fe80 is only link local though @little schooner
#networking
clear igloo
primal ice
https://tunnelbroker.net/ set up an account and make a tunnel and then set the tunnel up on your pfsense box have IPv6 . not the greatest way but will give you headache and IPv6 routing knowledge.
little schooner
@clear igloo right
hollow marlin
Silly Xeon
little schooner
@hollow marlin had to search up the fc00 one again
hollow marlin
Its there but I have yet to see it used. Some specific use cases come to mind but its not worth it in the end
little schooner
@hoary oak something about a virtual device not configured correctly in the VM settings?
hoary oak
yes
thorny vector
@hoary oak Look for a more robust way to do VM's. Freenas/TrueNAS has a lot of issues, in my experience at least, especially with virtual networking.
hoary oak
I'm doing this, because I want to run PiHole on my NAS. @thorny vector
thorny vector
So you're locked into freenas?
hoary oak
what do you mean?
thorny vector
would you be able to migrate the data to somewhere else, put a new OS on the system, and bring it back?
hoary oak
Yes.
I'm quite new to this, so I'd need something not too complicated, though I could probably find my way through if needed.
But I don't have any USB sticks to spare for installing anything.
rocky badge
What about Docker?
hoary oak
like to run it off my PC?
rocky badge
on the FreeNAS
rocky badge
rocky badge
Well, you can't run it directly on FreeBSD, Pi Hole doesn't support BSD
hoary oak
I was trying to install ubuntu, and tried both all of the options.
but I have no way of selecting docker.
from what I have figured out at least.
thorny vector
do you have any other hardware at home? pihole will run on almost literally anything\
hoary oak
That even as the ability of running 24/7, aside from my PC, no, and I don't want my PC running 24/7.
thorny vector
what clients would be using the pihole?
onyx loom
Does anyone here know anything about ubiquiti?
hoary oak
everything that uses the internet at home.
thorny vector
...
hoary oak
not what you asked, was it?
thorny vector
sort of?
basically, the problem boils down to the fact that to OS behind freenas (freebsd) has really crummy support for a lot of popular stuff, virtualization/containers included. So trying to troubleshoot issues with it would require someone familiar with freebsd. Solutions I've gone to the past include finding anything that can run linux, and using it as a lightweight docker host
hoary oak
I was trying to run it as a linux, or Windows guest os.
thorny vector
I was asking about clients because if you were mainly only going to have your main PC using it for dns, then a good solution would be to get containers set up for windows (docker for windows) and running it off that. it would use ~200-500mb of ram, and would be running every time your PC would be running
but if you have other clients that would be using it while the PC is off, its not the best solution
hoary oak
yeah, I mainly want it for the phones, and apple TV in the house.
thorny vector
do you have an older netgear wireless router lying around? Those usually run a pretty easy to get into linux system
hoary oak
1 old century link router that I can spare.
thorny vector
you might be able to get into that. Another option is to get cheap hardware. I know you've seen those old dell optiplex's on facebook marketplace and stuff. Those make great misc. servers
hoary oak
yeah, pretty much what I did for the NAS I'm trying to get it to work on, but If i'ma resort to that, I mind as well just get a Pi, would be cheaper, and more energy efficient.
thorny vector
YEEEEEEES!
I love the pi's so much. I literally have one velcro'd to the back of my laptop
hoary oak
lol
sadly, I had an entire PC laying around, but not a Pi.
The PC, is what I just turned into the NAS.
thorny vector
what specs on the pc?
hoary oak
AMD FX-4300, 16GB (Forgot the speed) RX 460 (Not in the NAS), 1TB HD.
not the best, but it was my old pre - built.
had no case for it, so I made one in Solidworks, before building it out of wood, lol.
my costom built is in the pre - built's case.
The NAS also as an external USB drive in it.
rocky badge
@onyx loom Yes, I know Ubiquiti 😛
thorny vector
dude, i have a pelican case i built 2 servers in, rockin' old i7-2600 and i5-4???, each with 16gb 1333hz ram
rocky badge
My Pi Hole is using 6.65MB
thorny vector
old hardware best hardware
onyx loom
How well do you know they’re protect lineup @rocky badge
hoary oak
yep
onyx loom
@rocky badge I just had a clarifying question. Let’s say I got a dream machine, 6 cameras from there lineup, and a PoE switch. If I plugged all the cameras into the switch, could I send all the video streams to the dream machine over 1 cable?
From switch to dream machine
rocky badge
Yeah, as long as its on the switch, btw. Dream Machine Pro or just Dream Machine
UDMP has UniFi protect, the UDM does not
thorny vector
I've never gotten around to using ubiquiti, how exclusive is its environment?
rocky badge
wdym "exclusive"?
rocky badge
oh
Fine
It's just that you can't manage it with UniFi SDN
or UNMS if you're in EdgeMAX
Protect/Video? The NVRs can only record from UniFi cams, but the cameras themselves can stream RTSP
thorny vector
alright
I usually only get my hands on scavenged equipment, so I'm always worrying about getting a deal on something, and it not working in my environment
rocky badge
Yeah, all of my stuff is UniFi 😛, but it works with anything
a common combo is pfSense + UniFi APs and switches
thorny vector
oh that monitoring is NIIIIIICE
I have a flood of syslog always running just to keep a track of everything
thorny vector
is that similar to cisco's discovery protocol?
thorny vector
20 wifi clients?
thorny vector
Also, you're a heathen for using 10.x.x.x networks
rocky badge
rocky badge
I need to get 802.1X working on wired networks lol
thorny vector
I've never done much with that, I really should though. I'm probably overly reliant on windows AD to run my stuff
rocky badge
my AD does a lot ....
Azure AD and G Suite, ADCS, RADIUS, DNS, login, LDAP for various stuff.
I also rely on WDS, Group Policy, Windows Server, etc...
vSphere, Rancher, my network, LemonLDAP NG, etc all rely on it for directory services
rocky badge
I need to redo my PKI though...
thorny vector
a frankenstein mess right now?
rocky badge
Gonna be a PITA as well...
vSphere relies on it
AD relies on it
All of my internal sites rely on it
and that also means I have to install it on every device as well, but that's easy for the most part
thorny vector
well crap. It might almost be easier to rebuild from the bottom
thorny vector
hmmm.... scp cron scripts in?
rocky badge
I guess lol
thorny vector
it'd be super jank, but it might work
thorny vector
lol, nothing more permanent than a stupid temporary solution
thorny vector
thank god for public keys
rocky badge
For Ubuntu I just tell it to import from my GitHub
But for Debian/CentOS I run that lol
thorny vector
Hmm, I've seen tutorials for adding custom scripts to install CD's
thorny vector
I might try that actually. I need to test the new ubuntu version anyways
little schooner
Im not sure how to interpret these statements. Are they supposed to be read backwards?
hollow marlin
@little schooner Looking at it briefly it should be read as traffic destined for zone x coming from zone y assign rules Z
hollow marlin
Zone based is the only way to go
surreal finch
policy is nice too
honestly I really don't mind either
I just have nightmeres from zone based when I was configuring a network for a customer when I was an engineer at an ISP
hollow marlin
There are definitely one offs that make it tedious but zones outweigh the easy of mass management
surreal finch
Yeah I am starting to really enjoy Fortigate's
But that is because I have been tinkering with one here at home. Fortigate was awesome enough to donate 81e POE, FortiAP 421, and Fortiextender to our team
each one of us.
hollow marlin
People love them but I never got my hands on one. We deploy Juniper SRXs. Lack the feature set of Fortinet but can do much more on the route/switch side
surreal finch
That is very true. Luckily I don't have much routing to be doing here at home lol
And if I honestly needed to do some hardcore routing, I would just spin up a vCSR
Juniper's were a fun platform to learn
They really helped me get my head around linux a bit. Then going to Velocloud SDWAN that really got me into it with the Gateways and Edges.
hollow marlin
License cost for the CSR wouldnt be worth it. On a budget Mikrotik CHR $100 unlimited license and Juniper's vMX I think is $500.
hollow marlin
No def not for home use. Mikrotik hAP ac2 will route gig without a hiccup and has next to any feature you need for $60
hollow marlin
In enterprise world, IGP/BGP on firewalls is always a disaster
surreal finch
I really wish I could put a static route on my lame ass comcast modem pointing towards the fortigate though
Oh yeah. We never did that. Always did it on the CE, hardly ever did we do it on any device behind that
I've been thinking about getting a Ubiquiti AP so that I can disable the comcast router/AP
hollow marlin
We will not peer with any customer that is using their FW as a peer unless a new SLA contract is signed. Forinet is a bit better because it has the ASICs to not crap the bed but we ran into too many issues in the past
surreal finch
I take it you work for an ISP?
hollow marlin
Yeppers
surreal finch
Here in the US?
hollow marlin
Yep on the east coast
hollow marlin
God no, lol
surreal finch
HAHAA
I just left them last year.
But I started out as Earthlink before Windstream bought them out
hollow marlin
We're a mid size ISP. Choose my current job because Id rather be more involved than silo'd
surreal finch
Oh nice!@
hollow marlin
We do peer with them though.
surreal finch
Yeah I left them for a small software company that does some networking for a particular set of a customers.
Yeah everybody pretty much peers with Windstream if you are on the east coast
Been getting my head pretty deep into SDWAN
hollow marlin
I have mixed feelings. I got a taste of Velo/Viptela. Better than Juniper's offerings but I never ran into so many bugs on anything Ive used before. That was a year ago though
Impressive when they do work though
surreal finch
Its come a long way. Not to say it isn't perfect. And I will say that Velo, is way more mature than Viptela.
Cisco is struggling with it quite a bit I feel as they attempt to adapt the code into their 43XX routers
We are waiting for them to mature their code a bit more so that we can offer theirs in conjuction with velo as we have quite a few 43XX routers out at our customer prems. And it would be nice to be able to just convert the config to SDWAN and enable that feature for them instead of basically selling them new equipment from Velo, even though they just recently purchased a crap ton of new cisco gear from us.
hollow marlin
I would like to see more of adaptability like that. Juniper's solutions will work on any device on ver x and newer. I see it benefiting more when you can toss it on your current equipment
surreal finch
yep exactly. Fortinet is doing the same thing with Fortigate's
hollow marlin
Ive read its a very good overall experience
surreal finch
Yeah we briefly looked at them, but decided not to look that much further. One reason is a big issue our Security team is having with their fortigates that they haven't fixed yet I beleive, but also we didn't want to go with a vendor that we would have to install and sell a bunch of new equipment as well
hollow marlin
Expensive gear at that. Curious on their bug fix turn around times
surreal finch
Yeah fortigate is not cheap
I mean hell, they basically donated like 3k worth of gear. But also with that, its their licensing that is the most expensive part
I mean their UTM license is like 900 a year
hollow marlin
That and it really only becomes worth it if you then get their switches and APs for the single pane of glass
surreal finch
Yep
I do really enjoy that part of the gate and the AP
its nice to control all of it from the fortigate
clear igloo
@surreal finch I've heard that the latest release for SDWAN on the ISR4K brings in the feature parity and template parity now. I don't test on SDWAN stuff though so it's not first hand experience unfortunately but I know someone who's testing on that code now and he says it brings a lot of much needed improvements
plucky juniper
I'm plannin to buy an archer c9, but I'm not sure what ap to use at the top of the house
My computer takes ethernet, and the router would have to stay downstairs
Any suggestions (I can't bring a wire up through 2 floors sadly)?
And I'm welcome to suggestions for a diff router as well
It'd be connected to a virgin media super hub 3 in modem mode
https://www.amazon.co.uk/dp/B017JMJ3BI/ref=dp_cr_wdg_tit_rfb?th=1 I'm plannin on getting it renewed and flashin it with openwrt
fervent brook
what's your current plan for getting the signal from the router to the AP?
if I lived in the USA, if just buy multiple AC1900 routers for about 10 dollars each
plucky juniper
Hmm, I may not use an ap then, maybe a range extender
I have a netgear ex2700 next to my pc atm, but it crashes under high load
plucky juniper
Yep, you're going to recommend poe?
plucky juniper
oops
fervent brook
poe the other one
plucky juniper
yep, 😄 I got em mixed up
fervent brook
and eop isn't even Ethernet. is closer(or exactly) 802.11
just over copper...or whatever your country uses for mains
plucky juniper
Yeah, I'm UK in an old house
fervent brook
I'm not sure if anyone makes PLC equipment for 50Hz mains
can you throw an Ethernet cable out a window and into the attic?
plucky juniper
😄
fervent brook
does your country have attics?
plucky juniper
Same as attic afaik
fervent brook
ah
plucky juniper
loft is BE, attic is AE
fervent brook
so, you're in the loft, and the router isn't
fervent brook
and no Ethernet cable up the ceiling
fervent brook
you can't drop one down between the studs?
does your country use load-bearing pillars?
plucky juniper
Nah, I can't do any drilling or anything like that
fervent brook
how many people on the mains circuit?
is it like an apartment? or a single house m
plucky juniper
A house, but I can't do any work on the place
fervent brook
use PLC then
plucky juniper
And recommendations?
fervent brook
just watch out for "electrical cleaners"
they destroy the signal
I like my netgear and linksys ones. they seemed ok.
pay attention to the rated speed. divide that by the total number of PLC devices
you should just have 2, so look for 1-2gb ones, unless it's too expensive
plucky juniper
fervent brook
the plug looks silly
plucky juniper
the nano version looks nice though
its the same thing, w/o passthrough
Though people have complained a lot that they died
fervent brook
I have to set my currency, I have no idea about gbp process
plucky juniper
whats your currency? I can convert it for you to make it easier
fervent brook
if that's what it's worth to you
plucky juniper
fervent brook
sorry I took so long, I was trying to look for others
plucky juniper
This is around $50 too, idm as long as you are helping 😄
fervent brook
are you considering items that aren't "prime" eligible?
fervent brook
that's probably why I'm not finding anything
plucky juniper
I guess thats cos of covid
They are less likely to offer non essential things like powerline ( 😦 ) on prime
fervent brook
I have about 6 adapters. got them for about 5GBP each at the secondhand store
plucky juniper
Also, what do you know about power rings and powerline?
If the plugs aren't on the same power ring, it won't work from what i've read
I did find the pl1000 for $25 online
fervent brook
plucky juniper
Though this one has a passthrough which is very useful
This one's quite good, its a hotspot as well
THough I'd have to buy 2 of them
Which makes it quite expensive
surreal finch
@clear igloo Thanks for that information. I'll pass it onto my team. I know right now we won't be able to test anything as the gear is in the office and nobody has access to it right now.
plucky juniper
$50 as well
This is where I get confused, since they are all around the same price and seem to be the same
or very similiar
plucky juniper
Anyone else is free to pop in as well 😛
These are the 2 powerline kits I am lookin at
https://www.amazon.co.uk/dp/B00KO15KV4/ref=emc_b_5_t with this as the router for £75
plucky juniper
Ah woops, thanks for tllin me
fervent brook
third one only has one
first and second have two
it's a tie between the first two, but I'm partial to netgear
plucky juniper
https://www.amazon.co.uk/NETGEAR-PL1000-100UKS-Powerline-Ethernet-Homeplug/dp/B01BD9TFI4/ so I might as well get this
Is the router good, or do you recommend smth else?
fervent brook
i have no real opinion on foreign wireless devices, sincei dont know what the ranges or prices should be
i got a Linksys EA6900 for about 5 GBP from a secondhand store...so i have no idea about prices
you sure that router id 75? the link says 115
nevermind, i found your old poost
i cant find anything better
plucky juniper
Yeah, its a renewed one
Thanks for lookin though
https://www.amazon.co.uk/dp/B017JMJ3BI and https://www.amazon.co.uk//dp/B01BD9TFI4/ is what I'll get then
cheers!
spare bay
I'll take that for $5
fervent brook
no, it's mine...
im gonna...look at it
plus, if i dont have this, my two rollover cables are useless
little schooner
thats a steal
@hollow marlin Im still kinda confused about the zone statement thing. Could you use one of their example statements and say it again?
set zone-policy zone wan from local firewall name local
Like that one
hollow marlin
@little schooner so it reads: traffic traversing from local to wan apply firewall rules local
little schooner
now its clear. thx :D
I have some redundant firewall rules and hoping to use zones instead to cut back on em
everytime i add a vlan, I have to add so many of the same
fervent brook
@plucky juniper some people call them secondhand stores...I think
plucky juniper
I haven't experienced that firsthand
fervent brook
little schooner
I'll throw in a third hand if you need it 🖐️
plucky juniper
It was a joke 😄
little schooner
what is a joke is the amount of money I have to pay to take a single 3cr summer course
over $1600
Internship class
hollow marlin
@little schooner Finish your degree at WGU
little schooner
@hollow marlin funny, because thats where my prof went to take his masters
he got this one https://www.wgu.edu/online-it-degrees/cybersecurity-information-assurance-masters-program.html
hollow marlin
Both my friends went there. Hella cheap for their bachelor's and it's self paced and certification based.
little schooner
ill probably look towards them if I want to do masters. I have just 3 classes left to do. spanish, circuits II and internship
but yes self paced sounds awesome. I liked how netacademy was like that too and got my cisco certs as a side effect
its not just education that goes in one ear and out the other after you finish
it can be used to get cert, which is nice
hollow marlin
You can also use your certs to put towards creddits. I checked and my NPs and Juniper certs alone get me like 70% to a bachelors
little schooner
oh thats cool
cedar igloo
I'm setting up RDS servers in a lab environment however when trying to access the page, it errors out with a untrusted ssl certificate as its using HSTS or something. How can i either trust the certificate or disable HSTS?
There is no option to accept the risk and continue
or even better, could someone teach me how to create a valid certificate
thorny vector
For a valid cert, either set up your own internal PKI, or buy a cheap domain that comes with a free cert
visual nest
Does anyone know how I can set up something (Maybe like a VPN) so I can access my "NAS" (Shared drive on windows pc) from another network?
@ me
cedar igloo
@visual nest What router do you have? Some allow openvpn through that
visual nest
I live in the Netherlands, My ISP is Ziggo and it's a Ziggo router
cedar igloo
as i cant read dutch, im going to assume it doesnt support OpenVPN. Do you have a cheap old computer laying around anywhere that you dont use?
@visual nest
cedar igloo
So mine has the option to enable VPN, and gives you a config file to run. This makes it easy to connect using a vpn
visual nest
I don't have any VPN options I think
I do have 2 pc's laying in storage though
@cedar igloo
1 is usable, The other one I broke the cooler mounting off
cedar igloo
If you install Ubuntu Server on one of them, you can run a script from Github which installs OpenVPN Server in minutes.
visual nest
It has a Core2Duo btw
cedar igloo
it doesnt need to be powerful
cedar igloo
How many devices will be attached?
cedar igloo
users connected to the vpn
visual nest
max 6 or so, Probably 2 at a time max
cedar igloo
will it just be used to access files from the nas?
cedar igloo
im just looking into ideal network speeds for video streaming. It will not be as fast or as good quality as viewing it on your network
severe wigeon
bit of support and networking question.
So, I'm attempting to add my other ESXI 7 host to VCSA, but it can't connect by IP nor by FQDN
Running nslookup on the FQDN and ip works, but not hostname. Which is what VCSA wants
visual nest
I'm not really looking into network speeds but just looking for it to work at all
severe wigeon
I can resolve it on my system and my vm's fine
cedar igloo
A VPN will only be as fast as your internet connection. If you are streaming these movies, it may be too slow to watch.
visual nest
Or would Hamachi work
severe wigeon
cedar igloo
i've not used hamachi, so im not sure
visual nest
It works to get buddy gamers on LAN games
cedar igloo
that sounds like it would work
visual nest
Well, I'll see
stiff forge
hey guys i have a quick question
i just finished my first build and I'm notice that my router is not giving me the speed that i pay my isp for I don't know how to fix my router to give me the right speed
hollow marlin
You'll have to give more information
dire flare
@stiff forge add more info
What kind of speed are you paying for/type of connection
How are you connected to your router, is it over ethernet or wifi
What kind of speeds are you actually getting and how are you measuring them
stiff forge
this is what Im getting but when i connect it to my isp directly I get one gig and my modem is rated for over a gig @dire flare
my router is a R6700v3 netgear
dire flare
You haven't answered my questions
What's the advertised speed on your plan at the ISP and how are you connecting to the router
What do you mean by connecting to your ISP directly?
stiff forge
my plan is for a 1000 Mbps and when I connect Verizon modem to my pc i get the speed I pay for but when I connect to to my router to pc i get that speed
dire flare
Right, so it's a local network issue.
Your ISP has nothing to do with that. If you're connecting through WiFi you can more or less forget about the full 1000 Mbps speed. If you're connected over cable ethernet then you've likely got a damaged cable between the router and PC
(or router and modem for that matter)
stiff forge
thought that might be the case i ordered a new cat 6 and i still have the same problem
not only that but it the firmware i google the issue and it tell me that that other people have the same problem but they fixed it buy going on the router interface but i don't know how to navigate it
deft mural
Has anyone had any success getting a TP-Link EAP245 setup with pfSense? I've been racking my brain trying to figure out why clients can't get addresses from DHCP on pfSense through the Access Point
hollow marlin
@deft mural Verify DHCP is working directly connected to the same port the AP is in
sudden cradle
Is there a way to check for ddos attack on my network ?
raw timber
Could it be the route is try to get gig and cable don't support it
bold karma
Is anyone aware of any access points that also supply 48 volts OUT of PoE? The use case is for our sales people that work from home, when there router is not located in their home office, so that they can use it as a pass-through basically for their VOIP phones. We're wanting to do this without PoE injectors if possible because our sales people tend to not be smart enough to hook this stuff up.
clear igloo
@bold karma I see some Ubnt forum posts that mention some of their models support it but I'm not coming up with much
bold karma
We found one ubiquity one, but it only supply’s 24v not the 48v we need.
clear igloo
https://arstechnica.com/information-technology/2020/04/weve-found-the-worlds-worst-coworker-and-heres-what-they-do/?comments=1
Well that's ONE way to get "moving" in a company 
silk oracle
anyone know anything about nginx proxy host forwarding?
@bold karma I would almost recomend a poe switch something like this
https://smile.amazon.com/gp/product/B076PRM2C5/ref=as_li_tl?ie=UTF8&tag=tpusbuynow-20&camp=1789&creative=9325&linkCode=as2&creativeASIN=B076PRM2C5&linkId=bf8910f74a0eaee4e2884c336e8ada7f&sa-no-redirect=1&th=1
Poe passthough can be a little annoying, just pre-label ports router,ap,phone, etc. Depending on wattage requirements and what poe standards you need it isn't too expensive
strange silo
when you download the arm64 iso not the amd64 iso and spend ages trying to figure out why iLO won't boot the virtual dvd drive 🤦♂️
thorny vector
@silk oracle I do a bit for the sites I host. What about it specifically? I won't profess to be an expert
rocky badge
I know a little bit about nginx proxy lol
It's very useful, and I use it a lot for my nginx @ edge or load balancer
thorny vector
how much work is it setting it up as a load balancer?
I don't really serve enough data for it to be worth trying it out, but still intellectually interested in it
silk oracle
Attempting to get password auth working for my ombi
I ma using nginx as a proxy for adding https as the app doesn't support it
For some reason when I turn on the password it won't stop prompting for the password and stops filling the content on the page
Figured I would ask as I spent 3+ hours attempting settings tweaks and googling and nothing helped
I also can't figure out why it won't do a directory mount to the domain eg. (example.org/ombi/ instead of example.org)
I threw an issue into the github for the docker for the app I am using as a proxy, mostly a GUI frontend to make nginx easier since I have no idea what I am doing
Github issue for a little more detail
https://github.com/jlesage/docker-nginx-proxy-manager/issues/73
thorny vector
@silk oracle Look at the GET requests that don't work properly to load the resources needed for the login.
just to see what's not loading, and where the problem is. One common problem is trailing slashes, so check to make sure you have yours where they need to be.
Changing the root has always been a pain for me, I usually just end up making it a subdomain.
weary hinge
is Dual Band Wireless-AC 3168 good?
dire flare
@sudden cradle Well do your services feel denied? 😅
To know for sure you'll have to inspect your traffic, though there's more to ddos attacks then just flooding an interface with packets
deft mural
@deft mural Verify DHCP is working directly connected to the same port the AP is in
@hollow marlin It should be, I know I enabled it in the settings and setup the 10 range in IPv4 and IPv6 for some reason I need to edit the range for it to increment the network 1, but it ended up working. However, it still seems that from anyone connecting to the AP, they're not able to grab an address from my pfSense router.
Currently, it is set behind another router until I can switch that over to bridge mode. But I think as long as I'm not using the same ranges (which I'm not), then it shouldn't be a problem
hollow marlin
Wait so its connected to another router?
deft mural
For now, I want to get the new one configured until I can switch it over gracefully and not have my ISP box be the wifi router and such
hollow marlin
How is the PFsense box connected in all of this?
hollow marlin
@deft mural You should still test with a device directly connected to the port the AP will be plugged into on PFsense. "It should be" isnt enough of a test. If you are dealing with mutliple ports they there are further things to look into such as bridging the ports and assigning subnets/dhcp properly
rocky badge
o.0 /8
thorny vector
^ right?
hollow marlin
/8 on a home network means nothing
thorny vector
It does if you want to segment off anymore of your network
rocky badge
I do /24s in the 10.x.y.z space
little schooner
@rocky badge this seems to be the best method for me
Because I'm never going to have more than 255 hosts anyway
thorny vector
Whatchu got there, bud?
thorny vector
thought so. Just barely saw the product number on the side. esxi host?
rocky badge
Yeah
thorny vector
The only negative about vmware is that once you use it, you can't go back
rocky badge
noice
I moved all of my databases to Docker
then I moved pi hole to docker
then bitwarden and other various services
It saves so much RAM lol
thorny vector
I do use docker a bit
but I also do a lot of host logging, and its a huge pain exporting logs without bandaid cron jobs from docker hosts
rocky badge
😂
thorny vector
I'm also putting the finishing touches on a snort appliance. You just start the template on any host, and it downloads the latest community ruleset, starts sending logs to its gateway, all automated
rocky badge
I'm running Suricata on pfSense
thorny vector
Same
thorny vector
every network has a snort appliance, and each router is running snort as well
I take security VERY seriously 😄
thorny vector
ew, cloud
rocky badge
Cloud is big 😛
thorny vector
IaaS is a scary downward slope
hollow marlin
Well its growing exponentially at this point
thorny vector
Don't I know it :/
rocky badge
I'm gonna be using all AWS (along with some other services that aren't on AWS, Like Twilio and Auth0) for this project lol
thorny vector
oh speaking of API's
can we ALL acknowledge that the pihole api is garbage, and its documentation is garbage?
thorny vector
what are you transitioning to, if anything?
rocky badge
pfBlockerNG
thorny vector
why're you making the change?
rocky badge
part of pfSense lol
thorny vector
ah, ok
deft mural
@deft mural You should still test with a device directly connected to the port the AP will be plugged into on PFsense. "It should be" isnt enough of a test. If you are dealing with mutliple ports they there are further things to look into such as bridging the ports and assigning subnets/dhcp properly
@hollow marlin Hmm, well, I think I might have figured out what's up. It appears on the LAN side my "media" is down. Which seems like cable problem to me... let me test that first.
raw timber
any one here have a network cable taht only get 100 with isp supled router any ohter device 10 link we try eveyr think switch or router
some spoky
it is lke the isp router and the ont some how can get 100 link
deft mural
Although, I'm not sure why, since I know PoE is running over this, but I'm nowhere near 100m even with CAT5E cabling
hollow marlin
@deft mural Again, try directly connecting with another device. Also is there a PoE injector involved or is the NIC on PFsense providing PoE?
thorny vector
PoE, when you're too lazy to run dedicated power /s
deft mural
PoE, when you're too lazy to run dedicated power /s
@thorny vector Trust me, I wish it wasn't, but it's the only way to power it. Which wouldn't be a problem, except the cable issue. Which I'll try a different cable to see.
stiff panther
silk oracle
how much upload ya got
there is some overhead, and is generally decently cpu heavy for a router, but if you have it running from a server/desktop you probably wouldn't notice the hit
hollow marlin
Also SMB is incredibly latency intolerant. Depending on conditions it will be poor no matter what you throw at it with home gear
silk oracle
what was your use case?
strange silo
@hollow marlin What's worse than SMB performance? SMB over IPsec VPN 🤣
thick minnow
Would I need a new router or new cable modem to change my public ip at will through just changing it in the settings/mac address?
just like this https://youtu.be/Kh5hAj8Ljss?t=321
thick minnow
wanna hear a funny story
ab that
i still have the chat logs
i was told by an xfinity rep
that
changing my ip
is illegal
was i missing something in that chat or was he being stupid?
because im pretty sure changing my ip is not illegal
round granite
I'm looking for advice. I want to learn more about data centers and enterprise equipment like raid cards and HBA cards, and enterprise servers. I own servers but I don't know what the best way to use them. For example I have a couple raid cards in a server but I want to switch them to hba's. What's the best place to learn more about stuff like this?
hollow marlin
@thick minnow It actually is. You can change your IP and if you are within the same L2 domain you can impersonate someone. Theft, CP, etc... all will show originating at an IP that is always tied to a customer at the time, throwing an innocent person in prison. There a mechanisms that keep track of IPs bound to a customer and if the ISP has apply simple practices to prevent it then its impossible to do in the first place.
To be clear the actual act of changing is not illegal, but crime committed during that time will get you charged with fraud and the ISP can fine you if end up affecting another service
But most ISPs like us have measures like PPPoE or DHCP w/O82 and DHCP snooping. You can change it all you want but you'll get no connectivity
waxen scroll
ive had the same comcast DHCP IP for 7 years
it persists though multiple accounts (i close them and open new ones for deals)
clear igloo
They, afaik, bind the lease to a MAC address so if you spoof/change the MAC then you'll get a new IP
I kept my Spectrum IP that way across routers 😄
hollow marlin
DCHP+option82 and then logged for 5 years. At least here in NY we are bound by law to record IP/MAC with port information
rocky badge
@clear igloo I have a Spectrum IP with "biz.spectrum.com" 😂
clear igloo
lol
rocky badge
raw timber
our isp verizon seem to be bound to the ont that own by them and hard wire in out side
the ip
sudden cradle
@dire flare thought I was getting ddos'd while in a game of cs on faceit but turns out virginmedia was down everywhere in uk
silk oracle
@rocky badge what is that image from? is that a service like "http://www.thefuckingweather.com/"
rocky badge
little schooner
@rocky badge xD
runic pecan
Typically you don't control the ISP's DHCP server...you would have to jump through a lot of hoops and be doing something pretty suspicious to want to go to the effort of doing that as opposed to just masking your IP via VPNs and TOR
silk oracle
@thick minnow I am guessing they thought you wanted to do something shady...
if support won't help and you don't have the modem configured as your router, you might be able to either power everything down 5 minutes and power it back on and it might change, (sometimes it can take a day or so depending on the DHCP lease time) assuming the address is dynamically assigned, they could have it statically assigned so that you always pull the same address as well, never had comcast myself.
Leases are generally associated with your mac address of the device doing routing/nat (router probably if separate from modem)
Changing the MAC address of that device can get you a new IP (mac clone setting usually)
that said unless you are getting ddosed or targeted by ip then you generally shouldn't need a new address, and Shambles is right, just get a vpn depending on use case that might be an easier thing to do
@rocky badge i've been meaning to ask why are 10% of the emoji for LTT you? including all but 2 of the animated ones?
rocky badge
uh
silk oracle
I'd suggest that you are stealth Linus...
but he only he doesn't run vmware at home
as far as we know DUN DUN DUN!
runic pecan
I mean, who doesn't run a little vmware at home
silk oracle
I would but I don't need the features lol, I just have a single unraid
though I got another server for free
haven't got drives to fill it though
rocky badge
@silk oracle 😂
my VMware right now
Adding a 8c/16t, 64GB of RAM, with 10 gig server sunday
runic pecan
I'll be honest, I'm not running any...yet
I just started setting up a homelab
all my vms are KVM
rocky badge
😂
runic pecan
yeah, I don't have a use for that much storage...yet
rocky badge
I started this homelab when I was 13?
I think so
The R620 will be one of the newer things in the homelab
Besides UniFi networking lol
runic pecan
I just had a Ryzen 2600 and an x370 mobo kicking around from a good deal on newegg...then my consumer grade router died friday
rocky badge
RIP, I'm actually using pfSense now lol
runic pecan
well actually i guess it was two fridays ago
me too!
lol
I'm running pfSense in a VM and passing through a pcie 4 port ethernet card to it
after I get a few kinks ironed out in how i want this setup I'm gonna try to switch from pfSense to vyos
thinking about getting some used cisco gear and start working on CCNA
silk oracle
as far as ccna all that can be done via packet tracer lol
runic pecan
ah
silk oracle
cisco makes it
runic pecan
I don't know much, i'm really new to all of this
silk oracle
that is why I mentioned it
runic pecan
I learned everything I know pretty much in the past three days
silk oracle
yep checks out
runic pecan
+3 years of Comp Sci in college...doesn't help with networking though
silk oracle
it can incite the proper mindset partly, but yeah there are a few traps that are easy to run into for sure
just wait until you deal with VLSM
runic pecan
yeah. biggest thing is what you said and not being intimidated by the terminal/script/code
runic pecan
that's pretty much the strat I've been applying
biggest thing I run into is not knowing how to ask questions
silk oracle
that is the strat unless you are the kind of person who has been doing networking for a living since the 90s
runic pecan
because I'm trying to run before i walk
silk oracle
Always a good plan
I know I fell into a role as a network/Active directory admin in highschool
that was interesting....
13 and when things broke I was suddenly the one who people turned to lol, all because I knew how to google problems well....
rocky badge
School wants me to fix some of their shit
Like databases and stuff
They want me to custom make something as well 😐
They better pay me $$$
Like, I'm talking full webapp, infra on AWS, web UI/UX, sms integration, identity management, etc
silk oracle
lol, I got fun and school credit (project based learning) covered most of a year of highschool playing with computers for fun
yeah, if they are expecting professional solutions they better be expecting to pay a professional paycheck
I was amature hour then but I made things work as needed as their IT staff left XD
runic pecan
someday i would like to recieve a professional paycheck for my keyboard jockeying.
beats swinging a hammer
rocky badge
@silk oracle Yeah, it's not gonna be cheap for them lmao
For the database, they want me to migrate Lotus DB to something modern....
silk oracle
what is the use case? message board, news, and announcements? or something more ambitious?
rocky badge
For the thing they want me to make?
silk oracle
yeah lol
rocky badge
Substitute management and assigning
Teachers login, request for a sub, subs get a text/email
Admins want to see stats per school/district wide
backend is probably gonna be either Python or NodeJS
silk oracle
Lol yeah, not cheap, then supporting it would be a nightmare. Especially user training/ID10T errors
silk oracle
how did they get the system they are currently using?
rocky badge
It was Role call
but the company who provided Role call shut it down
I showed them I'm fast at doing stuff with the badge system lol
Badge based class sign in/out in the front office/commons
Admins and teachers get Excel sheets every day
At the specified time for the class
silk oracle
UUGH I just spent 4 hours troubleshooting a badge access system because a serial cable fell out of a computer...
silk oracle
yeah, nightmare site nothing documented
rocky badge
macOS locked down to the Electron app
USB barcode reader 😂
It's all local as well
This project was 0 cloud
The sub system will be 100% cloud
Nothing on prem
silk oracle
I find it funny that usb barcode readers are just a keyboard
thick minnow
Assuming that no use is made of cached data, what type of domain name server is responsible for getting the IP address of a web server and returning it to the client? - I really need help answering this question. (Sorry if this question dosent fit the rules of the channel.)
fervent brook
why not just look it up in the lesson that this homework question is for?
thorny vector
Ooof
wanton coral
Im being ddossed constantly through my public IP even though its dynamic from a program i think is called botstress.to, what can I use to stop this?
hollow marlin
How do you know you're being ddos'd?
wanton coral
Oh I just do
fervent brook
stop going to honeypots
thorny vector
Is the "dos" denying any services?
wanton coral
yes during the attack it takes out my entire network
thorny vector
Home network?
thorny vector
and why do you assume dos?
wanton coral
I should explain a bit more indepth
I know its ddoss and I know the person doing it, i run game servers so its very easy for them to get my ip
i use no ip to convert my number ip to a word ip
xxxx.ddns.net (example)
they ping the .ddns.net address in cmd
get my public ip
and use a site called botstress.to to attack my public ip
usually through port 80
thorny vector
Are you serving any traffic on 80?
wanton coral
I just want to find a useful program to mitigate these attacks.
No I dont believe so
thorny vector
Then just set up your router to drop all packets on 80, if its not, instead of rejecting them
wanton coral
will doing that interfere with my daily internet use?
thorny vector
There is no program for a quick fix to dos
and no, it won't. It'll only touch inbound stuff. I'd recommend reading up on networking and network security some more if you're going to provide services from your IP
hollow marlin
If it really is a DDoS, which I dont think it is, you cannot stop it
wanton coral
its dos i know its dos
thorny vector
You can mitigate though.
wanton coral
ive literally watched the person do it .-.
hollow marlin
Again, how are you watching it?
Just because your internet drops doesnt mean its a ddos
thorny vector
Then report him to the police? What he is doing is an illegal act.
fervent brook
they're roommates?
fervent brook
it's his wife. she's mad at him
fervent brook
report him to the service he's streaming on
thorny vector
These are the solutions, other than trying to get another IP, and putting any domain name behind something like cloudflare, to make it harder to do it
fervent brook
i guess you're just out of luck until you decide you want to actually do what every other company who wants to provide a service does
rocky badge
Proxy with a third party service for http(s) traffic
wanton coral
my ip is dynamic, ive looked at cloudflare but im not sure about the free option 🤔
rocky badge
Protect origin IPs
fervent brook
have you tried getting a business account from your isp? make sure you tell them what service you plan on providing
wanton coral
i have tried, they said someone would get back to me about but never did
ill try again though once their call centre reopens in the morning
hollow marlin
Business account wont fix anything unless they provide an IPS solution which many dont. You either go the Cloudflare route or report the attacker.
wanton coral
this would be my packet filtering thingy right
hollow marlin
Filtering/blocking the service wont do anything. The router still has to process the packet either way.
wanton coral
oh ok
the problem with cloudflare is that it looks to me like it only protects websites against dos attacks
and when i put my website in, it says it is not a registered domain
thorny vector
Because you don't own the domain, you'd have to go through a registrar to get one.
No offense, but you need to do some studying up if you want to keep serving traffic
thorny vector
dude
you can get one for like a dollar a year
gandi will register a .site for literally 99 cents a year
fervent brook
time to steal dad's credit card
thorny vector
lol
normal spade
Windows network sharing NEVER works! It's horrible!
I'm fighting with it all the time. It just randomly decides if it wants to work or not.
thorny vector
How do you have it configured?
normal spade
Everything is on. Every service, everything.
thorny vector
network sharing, as in using a windows box as a router?
little schooner
I've never had problems with windows file sharing. It literally just works out of the box as soon as you share a single folder or file
Make sure your computers are in the same workgroup and that file and Print sharing is enabled
craggy parcel
I've had lots of problems with authentication. Especially when using a Microsoft Account for logging in. On an AD domain, however, never a problem at all.
little schooner
In that case @craggy parcel, I add custom credentials to the credential Vault and that should solve the problem
craggy parcel
Well, it's more authenticating to the remote machine, with the MS account.. Never figured a way to make that work. Always had to make a local account on the "server" machine.
little schooner
Hmm. Yeah that's what I'm doing too
craggy parcel
But I'd still consider it a problem. 😉
craggy parcel
The "Server" in my case is just like a win10 machine, that happens to share some files.
little schooner
Hmm. Well yeah you would think it would just work if both pcs had your ms account already established on both and just pass the same user+pw
craggy parcel
Well, there's something about using a login of microsoftaccount\email@ddress.here never had it working though.
rocky badge
@craggy parcel @little schooner https://superuser.com/questions/740375/how-to-login-to-network-share-when-microsoft-account-is-tied-to-windows-login
You must use MicrosoftAccount\me@email.com (this MicrosoftAccount prefix is important) as username. Now enter your Microsoft account password into the password box.
@rocky badge Tried, and failed. Even with the casing correct. 😉
rocky badge
RIP, that's always worked for me
craggy parcel
I've heard lots of cases where it worked, and even seen it work. Just never worked for me, for reasons unknown.
rocky badge
it has a mind of it's own!
craggy parcel
That's Windows. Yeah.
But then again, it's the same computer, that crashed with a BSOD when installing the Radeon driver for my 7850, until I made a fresh install on another drive.
little schooner
What are the chances of my edgeswitch's led lights dying out within 5 years?
craggy parcel
Depends quite a lot on the quality of the LEDs. But as LEDs are generally cheap, even of good quality, I'd say the chances are small. Especially if they LEDs are not supplied with a large current.
craggy parcel
Well, in case they break, it should be cheap to get replacements, so it's just a matter of getting out you soldering iron, and fix it. 😉
little schooner
@craggy parcel as long as i use lead-free solder, health risks should be nonexistant right?
craggy parcel
Well, I'm not an expert at chemistry, so no idea. 😛 But if it's something you do every now and then, like once a year, I wouldn't be worried. But if you do it at a daily basis, get proper ventilation.
little schooner
makes sense
craggy parcel
Yeah, and if you are worried, and do not have ventilation, do it outside, on a sunny day.
languid shale
Does anyone know if two routers can interfere with each other
thorny vector
@languid shale interfere how?
dire flare
@languid shale elaborate chief
thick minnow
@languid shale Just pick another ip serie / or use the other one as a slave/repeater to extend your Wifi or get a sub net for more ip
fervent brook
rocky badge
Nice router @fervent brook
waxen scroll
@rocky badge wheres our boii @unreal wedge
fervent brook
i just looked for the cheapest wired router with the highest amperage
im starting to think maybe i should change my switch's IP to 192.168.1.2 instead of 192.168.112
ok, that was a bad idea
nevermind, it worked eventually
im extremely tempted to set up my Netgear router alongside my "Linksys" router just for fun
sucks that my 7000 is pretty bricked. there's instructions on catching it in some mode when it boots and sending the firmware over LAN, but it idnt work all 31 times i tried it
stable iceBOT
fervent brook
old firmware version was 1.6, new version was 1.52
waxen scroll
wat
fervent brook
because 52 is a bigger number than 6
silk oracle
why is it soooo hard to bond 2 dsl lines for zippy internet lol
The modem I have even supports it lol
little schooner
@silk oracle I wonder why it's so hard for fiber companies to compete with concast in my area
waxen scroll
because digging fiber is hard
silk oracle
Fiber to home requires new build
cable already is there and gives internet, meaning they can't get sweet sweet government money easily so they can overpromise and under deploy to homes
silk oracle
If there wasn't coax for the cable company everywhere then it would be much more equal
but "Last Mile" is almost the most expensive part of running broadband
I know there is a few cities in my area that just dumped money into building out fiber to every home and then let ISP use the city infastructure to get to homes. That seems a little better then having each company build their own to your house like has been done in the past
bold karma
ok....so I recently aquired a KVM Console form work, but we could not find the original KVM cables that went with it. The originals had VGA on the console end of the cable and VGA and 2 PS/2 plugs on the machine end of the plug. So far I have only been able to find cables with KVM on console side and KVM and USB on the other machine side. My question is this, would these cables work the same as the original cables, or should I continue tracking down original cables? It's an Avocent LCD17SWT8-001.
hollow marlin
@silk oracle To give perspective on the cheaper end its around ~$1 mil per 400sq miles (around 20-30 mile diameter) to run fiber. Thats before drops, customer equipment and labor to go with it.
little schooner
To make https proxy work for a mobile phone, does the phone need the proxy server certicate installed on it? I know for http, it should just work since no encryption
But then I get a lot of warnings on android and iPhone saying third parties could monitor the traffic when I install other types of certificates
little schooner
Nvm I figured it out. Yes the cert of the proxy needs to be installed on the device for it to not give error
lean pollen
At this point I am close to just saying the router sucks ass and throw it away and give a bad review
(Asus AC1300GPlus)
silk oracle
@lean pollen Do you live somewhere densely packed in (apparentment) or something, you might be having channel interference problems
See if there is a less poluted channel you can use and that might help some of your issues
lean pollen
Townhouse
rocky badge
@clear igloo YEE, setting up firewalls for IoT
lean pollen
Could getting one that is more powerfull help? (router)
silk oracle
depends on what the actual issues are
clear igloo
@rocky badge Best firewall is to shut down the IoT 😛
lean pollen
Is there some way to record what channel a router selects over time and what other wifi networks choose and its strenght over time and not just right now?
silk oracle
in theory you could record output on a wifi card in promiscous mode, but you might need to create something to record the data
Kali or something might have a tool for that, not sure
I have never really had problems with my wifi so I haven't had to try
silk oracle
can you use channel 58?
yeah theoretically there won't be an overlap with channel 58 80mhz
maybe not permanently but to see if that helps
I think it might just be FW updates
hm
lean pollen
just 56 and 60
silk oracle
hmm
odd
also where are you US?
it does make a diffrence
if you are FCC or some other area
silk oracle
wifi name gave it away lol
lean pollen
btw
Theo is my cat
I think its sort of fun but also like sort of standard that neighbour called his Skynet
silk oracle
yeah, here the silly default you find everywhere is "FBI Surveillance Van" but that only works here
lol
lean pollen
No, I think I earlier locked it to 64 not 60 and had some problems as I said erlier
lean pollen
oh
silk oracle
can't say for sure thouhg?
lean pollen
Do you think a more powerful router might help tho?
silk oracle
it could
lean pollen
I think this one is little bit less powerful than the ISP one we had some other problems with
silk oracle
personally I play with low priced commercial gear
Ubuquiti is great
lean pollen
based on range that I remember
Is there a way to easily know what router is more powerful than another?
silk oracle
kinda hard to say, part of it is antenna gain
other parts are to do with the specific card
then there is 2x2 3x3 4x4
lean pollen
I suspect AC1300GPlus is not that powerfull
but dont know
Also an iritating thing is every time you change a setting on it, you loose internet connection for the half a minute or more it takes to change it
no matter what setting
silk oracle
overall how knowledgeable about networking are you?
lean pollen
Not much
lean pollen
Little bit tho
silk oracle
this would be something that would probably kick the pants off that lol
lean pollen
more than a normal consumer but less than one that work with it
silk oracle
yeah, the company that makes that router makes budget enterprise networking gear as well
I have 2 of their "pro" access points deployed at my house
lean pollen
Do you think Asus routers isnt that good in general?
silk oracle
I have had good luck with some of them
it is all what are you expecting it to do
It can be
silk oracle
most mesh systems are at the ~$300 price point (us)
lean pollen
What do you say about trying to lock it to someone random of the channels 100-144 and see what happens
silk oracle
what is the speed you get from your isp?
lean pollen
300/20
we had 150/20 before but dad upgraded even if I dont think it was needed yet
If anything I would rather have more upload
silk oracle
ok these are the 5GHZ 36 40 44 48 52 56 60 64 100 104 108 112 116 132 136 140
at least I think
impossible to find with google knowing I am in the US apparently. The only way I could find that even was Juniper wireless access point supported channels by country lol
lean pollen
Should I try just locking it to 136 or something and see what happens?
silk oracle
give it a shot
little schooner
Really wish I knew the answer to how to fix this problem with squid FATAL: The /usr/lib64/squid/security_file_certgen -s /var/spool/squid/ssl_db -M 4MB helpers are crashing too rapidly, need help!
waxen scroll
the error says need help?
little schooner
let me check the squid log
@waxen scroll
ahh, maybe it wants me to run this command:
Uninitialized SSL certificate database directory: /var/spool/squid/ssl_db. To initialize, run "security_file_certgen -c -s /var/spool/squid/ssl_db"
ehh i guess ill try that
@waxen scroll dang thats all that I needed to do
it works now xD
log files to the rescue!
I didnt think to check em until now... maybe because I was so fixated on following the tutorial
in the tutorial, it says it simply starts up fine
little schooner
@waxen scroll how do you feel about Microsoft teams? Next semester two of my prof's are planning on using it instead of webex
Or anyone else
waxen scroll
I've used it. If you want a slack replacement it sucks ass. It can replace WebEx fine imo, but I haven't tried all meeting features to see if it's better than webex
little schooner
I see. Yes anything to get away from webex
Our meetings always have glitches with prof's audio
And sometimes the mic of the prof goes off randomly
deep harbor
I'm setting up a mesh network at my place and I was wondering if you guys would have have any tips! Mention me if you have an answer, I'm not the most active on this chat.
little schooner
Don't you like it when Windows holds up on the "Restarting" screen just because you lost a network connection after putting the laptop to sleep?
Microsoft really needs to fix that
cloud zinc
have domain
and a game server on host
hostingprivideIP:NotNativeGamePortNr
(1.2.3.4:3000)
with use of SRV record, how can i point to that ip/port with mygameserver.myDomain.com
(goal, get rid of the port nummer for users)
paper rampart
Look at the specifics for whoever is hosting your domain. They will have docs for the SRV record
It was pretty easy with namecheap. I run two different minecraft servers, one on a non-standard port and the end users have no idea
cloud zinc
could you screen shot (personal thing removed of course)
silk oracle
@deep harbor Make sure the uplinks for the downstream aps have a good signal, I know at least one person who put on of their aps out in a metal shop and the other ap pulls from that at like 10mbps speed they have to reboot that when the other ap reboots.
solid backbone connection is needed
for all nodes if possible
deep harbor
alright thanks
thick minnow
Hello Everyone! I am working on my CCNA training, and was wondering if having access to a mac os iso through a virtual machine or through an apple product is needed? I am going through CBT Nuggets for my video training (Highly recommend it as I am actually getting it now) and there was a section about knowing how to manually set up the ipv4 settings on all three major OS's, so it had me questioning if I needed access or not
little schooner
@rocky badge so... I just learned that the way Unifi line of switches has a neat configuration method, where you can create like "profiles" of switchport layouts that can be changed on the fly. Is that an advantage over, say, the edgemax version?
rocky badge
yeah I like it
little schooner
is there more features good like that that unifi line offers?
rocky badge
anything with a certain profile can be changed across loads of switches
depends
If you need level 3 switching, Edgeswitch
however, if you're a sucker for central management and sdn, unifi
little schooner
@rocky badge its looking more and more nice
rocky badge
some unifi switches are getting l3 in a firmware update soon™️
little schooner
hmm
so you can set profile to a line of switches, like select all and apply once?
much faster if thats the case
10 switches, one profile, one click apply all is what im trying to get at
rocky badge
uh
little schooner
or you have to expand out each one and do the profile selection manually?
rocky badge
rocky badge
hm
little schooner
group config option
interesting
im moving to a new apartment, but I am going to need a new switch
little schooner
i think why not a unifi one this time xD
rocky badge
little schooner
nice
little schooner
yes. that will make it so much faster
little schooner
hmm you have a custom override set on those?
that error message, i dont think it applies. they are just saying it as warning?
cedar igloo
Is someone able to help fix two servers not being able to ping each other when they are in the same subnet, connected to the same domain? I am getting request timed out. They are two windows server 2019 machines running on ESXI. I have added a group policy which allows ICMP Echo inbound however this didnt work
- one server is running LDAP and another is running PRTG network monitor
Pinging it from another machine shows that nothing is able to ping the LDAP server. Is this meant to be the case?
raw timber
what do do if the port keep on chaning on the game when the router say it a stic port
the game dev say it the router is the iusse pfsence
thorny vector
@cedar igloo Are you allowing icmp replies?
@raw timber More specific? what game, what ports?
raw timber
Factorio
193.631 Info UDPSocket.cpp:27: Opening socket at (IP ADDR:({0.0.0.0:34197}))
193.632 Hosting game at IP ADDR:({0.0.0.0:34197})
193.632 Info HttpSharedState.cpp:54: Downloading https://auth.factorio.com/generate-server-padlock-2?api_version=4
193.734 Info AuthServerConnector.cpp:67: Obtained serverPadlock for serverHash (Noc4v13r5gbf4W4dVnrT2pEQWbMOmA8H) from the auth server.
193.734 Info ServerMultiplayerManager.cpp:774: updateTick(687686) changing state from(CreatingGame) to(InGame)
193.798 Info ServerRouter.cpp:618: Asking pingpong servers (pingpong1.factorio.com:34197, pingpong2.factorio.com:34197, pingpong3.factorio.com:34197, pingpong4.factorio.com:34197) for own address
193.799 Info UDPSocket.cpp:39: Opening socket for broadcast
193.802 Info GameActionHandler.cpp:4306: UpdateTick (687686) processed PlayerJoinGame peerID(0) playerIndex(0) mode(connect)
193.831 Warning ServerRouter.cpp:493: Received own address message reply with conflicting address (got IP ADDR:({71.114.150.224:54053}), expected IP ADDR:({71.114.150.224:9257}))
193.832 Warning ServerMultiplayerManager.cpp:619: Determining own address has failed. Best guess: IP ADDR:({71.114.150.224:9257})
193.910 Warning ServerRouter.cpp:493: Received own address message reply with conflicting address (got IP ADDR:({71.114.150.224:39110}), expected IP ADDR:({71.114.150.224:9257}))
193.978 Warning ServerRouter.cpp:493: Received own address message reply with conflicting address (got IP ADDR:({71.114.150.224:60556}), expected IP ADDR:({71.114.150.224:9257}))
193.984 Info MatchingServer.cpp:114: Matching server game 7372316 has been created.
193.993 Info ServerMultiplayerManager.cpp:703: Matching server connection resumed
thorny vector
I wouldn't be able to give you a quick answer, I don't know how factorio does its connections
raw timber
It most is get pfsence to give out the same port each connection
thorny vector
Actually just looked how factorio does its connections, its gross.
factorio's ping-pong servers dynamically allocate ports for connections, so a simple port forward wouldn't work
raw timber
So what to do
thorny vector
raw timber
It is just 2 player I am host it on my computer
Using the build I. Option support say it the router is it the issue
thorny vector
Your router is fine. You just have to set up either a way to dynamically forward ports, or just allow a range
raw timber
Gsme support say it my route r foot down say it supposed to be one port
@thorny vector the issues is the game expect one port and it get 3 different one when it looks up it ip
thorny vector
That's some weirdness. Can you do a pcap of the traffic?
raw timber
What do you mean
Did you see the people say it. It Port forward the correct port and only one
thorny vector
yes, I see it. But somewhere the udp traffic gets redirected to another port. A pcap (packet capture) on the wan interface might show whats going on.
raw timber
They say it the router give random port to each connect not the same one