#networking

if the server is doing fileshares then thats when i might go "ok, perhaps keep that on the same network as the clients, as routing can be less performance than switching

oh, then keep what you did

Okay thanks for the advice

I had the edgerouter plugged earlier but it broke our phone system because I guess I forgot to forward a few ports.

So i'm waiting for the phone company to call to give me the correct ports. They handle it as its all their equipment and I can't log into it.

So running on my ancient router again currently.

But when I put the edgerouter back in i'll test it for sure.

did you put rules in to stop the server from being able to open connections to the company LAN subnet unless a device on the company LAN asked to open the connection?

if you get hacked that will slow them down

I have no clue how to do that tbh.

But i'm sure i'll figure something out

you make a rule that says from company LAN to game server allow NEW,ESTABLISHED. from game server to company lan, only allow ESTABLISHED

I know very little about networks. I just follow tutorials I find online.

Ah okay. Ill set that up

I am just the IT assistant. I'm trying to learn these things while my manager does more important stuff.

Where do I make these rules? In Firewall policies?

I'd make a great assistant to a company but I won't look for intern until next year

Right now it's fun to help with the lab at a college where basically IT politics are going on

@waxen scroll and those rules are needed because Edgerouter isn't stateful, right?

Stateful routers don't need such extra statements

If offloading is enabled, it makes it impossible. Correct me if I have the wrong idea

the term stateful is only a firewall term. edgerouter uses linux iptables. it can be considered as supporting state but it wont unless you program it that way. with iptables only the first packet in the connection is checked on the FW rules and further packets are not. if you were to put a deny statement in after the connection is established it wont deny it

@quick hollow apply an inbound rule on eth1 saying source = <company lan network>, destination = 10.0.0.0/24, allow state new.

apply an inbound rule on eth2 saying source = 10.0.0.0/24, destination = <company lan network>, allow state established, related.

i think i got this right. sometimes i confuse inbound and outbound lol

the point is to stop traffic as it comes into the interface of the edgerouter

closest to the source

Yeah I do something like that at home

Stop at their vlan interface

Okay

Thanks so much for the help people. I know my ignorance must be annoying haha.

nah, the ignorance from LTT forums is more annoying

right, @clear igloo ?

@little schooner azure is charging me $2/day to keep an idle vpn active

lol

i thought it was free

@waxen scroll yeah there's no way I could have that. Should be free

their free tier must be strictly internet only

@vapid dune How much do you pay for that kind of speeds? 😂

Nearly on that 1Gbps

a bit shy of 50/month @sharp stone but I'm on a bunch of promos and in Canada

regular is probably 130

@vapid dune it is 50 flat here but only for 150 down/up

Lack of competition

@waxen scroll just as I predicted, my prof from other college said everything in the classroom is down. No internet, no datacenter access

I told him this like days ago and the teacher in there (not my prof) is complaining now

I dont know what we're going to walk into tomorrow

I just hope student didn't take our pfsense router

why no cameras?

@waxen scroll no budget

@little schooner oof that sounds illegal - in Canada, the CRTC might not do any form of price regulation, but they sure as heck require that ISPs disclose both the upload, download, and data caps included with all plans, including if Unlimited isn't actually unlimited.

at least it is better then where I am....

$100 45/15 DSL or bandwidth caps

and that is a biz connection

the non biz is 20/1 until recently

@waxen scroll false alarm. Gravity unplugged the routers power cable

ooof

why couldnt the other IT professor diagnose a power cord?

@clear igloo the real oof is always in the comments

yup

LMAO unplugged powercord

@waxen scroll prof told the one lecturing that night to move to another room to teach. My prof was concerned that he would break the network more

@clear igloo

https://store.steampowered.com/app/353370/Steam_Controller/

dat price

I guess no one wants it

at that price plenty of people want it

Hello guys, i need some advice... again 😄 I want to buy an ethernet switch to connect my bedroom and plug my desktop and my NAS to a Gigabit connection, and still have spare port to connect whatever device i need to connect to my router. I have 1 Cat6a ethernet cable to connect my room and my router have 1GbE ethernet ports. I was looking for a switch that can have at least two 10GbE port (to connect my NAS and my PC together [I would have to buy two 10GbE ethernet card though but it won't be a problem]) and all other ports on the switch would be 1GbE. But do i buy a unmanaged or a managed switch so i can have fun configuring it ? (it's also more expensive as i read)

If you want to configure stuff then you need a managed switch of some capacity

yes but if they are too expensive i might get a unmanaged one. What brand would you recommend ?

@waxen scroll Okay im creating the ruleset. Source/desination I used the 'Interface Network' option. Correct?

Also I found State under Advanced

Under basic which action do I select?

correct. under basic you just say accept and enable

The second IP is working great btw.

Do I need to do anything under Interfaces?

And configuration default action should be drop ye?

@median ore if you want to keep it simple, get this
https://smile.amazon.com/dp/B07LFKGP1L/?coliid=I361WESB3IUL3Q&colid=WVY0CRAP8QC3&psc=1

@clear igloo this is not an ethernet switch 🤔

Yes it is, you just need these
https://smile.amazon.com/dp/B01KFBFL16/

or you go fiber 🙂

@waxen scroll

Correct?

Allow state new on 1 and allow state established on 2 as you specified.

should be good

Under configuration its set to drop

And I haven't done anything under interfaces

actually no, its not good now that i think about it. it needs to be part of the rules you already have, otherwise all traffic except that will drop

Good job I didn't save it yet then haha

😼

Nevermind

I guess it automatically applies.

it shouldnt do anything though, you didnt assign it to interfaces

Yeah

ill need to think about how you can put it in further. i just got to work though and need to focus on some other problem that happened overnight

Alrighty no problem.

Thanks for the help

At least the network is working properly

mines not!

uh oh

a critical issue happened with a big switch last night and some how it "self healed" an issue that doesnt self heal

i call bullshit

Sounds like when I tried to put the edgerouter in last week and it knocked our phone system offline. I put the regular router back and the phones were still offline. Found out there was a lifeline setting which pings every 1 minute and if it doesn't receive anything it shuts down the sip lines.

Stupid little issues which are a headache

btw under portforwarding I just add eth2 as a LAN interface right? Then I can port forward as usual.

yes

Awesome

My plan is coming together

mine

1.100

Interesting

Switch?

yes, its a vlan that separates my IoT devices so i can firewall them

Nice

is this good for a remote SSH server with a raspberry pi?

router is vodafone btw

I mean, you have to make sure that your ssh server is hardened because it would be open on internet for people to try scan and brute force

ik. i already have

just tried accessing the server from puTTy and got this message: https://gyazo.com/db7c708dc1def89571c61b528fc56bfc

that is with my public ip

because you have it set to udp

TCP then?

Ssh is a tcp thing

ah, ok

it is working now. thank you

now to work out how to set it to a domain so i dont have to remember my ip

do you use a password or a certificate for ssh?

also maybe install fail2ban

its a risky move. better to just vpn into it first

agree, I go with vpn first too

Another option is to disable password login, and use keys. That would help prevent bruteforce of the password. (But of cause, not if there's a bug in sshd)

oh right, I was gonna say certificate only login is better than password

Yeah, and I would kinda go completely overkill, and make the key as large as possible. Last time I generated one, 2048 bits were recommended, and 4096 were the max.

Also use the newer keytypes, as they are more secure. (Or at least, supposed to be more secure)

@waxen scroll @little schooner I'm doing a fiber run along with some Cat6 runs for the house 👀

@rocky badge now that's a great upgrade

Ethernet run to the kitchen, put a UniFi in wall AP.
Ethernet run to the living room, use my existing UAP-AC-PRO there.
Ethernet run to the office, use my existing US-8-60W.
Ethernet and Fiber to my room, 10 Gigabit fiber to my PC.

nice

what kind of router?

Sticking with my USG, but getting a US-48, so it has two SFP+

@vapid dune

ooo nice. I'm waiting to see if anything can do gigabit IPS @rocky badge

the UDMP and USG XG @vapid dune

hmm no interest in the UDMP unless they separate out the parts

and the XG is well above what I can budget for it lol

ideally they'd make some kind of v2 at some point

@clear igloo wouldn't it be simpler to have 10GbE ethernet ports directly on the switch ? Or your way is cheaper ?

@median ore Most copper 10Gb switches are usually going to be more expensive than an SFP based one + SFPs

Especially if you don't need many ports

I'm trying to look for a 24 port, 4sfp+, poe+ switch but its looking to be a hard search.

C1000-24FP-4X-L

i tried to get you a price but the quoting tool doesnt seem to know about a switch that exists? hashtag @clear igloo wtf

Me feed server turkey!
Server go sleepy now

the tool literally has no idea cat 1000s are a thing

how are you gonna sell them

lol

maybe its mad and doesnt want me to buy the cheaper switches

I search for that on ebay to see if someone had it used but no results

thats cause its new

Oh

Yah, they probably haven't officially launched or something stupid

In the moments since I last wrote, I stumbled upon a reddit post of people suggesting a Aruba S2500-24P switch since it became eos not to long ago.

I don't know how to remove the forwarder from the link but it's this one:
https://rover.ebay.com/rover/0/0/0?mpre=https%3A%2F%2Fwww.ebay.com%2Fulk%2Fitm%2F153696869972

@waxen scroll

wow that looks old AF

but whatever works

Yeah I don't really like how it looks

Also for some reason it doesn't mention poe+

7 years old switch

When the data sheet online does

I'd like something newer lol

Maybe like at most $470 I can spend

Catalyst 9600? 😛

Let's see

no, 9k are basically the same cost as 3800

I didn't see them on ebay

@little schooner So you just need PoE+ and gig?

he needs 10g

Poe+, 4-10g sfp+, 24 port gig

how many 10g ports?

Oh

4

Reason is because I want to get away from edgeswitch. It feels so buggy

Also it doesn't have 10g so

edgeswitch is set it and leave it

;o

but now I need a 10g version

And it has no poe

Also they only have 10sfp+ on their 48 port

I found a nice 48 port with 4x10G poe switch, in the UK >.>

there is the MikroTik CRS328-24P-4S+RM

I'm hesitant about 48 port because of fan noise

If it's quiet I can consider

@carmine moss after working with mikrotik, I think I'd like a different brand

It was so confusing setting up the mikrotik poe switch I had for that

idk bro if you want a new switch for under $400 you might be stuck

Aww

What about at 500?

Still nothing?

there is also a Zyxel XGS1930-28HP 24port switch

as far as i can tell it goes from under $400 then jumps right to $1200

Yikes

@carmine moss I'll give that a look

that is 540euro on eu site

USA pricing for me looks like it's 640

@clear igloo what model did you find?

Meraki switch, lol

Oh

If you want pre-owned then I see some options, although limited at the $400 to $500 mark

you cant do meraki without a sub tho

That's the joke 😛

Subscription will kill me

I see some EX3300's but I can't comment on noise

last job had meraki APs and i got TRIGGERED when i found out more about them

i wanted to stop the practice of allowing guest traffic across our network in its own vlan

so im like lets tunnel it

LMAO NOPE

you need another meraki device to do it

its some security appliance thing

yah

it was a school like @little schooner !

i wanted to treat everyone as a threat

I still can't believe he couldn't just plug the cable back in

i know

Literally the internet came right back up

And here we were thinking cynical about our students

Well, I told him not to jump on that boat so soon

i also know how technical students are. you're gonna get scanned and likely broken into from some obscure method

back in the day i did this too

for example they blocked access to C:\ in windows XP

Bonus points for the student, if they report it, without exploiting it. 😉

so i discovered if i run drive clean tool i can press "show files" and there goes C:\

thats the type of shit students are gonna do constantly

😄

Haha.. I managed to start a full desktop through a citrix application. They DID hide the system drive, but c:\windows in any open dialog, got me right in, then display all files, and launch explorer.exe. I'm pretty sure it still works on the exact same server.. Don't know if they care though. 😉

they were doing this to stop the spread of illegal game emulators

tons of us were doing it

they were doing nightly scans of fileshares and auto deleting them lol

C:\ was next target

eventually USB drives became so popular they just stored them there

many of the computer classes had lots of downtime because the assignments were easy enough to crank out. so what do you do? emulators. newgrounds.com, bla bla bla

Haha.. I've never really felt limited on a school network, like EVER. 😛 "Oh you can only print in Black/White on this printer". Sure, if talking through the print server, but using it directly with the IP address conveniently printed on a label at the front of the machine, had no such restrictions... Network drives? Well, usually setup poorly, and lots of stuff put in public shares, that should not had been. Oh, and the classic, on the school teaching people how to setup and maintain networks, you could setup a DHCP server, and disconnect everyone on the subnet. Even though they taught us how to prevent that, then the wifi sucked, and the internet connection was horribly slow.. Yeah, kinda makes you expect a quality IT education. 😉

some people logged of of the school domain and into their parents domain becouse they had a company and then the it sends a message to all the pc's but no one sees it as they all are on that one studenst parents domain

@waxen scroll Hmm... Either games, or write a program that locks the computer until the correct password has been entered, and set it to launch at boot?

@clear igloo remember novell?

@clear igloo so the ex3300 that you suggested I found a 24 port version of it. https://rover.ebay.com/rover/0/0/0?mpre=https%3A%2F%2Fwww.ebay.com%2Fulk%2Fitm%2F202646197359

yah @waxen scroll

Is it a really old switch or something?

@carmine moss I once shutdown all computers in a classroom... Don't know why school networks are so poorly managed...

@clear igloo novell had a messenger which could broadcast messages to all machines or just a selection. they locked it out in the registry. we found it and unlocked it

you can guess what happened

@craggy parcel I have the college lab setup where the teacher can use a one line command to reboot all his commands but what would make it special is to have it on like a stream deck shortcut

We just used net send for taht...

I think he would love that

And a command to get the latest like notepad++ executable and push it to all systems

@waxen scroll LUL

I think he'd like that on stream deck

@little schooner I use a streamdeck at work for shortcuts I can never remember, and for quick launch of programs.. Quite convenient. 🙂

Yeah I want to bring that in and show him

That makes a lot of sense

i'm sometimes am on a system that the government manages i can open task manager why didn't they block it idk i would expect not to have access to it as i just do digitizing some old photo's for them

@carmine moss Out local city government has a similar issue with public computers. They have too much access, on the other hand, they ARE at least on a separate network (VLAN), meant for guests. And they have network boot enabled to reimage them.. So I guess they don't really care if you mess too much with them.

still it's dumb to have if they don't care about that why would they care if someone gets access to the confidential stuff just becouse they don't block most things no one needs

@clear igloo this is quiet?

Depends, where will it be?

In a bedroom

Then you'll want much quieter

now if we're talking in a closet that's closed, then it will be fine

Hmm

Let me check another dba Stat for my nvr

I think it louder

@clear igloo dang it, it's like 34 dba for my nvr fans

But I have like three of them running and that is loud

So the switch will be louder than that? XD

Yah, 45dba is a good bit louder

Aww

Now I have a ~43dba switch in my closet, I don't hear it with the door closed

Hmm

@clear igloo so I'm reading that juniper updates are not free? Or it depends on the person that helps with account creation?

nothings free. thats what happens when you dont use ubnt

don't worry ubiquiti will add some more telemetry 😄

Anyone here can help with running a network cable or fixing a already made one?

maybe

@little schooner just buy a crap tonne of raspberry pi 3 or 4s and you will have no sound as they rarely need fans

Won't the cost per port, be way to high?

i wish pi would support NVMe already

i need one that can use a high quality drive that can handle a lot of read/write but i dont need cpu/memory specs higher than pi

Well managed to get 1 side of my Cat6 cable at Cat6 markings

Now to do the other as different sides of ports on a cable = non-functioning ethernet line

Before that though, need to mention to my dad the reason why cause he got mad over it saying the colors blah blah despite the spec

I just use a usb SSD enclosure with my Pi @waxen scroll

Only got around 100 Mbps which is half my modems speed to my PC and npt 1Gbps for full 200 Mbps and 100MB Transfer to my Server

there's two different ways to wire a cat 6 cable. they need to match

This was the old way he did it

pi 4 doesn't have usb boot yet but it's not hard to just use a SD card to point to the usb drive

Way different than well normal Cat6

@vapid dune ill have to look into it. the problem is i use an app that fully manages the OS for me and i cant just tell it "install here and not the SD card"

hmm just install it on the SD card first. then move the partitions around

if you aren't gonna do the cable to spec, then it won't work

I mean color aside they just need to line up the way that's expected

@vapid dune that I can tell. I just need to clear it up with my dad first cause he's the one who did it that way and clarify why it needs fixing

lol

I just wish he knew

He did the same thing with my old Cat5e line

the other option is PXE @waxen scroll

Only 100 Mbps modem to router

Despite it being able to get 221 Mbps on my phone

So I think he was basing off the old Ethernet standard of Fast Ethernet

hassio is bae

❤️

Hassio is love :D

I wish he can understand I need full speed also for my server

do you use it too?

For Local Transfer

I liked pulling 1 Gbps locally so wanted it sorted

But 🤷

Guess Dad just prefers his old thinking than new standards and looks

.-.

that's weird

Even Jay knows and who I followed to get the line fixed

And the forums

Saying this is the Cat6 Standard

Oh he goes it doesnt matter cause colors of green are the same

LOL

If only Linus came to tell him this is the standard

Or Jay

Not how it works

Thats a wish

w/o o w/g b w/b g w/b b

B standard is best standard

ive wired hundreds of connections with B

Like this

Heck what he did before wasn't even Cat6 A

Jeez that image is blurry

Yah but the sheath isn't crimped

That sheath I hate a lot

i love the sheath!

Was in the way and broke many copper wires

For the 1st time a user installs Cat 6 B

first few times are a bitch, then you learn the right way

like flattening the wires

Yup

i have special cable scissors now too

May be bette

Yeah had excess sticking

lol

best to cut it off and restart

But that is at least Cat 6 B properly

take it out carefully and cut as straight as you can at the end. keep trying until the sheath is mostly in

Party now and gonna be a pain of 2 hours again to do so

Lol. Told my mom about it, she told dad and he said all is the same

https://www.lanshack.com/make_cat_6_cable.aspx

So Cat 1 == Cat 6?

In his mind

Or a FE cable = 10 Gbps Cable?

looks like B to me

Yeah thats what I did

Jay also did B

A or B doesn't matter

Yeah

it just has to match at both ends

I told him its the line many times

I know cause a small distance cable pulls 1 Gbps

Fe standard is the same as 10Gb standard for wire color

Note distance from his room to mine is like 11 feet

Well the cables might

But position who knows

I don't know what standard is this but it pulled Fast Ethernet Speeds Locally and ISP

Position is same for 8 wire regardless of speed

Better :)

He but brown stuff in 1 and 2

you should only wire it to A or B since the twisted pairs are done to avoid crosstalk

Yup

that cable looks like someone did it backwards

like it's A but backwards

Yah, it's weird

It's no standard but 4 wires (2 pairs) must match for you to get 100meg

personally I just use a cable tester lol

Yeah he did a straight through

I explained how I dont get 100 MB locally or all the speed from it but on wifi I do

https://images.app.goo.gl/AuwS4fGje6RC5Xd5A

I.e this

So i really confused why I am not getting 1 Gbps at all on any like Cat 5 or 6

If straight through or not

@vapid dune @clear igloo What might be the possible guess as i get 1 Gbps on my router on all my ports with a regular router cable but as soon as I connect the 6 line it goes into FE mode

that means damaged cable

So a copper wire in it got cut during install

correct... or bent too much

with no tester, replacing the ends is the first thing i'd do

which you did

Well I need to redo the line for straight through

Cause I did B crossover I think or something

And I feel after 30 mis of getting those cables in I might have snapped one a bit

God man made ethernet is something else

also realistically, you shouldnt nick the jacket of the wires either

if i do that to a wire, i cut the end right off and start over

Nic

Nick?*

lol

cut it off

@clear igloo what's a decent noise level for a switch with features that I wanted? 30-33 dba?

I measured in the network room it it's already at 40 dba

Ah

Good boy, xeon

@waxen scroll so the laws of physics tells me that adding another 40 dba device would increase overall sound?

Or would it level out to like 39 or 40 dba?

o.O

https://forums.tomshardware.com/threads/2-fans-with-same-noise-level-more-noise.377040/

The answer in the home theater world is yes

I've seen +5dB adding a second sub

I do this by setting the volume of both with the other off, then turn both on

It's actually insane how much two subs add

@little schooner try it

@waxen scroll k

@vapid dune I see.

as an audio technician the standard rule is every double adds 2db, so 1 would be 40db, 2 would be 42db and with 4 of them would be 44db

Looking to build a small home server to run 24/7 servers out of. I've got a spare 7700k with a motherboard. I'll need to pick up the drives, psu and a couple other bits to finish it up. But how would I go about configuring it all to suit my needs?

Very very new to home networking and such

@keen ermine What router do you have? I saw your post on LTT forums as well

Amplifi HD

Its their Mesh/Teleport Router

And I figured out my dad's method of the ethernet was straight through

Not sure if thats Cat6 compliant for local 1 Gbps speeds

And 5e

@clear igloo

You might get some crosstalk and packet loss if you don't follow the pinouts but that shouldn't cause you to be limited to 100Mbps

Now if one wire is damaged or a pair is flipped on one end then it will cause the speed drop you're seeing

Mhm

Yeah if I connect a regular Cat5 cable from another router/modem I get full 1 Gbps locally and all my speed

ah, then I suspect something is flipped, badly crimped, or cut

Same

My 1st guess was straight through isnt Cat6 speed

But noob at networking so 🤷

Noob mindset

you mean straight through as the wires not following standard but just same on both sides?

Mhm

Thats what he originally had it crimped as

Straight through is actually following A or B standard and the same on both sides and is what 99.99% of cables use these days. Crossover isn't used anymore in most cases

Just wanted to make sure we're on the same page though 🙂

Ok

Yeah he ran it straight through

I just terminated my PC end to be Cat6b but who knows

Noob at it still but know I'm not fully utilizing Cat6s speeds or 5

Yah, and it's not CCA cable is it?

CCA?

Copper clad aluminum

It's cheap cable and very easy to break

Ah

Um let me see

If you have the product page for the cable you can search for CCA on there but if it says pure copper instead then you're good

Hmm

If it's Nova brand cable then it's definitely CCA cable

Think its solid

Yah, that looks good

Yeah I saw Jay do it Cat6b and when I saw my line I'm like looks like nada

Just remember, there is actually Cat6a rated cable so be careful saying Cat6b 🙂

Ah

Well Cat6 B Port Method

Yah

B is very common these days, I don't think I've seen A in a long time

Now I do have one other question, what type of ends are you using for the cable again?

RJ45

So there is actually a difference between Cat5e rated ends and Cat6 rated ends

Yeah

He made a Cat5e end 1st

Just wanted to make sure you weren't using Cat5e ends on Cat6 cable

Then added a 6 since 5e was also giving me 100 Mbps

So 2 seperate lines

Yah, Cat5e rated ends are actually not going to crimp all the way into Cat6 cable iirc

Mhm

Yeah they're seperate

So yeah straight through is up to 1 Gbps

So cable got snagged and tore a bit but my dad didnt notice it had a cut and crimped it with it

Ah, that would do it

Yeah

I know ethernet is fragile but I would at least check the cables if there is no cut

I dunno yet which end has the cut

My PC or router end

Cause if I can at least get that cable back, move router back to my room for 1Gbps and full speed of modem

So should I revert to straight through? @clear igloo

So long as both ends match then you should be good

Mhm

Yeah

I just want to get the local 1 Gbps

As I know Amplifi HDs cap at 1 Gbps

Though question

He put brown 1st than Green

Does that affect anything at all?

It shouldn't if, like I said before, they match on both sides 🙂

Ok

I was also looking at if pairs matter

Yah, it's just copper so it doesn't matter in that regard

@radiant shell thanks for that tidbit

It does for crosstalk and interference

That's why they're twisted pairs...

But in terms of speed negotiation it won't matter on a normal run, yes it matters from a crosstalk and interference perspective but for like a 5m run it won't really cause issues. Now on like a 50m run then it can get tricky

ok so gonna try to get him to reapply the ethernet jack to what it was before

though hope neither wire snaps to return back to 100 Mbps

@clear igloo have a question

I just noticed this on my end. Is this just discoloration or a nick?

Nvm he cut it at the part where it looked light blue

ah, so its cut

Still 100 Mbps and same speeds on the same line after many straight runs

On dang Cat6

I swear he did something wrong still

and I don't even know if we have a ethernet tester to test it 1st before install

cause all he does is Satellite work

right now if I go back and say do you have a ethernet tester to test next time it's actually 1 Gbps he is gonna flip

he's already irritated over me yesterday doing that line and over trying to know why I keep getting 100 Mbps and lower speeds here vs my laptop on another cable run

(and yeah don't suggest to him to buy a pre-made one. That will cause loads of issues)

gigabit copper testers are easy to find

10gig ones are a bit expensive

At this point just say you want to learn how to do it yourself lmao

@keen ermine it never hurts to test it yourself.

@mystic latch What device is logging the DNS timeouts that you are seeing the error?

Is the UniFi configured as VLAN only?

You need a VLAN only network, then configure the SSID to use that VLAN

A VLAN only or corporate?

Can you access anything on the network?

Ok networks are good. Is it pfsense DNS?

Pfsense DNS configured to listen on those VLANs?

Can wired devices use the DNS server?

Dumb question, but have you tried restarting the pfsense and or DNS service? Lol

So it's pfsense's DNS? Lol

No, I was saying, it's Pfsense's DNS server fault

Try to dig the pfsense

dig google.com @192.168.5.1

Does other DNS servers work on wireless

?

Hmm

dig. Gotta love it

What improvements did drill bring

Lol

I believe it for a second

@clear igloo you get that cable fixed yet?

lul

hello people

@waxen scroll I decided not to buy a switch because everything is either loud or expensive with 10g sfp+ with poe.

Or

Companies except mikrotik don't sell a 24 port, poe+ 10g sfp+ that is less than 41 dba of noise at reasonable prices with free updates

Ugh the struggle. So it looks like the best way is to simply buy two switches. One for POE and other simply 10g

80% of the reason i use a ubnt is no fans

Yeah

If only they had a 24 port with 4 sfp+ tho

They reserve that for the 48 verison

cisco might have fanless industrial switches butttttttt $

Yeah $$$$

Well it least it gives me something to work towards. It's better to earn than easily get what I want

It leaves a good feeling

i disagree, grab life by the balls and demand to see its manager

Hahah

Well yeah always stand up for yourself

Seize the opportunity

i do this with the stock purchase program at work

you gotta exploit where you can

@clear igloo lets get this guy some lab discount industrial switches

lol

also i found out we have no lab discount at work BTW

i was trying to quote ASR9k on lab discount

the VAR went lmao you get only what you have

someone did awful contract nego... but they probably werent IT so i see how it slipped

last company had a lab discount at like 80%

Nice

@little schooner https://www.youtube.com/watch?v=ELkgiJD9KuM

@clear igloo 👀 someone might pay for my CompTIA certs

Why?

He does "cloud ops crash courses" every 6 months. If you can pass his course, he pays for your certs.

no point in certs for your age

wait until jr year of college at min

lots of effort and time waste for no gain when the tech keeps moving on rapidly and you arent getting a corporate job until 6 years from now

college

yes.

if you want your income potential capped at 60k and have a bitch getting started, by all means dont go

@clear igloo college.

lol @waxen scroll

meanwhile

Guy works at AWS, Asst. Director of Consumer implementation

blob bachelors degree when?

0 college, all certs. 3/4 mil/year

That's a unicorn right there

yeah thats not happening without daddys money

Yee, worked his way through AWS support

do you have a dad with 10+ mil whose gonna free ride you?

i know plenty of people who think the same way

big dreams

gonna make it in hollywood

its gonna be the same with tech, its a unicorn

dont put all your chips on it

all those friends in hollywood are barely finding work, making poverty wages, living with roommates

make sure you're not YOLOing unless dads got money

also maybe @clear igloo can back me up

"working your way up" just doesnt happen 90% of the time

you stall and you have to move on

nobody promotes. its so fucking rare

I only have associates degree and a couple certs but even I understand I got lucky getting where I am

no no, i mean back me up on working your way up

even if you did go up your pay raise is usually nothing

i think the only time this is different is when you're not overly technical and in management

So far I've been getting good pay raises but you have to actually work hard to work your way up

Mediocrity gets you nothing

I have executives at large financials who call me out by name and say thank you and commend me on doing a fantastic job and that's part of what helps me get good results and even then sometimes I wonder if it's enough

you also have to be a special type of person too because your work/life is destroyed if you just certing all day, going above and beyond 100% of the time, etc

Yah, and getting a cert is easy these days, being able to apply it to real life is another level of hard for most people

the very few people who can do it without killing themselves from the stress/anxiety are the ones making a mill

back to daddys money though, the easiest way to get to a mill is to use daddys money to start something of your own

but then hes on the hook

😄

And get bought by a bigger company 😄

yep

@rocky badge What are you?

college bound or like Sophomore/Junior/something

@waxen scroll hey its better to just use vlan 1 as native vlan because it requires no additional administrative work right?

Like no need to change it if you are using other vlans

For your real traffic

personally thats my view. a lot of networks i work on like to change it

but thats stupid because a native vlan is a native vlan

if you're really paranoid some networks make a parking vlan thats not trunked and you put all your unused ports in there

Wow that's going extra

Yeah paranoid

😂

im sure there are stories floating around like "my device needs to tag everything and doesnt support 1. lets not use 1 anymore" and it spread everywhere and nobody remembers why they do it

google suggests it prevents you from attacking other vlans your port isnt in, however you shouldnt be making trunk ports on end devices anyway

I have an all in one PC I'm trying to troubleshoot. But not gonna lie, this one is pretty nice and convenient

Screen is beautiful and touch

@waxen scroll I just pasted an empty Documents folder into a VM and it forced the system off. I don't even know how that could happen

maybe @unreal wedge can help

yay

this gona be moar than a day

hii

Any thoughts on "ngrok"?
I would like to use it for purposes of tcp tunneling so I can remotely access my local machines through ssh
Is it safe & do you have any suggestions regarding safety when dealing with ssh in general

It just makes me worry a tiny bit that ngrok started as an opensource project but has since stopped releasing source code

I use ZeroTier for a similar remote tunneling situation, while more confusing it's free at a base level and seems relatively secure

Hello. I am looking into getting the stuff I need to make a pi-hole
https://linustechtips.com/main/topic/1094810-pi-hole-setup-tutorial/

Some of the image links do not work anymore. I am also kind of new to using linux as a networking tool. I have used it in the past to just play around and see what it's about. I was looking at the headless install option and is says I have to enable ssh before booting up the pi. Do they mean on my desktop computer?

You need to set up the Pi to be ssh-able before install I presume, making it accessible from your desktop and a ssh application

@radiant imp i presumme that this will help you set that ssh up https://www.raspberrypi.org/documentation/remote-access/ssh/

hmmm, is vnc an option for this? I am not sure if that's how it works, considering there is no mini-monitor on the thing

I'm just looking at my options before I dive head first.

Anyone know of a decent out of the box NAS?

I use the seagate mycloud

first one I used and it has been very reliable. I've ftp from work multiple times without fail. had it for a few years now

That's the one that has been striking my eye. Do you stream videos from it?

You can, but have to be on the same network. I think there's a way to do it while away, but it requires a vpn?🤔 I never really looked much into that

so don't take my word for it lol

ssh setup is a file you touch on the SD card

you can setup your wireless internet too

Gotcha. I'm hoping to set something up that will take place of my Plex server from my laptop. Figured I would combine file storage with a Plex replacement

you can do headless pi setup

@radiant imp see 3. Enable SSH on a headless Raspberry Pi (add file to SD card on another machine)

oohhh I see @vapid dune thanks!

@olive thorn Yeah for sure. If I had the time and an old computer laying around I would just make a homemade webserver for it.

been looking into those as well

but for you I think the NAS is a good go

I'll probably grab one today since it's Cyber Monday. Thanks for the advice!

anytime

8tb for a hundred bucks ain't bad
https://www.amazon.com/Seagate-Desktop-External-Hard-Drive/dp/B07CQJBSQL/ref=sr_1_1?keywords=seagate+personal+cloud&qid=1575331494&sr=8-1

oh wait wrong product sry

hhmm, can't seem to find the model I have at home.

I've got one that I've been eyeballing

@olive thorn are you trying to use that external for a NAS?

{
  "message": "An error has occurred.",
  "exceptionMessage": "An error occurred when trying to create a controller of type 'AuthController'. Make sure that the controller has a parameterless public constructor.",
  "exceptionType": "System.InvalidOperationException",
  "stackTrace": "   at System.Web.Http.Dispatcher.DefaultHttpControllerActivator.Create(HttpRequestMessage request, HttpControllerDescriptor controllerDescriptor, Type controllerType)\r\n   at System.Web.Http.Controllers.HttpControllerDescriptor.CreateController(HttpRequestMessage request)\r\n   at System.Web.Http.Dispatcher.HttpControllerDispatcher.<SendAsync>d__1.MoveNext()",
  "innerException": {

That spit out from a company who uses salesforce for billing

Anybody have any experience with a Cisco Catalyst 3500 smart managed network switch?

Plz dm me if u can help. Our servers are broken and we can't figure out if it is our firewall or our switch that is broken

End-of-Support Date: 2010-09-17```

oofy

@little schooner did you lock those cabs yet?

😉

@waxen scroll hehe... Not yet. It is still a low priority thing

wow.

I already told him. Attach the door back

He took the door off because he wanted the students to see in awe the equipment

He thinks rack gear is sexy

lmao

oh to be young again

i HATE it now

new equipment is cool for a minute

then im over it

__**hi is it possibe to have this setup

internet >> modem >> ubiquiti radio <<>> ubiquiti radio >> router

is it possibe the have a ubibuiti radio PTP plugged straight into a modem, not through a router??
???????
please @me if you have a reply**__

i need help with my networking

its too fast

would i be silly to buy an old sun server (one of the purple ones) and put some PCI cards in to use as a router/firewall?

or are diy routers kinda a meme at this point anyways?

i would go for something that is efficient if you want to use it as a router/firewall like a low power pc

as it could get expensive running an old server as a router/firewall power wise

i literally just dig the aesthetics of the small 1u suns from that era

like honestly hollowing out a non-working one and putting in like an itx system would prolly be enough.. maybe something with wireless on board

yeah that is an option

i feel like the sun thing wouldn't be that bad even on it's own though. not like it'd be at load ever

idk i just love old networking gear and rack stuff

yeah but it gonna use a decent amount of power that you could have saved on a low power cpu

yeah, power is cheap here though :3 i really wish we would see higher-end ARM stuff reach mainstream

if it's a sparc based sun server finding a router/firewal os could also be hard

can't i just do things manually from solaris? Or bsd? I've used netBSD on a firewall before

yeah but it could miss some features from modern software have not played with solaris or bsd but you can try it out

honestly if it wouldn't be TOO bad it'd be cool to use something like that as a NAS too

get a SAS expander and just a big pile of drives and another case

any data hoarders here?

i would use it as a server you only power on to play with not a 24/7 server but not bad to own it

yeah

i was thinking of getting a T4 series sometime and experimenting with it, since something like that is modern enough for me not to feel like it's a waste

i could probably use it for that stuff too though.. idk yet

I'm waiting for a router with good ipv6 support

does anyone know if the netgear nighthawk xr300 has good range?

@clear igloo that feel when you have a router with good ipv6 support

That feel when your ISP fails at IPv6 support 😄

call 800-xfinity

I get to call 800-att-suks

did you know they put their own field techs into a phone queue hold when they call for help?

Actually yes I did, and it makes me sad

it warms my heart to see the company shooting itself

That too 😄

@waxen scroll you have something that can do ipv6 firerwall well?

this is my biggest issue with stuff I've found so far: https://redmine.pfsense.org/issues/6626

I'm not using pfsense but rather an ERL. same class of problem though

yep

ERL doing ipv6 FW

oh I see. it's not sufficient for me since I have a dynamic prefix

this works with dynamic

so like effectively port forwarding a la ipv4?

https://pastebin.com/S9vtgQy1

i cut out a lot of stuff, this isnt just copy paste

you should get the idea

http://blog.dupondje.be/?p=17

@waxen scroll what do they mean by prefix id

that's just basic ipv6 firewall rules

to all your devices @waxen scroll

I mean specifically for device x I want port y to be allowed through

I guess ignoring privacy extensions is okay for that

that blog seems like it might be what I want

@vapid dune cant you use NAT for that?

https://community.ui.com/questions/Inbound-Firewall-rules-with-DHCPv6-PD/31aac051-4565-451c-89b2-8146a36724e8#comment/36880eb8-b3ef-4431-9e87-6049d2e720bb

there's no NAT for IPv6

Yes there is

It's just not commonly used

lol okay fine fine, it's not a recommended option imo

it's not like we'll run out of IPv6 addresses

In some cases, you still need to NAT Ipv6 traffic

and then also you'd need DHCPv6?

Like snat

Well, I was thinking if you wanted certain machines to always hit to a different port or ip

NAT is handy for that

@vapid dune i suppose if you can predict the last half of the ipv6 address you can just add a blank table to your existing FW and let a script put in modified rules any time it changes, or just DMZ the host

I mean without NAT you can have two IPv6 servers on the same port

DMZ is basically no firewall lol

@vapid dune not true. You still need to be allocated IPs if it's public facing

Do they give more than 1 Ipv6?

it's a /56 I think

Oh

Then yes

@little schooner its been forever since i set this up, i think the id tells my provider i need more subnets pulled

k

I'd have to check what I'm assigned, but it's enough for many many IPs per device lol

Yeah I didn't recognize it

@vapid dune if that's the case, yes. It should just work

ah yeah I just checked my raspberry pi. it has a 64

So that means you have a switch on the WAN side?

no?

I just have a router

fiber --> ont --> router --> switch --> devices

How would that work then?

Router would not be giving you public facing Ipv6 address

silly xeon, the provider tells your router what the subnet is and your router hands them out

dhcpv6-pd or slaac

router to isp is like a point to point address

probably slaac mostly

@waxen scroll so that's different. So it can decide to hand you out a public facing that way? While still being internal?

I didn't know

it's not internal

there's a link-local address in addition

Wait wait you said router

Oops. Like a real router

Lol

I thought you meant the consumer ones

eh

I am thinking those lan ports

Sorry

I can get it working on my Asus N66U iirc

a lot of consumer routers support ipv6

and the edgerouter lite is consumer too lol

not friendly mind you

Well consumer routers only have one wan port

eh

The rest being bridge

some of the have dual wan these days

I see.

not sure who would use it lol

fwiw I only have 1 wan connection

@waxen scroll that still confuses me. So one port gets a subnet and that can propogate to eth1, eth2, eth3, etc?

If it's ipv6

I still not get that one lol

more like the router receives a subnet that it can delegate to devices behidn it

then it announces that to the clients and they grab a subnet for themselves

And the addresses it announces are routable on internet?

I mean the router can do what it wants since it's doing routing, but yes it could be

I'm trying to make the connection where the network separation happens, is why.

ipv6 has so many addresses that the design is like that. so NAT is no longer needed lol

Ipv6 is my rusty point

theres no separation anymore unless you design it on purpose

it's a mess imo lol

there's SLAAC and DHCPv6

https://en.wikipedia.org/wiki/IPv6_address#Stateless_address_autoconfiguration
vs
https://en.wikipedia.org/wiki/DHCPv6

every computer on your LAN can be reached from the internet unsolicited if you arent careful

@waxen scroll so isp --> router --> switch for Ipv6 now means "here is the WAN network

depending on the device, it might support one and not the other

@waxen scroll gotcha

That was the tidbit I was missing

That sounds dangerous lol

And unifi by default has Ipv6. Firewall off

it is for the poor people who turn it on and dont realize ubnt ipv6 fw is separate and not in the GUI

lol

yeah ipv6 support is kinda really bad that way imo

it's second class at best

Makes sense

nah it doesn't make sense lol

it should be fw on by default

Well

I agree

But I mean with how Ipv6 works

it should just do "related/established" only and block

It makes sense

it doesn't lol

Lol

it's inherently problematic

all i know is, i keep trying to get companies i work for to at least start deploying it and nobody will let me

I mean no one is doing ipv6 drive by

so IPv4 4 LIFE

but still

it'll be more like you visit a part of the internet and then it scans you back

Yeah I don't want that

What's out there stays out there

Not coming in

i used ipv6 back in the early 00s as an anti ddos protection when i used IRC

it was funny pissing off ddosers and they cant do jack

@waxen scroll yeah because you can cycle through like a bunch of addresses

It's neat

@vapid dune do you have rj45 jacks in your home?

Yes I do xD

It's only cat 5e sadly

I was going to link how not to put wall plates, but I can't find the picture now it seems

It was a funny one

@vapid dune

This one

Wat

I have jacks

ik this is just the sloppy way

Heh

Actually there is that many because at one point, my system was using a Quaid nic

And the guy said he would somehow find a way to pull all of them

Now I don't even need all that stuff there

Should be a jack wall plate instead

@waxen scroll is it cheating if I use the jacks where you don't need to punch it on? Just plug a cable between the two jacks in the wall?

whatever works

@waxen scroll this one I think I can fix it

I just need to buy the stuff

My prof hates doing the cable work

so do i

remember @little schooner the more you get paid, the less you have to do

@waxen scroll so awesome

i havent done cable work in 6 years

i dont blame him 😉

if you want some lols, quit

sadly I don't have a lot of runs per room

only 1 ish lol

i put like 6 behind each TV

lol I just put a switch

I kinda need to upgrade my switches to better support VLANs

I'm currently using repurposed N66U routers

@fluid meadow depends how involved you want to get in networking adventures lol

I mean I'd start with asking if you had complaints about your internet and wifi experience before diving into it

but really having control over your network with a decent router and/or access point is a good thing imo

Yea

my current router has spaz attacks where the devices just start disconnecting from lan and reconnecting over and over

no issues with wifi tho

assuming you don't want to have too much configuration and what not you could do full Unifi

• USG 140
• Switch - 30-100ish depending if you want smart or dumb
• AP-AC-Lite 90

hmm I guess the other question is if your ISP would let you bridge your modem/router thing

It dose

it lets me swap out

ah yeah

I mean you could pair up the unifi ap with any router too

I've got my ap mounted on a wall in the middle of my place for adequate coverage across 2 floors. though it isn't optimal

my 2 floors are so close its not worth it for 2

i just want a router that has a fast lan

and a nice interface

like duma

XR450?

#off-topic enjoy #rollover

My router is forwarding to the wrong IP

shit

Anyone know what could be wrong?

I am using two IP addresses on my edgerouter. The main one ending in 195 is for the business and the and the one ending in 196 is for my personal game server and is running 1:1 NAT.

When I run whatismyip.com on the server I get 196 so that part works.

But any plugins which use a port are sending to the main IP ending in 195.

I'm willing to have all ports open and just use my server's firewall if someone can tell me how to do that.

I just need this to not be using the main IP

We do this on a fortigate router/firewall. We had to create two IP Pools and then use policies to define which VLAN uses which pool.

That sounds far far too complicated for what I can do haha

There must be some kind of rule I can make which says anything from eth2 goes to my 196 external IP

That's what VLAN would do

You would assign the VLAN to the IP and then to the port

VLANs aren't too hard. Just depends on your equipment

In this case it's exactly what you need so you can have isolation

I love the concept of VLAN in conjunction with switch security features. Otherwise, anyone can still plug into the right port and jump into your protected vlan with physical access to wall jack

Yea, physical security is still important no matter what.

I have no clue how to setup a VLAN at all

My current config is as follows:

Added my second IP here.

Added this rule into WAN_IN

And this under NAT

This gives my server the external IP ending in 196 which works.

How would I go about creating a VLAN?

I figured out how to make the VLAN but I have no idea how to configure it for the external IP and ports etc.

@quick hollow you create vlan by making a subinterface

Do it from the first GUI page that you login to Edgerouter

There should be a button

Okay I added an interface vlan

What would be the next step?

Adding another DHCP server and making sure the switch tags the line properly maybe

Not using dchp. We have a server which handles that on the main network so I didnt turn it on

I changed it so its for eth2 which i'm actively using.

Since it wont affect anything now

I mean you want to isolate your server totally from that network though right?

really the best thing to do here would be to physically separate the machine off the main network

Yeah

outside connection --> switch --> existing router + your router/device

not sure if they give you multiple external IPs though

Yeah thats what im using

We have a block of 8 IPS

It goes Fiber intake > Gateway > Edge router

in which case why are you mucking around in the edge router?

Then eth1 outputs for the main network

eth2 is currently using another IP for my person server.

I mean VLAN will do what you want, but just imagine it like an entire (virtual) network that's partitioned off from the main network (at least that's what I think you want)

ie completely isolated so no direct access to dhcp from the main network or any other system

Thats what I want

I want the IP ending in 195 going to the main network which it is.

other than the router

and then make it so the router won't route between the VLANs

There must be an existing way to do it without buying a whole other router.

I just described it

I really don't know much about networking sorry.

right which is why I suggested doing it physically

I don't wanna spend any money on it though when I got an existing system which can do it.

I just need a little help haha

you can do it with VLANs, but if that's hard to understand then do it with a router

The system I have right now works fine.

I just dont get why the ports are going to the wrong IP

My server has the correct ip ending in 196

it works fine until your public server gets hacked

Why do the ports i'm forwarding only go to 195

and you have a hole into the main network

Yeah thats why I want to put in some kind of isolation rule

So any attempted connection to the main network is dropped

Must be a way to isolate eth 1 from eth 2

I mean you don't even need DHCP if you just statically assign the IP to your server

assuming you get the vlan set up and the tagging your server working, and routing working... then next step would be just to put some firewall rules. this should help: https://community.ui.com/questions/Laymans-firewall-explanation/2dafa379-3269-4749-b224-0dee15374de9

Ill have a read

it's mostly the diagram that's interesting xD

Okay I kinda get whats happening now.

But I still don't think i'd be able to put it into practice haha.

I might just give up on the idea and bring the server back home now I'm looking at it haha

It´s easy when you actually get it up and running

hmm

Also remember that to segment vlans on layer 3 you need to make firewall rules or ACL

Networking for some vendor equipment is confusing. Just take a look at how Asa is configured

It's a confusing mess

You use Cisco or Dell or anyone else, and it's straight forward

But you still need the working base knowledge

Never use ASA lmao

No idea what a dnat and snat is tbh

Two types of network address translations

dnat is in right

and snat out

You should really read up on this

will help you a lot

Yeah I am trying but you try and define one thing and just end up with a bunch more acronyms and concepts I have no idea bout

But btw what are you exactly trying to accomplish

Okay so I have my main network which is for the business. And I have my own person game server. CEO lets me use the internet there for it.

So i'm running our gateway into eth0 of the edge router.

I'm running one external IP into the main network.

And another external IP into my game server.

We have a block of 8 you see.

Its all working. But when I port forward stuff for my game server it gets forwarded to the wrong IP.

Ok so the game server is on .196?

yes

Main network is .195

Gateway is .193