it would require slightly modifying the gateway though. I’d see if you can get a Nokia Gateway from TMobile.

The Nokia is the best 5GHI gateway from them

I actually thought I had the better one, I thought that cylinder one people were calling the trashcan.

Oh it’s only called that because it looks like one 😂

socat -d -d -lm TCP4-LISTEN:1026,fork,reuseaddr,so-bindtodevice=docker0,range=172.17.0.0/24 TCP4:127.0.0.1:1025

I am trying to bind the port 1025 to docker0 so that it can listen on 1026, but whenever I enter the docker, I try to telnet on port 1026, it refuses to connect.
The service is working fine, whenever, I access it on the host.

Any suggestions?

Interestingly, if I expose it to the world via socat -d -d -lm TCP4-LISTEN:1026,fork,reuseaddr TCP4:127.0.0.1:1025 It is accessible from the web on port 1026.. but that comes with a security issue, so I would love to only allow connections on local.

not sure if it's the best place but I'm using ublock origin with chrome and I always get windows security notifications about my network admin not admitting filters.adtidy.org

This is a basic question compared to what you're all talking about however, trying to FTP to OG xbox for backing up EEPROM and for somereaon the IP addess is zeroed out while the "current" IP shows a 192 number. Should I just use the 192? I'm just curious cause all the vidoes I'm finding have the xbox showing the current ip address as No Link.

So, I just found out the gateway that I have to use from my isp has a max sessions of 8125. Is it just me or is that really small? I fell like two people gaming and another watching Netflix could blow that out of the water in a second. Please tell me if I’m wrong.

Would anyone know why I can't connect to my Ubuntu VM (using Hyper-V) through RDP? I checked and both the host machine and VM are on the same network 192.168.0.x

Also added an external switch to the VM

@fallow coral you generally connect to a different port or on the hyper-V it’s self to connect over rdp and not to the actual guest ip as that would connect to the vm guest ip and that would need to be rdp service installed on it.

I installed xrdp would that not work?

@fallow coral that would work, but are you logged in already?

no its just powered on

oh i guess it decided to work this time

@fallow coral that is an issue with xrdp you have to be already logged in for it to work. There might be some work arounds out there, but I haven’t found any good ones

Ubuntu has a rdp client by default on it

go to sharing in settings and turn it on

#networking message

Still looking for this, I really don't want to expose the host's network to the docker container, so I am looking for this option instead.

what sort of requirements would run a DHCP server

and a DNS

at the same time because i dont know weather i should migrate it all or not

im 100% running the DNS for adblocking but idk about the DHCP

Home made switch with 34 ports (it was $10, most of it was free)

i set this up network wide about 40 minutes ago

give or take and the only people in my house RN are me and my mum

15,303 blocked ads

does your mum use facebook?

yes

yeah most of them are google ad nameservers

and twitter

twitter is where most of them come from

good ole shitter

lmao i need to find some good lists that block youtube ads

i had one then google decided to make like 1000000 more nameservers that point to the same mf server

so i cant block them very well anymore

some ads are blocked well

there are regex rules that you can try but yea its a pain nowdays

i'll give them a shot

wtf i get 2.2% of dns queries blocked

yea thats true

also the thing is that i have adblock installed on most of my devices

i have purely malware and tracking domains blocked and im at 3.8%

hm i have much smaller amount of domains on adlist, maybe that affects it

yep

i have just default one

i got mine from a website that had a ton

firebog that was what it was called

At 25% here

Wether my connection is 3 Down/.75 Up or 50/20, how can I reserve enough just for me to play games? 😛

QOS

specifically i recommend fq_codel.

If you're on a home router little or nothing usually, though some offer game optimisers that claim to do something.
If your router supports fq_codel/CAKE you can use that and it'll try to fairly share bandwidth based on those algorithms, though it won't know what your games are specifically and will still drop some packets you don't want it to under load.
If you're using something quite a bit fancier and have equipment supporting it you can enable DSCP and prioritise traffic from your software at a per-application level - In Pro versions of Windows you can set it quite easily via group policy, idk if you can do it on home versions but you probably can somehow.

Unfortunately most queueing strategies I've seen aren't super tolerant of inconsistent bandwidth and expect you to declare what your bandwidth is and allocate from there - which kinda sucks in the scenario you propose above.

I honestly have no idea why this is the case and they can't detect this when packets start to get dropped.

You can but there is little you can do after the fact. UDP gives you the low latency needed but as with any realtime application, re-sending the missing data has no benefit.

With queuing, it's less about how well the various algos handle varying throughput and more about the fact that it's an egress mechanism. Unless you spend the time properly configuring your queues/policing inbound (which is not simple to do so effectively), you're only improving half, arguably the least important half, of the problem.

correct.

if you dont configure it right its basically worthless. As for fq_codel, it should never be dropping packets if its configured correctly O.o

i have 1000/1000 and i set my fq_codel thoroughput to 970. Does it sometimes hit like 1200. yeah. But it also sometimes hits 980. You want to set it to the worst case scenario not the best, even if it will bottleneck at it at 980. Although to be fair im a bit of a niche case in which id do actually max out my symmetrical gigabit link, in which in most home use cases QoS iwith gigabit is a waste of time.

If you're not dropping packets, you're buffering them

Well I am referring less about properly setting up your queuing method, yet properly setting up policing on inbound (from your provider) or shaping on inbound if you have the ability to do so.

You have no control over inbound traffic. During burst, traffic will be dropped when you hit your plan's rate or shaped until that queue is full. No queuing algorithm will save you if traffic is being dropped before it even reaches your equipment. The only way to influence inbound is to start dropping packets from larger flows far before you reach your max rate otherwise burst traffic is going to have the same impact with or without QoS

if you're buffering them, you're introducing latency because you're holding those packets to send later, and the larger the buffer the greater the possible delay. Routers will absolutely drop packets when the buffers fill.

You want a small buffer and to discard packets you weren't going to be able to send in a timely manner.

i know that, but if you have a buffer that big, fuck all you can do.

Well then you're definitely going to be dropping packets then, fair queue or not. Nothing wrong with that.

Of course inside enterprise networks they have other tricks for managing congestion (including signaling back to the source that the buffers are filling, name for that's on the tip of my tongue) but those don't work over public WAN

lol things like bgp

l3 switching, etc

im actually working on moving my entire home setup to l3 routing

just for fun

Not like BGP or routing

well those can absolutely assist with congestion.

LAN side that is

Compared to L2 routing? :P

outside of that on the wan side your talking things like mpls

yep. right now i have HA CARP pfsense setup doing the routing

and at work we are coming up on EoService for a bunch of cisco switches

so im about to grab some and set up full l3 switch routing

and yeah yeah my wording =p

you get what i mean though lol

You meant versus a flat network or CPU routing

no i mean layer 3 switches while just using pfsense as a network appliance

offloading routing to switches

Are you getting >gigabit between subnetworks/WAN?

not yet my servers support it, my switches dont.

which is why im grabbing these switches from work when they EoL them after 3 years this june

they are all 25gbit switches

too bad the palo altos are worthless =/

im not spending 500$ a year on their licensing.

thats their home lab license costs

right now i just have gigabit unifi switches

i run ruckus ap's though, which are amazing. got rid of all my unifi ap's. ruckus takes half the amount of ap's for the same coverage.

their proprietary beamforming antennas are absolute "chefs kiss"

my work uses cisco WAP's which are basically useless without licensing.

BGP or routing do not assist directly with congestion. They can be used to distribute flow evenly to reduce the chance of congestion, but that is all handled at the forwarding plane. Same goes with MPLS.

so reducing the chance isnt assisting?

🤔

mpls is a different thing entirely though

than bgp, but sure. tomato tomato.

also i havent heard the data plane called the forwarding plane in like 10 years o.o

I was taught forwarding plane

how old are you both?

thaaaats probably why hahahah

Excuse me

i did my network stuff when you were 12

im just old hahahah

im a security engineer, havent worked in the network field in a good bit.

It's not. QoS is assisting by actively managing queues. Using routing to distribute traffic via hashed flows is not assisting with congestion. A single flow can still cause congestion.

im not saying youre wrong, im saying you read too far into what i was saying.

i was being flippant, youre being literal

tone is impossible over text >.<

I'm not exactly certain why you feel that'd be relevant.

right way, wrong way, cisco way

I was taught Cisco, dealt with Mikrotik ever since. (And the occasional Dell,HP or Huawei)

every couple of years they change the tests and wording to make it so you have to retake them, same thing, different words

thats why its relevant, i was taught it a specific way, and cisco does cisco things lol

Thats understandable. I'm a network architect and my career has always been in the SP field so I can be picky on how things are explained

but since they make the exams, theycould decide to rename it the control plane in a couple of years hahaha

thats fair mate, no worries 🙂

I guess I could get used to calling my knee "the foot"

rofl, yeah, could you imagine if they actually just like did a mad libs for their new cert exams?

the absolute pandemonium would be amazing.

so instead of calling it port-security we are going to call it netsec so instead of no switchport port-security sticky int, it will now be no switchnet net-sec solid gigabit

my brain would come out of my ears

i hope there isnt a cisco engineer in here getting ideas >.>

That's why the IE is the only cert worth it's salt. No word games and just applying what you know.

actually it would be pretty fun to create a switching software with alias capabilities, just to really confuse new admins

100% agreed.

Went from an all Cisco shop then switched to an all Juniper and never looked back. Let my NP expire and just got my JNCIE-SP instead. Junos is love. Junos is life.

yeah, im currently working on getting my cissp back again after dealing with cancer for a few years. i let it expire, and am not amused how much i have to study again

i got out of networking after dealing with a few too many ASA's and wanting to throw myself out a window.

I don't work in a big networking shop and never have but really... do not care for Cisco's specific implementations of stuff though it keeps appearing on the job postings

Beyond switching and routing it seems to suck

oh ccna and ccnp are basically requirements to get your foot in the door

after which they are basically useless pieces of paper

I did content equivalent to CCNA+sec, everything since has been largely startups and software companies

im a security engineer for a fortune 1000 enterprise

and honestly im so sick of working here its insane

it want from like pure tech when i started

to now 80% of my day is meetings and politics

at this point i want deepfakes to get better so i can hook that up to chatgpt and just have it nod and hmm at the right times for me so i dont need to go to meetings anymore.

At the company I last worked at until layoff my day was literally just meetings and politics because I was a TAM for a software company

It wasn't as involved as the software dev job before that but it had its own charms really

the sheer amount of emails that i send are "per our conversation, you are requesting i do insert insanely stupid idea that breaks fedramp and iso27001 in like 40 different ways this."

my entire job at this point feels like listening to idiots rabble on about sales figures and future planning, attending audits, and sending CYA emails.

As long as nobody's expecting anything to happen while those meetings are occurring it's not that bad

The problem is when they schedule meetings all the time and then come at you for not meeting some target

yeah the problem is, im important enough that i cant just turn off my webcam and fall asleep

i have to pretend i care.

and show that im listening.

and honestly, i automated 99% of my job, i can monitor the siem while in the meetings and get an idea if anything is going wrong

log ingest is a magical thing

and spending the time setting up a good dashboard saves years of work.

You don't get paid lots of money to do shit manually

Not unless your company sucks

nope.

paid for as insurance..

when something goes wrong, its my head that rolls. im a well paid scapegoat.

notice i said when not if.

theres always going to be some idiot that opens up phishing emails or clicks on links they shouldnt, with roles that are high enough that i can't say no, and just have CYA emails.

CYA emails are an integral part of my workday

oh yeah.

when the CEO demands enterprise admin role, you explain in the nicest way possible all the ways this breaks security, goes against convention, and will probably cost us massive headaches...but at the end, they are the CEO, and they get it.

I saw that happen because of a stupid notetaking device that bricked itself if you didn't have the absolute latest desktop software at all times

i had the CRO, the CTO and the CFO all saying no, but somehow he still got it got 6 months before we were able to get it away.

"So instead of using the video delivery CDN that we pay $5/TB for, you want me to have the dev and ops depts create our own video distribution and delivery infrastructure, when we only have 50Gbps spare capacity split across 5 locations? Ok then, I'm gonna need that in an email, thanks."

hahahaha oh yeah. Please make the request via email so i can implement it in change management for approval"

I wonder if that would be considered a supply chain attack at that point...

might as well be.

Well a quick glance at their Wikipedia page suggests that people have gotten Linux running on them

It's these things: https://en.wikipedia.org/wiki/Remarkable_(tablet)

i ran our quartery-psuedorandom phishing test a few weeks ago...and i decided to up the difficulty to include domain spoofing and mostly HR templates with payroll and benefits requests

and 40% of the company failed it

The execs loved them. I hated them

including 2 of my co-engineers

the network and systems engineer failed it...I was like....are you guys fing serious?

"You want to complete replace all of our SAN infrastructure (on supported zfs deployments) with this random product because you read about it on r/homelab and 'hardware raid is better'? K den, email please"

IT SAYS EXTERNAL EMAIL IN IT

NGL I failed the first phishing test at my last company because it looked exactly like the 20 emails from HR's random-ass third party domains I actually did have to reply to

oh i have a better one than that...we had a (short lived) cfo that demanded we replace our fibre channel switches on our SAN with ethernet because "its what he knew"

the fucking LAUGHS we had about that.

as well as tears.

Oh I have no doubt

That's funny

that was a really fun 6 months.

From now on we're going D-link for the core switching and routing

"{CEO's internal pet project} is to be considered top priority. No, you can't delay any of the client projects that are already scheduled to consume 100% of the available dev time, what are you thinking?"

BEHOLD YOUR NEW CORE ROUTER

we ordered it put it in, and just monitored the helpdesk. after like 3 weeks, we handed him a fucking 1000 page stack of tickets saying the system is slow and barely working.

"Just code faster." The number of times I've had this one...

heh i say that to our devops sometimes, everyone gets a good laugh

Yep, small tech company I worked at with 2 devs including myself, got assigned a project to rewrite reports in 2 weeks, and about 10 tasks including training a support hire after that

"Why aren't you done?"

Yeah, but this isn't in jest. They're actually serious.

see this sort of thing is bad at small business levels, its STOCK PRICE CHANGING at my level

I actually CC'ed the boss'es rant about that to my personal email along with my reply

that cfo did NOT last long as there was a visible financial drop

Yup

becuase he was an absolute helmet.

"If you can't get {CEO's internal pet project} across the finish line without delaying client projects, I will just outsource it."
me: "Awesome! Email me so I don't have to support the mess that creates"

lol thats the ONE thing im lucky about in my job

we cant outsource as we work government contracts.

so i dont have to deal with "bob" from chicago who is definitely not an unpronouncable name in kolkota, india.

I don't, actually, it's an empty threat that he somehow thinks is going to make additional dev efficiency magically appear :p

oh im saying ANY outsourcing.

all of our external teams have to be previously vetted

Yup. We do everything internally, and suffer heavily from NIH

and inside our countries lines

well, you cant(i hope) do audits internally

anyways i need to go to sleep before my cat chews on my laptop monitor...last time it was a fun surprise expense. cheers guys.

Guess why I quit this job

The biggest of oofs

And by "concerns" around excessive billing I meant "I saved him $15k because the other dev ran up a huge Firebase bill"

Protip: If I am not getting ownership disbursements, I do not have a vested interest and will not be working more than my contracted hours.

If your guess was "he kept calling me at 3AM" you win a prize

lol. Only 1 person I work with has my phone number, and I have known him for over 20 years (and hired him)

He owned the company, unfortunately it was rather unavoidable

Oh shit I left a first name in that

You did

Oh well, it wasn't a very important name

rude! it was probably important to them!

what is a CNAME

https://en.wikipedia.org/wiki/CNAME_record

this the right thread to talk about NAS? if yes, i need opinions about this: https://linustechtips.com/topic/1507420-i-need-a-nas-and-red-crayons-taste-the-best/ and i really don't want another "just build your own". could do it yes, but there doesn't a case i can buy here and i don't have the cells to spare to set up the free software thingy

Yep.

This is the networking channel, you'd probably have a better set of options to talk about it in tech chat.

ok, thanks

If you're talking hard drives and gigabit networking for general file and media storage for playback I think NVMe and 16GB RAM are utterly unnecessary. Even base-model NAS units would likely be sufficient.

It's not a gaming PC

My last "NAS" was an Atom-based netbook with 1GB RAM and a USB hard drive and it was fine for 1080p for 1-2 users

depending on fs, 16GB might not be that over the top

It's a commodity NAS, it'll probably be EXT4 or BTRFS

Usually the former

I have a rule to trash these

Yeah, wild fluctuations here, especially seems worst between 6PM-10PM recently. I have OPNsense with router hooked up to it setup as AP. Gonna see if I can follow this guide, maybe set up multiples I can toggle depending on the time of day. https://docs.ibracorp.io/opnsense/

PSA for people who are annoyed by phishing tests at work.... open the headers of the test email and more than likely theres a thing that marks it as a phishing test. make a rule to trash em 😛

the lame ones they use at work are sorry-SO-OBVIOUS. I feel sad for anyone fooled by it. Our company puts a warning in email coming from outside, so it's fricken obvious it's not from HR.

knowbe4?

yep..., didn't think of making a rule, will do that now
Received: from psm.knowbe4.com

no, But really, how many vendors ask you send you links to an internal system? If you hover over all the links in an email, and they're all the same, it's obviously spam

the obvious fake ones are asking you to interact. You only need think "do I know this company?" Why do they think they know me? " to spot the HR tests

Mine is something like X-Phishme: Phishing_Test

Just bought an NIC
( UGREEN Gigabit Ethernet PCI Express PCI-E Network Controller Card 10/100/1000Mbps RJ45 LAN Adapter Converter for Desktop) ,
it's in the proper PCI_E1: PCIe 2.0 x1 slot and I've installed as per guide. I'm thinking dead card? I've read some answers like, rollback to a 2016 driver, but to no avail. How can I check to see if that particular slot has anything in it at all? Thank you!

yeah, although one tricked me as I wasn't really really paying attention, something about new approved software list

in the motherboard bios/uefi?

Oh yes, lol good ol bios. Thanks I'll have a look. Cheers!

Lol, only I can order a dead card, I mean....it's all I need right now. Time to go be a nice Canadian and go for a cold dip.

did you try reseating it just to make sure?

Yes many times, I'll try again though just incase. It happens, I'll just order a different brand I suppose.

Are the Seagate Constellation es.2 drives okay for a nas or game storage?

Are they used?

Yes

They're kinda old

They just needa store games tbh

I can get them for under $15 3tb a piece

They'll probably work as well as any other used enterprise drive.

I wouldn't rely on them

Do a RAID 10 or something

Nah I'm not jus gonna store steam games no biggie

They'll probably do that fine

I might just throw them in my pc tbh I have 4 drive bays

get about 3 for 9 tb

Yeah don't do a RAID 0 unless you want to be rebuilding your array kinda soon

They're likely 10 years old

Tbh I have no use for raid its legit just gonna store the downloaded games from steam nothing else

https://cdn.discordapp.com/attachments/439486209782317086/1108330938087264266/20230517_024934.jpg

Last I checked this channel is for connections, not kinects

If I'm getting like 30-60Mbps, do I do 30 for every 10Mbps, or even 3 for every 1Mbps?

Look closely