#networking

@craggy parcel it varies per OS and even program

You get 1 /64 for every unique interface that requests a prefix. They reserve a /60 for you and give it to you in parts >.<*

does someone know how to upload much faster to drive

https://gyazo.com/d77cd8c2eae250c569a4d4871654ddfe

and more to be uploaded

Local? Remote? Single drive? RAID array?

If it's not local then you acquire additional currency and provide it to your ISP

@hollow marlin Yeah. Usually doesn't matter much anyway, as there's normally no more than 10-15 hops for most destinations.

@lone barn Upload to what drive?

But the fastest might sometimes be to just copy to another disk, and send by mail...

I'm back

My friend had a similar problem that I am facing, his ISP replaced the Load Balancer and it got fixed.

The load balancer is way upstream of your gateway. Thats going to be on the edge of their network

Did the tech tell them that?

@thick minnow I'm sure the tech was just throwing buzz words to satisfy the question of "what was the problem?" when they didn't really know

@hollow marlin Yes.

@little schooner Perhaps

But if they didn't really know then how replacing the Load Balancer fixed it?

@little schooner that happens a lot in the real world

Could it be that, there are multiple Load Balancers?

Depends on the size of the network

Size of the network is big.

The ISP also have presence in other states as well.

Load balancers will not cause the problems you are seeing. When they are not working correctly things go to shit real quick

I see

So it's something different then

They can be overloaded but they tend to have other aspects fail first

@hollow marlin yeah. Comcast tech does it all the time

I cannot say I havent

Comcast says we're not getting internet because the SSID was the same as the one that was printed on the box

They said you can't use factory default ssid

But you can

It didn't make any sense

Then she thought she fixed it

But I fixed it by going through the activation wizard

The real problem was there was a hold on account and once that cleared it fixed the issue

Payment hold

There is a time and place for "make the customer feel better" statements

Hehe

It's funny

If the customer knows about what you are talking about then you're fucked

But mine have all been innocent excuses to people who have no clue but keep digging for more

Mostly because if I am honest they would have absolutely no clue what I just said

There is a time and place for "make the customer feel better" statements

That's what I hate, tell me the truth.

I prefer that one 😂

We all do

Techs are the ones facing customers though and are told little at times and have no clue other than an upper engineer fixing it without an explaination

Not an excuse but is a big reason why

Yeah

Can I add you?

Add?

question yall! I am struggling with subnetting and I found this book: https://www.amazon.com/dp/1731241747?psc=1&pf_rd_p=dc6c80b1-d578-47c5-a820-4e15e9d65d1c&pf_rd_r=WY1DKV1YTR6TPF22A3EZ&pd_rd_wg=98rDH&pd_rd_i=1731241747&pd_rd_w=GEaUl&pd_rd_r=11b4954f-8eed-4bb2-8750-49cc3c7ab832&ref_=pd_luc_rh_crh_rh_top_sim_04_02_t_img_lh

would this be worth getting?

@thick minnow What are you getting stuck on? I can explain it if needed

mostly the math behind say being given an ip address and subnet, and having to break it into smaller segments in relation to the number of end hosts per network needed. I know there are calculators for that, but I know for CCNA test if I have a question like that, I need to know how to do it myself.

1 2 4 16 32 64 128 256 is the magic

Everytime you go up a subnet bit, say starting from /16, it adds to subnet mask, starting from 128. So 255.255.0.0 /16 becomes 255.255.128.0 /17 (+128), 255.255.192.0 /18 (+64), etc

It helped me mentally during the test know just the power of 2s

https://twitter.com/AMR_GamerGuy/status/1219809822033567744?s=19

Any help would be awesome

My 2TB backup finally completed

I am very estatic

It only took a month and 2 weeks to upload

ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)

doesnt sppem like mysqld.sock even exist in my host..

That socket is usually created when you start mysqld, and removed when you stop it. Check if MySQLd is running, and wether it's correctly installed. Also the socket can be disabled in the configuration, in that case you would need to use a TCP connection instead. Beware that localhost as the hostname for the TCP connection, has a tendency to use a socket connection instead of TCP. You need to use the IP 127.0.0.1 instead if using the loopback device, or the "real" IP of the network card.

@craggy parcel I need to work on my understanding of how to manage all that Linux stuff with services, debugging, troubleshooting and ports and config problems

With windows I'm so used to it but Linux I have a lot to still get comfortable with

Yeah, it's quite different from windows. Not in the actual way things works, that is, services, are the same general concept, the config repository in linux is /etc in windows it's usually the registry etc. But the way to start/stop services, and edit configuration, is different. 😉

@craggy parcel and how packages don't always store their config stuff in the standard locations Linux has as a guideline

So many directories to chase down one program

Never seen packages saving to non-default locations..

(Except packages I made myself. 😉 )

@craggy parcel I see it a lot with GitHub stuff

It's sometimes its in etc, other times it's in var

Other times it's in lib

It's hard to keep track

And sometimes it's in the user profile

Not a central place like program files or appdata

That does not Sound like packages to me. More software you compile yourself.

Also usually system config in /etc, user config in the users home dir.

I agree with @little schooner I've only seen the suggested directories for configs used a handful of time while ran into a number of config here and there and fuck it, let's throw it here too. There was some open source mail software at my last place that had configs spread across like 6 directories.

My Linux background is not very deep however so take it with a grain of salt

Maybe I just stick with properly written software? 😛

It was a popular mail hosting software

I do wish they would stick to suggestes directories cause thats really the perk of linux

Not popular enough. :p Also web applications tend to have the config in the dir they run from, that allows them to run on shared hosting accounts.

Let's go!

Are you sureeeeee that's the new one?

I hate reading it in textbook format

I like netacademy better

Oreilly books or nothing

sorry yall

i moved on to azure certs

im a CCNothing right now

Azure is what they are pushing at my university for advanced classes

In addition, one of the classes just teaches us how to install on-prem exchange server and configure it will rules and stuff

That's the whole class

For 16 weeks

thats dumb

@little schooner That's either a VERY comprehensive exchange course, or complete waste of time.

Today's task was to prepare AD and exchange prereq

@craggy parcel I guess it will be easy credit

Now for the other class, it's learning fedora and the different things you can do with it

That one I understand

Hmm.. I think I managed to install and configure exchange in a few days, the first time I did it.

Now for the other class, it's learning fedora and the different things you can do with it
@little schooner Fedora specifically or Linux in general, with Fedora as the distro of choice?

@craggy parcel Linux in general but fedora and Red hat enterprise Linux

As the distro of choice

Ok. Then it makes sense. As most new to IT will not have much knowledge of Linux, except for the fact that something called Linux exists. 😉

@waxen scroll I believe so? I've read through the intro of the book and mentions the changing of the certs and it was released in December states amazon, and multiple sources say that 200-301 is the test code.

And the box has both books needed. As far as I can tell

Was it free

Netacademy was free for me

@thick minnow That is the correct book

Okay thanks @hollow marlin

so the prof for fedora says this is his second semester of teaching and

he needed two days to figure out how he was going to run the course and give homework, etc

hes an industry guy

@waxen scroll he's basically like you

industry.

He witnessed a payment of 25 million dollars to hackers by a client they worked with when it was infected with ransomware

If that isn't shocking, I dont know what is. Legal team basically said "so.......... backups or you gonna pay up?"

and of course they didn't have good backups

well...........

Did you know Linus is thinking of retiring? 🤔

I saw the video and I didn't expect it at all. His videos don't seem like it was even on his mind anytime soon

but videos are videos and edited all the other stuff so

im glad he decided against it

at least for now

👩‍💻

only because

I wouldn't be watching the channel as much. linus personality is just

not easy to copy

or idk, its just he knows when to make things exciting

and i love his rants

Everyone moves on, though, and I think he should do whats best for him

I think he may still have input on the company, and he has said before he wanted to step back from being a host. So I think it's just the natural progression. I'm glad he is taking more time to focus on his family though. Props to him

On a 2960x, is there a way to block DHCP packets on a port? I have a PLC router with DHCP server turned on attached to a port, and the people responsible for the router aren’t reachable

@silk warren DHCP Snooping

👍

Did you know Linus is thinking of retiring? 🤔
@waxen scroll Well, if you've been doing the same thing for many years, and have come to a point where you don't HAVE to do it anymore, where others can take over, you kinda flirt with the thought of just stepping down, and doing things you like, instead of things you must. Also thinking of it, does not mean he will do it anytime soon. Just that he is thinking of whether it's time to step down, or not. 😉

Is there a way I can piggyback off of my phone's cellular service to use voip like freepbx to be able to get call recording?

None of the android apps on android 10 support recording anymore

Do you need it for inbound calls, or outbound calls?

outbound

Another problem is that it can't record bluetooth headset during call

it used to work in android 9

There are lots of softphones. So if you are able to get a VoIP provider, that can record the calls, you can use the softphone app on your phone, instead of the regular phone dialer. There are also services that use a threeway call, to record your calls. You call the service and add them to the conversation.

if its a softphone, does it also include the voip service too? or I have to subscribe to it

Im trying to find one that works with bluetooth recording

Not really a feature that is stated in a list often

Yes, you will need some sort of VoIP service. And that service needs to support call recording.

Most newer phones does not allow apps access to the audio of phone calls.

I think they do that because a lot of people would start blaming the manufacturer for promoting it

but its annoying when you're in a state that allows you to do and they dont allow it on phone to work

More to make sure malicious apps don't record the conversations, without consent. If the audio is not accessible, the users want accidentally give access. 😉

that too

very true

In my country you can record your personal phone calls all you want, as long as you keep the calls private, unless the other party gives their permission. An exception will be if you need to use it as evidence in court, then the court can allow the recording to be used without consent. 😉

Yeah, we all know how users decide what to give apps access to. 😉

yeah, taps allow for everything that pops up

Exactly. 😉

You get rights, you get rights, you all get rights

also those apps that say The app cannot start until these permissions are given

my sprint voicemail app says it needs to have full access to my messages in order to start it

stupid

"May this app get complete access to manage all your finances?"
"Sure, why not, this is a calculator after all... "

surprisingly, they don't even have permissions to prevent apps from reading device ids and stuff

not every app needs to know my phones unique stuff

having that, they can tailor experiences personal to me and people sometimes dont want that

and it makes a tracking history across other apps if developer has connections with others

Hmm.: Don't know with android, but in iOS the only thing I know they can get, is the advertisement ID, and you can change that with a few clicks.

Hmm.. Actually I believe you can even remove access to it entirely.

ac1750 fine for normal use? dunno if i this is right channel

or ac1900

I can't find max number of connections listed anywhere 🤔

@random void I'm sure it's not the wrong channel to ask about networking equipment. There seems to be no limits to the type of networking discussed. Home networks are what most people has anyways. 😉

True I suppose

However, I do not know the two routers in question. But I'm satisfied with my Airport Express and Time Capsule.

This isn't for myself (I just use a switch anyway) but rather someone else

ah

hm also asus rt-ac58U is an option i guess

Well, as I'm usually not doing anything of importance wirelessly, I'd just go for price, as most newer routers are able to handle my 300/60 Mbit internet connection, and 1Gbit on the switch ports. Wirelessly are just my phone, the kids tablet, etc. Unimportant stuff, that does not need a stable connection. Just the way it SHOULD be. 😉

Yeah same

I just use a cheap sagemcomm router/modem for that

rest i got connected to my switch

(though my desktop isnt connected to switch since switch is limited to 100 mbps per port)

I just replaced my ac1750

It’s decent

Depends on the range you want but for my small townhouse it was not bad

Occasionally breaks and needs a reboot, would recommend scheduling the reboots

Okay so I'm relatively inexperienced with computers and networking but if someone could help point me in the right direction that would be greatly appreciated. I wanna set something like this either using a single PC or if there is a way to control multiple raspberry pi over my network? My Google Fu is failing me.

Same image on multiple screens, or different image on each screen? Does whatever is shown need to be in precise sync, or doesn't timing between monitors matter?

If all screens are different and no sync needed, one pi per monitor, with screenly for handling content.

If it needs to be in sync, I hope you have a big budget. I can not point you at any solutions, but you need something that can handle the timing between multiple sources.

What you are looking for if you need synchronization will be a video wall.

@craggy parcel a video wall and then make pretend screens out of it?

Ah yeah I was afraid it would be expensive.

Didn't have to be anything in particular I just saw the picture and wanted to know if there was some way to create something similar while learning more about PCs. I just didn't have any idea about how to do it and when I try Google it just talks about adding a second monitor.

@blazing adder that picture is tech hoarder

Crazy

And cool

@little schooner that's not nice

@blazing adder synergy ?

Oh nm you want a video wall... Good luck with that

@waxen scroll oh right, i totally forgot that my old professor at 2-year school is hoarding 3 shelve stacks of 2960 and 1800 series routers and switches

to the point where if we used the 4th shelve, it would make us scared if it fell down on a student

so we didnt use it

each stack has like at least 8-9 of them

by about 4 columns i would say

well its a lot of old hardware

that we cant even use

He needs to switch to virl

weeeeeee

got the approvals for ipv6 @ work

@clear igloo kekekek

Nice 🙂

now begins the long testing process lol

svs :>

@waxen scroll NICE! =)

@waxen scroll have you decided on DHCPv6 or RA for your setup yet? :)

RA for what we're testing, the rest is being discussed

Could change who knows

@waxen scroll it's a start and that's a good sign

@waxen scroll RA for distributing resolvers also?

I am currently testing both to see which works better. Wanna make sure that all PS4/PSX XBONE/XBX also works, as much as a PC will :)

i have a Netgear Nighthawk Pro Gaming XR700 cannot use as a modem?

why not both

would make it easy

oh I mean RA vs dhcpv6

this router is better for protection then my old moderm

ah

but really why not just use a modem as a pass through

this modem is old and shit

You can't use it as a modem because it doesn't have an interface for it (either RJ11, or Coax)

If you get fiber then you likely need something that can authenticate on the ISP's network with 802.1x and, depending on your ISP, they likely won't give you the information to do that. But just asking why you can't do something without providing additional information about what service/type you have or what you have and haven't tried leaves a lot of questions open

speaking of which, my isp gives me an ONT. but I hear they offer SFP+ too

I wonder how hard it would be to get them to switch over. if only to remove the ONT. well I don't have a slot in my router yet so maybe a media converter for now

Is it unsafe to set Group Key Rotation Interval to something lower, for example once a day?

Because I think its the cause of phones disconnecting now and then and taking a while to connect again

@lean pollen if you have disconnection problems, that value should be higher so it doesn't disrupt the devices as much

The lower the more likely your devices will have to go through the whole key process again often

standard setting is once an hour

Is it safe to have it on once a day or whatever?

It should be fine

@little schooner No, a video wall made out of screens you have. I know there are controllers that can do that, even controllers allowing you to position the screens in any pattern you please. I just don't remember the name of a product I've seen.

👨‍🍳

@waxen scroll That's not networking!

do you know what it is?

looks like a video router?

of some sort

you can do ethernet over HDMI 😘

Anyway whoever was asking about a video wall just quote https://www.christiedigital.com/en-us/video-walls/video-wall-solutions/video-wall-controllers/christie-spyder-x80

but why?

i got you fam, now you can take the topic to #crypto-currency

@clear igloo back when i was a wee little DC tech i racked a customers netgear switches

Could they stack? Why I'm glad you asked

they could!

it used hdmi cables

Yah, I've seen switches that do that

@waxen scroll wow I really love the look of that appliance

of its capabilities i mean

right? so no reason to hack a solution

plug and play

no headache!

@waxen scroll exactly what my teacher wants to hear

he needs to PAY tho

That's when he tunes out.

im havig ip binding issue with multicraft

between my multicraft control panel on my webserver vm and the multicraft daemon in a container.

@little schooner please for the love of god tell him about /31

Does any one here know the actual size free and is installed?

Free nas *

Do you mean how big the OS install is?

On mine it's using about 1 gig of space. But remember that the drive it's on can only be used for the OS.

Yea that’s why iam asking so I guess I can’t use a cd rw for it XD

@waxen scroll soon. he also hasn't been responding to texts as of late

Ever since the classes started

He was telling me about his vacation and chocolate last time I saw him and many students were waiting to meet him for course requests

Unfortunately did not get to mention it in person that day

@waxen scroll k i texted him again with the question

so im waiting for his response

@waxen scroll D-Link also used to use hdmi stacking cables, no idea if they still do and don't care lol

Dell used HDMI stacking for some of their old PowerConnect switches iirc. Lol

@waxen scroll I use a Spyder X80 at work, Its very nice

@radiant shell so would you tell someone to just use an X80 or spend a year trying to hack a similar solution?

@waxen scroll how about telling someone to hack up a ups solution

i saw that thread

i was like O_O

Yeah that's just...

so much hacking and wasted time when they could have just bought one

@charred meadow FreeNAS needs to be able to write on whatever devices it's installed on. A 4 GB USB stick should do the trick. I even think there's a FreeNAS USB image available.

@waxen scroll how about telling someone to hack up a ups solution
@little schooner Yeah, "you can do that much cheaper, if you do it yourself"... What people forget to think about, is that for some people, their time actually has a value. 😛

NOPE. i would NEVER tell someone to make a UPS from scratch (unless electrically qualified and has engineering experience for UPS). its dangerous

😛

if you buy prebuilt boards and just attach batteries and chassis of your choice, maybe its not too bad

And he used company time to make it

Haha.. I'd have fun watching people do that themselves. 😛

So the cost was adding up

@little schooner Even worse...

i think for a video wall the question is "is it art?" if its for art, take all the time you want hacking away. art is struggle. lol... for every day use or commercial you're right, my time has a $ value

Well, I'd like a challenge, but unless someone is paying me to do it, or I desperately needs something and can't afford a commercial solution, I can't be bothered messing with it myself.

i think blob especially is gonna learn the second he starts working, even xeon, that once you're 2-4 years in, you wont want to homelab anymore

personally i still run non-plug and play stuff but its not a major effort

now im actually thinking of looking into other hobbies

@clear igloo one art, please.

Yeah, when you mess about with computer stuff all day, you kinda don't want to do much more when you get home. 😉

i actually like mowing my lawn and changing my car's oil

its like a break from that stuff

Yeah, something completely different. 🙂

@waxen scroll yeah I will want another hobby. Maybe like fishing or boating

woo got my 66gb nas all set up XD

I hope you mean 66tb :p

nope XD

oh jeez

yepp

@waxen scroll Knowing the price of the X80, hacking up a solution isn't a half bad idea

I have a quick question. Short story is that I live in an internet black hole and cant get reliable service for now. I've set up an intranet with Plex, and everything i need on my local network. So I'm wondering what would be a viable way to say, upload a movie I downloaded on my tablet to the server that has plex over the network. Otherwise I have to take the server out if the rack and set it up with a monitor and such at my desk. Or should I just buy a kvm switch to run to the closet

nfs or samba most likely

I will install a 1PB NAS today :D (DellEMC Isilon)

@jaunty talon Nice!

Wows

@jaunty talon Is it all flash? :>

i once unboxed one of those EMC hyperconverged systems and took a "thatpeelingfeeling" video

but i lost it 😦

would have been the most expensive peel that subs ever seen

@radiant shell If it's needed enough, it's still not worth hacking together something. And if it's worth hacking something together, it's because it's something you find interesting, or get paid to do.

@craggy parcel i mean our rack which includes fiber equipment with it cost us $250K AUD with the x80 being about $150K AUD of that. so hacking a solution might be still worth it if it is needed alot

I see. Especially if you don't have something that requires every screen to be in sync within a few ms. But if high stability is needed, you might be better off with something made for the purpose. 😉

x80 was an extreme example anyway, im sure some chinese company sells one for 50% less

Yea it's called Barco, Jk but I'm sure whoever asked the question originally will find a solution

https://www.tomshardware.com/news/amd-ceo-lisa-su-joins-ciscos-board-of-directors

Interesting....

buy calls

@little schooner Hacked together UPS? Link me 🙂

@jaunty talon Dell has been trying hard to get us to buy Isilon, like to the point they were willing to price swap our old, not even in use, out of warranty Netapp gear at market rates lol

Which were 8x FAS8040, 4x AFF8040, 2x FAS8020 and a few racks of SAS and NL-SAS shelves, I thought they were insane. Anything for a sale I guess.

i cant find the post and some how my history doesnt have it. so bizarre

@strange silo yeah, they want to remove marketshare from NetApp.. However if you would go for a NAS today, Isilon is the way to go. The scale out possibilites with the cluster support and throughput beats all other vendors, and now even with kubernetes plugin for presistent storage

@jaunty talon How would you compare it to something like Hyperflex? I'm not too up to speed on my storage stuff so it's always nice to see what's out there. Or is there no real comparison to be made due to different market targets and roles?

@jaunty talon i would go with whatever my PoC says is good

demo units from 3 companies or whatever

Never settle, always PoC it up @waxen scroll 🙂

Does anybody have a decent beginner friendly guide to setting up firewall rules with nftables?

like i said, ive had emc send me 42U+ racks of storage and hypercompute on a demo basis

Nice!

once we had an SAP HANA box from HP with more ram in it than ive ever seen

How much RAM is that?

1tb

Yeah, OK, that's a little RAM. However, it's a database, so not surprising. 😉

1TB? that's it?

@clear igloo 1TB was good when windows 95 was around. This is 2020 were talking bout, yeah

yeah OK

so @little schooner you pay $20k for memory chips and tell me its "too little"

@waxen scrollRules of IT
Never enough space on the screen
Internet always too slow
Never enough RAM or storage.

@craggy parcel That so true

@waxen scroll problem with PoC's are that it's not often you really can put the full load on it to be exactly like your production load. As you wont be able to emulate it nor have all your employees work of the demo unit for a week as it adds a lot of extra work for them

@clear igloo Hyperflex is block storage right? Isilon is a NAS with own cluster filesystem and services on top of that (SMB, NFS, AFP etc)

@jaunty talon so you just take their word for it? xD

vendors lie

ive seen it a few times now. we get sold on $feature and they "forget" to tell us that $feature doesnt work until two releases from now

or its rated for X but then they go oops and backtrack, now its Y max

"we never had a customer put that load on"

@waxen scroll prof texted me back but he didn't quite say a reaction

Instead, he flipped it with a new thing he noticed in class where one computer with 192.168.10.1 /24 ip communicated with 192.168.1.11 /24 ip and he didn't know why it worked

So I didn't get a proper reaction

https://www.reddit.com/r/networking/comments/ev5z6z/learn_to_code_they_say_hah/

lmao

@waxen scroll I will learn to code python I just want to make sure the time is right and there is more free time for me to do that

I don't like starting something and then having to put it down for a while

That's why I stopped vcp training right now

@waxen scroll also, yeah, still no reaction.

Sorry

@waxen scroll I dont take their word for it, I have them guarantee me numbers in contract, which means they get to supply more hardware if their size they have sold me is not enough for the workload

But what I am saying is that basing a deal on a PoC will not necessary end up with you getting the best product either

as it's not that easy to do a proper PoC that will align with your production load

@jaunty talon We use Netapp for block iSCSI storage for SQL clusters and lots of NFS and SMB shares. We used to also run our ESX clusters on it using NFS but moved all that over to Nutanix. We've just deployed a 6 OSD node Ceph cluster (~900TB raw) for scale out and will leave Netapp in place for business critical functions like those SQL servers and related shares for payroll/hr etc. We used to also use Netapp cluster for backups but collapsed that function back in to the main cluster, put in place long term SnapVault using Commvault with data placement on dedicated shelves of disks/aggregates. So now everything not Netapp source data gets backed up on to the Ceph cluster for way, way cheaper.

Isilon while highly attractive would have only made sense for a complete replacement of Netapp but it doesn't cover all of that and well, Ceph is cheaper (I know not fair comparison). Without the monetary factor I'd rather go with Isilon than Ceph but projecting it out to multi PB the cost started to look unattractive for us.

@waxen scroll lol I just tossed aside two bags of ram with between 700GB+ and 1TB+ of ram in each, took them out of servers we were dumping because ram is just too good to throw out like that

And yea PoCs suck, you end up sinking so much time in to them without actually getting a proper feel for how it would actually fit in to the business. We just accept the general rule that companies with competing products can all do the same things so just get in to asking really specific questions that directly relate to our current data flows and transformations, that's where we find out if it's suitable or not.

@strange silo indeed, you would only take isilon if you have no need for any block storage, we will use XtremIO for block storage.

So what is block storage. I have heard the term before but not super familiar.

generally its like a hard drive

you can have an OS installed to it and the computer can read the OS

the other type is object storage

it doesnt work like above, but you can store objects (documents, images, etc)

Indeed, block storage = presenting a device to your server which you can format to what ever filesystem you want.

Noted. thanks!

No worries :)

It's not very easy to know when you have not worked with enterprise storage solutions

Yea I'm a programmer that dabbles in homelab virt and networking. Next step is storage.

@waxen scroll prof just secured another 15k for a new dell server

i wonder how he is able to get funding so fast

Bank heist.

its in the air i suppose

but still.... compared to other companies that refuse to give IT money for stuff

this school gives it out when he asks

whatever he writes, maybe his proposals, they are really working out

https://www.cdw.com/product/apc-switched-rack-pdu-ap7900b-power-distribution-unit/4392826?pfm=srh

why are these so expensive

probably because theyre meant for companies to buy

pixel sure schooled you @little schooner

let the companies buy the expensive stuff, then buy it cheap from the company when they replace it

Fat pockets huh....

Good thing lots of server gear ends up on ebay

@wary pond I think it would be better to talk here, it is very empty but ubiquiti is oddly satisfying

YES

very clean gui

In my own apartment i will use a USG Pro 4 instead of an "AVM FritzBox" (that's a very common consumer router here in germany)

very cool! im using a nighthawk in my apartment

not a newer one, couple years old

even though the ISP supplied one is just as good

My isp charges for their supplied one

So it's instantly bad

i found the one they use on ebay and got it for half

In germany, coax is very well known for higher downstream speed but bad stability. Nevertheless i will use it with a Technicolor TC-4400-EU coax modem instead the ISP's router

their wireless router is also the modem so it was a requirement to have

Verizon FIOS Gateway

this is in the states

That's the current Coax modem from Vodafone Germany. Manufactured by ARRIS

And here the backside

arris is very common here as well

Sadly arris is very rare in the normal consumer market in germany

oh gotcha

what kind of speeds can you get there?

i have fiber, 940down 860up

Fiber is very rare in germany

So i have to use this Technicolor TC-4400-EU

Currently i have super vectoring dsl with 100/40 Mbit

And in neighborhoods with fiber, the maximum from Deutsche Telekom is 1000/500 Mbit

And than the cable option: the highest speed is 1000/50 with the DOCSIS 3.1 technology

VerizonFiOS is the ISP here

others as well

But as business customer you can get up to 100 Gbit symmetrical with 1&1 Versatel

is that expensive?

business customers here are charged 3x residential rate

Yes, there a no official offers, but i think for 100 Gbit you have to pay around EUR 25,000 monthly

and we have a custom MPLS, our provider charges $1500 USD for 50Mb

10 Gbit down/up here costs around EUR 9,000 net. So the 25k for 100 Gbit would be very cheap

But you have a IPv4 /29 Subnet for free 😂

This is my current plan at deutsche telekom geschäftskunden (business customer)

But i only have up to 40 Mbit up because of DSL

https://www.speedtest.net/result/8991505305.png That's my connection with real results

Anybody able to point me to some beginner friendly literature on setting up firewalls?
Bonus points if it's aimed at "nftables" on Linux based operating systems
I've already set up a basic firewall with a few rules on my own computer, but I'd like to learn more about it

I pay around 95 EUR for 10 Gbit up/down in The Netherlands

Make a pfsense box throw out the verizon garbage.

You mean the mandatory gateway that Verizon won't let you go without?

I threw mine out. but yes. heh

Hello. DNS question.
If I navigate to domain.com I get my landing page. I setup a cname for www to redirect to domain.com and it does but then returns this site cant be reached. Refreshing page will not load content but navigating directly to domain.com it does. why if its redirecting to the correct domain is it not hitting the server? I going to setup another A record for www.domain.com but still curios about they way DNS works that I hit the hostname but not the server when redirected with a cname.

does it work with an a record?

yes

when you made the cname did you use @ ?

I didnt think another A record was required because to my understanding the purpose of a CNAME was to redirect.

I used www for my CNAME

what was the cname value though?

www is the host

ex domain.com

that should have worked. maybe try another . after com?

does if I set it to the server IP it works but the URL is the IP

you think the name value needs to be "www." not "www" ?? Ill try it but it was properly redirecting to the correct hostname but not connecting to the server.

so nslookup said www was pointing to domain.com ?

Correct and has the IP but IDK if the records have refreshed since I removed the A record.

hm

the only thing i can think of is that the server isnt happy seeing you connect using www and is either presenting an http error or rejecting the connection

nslookup command also bypasses your local DNS cache, so ipconfig /flushdns as a test too

The web server is running MEAN using NGINX to serve the pages. I wasnt sure if the way node.js works if that was some limitation. IDK it works with the A record and the CNAME. I didnt think you needed both but im content it works.

I went from name.com to domains.google.com as my provider and I did not have an A record setup with name.com and thats why I dont think it is related to NGINX.

I need help with my PFsense firewall.
When my ISP router resets itself when getting a new dynamic ip it takes forever to get a wan connection.
This makes my whole network without internet, my OpenVpn clients trying to reconnect forever. Also my Dyndns entry does not refresh.

Until i do anything which triggers "reload filter" which then makes it recognize the wan connection and everything back to working again. Except for my dyndns entry which i have to force update. but that would probably fix itself when it checks the next time

Logs:https://hastebin.com/raw/ebopoyolik

how do i make PFsense wait for longer until my WAN is up, or better how do i tell pfsense to try Ping google or something until wan is up.

i know 0 about PF but, if you can type a console command to fix it then just make a bash script which pings google and keeps track of how many failures in ping, then after a failure trigger the command to restore the wan

I trigger reload filter by disabling and enabling a port. I ll try if i can do that somehow with ssh. would be nice if i could do that somehow running in pfsense. would be a shame to setup another vm just for that ^^

ifconfig <interface> up```

see if that does it

why not just remove the ISP router

@primal ice wouldnt i have to replace it with something else? pfSense runs on a proliant server in a vm. I dont know how to get ppp working from pfsense or even what to buy so i could plug the phone cord into my server

pfsense itself would do the ppp connection but yes you would need an interface card.

my isp router does this.

so i just need something which has usb on one end and V/Adsl(2+) on the other. and should behave like a network card not like a usb device. because i cant pass usb to hyperV

but everything i find are other routers. :/

VDSL2/ADSL2+ PCI-E Card

Freaking genius

180€ now i know what to save up for^^

How does one even manage a 16TB exchange database file?

You don't You've migrated to Office 365 long before you get that much mail. 😉

They didn't see the rest of the convo. Ask the full question, from the start @stiff panther

what do i need to so i can access my devices by domain name rather than my local ips?
dont i need a dns server?

@stiff panther yes

Or edit your hosts file locally

But that's more work

Should i point my dns to my dns server ip for my local domain to work?
putting router local ip into its dns setting*

Yeah

They need to point to your DNS server in order for clients to find it by name

Otherwise you a have to manually assign static DNS server in each device you want local name resolution for

makes sense now i had been using 1.1.1.1 ....

Another solution is to run dnsmasq, and configure it to forward DNS queries to local domains to another DNS server whose authoritative for said local domain

is this ok https://i.imgur.com/QfimOk3.png

Yeah

The 2nd ip will be used for internet in case 10.0.80.1 is down

no port foward needed?

That why people aren't complaining that internet is down when server is rebooted or. Something

if i want to acces the names over vpn

No port forward needed. Just make sure internal firewall rules are in order

Port forward needed for vpn

Yes

If you want to do it. Securely

Expose only VPN server and change udp port to something crazy, like 23400

had default port for the openvpn server

Changing the port cuts down on the scan traffic stuff

You'll see less entries in your firewall

saved my ass https://i.imgur.com/ENvBZG5.png

btw thats internal

Xyz domains are pretty cheap

I see.

I was going to try and get PfSense working as a transparent bridge lol

problem is i use the same name and tld in my local network will it casue issue?

nah, I usually use ad.domain.tld though

AD since it's usually for Active Directory

but you can use the same public domain in your local network

any tld in local netowork will work?

yeah

connection over vpn is still my issue

@stiff panther don't use 2 dns servers like that

ok

especially if the first one is dns filtering or providing local domain resolution

I mean if it's purely an upstream cache then sure

multiple dns doesn't work in fallback, it works in randomly picking a server

10.0.80.1 is enough?

should be fine

redundancy is better but not at the expensive of not having your dns work as expected lol

yee

   DNS Servers . . . . . . . . . . . : 10.0.10.18
                                       10.0.10.2
                                       10.0.10.15
``` that's why I only assign internal DNS servers

10.0.10.18 is Pi Hole, with conditional forwarding. 10.0.10.2 and 10.0.10.15 are domain controllers 1 and 2, respectively.

cant still figure out to access my proxmox host over vpn but i can on the vms

lol that doesn't make sense either blob

I mean unless the pi redirects to the domain controller

it works and it's fast. ¯_(ツ)_/¯

with conditional forwarding

and the domain controller go to the pi???

*.ad.ryois.me -> 10.0.10.2

like they'd each have to be pointing to one another conditionally

nope

it doesn't make sense

you'd get ads some % of the time randomly

i find this weird i can ssh into my vm or container running inside my proxmox host but i cant ssh into or use the portal of proxmox over my vpn..

DC 1 and 2 go to Pi Hole if not local, Pi Hole sends AD to DCs and then to 8.8.8.8/8.8.4.4/Google DNS IPv6

best to remove the pi from the pushed out dns servers, then point each DC to the pi

or, push only the pi and have it forward to DCs

srsly it's not working as you would expect lol

https://blob.pcmr.rocks/UJgv8ytunJ.png

that's because it's cached

oh wait you're explicitly choosing the DC

is this correctly configured?https://i.imgur.com/R385x3P.png

just try nslookup foobar.com then clear the dns cache and repeating it @rocky badge

every few hits it will resolve, and mostly not resolve if the pi is the one handling it (or rather go to 0.0.0.0)

It always resolves with the Pi

¯_(ツ)_/¯

I usually see 10-20% picking the secondary device

and sometimes entirely swapping to prefer secondary device for a while

it just depends on the client

I run 2x pihole. sometimes I disable blocking on one and mash F5 until a page loads. then go and white list and sync heh

I disable Chrome's internal DNS client

it always has to use Windows DNS

10.0.1.0/24 home network [vLAN 3]
10.0.80.0/24 Server network [vLAN 2]
10.0.10.0/24 openvpn

might be configured wrong

/24 across my network

you mean /17 throughout? lol

i mean are there are overlaps?

24 just goes from 0 - 255 on the last octet I thought

but they're separate VLANs?

As long as you can route traffic between VLANs you should be fine

but they still are subnets?

I mean yeah they'd go to the router and let the router do what it does best

no?

routing

@stiff panther Yeah, they're fine subnets

I assume openvpn is internal to some device anyhow

Just make sure you can route between them

cant figure out to acess my proxmox host over my vpn

i can access my vms

is your vpn server the vm server? lol

no

i can ssh into my vm or container running inside my proxmox host but i cant ssh into or use the portal of proxmox over my vpn..

Mtu size problem?

In my case it was but not for everyone

f typo

I litterarly cant resolve the proxmox host or ip over vpn but vms do.

I had a similar a similar issue with my freenas box. It was the only device on my network Ithat could'nt reach through my vpn. I fixed the issue by enabling dhcp on it.

stupid lmg warship

phrared my text https://i.imgur.com/2oJz9ce.png

and bot detected as p0

😂

@charred meadow that is same with my freenas aswell

but i want the static ip assigned for them

I'd double check your ip setting in proxmox. I used dhcp because I was being lazy.

dns problems is soo frustating sometimes

This pretty much bugging me so i shluld try tl untangle my subnets

Cuz they all use the same cidr

you could use something to see where your packets stop

and diagnose from there

@vapid dune for that, I did packet capture on router and yes I saw, in my case, needs ip fragmentation messages

im so proud

you didnt used to do that

does any one here know how to fix a drac 5 card after a bad ssh cert is put on it

cant you reset it to defaults during POST?

theres a key combination to get into drac config

@waxen scroll Lil Xeon is growing up so fast 🤧

did that dident fix it

can ping it but i dont get a response when i try to go to its web ui

@hollow marlin I used to call him out for not sniffing. Now he does it first thing

well i fixed it by swaping out the drac card

Are there any difference between thesse subnet configuraation in a network?

10.0.2.0/16 Home network [vLAN 3]
10.0.3.0/16 Server network [vLAN 2]
10.0.4.0/16 OpenVPN network

vs

10.0.1.0/16 Default network
10.0.2.0/24 Home network [vLAN 3]
10.0.3.0/16 Server network [vLAN 2]
10.0.4.0/24 OpenVPN network```

if i mind a subnet cidr doesnt need to be unique per network?

like a calss A or B network divided into smaller networks

Yah, both are invalid and overlap

10.1.0.0/16 is valid, 10.0.1.0/16 is not in the fact that it starts at 10.0.0.0 and ends in 10.0.255.255 for a /16

No networking gear in the last 20 years worth it's salt will let you configure overlapping address space (excluding VRFs and the like)
If you shift your third octet to the second octet the either of the above work without issue.

So 10.0.0.0 and 10.1 0.0 and so on

For /16

yes

You could also do 10.1.0.0/16 and then 10.2.0.0/24 and 10.3.0.0/16 without issue

just to be clear if i use /24

i can do 10.0.0.0 and 10.0.1.0 and so on

correct, if they are all /24

Picked up a couple of ibm x3690 x5 from work when they decommissioned them. Got home and found out the have 512gb of ram in them.

holy shit

I looked at them at work and only saw the top tray. when I got home I realized there was more beneath it.

is that fully buffered ddr2?

I was fucking shook. My wife couldn't care less

It's DDR3

ah

spec sheet says it can have 2 xeons, where the heck are those?

ah, just found that in the sheet

You can see the two heatsinks just peeking out

I was wondering if those were heatsinks

that's a nice haul, I need to work somewhere that dumps servers

Yea, these came from our DR site.

We are little old fashioned and host everything on prem with our own hardware.

fuck the software side of things, I need to work on hardware

You just need to befriend the hardware people. I got assigned to a hardware guy for a networking thing we did. We got to talking and let him know if they had any stuff they were tossing I would love to have some.

I'm friends with IT at a local university, I'll see if they're tossing anything

I used to work for the IT department for the engineering school. I wasn't able to get anything from them because government and policies.

😦

As far as I know, if the university pulls the drives, they can resell the machines. That's how I got 2 of my optiplex 9020s.

With ours everything had to go to surplus and they would hold public auctions for everything. So it was hard to actually get anything because everybody has the same idea

Yeah, it goes to a surplus store, so there's no auction, but whenever there's a mass decommissioning everyone finds out and it's a mad rush

They recycled the old pcs here at my previous community College, and that's how my professor ended up setting up the first lab when he started teaching networking

And I've helped him since and then we finally convinced grant giver to supply us brand new 8700 workstation

And now we are getting grant money again for servers

It's really working for us

Enrollment in his program has doubled

@paper rampart Jaw dropping

how can i fix my https://i.imgur.com/7Wl0vrj.png ?

happend when i changed ip for my newtork

and untanle my subnets + reconfiguring of the network files and reboot

its not seeing the gateway. what did you change when you untangled?

lets just forget about the router configs but how can i fix this server error for nginx?

its most likely the routing changes that are effecting it.

@stiff panther there is never a good reason to use a /16 as a single subnet

when someone does that it is always only because they don't know what they are doing

/16 is way too large too, if the network is going to be flat

broadcast will be insane

that's what I meant

but even if you aren't actually using a network of that size in reality and are just using a /16 subnet mask, it still causes problems, breaking corporate VPNs

yay ripe probe report day

was in a coffee shop trying to VPN in to work.. connected successfully but couldn't access anything.. figured out the coffee shop was using 10.0.0.0/8 on their linksys router

so of course the computer thought that any VPN traffic was actually local and didn't send it over the VPN

wait you enable local access on a vpn?

Total Disconnected Time :   0d 00:00
Total Availability      :    100.00%```

yay~

@tender hazel Having a /16 has nothing to do with breaking corporate VPNs. Any overlapping blocks will break VPNs

And having a /16 or hell a /8 means nothing in the enterprise world. Broadcast is not as common as you think and storm control is most a standard at this point

@paper rampart Nice servers, little old so will drink the power but nicely spec'd regardless. Pitty they weren't 1 generation newer though, quite a big difference

@vapid dune Seems like your connection, is more stable than mine...

Total Connected Time    :  30d 23:33
Total Disconnected Time :   0d 00:26
Total Availability      :     99.94%```

@hollow marlin Also the problem of broadcast traffic, is not huge if you only have 10 hosts on a /16. It's only a problem if you actually HAVE the hosts to fill a /16. 😉

Yes any overlapping blocks will. But there is a greater chance of overlap if you use a larger subnet size.

So, how bad are hotspots and satellites in woodsy rural areas where you can barely get a signal on your phone?

satellite and woodsy doesn't mix well
You need line of sight with the satellite
If you have that though, the speeds tend to be adequate (mainly depends on your plan) but the ping is invariably absolute garbage (between 1-2 seconds if not more)

For general browsing purposes you'd be better off on cellular networks

Assuming it's decent 3G signal at least

Well, my dad moved back to our old county to an even more woodsy area by the water. He wanted a hotspot or satellite, but he can barely get a signal on the s7 I gave him. Since Comcast owns the county in terms of internet, like you actually have to go with xfinity if you want anything more than 10mbps due to them bribing the board, so I told him to just get comcast because for the same price as the hotspot stuff he wants anyways he can get 200mbps from comcast there.

Then that's an obvious choice
Another thing with satellite internet is weather being a big issue
Since satellite internet tends to go through either Ku-band or Ka-band any sort of slightly mean looking cloud means you're done for the day
I'm on cellular internet full time because there's no alternative infrastructure here at all & I suppose it'd be doable for your father if he invested in a directional antenna with high enough gain & managed to point it at the cell tower without too much crap in between, but that's not a definitive thing

Not to mention cellular data plans arn't always particularly great & in terms of price/performance he may be better just going with comcast

Ya and cell companies here bitch if you "abuse" their unlimited plans. Which, my dad would do.

Well unlimited is never actually unlimited
It's unlimited but you have an arbitrary cap & then you get limited to 384kbps downlink because capitalism

@dire flare basically its better to have no internet

Mine is more like 80kbps

@hollow marlin true. The overlap would cause the problem, since the VPN network can be within any range really even 172.16.12.0

I rarely see 172 get used

But I haven't really worked in a big company so

@little schooner My current provider is pretty awesome about it though
I'm on Hofer with a 200gb cap (that so far I've never reached), but if I do reach it I can just go ahead and pay up & get another 200gb cap since it's a "prepaid" plan
And since I also have my phone on Hofer I only pay 10€/month for it (would be 15 without the phone)

Everyone before we got on Hofer though is absolute garbage

unlimited plans with 20gb cap & dropped to 128kbps downlink

Amazing

Actually, after comparing plans he can gigabit net for the same price they want for a hotspot. XD

Ya, I'm making him get that.

@little schooner We use some networks in 172.16.0.0/12 in our data center network. Mainly to avoid conflicts with our office network in 192.168.0.0/16. 😉

@strange silo yea they came at the great price of free so I won’t complain too much. I will probably end up putting them at my dads office, so not too worried about the power. He has a small business I run the IT for and he lets me put gear there. (He knows anything I learn will come back to benefit him and the company)

@craggy parcel very legitimate

Yeah... But usually home networks use the 192.168/16 range.

whats a good name for the group of administrative ports like 8443, 443, 22, etc?

Administrator_Service_ports?

What do you administrate over 443?

Personally I'd go with remote_access_ports though

but I dunno

or better yet, remote_management_ports

that has a nice ring to it

well, im trying to make a name that makes it easy to identify its purpose when its seen in firewall rule list

its for internal use not external

like for an administrator to use those ports when they connect to internal management webpages of servers

The environment is currently setup so that untrusted workstations are able to communicate to production network unfettered

Mind me asking where are you putting the firewall up
On like a server box or a hardware thing
(I'm kinda trying to learn more about it all)

I guess your name makes sense then

We have a Netgate sg-3100 appliance with PFsense on it

the firewall is there.

ooh cool

https://np.reddit.com/r/networking/comments/ex5qk0/how_to_start_a_networking_side_gig_job/

i love this thread.... "You Dont!"

@waxen scroll pretty much sums it up. My professor said that now the dentist calls him from time to time asking for help when thing breaks

yep. i dont do side work anymore except for old clients and even they are warned that its weekends only, even in an emergency, and they understand that

Been there, done that, will never do it again. Worst was the few that refused to pay for time which made me say fuck it, im done

luckily work almost never bugs me offhours or weekends

sometimes i need to do a change at 10pm but its not all the time

and that my friends is why i tend to want a company with a minimum 5,000 employees or so

Question about cat6 connectors: What features do the better connectors have? I know that wire holes should be vertically stagggered to minimize cross talk, but I couldnt find other info on the forums

Is this general type of "modular" connector really the best there is for UTP Cat6?

having used both types in a datacenter environment i can tell you the cable certifier didnt flag one type as being worse than the other

im really good at terminating cables with no problem, so i dont have a preference at this point. if you're new i think the modular is a little less of a learning curve/hassle

Thanks, I think I found some connectors that comes with a boot too. Got a great local deal on a bunch of cat6 CMP cheaper than online.

dont do boots unless you really love them

i hate the things

Do boots typically not crimp well to the top of connectors?

The ports I'm plugging into will be relatively easy to access

it just makes it more difficult to remove connectors from ports

No boots. They are a pain all for just being able to pull them through a bundle

Especially the extremely stiff ones @waxen scroll @hollow marlin

Almost hurt my finger just trying to pinch down

I wanted to back hand some of my coworkers that installed a few patches whose boots were so stiff and large I needed a string to disconnect the fuckers

Well at least they weren't glued in, many schools thought that was a good idea. Murdering rage annoyance levels 11/10 for that shit.

Holy shit. Why?

What goes through their mind that makes them think that that's a good idea

@waxen scroll @strange silo @hollow marlin Any of you use logzilla by chance? Been using it for a bit now and I have to say, for a syslog server, it's pretty solid

no. ive only used syslog as an user and splunk or logrythm

i havent had to look at archived logs in something like 4 years now lmao

@clear igloo is that a paid solution?

@little schooner Free for up to 1 million events per day

That's cool, probably will give it a try

Yah, got it in the lab and I think worst I've seen is 50K events one day because of a loop 🙂

@little schooner labbing ipv6 configs tomorrow so i can put it into production before complete lab testing!

@waxen scroll hehe that is awesome

@waxen scroll Just test in prod 😛

we are

i need to make the change script though,

this project is escalating quickly. i dont know how

we'll see if the powers above shoot the approval down

"shoot, don't think"

all praise to manglement. Manglement knows all

i mean ive had stuff shot down because it was an hour before some teams normal window and they got butthurt

ive had stuff shot down because someone randomly felt the change needed an extra approval at the last minute when the same things been approved many times without that approval

haha, that's just sad =/

you have no idea. its really bad here

if i ever quit, 90% it was probably in rage at the change process

i have friends who tell me "us? oh yeah i just make the network change at 1pm with no approvals"

😛

anyway im looking forward to the second the review boards see the word "ipv6 enable" and flip out

haha

@clear igloo Ive never heard of Logzilla. It looks nice at least. We went from Solar winds to OpenNMS and its just meh.

Yah, the GUI is pretty simple and intuitive

At my last place the "1 million per day"...Lets just say my last boss thought it was a good Idea to go through all our equipment and turn on syslogs at a debugging level

Yikes!!

I think it peaked at 10k/s

Not surprised for a large network 🙂

I was honestly impressed it did not crash Solar winds

@clear igloo my prof likes easy and GUIs so...

I showed him splunk about a month ago

now this is another one to show him

I have been seeing a lot mention Grafana in r/homelab. It looks like something I need to test out as well

@little schooner Yah, the one thing about splunk is you need to scale up a lot for high volumes and it's not free (afaik)

Grafana is something I've not yet had a chance to get hands on with

Its GUI is gorgeous

@hollow marlin thats grafana?

Is 16 character password too long?

Im having trouble debating how long passwords should be when deploying new systems for other small businesses

I was thinking giving them keepass database with all the credentials to various systems

Yeah thats Grafana. Looks to be flexible configuration wise

we have paid grafana at work but i never login to it lol

Longer passwords are always better as long as accessing them in a manager is easy enough. Too much and people begin saving them to desktosp an shit

@hollow marlin yeah thats my concern. Keepass is not as easy as, say, like a lastpass gui

I could put a desktop link to it or something

https://www.youtube.com/watch?v=e8bny8ZGfAQ

oofy

i agree! no more paying comptia, screw em

yeah comptia is a running joke at this point. I dont understand why they would be against right to repair if comp. tech. is exactly that with computer systems

doesn't make sense

union trying to protect jobs of unskilled workers. :p

The hearing pissed me off when Loius released the video. They have no business with right to repair

i dont think sec+ is 100% required for gov either

i think you're able to do others instead

I dont understand their certs. It teaches high level theory but unless you can actually apply it to a vendor then it makes you no more than a buzzword salesman

@hollow marlin Grafana ❤️

Yeah I need to tinker with it

https://blob.pcmr.rocks/c1381882.png

Using it for MC stats right now 😄

security clearance going to mostly military already pisses me off, but giving my tax money to a lobbiest org pisses me off more

what wrong with my network? I cant ping my server machine but the server can ping my computer

Firewall?

are you familar with proxmox ve btw?

have been experiencing thesse kind of issue time to time

w8

it was it

@clear igloo ive had the same with bits being flipped at asic level

@waxen scroll Cosmic rays? 😛

nope. it was some sort of protection mechanism or something that was bugging

ah, interesting

extreme networks!

@clear igloo Calix everytime we get a parity bit error on our E7....SPACE RAYS

@hollow marlin Ahem! It's spelt SpAcE RaYzZZ!!

Per urban RFC xXxL33txXx

Of course 🙂

Any clue on how network discovery of a samba share works?
I'm having issues with the share automatically showing up on the network. The share itself can always be accessed by typing in the IP, it just doesn't show up by itself.
In the end that's hardly an issue, I'd just like to know how this stuff works, is there a specific socket I need to keep open on the firewall, is the automatic discovery only a thing with a specific version of SMB, because on a bare no-firewall, SMBv1 enabled version I had at the very start the share would show up automatically on Windows as well as GNU/Linux devices
But since I "secured" things it doesn't

It's cifs on Windows, samba on Linux. But in order to discover shares on the network

1. Must be on same LAN
2. Network Profile should be set to private
3. Must not be in a Public profile on any other network interface
4. File and Print sharing setting should be turned on @dire flare

@little schooner I believe the issue was this https://phabricator.kde.org/D18878
If I'm interpreting this correctly I'd need to enable SMBv1 to get network discovery (which explains why it worked before when I still had it enabled)

Either way, it's no big deal, I'll just map the network drive manually

From Linux you are trying to discover it?

Smb1 is insecure

(which is why I have it disabled and wont be enabling it)

yeah not familar with that behavior since I dont use linux as a home OS. thats cool though

its Samba it is going to use SMBv1 no matter what. Microsoft is just being over protective. As long as you have a firewall on your wan connection you are safe to use SMBv1 on your intranet unless you do not trust your intranet users :p

Zero trust is also a buzz word in security

@primal ice You can set the minimum & maximum protocol versions of SMB samba uses for client & server
That does something, it certainly breaks network discovery

yes

hello guys ... i wanna build a cheap NAS that can be cheap , quiet and power efficient , any suggestions on cpu+board that can deliver what i need for storage and stay power efficient ?

Cheap, quiet, and efficient. Can you put all of those words in one sentence?

No

Doesn't exist

Cheap is often loud and not designed well

i can

Ubiquiti Networks

heh

raspberry pi with an external drive attached to it

you didnt say high performance lol

Can IPv6 be causing my internet to be slow? I just activated it on my router. But I also changed my DNS to Cloudflare, which is supposed to be fast and it has servers in my city

The DNS server is probably the problem

Cloud flare is not always fast for everyone

Even my isp DNS server is faster than cloudflare

Wow that's sad to hear. I will take speed tests, change it back, and repeat

Wait, a speed test wouldnt have results from a DNS change would it?

No it doesn't

I'm using dnsperf to test now

https://www.grc.com/dns/benchmark.htm

Was good

DNS =/= bandwidth test

Fite him

Ipv6 actually can cause you to be "slow"

Yes, I realized. I have good bandwidth

For example you visit Comcast but it uses ipv4 and their CDN which is slow at the moment might be on ipv6 and on a terrible path

If you were only ipv4 the CDN might have been normal speed

😘

What is CDN?

But v6 has so many more numbers, it takes so much more time to move the packets

^ probably true as there is less infrastructure so far due to lax adoption rates

@little schooner @hollow marlin thank you

@waxen scroll what does CDN mean?

Content delivery network. Essentially remote servers ISPs have within their datacenter for quicker access

Ah I see.

Like netflix has 100s throughout the world and you connect to the closest one. Reduces latency and more importantly congestion

How would that explain slower IPv6 numbers?

IPv6 is half the worlds bandwidth right now due to it being used by Netflix/Google/etc... So those CDNs typically are getting hit harder than the IPv4

Or the path to reach them is congested to hell

I think I understand the result of what you are saying; out of curiosity I ask, does that mean Neflix, Google, etc. are using half the world's IPv6 resources that I would be contesting them for?

I dont know what you mean by IPv6 being half the world's bandwidth

Its due to streaming services, not v4 vs v6

It uses more bandwidth by nature vs just web traffic

Ah

And most streaming is being done by IPv6 so these resources are congested from that

Eh...basically. All cell phones use v6, a lot of residential connections now support it with some routers turning it on by default now. Both situations where people like to stream

Compared to v4 which is typically smaller web traffic because too many sites still wont get off their ass to support v6

So basically, there is not enough v6 infrastructure yet to support the demands of streaming, phones, etc

The infrastructure is there, just more or less underpowered and links over utilized

So maybe I switched to IPv6 too soon

Its been out for 20 years...

Im on v6. I dont have the performance hits

Well, too early compared to the internet at large. Only like 30% are on IPv6

LZdanger implied v6 could cause performance hits

Hes correct, I explain why that is

I see. But that is not happening for you personally

Its all dependent on location and carrier

I see. Maybe I should do bandwidth tests on v4 and v6 to test this conclusively for my situation

If you really want to test use Fast.com. It's Netflix's bandwidth test which also supports v6

I don't have the performance hits now, but a few years ago I did

I shall test it

I wish fast showed a graph or an average over time...

I might just be imagining hits so I want to test it. And then test DNS

It really doesnt matter. Its an average

Ah

Oh it does take avg

Speed test sites take burst/windowing/latency into account and take time to get a better estimate and average it

The graph is pointless for actual information

Ok, I tested on IPv6 and IPv4 and v4 was 2x faster on average than the peak speed on v6 😳 😳 😳 😳 😢 😢 😢 😢

Yay congestion

Honestly it shouldn't be noticeable in use. Just stick with v6. Your streams wont hit the average and your web will use v4 anyway most the time

I'll follow that advice

Test averages were
v4: 350mbps v6: 1.00gbps

Yeah you'll never hit that outside downloading anyway

@waxen scroll so, my linux teacher said that he taught everything we needed to know about linux in 4 class periods and that we didn't have to show up to class anymore

this teacher is at university, not college

but he said the remaining 13 weeks will be made up labs of different scenarios for us to use all the commands in

I know he's joking about not having to show up again but i like how chill and straight to the point this prof is

Money put to good use

Im glad more online college's are moving to self pace courses

https://www.ebay.com/itm/Cisco-Catalyst-WSC296024S-24-Ports-Rack-mountable-Switch-Managed/174101300495?_trkparms=aid%3D555018%26algo%3DPL.SIM%26ao%3D1%26asc%3D20190917065201%26meid%3Df4ccf5b14a054dcd943ab53555e63cbd%26pid%3D100935%26rk%3D12%26rkt%3D12%26mehot%3Dpf%26sd%3D133315806181%26itm%3D174101300495%26pmt%3D1%26noa%3D0%26pg%3D2332490&_trksid=p2332490.c100935.m2460

Good deal to get for a starter home lab?

Or this would be better?

Do you have a license to download the iOS firmware files for either of those switches?

No. Is that something to be wary of, if they don't have the firmware?

A lot of enterprise gear requires you have a valid account + license if you ever need to download a clean copy of the firmware for whatever reason, Cisco & Juniper networks being 2 of the largest offenders. To be clear, it makes sense that you should have an active license / contract for ongoing firmware updates, but IMO preventing the download of at least a semi-current firmware without a license means you're forever renting the hardware.

I'm not saying don't buy them; just do research first to make sure you don't end up with a paperweight.

Okay. Well I'm working towards my ccna
And want some hands on learning and experience. Any suggestions?

Ah, in that case, getting your hands on anything Cisco is enough to get your feet wet with their iOS firmware. However, I'm not the right person to answer that as I'm anti-Cisco due to their business practices.

Fair enough.

Thanks!

make sure it has ios 15 at least

you will hit roadblocks during labs with v12

Fucking bridged server NICs. Callout with 15,000 alarms because a bridged NIC knocked out half our shit

Nothing is worse than getting a call from director of a hospital before any alarms hit that they are down

That sounds painful in more ways than one

I mean, you could be Microsoft and forget to renew an authentication certificate, breaking MS Teams globally for thousands of companies.

hey uhhhhh any must-have software for home servers and networking? I'm currently only running plex, teamviewer and a couple of game server on my home nas/server rig but I'd like to squeeze ever last drop of use out of it.

@hollow marlin we just had that happen with an Aruba wireless controller. Blew up a zone in the datacenter

The management interface wasn't actually isolated

Yeah it was a shit show. It was just just an unforeseen cascade that lead to the outage.

hey uhhhhh any must-have software for home servers and networking? I'm currently only running plex, teamviewer and a couple of game server on my home nas/server rig but I'd like to squeeze ever last drop of use out of it.
@hearty oxide you could run a tor relay too if you feel like giving back to the community

how do I get iperf udp tests to work?

Its currently just accepting the client connection and then... does nothing with it

TCP connection works perfectly

What does the packet capture say

@hollow marlin we lost him

@waxen scroll I didn't have time to do that. It was the school's network

I had to leave

But maybe when I return, will run tcpdump

If the prof still needs it

Oh and by time I meant setting it up to be ready for packet capture.

And having a Wireshark session. Ready to read it

I have an such annoying bug in junos atm :( When adding a VNI (vxlan) on a vlan that is only in one switches the whole fpc will reboot in a loop!

That's a big ouch 😦

@waxen scroll prof called and the whole network for the room went down because of a faulty storage spaces drive

It was able to corrupt a few workstations somehow

I troubleshoot the error to storage spaces. He didn't sleep last night he told me

I was able to help out

🥰

Also, there's a plan to use some of the grant money to pay me @waxen scroll

So there's that.

✝️

Nice!

Anyone in here familiar with DD-WRT and using your flashed router as a vpn server?

Is it vmware vcloud to make clusters?

Or vcenter?

You can cluster with vcenter

Thanks

@waxen scroll have you ever worked with windows clusters before

Specifically my prof is looking at hyper v cluster with live migration capability

Anyone configure VPN through DD-ERT

DD-WRT?

No

@little schooner I've used hyper-v for virtualization.
I haven't truly clustered them; but I did have live migration setup.

No major issues. When I needed to restart a server I would migrate them over without a hitch

I know you can cluster them for HA purposes; but I just didn't need that for what I was doing.

I personally love Hyper-V for the fact that with DataCenter you can license any of the windows server VMs you spin up.

(and it's a lot cheaper than VMware, and more stable than proxmox)

@paper rampart do you manually do the live migration?

Or does it happen automatically on a failure

Also, because you didn't cluster, they didn't need to use shared network drive?

For my use case I was manually moving things. It was a small company and the time to work things out properly was greater than just doing it manually. And correct, since it wasn’t clustered they didn’t use a shared drive.

@paper rampart so it simply just migrated them to whatever the standard volume was set to on each server and continued to run?

Hey Guys - for those who use RDPs, what's the highest ping you'll accept?
My current provider is 80 ms ping on avg - I am also really snooty about having a snappy experience. Curious to know generally what you all feel is acceptable latency for access to your remote servers/desktops

Correct. I believe the destination folder has to be a share so the originating server could drop the files to the new host.

300ms

What speed you prefer?

ping rather

300ms

This is for admin work, not daily driver

I'm having issues with my ubiquiti equipment and oddly the company themselves aren't even being that helpful. They're just sending me useless articles.

I did a factory reset on both my ap ac pro, and my switch 8 60w. However, every time I try to get them to be adopted under the controller sw it keeps telling me "failed to adopt". <.<

local controller?

check the logs via ssh https://help.ubnt.com/hc/en-us/articles/204950304-UniFi-Troubleshooting-Device-Adoption-Failures

Basically the controller sw that you download off their site for it. It opens up a square box, initializes, and then takes you to website that you login to with an account.

"Unifi Network Controller 4.12.35 for Windows"

can you ssh into the switch or ap from that machine?

or more basic, can you ping either of those devices by its IP? from the controller machine

I tried SSH, but it didn't work.

then you've probably got a networking issue...

I could try letting my roommate handle this because, while he isn't use to the sw and hw, he does have his master's degree in networking. I know basic networking. XD

o.o you don't need a degree in networking to solve this problem

the minimum bar is that you have the controller running and the device can reach the controller

if you can't reach the device, then you should figure out why you can't

Well, his son/my brother in law set it up and it was acting up. His dad did all the networking throughout the house, but they got that to fix an issue. So, I went and factory reset the switch and AP. I think the adoption issue might be IP related.

I'd check cables, power cycle stuff, unplug stuff, and maybe plug it into other stuff. at least until it's just barely running and then reconfigure it sensibly

lol