#networking

how do i even clean this

canned air definitely isn't strong enough

dunk it into bucket of 60-70% alcohol

really?

i mean i know it'd probably work but yeah

you can dunk anything except mechanical stuff (you still can but you have to relube it later)

proper way would be ultrasonic cleaner filled with proper electronic cleaning solution and then dunk into alcohol for quick drying

cleaned it up a tiny bit, let's turn it on

what even is that?

.

brocade icx 6450-48P

hopefully house doesn't go on fire

i do have a fire extinguisher

CO2

put it in dishwasher lmao

just like keyboards

https://youtu.be/SVuI-Fn27-U

looks like i'll need a console cable

i don't have one

can i make one

i can

can i skip flow control pins

Question on new router I'm looking at:

https://a.co/d/au1HY8R

I need it to support:

• 2.5 Gbps WAN as my Internet connection exceeds 1 Gbps.
• 2.5+ Gbps LAN so I can make use of this connection.
• I also have a hard drive dock connected to my current router via USB that i'd like to still be accessible on my network.

Can this router do all 3?

why dont you just buy your own cable, its like $10

Do you already have an accesspoint / is your current router AX / WIFI 6 capable?

btw the answer to you question is yes

Current router is an old Linksys WRT3200ACM. Modem is a Comcast XB7

current router cant do wifi 6 or AX

If you want the simple, non tinkery route, go with the router you sent.
If you would like to learn and thinker and able to eat a bit more cost, go with a mikrotik RB5009 + Unifi 7 Pro

Does it support custom firmware like DD-WRT or something

And if you want the extremely tinkery route, build your own router and buy a switch + a Unifi 7 pro

The asus router? I am sure it does

Openwrt probably

nod thanks 😄

+switch (2x 10g + 4 2.5g alexpress one is 30$) + poe injector + 10g dac cable

Poe injector not needed, switch no needed has he did not mention it, 10g dac isnt needed either.

just a 10g RJ45

well, if poe injector isnt included with the ubi, it is needed, but I think it is.

then a sfp+ to 10g base t which goes for 40-50$

If you buy it new.. ebay its like 10 bucks

well because i want it now and not in 2 days

oh, lena, hey 😄

and the cable i make myself is $0

hey

I got in the ISP's server room haha

please show me so i can buy it

just a sec

i mean, fair, but you have usb ends just laying around?

usb ends?

why would you need USB it's RS232

serial...

where do you live? so I can account for shipping

just plug it into the RS232 port on your computer or laptop

is it not cisco pinout?

eu

or a serial to usb adapter? i cant name a modern computer ive used that still has rs232

i honestly don't know

ouch, I feel you

Hungary myself

but you wont find it for 10$ anywhere in the world

oh won't I?

1g yes
10g no

meh, well. prices went up. 20$ is more like it

they never were 10$

shit, not even 20?? I bought my mikrotik for 15 locally

wow...

10g?

yea

25$ is current going rate on aliexpress

https://www.ebay.com/itm/315773440763?_skw=RJ45+SFP%2B&itmmeta=01J9A20YAPAMBVZ7STJN0PZTH8&hash=item49859052fb:g:QJUAAOSwGxtm7kBQ&itmprp=enc%3AAQAJAAAA4HoV3kP08IDx%2BKZ9MfhVJKnjOCh0ExyrtfF6Q6SqPZ%2FmTJfQjgFfb5q1pstZizolu9z5h02UWIEx9rAqmoj954z8u8WBNriVhP7AXiZSQ5KZKKDY8f4gsHDzaWcYQ%2BKxb6w5lFANL%2BT8Npy4RLSspmJfDamx2uCpDXOOjF%2FIsJ%2BqEqRl6zUIg9BgAeeZjYoLZ8NToDELpG9dsW5DGikyxUa8sYSpLveuTN%2FV1ibAokEcSaAeL37JJyzi1rBOSbVUBUz%2F%2BpYkey3Y94XEL56IcJSEbfC9ftyh9Aa5NMK1Y%2Bup|tkp%3ABFBMtuWDwspk

CHINA FOR THE WIN

mislabeled

if you got a mikrotik, its 99% it will work with it

ah, well. better ask seller first haha

china for the lose

lol

when you see how much genuine cisco ones cost...

yea, but cisco is like the DTAG of transceivers and network equipment

No sane human being uses cisco nowadays

Arista, juniper and mellanox for the win

except for the nsa

for switches, of course

for routers, there are good choices, better than cisco

i do
and no one pays msrp, we get like 80% off everything

who said you are a sane human being? :kek:

i'd like a nice router, right now my choice is to use opnsense but yeah idk what to get

good point

lenovo with mellanox connex 3

😉

nah i'm getting x520

Well, mikrotik is not sane either for not putting a fricking switch chip into CCR2004...XS

connectx-3 is EOL

then a connex 4 10G, trust me, its better, more so if you wanna play with XDP

i just bought a hpe dl380 g10 and a MSA 2060 that are dedicated for network monitoring
insanity isnt out of the question

you mean like the eBPF XDP?

yes

I dont think you can offload on X520 lol

yeah i've tried writing some eBPF components

oh you mean running eBPF on the NIC? oh

yes

arent all connex 4 sfp28/qsfp28

https://github.com/xdp-project/xdp-project/issues/53

nah, there is 10g

thats for xdp_fwd only no?

drops and other stuff will strangle cpu

https://www.ebay.com/itm/404383321176?

does the x520 support 1588v2

no idea

the x520 is from 2009 damn

is it even pcie 3.0?

PCIe v2.0 (5.0 GT/s)

yea, I messed up when ordering the x520-da2 😦

X710 is SFP+

We aint rich...

E810-XXVDA2 definitely supports 1588v2

i hate that so few nics support 1588v2 nowadays

btw @lost lily

I am surprised that the ISP not only did not tear up the contract, but invited me to their server room / dc and gave me permission to use their lab.

It turns out that my SFP ONT basically executed a layer 1 DoS

My whole flat's building went down because of it

not only the flat, but the full OLT went deaf

HUH

okay took 1h30m but i crimped my RJ45 plug, time to do RS232 crimes

YEA

They showed me in their lab

we set up 3 onts, all worked showed signals etc

Plugged in my ONT SFP w/o fiber, showed itself and tx rates

then plugged in the fiber, and every device went poof

Jesus, I'm surprised I didn't get sued, not that I GOT INTO THEIR DC...

WTF

hopefully it works

turned it into something a bit more permanent

Figured maybe I should ask here if this is normal, but switching from xfinity to a new isp 1gig fiber plan that includes an eero pro 6e, the xfinity modem/router box combo is insanely better wifi speeds everywhere in the home, compared to wifi speeds 10 inches away from the eero pro 6E. Calling the about their isp provided eero pro 6e, they claim getting 180-200mbs over wifi is normal, but with the xfinity joint i get 500-800 everywhere in the home. Is this just a normal thing for eeros? Should i bite the bullet and buy a personal router? Or should I complain and somehow convince them to give me a max 7 instead (apparently only included in their 2 gig and 5 gig plans). I only have the one pro 6e so its not a node/mesh connecting to the wrong router issue.

Gonna deploy this somewhere at some point, their current infrastructure is... an actual joke compared to this

they currently have a mix of 10 year old hp switches, back when they were like... procurves

You should be able to match the xfinity box with the eero pro 6e

You can try messing with the settings. Maybe it's set to 80MHz channel width and defaults to a static channel that may be congested

https://www.phoronix.com/news/NetworkManager-1.50

Apparently redhat doesn’t like the terminology “master” or “slave” to be used in network manager on Linux. Some might remember Hard drives even used to come with jumpers that were “master” or “slave” to determine the primary boot drive. Seems silly, but you can’t offend people I suppose. 😒

super happy, got them both up and running flawlessly

did you put them in a dishwasher?

no, i'll use the alcohol

checked they work and configured them properly

they're really nice

i'll wash them with alcohol and then probably noctua mod them to be dead silent

800W of PoE+ per switch

all for free99

yup

a friend's office was changing gear and he called me to go look if i wanted to grab anything, so i did

there was a bunch of very old stuff, like a 2U 12 port 10Mbps switch with 2 10/100Mbps uplinks

they had been decommissioned and were effectively "in the trash", but by asking the IT guy he said just take them

there was also a 2U UPS thingy with external batteries (not included), but it was very heavy and couldn't find anything on it online so i left it there

there were 4 gigabit 48p switches i didn't get because they didn't have any uplinks so useless to me

apparently these brocade icx 6450 have never been updated since 2012

which was... concerning

anyway, great deal, they are very very dirty (a level of dirty never before thought possible by me, when i first saw the inside i thought the PSU had caught on fire or something, it all looked black/melty

super nice 800W of PoE+

i dusted them a bit but they're not clean by any means, I'll have to deep clean them one of these days

yup, on all 48 ports, individually switchable

problem is i don't have a bucket of alcohol yet

anyway having good contacts is really cool

yeah thats why devs and later github officially changed the master branch to main, even though there wasn't really a "slave" branch, they still didnt like the master branch

you say they were dirty but consider this 1 year old switch stack

nah this one's dirtier

yes but imagine if i left it uncleaned for 10+ years like those

Hi everyone, in work I’m being driven towards networking at the minute, anyone have any resources or ideas on how I can get the basics down I want to try prep as much as possible

Consider GNS3 (free) and perhaps paying for a license for Cisco VIRL so you can get Cisco router images.

Routing: Mikrotik Cloud Hosted Router is free at 1mbps speeds and has a quite competent feature set. Also look at: VyOS

Cisco Packet Tracer is free and quite possibly good enough for you and Cisco Network Academy has some free materials for use with it including a 25 hour basic networking course.

if i open a specific port by enabling port forwarding on my home network does that potentially comprimise anything? also how does it work exactly

i just read channel desc and realized this is kind of basic should i take it to #tech-chat-1

Yes
You're exposing whatever service you're forwarding. If it has a security vulnerability it can be attacked by people on the internet.

minecraft

that wouldnt do anything right

That's usually OK as long as it's not a super old version (e.g Log4J vulnerability)

ok so it can only expose minecraft not my pc or the network

i mean no the network itself but everything on it

Versions 1.7 > 1.17.1 are apparently vulnerable to the Log4J exploit unless specifically mitigated if it helps.

that specific vulnerability risks your entire computer with the same permission Minecraft runs as

So yes it can get at your network and files and whatever

well im on the latest version

There could be other vulnerabilities but the risk isn't so severe

You're probably fine

But the general rule is never be complacent about anything you're putting on the internet

ok because we have some pretty high profile stuff that cant get exposed

im not risking all that to play mc with friends

Well in that case you need to look up network isolation and do it properly

i.e setting it up on a server in a DMZ, separate network and access controls, possibly run MC in a restricted VM/container etc.

The amount of effort to put in is proportionate to how much you have to lose

ill put it all in but i have a ~600$ laptop and im not really sure if it can run all that except maybe i can do something with aws?

like s3 or something

AWS is a safe bet but it'll be a smidge pricy

S3 in particular... well good luck with that lol, Simple Storage Service is named appropriately! It doesn't offer computing by itself, you'd want EC2 if you must use AWS, or just pay for a hosted service as those can be quite affordable

Running it in a docker container might be the easiest way of making it just a bit more secure

You can try signing up for Oracle's free tier on their OCI

^ not a bad idea at all

It's generally enough for vanilla minecraft

Why pay when you can make Oracle pay for once

Right? Corps love it when you pay them for shit you dont use

Do make backups outside of OCI though as they have been known to arbitrarily delete accounts

Yup, but it's usually just culling idle vms

Backups once a day is recommended still

That'd be a good use for S3

OCI free tier and keep your backups on S3 or remote drive

Make a script to automatically pull from backup and set the server up

onedrive?

idk about that

Who said onedrive?

Onedrive isnt too bad. You can use rclone to mount it but it isnt that fast

Onedrive is OK I guess

Gdrive you can generally get 1Gbps afaik

all this sounds extremely complicated and im just not sure if i can do it with what ik

It's a fun project imo

I got a year of 200GB of OneDrive storage free from Telstra a number of years back and apparently nobody got around to taking it away from me

The start is simple as learning the terminal and copying and pasting commands to get your server going

Oh wow that was 2016
Longest year ever

Well, it's not simple having to learn what each command does, but people have step by step guides for setting stuff up on OCI

I'd try the ARM OCI instances due to their huge RAM limits

Yeah ARM is the way

Not great for a lot of players but tons of RAM (24GB for free?!?)

vs. 1GB free on AMD CPUs

I know a couple folks run mc servers on the arm free instance

i love network equipment lights in the dark <3

ok, so to sum it all up, OCI free tier, backup on s3/onedrive, where to research? anything else?

Youtube has tons of guides for setting up mc on oci free tier

It'll be on Linux

Look into rclone for mounting s3

So probably the basics of securing a Linux game server

Try to only expose port 25565 and maybe SSH with certificate-based auth only so you can SCP files in

128GB RAM per server, and a Cisco Meraki MS220-48-HW for less than $200

i probably shouldve started with the fact that the og idea was to host my world over the internet

does that change things by a lot

That's why I gave the idea of using OCI

If you aren't comfortable with port forwarding, I usually recommend alternatives like proxies, check out ngrok or playit.gg

So you wouldnt have to do it on your home net

You can also use tailscale or zerotier

it does seem like a lot

Playit.gg is prob the simplest way

is that still fairly complex

No

That's VERY easy to set up

The deal with these services is they don't exempt you from having to secure the server

It has a gui to help you set evwrything up

This is actually a great idea if you don't need all and sundry to play with you, just trusted friends

No, you're still going to be vulnerable in some ways but I'm saying it's at least safer than poking holes in the home network

Not really?

Zerotier is 10/10 if you only need trusted folks to access your stuff

It's the same service either way

Ugh my 4G just got awful

All playit does is proxy traffic no?

Yeah

Looks like it just exposes your game server on their ports

you mean the host's?

As it is agentless for players

Yeah, basically nat traversal with extra steps lol

It's port forwarding with extra steps but works on a CGNAT

It's useful on cgnat though

Your PC > playit.gg > playit's IP and port

ahhh

So like if your Minecraft server version has a security vulnerability you're still in trouble

Issue rn is that you want to run it on a machine connected to a network with important stuff

So you still want additional security if as said you run other stuff you value not losing in the event of a breach

So you need to act accordingly and secure whatever is being exposed to the web

That's why using OCI is helpful

If you don't think the risk is that high, just port-forward it and update the version periodically

If you can, pleasee set up a firewall and VLAN as access ports, not trunk

Else... Tailscale or OCI

OCI is definitely the safest option though

Which is why I always steer people to that for minecraft lol

It's just less headaches in the future

If you had the netsec chops for it I'd also suggest running it in a VM/container with appropriate network access controls for guest and host as an alternative...

But probably harder to get perfect and !perfect = risk

no idea what that is unfortunately

Yep that's expected

i wish i did

Play around with VirtualBox, it's essentially a computer running inside of your current one

Virtual machine

but anyway; OCI + S3? its literally just me and very trusted friends

Or just use tailscale if it's trusted friends

Tailscale free tier is limited to 3 users

ok i was thinking about that for other reasons anyway

Oh is it that low?

Yep

Gross

Zerotier would be my goto

I use Wireguard so I wouldn't know

Are you hosting like, a local save file?

oh me?

yeah

yes

If so, load the Essentials mod, there's a friends system and you can host it without any of this headache

What do you mean a local save file lol, all save files are local to something

I didn't know if it was any old world or a server

side question: for hosting over lan do i create an inbound rule

in Defender

You need to allow inbound on port 25565 for windows firewall

ok thats what i was thinking

should i disable when not in use

It will prompt you on the computer itself the first time you try if you're running Windows

You can allow it there

Otherwise you have to go into Windows Firewall and explicitly add it

wdym prompt

and what computer, host?

Not really a risk on that port but it's good practice I guess. You could also just set the rule to only forward to the specific java executable used by the server

Ask you with a box that pops up

Sure

yeah but prompt what

windows defender firewall rule allow

it's a uac prompt

that yea

Like this but java/openjdk

wait so when will it prompt that

First attempt at running the server

And only the first

After that you fend for yourself if you didn't say yes

but this is for hosting my world over lan

Yes

No difference

hm

This process is not port forwarding

right

Just allowing access on Windows Firewall to the application from the network

so when i click what, open to lan?

Yes but that's not ideal for anything but local, else you'd want to run Minecraft Server

For the firewall step... It's in the screenshot. Allow Access.

Even when running local games I prefer the stability of running the dedicated server even if that uses more RAM

ok

i got that now

back to original question, setting up a server: Tailscale? Zerotier?

or other possiblities

Zerotier I guess

Up to 25 members free apparently

Bit more of a PITA than port forwarding because everyone needs to run the client to play but nobody you don't grant access can gain access

ok, im not trying to take up all your time or any more than i have, but you guys mentioned a whole lot of services, and im kind of lost

ill go with zerotier if you say it doesnt matter too much but still

Good plan

alright zerotier it is, thank you so much for the help

No problem!

I need some networking help I am not sure what to do or if it is possible I am trying to set up a wireless router in my office. I would like too if possible have my second router to connect to my first router wirelessly and then use the ports in the back of my second router to connect my office computer with ethernet

Question yall

Why create extra VLAN's if you can have a giant flat network

Zerotier is goated

You just gotta help your friends install the client then you can basically just manage everything else yourself

Anyone know what the hell this thing is? I've looked it up but I still don't understand exactly what it is...

https://www.juniper.net/content/dam/www/assets/datasheets/us/en/security/srx3400-srx3600-services-gateways.pdf

https://www.cisco.com/c/en/us/products/routers/what-is-a-network-gateway.html

Thanks, I'm just now starting to learn about networking stuff. The thing I really didn't get is the whole "firewall" part. I thought firewalls were more or less built into devices for networks. I'm assuming this means you can have a computer plugged into a network that's a dedicated firewall for the network?

(Or I should say, the firewall part is what really confused me. The gateway article was helpful)

It's helpful to have firewalls at the network boundaries to control access to the networks so you can guarantee security at different levels - Defence in depth!

When you reach certain levels of scale and bandwidth sometimes it is preferable to have separate appliances. This one's configurable with an Intrusion Prevention System (IPS) which is much more sophisticated than what your other network devices might have

Like instead of just blocking ports or whatever you can detect specific patterns indicative of a hacking attempt

It's probably also worth saying that this one's modular so you can put different stuff in it based on your needs and all the parts attach to a (comparatively) fast backplane so you can customise it to your requirements

Imagine your a mother and you want to monitor and managed and control EVERYTHING your children do on the internet and keep them safe etc

You can manually allow or block whatever you like
You can prevent people from playing certain online games you can block youtube or netflix

lol wut

DNS sinkhole

I'm using pfsense as a firewall

Yeah no using this for parental controls is like flying your own 747 to work

Your not wrong

Ok maybe not quite but a Dash 8 at least

Imagine replacing SSL Cert's with your own Certifcate lol

just for parental control

I think endpoint software (or perhaps... parenting) would be a neater approach

hold on did you suggest actually parenting? How dare you

Parental controls are for parents who don't have control

Again your not wrong

Would still 10/10 run my own DNS server locally

it's basically a copy of everyone's web history

someone is being dumb and clicking on malware links?

Time for a 3 lecture on cyber security

It really isn't, especially now with DoH

Will block DoH with my pfsense firewall

DoT is easy to block but while DoH is much harder to completely block

The harder I make it the more unlikely people won't be able to get around it

Endpoint software and browser extensions

But really the only way to win is blocking internet access entirely

Can't stop someone with browser extensions

can install chrome and firefox without admin after all

endpoint software

endpoint software is useful yes

If you don't have admin over the device, don't let it on the network

Look Meagus....

My software only works on Windows XP

I don't have admin over them

but they work with my regular user account

why does industrial ethernet look so good

Because it's built to last in extreme environments for a long time

At least for this type of product

Industrial/commercial will also use any ol' consumer grade shit when they can, it's just cheaper

i have to spent couple hundred on a new router and switch bc i got a range extender and when i use the extender i cant use the spetrum app to port forward so i brought a switch and a tp link router

i was using spetrums wifi pods they suck

does any one know what the rental cost is

for the pods and router

i cant look it up i only got one bar yall might get this 10 min later than i send it

im traveling thats why 1 bar

enterprise arhitect review
application denied
regards,
Enterprise arhitect

Is it bad to use an Orbi SXR50 router without putting my ISP's modem in bridge mode?

Do all mesh routers have a bridge mode because I can not find it on my new one i got

I got a d-link ax4860 wifi 6 router

Due to a VERY limited budget employees may chose to use their own laptops

Please keep this in mind when setting up endpoint protection

I'll going to guilt trip whoever tries handing me their resignation letter

Old one needs to be put in bridge mode not new one

Byod is well defined, device would need at least a intune enrollment

My old one is the one from my isp and I am looking to have them in two different rooms is that possible

No no no

Sales team

brings their own devices and does whatever work they need to on our network

Same with marketing

Good luck connecting to it when proper 802.1x is in place

Due to budget constraint please use unmanaged switches

Due to budget reasons no network will be deployed 😏

The executive request the ability to RDP to their desktop

Please that happen EOD

If business isnt profitable enough for proper security to be implemented i wouldnt work for them

Please stop by my office at 3

HR will be there

So you want to use both isp router (presumably for wifi) and new router?

We aRe like a FAMILY here Martin

Yes if possible I would like too use my new router as like an extender for another room in my house

lol

Well only option would be to put new router into ap mode

I need to attack this stance as much as possible

How would I do that i didn't see anything for ap mode on this router

Turn off the DHCP server in Setup > Local Network

Would that still let me use wireless or would it have to be plugged into the other router

*comtacts fellas in dark places for a suprise security assessment

Comes with free off site backup

i want this in my home

if i have a pi hole and a domain that is online like it works online . would it load the domain online or domain i used in pihole?

aircraft ethernet is interesting

is there a way to remove this for domain that arent valid ? like using pihole plus nginx proxy manager?

make a trusted ssl cert in nginx proxy manager

already did

you need to trust the CA on all your devices

Because crazy expensive

Yeah you know anyone that cowboy's going to sue you when it inevitably fucks up

Life's too short for contrived bullshit

If you don't have money for basic employee support equipment you do not have money to hire staff and run a business

@thick minnow Thanks for the explanations from you guys. That helps a lot. I barely understand firewalls outside of the very basics. I didn't realize you can have a machine that's dedicated as a firewall on a network. I'm just use to OS's like Windows that have them built in, lmao.

You still use endpoint firewalls too

It's just more security layers

If you're looking for more resources, Cloudflare's learning center is one of my favorite places for all sorts of network +internet stuff. https://www.cloudflare.com/learning/

You can't trust the built in firewall to do jack

Take windows 7 for example it is EOL but many enterprise companies still use it

How can they use a EOL OS?

Many layers of security

FIrewall
Endpoint Protection
Vlan's ( someone should shoot for me for mentioning vlan)
Some sort of Anti malware/virus software

etc

I mean you could alternatively just buy a domain

register a real certifcate for it

blah blah

Have better internal websites then most companies

The number of places I've worked where hundreds of internal tools / websites all have self-signed certificates is far too damn high. Especially now that Let's Encrypt has been free for years.

Bet your CURRENT workplace

Also has some internal sites with either no cert or a self signed cert

i have one in cloudflare but if i use it with letsencrypt it errors lmao . using pihole for dns btw so no idea probly just misconfiguration or something

nah apache2 is just a pain syntax wise

welp no idea . pihole, nginx proxy manager . but probly it is something in there .

I used to use pihole which is awesome cuz you can spy on your entire network

But I moved to pfsense

How do I handle DNS? I do not lol DoT let's go

i will create one if i can get a hands on another pc or server .

dns over tls

been thinking of using proxmox and pfsense

but need to back up all my files to my current server lmao

I tried to get pfsense working within proxmox

wouldn't happen just no

i dont have enough storage for my pc to back it up

why ? i thought you could wokr with it with just virtualy

high avaiablity on low end hardware was also a pain

to be fair said low end hardware uses ddr2 and ddr3 memory

like mine

can't access promox after restarting the server because it won't grab an IP from pfsense

like this low end hardware?

I tried going into network manager and made the management port dynamic

and that like broke stuff

god damn bro a celeron???

ohhh that is why they said you would need 3 ?

i mean 3 ethernet port fior it

I had a PC with 4 ethernet ports

1 wan , 1 for pfsense , one for proxmox

Here's what I do for everything to work decently

yep

surprise either

4 port mini desktop handles pfsense and handles DNS via DNS over TLS

that it can do stuff lol. plan to buy the 8gb stick for it

now my ISP can see what websites I am going to yes

but they don't quite get my search history

because they aren't my DNS server

you mean by 4 port means the pcie 4 port one right ?

I mean I bought a mini desktop from amazon for like 100 bucks that has 4 ethernet ports via PCI

Each is seperate

i see

yea they say mini desktops are good for home lab . and quite low power

After pfsense which is my router and firewall we go to a unmanaged switch which goes to everything else

multiple old desktops

running proxmox

was gonna say old desktop one that you use for work lmao

multiple instances of whatever I want lol

I have a windows 10 VM that is ALWAYS offline

imagine having gucci network server and using old desktop with that big as monitor

on it's own vlan

and only exist when I need to load work stuff

like citrix

MFA token software

ohhh yea like they say they put their work laptop on vlan so work cant spy to them lmao

see their browsing history also they using work laptop to some shady sites , noice

where can i find more

yow why deleting some evidence lmao

Don't wanna give LTT staff any ideas

10/10 chance everything is logged

lmao

and already screenshoted

yup

I doubt my manager cares

it's more so I just need to look avaiable to clients

so mouse jiggler for the win

lmao

yea and make sure to reply promtly

I'll get a notifcation on my phone via teams

also anyone reaching out to ME

is rare

:3

rgb

The colour coding goes like this
Server 1/1 | Server 1/2 | Server 1/iDRAC

You get the idea, there's 2 more servers

i would imagine enterprise server having that color coding along with the UTP cable lmao

I like the small abstract things

If the cable is coloured, then it looks messy

depends on how it is cabled manage

it's 6 inches each

but imo if there's multiple cable colours then it looks ugly

welp i only have color yellow and blue lmao

and clear rj45

normie

haha

oh I do the color coding via boots

I personally don't like boots

I'll buy a few of them because they're so hot

Hey can anyine help me i just bought a tplink archer A8 wifi router to connect yo the ethernet cable in my dorm but its not working, it says connected but no internet

can you belive that some companies dont even have a ticketing system?

need some help with my ISP wifi I have moved it from it orginal place now i get better range but the speeds are really low when i do a test on my phonr i get like 50mbps im surpose to get like 500 what is the most budget way to increase my speeds

There are a dozen LTT Videos you could watch

https://www.youtube.com/watch?v=kqnvrjgyEMc

https://www.youtube.com/watch?v=tqbnjgbtDl0

https://www.youtube.com/watch?v=b0vy1VzFbf8

@forest sandal @tired leaf just watch these

Hello. I'm looking to expand wifi/internet in my house. I currently have powerline adapters but can no longer use it as it requires the first one be plugged directly into a wall outlet and I no longer have a wall outlet to plug into (new AC taking up that outlet).

I have Xfinity internet and a Xfi modem so was looking to get the Xfi pods but wondering if there is a better option available?

Preferably with at least 1 ethernet port as well.

None of these will work for me because i want to use wierless to my phone i have ethernet to my pc and its really fast its just to my phone its sloe

mesh

Get another ap

It didnt work, but the thing is i dont even have internet in the first place it says connected but no internet

did you pay your bills?

I dont have a AP

what mesh do i get that is affordable and wheere do i put them

i live in a dorm, i have a single ethernet port on the wall which does have internet if i plug it directly bto my laptop

Get one

Run Ethernet no another place in the house and put an AP to get better wireless coverage

what ap do i get and where do i put it

i have 2 floor my router is downstarirs

is it best to get a xtender or mesh or AP

Get some Access points that support mesh

Like uh the Deco's on short curcuit

so get both ap and mesh

I cant afford that

Mesh systems are types of Access Points with wireless backhaul

Usually suck, if you can get Ethernet to the place you need to put an AP it'll be better

waht

so the best would be a ap

Get a mikrotik router, decide which interface you want to be the WAN, assign a DHCP client to it, make it a NAT Maskquerade interface, make a bridge for the other interfaces, voila, there you have your own router and switch for just one port.

It works with your tplink router aswell

there has to be a setting for DHCP client

Is it eduroam?

Eduroam is only for WIFI no?

Nope

it is both wireless and wired access

Ah

and you need to install a profile/configure it for both

Yea i have a profile

hey all, i've recently bought a TP-link 4g router and i'm not able to get into the gateway? manual says it's 1.1 or a different link and i've tried both and still nothing. it works ONLY on wifi but ethernet i'm not able to access gateway?

btw @tight pecan and @ornate jungle nothing worked so i just bought a new cable and its working at full now

2500mbps

so the fix was the cable the whole time

Excellent. Sometimes it's the simplest things.

when it isnt dns its the cable

^ take a dozen network cables and hit all your networking equipment until it starts working

What if my router is masochist?

Comrade please explain the problem

All routers and switches and access points are masochist

Mah, but they have sadist selfs like their DNS server

Here is the problem with DNS

They need constant attention

DNS is for lazy people

Type that IP out!!!

IPv6, to be exact

Here's how to handle IPv6

You setup IPv6 internally

Specifically ONLY lan

Then disable it via wan

Ip6 jokes

that time to live is decent locally

not decent outside of your network

Check the address…

facebook is using 1 minute???

I guess they can take the abuse?

Check the ipv6 address ffs

I see the word face

b00c

Poor guys dont have k cuz hex

oh I see what you mean

Nah u just messing with me lmao

huh?

I have no idea what u just said this is like alien languange to me

Okay.

Does your router have DHCP Client option for its WAN port?

I need some help with openwrt

Is anybody here good with it

I just can't get IPv6 in LAN

But I have my IPV6-PD from wan6 interface and have marked the box (Delegate IPv6 prefixes)

What do you mean you need help? Your clearly looking to suffer

To suffer ?

I mean it should just work

it should delegate it to the lan interface

at least I have all the box ticked how it should

Just weird it says undefined

openwrt belongs to gentoo daily drivers

Disable IPv6

Problem solved

^ valid

It's not that I need it, my IPv4 is not under a CGNAT or anything, it's just that I wanted it to work
just because ...

gentoo is based tho

On another note

I have ssh working, but sftp doesn't

nginx redirects correctly based on the subdomain for ssh
Just not filezilla, always throws me to the wrong server

does anyone know a good discord ticket bot ?

Problem for most is letsencrypt isn't usable for internal services and they're too incompetent to configure AD's CA functionality even though it's really not that hard

I am genuinely at the point where I'll bluntly state that most sys+net admins are not worth their salt

I work with too many dumbasses leading global IT infra to think differently

I'm quite tempted to make some of our internal tools more publicly available

Just set up a CA

If they don't need to be public making them so is a liability

May as well just keep it fully internal if I were to do that

Not always a bad thing

If you build stuff designed for public use sure, but internal tools being only internal makes sense

I still remember a former MSP I worked for putting a customer's Endian firewall with a default password directly on the internet so they could put a letsencrypt cert on it

Well yeah that's stupid

...And the internal documentation server

Things like billing systems that are currently internal only, yet occasionally external access is super handy

Maybe

Depends on the value and security model employed

Perhaps if they were behind CF Zero Trust w/ SSO

We use a combination of publicly reachable but SSO and VPN-only but also SSO tools

Anything built by us with visibility into customer data is VPN only

It all has granular access control but why tempt fate

We're playing with tailscale for some stuff but not all

But yeah if it doesn't need public visibility don't give it public visibility, and that means figuring out your own certs or otherwise not using letsencrypt

I've been hosting this for couple years now, has been pretty solid: https://discordtickets.app/

um if anyone and I mean anyone knew about that on the client management side like idk security

Security should swoop in with a roundhouse kick for everyone

I found it, reported it and remediated it

Within the span of an hour or so

Reported it to your MSP first right?

not the client first?

Nah I told the Sydney Morning Herald

No shit I informed management first

I was like huh? Were you depressed?

Want management to hang you?

It was immediately remediated and the customer got a report later (not long after), along with every other serious vulnerability I found in the year or so I worked there

raise or anything?

Ha.

We both know the truth

never

Hey guys, I need some help

I have my ONT, that is connected to my router (wan vlan 11 for network & wan vlan 12 for voip)

I want to access the vlan interface (telnet or http)

But I need to disconect from the router, and plug to a laptop and set
IP: 192.168.100.20
Gateway: 192.168.100.1
Network Mask: 255.255.255.0

Is there a way on openwrt to do that ?

So I can access it without unplugging from the router

how to route it ?

openwrt

@gilded ingot Is your ONT an SFP stick?

No, its a LXT-010H-D

Like this

I connect the ethernet port to WAN of router and wan & wan6 are tagged with vlan 11 and voip with vlan 12

To configure it or read values I need to disconect wan and connect directly to my laptop

😭 here we only have wireless

Not used OpenWRT before, but something along the lines of a static route for that subnet to that interface may work? And maybe an additional rule to allow traffic in that direction from the WAN? Assuming your usual WAN configuration just gets an IP in that 192.168.100.0/24 address space and you're double NATing? Or do you just bind directly to your external IP?

I just bind to the IP, I have DHCP set and it gets both my IPv4 & IPv6-PD from the ISP.
I have the ONT "emulate" the HW ID, MAC etc of my old router so I can connect without having to Bridge with the shit ISP router.

I've tried this

Didn't set a gateway since it really isn't needed, I just want access to the http interface

Didn't set a vlan neither, since when I plug it to the laptop and set the IP, usually it just works, so it's not on any vlan, unlike the wan that is on vlan 11

These are my firewall rules, not sure If I need to set something here ?

Ok, I've set gateway on the interface as well but doesn't seem to do anything still, now I can traceroute and it goes to 100.1 if I do 100.xxx (I've set up a route for 100.0/24 as well to route to 100.1
But it doesn't load anything

I've noticed it redirects to https

I think I just have to mess with the firewall

Yup that was just it
I was just dummmbbb

Noice 😄

So I assume you just set a new interface up with VLAN 0 or whatever the untagged VLAN ID is?

Are these good values for TX / RX ?

Yeah untagged vlan on wan interface with a static ip of 100.2 and no gateway and put it on the wan firewall rules, worked

I feel like -20 is a fairly low value but it could be the norm for residential. I know when I'm working with long range fibre with Cisco it tends to warn at around -20dBm but if it's working I wouldn't be too concerned

It may just be you're either far away from the exchange or the fibre has a lot of joins on it

It's a mess in the living room where the ONT is the fiber as a couple of bends

Let me get the cabling better

I should be having 500/100 but only getting like 80 / 90, either fiber or it's the provider

If so I have to plug back in their router so when I call support then it isn't "off" and they can run their diagnostics

Ah fair enough, is the hardware you're running on your router capable enough too? Assume you get the same speeds on the ISP router?

Or a broken cable from ont to the router

Yeah, well on the package I'm currently yeah same, I just wanted to get rid of bridge mode.
But if I swap to 1000 which I will, I would "only" get 900 and a bit

and with this ONT being a 2.5Gb one I get more (from what a friend I have recommended for that reason and is more stable overall than the router)

Cause I know they run 2.5Gb links and only use 1000 on my ISP

Not link speed related

Yeah I've got a similar setup to you, my ONT is plugged straight into my switch and sits on a non-routed VLAN and my pfSense VM has it's WAN interface on that same VLAN

I much prefer not using the ISP router where I can

the datasheet says it's good down to -27, so it should be fine. On the lower side but if they're using bigger splitters then that's to be expected, I wouldn't be concerned

I've seen a few of our ONTs still work fine past that point before

Can you see any CRC or dropped packets on the ONT or on your router?

I even have IPv6 with Prefix Delegation (a /60 one at that), but since I restarted the ONT it takes a couple hours to get the ip

Yeah I can

On which side?

ONT
one sec

Might be other menu that gives me more statistics
I dunno

Some errors ?

Yeah they look all good tbf

I'll mess with the cable since is QUITE BENT

and see if it gets better

You running those tests over wifi out of interest?

Well, now on wifi, but same on ethernet

It's Wifi 6 anyway

What are you using as a switch?

I've done a local speedtest with wifi and caps at 1Gbps which is the router ports speed

You sure it's not negotiating a link somewhere at 100Mbps?

No switch at all

Ah okay

Nah I've had 500 working for quite a while, it's either the cable or their side

Copy 🙂

I even get more than 500 when it works, like 550 and 120 up

just being iffy rn

Bruh why openwrt

Just literally anything else

cuz it runs on potato

^ This could fix all your openwrt issues

literaly have 2 of them in my dc just for voice

@waxen scroll @clear igloo

I have SPAN setup now

y u no sflow/netflow 😛

I want all /s

lol

Hey guys, I'm having weird networking issues and I am clueless about networking.

I can stream / download just fine, however playing any online games is almost impossible. My ping is usually 30ms to servers near me, but it tends to wildly jump from 30 to 300 or even 1500ms.
I've looked for solutions to this earlier today but couldn't find anything conclusive. I've ran a bufferbloat speedtest and here any the results:
https://www.waveform.com/tools/bufferbloat?test-id=640829ec-14ed-40aa-9041-d1bf7515ca16

https://www.waveform.com/tools/bufferbloat?test-id=ea72244b-6019-41e8-99da-928b7fbe8862

The results were done back to back, and yet they differ so much?

I've been using the same router for over a year, and while I had issues before, it was nowhere near this bad. Currently, any online play is basically impossible due to these spikes.

Additionally, I've decided to run Pingplotter to google and WoW servers.
Google ping: https://share.pingplotter.com/sDSGbWaUez
185.60.112.157 (Blizzard holland server): https://share.pingplotter.com/CNZjF8c9pbw
185.60.112.158 (blizzard holland server): https://share.pingplotter.com/aTnsXcg7KSn
185.60.114.159 (blizzard france servers): https://share.pingplotter.com/5ksaSzz9Yo7

These pingplotter results to blizzard servers look absolutely horrendous. Can anyone point me in the right direction on how I can try to fix it?

dont think we have the option to edit it

this thing is so annoying, i dont understand how with fiber im getting 480 down/950 up wired lmao

damn bro that 9Mbps upload ain't gonna help, for comparison mine is 90Mbps and it's playable on NA servers with minimal issues and I live in Southwest Asia.
You might need something that can increase that upload as it does in fact help alot.

Get your own AP and see if that works

Could even just get your own router if you want

I'd double check with them to see if they can help you change settings though

I think I was having additional issues yesterday on top of it . What about the pingtests, any clues why they fluctuate so much?

Is that on fiber or?
Small or large ISP?

Large isp, fiber. Funny thing is now everything is working without issues. This had to be an ISP issue and they never communicated anything...

hi chattt :3

Nice switch :D

Wait it is

It's not a ubi
Nice

How much was it?

Wait sorry fornthe late reply but how do i do that and will that give me internet access?

R u talking about this?

No. Go to internet

I didnt see anything about the wan port here

Wait im a dumbass

U emant the other intwrnet i assume

Only this though

What options are there for dynamic ip?

advanced settings

I chose dynamic cuz i wasnt eeally sure and it recommended me that when i wa setting it up

And you are on eduroam? If so, I'm not sure about the procedure here. maybe @opal pagoda is familiar

Well my on camous wifi is eduroam, but im not sure in the dorm what it is

ask

I tried looking at like the website for the dorm internet but i didnt see it, ill maybe call them later during the speaking time or send an email would be easier

Also i have class now

Download eduroam installer from your institution and go through install process again, there is a check box if you also want to install wired profile alongside wireless profile

First get your pc working with it then you can tinker with the router when you verify that it actually works

like $200 for all of it

plus meraki license :>

plus a 3yr license

Included in the $200? Nice!

FOR THAT CISCO???

gimme gimme

Old resold Ewaste I assume?

anything that has gig ethernets and 10g uplinks is not ewaste

Idk if it does SFP ports might not have 10g, but if it does that’s great.

they 100% do

That’s fair. Idk the model if it used SFP (1G) instead of SFP+(10G) then it could be slower, but it’d have to be old or depend on the 4 SFP ports as LACP uplinks to reach (4G)

everything in my rack

WTF

gimmmeeeee

Are u US based?

yea

nuh uh

Got a 9300LM-48UX-4Y for my core
Yummy 25Gb uplinks

Hey everyone. I upgraded my fritzbox a few days ago and since then i have crazy "ping spikes" in my lan network. wifi is running just fine.
on LAN like my computer there are moments where for example discord messages are not sent, http requests just stop working, livestreams hang up. like a short disruption in network connectivity. when i then ping google.de everything is fine, so it's not literally the ping that is bad.

any ideas how i could debug this?

Please ping me on answers :)

Ive fixed my router, it was actually just a simple fix

Just curious if anyone is aware of any relatively affordable 10Gb/s ethernet (RJ-45) switches. It seems like you can get 5xPorts 2.5Gb/s for like $80 CAD but the 10Gb/a are hard to find for under $300 CAD.

Unmanaged is fine, no need for PoE, SFP etc.

how many 10g ports?

I only need a couple, so a standard ~5port switch is plenty

https://www.servethehome.com/mikrotik-crs304-4xg-in-4-port-10gbase-t-switch-launched/
If just 4 ports this should work nicely if you can find it

$199

Perfect. Thank you!

I don't know why this wasn't showing up when I was searching across different websites. The cheapest I was finding was a TP-Link which was like $329 CAD

It launched just a few days ago I believe

yup

Ahh, that would explain it

if you want it even cheaper than this with 2x 25$ sfp+ to 10gbaset modules is a option

or use it in addition to mikrotik switch to get more 2.5g ports

tbh i would have liked one sfp+ port even if only combo port

Yah I can definitely see that being a nice option

Maybe swap the PoE power port for an SFP+ port as a second model or something

eh 1g port on it is basically useless except for managment

since it has to go through mgmt processor and not directly to switch chip

Thanks. I only need 2-3 ports, but want the full 10Gb/s since we now have 8Gb/s synchronous fibre available for $90/month CAD

i can tell you that you dont need 8g at home

Agreed. Just because I don't need it doesn't mean I don't want it though haha

if they have plan for 2g that would be plenty and save that money for nicer switch

Yeah I'll consider that, especially with the Amazon deals on at the moment

i can tell you that a business with 600 employes has 2x 200mbps and utilisation isnt maxed out at all
basically never gets maxed out

Need some help trying to setup Ubiquiti AP but the app can’t find it I have a switch connect to my isp router and then the AP connected to a POE port on the switch

I work at a school with 1200+ people (they like youtube if the teachers dont catch them) & we barely hit 500mbps of our 10gb connections, saving your money for a better internal network would be a good option

I feel like I've asked this before but will it be fine if I turn of the DHCP server on my isp router (modem built in) off and use my own router that is on the same subnet for DHCP?

huh?

you can't bridge the ISP modem?

Hear me out @tame cave

modem to fancy router to switch

from switch to everything else and your mesh access points

10.0.0.1
255.255.255.0 /24

10.0.0.10 - 10.0.0.100

Here ya go

IP for the router
subnet / mask

dhcp range

if the router supports it

clone the mac address of your modem

additional info: when connecting to my local ubuntu machine (also in LAN) and run ping google.de i can see the ping stays below 4ms but sometimes the timing of the ping is too long...

what i saw is that some lines show a (DUP!) behind then ping, like:

64 bytes from 216.58.212.163: icmp_seq=155 ttl=250 time=6.607 ms (DUP!)
64 bytes from 216.58.212.163: icmp_seq=156 ttl=250 time=6.593 ms
64 bytes from 216.58.212.163: icmp_seq=156 ttl=250 time=7.711 ms (DUP!)
64 bytes from 216.58.212.163: icmp_seq=157 ttl=250 time=6.531 ms
64 bytes from 216.58.212.163: icmp_seq=157 ttl=250 time=6.545 ms (DUP!)

i've never seen that before

Final result also seems like a lot of package loss:

--- google.de ping statistics ---
204 packets transmitted, 160 packets received, +3 duplicates, 21% packet loss
round-trip min/avg/max/stddev = 2.028/3.037/7.711/0.994 ms

I bought a 2.5G switch to take advantage of the 2.5G NICs on my NAS (F4-423 running TRUENAS Scale) and PC. When I connect my Router, NAS and PC to the switch, PC connects to the internet properly but the NAS doesn't show up at all. Any thoughts? Does connecting the NAS to the switch instead of the router cause the IP address to change?

If it’s a unmanaged switch no.

Make sure your nas and pc are the same mtu and your not using jumbo frames on one and not the other if that’s something your using.

UnManaged switch’s also don’t usually respect vlan tagging

my router's MTU is set to automatic. Not sure about NAS. How do I check that?

Sorry it’s been a while since I used truenas if you can ssh into it you can try ip addr and see the mtu

its set as 1500 on the NAS. So I'm thinking my router would match that since its set to automatic?

1500 is default anything above would be jumbo.

Yes should match

Check your cables make sure they aren’t loose or bad

in any case I'm getting a new router this weekend from the ISP. I will try again once that's available. no point in making good now if I have to do it all over again after getting the new one. Thank very much for the guidance.

No problem

@hollow marlin @clear igloo @rocky badge

"Use Python until you hate it for its optional typing"

Until then... use Python

Is this speed okay?

That's not a valid question for others, is it enough for you? That's something only you can answer

I mean is it like decent in your opinion aha

For what though? Just asking "is this enough" without context is meaningless still

Is it good/amazing in a general sense, not really but again can you game/work/whatever without issue then it really doesn't matter much what others think

oooh, gaming gang, cuz games these days use streaming texture thingy

not really, no
I've never heard of a single game that streams textures in real time

Imagine having to live stream 10s of gigabytes of textures in real time to hundreds of thousands or millions of people

really? warzone does, same going with black ops 6, will require internet to play cuz streaming textures

Best I can tell it's completely optional still

but from what I can see that is streamed is maps and low poly things

Yeah, on Warzone rn it gives you a few options, minimal and optimised, and black ops 6 will force u to pick either of em which is annoying

Google earth vr 😏

ms flight sim too now that i thought about it
both cases irl map is streamed

they even put it in spec requirements

i hate python for pip existing

100Mbps isn't bad for streaming maps and whatnot

Seems excessive. It’s likely due to all the 3d buildings otherwise the LoD’s wouldn’t even need to be excessively high. Most of the detail is due to them knowing people will be flying low and dumbly.

yep but from forums it seems that ms flight sim map streaming servers are kinda being overloaded and people get insuficient bandwidth error even if their bandwidth is plenty

but Python ain't that hard tho.

very intelligent software
why not display 2 different codes on tv and tablet (cisco room bar pro)

It's very hard for a network engineer who hasnt programmed

true dat

That's like 99% of the industry at this point lol

nah networking be harder than programming

as in all things it depends

nah networking is more technical (generally)

it isnt a competition on complexity
overengineering things is generally bad

I agree, over-engineering is indeed an addiction, though I, personally found networking more intimdating (at the start) rather than programmer. Therefore, I respect fellow network engineers more than software engineers LoL.

yes it is intimidating but mostly due to working on live systems if there is a lab/test enviroment to test a new config a scariness goes way down

True dat. Cisco Packet Tracer was less intimidating that real servers and connections when I was startin out. It helped me alot.

packet tracer is weird that it doesent have all commands that are available on real hardware

for me Fortinet fast tracks were so usefull as you get few hours to play with the enviroment without the scare of breaking something on your own HW

cool, lol, the fear of breaking something is so BAD.

Sounds about right

hello, I wanted to ask a question about networking
I'm planning on making a custom router using opnsense. however, I'm unsure if the old desktop CPU I have in it is fast enough
the CPU is an intel 6th gen i3-6100
it has 8GB ram
my WAN network bandwidth is around 350mbps
I want to be able to also use wireguard VPN to remotely connect to my home network
does anyone have any advice?
thanks

And as usual with fortinet. Their publicly available documentation sucks

But if you download from the partner portal the certification study guides...

Suddenly everything has perfect clarity

i route gigabit with N100, i suspect you will be fine, as long as you don't do QoS/deep inspection

this is N100, OpenWRT, "gigabit" download, no QoS stuff

Give your cpu the best chance it can get imo. If that 8GB RAM is a single stick, see if you can get another 8GB stick for dual channel

You dont need a strong cpu if you dont do any heavy processing stuff like QoS, but having more headroom to be able to do so is nice

For reference, the 2*800mhz MIPS CPU in my router is capable of ~200mbps without any attempt at performance tuning and a light firewall ruleset and close to a gigabit if I do try to tune it.

The system you specified is capable of what you're asking for even though it's in the last year or so of intel's miserly habit of giving i3's two cores.

I have 2x4GB so dual channel RAM

thanks everyone, I'll keep it like this for now, and see if I can upgrade it in the future 🙂

i've been going crazy over trying to get my wireguard to work on ubuntu server 24.04.1, i'm a complete noob at networking and was wondering if anyone could guide me on how to set it up so i can access my local network from another place using a windows 10 machine to access my truenas shares, any help would be appreciated

Have you done the port forwarding? I would also like to give a shoutout to Tailscale, which could help achieve what you are describing without having to port forward, which should be a security improvement 🙂

and you can always just grab a cheap 6th or 7th gen i5 if you want a bit more from it.

Imo use tailscale 🙂

wg-quick is your friend

yh idk if its my config of it or just im missing something, dunno what to do really