#networking

Cloud is money

but its a solution.

And good to know

Chances of more than one drive failing at the same time is rare

Was spooked because all drives would have same ware

they wouldn't

physics prevents that

some drives went through more testing than others

some parts may have been bad from factory

Also is 200gb a day of read/write going to kill my nas drives

supplier may have good parts and bad ones

well, if its not drives rated for it

yes

They're all rated for the same time, as in if it fails before that time, it's a manufacturing fault. I have some drives that have been live for weeeeell beyond they're time.

but if you buy enterprise drives

i assure you they last a long time

They are nas drives

Ironwolf pro

I only use enterprise drives

so I wouldn't know about NAS grade ones

But if you read on seagate's website, they have a 500TBW rating. sec, im verifying that again

yeah thats per year

basically it will last forever

Nice

73,000‬ for your 200gb per day of reads/writes

73 TB

i wouldn't even count the reads

Its still 200gb

Renders

i see.

Which nas drive is it?

what brand

Ironwolf pro 8tb

4 of them

Might be regular ironwolf

Hmm trying to look for its TBW but they dont promiently list it

but i see 1.2 million hour mtbf

that is many years

Sweet

Wait

Wat

meaning, its rare for it to fail at the same time unless something physically happened to your computer

or if you bring it up to a mountain top

hey, what you can do is simply have two NASes then, and have it duplicated that way

or maybe an external 15TB usb drive

Show off

i have similar downs, but those ups though...

I feel with you @desert sparrow

https://www.speedtest.net/result/8671211129.png :>

stop. dont play like that.

that cant be the free wifi

it was

it was a temp location

and they forgot to program in a speed limit

that was some of the fastest「anime」I've ever downloaded at a library

@clear igloo by next year, the Netspeed people will finally have fiber installed in my area

They will offer speeds like that. I want it badly

It only like $70 a Month

nice 😄

@little schooner tell your professor about spine/leaf today

Tell him you want to do it in his lab

Don't ask, just do

We do that at my job too lol

Asking makes too many questions

@waxen scroll is that the Cisco ACI stuff?

Yes

@little schooner Those 70 usd will get you 1gbit where I live. Except I live in an apartment building, where no one has the interest in getting fiber installed, and as such, it's not available for me.

@little schooner you should make a network AI

@clear igloo The network, self healing

@waxen scroll I want to try the Nvidia Jetson dev board for a cheap way to have AI recognize the people by name in video stream in real time and snapshots

https://developer.nvidia.com/embedded/jetson-nano-developer-kit @waxen scroll

I fear that I don't have the pre req to getting it really where I want it though. But I saw they have tutorial guides for video stream

And I have to tweak it from there

@clear igloo maybe ill get azure ipsec up today

sounds like fun 🙂

we had basic training at work from MS and got a test voucher

should i bother using this?

never done it on ubnt before

not sure if CLI is better

never done it myself via the GUI

@waxen scroll you can just do it through cli, since it will save to config and its explicit

That way when you review config, you aren't surprised why it works without rules

@little schooner i decided to google it and of course someone did it already

https://help.ubnt.com/hc/en-us/articles/115012305347-EdgeRouter-Route-Based-Site-to-Site-VPN-to-Azure-VTI-over-IKEv2-IPsec-

mail server should port 25 or 587 or both be open?

@waxen scroll im glad its a nicely laid out guide

one is encrypted and one isn't @stiff panther

Most ISPs block port 25 anyway and you shouldn't really open it unless you've got some protection ready to go

@clear igloo i got webmin with mail filtering and spam assasin if it this kind of protection youre talking about?

That and making sure it's not allowed to relay messgaes from outside

does that block replies?

and incomming mail to e.g support@mydomain.xyz

relay means people can use your server to send messages to other people, basically you become a source of spam

ah

are there anyone familar with webmin/virtualmin?

getting Error - No cookies when logging in when trying to proxy to webmin panel

nvm

Be sure to secure that Webmin installation. As a minimum, do not allow access from the entire world, only trusted/internal IP's. VPN requirement would be preferred.

In my eyes, VPN is the requirement for outside access

@little schooner nah, leave 3389 open to the world. It's fine.

If you do that on my network i will ban you from existing

@hallow nimbus I'll open all your ports 😉

Nope Nope Nope

😄 yup yup yup

except 3389, no RDP for you

3389 is the most insecure port of all of them

So people need a vpn to connect to those 😄

leave 666 open

I use vlan 666 😄

hopefully you aren't using port 666

that's kinda for something more important

vlan 666, vlan 13, vlan 1337

https://en.wikipedia.org/wiki/IP_over_Avian_Carriers

if you're a chinese company, vlan 888

i have a chinese coworker who keeps opening change requests until the number has an 8 in it

that one is used, the rest discarded

https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=666

I can't resolve my local hostnames over openvpn

thats good. it means the VPN is working

😄

@waxen scroll but it work with the ip's

and i want to use the hostname and not the ip to access the servers

so the VPN is supposed to redirect your DNS to the place you're VPNing to because you need to reach those services. if it kept your local DNS server and the remote at the same time, the random nature of selecting a DNS server for a query could send it to the wrong one

like im away from my home network and i connect to my vpn and going to access my server by server.mydaomain.lan but the vpn cannot resolve but it resolves the ip 10.0.1.1.

so maybe i misunderstood... you cant DNS on the network you VPN'd to

well then i have to proxy pass the panel to my subdomain

i believe you have to go to the server side and tell it what DNS servers to push to the VPN client

Yes, you need to push DNS server

And then it will use the ones local in the network where VPN server sits

Be warned that if you use apps that are isolated, like in Samsung Knox, DNS resolution and VPN access will fail

But that is a 1% edge case

I learned this the hard way with Wireshark

@little schooner like this? https://i.imgur.com/LQZeOHf.png

More like this

push "dhcp-option DNS 10.66.0.4"

@little schooner thanks so much

welcome

@thorny vector 3389 open? No problem. Most of the servers I administer, does in fact have that port open to the entire world... Gives absolutely no problems, what so ever...

Gets 50K login requests a sec

@craggy parcel u u know rdp has a butt ton of exploits, right?

Just setup a VPN, then rdp through that, so much more secure

Thats what i do

😂

@thorny vector Yeah, but the majority of the servers I administer, are linux servers, no RDP on them anyways. 😉

SSH on port 22 ?

And the windows servers are blocked.

Then why would 3389 be open on them? Some other application running on it?

@hallow nimbus Not a chance. Too many port scans catches that... But I never changed the port for security, just to avoid getting my logs filled with scans. With password auth disabled, most automated attacks would fail anyways. Also there are some filtering in place, that restricts the scope of allowed sources...

I just vpn to my network and have a limited amount of ports open

AKa game ports

@thorny vector Nah, more like there is no filter, or access restrictions to prevent traffic from reaching the servers. But they are not actually listening. Kinda like kids. 😉

@hallow nimbus That's also nice, until the VPN connection is not working. 😉

I had that earlier this week

OS froze

Stupid windows

Yeah.. Never had one freeze, though..

And my vpn is running inside a VM so yea when windows freazes my Vm freazes aka fun

@craggy parcel that sketches me out. Never know when some zero day based on malformed packets is going to come out. And if your tunnel isn't working, man that's some basic stuff. I use openvpn, and my edge router handles it with no issues

@hallow nimbus do you have hardware that you can run ESXi or proxmox on?

I do have that hardware but i am in need of a new storage server soon so gonna change everything then

Yeah, well, if the tunnel is not working, and shit hit the fan, I have an annoying boss that wants the thing back up yesterday.. The fact that the equipment if physically located about 2 hours drive from the office, kinda calls for a backup plan, in case the VPN connection is down, and it has actually happend more than once...

Get a second VPN connection on a seprate machine

👀

Do you have a netblock, or just one public IP?

I just have one public Ip

Sadly

😂

@hallow nimbus Haha.. yeah, could work, however, there seems to be a bug in the firewall, that occasionally makes it forget some of the rules, and which rules are unpredictable.. But never had all my access options fail at once... Yet...

Dropkick that firewall and it should work again

A firewall located some 150 km. away, is hard to kick.. 😛

The only time I've ever had my firewall get funky was when snort started to persist rules even after I would turn them off

A good update fixed that

@thorny vector What firewall was that? Some custom linux box setup as a firewall, or a dedicated appliance?

My edge router runs pfsense. I have an older server that I repurposed to be a router, and since it's got the beef, I run deep packet inspection with snort running in as IPS

We use a dedicated appliance from a firewall vendor, for that purpose.

Wait you guys have a firewall 👀

I just wanted to get away from branding, mostly because of how Cisco is starting to handle liscenses,and everyone usually ends up following them

So all of my security appliances, routers, etc are whitebox

@hallow nimbus Yeah. Don't you? 😛

I even built a custom switch

No lol 😂

@thorny vector Yeah. I can see the idea in that, but it also puts more of the responsibility on you, when there's problems. Which can be a good and a bad thing. 😉

And job security 😉👌

There's certainly some fun in making the boxes yourself, but I doubt that my boss will save the money on maintenance in exchange for my time. 😉

Custom boxes are fun until something breaks

That's why I have a homelab. I expiriment there

Then its a fucking nightmare

@hallow nimbus Actually, when it breaks, the fun part begins. 😉

@thorny vector Yeah well, I've come to the point where experimenting in my free time, with work related stuff, is not going to happen. I'd rather get paid to play. 😉

Then get good at making them then. I've had zero issues, other than some bugs and such, but those were easy to fix, I either updated or rolled back applications

@craggy parcel I enjoy it

Recently stuck and ESXi host inside of a pelican case

@thorny vector So do I, but if what I play with are to be used for work related tasks, I'd rather get paid for the time spent doing it. Makes it MUCH more fun. 😉

😂

Runs a whole subdomain of my home network that vpn's home from it's wan link whenever it's connected to the internet

@thorny vector Also if I should play at home, I would need to buy the equipment, and pay for power, myself. And that's not fun either.

I allready have a homelab starting

I've read that fortigate has dedicated processors to handle firewall and content inspection

that means I can get 1gbps with content inspection on?

I do

edgerouter barely can do such a thing

@little schooner Sounds like the right way to do things. 😉

it caps at 280 mbps

F

fake processor

faker.

You guys have a 1Gbit connection

While i am sitting here with 250 down and 25 up

Not yet but i mean 1gbps for local routing

Oh

😂

i have 190 but 8 up

YIKES

its stupid

COMCAST

Even worse

grrrrr

Get an older server, with some decent xeons in it, and put pfsense on it

Can we ban comcast from existing

@thorny vector I have pfsense in a VM used as VPN and basic CA server

I have a very strange NAT setup

it is very bad.

bad that I have to reduce MTU value

Wtf

I have a test pfsense server running now before i put it in 100% production use i wanna know if it funktions correctly

any mtu value over 1320, I can't connect to my network

@hallow nimbus We have 500 mbit in the datacenter. We needed an upgrade, and the 500 mbit connection was actually LESS than our previous 100 mbit. 😛

and depending on what service I am reaching

like for dns, my mtu value can be 1400

but for rdp, it cant be more than 1320

its stupid

I have 10Gig internal networking tho but that means nothing if i cant use it to connect to the outside

Something is borked

Yes, its my bad NAT setup

😂

@hallow nimbus false! Means you can throw data around like a ragdoll

this problem goes away if I place PFsense at the root of my internet connection

so modem > router > switch

Then do it 😂

Thats true @thorny vector But i wanna trow it around on the internet aswell

Now i have to rent a server in a data center voor some things

😂

Like running my livestream

@thorny vector easier said than done. I fear I may break something in the process

and i have exams tomorrow

F

during winter break i'll consider changing

INB4 cant

Because too bad of a setup

remember, Im the one who has ethernet cables coming out of the wall like this

virus installed 😄

xD

OH FFS

Its a codec the photos app doesnt have

WHATS WRONG WITH PNG

aww

Yah

sec

Thats how its suppost to be right ?

xD

it makes for a good laugh

I see like 4 ethernet cables and 2 smaller power cables ?

7 ethernet cables

in there

Demn

And here i am with a single cat 7 running next to the heating line of central heating unit

😂

hahah and you should see my server rack

Oh boi i am in for a ride 😂

Share it

I dont wanna share my setup cause everyone will curse it

I'll keep quiet 😛

Share biatch

👀

Home lab

Demn thats alot of servers

WAIT

WAIT WAIT

dont laugh pls

IS THAT THING IN UR LIVING ROOM @thorny vector

That aint that bad for a starter rack @little schooner

@thorny vector massive

Nah man, I like it. And yep

Its still better then mine

I dont even have a rack

My servers are standing on the floor 😂

@hallow nimbus the sound of fans keeps me zen

@hallow nimbus i was considering getting like a low profile server that could fit inside a real network cabinet

I have like a tower server with 2 rack server stacked on top of each other

this server has xeon 1245 v5 cpu

@clear igloo no azure for me... my address wont validate in the sign up

opened a ticket

ooof

Fuck azure

All things local!

😂

i get paid $$$$$$$$$$ to know this stuff, so i need the account

;o

Ah, ok

yes immediately

gonna cert the fuck UP

😄

Since I had no real room to put this server in, it went into my sister's old room

that no one really lives in

Rack server 1: 4x E5-4620
Rack server 2: Intel(R) Xeon(R) CPU 3040 @ 1.86GHz
Tower server: Ryzen 1600
Main pc: TR 2920X

😂

TR looking mighty tasty right now... that could save me from waiting hours to convert security cam footage to mp4 or mkv format

here im sitting at 8 hour conversion rate for a single mp4 4GB file

Resolution ?

oh.....

its 4MP

And bitrate ?

OOF

bitrate is.................................

errrrrrrrrrrrr variable

Do i wanna know

XD

@clear igloo we should cross the streams

high preset

well maybe 10mbps

my azure should connect to your azure

woah, slow down there 😉

😮

Yea i am sitting here doing 4K60 footage at 110MBps 50 min video rendered in like 30 to 40 mins

Thats on my TR

Yeah. I need something fast like that

@hallow nimbus The codecs for HEIF and HEVC is kinda available for free on the Microsoft store.. You just need the link, which is easy to stumble upon on that thing called the internet.

I saw a video about that

all my photos from photo are in HEIC

oof

the space savings are crazy

@little schooner Taken with what? An iphone?

galaxy s10

also, if you guys want easy integration into file explorer to view HEIC files directly and previews, copytrans has the extension software for it

that what I am using and it can convert to jpg with double click

well, convenient until microsoft supports it natively

@clear igloo are you doing any "network as code" stuff?

yes

is it worth my time?

i know 0

You're talking about automation programming stuff right?

sort of.... im talking about some how managing the network using a repository and having many different devices understand what you want regardless of what syntax they use

ah, I haven't done any of that yet

wondering if its a hipster fad to ignore or to actually pay attention

@waxen scroll Are you thinking solutions like terraform?

I'm thinking of Ansible stuff

i think so? like i said i only know about this concept existing and not any details

Terraform is able to setup an entire virtual environment, including VM's and networking.. Never used it myself, though.. But I suppose, that if you plan on using AWS or AZure for your project, and needs the ability to quickly recreate the entire environment, it would be a great solution. But for existing environments, I'd avoid it.

im more of a corporate datacenter infrastructure guy, my customers are business units and not just devs. im not on some dev team

still need to keep my ears open for industry shifts

we're also getting into azure with my team managing all the network pieces

we've seen what happens when we dont lol

@clear igloo someone did a 10/8 in azure and fucked everything up

Well, VMWare has their NSX solution, and as VMWare can be automated using PowerShell, and just about any language, that can speak HTTPS, you could use that as well, to manage the networking part. Again not something I used myself, as it's not part of our VMWare environment.

@waxen scroll when companies say their firewalls have different speeds for different feature sets like UTM, Inspection, is it safe to assume if that is the only thing running on the box?

So if I enabled those three different things, I can expect speed to drop even further?

usually, yes

omg................

terrible

yup, and usually only at 1500 byte packets too 😄

I wanted something nice like this

Watchguard or fortigate

our security team one job ago got BURNED by that. one idiot turned on all features and it took a month to figure out why the datacenter network was stopping to take a breath

aww man

thats a real bummer

the asa's internal ethernet ports or whatever they're called were dropping packets like crazy

the ports are between modules

like firewall and firepower

@waxen scroll An ASA with Firepower extensions by any chance?

yes

the moron was doing this and inspecting almost all traffic in the DC

inspect all the packets!

So wait, @waxen scroll then I just have to make sure I ask before buying to see by how much I can really expect from it if I wanted two out of the three?

We had one too, and it managed to kill the entire network. Not many packets were passed through until firepower got disabled.

so like ask the sales guy

man, that takes more work

yes, ask the sales ENGINEER

ahhh

😛

okay, the engineer

I like it when I call in and they know exactly what they are spitting out of their mouth when they try to sell stuff

but that never really happens often

@little schooner Yeah, ask the sales people at your supplier, then find a consultant that's actually deployed those things in the real world for years, and have him/her verify the claims from the sales people. 😉

@little schooner normally you should be getting a test device for free and then generating traffic

yeah... but you think they would do that for home customer?

no.

aww.

@craggy parcel good advice

I know people that kinda likes the Palo Alto firewalls, and claims that their tests actually shows the real world numbers..

i heard palo alto is up there in the $$$

and i bet thats why azure is being racist.... im regging using a home address

they'll change their tune when i name ddrop the company

My university (not the college with prof) exclusively is using palo alto

their network is fast and fine

Depends on the feature sets you need.. They are kinda on the same level as cisco ASA's in the same performance range... Somewhere around 10-20000 DKK. Convert to your currency of choice..

A lan event i was at uses palo alto

20Gbit came thru like it was nothing

Ahh, that must feel so great

Stats for the event https://dashboard.eventinfra.org/dashboard/snapshot/8wLtt7H3njvzYhmu6bXNOBV3FH9rUbAR?orgId=1

Its was a 11 day outdoor lanparty

i hate ASAs

hateeeeeee

needs a way better centralized management platform

1.2 PB

that is crazy high

In 11 days

You don't like the 1990 rendition java CSM?

😂

no, i dont

I can't even imagine what the big businesses go through

like 2000 PB a day

many of us arent tracking that

Wait 2000PB A DAY 👀

running netflow on all ports is $$$$$$$$$

@waxen scroll The problem with management is no problem for my single firewall setup. 😉

👀 https://www.youtube.com/watch?v=iCfr8N0Q8IA

This isnt dangerous at all

@hallow nimbus Disappointing... He doesn't launch the huge tires.. 😦

It isnt done yet 👀

Well. I don't care HOW he did it, I want to see what happens when he launces them. 😛

not sure if i did it correctly https://i.imgur.com/inBwU5z.png

ffs! https://i.imgur.com/Yugif5Z.png

.xyz isnt a domain

therefor it has no DNS

and thats the answer to your issue

could be my fqdn in my server isnt correct

but port are open

I'm having issues with high packet loss (15%-20%) and fluctuating ping. Basically, my internet looks like a sine curve.

I'm using a wired connection and get great speeds (200-300 down, 5-50 up) and have tried changing the cables and DNS settings already.
I am on campus at my University, so I don't really have access to the router directly.

Any ideas for possible solutions? I am currently working towards getting IT to my building to access the router.

What does traceroute or tracert output show?

@tawdry totem

For the high latency

Here's a trace to cloudflare that went fine

Random Question Goolge DNS Better or 1.1.1.1?

I'm having issues with both rn but I believe that it's less frequent on cloudflare

I use 1.1.1.1 before and now am using Google

@little schooner

I'll try changing over to google's dns

This issue began when I was on 8.8.8.8 so i recently changed to 1.1.1.1, I just changed back

Look at this discord connectivity

at least it's aesthetic

Don't know, im in New York and this is a voice chat in a US-east server

@tawdry totem sorry for late response. But what about to Microsoft.com?

1.1.1.1 is going to be geo fast

Do it for a website instead

@tawdry totem also, packet loss over wire is a sign of cable problems

it can be

I changed between three cables, no change

Okay, and how are you connected?

trace to microsoft is running now, its having some issues

to a university wall port?

@ancient vigil meaning its never going to show the real issue

university wall port yes

@clear igloo azure support just made me run a fiddler2 http debug on their own website because they cant figure out why i cant sign up

@tawdry totem could it just be that university network is blocking stuff or randomly dropping?

I had that happen at my old college

except they actual took away our internet access a week later

this issue just started recently, like 4 days ago. I am going tomorrow to ask about it

Yes, because if it just started happening, maybe something is going on with their network

oof.png

at hop 10, its really high ping

yeah its an oof and a half

yup

problems start when it hits this ISP

since the next IP is microsoft with this isp

thats so weird lol

Well whatever it is, maybe they need to check it out

NYSERNet is nonprofit

well that explains their budget

checks out.

ahh, why arent we suggesting to do a wireshark capture?

that would show more information

i see.

So what are my next steps?

no. packet loss

Anything intensive like twitch or gaming (overwatch, rainbow six siege, and apex legends) all error out due to high packet loss

@tawdry totem do you have more than one ethernet outlet you can try?

Apex crash reports typically say I have 15-20% loss

yes it is

I have 3 outlets, all the same issue
I am on my universities network

I see.

Checks out. They make it so it discourages you to eventually give up

they dont block it to prevent outrage but you'll give up

Yeah, like at my school. They still find way to look deep into it

they match its pattern of traffic

but they lifted the vpn restriction a semester later

I tried vpn everywhere, but it kept killing my battery life

also, I didnt have anything to hide

Any VPN recommendations?

that is very nice

here, we logon by username and password so

it doesn't even matter if you use vpn

they still know

I also have to log in

And register my devices

Thats also bad

they fingerprint you

@ancient vigil true, they wont see your actual traffic

but i guess they see when it started happening

this is a .00000001% edge case, but say you connected at 3am in the morning to destroy campus networks. The next morning they notice something is wrong and file police report. Police investigates "Okay who was connected at 3am in morning?" They find your mac or user/logon and... even though you did everything through VPN, they find out you are most likely a suspect

edge case dough.

hey, its good to be prepared for the real thing

😉

How so

I can try to explain.

I trust PIA so far. No issues with them.

Trust is something that can expire

buzz word stuff

I tried nordvpn a long time ago before it was even popular

and I backed cyberghost.... but they've had their fair share of problems too

they dont even offer the free version

its sad.

yeah im def not trying to pay for a vpn

this confuses me alot why does my openvpn client on my android phone resolve my hostanme in my home network but not from my laptop connected to same network outside my network?

the glory of DNS

The sysadmin haiku

It's not DNS
There's no way it's DNS
It is DNS

Place I work IT for has a leased line with 6 IP addresses. We only use one currently. But I want to use another. I just plug a switch into the back of the modem right and then hook two routers to that. Then each router should be on a different IP right?

This is not an area of networking ive explored yet

a leased line is not internet. so only you can answer that question because its your point A to B

you're responsible for the A and B sides, you run all equipment

the provider only allows your packets to go back and forth

@hollow marlin why so quiet lately

Well whatever it is.

We have internet. It comes in on a fiber line.

And we have a block of 6 IPS

And we are only use one. And I want to use more.

I can't for the life if me figure out how to make it work. I've been googling it all day and just get a bunch of rocket science.

Wish there was a simple way to just making a single computer use a different external IP

so you can do that on your one router but it needs to be more than a consumer grade router

Yeah pretty sure it is.

is it a cisco or something?

We got the fiber box coming in. That hooks to our cisco modem. That hooks to the router which is a Netgear router running DD-WRT

Been looking this up all day on the DD-WRT forums

oof i havent used dd-wrt in years..... @clear igloo does dd-wrt multi-nat?

Something about 1:1 NAT or something. Couldn't figure it out

uuhh

Not sure, haven't touched it in forever

I really dont know

I was just going to try and put a gigabit switch between the router and the cisco modem and just plug the server I want to use into that switch.

Router is setup to use one IP

Server can be setup to use another I guess

so in theroy that would work

probably better to make dd-wrt work though. i cant help with that though

LOL @clear igloo i see why hes having issues

https://wiki.dd-wrt.com/wiki/index.php/One-to-one_NAT

its not even GUI?

oof

There is a GUI

But its not exactly brilliant

i sort of understand what they're asking for but the problem is i havent seen it work myself and you might be breaking everything by doing it. so if you're not confident on networking or getting it back to where it was, its dangerous to do

We have two of these routers, one is a backup which is always on. Just have to hop the cables across

So i'm not too concerned with breaking it. Can always restore the config.

Have it saved as a file

But i'm not gonna break it right now with everyone using it.

I know on Cisco it's just 2 commands so it can't be impossible on DD-WRT

i dont have time right now but maybe we can discuss it in a while if nobody else helps. ill tag you. its really copy/paste but you seem like you need someone to look at what you're putting in

Alrighty thanks

But if all else fails. I think my hub between the modem and router plan will work.

What would be a good business router (not rack mounted)? Looking to upgrade this ancient one anyway.

Ubiquity Edgerouter?

@quick hollow I have the Edgerouter and it easily supports multiple ips and nat

But I am looking at fortigate or a watch guard for next router

Which Edgerouter do you have?

Gonna buy an Edgerouter 4

Dont need anything special

Seems pretty soolid

@quick hollow the er poe 5

Yeah get the smallest one they have

Is it the 4? That'll work fine

Right i'll order it. Thanks

Looks way more modern and easy to use than this ancient one.

Nice

Very happying using ubiquity products. We use cloud key and ubiquity access points in all our warehouses/offices.

And I also have a cloud key and two ap pros at home too.

Might have to get Edgerouter 4 for home too.

it does the job fairly nicely

We are actually buying the warehouse next to the one we currently own. I'm gonna install a ubiquity disk to beam the local network between the two buildings.

@quick hollow so going through that article, what questions do you have

i think in general its easy to understand whats needed

Since i'm getting a new router now I think it best wait until I have that setup.

No point trying to figure out the ancient dd-wrt system now.

It should be pretty easy to map a different external IP to a single server on the Ubiquity right?

by that, you mean like a port forward? or a NAT to an internal IP address that has a service running on a specific port?

I have a NAT that hits my WAN IP on router and it gets translated to hit internal VPN server on certain port

Now, if I could determine the source IP to be static as well, I could make another rule to send it to another server to the same port running the same service, since those would be two different rules

but I don't have that luxury

i would assume its just as hard on ubnt

ubnt has a good userbase so usually weird crap like that is well documented

i mean i found an azure ipsec article for edgerouter sooooo

i wrote the original edgerouter internal storage expansion post myself

they have a weird userbase. lol

@waxen scroll I've been swamped to all hell lately 😑

what happened to new job

@waxen scroll I did mine all through the GUI, but now I can export the cli command if I have too

I think pfsense has the easiest NAT config through GUI

what is the best linux distro to learn and understand how to do system admin and network admin actions

centos since redhat is used a lot in enterprise. runner up is ubuntu-server

you should know how to work both of those anyway

cent os and ubuntu server are the two I should learn inside out?

yes

Hello guys, does some of you have by any chances knowledge on Opemmediavault? It's an OS for NAS, but I have nothing more than problems with it.

If you only have problems with it, did you consider synology or freenas alts?

or even, unraid

Not for now. If I have problems with one I might have problems with other.

well what kind of problems?

I personally use freenas, its pretty plug and play

can get nitty gritty if you want to

Ok I need some schooling on how guest firewalls work exactly and if I need one. I have a wireless network that currently allows you to connect to the ssid via password. Once you are on my network you have internet that is filtered by 3rd party and needs authentication otherwise it is heavily filtered. That part is easy.

Where I get lost is how can I have it so that my network is still not accessible unless they are a domain device? I think I am already set up this way I just inherited this network and want to ensure I have proper security in place. I have an older asa firewall that needs replacing and a separate for Fortinet guest firewall that I haven’t renewed in some time now due to subscription costs. I am looking at Cisco firepower firewalls that have both guest and Wan channels.(might not be proper terminology) and I’m not sure if I even need this heavy of a firewall. We have 350 users and lots of guests at special events but all they need is internet and filtered heavily unless I give them specific access. If anyone can explain how I can allow someone to connect to my WiFi and they still not be able to be on my Wan I would appreciate it. If I haven’t added it to the domain how are they not able to get in to my network is that the domain controller that handles that?

I am lost and it’s probably because I’m over thinking this.

you need a specific guest SSID. you need an AP system that supports CAPWAP which creates a tunnel through your network that you dont want them to access and drops them to the wireless controller which then drops it into a protected network segment meant for guests

this protected network segment would have its own WAN... like a comcast or something

i havent found a good image for this but this is close enough

what this image isnt showing is theres a tunnel on guest

i will warn you, many companies dont do this and just create a guest vlan with a guest SSID... they then put ACLs all over the place to let it ride the network with no tunnel praying nobody will compromise it

so be looking for both methods at your company to find out what they did

@thorny vector this...

Wel..

I feel lost

I know I have a guest vlan but my old filter was on premises and allowed us to authenticate to be moved into my networks vlan.

Now it’s a vpn based filter so all of my internet goes out to this company that filters all internet making my process harder to get separate vlan access based on authentication of non domain devices.

They should have a storage channel on the discord

@little schooner @clear igloo day 2 and i still have no functioning azure account

oofy oof oof. imagine if i was testing it first for my billion dollar company

lul

im gonna find out who our account manager is and light a fire under their ass

@waxen scroll Someone trying to tell me a /31 shouldn't be used on an ethernet link, LUL

its 1999

name and shame, lets have the LTT link

I'll see how they respond and then share 🙂

@clear igloo could you help me understand what addresses could you use for the 2nd device in the /31?

@little schooner really?

an address is an address

@little schooner im not sure what you're asking either

Maybe he means /30?

A /31 will only have a broadcast and network address

a /31 has two host addys and thats it

i use them all the time ❤️

No, a 30 has 2 host addresses. What you're doing is using the broadcast and network addresses of a /31 subnet, which means you can't do a lot of IP functions, like broadcast to that network, or address the network by it's network address

and why do you think i would be using /31s over /30s? you answered my question huehuehue

theres no point to the waste of a /30 between two devices like a router and a router, or a layer 3 switch and a router

There is if you want to set up a routing statement towards it

the routing tables import the first address of the /31

I guess I can just see a lot of stuff borking with it 🤷

Not debating that it's usable though

just watch, tomorrow hes gonna go up to his professor... WE NEED /31!

professor is going to go NO! Too complicated!

Fuck it, slap a 24 on everything, and be done with it

i wish. we did something stupid like that at current job and now we're very low on space

luckily it was a mistake from like 20 years ago and its not my fault

How? How many hosts do you have? Or is it public IP space?

its a mix of private and public.... we have about 7000-8000 buildings worldwide. some of our WAN circuits have over 24000 subnets in the routing tables

I gotcha now

Fuck that

their mistake was making an app in windows command line which reserved a HUGEEEEEEE chunk of private space because you enter a building number and it runs math to determine what subnet to use

its a big waste

And no one ever wanted to sit down and fix/replace it?

they're too far in

its a mistake from 20 years ago

Gotta love it

Right now I'm having to rebuild from my daughter pulling hard drives out of one of my home server to see what they were 😓

@waxen scroll rip Azure

@rocky badge uh huh

thats where the money is going tho

I need to edit an enterprise application lmao

how much you paying for that?

it's spewing out errors, and people are complaining on their Twitter

$0

Why would I pay for Azure

they give you AD on free?

When it's shit

Yea

AAD is free with an object limit

A maximum of 50,000 Azure AD resources can be created in a single directory by users of the Free edition of Azure Active Directory by default. If you have at least one verified domain, the default directory service quota in Azure AD is extended to 300,000 Azure AD resources.

i think im going to have to tell them who i am

still no response on the ticket

i have a test voucher i need to use and i want to brush up

it expires in 30 days

rip

@waxen scroll wait, that doesn't work if address ends in .0, but works for everything else?

Cisco cli says 0 was not valid entry

if i recall it will work with .0

Okay just checking. I never thought that it would work like that

That's neat

@waxen scroll still, the prof is going to tell me "I like the solution that's simple, not complex with varying subnets" or similar wording

He likes his /24

ayyyyyy

no

@waxen scroll he's going for his doctorates in Cybersecurity and information assurance

Cisco IOS Software [Fuji], Virtual XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.9.1, RELEASE SOFTWARE (fc2)

A(config-if)#
A(config-if)#ip addr 192.168.0.0 255.255.255.254
% Warning: use /31 mask on non point-to-point interface cautiously
A(config-if)#no sh
A(config-if)#

B(config)#int g2
B(config-if)#ip addr 192.168.0.1 255.255.255.254
% Warning: use /31 mask on non point-to-point interface cautiously
B(config-if)#no sh```

Oh wow okay

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.0, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 2/3/5 ms```

So there is a warning

Wait so why do they say use /31 cautiously on point to point?

That should be no issue

"non point-to-point"

Ohhh

Oops

I see now lol

Okay. Wow I bet my prof don't even know this tidbit

It make a good share

      192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.0.0/31 is directly connected, GigabitEthernet2
L        192.168.0.0/32 is directly connected, GigabitEthernet2


B(config-if)#do sho ip route
      192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.0.0/31 is directly connected, GigabitEthernet2
L        192.168.0.1/32 is directly connected, GigabitEthernet2```

this is for all the haters that trigger lurick

@thorny vector ^^^^^^^ FWIW

not sure if you care

please do ask your prof to switch to it

lets make lulz

Ew, stop that, it's gross 😉

Just set up my edgerouter 4

Gonna be swapping it in on the next hour.

Cant wait to see if its any better than the ancient dd-wrt.

Well it didn't work.

Copied all the settings exactly from the old router.

Edge router couldn't connect to the internet even though im positive the settings are correct.

This really sucks. Gonna have to come on the weekend to install it now :/

I just used the initial setup wizard. Set my gateway etc. I don't need to do anything else do I?

Ethernet port 0 has xxx.xxx.xxx.195/29 (dont wanna give out our IP on here)

Gateway is xxx.xxx.xxx.193

And I put in our DNS servers.

Honestly can't see what else needs to be done....

@quick hollow have you contacted your ISP to get them to recognize the new hardware?

Yeah it can take 30minuts or more depending on isp

Shouldn't need to since its just a router.

The cisco gateway hasn't changed

Or the fiber box

@quick hollow it really should just work. I remember in my case, Comcast took a while to finally recognize it. Also, did you make sure it was on latest v1 firmware?

Not v2, v2 is beta like

uhhh

Ill check

Its on v1.10.7

Upgrade it to 1.10.10

I think that is latest one

https://www.ui.com/download/edgemax/edgerouter-4/er-4

Yes it is latest one

If there is still problem, then having a config to read from will help us troubleshoot further

There is command for that... What was it...

To upgrade or to get he config?

I can get the config easy enough

Already saved a copy

Upgrade first

And in cli, do "show configuration" and it should show you config in json format

After you've upgraded

Still I wont be able to test a fix until possibly the weekend. Can't have down time for testing during work hours.

I see

Actually we do have a backup broadband line. Its not as fast as our fiber but I could throw the office on that while I test.

I dont know if it works though haha

I think we are paying for it still. But we are cancelling it soon since we can get like 200mbps on 4G outside our office so we are gonna use that as backup instead.

Interesting....

Updated the firmware and a dodgy route I noticed earlier has disappeared.

That might have been the issue.

I only ever put in my gateway xxx.xxx.xxx.193 and the primary IP I want to use xxx.xxx.xxx.195. For some reason before the update it had a route for xxx.xxx.xxx.192 which it added by its self and I don't think we have it. Pretty our range starts at 193. But its gone now.

Nice. Yes, sometimes updating firmware fixes the issue. That is what support will usually tell you to do first

@clear igloo senpai.

@little schooner i told them who i am and it was "fixed" in minutes

i have to test still

@waxen scroll it helps to have some kind of status to get faster service

Just tested. It let me sign up

@rocky badge jesus it takes forever to make a network gateway

@waxen scroll 😂

i think im at like 20min waiting now

it probably sends a message to india and they manually provision it lol

@little schooner did you mention /31?

Reply from 192.168.40.4: bytes=32 time=12ms TTL=63
Reply from 192.168.40.4: bytes=32 time=13ms TTL=63
Reply from 192.168.40.4: bytes=32 time=13ms TTL=63```

@clear igloo we did it (tm)

@quick hollow that feel when your edgerouter 4 is connected to the ☁️

@waxen scroll I don't see him that often now that he teaches 5 courses this semester at college (not at my university) but I'll see what he says next meet

when are you teaching

@waxen scroll not anytime soon formally

Or is it written "formally? Not anytime soon."

I'll work on the English

@waxen scroll We get around 4ms site to site over Spectrum's fiber network

yeah well... someone of us are on consumer coax infrastructure

4ms not acceptible

@waxen scroll What did we do?

Got azure up and ran a /31 lab for the haters

/31, perfect size for point-to-point, if equipment supports it.

i put my public domain key(DKIM) in my dns record but my mail is still not signed with DKIM

Ain't the signing something you need to setup the mail server to do? Meaning inbound will be signed only if sending server is configured to sign it?

i set the dkim in the panel

DMARC passed

What panel?

DKIM didnt

Virtuamin(Webmin)

i sent to my gmail account that is sent by my domain

but did not mention whos signed it

Don't know how well Webmin/Virtualmin it does the job of configuring it.

And no signature in the headers?

it does say it was sent from my domain

mailed-by: *mydomain*
signed-by: nothing

this is driving me nuts

prob has something with the config of dkim

that virtualmin dev hasnt fixed

Yeah, I'd check the docs for the mailserver, and the config files. If you have access to those...

yas got it signed

it was the config

edited the config and re generate and reloaded

🙂

Hi all , I have 1GB internet and I got 900-800mbps but on WiFi i got 400-500 on WiFi ac is this speed is ideal or not ?
Thanks

@hearty crescent good enough

that sounds about right

it depends a lot on the model of your access point

the level of MIMO support will change what the theoretical max speed is

starting at about 400mbps at the low end

also interference, distance from AP, obstacles, etc

@hearty crescent upgrade your wifi access points

Thanks

@hearty crescent If your devices won't use better than dual-chain ac wifi you probably won't get faster real-world speeds, so check on that before you throw money at better APs.

got a asa 5506 that worked fine for over a year. now in the span of a week it crashed twice. i have feeling it's temperature related

0: 0x00007fe52a52f3e1
1: 0x00007fe52a57b558
2: 0x00007fe52bd69cb6
3: 0x00007fe529109180
4: 0x00007fe52a57c523
5: 0x00007fe52bd69f36
6: 0x00007fe529109180
7: 0x00007fe52a5748f3
8: 0x00007fe52cbd5e22
9: 0x00007fe52bd5db84
10: 0x00007fe52a572ad5
11: 0x00007fe52bd6dd39
12: 0x00007fe52a5513fb
13: 0x00007fe526558e85

Panic: Init Thread - pci_platform_probe_kenton: Missing data ports
(set_exptime) Timer not a leaf 0x00007fd21b90f790. Traceback: 0x00007fd217b3b9ae 0x00007fd217b32b2c 0x00007fd217b4317007fd217b33ad5 0x00007fd21932ed39 0x00007fd217b123fb 0x00007fd213b19e85
mgd_timer_set_exptime: Not a leaf called from 0x00007fd217b4317b
core0 same core snap_count=1 signo=11 RIP=7fd217b431b5


-----------------------------------------------
Traceback output aborted.
Flushing first exception frame:
        r8 0x0000000000008802
        r9 0x0000000000000000
       r10 0x00007fffea748a70
       r11 0x0000000000003202
       r12 0x00007fd21aeacd54
       r13 0x0000000000000003
       r14 0x00007fd21bf96aa8
       r15 0x0000000000000002
       rdi 0x00000000000006b0
       rsi 0x0000000000000006
       rbp 0x00007fffea748cf0
       rbx 0x00007fffea748d30
       rdx 0x00000000000006b0
       rax 0x0000000000000000
       rcx 0xffffffffffffffff
       rsp 0x00007fffea748ca8
       rip 0x00007fd213b2d507
    eflags 0x0000000000003202
    csgsfs 0x0000000000000033
error code n/a
    vector 0x0000000000000000
  old mask 0xfffffffe3e3af207
       cr2 0x0000000000000000
Nested traceback attempted via signal, from:
Page fault: Address not mapped
        r8 0x0000000000008802
        r9 0x00000000000001bd
       r10 0x0000000000000042
       r11 0x0000000000003293
       r12 0x00007fd21ef7e040
       r13 0x00007fd21ebdcf80
       r14 0x0000000000000000
       r15 0x00007fd21ebdcf80
       rdi 0x0000000000000000
       rsi 0x0000000000000004
       rbp 0x00007fffea748450
       rbx 0x00007fd21b90f580
       rdx 0x0000000000000000
       rax 0x0000000000000000
       rcx 0x0000000000000000
       rsp 0x00007fffea748440
       rip 0x00007fd217b431b5
    eflags 0x0000000000013246
    csgsfs 0x0000000000000033
error code 0x0000000000000006
    vector 0x000000000000000e
  old mask 0xfffffffe3e3af207
       cr2 0x0000000000000008

figured it out: hardware failure. OCTON cpu coudnt be found

The next thing to do is to get rid of any Asa

@little schooner its a defect from fabrication. I got a ticket in for replacement

@little schooner and replace it with firepower 😄

@waxen scroll I'm not sure who did it, but the prof's classroom router suddenly unplugged itself last night. That or it is some hardware bug.

Students have access to where the equipment is. I wonder if it was taken, but since I didn't check the room, I can't say for sure.

What I do know is that there is no longer a route from VPN to the classroom, and that the router in Datacenter lost physical Link with the class router, based on the logs

Lulz

Sounds like fun

@waxen scroll last time I was there, the rack door cabinet was to the side

Also, no key was supplied. But this rack cabinet was here since 2000s

If they wanted to, they can also pull out the 8700 cpu from workstations.

He begged for lock cables and stuff but still nothing

Next tactic is to cry, supposedly.

oof

@little schooner did crying fix it?

@waxen scroll he says that part as a joke to be funny "I'm going to beg and cry to see if they can finance 70k worth in user licenses for one semester"

wot

@waxen scroll it project ares

They charge a lot of money

Initially he told me from his meeting that that money was a decent chunk of the college's total funding

Idk if they were exaggerating to try to discourage him but

Okay so for the past year almost two years now my isp speeds are never reliable and my upload will cut out just about everytime I do a speed test at least 2-4times around peak hours for network usage 6pm-12pm I have even go to the fcc about it cause my isp has been saying its me maxing out my upload when I’m sitting here watching my network after directly hooking up to the modem and yesterday I started doing speed test at 2:51 PM directly connected up to the modem all the way up until like 5 AM which I have screenshots of if anybody wants to see those. If anyone could help point to where the issue/issues may be on my end and/or their end? Cause I’m at a loss and they seem to not know nor care. And before suggesting "why don’t you get another isp" My isp is the only one for most people in my county for my state.

Guys for my dad to watch tv he needs our modem to be directly attached to that device (so no router in between), problem being we dont have an internet cable from our garage to our livingroom.. As such he bought AccessPoints with 2 ethernet ports so that he can watch tv. BUT these accesspoints dont have a router infront of them resulting in a 82.x.x.x address instead of 192.168.x.x , so when using these accesspoints for wifi u dont get an ip since there's no DHCP in place. So what I need is a cheap way to get internet from point A to B (through walls and whatnot) so that I can use those accesspoints for wifi instead of spending using these expensive things for a "virtual cable" or whatever u wanna call it.

It's just these accesspoints (2 of them with 1 master which is connected to the modem instead of the router so no dhcp) cost 300 euro's and its a rather expensive solution for watching tv xD

MoCA or powerline adapters would be your best bet depending on the age of the wiring inside the house and if coax exists in certain places that are optimal as well

As far as im aware there's no internet in the livingroom, at all

and when connecting to these accesspoints ur actually trying to get an IP from the provider resulting in (probably) no safety AT ALL

@clear igloo lmao

since some devices actually got an IP like my dads phone which means i could prob get onto it using its WAN IP

my friend asked me networking questions and then ended up running OM3 from his detatched garage to his house

Why no OM4?!?

we WAS gonna do OM1

he*

i was like NO

@clear igloo he's using powerline adapters

but u cant use their wifi due to the problem of no proper dhcp

@clear igloo I wish MoCA worked for me, I tried it and it was not working at all ={

Like Comcast was blocking it or something

@clear igloo he even put underground conduit in

Guess who's buying 2 X5680's tomorrow for my r710 instead of the e5504's i have in there currently 👀

they hellah cute

@green sphinx are they energy efficient?

@little schooner guess who has an r710 with 300gb ram

@little schooner the e5504s?

I just have 48gb in mine :(

@waxen scroll that's more than our classroom esxi

work was tossing out blade servers with tons of memory

dont mind if i doooo

Hehe

I wish I had a job in IT, or a job at all hehe

I'll get a job soon

been applying like shit lately though

Just not yet

Ah

I was lucky to get an interview almost every job

But I couldn't take most of them due to circumstances

God damn nice, yeah i've gotten ar reply on maybe one or two job out of 100 per month

100....

I only applied for 4 lol

Well I put less effort I guess

Well yeah, I'm trying really hard to get a job

Yeah definitely

Do you have any certificates?

Nope

And I'm stil 15 and in school

Oh.

So that's definently a issue

yeah

Yeah that will do it

Yeah sadly

Discourse is driving me nuts when its not working https://i.imgur.com/sHBSute.png

Sending mail failed.

@stiff panther what exactly are you trying to accomplish?

Why not use hosted email?

yeah, RIP if you arent using hosted mail

its not worth the hell to make all checks pass, etc etc anymore

even when they all pass you still arent trusted enough and end up in spam on some major services

@waxen scroll it's crazy how fast the prof and I got the dentist office up and running on o365

It was less than hr, the longest part was choosing domain name lol

She was deciding

o_o

i did a win10 upgrade for the first time from win7 for someone

i was like 😮

everything worked, even his obscure old software

took 1hr

normally i dont let customers of mine upgrade, we do clean

with this one i figured what the hell, his apps are gonna suck so lets try to upgrade

Yeah I was surprised too how good the upgrade process has become

even the crap he put in C:\ ... still there after

Wow, that's pretty awesome

I wonder how they thought to check there

Maybe a white list of known folders and anything else? Copy in

Also they do look at file extensions

@waxen scroll Do you think programs like Windows Live Mail with all their saved offline folders will transfer correctly, I still need to upgrade my parents their pc

i can only speculate, but this did transfer office 2010 fully activated and no issues

so i cant see why mail wouldnt

@jagged latch also, you can take a system image in case

yeah , we did backups before this because i warned him it might blow and he didnt have recent backups anyway heh

Yeh you never know

was there 2hr, got $80

Like this one time, my brother's storage controller completely failed after a backup was done

And the laptop was no more

Nice 80 bucks

That could cover my upgrade license fee

win10 upgrades are still free

@waxen scroll Where are the free licenses?

its digital.

you download the tool on a win7 install thats already activated and you tell it to upgrade

once it boots into 10, the servers remember that computers fingerprint

futher installs can be done as "clean" and it will activate on first boot

https://www.microsoft.com/en-us/software-download/windows10

@waxen scroll As far as I know that was discontinued, for everyone but people having a need for "assistive technology", about a year after win 10 release

They said it was discontinued but it still works in most cases

Maybe it still works, but it's not legally licensed version...

The question is, however, do MS care, that people do not pay for Windows 10, as long as MS get total control of their computers?

@little schooner https://i.imgur.com/4c6xWve.png

@clear igloo next OS i guess i might finally have to buy lol

i had technet for years and that got me to win8.1... win10 was free

Yup, same 😛

I couldn't afford technet I was still a young'in

oof

what's that 9.8/10 for @stiff panther

mail sever score

test if the server is correctly set up and dkim nd spf test

oh I see

I was like why is it so happy looking

Jackpot! https://i.imgur.com/7cWl7Qf.png

added a parameter to the discourse config

was due to smp ssl

make it ignore it

ssl not that important if it only communicating with the same local network

So i just decided to unifi my home using a draytek modem the vigor 130 i've set up all the unifi gear and got all that working using my ISP combo unit and now that i want to switch over to my new modem (Vigor 130) im a little stuck, For refrence im with SKY so i heard its abit trickey im also using a USG 3P so i have read that you need to put the modem in bridge mode(which i have done) so i have tried that but still unable to get the network working using my new modem so i was wondering if anyone has or know if they could help me get this working it would be much appreciated and thank you.

looks like comcast bumped up my download speed... again forgetting to increase upload <_<

I want my upload increased!

What does your plan say you should have for upload? If it matches what you say you should get (or is close to) then you'll need to call and ask for the next plan up.

https://www.speedtest.net/result/8793664974.png

you need more fiber 😉

Or just DOCSIS 4.0 to be released, since it can do the same or more than gigabit fiber.

will it have the same latency?

Depends on how your cable company rolls out their network, and how close you live to the headend, so technically latency will be a wee bit better on fiber yeah.

hmm they haven't even rolled out docsis 3.1 over here

oh "Previously branded as DOCSIS 3.1 Full Duplex, these technologies have been rebranded as part of DOCSIS 4.0"

I hope they deploy it soon

that and native ipv6

does docsis 4.0 require neighbourhood upgrades?

I thought even 3.1 did

I assume every revision needs upgrading

https://en.wikipedia.org/wiki/DOCSIS#Comparison but dang 10gbit

then again fiber could go multi gig too lol

depends on your cable company. if they've been proactive, all they'll need to do is upgrade the CMTS server (blade cards) serving each area. if they haven't been, well, they have a lot of work to do.

I think when they pulled fiber to this building they left a bunch of dark fiber

@half pond What are your WAN settings? Dynamic or static IP? PPPoE?

https://i.imgur.com/mbM8sFY.png

I'm trying to install Discourse behind nginx, But this error came up.

@ornate jungle for me, Comcast only lists download speed and not upload speed

Only by calling or live chat will they tell you upload speed

Why is this practice even allowed

It should be illegal

@ornate jungle so supposedly, they support docsis3.1 here but that's only for people with high tier internet packages

But the network support is here.

Again, they are just charging like this because there isn't any fiber company here

Okay got my edgerouter working finally for internet and the main network.

Now I tried to setup 1:1 NAT for a static IP onto a separate server

eth0 is our incoming WAN.
eth1 goes to our main network.
eth2 is what I want to use for my secondary server.

So I configured eth2 to use 10.0.0.1/24

I went into eth0 and added another static IP.

I went to firewall policies and added another WAN_IN rule. Destination is 10.0.0.25 which is my server. Set to allow all protocols.

Then went to NAT and added a source rule. Source 10.0.0.25 (my server) and translation to the other static IP I added.

Then destination rule the other way around , source the second static IP and destination is 10.0.0.25.

Did I do it correctly?

basically yes, especially if it works. the eth2 wasnt necessary and you may want to rethink depending on what the server does

normally that kind of separation is OK and preferred, but since your operation is small that server might be doing more than just webhosting

tbh its my own game server. CEO is letting me put it into the server room.