#networking

500 mbytes /s = 4 gigbits/s

you can't do that over wifi

nor normal ethernet

yeah that's 500 megabits

it is

wifi?

also speed is a 2 way thing

the server needs to be able to handle it

epic has a pretty good CDN

but depending on your ISP's peering, the link between your ISP and epic may be congested

that's english

peering is when your ISP basically "buys" internet from other ISP's

a good ISP has many peers

https://bgp.he.net/

they will have some data

click on AS number link

mine has like 1000 ipv4 peers

you can have a really good speed to your isp's speedtest servers, but a poor one to a server outside of your ISP's network

Fair assessment i see the solarwinds products are still on the azure marketplace so they are standing together.

Well, they are patched for the hack. But their stock took a nose dive, and I doubt anyone will be readily trusting them again for a while.

I wouldn’t call it standing together. More like there’s not much to replace it yet. Companies with smaller shares like PTRG have a chance to gain a LARGE market share if they play this right.

Everyone should just convert to the almighty Splunk.

Do you think some of the functionality could be baked into Azure core in time? Microsoft aren't known for originality and their security and monitoring isn't terrible out of the box already. A lot of work done on compliance too which they stand out as a more mature one stop shop provider of infrastructure and software solutions

Ehhhhh, maybe. It gets dangerous muddling the waters like that. Adding that much management capability to an already essentially complete product means you have to slap on a lot of stuff it wasn’t originally designed for. Also, cloud and SaaS can die in a hole. People and organizations are becoming too reliant on having someone else control their infrastructure.

It has its place, especially when you start talking high availability and easy expansion of services during peak hours, but nowadays if a provider goes down, entire business sectors will go down. And that’s a dangerous thing.

Yeah we are all in with Azure. It's got its pros and cons but i would hate to on prem or co lo again so will take the rough with the smooth. We are simply e-commerce so no government worl, healthcare, military etc so we wouldn't be missed being offline for a dew hours as long as that's all it was.

Just passed my az-900 having been working on the platform for about a year, now going for the az-104

But do you have any loss of profit/sales assurances for missed opportunity costs for when you go down?

Yes there's that but its all a balance, whether you go high availability, hybrid, on prem etc the more 9s you add to the availability the more it costs, to the point it's better to accept small level of downtime over a higher level of cost. Sorry for slow and poor typing, on mobile right now.

No worries, same. I work for a cyber security team, so I get icky feelings whenever I don’t have physical control over my data/hosts. I even rolled my own email server so I could be in better control.

(Although I will never do THAT again)

thought you were a fellow pro, hence the friend request. Been working in IT since 1999 after college and dropping out of uni to start first business

Recent professional join. Been a script kiddie for years, finally got my act together and doing it professionally a few years ago.

Mix of red teaming and blue teaming, but mostly blue.

Before that I was just an infantry grunt.

Nice i am not that clever but can sysadmin fairly well and know my way around mysql and structured languages to know when i am being bullshitted by a contractor, which is what we do for the most part now. A full time in house team was v expensive.

It’s a a pretty steep curve, in my opinion, to become a well rounded analyst. But you do hit a critical mass at some point, and the big picture starts making a lot more sense.

Doing some dev work now, trying to replace some of the tools we use with some in house work. Goal being releasing it to the masses as a finished product.

Sounds great. I am just getting my daughter to bed, got to read her a story but will bbl

👍

So this is an internet question, I run a speed test and everything is working but when I try to stream obs is dropping 50% of frames and can't keep a stable bitrate. I've tried over Ethernet and WiFi, tried resetting router/modem and tried reinstalling obs, nothing is working. Any ideas what's wrong? it started happening last night

Where were you streaming to?

what's ur PC specs?

I've noticed u want to change your bitrate if obs is doing that

Just Twitch

It's a Ryzen 5 2600 and an RTX2060 Super FE with 32gb vengence 3000mhz on an msi x570 a-pro

Might have been a bad day yesterday, is it still going on today?

yes

it should have no issue with running obs then

Let me install obs real quick, there's a setting that tells you if it's PC or network that drops the frames

Forgot what it's called

It's definitely the network, even when I'm just on desktop its doing it

Still couldn't hurt to check

But yeah it does sound like a network issue of some kind

I usually stream at 1080p 6mb/s and I dropped it to 720p 4.5mb/s and it's still struggling

What kind of internet connection do you have?

Is this enabled?

Most residential connections have severely ham-stringed upload speeds

wdym roaldi

I found for whatever reason, with that turned on my frames would drop hard

@sand mason if you're you're connected to your ISP using a docsis modem, the way they do channel bonding, they select more download channels than upload

Yeah I have 150mb/s down and 10mb/s up

This didn't help it any

Yeah. Now imagine you have 6 of that 10 used by the upload, 1-2 of overhead, and then you have to deal with isp advertised speeds never being consistent...

Darn

So enabled and disabled it did nothing?

It was doing just fine until last night, and I usually am gettign 12mb/s for overhead

Yeah did nothing

I am back! Watched Bad Boys for Life, some real good belly laughs

Anyone know how my brother is able to access files without me allowing the file to be shared.

Over the network

."\(IP or hostname)\c$" (and then a user account with access)

Where would I do that

It would go in the explorer.exe url bar area. And it's a default administrative share. This may not be how your brother is accessing files, but it's the first thing that comes to my mind.

wait, windows has a default share? that's surprising

He was able to go to network on file explorer and go to windows media player and see all my music, game video,and photos

Oh. No idea. I dunno how that junk works. I apparently don't even have Windows Media Player Installed.

considering windows has ping off by default (ICMP blocked)

https://en.wikipedia.org/wiki/Administrative_share

Since I tried to share files with him but I only had 1 file on the network but he couldn't get to my pc but click media player and access those files

I didn't have nothing to hide but was like umm I never allowed those files lol

@dusky yew That just means network sharing is turned on

I suspect viewing the files with Windows media player is a bit different than raw access to the files. For example, I'm not certain he'd be able to delete or modify the files. That said, I'm curious how that works. Is the "Windows Media Player Network Sharing Service" the one advertising your files on your network?

Since I told him to try to play a song and it work while I removed all access to it lol

Yeah. Its just windows offering up those files through upnp

Okay

@dusky yew You can turn it off, if you want

I have a port forwarding question - Must each rule pertain to a specific IP address in my LAN, or can I set it to the router's IP, so it will pass that traffic for all devices on my network?

@plucky crescent 1 rule, 1 host. Why would you want to forward the same thing to multiple hosts?

because of how NAT works, that would be close to impossible. You only get one public ipv4 IP, how would it know what device it should route the new traffic to?

I ask because my router only has like 10 slots for port forwarding rules, and some of these games take a bunch of ports to be forwarded.

How do I forward all that for several machines?

Can't it port forward a range of ports

Like say port forward 1000-2000 for x.x.x.2 host

yeah

But doesn't blindly forwarding so many ports increase the exposure of my computers?

well yeah

open only those that you need

Does anyone know what I am doing wrong???

Are you transferring 1 big file? Or is it dozens of tiny files?

Tiny

um, would anyone be able to help me with this, just trying to download a game rn and my ethernet speed tanked, and the light on the port changed to orange

yeah orange usually means 100Base-T

both green means 1000Base-T

its usually green and yellow i think

its at basically nothing right now though

0kbps

in task manager at least

something happened with the cable?

no clue, it was at 90mbps (its average), then it tanked 30 minutes ago. i just restarted my pc and for a few seconds it was at its average

its been doing this (for short periods) for a week or so now @peak cloak

oh

its back now

weird

network card?

is it possible that an old dell prebuild like a dell vostro 410 be used as a NAS

Yes, very much so.

i know what this years project is gonna be

No

Ok, router doesn't have a valid IP address. Any fix?

alright, would someone mind explaining what a core router is in the data center environment and why they need to be this large with removable vertical cards

Its the core router

Its the thing that actually connects to outside internet

Its big and fat because it has a lot of its own computational power also

And plus not all of them have that kinda style of cards, asr 1004 from cisco itself is like a 3U or something like that

peering is an agreement, transit services you pay for**

They actually need to have the capacity of bigger uplinks =)

Ok I actually need help.
I got a router-switch and I would wanna use it as a LAN but the router itself doesn't have access to the internet so I can't see the other connected devices through windows, but I don't really need the internet as I just want device-to-device communication...

So like homenetwork filesharing? I think i had it something like ip on first pc 192.168.0.1 and on the second one with 192.168.0.1 and subnet mask 255.255.255.0 . Then setup work group. Then give access to drive which you wan't to share files with and it should be good to go.

Ip think aint like must do thing, but something i like to do

The devices aren't showing. Even though it's connected to the same router

All fire-sharing settings are on. Even the firewall is disabled

hm...

hm

Actually nevermind, I got it. Setting up LANs on Windows is a bit fiddly

@tribal ferry flexibility? Those routers often have modular cards that can be installed based on the needs

and those big cisco nexus enclosures can route multiple terrabits/s

https://www.cisco.com/c/en/us/products/routers/asr-9000-series-aggregation-services-routers/index.html

Those line cards can be replaced for 100GbE or 400GbE cards

modular routing platforms are wicked

because the specs are unreal :o

Exactly, they are designed to not need to be ripped and replaced to be upgraded every time new stuff comes out

Although the ASR9000 series is now being replaced by the 9900 series which can do much more dense 100G and 400G deployments per slot

https://www.youtube.com/watch?v=yydNF8tuVmU

nice networking

BUT the cool thing is you can use some of the "newer" ASR9000 series cards in the 9900 chassis saving you money in the transition

that doesnt sound very cisco

re-use parts?

You can't use the old, iirc, Trident cards or something but the other Tomahawk cards can be reused

mikrotik needs to start developing their own modular platform

10/10 would buy

Ubiquiti modular failure when? 😄

Mikrotik I'm surprised they don't have something but there must not be enough of the demand for it

@clear igloo funny enough, their latest release the ac3 was a huge success, only failing because of its own success

its been out of stock for 3 months now

Yah, they make some nice stuff from what I've seen

they now also have 25gbit/s support

on their new gear

Nice!

@clear igloo https://mikrotik.com/product/crs354_48g_4splus2qplusrm

as of right now, I only know of switching at 40G

waiting on them to release a router capable of similair speeds

If they had that with mGig support I might be tempted

mgig?

1/2.5/5/10

pretty sure they all do already

@clear igloo https://i.imgur.com/IVROWOb.png

Hmmm, on the copper ports though?

Thats on SFP/SFP+

Ah, yah, I'd need it on the copper ports 😦

no transceivers?

Well I already use my 4x10g ports

But I need copper because that can do PoE+ as well

@clear igloo 10G PoE is still quite exotic

doubt they sell this

Yah, it's fine, I'm happy with my current setup 🙂

mikrotik isnt known for their PoE capabilities

That's fair, PoE adds $$ too

https://mikrotik.com/product/crs354_48p_4s_2q_rm

This is their flagship PoE switch

48 ports, 700 watt max

4x 10G, 2x 40G, 48x 1G PoE

oh and a fast ethernet port cus why not

management 😄

All 48 Ethernet ports offer different power output options: Passive PoE, low voltage PoE, 802.3af/at (Type 1 “PoE” / Type 2 “PoE+”) with auto-sensing

@clear igloo this would do what you need it to

except no 10G PoE

they need to come up with some kind of powered fiber optics ;3

That would be amazing 😄

with hotpluggable connectors

that are at least a bit durable

400G PoE switch when 😄

pretty sure we're not going quantum physics

hii

can somone help me set u a ftp server

@compact void are you sure you want FTP?

It doesnt provide security

whaats the best

becus we runing a radio station and we need acses from oudside

to the nas

Does your nas have support for SFTP ?

@compact void I wouldnt expose an FTP server to the public internet like that

FTP does not have encryption by default

a okay yes it has sftp

@compact void SFTP should allow you to provide more secure access

It runs on port 22

https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol

@compact void I am unsure as to how your NAS handles user permissions specifically

make sure only the account used for access is allowed to connect over SFTP

and disallow root login

All you'd need to do then, is forward port 22 to your NAS

its a DS218play

@compact void that doesn't help me :/

I've only ever configured this stuff directly on linux

a okay

@compact void SFTP is basically file transfer over SSH, a remote logon protocol

@compact void your clients would mount the network drive like so: https://www.digitalocean.com/community/tutorials/how-to-use-sshfs-to-mount-remote-file-systems-over-ssh

this will map the SFTP server to a regular network share you can access

https://i.imgur.com/hqJsYJB.png

@compact void Alternative would be, providing a VPN and just using regular SMB shares

SMB shouldn't be exposed to the public internet, thats why a VPN is preffered

WebDav

Get out

a okay

and if its not working

@compact void what is not working

Port 22 is open

@compact void have you verified the SFTP server's functionality locally first?

before attempting to port forward

@compact void you can use the win-sshfs client, or use a regular SFTP tool like Filezilla

try connecting by its local IP first

Okay

Can i call you

sure

does port forwarding works if i have a private ip adress?
?

If your WAN port has a private IP address? Generally no

You would love cgnat

Yah, if there is CGNAT involved it's a definite no (without buying a VPS or something and tunneling back). If it's local double nat, it's possible but not fun

mine is msotly a local nat or something

going to the router settings i saw some weird 10.62.xxx.xxx with random numbers and such

ya i have a private ip

which sucks

cause

i cant make my nat type open

Well, I’ve heard that core routers go at the “core” of a network. Wouldn’t the “edge” router be on the network edge?

The only acceptable cgnat is if you also get a ipv6 block

Depends. Core usually means at the heart of the network either because that's where everything ends up to go to the internet or to be routed somewhere else. It doesn't have to be directly connected, you can put a firewall in between too

Alright. I’ve also heard that these core routers connect to a lot of smaller routers for other networks. What’s the point of doing that when the core router could just do VLANs?

Port density, distance, cost, etc.

Why hammer a "core" router with tons of traffic it doesn't need when another lower layer could take care of it for less. It's also dependent on the architecture too, in a spine/leaf for example your edge and internet connectivity is done at the leaf layer and the spine (core) is just for pushing packets as fast as possible. In a three tier legacy architecture the core is more for the know all aspect of getting anything anywhere that the lower layers don't have direct connectivity too.

@clear igloo in enterprise often times the actual core isnt a router but a switch that connects many such routers together rather than a massive router connecting other routers

😄

That too, depends on the network design, needs, etc.

This sort of architecture?

Yah, that's legacy 3 tier

"legacy" lmao

What’s the up to date version then?

most networks not buying into ACI, etc

lol, I mean spine/leaf is more "new" but there is even some bleeding edge stuff around 3 tier spine leaf for infinite expansion 😄

Legacy in terms of data center would be a better way of putting it.

3 tier spine leaf isnt a term ive heard

The whole point of spine and leaf is aggregation between all switches and only a very small drop in speed if a switch or routers were to fail, so I don’t know how it could be different lol

the real point of spine leaf is a vlan being available anywhere in the network

you cant really do that in regular 3 tier

you can but shouldnt

it makes a mess

the other point is multiple unrelated users on the same network anywhere but still seperated

It’s a mess but it’s reliable at least

Yup, spine/leaf is usually deployed alongside some form of VxLAN, application based deployment (ACI and whatnot), or segment routing

it also raises the barrier to entry for the net eng career so you make more money with less competition

xD

SR

😄 SRv6

How are VxLAN’s different to normal prosumer VLAN’s?

i.e. Ubiquiti or MikroTik devices

i was worried about spine/leaf and ACI until I tried to use it. muh ease of use. muh automation.

VxLAN is an encapsulation, you can have VLAN 100 on switch A and VLAN 100 on switch 9123 and they can talk over a routed network in between at Layer 2

Its a way to tunnel VLANs across L3

Oh, alright

All the benefits of L3 with little of problems that come with L2

@hollow marlin no love for OTV?

Never worked with OTV. Thats the nexus L2 fabric right?

layer 2 extention over wan

Why OTV when you can GENEVE

Only dealt with Nexus' as core/dis, never had the need when each use can I am the WAN

Need some help, When i play warzone on a profile on windows i don’t get any packet loss but when i switch to a different windows profile i get 6+ packet loss

You don't want to NAT on a N9K? 😄

Looking at the front of one of these routers makes me head hurt.

Where would the WAN even come in?

Wherever you want it to. Enterprise gear doesn't have a WAN only port. Everything is configured

Yup ^

Makes sense

its totally configurable

some of them doesnt even need to have "internet" access

it could just be a router that locally connects many servers to gether

@tribal ferry i played with those

its fun

@clear igloo i wanted them to buy me lab ones

denied.

rip 😦

core router "homelab"

lmao

a $60k homelab

most places I work for have big labs

its so we dont break the company

still, I don’t think they’d be too happy giving away even a older generation one of these

He wants it for a lab at work, not home, lol

not give away, add it to the lab

i think the one I wanted was about $800k and I wanted two of them

imagine being a net eng for a place that loses a million an hour or whatever

server person touches a few at a time, we can make an oops and knock the whole thing out by touching one device

Just reload it real fast 😛

yeah but 5min boot time

ASR might be 10min, i forgot

its slowwwwww

so anything thats new we have to go into the lab... not for vlan changes but for other things like migrations, big routing changes, bla bla

Ah, my bad.

Interpreted it as a homelab

i actually have no homelab

@hollow marlin r/homelab fite me

I just got my rack and router installed in preparation for some short depth virtualization servers in the future.

lol i have that same power strip

It’s more a network cabinet than an actual rack

Yeah it’s good lol

too cheap for a rack UPS. i dont care

Homelab is no more than a PC with EVE. I don't bother with hardware labs nor care putting too much into my home network

Looks at this i found

I have no idea how old this is

@thick minnow it's not good anymore that I remember

That was pre ios 15

The 1841 is about 10-15 years old iirc

Well it was used in my dads old work and he has a ton of them

My prof bought a bunch of them and had to throw them out after spending several grand

He missed a detail in the fine print

Yah, they went end of support back in 2016 but end of sale in 2011

I've still got a Cisco 3640 router and some 1600's gathering dust in the garage, back from my CCNP homelab back in the early 2000's. Luckily I got them from my employer's field engineering dept. Where they had stacks and stacks of 1600's. As they were constantly swopping them out as they were dog slow.

@hollow marlin hardware is lame for me. can barely get it up when a new ASR9k comes in. hell i dont even want to touch it

someone else rack it

lol

I let the network admin handle the heavy hardware stuff. He is more built for that

I'm glad that I just use my brain to get the work done

Not really much physical stuff

Last time I racked was a fully pop'd 10 slot 7k and here assisted with MX10003. 7k was a nightmare putting that in

what is a good way to wire a ethernet though a doorway

anyone got any good software for home NAS servers

freenas, now rebranded as truenas

uses ZFS for file system

is it low resource because im running it off an extremly old pc with an intel core 2 quad q9400 and 3 gigs of ram

You can always try it

it's free

just install it on a usb

ok thanks

security venerability warning
https://www.zdnet.com/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/

Yo can someone help me I’m moving houses into a bit older house (built around 2005) and it doesn’t have Ethernet in the bedrooms but has coax. Is there anyway to connect through that with something like a mocha adapter? I’ve seen mocha adapters but don’t quite understand if they would work for my situation

i think you would just be better off wiring ethernet to the rooms

either by you or a pro

@alpine linden if the coax is run correctly, then a set of moca adapters would work nicely for you

Depending on the speeds you want, and how your house is wired powerline is also a potential

Then there’s always the route WiFi/mesh

I’m only 14 and my parents don’t want people to come out to check it out so how should I go about that. I want 1gb down and 60 up which is what we pay for and idk how it’s wired . Ive heard of power line but don’t know what will be easier or work better @thorny vector

Safest bet would be a wireless back bone. Less hassle worrying about circuits and cable runs, downside being you wouldn’t get that full gig download, which you honestly wouldn’t be able to reach most times anyways. A good wireless solution would get you to about 400-500mbps. I wouldn’t be able to recommend a good consumer wireless setup, as I haven’t touched anything but enterprise stuff for a while, but I know others here would have recommendations.

Additionally, depending on the house, running Ethernet along base boards and corners is also a viable option. Done correctly, the cable is invisible, but that’s a conversation you’d have to have with your parents.

@alpine linden

Can anyone suggest a VPN with dedicated IP support and port forwarding? Bonus if can be used with PFsense so I can just route multiple machines through it and supports multiple custom ports

Sounds like you need your own VPN

and who port forwards in a public VPN

So would you suggest a VPS with a HA Proxy?

I'm just trying to figure out how I get around my ISPs dynamic ipv4 address for a few servers / services I'm hosting and would rather avoid having people connect directly to my network if i bought a dedicated ipv4 address from them

I need a static ipv4 address, domain/hostnames won't work for a few services I'm running

I'm a little confused... you need a static IPv4 address for some services you're hosting, but don't want people to directly connect to it?

I don't want people to directly connect to my network via ddns. I want to route them through a static ipv4 address through a VPN Provider / Self Hosted on a VPS with port forwarding for specific services. That traffic will then get routed through to my home network and then back out.

Essentially this, but without domain names and just a static IP. https://forum.level1techs.com/t/haproxy-wi-run-lots-of-public-services-on-your-home-server/159335

I've read the guide a few times, and i've read the replies saying it works with a dynamic IP on my side, but I'm struggling to understand how to set it up securely as I think I deviate from how its laid out in this post.

I mean I could be just wrong and stupid and not understand it correctly but, I'm struggling to understand how I could point say a VPS running a HA Proxy to my home network when my ipv4 address changes every 24hours and how would people stay connected to certain services when being routed like this as i assume there will be some delay on the VPS updating to route the traffic to my new ip address?

Like I could be completely wrong and this might not be how it works what so ever but if anyone could elaborate

@silver needle just set up a dynamic dns service. Then you can either use a free sub domain from like no-up, or register your own domain, and have it update there.

I already have a ddns service.

Like I said above, I don't want people directly connecting to my network via a hostname. I need them to connect via static ipv4 for certain services, which isn't my ISPs ipv4

you don't want them to connect

Why do you not want to use a hostname?

Some services I run don't allow hostnames

Like?

Some Game Servers

and 3rd party tools

Like?

DayZ SA Launcher

for example

http://dayzsalauncher.com/#/servercheck

And you’ve tried using a hostname? Because not using dns a poor net code makes

yea it makes

Although it is dayz....

Yes, it doesn't accept the host name

Well, that’s poorly made. Even Minecraft uses hostnames.

Now, the solution is to play minecraft

that's implying minecraft is bad

I already have my mc server running on a hostname, but still thats directly connected to my network.

Then you can setup a vps that you have in a VPN to your server, and just port forward all the requests.

You’ll get some latency hits, but it’ll work.

and how would I go about connecting the VPS to my server / router?

VPN would just resolve using host name.

As I'll likely just have it connected to my pfsense box and split the routing there

so then how would we go about my ip updating and the delay of the hostname updating that ip?

wouldn't that cause everyone to lag off or connections to close or would they stay on as the connection is technically already made on their client?

or would that be service/server specific

Openvpn connection would be easiest.

Pfsense has an easy client config export add on

Don’t worry about updating the IP on the jumpbox, let dns do it’s job. And I wouldn’t worry about that. When I push dns record changes to my name servers, my services are unaffected.

Even for something like gameservers that sometimes require ms of latency?

Changes are near instant. VPN reastablishing connection to a new IP usually takes my openvpn stuff 1-10 secs.

My guess would be some lag, but no drops.

Are there any guides you would recommend on setting this up?

https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-ra.html

For pfsense. Then you just install the pfsense export plugin, and use it to generate a config, push it to the VPS, then use openvpn from the cli to launch it

After that, just set up port forwarding with iptables or another tool

Woooooow, just took a look at that webpage/tool you put the link in for.

It's in depth but I can't wrap my head around it

It would be so easy to just put in some simple DNS stuff

The tutorial?

yeah

https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-ra.html#creating-a-certificate-authority

Start here. You can use local user access, don't need to set up LDAP or RADIUS

Wouldn't it just be easier to get a vps and have OpenVPN?

and then have a VPN client on my pfsense?

That's what this is. Setting up the openvpn server for the VPS to connect to

I think I've done this before with NordVPN but they kinda just had everything laid out on their website

so was pretty much copy and paste

nordvpn, you set up a CLIENT

Here you're doing the opposite, which is more involved

Our sponsor, PIA

No lie, I've loved using PIA

I looked at using PIA with a dedicated IP and just port forwarding through that

but I've read that you can't manually select which ports to open and close

Because you're just a client, you don't have any control. That's why you have t oset up your own

which makes sense

So I've gotten everything setup to the point where I need the ip tables to redirect the traffic

If I have any servers / services going through this interface/gateway will they still be able to connect to other subnets or will that require additional rules?

been following this

https://whattheserver.com/openvpn-server-with-port-forwarding/

and this https://my.esecuredata.com/index.php?/knowledgebase/article/49/how-to-redirect-an-incoming-connection-to-a-different-ip-address-on-a-specific-port-using-iptables/

but using the VPS ip it won't connect. although my ddns picks up the vps ip and i can still connect through the hostname on that

openvpn with pfsense still, right?

@silver needle

yeah

Go back to tunnel settings

on the client?

Look ipv4 local networks, and allow the appropriate subnets. And no, on the pfsense server.

so tunnel network should be my servers subnet

and remote network the public ip of the vps?

No, tunnel network should be different, it's the subnet the VPN components communicate over. IPv4 Local Networks tells the client what subnets it can connect to.

well pfsense is the client

so I'm not quite sure what should be here

So the VPS is the server?

say a minecraft server is on 192.x.x.x

on my lan

It's easier to do it the other way around.

and the vps is 98.x.x.x

vps is the server correct

So make pfsense the openvpn server

and the vps the client

Yeah. It'll make everything easier on you.

And I'd need to make 2 servers then and bridge them for both tcp and udp?

along with 2 clients?

Mind if I just show you, in DM?

sure

Mega thanks to @thorny vector for the help and walking me through how to set it up correctly!

Thank you for the feedback, we would give ⭐ to @thorny vector

i got a 175mbps, but mhhh

Does my modem need to be connected to the wall with Ethernet if I don’t have a router only the modem

what exactly

You kinda need a router to use it to be fair

It is a modem / router

It can have WiFi without router

hmm

then that works then

if its the combo, then it will work

K but I connected it and the bars show full but I have no connection

hmm, that could be other issues specifically

I mean there was a lot of coax cables in a random closet does it need to be a specific coax cable

Yes

Obvisuly it has to be the one your ISP told or configured it first for it to be used

Ok... not sure which one that would be cause we just moved and Cox told us that we just need to transfer the modem and we will be good

hmm

@clear igloo i got a new comcast story!

I checked my upgrade options cause my term is up next month (100mbit/$40) and they let me buy 100mbit for $35 right on the website and no need to call and make a threat

the fine print even said "new customer only"

lol, nice 😄

my friends are like UGH 100mbit?

yeah!

who needs 200+ when you dont use it 99% of the time until you download

saves so much money

https://tenor.com/view/bwah-scared-shocked-surprised-king-of-the-hill-gif-5547828

@waxen scroll 100mbit is plenty. im UGH rn about the 5mbps upload they hand out

and sometimes its 4mbps in reality!

oh and they still didnt send me a new contract

but again its not the 4th yet lol

work week.

they dont send it. they increase your price and its no contract

that would be better

but he did say contract so

the dean

the dean is running HR

oh. i thought comcast

oh

nah

comcast lucky i dont have contract

like $40 for 120/5

@waxen scroll my bad, somehow i mixed those two things in a weird way

i jumped thoughts xD

how long did you say you have to wait to get new member pricing?

was it like 1 day or 3 days?

you cancel, they'll let your internet work for a month or less then all of a sudden it will die, then you use your phone to go online and sign up as a new customer

then service is reactivated in 5min after you order

hmm wow

a whole month eh

yeah my mom is gonna have to do that

it varies but with me its 2 weeks to a month

they told me its just incase people change their minds

makes sense

I pay $75/m for 1g/1g

For one of the upgrade projects I took netflow/SNMP from about ~500 customers that had gig and peak was 125 and average was around 20-40 excluding raw downloads which fell in the 1%. 100mbps is still just fine ATM

yep

so why pay a $30+/m premium for stuff you dont need

you can have up to 3 subscription services instead

Because I’d rather the peak speed than a subscription service I’ll never use

Especially since I also have a 1g connection at work so I ssh into my home pc to do things while at work when I need more power

Also it’s just an enthusiast thing. Why do car enthusiasts love cars with massive top speeds and acceleration even though they mostly drive on roads with 45 mph speed limits? Because it’s fun

True, but I see many post on LTT and r/homenetworking complaining that unless they have gig speeds its pretty much unusable. $30 difference for 100/250 vs gig is not terrible but when people spend $100 extra is insanity

Like the amount of post of Sweden has 10g but in reality it was a contract deal and people jumped all over it not knowing its not going to make much of a difference. Its is $40 however.

100 is best bang i think

I've had a gig before in a colo and I agree you basically cant use all of it

the only time you can is with usenet or perhaps torrents

direct downloads are all over the place

299 for 2gig. F that

that option they install a POP in your house

so thats part of the reason

10G juniper switch, i dont recall if theres a UPS too

better be. Junos does not play well with power loss. Can brick them with 3 power cycles

They probably just install the 2300-12p, their smallest switch. 14 port with two being 10g.

Fuck the ACX, they are nothing but problems. Also there is no way they could afford to install them like that

i mean you dont know the discount they get from juniper

could be 80%

Even so the 2100 is $6-7k. 2300-12p is still $500

Unless they plan on these being customer routers with the port count. ACX does little switching

I have a maintenance in two weeks I think to tear out the last ACX in our network. Finally

Flexin ma internet speed

Not bad for a 200mbps subscription, sometimes it even goes up to 300-400mbps

(DSL as well, not even fibre)

cute.. https://www.speedtest.net/result/c/39041b9b-a2b2-46a1-9733-8d8040d96990

Wait that’s like

10 gig

Hetzner 10G port?

That's at a data center

Dont let that fool you

Lol

I just realised

There are also 2 4K streams going at the same time as my game download

(One from YouTube and one from Netflix)

Yes, but i do everything over remote desktop

No gpu tho so no gamin

it isnt even at his house

I have a e3-1275v5 at hetzner :p

So. Cheap raspberrypi nas. The perfect project https://www.instructables.com/PiNAS-the-Raspberry-Pi-NAS/#step20

I have no experience with NAS or Servers.

heehee pinas

Ha

Anyways, is this any good?

Hmmm, as a thing to try out - should be interesting.
But to actually use as a NAS - I have big doubts. Considering you would like to have at least raid1 and it will be done by mdraid I guess.... I'm just afraid to ask how long the raid will rebuild =)

Although if you can fit a Pi with a raid card, then maybe =)

Hay any one know how to access eero router through a browser?

Raid 0

You can’t

Bro

Does Germany not have 5Gbit or 10?

I know of 1 1Gbit provider and that’s the one I have currently and it’s awful. Literally moved here from the US so I’m used to something different but this.. this is just 1/10

I dont mind 1Gbit but let’s be honest... everyone wants to download the new game or update super fast....

expecting 10g internet downloads is unrealistic. If 1g is awful for you than your expectations are already way too high

CSGO Server OFficial Ping: 90ms
Custom Server in the Same Location Ping: 35ms.

Please help.

Just installed Fiber Internet.

Nearby custom server in Kolkata is just 30ms but the official csgo server in the same location is 100ms.
My friend nearby gets 50ms to the bom official server. I get 85ms. Any ideas?

Other details:
Yes, I am on ethernet.
Current speed is 150Mbps upload and 150 download. No restrictions in CSGO.
Tried port forwarding it kept asking me destination ip address and not just a port range.
Disabled a ton of security features on the modem which helped me gain 5-10ms.
A nearby server about 300kms away shows 23ms. The bombay server is 2400kms away and the Kolkata server is 500kms

Tried port forwarding it kept asking me destination ip address and not just a port range.

@obtuse patio tracepath

Nice idea

I think I would try it sometime

I’m just doing this as a experiment. An 80$ experiment, but oh well. I’m not too worried about the RAID times. I’m a person, what do I have that’s not in cloud storage, or not replaceable.

@thick minnow Nowadays it's more a philosophical question.

SCCM is so finicky smh

Eh, good point. 1tb of networked storage might be handy, but it’s more for the experience, and to get better at soldering and working with NAS systems

@thick minnow I'm happy with my Synology box, plus I sync up some things with a cloud storage as well. That way I have at least 2 locations, still have a copy on my hands and have access to files even if I have no internet connection.

Nice

And I can also back stuff up on my own hardware. WITH a RAID in case my old(er) drives fail

look at ZFS

does integrity checking

and a lot more

or btrfs

you can do btrfs raid 1 and get integrity checking as well

raid is not a backup

I heard some bad things about btrfs

at least with btrfs back then

@hollow marlin @clear igloo cisco.com full of social justice bs lol

anything to make a $

https://i.imgur.com/Oz6nz98.jpg

Yeah.... developing countries & education, totally the public face of cisco

this reminds me of nike, which is a massive boys/white club but then they know how to manipulate consumers with social justice garbage because there's more profit in it than ignoring it

cisco is being low-political here, but nike blows it up :X

@tame carbon you think cisco is gonna back down from what they have on these pages once china asks for equipment?

hellll no

yes, master!

@waxen scroll nike is total bs lol

they have some mechanism here in europe, my country even enables them

allowing them to pay 0 taxes

yikes

@waxen scroll netherlands does not have taxation on royalties

so Nike has a bunch of shell companies

Starbucks and google do this too

Netflix

Shell (Oil and gas)

oh well

:\

Thats a cisco catalyst

very rare

looks like a ws-c3560 24port

If I’m a novice to networking, what would be the best way to integrate a dedicated monitoring system, that could monitor and manage my network. Please ping me if you have advice.

depends on your current equipment

I haven't worked with SNMP myself, but you can use it to collect info (if your devices support it)

then you can have a snmp collector

for something like influxdb

or prometheus

that's all I know myself

I have Grafana, Zabbix and mysql on a pi for some basic graphs. Unless you know specifically what you want to monitor I wouldn't bother

Was about to type the same lol

I would ask yourself what you want to monitor, and why you need something to administrate and monitor your network. For a simple home network, a simple Grafana/influxdb on a ubuntu box or PI-box would be plenty fine, but it wont "administrate" or "fix" issues, since it leans to you to be able to see the errors and go in and fix the networking issues yourself.

I know of some Management tools that are for enterprise grade, but unless you got a farm, then avoid that xD

(or get meraki kit and use their cloud service i dunno...)

SNMP for network level data gathering

you can also hook up any kind of datastream to influx as @hollow marlin rightly said

zabbix not unheard of either

or if you use mikrotik https://mikrotik.com/thedude

TheDude does all of this

https://i.mt.lv/img/mt/v2/dude/1f.png

Last company used thedude with Solarwinds tied in for management, updates, provisioning. I just wish thedude graphing had customizable icons and links. Its ugly as all hell

they probably got yeeted

https://www.engadget.com/russia-solarwinds-hack-broader-than-expected-211046098.html

So I am running a web server and game server, I’d like to monitor incoming and outgoing traffic to not only those but to all my devices.

@severe elk probably going to want some kind of router that is capable of metrics

I know my edgerouter can log specific interfaces

and specific firewall rules

but idk how well b/c I never used it

I can just query the mikrotik API, for total traffic amounts

and then just delta the two values

Mind sending some sort of link? Price range definitely under a 100 if possible.

just an ethernet router?

https://mikrotik.com/products/group/ethernet-routers

@severe elk what device you'll want, really depends on the hardware needs you hvae

all these routers run the same operating system

Then just go to the local ip and mange from there?

https://mikrotik.com/product/RB750Gr3#fndtn-specifications

this is like a good basic one

https://i.imgur.com/5vb7BH9.png

this just shows current traffic

but you can set up graphing and logging for individual interfaces

can mtik log specific packets?

https://i.imgur.com/fA35CLV.png

@peak cloak you can

nice

you can use mangle to mark packets

uses CPU though

like what packet went though this firewall rule, etc.

yeah of course

@peak cloak you can't do that for a packet, rather, you can set up logging rules per fw rule

ah ok

@peak cloak https://i.imgur.com/FEVFQAI.png

@peak cloak you can also add dummy rules

https://i.imgur.com/4IMt04Y.png

and this is how the log looks like, right? (from mtik docs)

                          10.1.101.1:520->10.1.101.255:520, len 452

yeah

looks something like that

@peak cloak for more advanced filtering

stuff that might go below L4 firewall

https://i.imgur.com/AB4jSRa.png

You can use mangle

and have access to pre and postrouting

see that 'Packet Mark' ?

I haven't used this much

someone briefly showed me how it works and waht you can do with it

yeah, I'm looking at this rn

https://help.mikrotik.com/docs/display/ROS/Mangle

but mangle is kinda what you use, if all regular features are exhausted, and you just have to get it to work

cus it taxes CPU

ah

@peak cloak ah perfect

thats the image I was looking for

https://help.mikrotik.com/docs/download/attachments/48660587/mangle.png?version=1&modificationDate=1608289226604&api=v2

I think accounting

is specifically for this

https://i.imgur.com/nRoOguo.png

@peak cloak here you go ^

some mikrotiks have onboard storage you can expand

for logging this kind of stuff

nice

Traffic accounting requires additional memory

but I don't think that that is an issue

https://i.imgur.com/y47wNWb.png

What exactly do you mean by monitor traffic? That can mean monitoring the amount of traffic, monitoring sessions with Netflow, IPS for security

@peak cloak lol that cpu usage though, I have currently about 80mbit/s internal traffic

Not by much as the first packet and ACK hit the CPU anyway before fastrack kicks in

pretty sure that is off

because I use queues

https://i.imgur.com/qfmsKhr.png

Yeah its off

no hw acceleration

Simple Queues don't work with Fast Path enabled

can be done, but I didnt want to bother messing about with mangle

Is fastpath on?

see at the bottom?

how those boxes are unticked?

thats current status

Oh yeah fastpath is there too

yeah its disabled

but the RB4011 don't really need it per se

I can hit it with 10gbit

and uses maybe 40% cpu

I was going to say if its internal, fastpath is going to be used on the bridge, but the 4011's switchchips should be taking the load if the traffic is all off one of the two chips

yeah the switching chips internal are ass

2.5G

for 5 ports

What I am saying if you are at 80mbps on internal traffic and CPU is at 0%, the switchchips are still being used for HW accell

oh yes

https://i.imgur.com/aVx4Pbx.png

@hollow marlin I ment, 80mbit/s active routing

either between two internal subnets for security cams

or the WAN traffic

If the 4011 had the same setup with only 1 additional SFP+ is would be the perfect prosumer router

yeah

@hollow marlin well

I paired it with a CRS305

that gives me all the 10G connectivity I need

since vlans can be hw offloaded

well offloaded but not routing with HW accel

but I get what you mean, there's no 2 uplink ports

you may have a downstream router

or switch

or failover

https://mikrotik.com/product/ccr2004_1g_12s_2xs

I think this would be a prosumer ^

Yeah its the 10g router on a stick im not a fan of

its on a stick yes xD

yeah you limited in bandwidth

to 5G in worst case

@hollow marlin what about this little box?

500 bucks

Thats the only multi SFP+ router they have xD

but this gets expensive quickly

no RJ45

@hollow marlin damn. https://mikrotik.com/product/crs326_24g_2s_in#fndtn-testresults

This is actually quite insane

So its a more than capable switch

and routes at around 1.2gbit/s

most people at home don't need more routing than that

but can still enjoy large amount of local ports and high speed local storage on 10G

I wish there were modular routing platforms from mtik

most of their switching gear and hardware is already connected over PCIe

$596 + 12 x $15-25 for SFP+ from fs.com. Expensive but no where near the cost if I were to do the same with Juniper/Cisco

https://i.mt.lv/cdn/rb_images/1825_l.jpg

so pretty

https://i.imgur.com/LKhlFCU.png

these are pretty cool

I love the white, just like Ciena which have the most beautiful hardware

I didnt know they had combo ports

unify is like apple devices

with the mat silver

The only silver that works is Apples space grey

Pure white in racks look so good

does not

i like purple

why dont people make a "micro ethernet"? Ethernet is very bulky

wire gauge + proper distance to avoid cross talk on the RJ45

ohh

so that there is no interference?

correct

iSee

thanks

please

no

I dont want another networking cable standard

@tame carbon thats not very woke of you

Too woke to fix what's not broke.

@waxen scroll just making the connector smaller, electrically, without any other benefits just makes no sense

Still wondering when my ISP will call me back for get my fiber.
They opened the registration for it at 1.1.21.

like, the whole usb connection crap, I am glad ethernet is mostly RJ45

Its already here next my door

I have a hard enough time crimping CAT6A cable. I really don't want that connector to be any smaller - even though it's the exact same RJ45 socket connector.

and usb cables barely more than 10 meters

3 meters even for high speed ones

ethernet is also limited in speed at distance, but supports quite long distance relatively

what we do need though

is a better standard for home fiber optic connectors

Something I can make in about the same time as a CAT5e RJ45 crimp.

RJ45 CAT6A is an order of magnitude more difficult to crimp.

We need a standard for home fiber first, rj45 is copper, but fiber is super fragile

Maybe the cheap stuff but there is good fiber that's much more durable

And much more expensive

I do dream of a day where we have fiber conectors instead of rj45

rj45 won't ever go away completely

I love RJ45

RJ11 is just a pain to deal with, I lose the connectors all the time and the government likes to save money so they break all the time too

Wireless RJ45

hey. my dad is being a dookie face and says the router needs to be in his office upstairs and my pc needs to me down stairs on the opposite end of the house. Are there any good routers that can sync and still provide HardWire speeds because we're paying like $175 for 1gb speeds, and when I'm hardwired i can get roughly 20-35 ping in games but now im getting 250-500

I heard of PowerLine Ethernet but all that is, is it syncs via wifi, but downstairs gets less than 20gbs of download

huh?

500ms ping is realllly bad

are you sure you are not talking about mbps?

20gbs of download?

you sure about that?

max a regular ethernet port can do is 1gbps

and wifi can't really beat hardwire speeds

although wifi 6 can beat just normal 1000Base-T

pretty expensive though

@torn juniper

just run a wire

wifi 5 can barely do gigabit

powerline is eh

success varies wildly

depends on the load on the electrical system, the quality, and lots of other's

i just did the test and i got 5.2mbs download and .25 upload from downstairs

i'll send a pic, 2 s

yeah, because wifi

and all sorts of interference

walls

floors

all stop it

yep

best solution is to run ethernet

I moved my wifi card a bit closer

or use moca adapters if you have coax

what is Moca Adapters

basically tunnels ethernet traffic over a coaxial cable

Does it also provide wifi?

curious

wifi is wifi

lemme be a bit more specific

is it also like an extender

because i know you can get Wifi extenders

well extenders work over wifi, moca is not wireless

moca works over coax

you can connect an access point

AP's actually "make" wifi

gotcha

thx

router's just route

so most router's are actually routers, switches, and AP's in one box, some even add a modem in too

can you use a TP-Link Wifi 6 AX1500 Smart WiFi Router Archer AX10 as wifi?

i was too lazy to text this 2 times so i just copy it

anyone here?

@peak cloak

wifi router

what?

literally says wifi router in the name

no i mean without a mound

thing sorry

modem?

yes soryy

sorry*

god i hate this keyboard

you should only have 1 modem and 1 router per house basically

brb wont be long

modem converts cable or dsl to ethernet

well could a router work as wife?

wifi*

router performs NAT, firewall, dhcp

and usually within routers there is also an AP that does wifi

if you just need wifi, get an access point

you would plug it into an existing router

a router just routes, but most home routers are wifi routers

this is a router

but has no wifi

my head hurts

so i need a modem

explain what you are trying to do

the whole situation

so i want to put it in my room just for me and have my own wifi but can that work?

how are you planning on connecting to your ISP

isp???

internet service provider

no

this is what i want to do

i want to have this thing in my room right

and then i wish to use it for wifi

can that work without a modem? and isp?

well how are you going to connect it to the greater internet?

you can't turn it on and have internet

ok so i need a modem?

do you already have internet at your house?

yes

but its not to good

then no, you can't just hook it up to a coax port and have internet

oh ok

you have bad speeds from your ISP or just bad wifi speeds?

just bad speeds

get yourself an ethernet cable and hook a computer up to your main home router directly and then do a speed test

so can i connect that router to the modem wireless? is that a thing i can do?

MY HEAD HURTS

mine does too

https://www.amazon.com/gp/product/B07ZSDR49S/ref=ox_sc_saved_title_2?smid=ATVPDKIKX0DER&psc=1 can this connt to my modem?

modem doesn't do wifi

you don't need a modem

its a all in one

you already have a modem and a router

just get an AP and run ethernet to your router

ap?

access point

just basically converts ethernet to wifi

converts???

oh sory

sorry*

I'm talking ELI5 rn

eli5????

Explain Like I'm 5.

I don't have a wifi router at here

https://cdn.discordapp.com/attachments/387022787480387605/789118646718562314/20201217_081457.jpg

I have this

and one AP

i want router in room so wifi better now

that AP gives wifi to the whole house

you want an AP in your room

i need ap

asap

I have this

https://www.tp-link.com/us/business-networking/ceiling-mount-access-point/eap225/

can you run ethernet to your room though

not really

well then

that won't really help

you have a coax port?

well then what do?

coax?

oh that thing yea

you would need to find where that terminates

and then you could run ethernet over a coax cable

what?

with moca

pls tell me like i am 2

you there? @peak cloak

making a diageram

ohhhh

kk

uhhhhhhhhhhhhhhhhhhh

no basement

well whereever the coax terminates

?

I was just it as an example

where does the coax go from your room

I think moca may work over splitters, but that's black magic to me

uhh i dont know how do i fine out?

look around the house?

what so i look for?

or tbh, it may just be hooked up to your ISP directly

look outside your house, there may be wires on the walls

most ISP's do that

no house

live in prck

park

sorry

ah ok

like those lil house that look like you can use a car or something to move it

but you cant

yeah

so what do i do?

best and cheapest option is to run ethernet

moca adapters are like 100 bucks a pair

moca??????

ethernet over coax

what?

didn't we just talk about that

look at the diagram

shows a use case of moca

i just want to know if i can use this https://www.amazon.com/gp/product/B07ZSDR49S/ref=ox_sc_saved_title_2?smid=ATVPDKIKX0DER&psc=1 with my modem over wifi

well this is an excellent example of the https://xyproblem.info/

you don't want a router if you already have one

but i want my own one if i do get one just for me does it do antthing to help with speed or any thing?

depends, you are trying to fix wifi right? So then you want a better/more AP. If you problem was an the ISP's end, then it won't help

that's why I'm asking what speeds you get wired into the router

because then that will see if it's ISP or Wifi

ok so if its not the isp we say what do we do?

if it's a wifi range issue, then I would add an AP where wifi is weak

in my room that it is