#networking

are my current access list

and nat

like i said, there's already a extensive deny on stuff

@peak cloak Unfortunately ASA is a whole different OS than IOS and I have never looked into it

@thick minnow A quick google though it should resemble:
`object network MC-server
host 10.10.110.202

nat (inside,outside) static MC-server service tcp 25565 25565
nat (inside,outside) static MC-server service udp 19132 19132
nat (inside,outside) static MC-server service udp 19133 19133
nat (inside,outside) static MC-server service udp 25565 25565

access-list inboundfilter extended permit tcp any any eq 25565
access-list inboundfilter extended permit udp any any eq 19132
access-list inboundfilter extended permit udp any any eq 19133
access-list inboundfilter extended permit udp any any eq 25565`

There might be service objects you can create to clear it up but like I said I know IOS, not ASA

You have eve

I do and the asa but I refuse to learn more asa than what I already have

🤮

I only now saw the ping

Big love thanks

@hollow marlin still online?

Yeah, can't help much with a minecraft server though

I would make sure you have all the ports needed in the config

remote connection port is not needed (25575)

server port is at 25565

can i try a tracert on the ip and port?

will i be better off running an ethernet cable connected to a router in my room or using those lil range extenders that plug into a wall

idk if this is the right chat

@thick minnow you'll need to use a tool like nmap. Traceroute uses ICMP which doesn't have a port #.

Is the test a remote test or are you testing within your LAN

remote test

my (in network) pc is trying to remote test to my server

by calling my public ip

this is the device listening

That will not work. That's called hairpinning. NAT will translate when it goes from an inside zone to outside zone, and vice versa.

You will have to actually test from a public IP

would you mind being test bunny?

Oh my god, you guys are still at it?

yes!

i've been on this for the past 8 hours

and i need get this fixed/ready

@hollow marlin would you mind being the public?

the slide the ip in dm for a moment

https://canyouseeme.org/ nvm

Sorry I don't have MC. Someone in the gaming channels might be available

Can just telnet or nc to the port 🤷‍♂️

i have a deny all telnet in my router settings somewhere

probably just for the port. Telnet can point to any port, it can be really useful for banner grabbing

SSH to the port will be better because you'll at least get a TCP reset response

clock timezone GMT +1
clock summer-time CET recurring
dns domain-lookup outside
dns domain-lookup management
dns server-group DefaultDNS
 name-server 208.67.222.222 
 name-server 208.67.220.220 
same-security-traffic permit intra-interface
object network obj_any
 subnet 0.0.0.0 0.0.0.0
object network inside-out
 subnet 10.10.110.0 255.255.255.0
object network src-v4-inside
 subnet 10.10.110.0 255.255.255.0
object network src-v6-outside
 subnet 2001:DB8::/96
object network dst-v6-outside
 host 2001:DB8::8
object network dst-v4-inside
 host 8.8.8.8
object network MC-server
host 10.10.110.202```

nat (inside_1,outside) static MC-server service udp 19132 19132
nat (inside_1,outside) static MC-server service udp 19133 19133
nat (inside_1,outside) static MC-server service udp 25565 25565
nat (inside_2,outside) static MC-server service tcp 25565 25565
nat (inside_2,outside) static MC-server service udp 19132 19132
nat (inside_2,outside) static MC-server service udp 19133 19133
nat (inside_2,outside) static MC-server service udp 25565 25565
nat (inside_3,outside) static MC-server service tcp 25565 25565
nat (inside_3,outside) static MC-server service udp 19132 19132
nat (inside_3,outside) static MC-server service udp 19133 19133
nat (inside_3,outside) static MC-server service udp 25565 25565
nat (inside_4,outside) static MC-server service tcp 25565 25565
nat (inside_4,outside) static MC-server service udp 19132 19132
nat (inside_4,outside) static MC-server service udp 19133 19133
nat (inside_4,outside) static MC-server service udp 25565 25565
nat (inside_5,outside) static MC-server service tcp 25565 25565
nat (inside_5,outside) static MC-server service udp 19132 19132
nat (inside_5,outside) static MC-server service udp 19133 19133
nat (inside_5,outside) static MC-server service udp 25565 25565
nat (inside_6,outside) static MC-server service tcp 25565 25565
nat (inside_6,outside) static MC-server service udp 19132 19132
nat (inside_6,outside) static MC-server service udp 19133 19133
nat (inside_6,outside) static MC-server service udp 25565 25565
nat (inside_7,outside) static MC-server service tcp 25565 25565
nat (inside_7,outside) static MC-server service udp 19132 19132
nat (inside_7,outside) static MC-server service udp 19133 19133
nat (inside_7,outside) static MC-server service udp 25565 25565```

nat (inside_2,outside) source static src-v4-inside src-v6-outside destination static dst-v4-inside dst-v6-outside
nat (inside_3,outside) source static src-v4-inside src-v6-outside destination static dst-v4-inside dst-v6-outside
nat (inside_4,outside) source static src-v4-inside src-v6-outside destination static dst-v4-inside dst-v6-outside 
nat (inside_5,outside) source static src-v4-inside src-v6-outside destination static dst-v4-inside dst-v6-outside
nat (inside_6,outside) source static src-v4-inside src-v6-outside destination static dst-v4-inside dst-v6-outside
nat (inside_7,outside) source static src-v4-inside src-v6-outside destination static dst-v4-inside dst-v6-outside
access-list inboundfilter remark Deny All Telnet```

access-list inboundfilter extended deny tcp any eq telnet any 
access-list inboundfilter remark Deny NetBIOS and SMBv1
access-list inboundfilter extended deny tcp any any eq 445 
access-list inboundfilter extended deny tcp any any eq 137 
access-list inboundfilter extended deny tcp any any eq netbios-ssn 
access-list inboundfilter extended deny udp any any eq netbios-ns 
access-list inboundfilter extended deny udp any any eq netbios-dgm 
access-list inboundfilter extended deny udp any any eq 139 
access-list outboundfilter remark Deny NetBIOS and SMBv1 Outbound
access-list outboundfilter extended deny tcp any any eq 445 
access-list outboundfilter extended deny tcp any any eq 137 
access-list outboundfilter extended deny tcp any any eq netbios-ssn 
access-list outboundfilter extended deny udp any any eq 139 
access-list outboundfilter extended deny udp any any eq netbios-dgm 
access-list outboundfilter extended deny udp any any eq netbios-ns 
access-list outboundfilter remark Permit All Other Traffic
access-list outboundfilter extended permit ip any any 
access-list inboundfilter extended permit  tcp any any eq 25565
access-list inboundfilter extended permit  udp any any eq 19132
access-list inboundfilter extended permit  udp any any eq 19133
access-list inboundfilter extended permit  udp any any eq 25565```

that big chunk is running config

DVI makes nat inside so repeditive

Out of my own curiosity, why blacklist acl instead of whitelist?

"i modified a large setup lurik gave me ages ago"

lurick

i only know about 70% what it all does

@hollow marlin I was so happy when my work transitioned from all cisco to mostly pfsense whiteboxes

so you might got a clue why stuff aint reaching?

Should of went Juniper

(i won the thing, from a competition) i wasn't going to ever stare a given horse in the mouth

We build out a lot of virtual kits, so its advantageous to do pfsense, since it virtualizes so well.

but on the server side i aint doing anything wrong right?

it is listening to the right port

And you can connect locally?

(well i can reach it locally, so it coudn't be wrong could it?)

if my lan pc with 10.10.110.201 (static ip) goes and asks 10.10.110.202 (static ip) to join minecraft i get on

You'll need a live test from the public to confirm the FW rules and static NAT. If you are able to hotspot or tether over 4g you can try testing that way

opnsense makes stuff so easy

shoot me your domain/ip addr, I'll do a port test

you know you can do port tests with online apps?

@thorny vector Juniper does have virtual for route/switch/firewall. If I remember the license cost is actually very low

or just use your phone?

vyos is less complicated then both of these things . . .

and Pfsense/OPNSense are braindead simple

@hollow marlin Cost at all means that its a no go 😄

Lol. I can't argue that

adopting rolling release model for consumers

support costs for enterprises

Turns out our asset manager was tight fisting a shit ton of microsoft product keys, as well as some other products

is probably the most economical way to get support for your platform

I totally raided that excel document

raided?

probably used multi-use keys for certain software

and someone kept it all in one place

@thorny vector can i aslo shoot ya the full router config?

Made him put in on my drive. And nope, these babies were FRESH

@thick minnow Yeah, go ahead. No promises, like juan, I never used ASA stuff, just IOS

asa has 8 router interfaces

had to bridge them together

but on nat i have to do nat on each of them individually

somehow

That might be the issue, nat-ing them for each interface. I also just did a port scan of your ip, no open ports at all

so, what could i do if that's the current running config

im 100% sure i fired off
access-list outboundfilter extended permit ip any any
access-list inboundfilter extended permit tcp any any eq 25565
access-list inboundfilter extended permit udp any any eq 19132
access-list inboundfilter extended permit udp any any eq 19133
access-list inboundfilter extended permit udp any any eq 25565

after the others

If each interface is bridged you are going to have to make the bridge interface (10.10.110.1 or whatever it's set to) the inside and only NAT to that

(Do you not have a switch you can put on the inside, so you can just have a single LAN port, and some sanity?)

unfortunatly: no

dont even have a power adepter to plug it in, and the asa (last i checked) doesnt do poe

1 (inside_1) to (outside) source static src-v4-inside src-v6-outside  destination static dst-v4-inside dst-v6-outside
    translate_hits = 0, untranslate_hits = 0
2 (inside_2) to (outside) source static src-v4-inside src-v6-outside  destination static dst-v4-inside dst-v6-outside
    translate_hits = 505, untranslate_hits = 511
3 (inside_3) to (outside) source static src-v4-inside src-v6-outside  destination static dst-v4-inside dst-v6-outside
    translate_hits = 0, untranslate_hits = 0
4 (inside_4) to (outside) source static src-v4-inside src-v6-outside  destination static dst-v4-inside dst-v6-outside
    translate_hits = 0, untranslate_hits = 0
5 (inside_5) to (outside) source static src-v4-inside src-v6-outside  destination static dst-v4-inside dst-v6-outside
    translate_hits = 0, untranslate_hits = 0
6 (inside_6) to (outside) source static src-v4-inside src-v6-outside  destination static dst-v4-inside dst-v6-outside
    translate_hits = 0, untranslate_hits = 0
7 (inside_7) to (outside) source static src-v4-inside src-v6-outside  destination static dst-v4-inside dst-v6-outside
    translate_hits = 0, untranslate_hits = 0```

You can get a cheap 5-port dumb switch. You can get those to run off USB 5v

That or setup an interface under another subnet that only connects to the server

lol, a /30 for it

Raise you higher and /31

i could do a /30 for it

it's on gigabit 4

That'd probably be easier to troubleshoot

1 (inside_4) to (outside) source static MC-server MC-server  service udp 25565 25565
    translate_hits = 0, untranslate_hits = 0
2 (inside_1) to (outside) source dynamic obj_any1 interface
    translate_hits = 1098, untranslate_hits = 17
3 (inside_2) to (outside) source dynamic obj_any2 interface
    translate_hits = 5745, untranslate_hits = 16
4 (inside_3) to (outside) source dynamic obj_any3 interface
    translate_hits = 0, untranslate_hits = 0
5 (inside_4) to (outside) source dynamic obj_any4 interface
    translate_hits = 31, untranslate_hits = 0
6 (inside_5) to (outside) source dynamic obj_any5 interface
    translate_hits = 0, untranslate_hits = 0
7 (inside_6) to (outside) source dynamic obj_any6 interface
    translate_hits = 0, untranslate_hits = 0
8 (inside_7) to (outside) source dynamic obj_any7 interface
    translate_hits = 0, untranslate_hits = 0```

that was from show nat

gigabit 1 is modem (outside world)

interface GigabitEthernet1/4 abd than give it a ip adress range

(problem: my only connection right now to both server and router, both with static ips, is SSH

so if i pull the server's port off the lan network i lose access to it and access to modify ip

Yeah. You can jank through this, but I'd REEEEEEEALLY recommend getting a switch.

i will REAAAAALY do that soon, but it's nothing i can do at (checks clock) 6:14 am

so i assume our 1st start is to alter the config of the server, before i lose access to that?

Do you have any usb nic's laying around? Can use that to set up your server without losing internet

nope, nothing. all i got is a com-port cable that doesnt reach from my desktop to the router

What is the config for bridging the interfaces?

just slid full config to dm

Yeah you might want to change the inside_X with just inside thats under the BVI

in nat?

that was the original, shit didn't work

It should work. The current setup with NAT, specifically PAT, will be fine. But you are now dealing with static NAT that would not know what zone to forward too

if i can be honest, ya lost me

fyi, witht the thing i gave you, if you want, i can just delete all current config and start over

as long as we keep the ssh

NAT is just network address translation, really is a 1:1 translation. PAT is port address translation which is a subtype of NAT and dynamically will assign an external port and translate many:1. This is what people are used to.

if i can say my most fervent wish: i can keep my bridge and my current subnet and everything works (if that's possible)

When you PAT the bridge will keep track of the MAC table and the NAT translation table will keep track of the src IP. With static NAT it needs to know where to forward it and where interface based NAT rules fall apart with bridge domains. At least my assumption ASA would treat it that way as other vendors do

Thats where Junipers commit confirmed is amazing, you can wipe a config, make all the changes and if it breaks it will roll itself back after a set period of time

i got what i got

i can have a Netgear ProSAFE GS108E - Netwerk Switch - Smart managed for 27 euro in about 24 hour

scratch that @hollow marlin it's here in 11 hours

Quick google on cisco community and apparently on the 5506 BVI and NAT is broke as shit and the work around if for NAT on interfaces. They never fixed it apparently.

so for now, im letting this (issue) rest for the next 11 hours, are you ok with being pinged in 11 hours?

Well one last thing to try is remove the MC-server NAT rules off every port except for the port the server is plugged into for shits and giggles.

And yeah ill be around

than we have a router with 1 port in 1 port out && a switch

Yeah much better

so, how can i yeet off the nat rules?

just before sleep

should just be no nat (inside_1,outside) static MC-server service tcp 25565 25565

can a router that takes WAN get internet from a LAN port

ERROR: nat config not found for object MC-server

I would just type no and ? each time to see what it allows you to enter. IOS just is no then the config

for acl line 14 would overwrite line 1 right?

@hollow marlin i have a feeling it's my ACL that's been doing me in all this time

and that on the inbound filter rules arent in the right order

access-list inboundfilter line 2 extended deny tcp any any eq telnet log disable (hitcnt=0) 0x4e51306b
access-list inboundfilter line 3 extended deny tcp any eq telnet any (hitcnt=0) 0x5366c6ec
access-list inboundfilter line 4 remark Deny NetBIOS and SMBv1
access-list inboundfilter line 5 extended deny tcp any any eq 445 (hitcnt=0) 0xe7a2bd10
access-list inboundfilter line 6 extended deny tcp any any eq 137 (hitcnt=0) 0xebe3ba0b
access-list inboundfilter line 7 extended deny tcp any any eq netbios-ssn (hitcnt=0) 0xa30a8185
access-list inboundfilter line 8 extended deny udp any any eq netbios-ns (hitcnt=0) 0x07c5ce06
access-list inboundfilter line 9 extended deny udp any any eq netbios-dgm (hitcnt=0) 0xf87b43fa
access-list inboundfilter line 10 extended deny udp any any eq 139 (hitcnt=0) 0x7e4087aa
access-list inboundfilter line 11 extended permit tcp any any eq 25565 (hitcnt=0) 0xc286da98
access-list inboundfilter line 12 extended permit udp any any eq 19132 (hitcnt=0) 0x65b3fc23
access-list inboundfilter line 13 extended permit udp any any eq 19133 (hitcnt=0) 0xd54bf3b9
access-list inboundfilter line 14 extended permit udp any any eq 25565 (hitcnt=0) 0x2a68cad9```

Hey guys, So my girlfriend just moved into a basement appartment and her internet is horrible there, Shes using their wifi for now, in a couple of days her internet provider is gonn head over and see if they can set up her own internet downstairs, But shes freaking out because she doesnt know if its gonna work out or not, They have a coaxil cord coming from the upstairs into her room,which makes me believe that she'll be fine, but If they end up not being able to setup her own internet is it possible to get her own router from that coaxial cord? Maybe i get a coaxial to ethernet adapater then she can buy her own router?

@covert sentinel if they can max the coax cable "active" (aka ensure it has signal coming in from the street) there's no reason she can't have her own modem connected.

This will probably require her setup her own internet account though, at whatever the costs are.

Okay, yea apparently the cords down there for cable, someone used to have a cable box down there

She has an account, shes just moving it over and is unsure if they can set it up in the basement

i think its 2 different internet providers

Most cable providers can set up multiple modems as long as the house receives service from the provider. Is this in Canada or USA?

Canada

Sorry

All good. West or East coast? 😄

I forget what her provider is sadly

Missisauga

so east

Ah kk, I'm mostly familiar with ISPs out in West Canada. You guys just have a few more resellers to choose from, in addition to the big 2 (Rogers / Bell) but otherwise it should be similar over there when it comes to connecting multiple providers to an address when there's a basement suite or rental.

So you think she'd be fine?

If not any suggestions on ways she can improve her internet down there? its really bad, we cant even videocall anymore

Improve the source of wherever the WiFi comes from. Which either a) means upgrading the existing accesspoint or b) moving closer to it. Totally get that a) might be impossible if it's not her's to upgrade, but that's really the best way to make WiFi better.

Damn, She cant do anything with that cord?

Like get a coax to ethernet wire?

Uhhh that's not how Coax works. There are MoCA adapters that can use existing Coax wiring to create an ethernet network, however, that requires an adapter at each end, AND nothing else in the home can really be using Coax for other things unless it's explicitly compatible.

Ur gf is bugging out she has a cable the isp just need to attach a modem and give her a connection

Tell her relax ffs

Even if its a different isp? @thick minnow

and @ornate jungle Thank you so much, you've informed me about alot lool

Whoever owns the cable network

shes with a different company

Then call the one who owns the cable network

they already have internet, she wanted to know if she can move her provider there or if she'd need to join the company thats at the residence already

Ask the isp they should know

Kk thanks

Hey guys

I want to work in Data centers or in servers and im trying to learn code for them

any recomendations?

wdym by code? there are so many sub catergories

kubernetes, ansible, maas, etc.

openshift

openstiack

@dusty harness

Like code to move through the OS. Like a data scientist

ik linux is the go to and i use linux

but i just want to know if there is any automatization that i can make

in datacenters I think it's a lot of automation

stuff like ansible

Is SQL useful?

ansible can be useful

SQL is more on the developer side, but it won't hurt to know it

Ansible is basically a way to automate tasks, like lets say creating a VM and installing an OS on it

Thanks man!

I'm learning ansible rn, in my homelab

Do you know any websites to learn?

or its just self taught?

I just self-taught, using the docs

https://docs.ansible.com/ansible/latest/user_guide/intro_getting_started.html

a homelab can help with learning, either locally or in the cloud

thank you man!

Can I “hack” my schools password protected wifi? Its WPA2.

could you, probobly, should you, no. Will I help you? no.

We have got the password to the other wifi but we have another building with a different password

so idk

it should work now 🙂

took me hours and hours

to get that fking port forwarded

not your normal router..

@swift hornet if you want to play make pretend to be be a hacker by clicking a button go for it but no one here will help

sad

Hi guys!

Grabbed a 500GB SAS Drive for £10. Not sure if I'm able to use it aha.

you have a SAS cable?

you will need an adapter

Nope none of that

Wait it says sata

But looks like a sas

oh it's in a caddy

yeah it's SATA

Yay

is that a dell or hp caddy?

Don't know

take a pic from the front

Think it's HP

Thats HP indeed

yeah

Yes. Is it good for £10m

*?

depends on the SMART data

If it relatively healthy?

but if SMART shows no errors, then yeah

yeah

What's special about it?

Idk anything about these drives. Is it good for 24/7 operation?

Ideally to host my Lineage builds for download

yeah it's an enterprise drive

they go for 45 bucks

the caddy is like 5-10 more bucks

Noice

Theirs loads of them

plug them in and check smart, if you don't need the caddy, then you can sell the caddies

they look like older caddies though

they newer ones have the drive status light

Won't power off of USB, Guessing it'll need to be internal, desktop only?

I have one of those sata to usb readers with an external power brick, I think usb power may not be enough

look up MTBF on the drive

check how much SMART reports

if its <50%, i would only trust raid 1

using a filesystem that is fault tolerant like btrfs

SMART doesnt always report problems, drive may return corrupt data without any notice

btrfs can at least, verify checksums on both mirrors

yeah, btrfs or zfs for critical data

For more indepth nerding: https://www.youtube.com/watch?v=yAuEgepZG_8

Level1 has good topic on this

He explains the situations in which SMART may not report correctly

and shows how filesystems can remedy this

Because not every RAID controller can properly read and act on SMART data

i found an old pci express ethernet adapter with product name intel gigabit ct2. Does it have any resell value or should i keep it in case i ever need it?

i found it on newegg for 139.99 but that cant be right

it's from 2008 and gigabit is found on almost every motherboard anyway

yeah thats what i thought

if it was more than one NIC then maybe

like 4 ports

its just 1

yeah

however, i have access to 2 dsl lines, is there anyway i can combine the bandwith now that i have 2 total ethernet ports?

ive heard of some software called speedify but that includes a vpn and i dont want that since you cant turn it off

kinda like what linus did in an old video but with no extra hardware

wdym by 2 dsl lines? 2 from your isp?

basicaly

shouldn't they be bonded at your router?

its a bit more complicated

i have a line at my apartment with a modem-router

and i have access to the modem-router of the apartment right next to me

so i can get an ethernet cable from there to my pc

hmm, it may be possible, but not combined bandwidth

but that's over my head

thanks for your time

if anyone has a solution for this please let me know, internet speeds here are so terrible that it will really make a difference

@fallow python https://www.youtube.com/watch?v=tqbnjgbtDl0

You need some kind of internet service, that allows you to bond two connections together

that is, if you have more than one way to access the internet

If you can get bonded DSL, its faster and easier

say, 2 phone lines, can be stacked for roughly double speed

ive got one line with 30/3 and one with 12/1

Are they both DSL or cable?

both dsl

yeah check that video

idk if there's alternatives to what they are shilling for

do some looking around

it wont speed up single downloads!

dont i need that weird box to combine them?

but it allows multiple connections to be load balanced over the two connections you have

so a load balancing router?

yeah basically

ISPs that provide this, basically provide a way for you to tunnel through their network, and exposing them as a single IP

look up "connectify dispatch"

its a discontinued programm that did exactly what i want to

yeah you can do that on windows out of the box

don't need some weird program for that

how?

its called wifi tethering

same way that phones can do it

your computer can tether ethernet to its wifi antenna

its under wifi in windows settings

im not talking about that

thats connectify hotspot

dispatch lets you combine available connections to increase bandwith

even for single downloads

yeah this is some weird ass windows stuff

¯_(ツ)_/¯

idk shit about this

oh well

I use linux :3

glad I dont have your problems lol

but wait

even if i cant bond the 2 connections, shouldnt i be able to just run 2 ethernet cables to the same router to get better lan speeds?

https://wiki.mikrotik.com/images/0/04/PTLB_NetworkMap.jpg

This is kind of what you are looking at

@fallow python yeah, if you router supports it

it won't speed up single downloads though

^

one connection can only be one of the two DSL connections

with Per-Traffic Loadbalancing

you can prioritize certain ports and services to use other connection

@hollow marlin enlighten us

Bonding will get net you true combine bandwidth because it utilizes ATM. The only issue is you will need matching or similar speeds or it can overload the buffer on the blades

isnt ~25 simillar enough to 13?

not for adsl

No, too much of a difference

bonding is also less reliable than single line

but thats another story

Yes, do to the nature that DSL is arse and interference can knock out channels are cause a resync of both lines. Especially when you get to the limit of ADSL2, 25m

fiber ftw

no fiber in my area 😦

my isp installed fiber lines directly next to my house but said "it will take a few months for them to be activated"

that was a year ago

do you have a patch box yet?

or is it just the tube?

not sure

the problem

is that they have to do a laser test on that

and requires two people

they literally put laserpointer on the fiber and see if it works lol

in datacenters they do that too, they use special connectors on the fibers that let red light through

so if you put laserpointer on the other side

they light up brightly

the fastest internet you can get here is 200/200 but thats only in 2 cities in the entire country. the rest are stuck with 200/20 or 50/5 at best

I was on 4/0.6 for the longest time

only had fiber installed last year

most people here have "24/1"

wich is basicaly 5/0.5

yes I was screwed like that too

whats ur ISP?

vodafone

what country?

greece

oof

every isp in greece is terrible

yes

because they all rent the lines from the same ISP

exactly

and that ISP doesnt care

because not their customers

so service is bad

if you get adsl 24mbps its 5mbit download

literally ^ every dsl provider

in the world

they need to innovate

fiber is the only way to improve

^^^

what are internet prices like in coutries with wide fiber coverage?

here you can get 100/10 with like 40-50euros/month

it's 940/800 fiber advertized for $70 bucks per month but in reality it's more like 120-140

250/250M internet, 10G LAN

there is this one new isp thats starting to pop up that offers 100/100 for 28/month

$28 neat

@tame carbon this is my old setup https://cdn.discordapp.com/attachments/387022787480387605/757965429808562256/20200921_201321.jpg

@clear igloo YEET

the wooden board xD

https://blob.rocks/HlvEtTwmKG.png

@peak cloak I went from pile to rack

now it's in a rack

I skipped the board phase

only equipment that is bolted to the wall

https://blob.rocks/R3ONIw0odn.png

is sockets

like fiber box

and PoE injector

but that's only two devices

you don't have a poe switch?

the devices I got came with them

¯_(ツ)_/¯

then use a PoE switch?

Lol

for the IPcams I bought a cheap 5 port PoE (4 poe) switch

but that's another building

@rocky badge and give up a U in my rack?

its only 12U

Then replace the current switch?

there isnt one

its just a router with 10 ports lol

🤢

my access switch is fully PoE on every port

the switch is other side of the building

Core switch has 10 gig

yeah but core switch is elsewhere

Access with PoE+

all of it is done with VLANs

I have some of those old cisco catalysts

All of my networking shit is in one place ¯_(ツ)_/¯

they are so heavy

and huge

it's not that large lol

they were like three times as deep as the cheapo switches

nor is it really heavy

3500G

I believe

I have heavier shit ¯_(ツ)_/¯

and deeper shit

do you now?

it's only 15" deep

hrhr

My R620's depth is like 28"

god damn laptop ethernet jack is fucked

https://i.imgur.com/ZMKTNNa.png

RIP X11 session

@rocky badge would it be wise to mount such a switch on a 2 post rack

Yee

all of the IDFs at school are 2 posts

I never have confidence in my 2 post rack

And they're similar to my switches

it's heavy, but like...

two post?

and the IDFs hold like 8 switches

is that just a piece of sheetmetal in a U shape?

some IDFs are 2 post, some are cabinets

mine has lock and key

https://cdn.discordapp.com/attachments/623265423533801483/760292227037003786/20200928_200937.jpg

but you can take sidepanels out without a key facepalm

the room is locked

with cams

that's it

its in the attic, and there's no stairs

then the doors lock

you need a big ladder

ipcams outside

xD

I think I can mount another post in the back if I can find the right part

I got it for 50 bucks

So the other 2 posts will probobly cost me like 2x the original rack

tbh 2 post is probably fine

as long as it's balanced

wdym by balanced?

a rack in the school MDF is actually 2 post

not too heavy on one side

you shouldn't have an issue though

looks sturdy

yeah, it's pretty heavy

not too heavy on one side

but everything is one one side

like don't rack shit in the middle lol

of the actual device

oh ok

some shit supports it

all of our 2 posts at school bolt to the ground though

but here's a smaller IDF at a middle school

how would I mount servers, I've been looking into buying a server like a DL20 G9

yeah, my dad's work has something similar

Ours are just ears

if there's one

but most servers are in cabinets anyways

with rails

hmm, I'll probobly just put them on the bottom

and not mount them

the DL20's aren't deep

yessss

@rocky badge ❤️ extreme

Extreme yeet

I didn't realize Extreme ripped off Calix's color

extreme had it first

Extreme is 3 years older so yeah. Calix went blue during the dark times of the B series and back to purple in the E series

Gonna see if the car talks to the charger directly via the physical connection or over the LAN/internet

Would be interesting

physical of course

LTE connectivity is an option you dont have to take... so what happens at a public charger and how does the public charger know its your car?

It knows where you're at

and how long you've used it

and how much you've used

So it can bill you

right but im not talking about just tesla chargers

theres tons of public chargers run by other companies

they also bill you

the public charger doesn't

Because that's handled by the charger

The charger is on their network

yep

I'm talking within the tesla network

so why wouldnt the tesla ones be on the network too

then what was this physical of course

lmao

the charger connects to the car with a physical link

¯_(ツ)_/¯

I'm thinking it also uses the network

is it normal to have a bunch of ARP broadcast traffic, like every second

yep

reduce it with static arp!

@hollow marlin lets talk about natting

what happens when my firewall has an address of .10 but nat rules for .11,.12,.13,.14 ?

Yes, @clear igloo , that is correct

it generally wont answer ARP request for .11-.14

@rocky badge how do we fix that?

We talking WAN or LAN

LAN but DMZ area

@peak cloak post packet capture to here with arp filter

@hollow marlin i think his network died

lol

Simple secondary addresses on the LAN side should work with NAT

https://www.reddit.com/r/networking/comments/jb9zsq/how_many_network_adminsengineers_should_my_team/

2 for WAN, 3 for LAN, 3 for wireless, 3 for phones 🤔

engineers ^

operations... lets say 5

oof. Our networks team is counts... I wanna say 18-20?

For a large university.

@waxen scroll Total 5 under engineer with "and other responsibilities "

@waxen scroll

Thats normal

Who is .49?

@peak cloak https://blob.rocks/APqUi8xj6J.png

@waxen scroll my desktop which is turned off

Forgetful IoT

its still asking who's 10.0.30.1

That's normal if something is trying to reach your desktop

yeah thats what I thought

never knew there was this much broadcast traffic on a small LAN

I always want to slapp blob for using 10 space on a home network

@hollow marlin what do you think

Wellllll... I use 10.150 because I'm too lazy to type 192.168

I use the 10 space, is that bad

It's bad because if your company isn't one that forces all traffic though VPN, it's possible that your 10 address conflicts with something on their network and could possibly prevent you from reaching out

So if blobs family uses vpn, his net could conflict

Us IT people expect 192.168.0.0 and 1.0

Hmm, both parents use VPN for work, had no problems

Also I think verizon ISP routers use the 10 space

All depends on their works subnet. I know my network so it's no problem but yeah it can break things if you use the subnet

The 10 space in your ISP is not involved. You PC is what will decide to either send traffic over the VPN or routed as normal

I meant that verizon provided consumer routers use the 10 space

VZ mpls also uses 65000. I hate that

Use your public asn idiots

If ATT can have 4 public mpls asn why can't VZ do more than one and not private

VZ, because screw you!

Sprint MPLS... I hope you turned qos on!

Just a question is there any 3 pack of wifi 6 mesh routers for under $400?

USD

I mean if you want to save money, do you really need wifi6?

Probably not 😂

Ok I'm pretty much a mesh noob but how does dual band vs tri band mesh compare?

I have a very large older house

Don't know much about mesh myself

Welp

someone here will probably know though

@waxen scroll typically when they use private ASNs is because they don't know how to use communities

what's the difference between private ASN's and public ASN's?

you can rent one

private is free

private not allowed in public networks like the internet

what are ASN's needed for in the internet? Isn't it an identifier for an ISP?

pretty much

its also used for loop protection

if im ASN 1 and another provider ASN 10 learns my routes and sends them to ASN 2, if ASN 2 sends the routes to me (ASN 1) i drop them

anyway. worked at a company who used 65000 as their main datacenter ASN and then they onboarded verizon

theres ways around it, but its so stupid VZ is even using private ASNs

So im looking to get into 10gb networking and I'm thinking of just getting two used sfp nics on ebay since I'll only be the only one in my residence to access my NAS and set it up for p2p but I'm thinking there's no reason for me to get a sfp switch right It would be technically easier but I'm willing to get my hands dirty

correct. no reason

just keep in mind that you'll have to do static IPs, bla bla cause no router

Yeah i dont have a issue with doing so

Is there anything better than google nest wifi for the price?

I'm having a hard time trying to find something better

@rocky badge yesssssss ubnt PDU

Who's excited about SecurityOnion Conference?

what's security onion

never heard of them

hmm

https://github.com/Security-Onion-Solutions/security-onion

this looks interesting

@peak cloak One of, if not the best open source network monitoring suite

and they just put out a new RC of security 2.0 in september

is there a decent free online tool for doing a network/home layout?

for a network map

draw.io

ooh

thanks

oh no

oh

oh no

what have i done

Has anyone has successful with getting vyperVPN to work on a unifi USG?

can someone help me set up port forwarding in my router?'

my dad doesnt know how

@olive pine sure

oh thanks

do you know how to get to the control panel of your router?

yes i do

have you found the port forwarding settings?

(its different with every brand)

the router is DIR - 615

Yeah that won't help me

d link

screenshots preffered

oh ok

dms

ok

also my internet right now is super trash

used paint instead - thinknig of getting UDM Pro and a few APs and a switch, thoughts?

^ better than most people can come up with

@flint matrix seems reasonable

though I am not a big fan of using unify

but its easier for less tech savvy users

compared to what?

Mikrotik

Mikrotik hap ac isn't available in newegg in my area

@tame carbon Well, I look at it this way. the more comfortable they are with an OS, the more often they'll check it for something.

u wot m8

you have to use unifi to even configure the damn things

@rocky badge that feel when you want to use animated blobs in LTT but dont want to pay $5/m for it

do the unfi AP's not have their own web ui?

nope

wow, that's stupid

I like how Omada is just no bs

You want web ui, you have web ui

You want to have a controller, you can have have a controller

UniFi Command Line Interface - Ubiquiti Networks

   info                      display device information
   set-default               restore to factory default
   set-inform <inform_url>   attempt inform URL (e.g. set-inform http://192.168.0.8:8080/inform)
   upgrade <firmware_url>    upgrade firmware (e.g. upgrade http://192.168.0.8/unifi_fw.bin)
   fwupdate --url <firmware_url|firmware_name> [--dl-only] [--md5sum <sum_of_fw>]
            [--keep-firmware] [--keep-running] [--reboot-sys]
                                   new firmware update command
   reboot                    reboot the device

UBNT-BZ.v4.3.20#

can you setup the AP with the cli, or just basic stuff

nope. the menus right there

upgrade it, see info, reset

that's a meme

yeah, you need the app

literally the apple of networking, makes it so "simple" yet so complicated at the same time

L3 in a switch is an advanced feature to them so it doesnt surprise me

i dont think its simple at all

i dont think a normie can just go in and get it working

same with meraki

Not through CLI but a basic GUI would be more than enough

i disagree

you have people coming in here going "how do i forward minecraft" on netgear

ON NETGEAR of all thing!

you cant do that, you arent figuring out ubnt

😄

A copy paste of just the AP section of the GUI in the controller is what I am referring to. SSID, channels, etc. Similar to what the app does I guess

@waxen scroll uname -a

and if that dont work, try rm -rf --no-preserve-root /

Can anyone suggest a good wifi extender? My girlfriend recently moved into a basement apartment and their wifi is ass downstairs

wifi extenders all suck

Run a cable, with a 2nd access point

i know but she has no choice, her provider said they cant give her her own internet down there because she doesnt have a phone line, only coax

she can do that?

idk, can she?

we'd need permission from her landlord, they live upstairs

If you have internet elsewhere in the house

you can try running an ethernet cable

she has a coax cable running from upstairs to the downstairs

but thats it

you can use moca

but moca converters are expensie

Powerline ethernet is still superior for home applications

how expensive?

@covert sentinel you do have internet in that building currently?

She does yea, shes using wifi but its so bad downstairs

Have you looked into ethernet over powerline?

the only thing she has in her room is a coax port

They plug into the wall, and use the housewiring to transmit data

would they need to drill holes?

no

her lease says she cant damage the walls

It just plugs into the existing house wiring, you have two of them

aka drill holes for anything

one near the router, and the other wherever you need internet

it looks lik ethis

Can she do it herself or would their provider need to come out?

no, you can do everything yourself

you can buy these online

they come as a set of two

the only reason you would need a tech if it's something on the ISP's end

https://www.tp-link.com/us/home-networking/powerline/tl-pa4010-kit/.

if you want wifi in the basement, you'd also need to pair that ^ with an access point

access point?

like a router?

router is a router

access point provides a wifi network

most home routers are an "all in one"

ah okay makes sense

so they are both an AP and a router

@peak cloak we need like a list, or set of "often used solutions" we can link

Ah can you help me find a ap? cause im confused haha

because amount of times a day, people ask for this exact problem

@covert sentinel mh. I'm afraid my recommendations will fall short for non tech savvy users

yeah

I don't know what else to suggest beyond Mikrotik xD

i just need anything she can buy and connect to the powerline

omada

for wifi

cause we video call alot

https://www.tp-link.com/uk/business-networking/wall-plate-ap/eap225-wall/ ?

https://static.tp-link.com/EAP225_WALL_EU_2.0_01_normal_1531876327635f.jpg

https://static.tp-link.com/EAP225_WALL_EU_2.0_02_normal_1532072874532c.jpg

https://static.tp-link.com/EAP225_WALL_EU_2.0_03_normal_1530252242236s.jpg

Thats a wallmounted AP

though I find it rather expensive

Okay thank you, Ive learned quite a bit

powerline might work

@covert sentinel powerline is step 1.

it depends of they have a empty plug up there

any wifi AP or home router will suffice to provide wireless

and if the connection will be strong since shes downstairs in the basement

@covert sentinel wifi extenders are the worst solution, because it adds more noise to the signal space

so the better solution, is another access point, that is wired

yea she was gonna drop 90 on a extender, and i said no

i knew there was a better choice

make sure powerline works well

^

how would she do that

powerline quality deoends on alot of factors

guys is it normal that mesh Wi-Fi doesn't work well? for example my phone doesn't sometimes pick my secondary repeater/access point if I'm not already connected to the access point built in the router or sometimes it keeps connected to the secondary access point even when it isn't the one with the most powerful signal.

Powerline has its niche uses, both sockets need to be on the same phase/circuit

I would buy one and if it doesn't work well return it

@lofty pumice yes wifi mesh is bad

ok ty guys 🙂

appreciate it alot

@covert sentinel what PresentMonkey said, order the powerline kit, test it. if you cannot get it to work due to house wiring. Just get a refund

and then consider alternatives

Alright ill let her know, i really hope it works

@lofty pumice yes wifi mesh is bad
@tame carbon is there any other methods the extend the wi fi range? I've stted all the settings perfectly on the repeater, frequency, channel, ssid, security, psw.

@lofty pumice scroll up, @covert sentinel had the exact same question

and if it doesnt what are some good alternatives? Can she set up a router downstairs if she goes through their provider?

like get a extender?

@covert sentinel well, an ethernet cable is the only reasonable solution

extender is a last resort

wifi extenders add more problems

they are very unreliable

not wifi extender, like have the provider come out and add a router downstairs through the coax

is that even possible? sorry im ignorant haha

You'd have to get a 2nd subscription if you wanted that

if at all possible

yea she'd be willing, i guess she'd have to call and ask

@covert sentinel isn't having a second access point the same as wi fi mesh?

no

mesh wifi connects to your existing network, and makes another network from that

because the backbone is over ethernet not wifi

takes up more wifi bandwidth

@peak cloak we need to set world record for longest mesh chain

buy 100 wifi extenders

and see how far we can get, before our pr0n stops streaming

because the backbone is over ethernet not wifi
@peak cloak my "repeater" it's a powerline one

I use this kit

https://www.tp-link.com/it/home-networking/powerline/tl-wpa8630p-kit/

so the backone is not over wi fi @peak cloak

interesting

@covert sentinel https://www.tp-link.com/us/home-networking/powerline/tl-wpa7510-kit/

@covert sentinel this does the same, but has the wifi built in

okay that works

https://static.tp-link.com/TL-WPA7510KITEU2004normal_1551163818815p.jpg

@tame carbon but as I said I'm having some minor problems with it

mh?

does it have a LAN port underneath?

so you can verify without the wifi

verify what?

yes it has 3

could be the powerline itself that is causing issues

no the connection is working

it's about the mesh wi-fi

mesh wifi is something else

what do you mean with mesh wi fi then?

https://i.imgur.com/UqHvTP2.png

mesh is just, wifi, between two access points

so is my wi fi a mesh?

I have the access point in the router and the one in the powerline

You just said it yourself, it is a powerline backbone

so no

nah, you just have two basestations

a basestation = an AP

oh ok

and it shouldn't work with these problems?

if you have both networks configured on your client, client should pick the one with the strongest signal

if you want roaming capabilities, for seamless handoff between access points

you need a controller

what's a seamless handoff?

roaming

so connection doesnt drop when it switches from one AP to the other

if you move from say, upstairs to downstairs

I'm not English mother tongue sorry

if you have two APs, A and B

and you are connected to A, and walk towards B

if you move from say, upstairs to downstairs
@tame carbon yeah but thats not the problem

it's like the transition is unhaven

Yeah, it uses network A, even though B has stronger signal

typical

xD

is there any solution?

I just explained that to you

Its called seamless handoff, and is most often used in enterprise grade networks

ah ok sorry

thats why the wifi in a university just works

Its called seamless handoff, and is most often used in enterprise grade networks
@tame carbon so you wouldn't suggest that?

@lofty pumice Unify networks has solutions for this, but its rather expensive

@tame carbon isn't there an IEEE standard for that

like 802.1v or k

Unifi does support it, 802.11r/k

Not seen that on any consumer grade routing gear

hmm

At the consumer level Unfi is all I know that does

mtik can do it too

like 802.1v or k
@peak cloak 802.11f (IAPP)?

I think Omada may, idk though

wthout the controller

@lofty pumice quoting from wikipedia: 802.11k is intended to improve the way traffic is distributed within a network. In a wireless LAN, each device normally connects to the access point (AP) that provides the strongest signal. Depending on the number and geographic locations of the subscribers, this arrangement can sometimes lead to excessive demand on one AP and underutilization of others, resulting in degradation of overall network performance. In a network conforming to 802.11k, if the AP having the strongest signal is loaded to its full capacity, a wireless device is connected to one of the underutilized APs. Even though the signal may be weaker, the overall throughput is greater because more efficient use is made of the network resources.

@hollow marlin does this work with any 802.11b/g/n client?

or does the client hardware also have to have support?

@tame carbon r/k is probably the top 5 most demanded on Mikrotik forums too. Many want this added with capsman

@hollow marlin I was under the impression, that caps does this already

Unfortunately no, you have to use access-list for signal to kick clients in the head to roam. I cannot remember is r/k need client support

I do not think it does

I could be wrong though

so for a seamless handoff I need to get an entirely new ap?

@hollow marlin good that I know this now, before investing xD

I have to set up a big wireless network end of this year for my dad

still unsure what exactly to get

Its supposedly going to be 5+ APs, covering quite a large outdoor area

anyway thank you for your help @tame carbon

@tame carbon Proper AP placement and adjusting power matters far more than r/k support. You can add on the access-list rules to then kick a client when it gets to -80 to assist with "roaming"

If you have time listen to some podcast that have wireless engineers for events such as stadiums or conferences. They dig it in heavily that placement/power/bandwidth per user is 90% of the user experience. r/k are just a nice bonus.

It will also reinforce you to never want to be a wireless engineer

For my wedding last year we rented a large tent in my parents backyard in the mountains. Basically zero cell service but they did have a 400meg Spectrum connection. I setup 5 hAP ac2 in capsman and had many 100-150 connected and worked flawlessly.

@tame carbon Proper AP placement and adjusting power matters far more than r/k support. You can add on the access-list rules to then kick a client when it gets to -80 to assist with "roaming"
@hollow marlin unfortunately my 2 ap don't offer that kind of settings

capsman iirc is a mikrotik thing

is it important to set the same channel on two different ap for a better transition?

or for a better experience in general

for some reason i cant connect to my router admin page

ive tried all the 192.168. whatever there are

https

nothing

What router is it

netgear r7000

frontier is isp

had no issues accessing the admin page 3 months ago

netgear r7000
@thick minnow just check the ip on the phone, do you have an iphone?

i did

tried that too

the problem is that you can't find the address for the control page?

it just connect infinitly

whenever i reset my router i can access it for like a minute

47.186.xx.xxx

^ ip adress

So you're trying to access it externally ?

that's you public ip

im on ethernet

what's your gateway ip

on windows just show me the output of ipconfig

Netgear usually set their IP's to 192.168.1.1 for routers

thats what cmd says

connect to that ip

exactly

ive been able to connect to it previously

but not anymore

i havent done anything to the settings on the router other than portfowarding

are you connected to the router?

yeah

sorry stupid question

over ethernet

all good

same thing happens on my phone

and on firefox, chrome, and edge

tried it with a vpn on

nothing

so when you reset it you can connect but only for a minute?

yep

when it first boots up i can connect to it

but the second i refresh the page i loose access

Are you still able to ping the address?

is it still warranted?

and nope

ive had the router for like a year

or so

have you tried factory resetting it

holding the reset button for like 10 seconds

Maybe if you could flash a new firmware in

I don't know if that's possible

id try to keep factory reseting at a last choice

since i have alot of people using the wifi

do it later, when no one is using it

when i got into the router setting it says most recent update

Can you try going to www.routerlogin.com and see if it will work?

and when i click check for updates it says i have the most recent version

Or www.routerlogin.net

nothing for both

also ive tried it in incognito mode on chrome

ands till nothing

if you have zenmap /nmap check if port 80 is open on 192.168.1.1

how do i do that?

I would just wait until later and factory reset it

https://www.whatsmyip.org/port-scanner/

yeah

because its starting to be a huge pain in my ass

@lofty pumice that won't work

check here

that's from a public ip

The port is not open, getting a TCP reset due to that

^

says it not open

nvm

says timed out

the website?

don't use that website

ok

that scans your router from the WAN interface

of course it won't be open

yeah now this is getting into territory Im not familiar with

Or download putty and telnet

why tho?

telnet 192.168.1.1 80

Because that will tell you if the port is open

you could try with something like fing on your phone and scan ports for that ip

yeah, you don't need putty for that, windows has it iirc

telnet won't, ssh will

Yes telnet will

only if a telnet server is on port 80

iirc

why would telnet be on port 80?

im so confused....

exactly

so what should i do?

portchecker or something?

i would use fing on a phone

you can use to scan the network, then scan the ip for open ports

alright downloading it now

Guys the port is not open, its a waste of time. Just factory reset it

I'm starting to doubt many of you have any networking experience. Using putty or installing the telnet client on Windows you can see if any port is open

Guys the port is not open, its a waste of time. Just factory reset it
^

Like i can get into the router settings

but only a minute after restarting it

anyway i can change it there

or just factory reset?

Sounds like the firewall service starts and blocks the port

I'm starting to doubt many of you have any networking experience. Using putty or installing the telnet client on Windows you can see if any port is open
@grizzled cove then you would know that an error_connection_reset is a response from the firewall

This is just confusing them for no apparent reason. The admin page is refusing the connection, could be from a bug, bad firmware, or vulnerability.

ok fing says that i have 4 open ports

80

631

8443

and 20005

If it does this, you know the port is open

with telnet?

If it hangs it is not open

Fing saying 80 is open I believe it

I still think it's handy to have the telnet service installed for basic troubleshooting in the future

ok

but now what?

is it the firewall?

Just try http://192.168.1.1

^nothing

telnut

K, reset it

ssh > telnet

What are the benefits of switching from IPv4 to IPv6?

hehe

no NAT, usually

on application layer, nothing.

but NAT is obsolete, dhcp is obsolete

Well if fragmentation is needed its all handled by the application in v6. Outside that v6 all the things

@thick minnow just factory reset it dude, we could throw all sorts of suggestions at you and get no where

yeah seems like ima just do that

cause this has been a pain in my ass for 2 days

alright thanks for the help

ill let you know how it goes.

Well if fragmentation is needed its all handled by the application in v6. Outside that v6 all the things
@hollow marlin I don't really understand.

Response to Crystal, v4 can fragment if needed, v6 can't and the application must handle it. Nothing you need to worry about

Ah ok.

v6 has no fragmentation? I mean makes sense with 128 bit addressing

more overhead

How do I know if my router or device support v6?

most modern routers should

should