#networking

yeah

so what do i need for a ap

someway to run ethernet to it

there are wireless bridges, but that won't solve the problem because wifi is already weak

hold on i want to see if this is what your talking about one sec get in a call for a bit i cant talk tho

I can't talk either rn

no just i want to show you my coax i think

is that what i need for ap?

take a pic

i cant

well you need a way to get ethernet from your room to where router?

wont work tried

huh?

if discord works, then a pic should

just it doesnt

i cant take a pic

thats way

why*

Is wifi 6 a good upgrade to think about from wifi 5?

Most of the improvements are for dense environments

Dense as in tons of floors? So, say that I live in a 3 floor townhome?

You probably won't notice a difference

Dense as in like 100 connected devices, etc

Ah

100+

Oh yeah I barely even hit 12 devices in the house

Yeah

If your current wifi is working for you now

Probably better to save and stick with that for now

Maybe wifi 6E is better because it has 6ghz

6ghz will make differences

Ok thanks @little schooner ! Do you have any recommendations on multi floor mesh setup? I currently have 1 on each floor - but regardless i put it, it doesn't seem to make a difference

Say if 5ghz is already full in apartments and stuff

Not sure what else i can do

I don't have recommendations, but maybe someone else here might

Srry

Hey no worries man

Just a quick question while I do some research, is it possible to still have VLANs work if you have Ubiquiti and MicroTik wired devices mixed?

I run a UDM-Pro and I’m planning to 10 gig my house in the future, and the MicroTik things are so cheaper.

I don’t really think I need all my switching to be UniFi

I do use VLANs quite extensively, though. Would it be possible to mix this hardware and still have control over which port is assigned to which VLAN without just tagging the entire switch as only one VLAN?

@tribal ferry yeah, vlans are a standard

So for example

Would it just auto detect what VLANs exist and what don’t?

I thought so as well, I just don’t know what I would need to do to get it to work.

I have my edgerouter and it everything is a vif (tagged vlan b/c router) which goes to my switch. Cisco calls this a trunk I think

@tribal ferry no, I don't think it can

See, I don’t want to tag the whole entire switch as just VLAN 100 or something

I’d still like to assign one port VLAN 10 and another VLAN 20

for example

Yeah

Do you have a current network diagram? I can explain

Yeah let me get it

The USW-24 and the USW-Aggregation is what I might swap in this plan to be MicroTik

So on the dac from the udm pro, you would tag everything

Tag the port as all VLAN traffic?

Idk how unifi does it

But like every vlan should be tagged on the interface basically

I think that it's

Yeah that should be the right setting

Alright, so you’re saying just plug in the aggregation switch and change nothing

essentially

“all” is the default setting

I think, yeah

Alright, so what would I do for the 24 port switch?

You'll be going vlan untagging at the distribution switches right?

The CRS305’s are just 10G distribution.

They’re cheap

So you want all traffic to be tagged going to the cr305s

A lot of the ports will just be SFP+ to 10G copper RJ-45

So all traffic to the cr305’s in the unchanged and default “all”

Yeah basically

Alright

So what would I need to change or modify?

And the on the cr305s the input port would be all tagged

When you replace it, you would just need to use mtik terminology which I myself don't know but just tag everything basically

Alright, so let’s say I have an IoT device that I want to plug into the 24 port switch

I’d like it to be on the IoT VLAN

Do I have to set up the VLANs within SwOS identical to it in UniFi?

Kinda, the vlan number needs to be the same across all devices. But in SwOS you would just make that port a member of a certain vlan and make the port untagged

Alright

That’s what I saw in a crosstalk solutions video with a mixed EdgeRouter and UniFi AP setup

I never used SwOS so idk how it works exactly

Isn’t it very similar to RouterOS just without L3 stuff?

Never used routeros either

Boom.

The edgerouter built in switch vlan settings were very confusing when I was learning

https://youtu.be/bUmIzmuWtEs

Nice

I just put everything on eth4 instead of the switch interface and it was much simpler

What do you mean by that?

There erx has a switch chip built-in, so it uses switch vlan settings which were confusing to me as the gui isn't good at all. Instead you just create a vif on a ethernet port interface and that means it's tagged

Oh alright

USW-Aggregation seems to still be a pretty good price point

The MicroTik equivalent is around the same price

This is all you have

The MicroTik equivalent to the 24 port UniFi saves about $80 and gives two 10G SFP+ so might just stick all is if it’s not really that much a saving

Oh alright

Now I understand it

I’m going to head off now, but thank you for your advice

Np, I need to go as well

Could I get a COAX splitter to get my Router downstairs and the MoCA Adapter upstairs? @peak cloak

My ISP said I'd need to pay for 2 internet services just to run essentially a Router and a Modem

@tribal ferry SwOS is limited in features

@tribal ferry if you have a CRS305 and you want to use RouterOS. you can configure VLANs as 'Bridge VLANs'

those should be hw accelerated

@torn juniper idk how moca works with splitters

Yeah, because you would have 2 sperate services basically. 2 different public ip's

Thoughts? https://pcpartpicker.com/product/Czdrxr/tp-link-archer-tx50e-pcie-x1-80211abgnacax-wi-fi-adapter-archer-tx50e

my friend got a tp-link adapter and it was a pain with drivers, idk what chipset that one uses, I'll look into it in a bit

Ty

Has Bluetooth so that nice

from the looks of it, it's also annoying with drivers

Hmm

do you use anything other than windows?

if it's just windows, then drivers are kinda easy

but it's not supported on linux

apparently if you have an intel cpu, the AX200 chipset works well

Just windows

With a 10700

if it's windows, then it would be fine, but for me I would want something that works across the board

https://www.amazon.com/WiFi-AX200-PCs-802-11AX-Bluetooth-NGW/dp/B082T4P19W?th=1

windows should also have the drivers automatically for the AX200 so you wouldn't have to mess around

Eh, Linux isn’t a issue for me.

https://www.amazon.com/Intel-Wi-Fi-Gig-Desktop-AX200-NGWG-NV/dp/B085M7VPDP/ref=pd_lpo_147_t_1/132-2381043-9069503?_encoding=UTF8&pd_rd_i=B085M7VPDP&pd_rd_r=43345c00-749e-4a4b-8552-8e89ffa82a79&pd_rd_w=AzgnO&pd_rd_wg=h6kkg&pf_rd_p=16b28406-aa34-451d-8a2e-b3930ada000c&pf_rd_r=8DX7QFCJ1SSJ1ZEZ0011&psc=1&refRID=8DX7QFCJ1SSJ1ZEZ0011

this is also cheaper, m.2 slot

Thanks

So I would lose a M.2

Hm

unless you look the other one I posted which has a pcie adapter

Okay. Ill take a look at the intel one I guess because it would be less obvious. I’ll just use a SSHD as my storage drive.

@thick minnow tplink barf

oh thats a network card

not a router

I have a netgear router

netgear is also eh

Hi there someone knows how to open ports in a double NAT configuration?

open the port on both routers

why are you in double nat in the first place?

I tried but it does not work

well then you are doing something wrong

what ip are you forwarding to

I have a modem from my ISP and a router that i bought

ouch, put the modem/router from ISP into passthough mode

you don't want double nat

i'll try

the only thing connected to the ISP modem is your router?

i know but it's the only way

No

what else then?

There are all sort of devices

wait, but you said you bought your own router

Google smart speakers smart devices and phones

Yes?

and that router should be the main router?

No

ohh, you bought a router, but it should really be an AP

access point

what router did you buy

so you wanted to extend wifi?

D-link

No i wanted to have a different wifi here in my room

Just for me

And the modem is like downstairs

2 floor down

yeah, so you want your router to be an access point

not a router

router does NAT, dhcp, all that stuff

if you want just wifi, it's called an Access Point

what router did you buy, I want to see if you can put it in AP mode or something similar

that will get rid of double nat

DIR-809

nice, looks like it supports AP mode

https://www.192-168-1-1-ip.co/manuals/9685.pdf

so your ISP router/modem will be the only one doing NAT and dhcp which is what you want to have

@oak night

I'll try thank you

that way, all your IP's will be on one subet, and you portforward on the ISP device only

https://arstechnica.com/information-technology/2021/01/hackers-are-exploiting-a-backdoor-built-into-zyxel-devices-are-you-patched/

https://i.imgur.com/TOs7rqu.png

The backdoor comes in the form of an undocumented user account with full administrative rights that’s hardcoded into the device firmware, a researcher from Netherlands-based security firm Eye Control recently reported. The account, which uses the username zyfwp, can be accessed over either SSH or through a Web interface.

lovely.

the brilliant thing about hardcoded passwords is that you can't change or remove them

so just a simple ssh login with the name zyfwp would let you enter?

wow that's bad

@peak cloak Zyxel said it designed the backdoor to deliver automatic firmware updates to connected access points over FTP.

ouch

wait so now that i don't remember the password of my modem i can get in?

How do you do that?

so you forgot the password to the modem/router?

yup

https://www.zdnet.com/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/

the password is here

on ISP modem/routers 's it's usually printed on the box @oak night

i know that

But i changed it

well

¯_(ツ)_/¯

i'm stupid

you can factory reset it

you can factory reset it

I know but i don't want to

but did AP mode work on your router?

well then you won't be able to port forward

Yes😆

nice

well, you kinda need to have access to main router

eggsactely

i think so

well i'm stuck

the only way is to factory reset or remember the password

if you saved the password in chrome for example you can find it there

i haven't

I'm so stupid

but how can i ssh into my modem?

you shouldn't need to/be able to

and most home router's don't support SSH

I don't have an ISP router, so I can

wat

@oak night what I just posted is unrelated to you

unless you have a Zyxel router

I have

well, then patch it :)

I dont remember the password

use the backdoor pw xD

So i would like to enter and discover it

(zyfwp/PrOw!aN_fXp)

Ok but how to ssh in

?

in terminal ssh username@ip

I tried

@oak night web interface works too

ssh: connect to host 192.168.1.1 port 22: Connection timed out

ssh not enabled then

@oak night try over the webinterface

Didn't work

or port 22 isnt open

http://192.168.1.1/

@oak night are you sure your device is affected?

https://i.imgur.com/TOs7rqu.png

I don't know what firmware is running

he said it's an ISP modem/router so I don't think so

@peak cloak http://www.dkriesel.com/en/blog/2013/0802_xerox-workcentres_are_switching_written_numbers_when_scanning

I still think this is one of the greatest bugs of all time

https://i.imgur.com/NQ7QwPd.png

They used pattern matching to try and compress the scanned documents

by reusing a symbol

but the algo wasn't perfect, causing glitches in the scanned documents

yeah, that's a big bug

@peak cloak funny enough

this is the bug that sparked the whole conspiracy with obama's birth certificate

must be legal pain

because it too was scanned with a xerox workstation

and if you analyze the scan, you find the same kind of pixel artifacts

Could this help me?
http://192.168.1.1/cgi-bin/login?oid=RDM_OID_ZY_LOG_CFG_GP_ACCOUNT

I cant view that page

for obvious reasons

yeah

send an screenshot or something

10/10

👏

Noice

But if i reset it it'll give me a new wifi password?

i'm in my modem

I found my password

Ok, there is one thing I'm wondering about. If I block for instance inbound traffic to a PC in the windows firewall (host-based), let's say I block traffic on port 80 to enter the PC. Then the PC won't receive any http traffic whether it comes from the internal network or it's external network. But how can http replies still be able to come back that we have requested, if we've blocked inbound traffic on port 80? Is it because the windows defender firewall is stateful or how does it know?

connection state

firewalls can mark connections

can you go into more detail?

when you establish an outgoing tcp connection, the router can mark this session

since your computer sends a return address and port

the firewall can permit those packets to come back in

@thick minnow like so

https://i.imgur.com/x3AZTEA.png

this is what a general firewall might do

any connections that are already established are permitted

so is the "connection" to all sorts of http sites? how does it know to allow every site you might visit?

no this is lower in the network stack

TCP is session based, with a handshake to establish connection

UDP does not use a connection, it just sends individual packets of data

HTTP is a TCP protocol

@thick minnow firewalls operate on layer 4 usually

so they know IP & transport protocols

I'm familiar with these states

ye

idk it's a standard or just just ubiquity naming

@peak cloak this is the filter for incoming traffic: https://i.imgur.com/IN9RVyf.png

it blocks any incoming traffic that isnt NATed

hmm, I don't have the NAT option

@tame carbon so even if port 80 is blocked in the firewall, if you have still made tcp connections with a website, it won't block it? I'm new to this stuff

@thick minnow define blocked

like

@thick minnow what are you trying to do?

host a webserver?

depends on the state, if you block everything: established, related, new, and invalid then in theory the website shouldn't load

usually when you block a port in windows I think it only does new

established is for packets that are marked to an established connection

related are for ICMP control messages

ah ok

and such

never understood related

just new, established

https://i.imgur.com/Hxr3shL.png

I guessed from the top of my head

and I was right ^^

so if you block new connections you won't be able to load new websites you haven't been to before in your browser?

if you added the rule and there are existing connections, those will stay alive

until they disconnect

then they wont be able to reconnect

again

I am drawing from how mikrotik does this

no, if you you block just new your computer is initializing the connection and because it's stateful is expecting a reply. you need to block established as well if you want to not be able to connect to a website

network stack works quite standard on most systems

since all this jargon is pretty standard

@thick minnow when you open your browser and punch in google.com

your browser initiates a TCP handshake

right

https://upload.wikimedia.org/wikipedia/commons/f/f0/Three-way-handshake-example.gif

the firewall

sees this stuff too

and it knows who is talking to who

and has a little internal table, where it keeps track of what packet is what

so if you initiate a request

your browser sends a TCP SYN

'SYN' is synchronize

the server then responds with an ACKnowledge and also asks for a SYNchronize

to which the client responds with a simple 'ACK'

after this, you can send data

commonly referred to as a 4 way or 3 way handshake

wireshark is a tool where you can see all these packets

@tame carbon right, so how does the firewall handle this. how can you still access websites if port 80 is blocked and you can't make the handshake at all

https://i.imgur.com/ehDv1Ke.png

my laptop is quite talkative

on windows, I don't think you blocked all of port 80, just for new connections

also yeah monkey I think I've heard of wireshark

@thick minnow it just has a wildcard for any traffic to port 80, but what are you trying?

are you accessing a remote host on port 80?

or are you providing a service on port 80 and cant connect to it from another machine?

I'm not attempting to accomplish anything, I'd just like to know how this actually works

@thick minnow I think you should start with the OSI model

HTTP is a high level protocol

there's a lot of stuff under the hood

https://blogs.bmc.com/wp-content/uploads/2018/06/osi-model-7-layers-1024x734.jpg

So think the simplest terms first

layer 1, the physical layer

thats the cable plugged into your computer

those use electrical signals

to implement a data link layer

this is what 'ethernet' is

a standard way to give devices a physical address (MAC) and a mechanism to exchange information between those devices using LLC

MAC is Media Access Control

and LLC is https://en.wikipedia.org/wiki/Logical_link_control

yeah, and then ARP connects MAC addresses to IP on the network layer

Yeah, ARP is to resolve an IP associated with a MAC

routers use this

switches do not care

switches use ethernet

so ontop of ethernet, we introduce some kind of logical addressing

in our case, its the Internet Protocol

commonly version 4, or even version 6

there's also some control protocols to aid the internet

like ICMP

ontop of this

we have the transport layer

transport layers defines individual end to end connections

it defines ports

and a protocol type

and if you really want to know what it looks like

sec

@thick minnow this what an IP packet looks like

https://i.imgur.com/XhsogKF.png

see the field protocol

https://notes.shichao.io/tcpv1/table_5-5.png

These are the values

for protocol

then there's source and destination IP

and after the header, comes the payload

difficult to find good images of this

https://upload.wikimedia.org/wikipedia/commons/thumb/3/3b/UDP_encapsulation.svg/420px-UDP_encapsulation.svg.png

this is the basic principle

where would you recommend I learn all of this? I'd like to have my own resource to learn this stuff

its called 'encapsulation'

mh

I self taught reading things online

https://codeburst.io/learning-the-osi-model-32b48cc55bdd

like there's tonns of blogs online

I actually liked my time doing CCNA for all that too ~

I grew into this

I have a programming background

but CCNA is very cisco focused

example of a wireshark capture when connecting to example.com

and eventually taught myself how to write networked software

@peak cloak there's no handshake

if you right click the entry

you can follow tcp session

I guess I get that, I just don't get how the firewall knows which connections to block

and see the handshake too

@thick minnow it has a list of filter rules

ah ok

@thick minnow https://i.imgur.com/7iJNPet.png

like

^ this is my firewall

accept permits traffic that matches the filter

and drop well, drops the traffic

there's various chains

like forward is for routing

so it can block incoming requests, like people trying to connect to your machine, but still allow you to get the data from websites?

yeah

@thick minnow yeah, because most firewalls permit outgoing new connections

so you are the one that establishes it

if you explicitly deny outgoing traffic

you cant establish a connection

by default, you deny incoming traffic, except for established connections

and then you may open individual ports for certain services

at home, port forwarding is a typical example of this

though port forwarding is NAT, which is a bit more complicated firewall trickery

at home, where you have a local network

and 1 public IP

your router plays 'masquerade'

when you connect to a site, the router modifies the headers so that the website sees the connection coming from your public IP (your router's IP)

each TCP session assigns a specific port

@thick minnow when you connect to port 80, you also send a src-port, usually in the 40000s

this is the port that your system will listen on for a reply

its random

@peak cloak get me a screenshot of this

I have to go for a bit but thanks for all the help and if you keep finding new info by all means send it

I'll be back soon

xD

I feel I can't do the explanation well

its too complicated to do off the cuff

is 43496 the port?

I never knew tcp did that

wher?

oh oyu mean 80 -> 43496

yes

thats the port your computer opens

@peak cloak NAT sits inbetween this ;)

you can have infinite incoming connections on a single port

but only have a limited number of outgoing connections

for each tcp session you have to open a port

there's a reason its a high port

lower segment, 1024 requires root permissions on most systems

since services live there

Would what I want not be possible in SwitchOS?

There’s no point in me buying MicroTik if I would need RouterOS, I’d be better off just buying Ubiquiti with the price savings.

@tribal ferry nah just saying, you get the benefit of being able to just use winbox to manage it

runs same system as all the other mikrotik devices

It would be a set and forget sort of thing

even though it is a switch

yeah it is

when you buy it out of the box

and boot routerOS on it

its configured as a switch

with no fw rules

etc

The price savings are still marginal, it’s only around $80.

no dhcp

it only has a local management IP that it gets from DHCP

No hate to MicroTik but it’s probably better for me to just incorporate it into UniFi with their switches

yeah

@tribal ferry the reason its nice to have is because it can do some routing

just not as fast

1200mbit/s

if it was just a switch

L3 “features” I’m guessing?

it runs full fledge

so it can even do VPN xD

not that you'd want to do that

I mean it’s nice, but I would really never use any of the L3 features

It’s just my home after all, not an office or a data center

https://i.imgur.com/igYR7hh.png

I got 4 mtiks here lol

Alright so you’re the guy to ask for MicroTik questions lol

this network is in essence a 10G router on a stick

with two smaller routers downstream

the CRS305 is just the 10G bridge

I use VLANs heavily here

I’d love to do what I want to do right now but then again I don’t want to run a fiber cable outside in 30 degree Fahrenheit weather

I do as well

this is what you mostly do

https://i.imgur.com/LUY33Si.png

that’s winbox?

yeah

so it’s a centralized place to manage it without some sort of controller?

https://i.imgur.com/9FuJnA6.png

its just their client software

works for all their devices

I have FQDNs everywhere

so I just redacted that ;P

Tabbed to another server, you’re fine lol

I have the RB4011 as main router

I mean they’re very compelling, it’s just whether I want to split it now as there is not a gigantic price difference

https://i.mt.lv/cdn/rb_images/1633_l.jpg

this thing is baller

I saw that during my initial search, it did look cool

except @hollow marlin ruined it for me

he said it was better if it had 2 SFP+ ports

@tribal ferry dis thing is a beast

is that port SFP+?

yea

10G

just plug it into an aggregation switch

no need for two sfp+

thats what I use the CRS305 for

ah alright

but this is the 'router on a stick'

that some people are not a fan of

what’s to not like?

lol

https://upload.wikimedia.org/wikipedia/commons/4/4d/Router_on_a_stick_concept.png

layout?

well

congestion is an issue

there's advantages and disadvantages

with an aggregation switch?

Yeah you are now handling routing for WAN and LAN at that point.

advantage is less cables, cus you can use VLANs

but if your WAN is on the same switch

your traffic hits the trunk twice

in this scenario ^

PC 1 traffic to PC2 goes over the trunk twice

ah

but in all honestly how much latency does that put in?

I get my internet on vlan 168

but my LAN is vlan 1 (no vlan)

public internet traffic ( to my public IP range) is on a seperate vlan here

you have multiple ipv4 ip's?

I have a /29 that routes through my WAN

nice

residential?

well, its a residential connection

but the plan is corporate

let me guess

benefits ^^

fiber?

obviously

what country are you in?

The netherlands

and before you ask

ah that makes sense

https://www.weserve.nl/nl/fiberfttx/

Thats my ISP

I pay about 16 euros extra for 8 IP addresses

I have like 4 of them allocated right now, out of the 6 I can address

I loose two addresses, because one is the router and one is broadcast

though I could masquerade over that too, I've been able to host a service on .1 and .7

@tribal ferry my ISP only deploys a 1G fiber

https://i.imgur.com/wsK27JY.jpg

My house has a 2Gbps Gigabit Pro from affinity if I ever upgrade

so I use a media converter

and I’m extremely rural

to go onto copper

I live rural too

they had this initiative 2 years ago

if everyone signed on

they would roll out fiber

so I went around neighborhood

getting all these old timers and farmers hyped for fiber

xD

if I only that would work for me

lol

I actually moved since then to a new location

which was also under the same initiative, but only 9 months behind

What’s your uplink?

1 gig up and down?

thats max possible, but too expensive for me

I have 250/250 right now

I’m on 1 gig down / 50 up copper

I’m five minutes rural, my house is on a main thoroughfare that cuts through the countryside

wait, I have more bandwidth than crystal

@peak cloak yeah peering on corporate lines is more expensive than consumer plans

ah, your on a corporate plan

consumers get 800mbit/s for like same price I get 250mbit/s for

but they don't have an SLA like I do

why do you want to be on business than?

ah

@tribal ferry because extra IPs

do you really need an SLA though?

do y-

oh alright

and a tech support that speaks tech.

like

not some moron

When you have to explain to the other side what latency is

you are doomed

Only good ISP in my area is Xfinity which is who I’m through

yikes

@peak cloak lol but that 250 is my home rack

my hosted services are on linode

I tried to explain IPv6 to a tech support person once. They thought it was some kind of router

I get blazing 2gbit/s on that network

yeah I remember talking to some guy in Indonesia on a Saturday when the main offices were closed.

@tribal ferry https://www.fs.com/

@tame carbon what do you need/use the extra IPs for?

But I am running show ip arp I am not seeing your IP. Can you please check your configuration

@tribal ferry There's two companies behind that rent office space. Our estate here is more than just a house

They each get a public IP from me

and have their own routers/wifi

I can sign off liability this way

And you just distribute the connection, that’s good.

I can't be held accountable for the traffic, since I do not use that IP

Oh no, I wish they were that technical, I was trying to tell AT&T that their implementation of IPv6 was wrong. I'm sure the person had glazed eyes because in the end they said "So IPv6 is some kind of router?" to which I promptly gave up

@tribal ferry I also host some services for customers of mine on my little server

nothing fancy

but each of those machines has its own public IP

not connected to my LAN in any sense

All of my company’s servers are in a Dallas data center.

Jesus, yeah I would have hung up after that

@tribal ferry the way its set up is quite rudamentary. I use the 8021q module in linux to create vlan interfaces

Only things in my home are for homelab usages.

I then copy the MAC address and insert that into the dhcp server config

when the vm boots it automatically gets a public ip

hm alright.

do you have local DDOS protection equipment or just a strict firewall?

who would want to ddos me

you haven’t said the purpose of the vm

@tribal ferry beeswax

literal beeswax or some software?

https://github.com/BeeswaxIO

beeswax, as in none of your beeswax

ah lol

some services are more susceptible to attacks than others

if your use case has no reason to be attacked then just a firewall is good

I write invoicing software that is tailored to specific business processes for come customers of mine

could be considered an ERP

but its mostly aggregating existing systems and processes, into a single system

yep you’re good then

@tribal ferry so whats running on the VMs..

APIs

:) ¯_(ツ)_/¯

which VMs?

don't you see that server underneath in the image?

I run a hypervisor on that

https://i.imgur.com/wsK27JY.jpg

ooh

currently software is heavily in development, and used in parallel to the manual old way

so its hosted here

eventually its ment to go on-site

because their DSL internet is garbage :P

or maybe when I grow bored of home lab, I will rent a private rack somewhere

because I cannot nearly guarantee same kind of uptime

really you can put the server anywhere in the world with colocation

compared to a datacenter

data center is what you need if you do need the uptime

well, my router has an uptime of 105 days now

and my server is on the same emergency power supply

fiber link hasnt gone done in... ever

because fiber

hivelocity is quite nice

https://hivelocity.net

I need something that is hosted in my country

because I'm quite privacy concerned

So something where I can literally go to

make appointment

https://www.hivelocity.net/products/colocation/

There’s one in Amsterdam.

If I recall correctly, a 120V, 1U rack space, and a /29, is $70/month

yuh I know there's plenty of parties

what about thermals?

do they not put a price on power usage?

@tribal ferry yeah but there you go

70 bucks a month

Contact them and ask them.

for 1U

I use https://Nexril.net for my infrastructure but they’re Dallas only.

you have no idea how cheap the setup is I have here

Where 70 buck what company?

Let me go see if I can find the email chat I had with their system engineer.

@tribal ferry ryzen supports ECC, good nuf for me

I use https://www.hetzner.com/ for my needs.

Cheap af

Mind you the colocation pricing varies between data centers.

I don't need Colo

honestly, private rack is all you'd need.

networked kvm

and gg

Not charging on electricity because they do it by themself

IPMI is also neat

Define a “private rack”

Do you mean a full 48U?

@tribal ferry yes

with physical access

Do you actually need that much space?

no

xD

I believe you get full access with their colocation.

this is all hypothetical lol

You get what you pay I believe

A full rack in a full Tier 4 data center will cost you thousands

yes

engineers cost money too

https://www.hivelocity.net/products/colocation/amsterdam-1/

@tribal ferry most people end up going for a cloud solution

this whole trend that is being forced upon developers

I was referring to you since you were asking for a full rack.

like azure

@tribal ferry if I had to host my services ideally you could just rent a dedicated server somewhere

thats the simplest way

Will probably be cheaper for you that way.

OVH has some nice stuff and Hetzner in Europe.

OVH is only ok for dedicated machines tbf

their VMs are ass

^

and raid is a must on their systems

they sometimes run your system with busted drives

what's a good US based VM provider?

and support is terrible

I like hetzner more than ovh because hetzner has strict privacy not like ovh

trying to stay unbiased in this conversation

@tribal ferry lol I talk smack all day about things

Half of ovh network is used for cyber attacks (ddos)

no worries

opinionated views on brands and products are totally fine

as long as they are justified

in terms of the hosting lol

OVH's VMs are so cheap because they sell you Vcores

and their fair use policy is lame

30% max cpu

majority of companies sell vcores

I blocked more than 10 subnets from ovh in my old company firewall

Linode doesn't :p

Because of ddos and website hacking attacks

dedicated servers are there for dedicated needs

https://i.imgur.com/4dzDGWy.png

VDS’s are being more popular

Virtual dedicated servers

Hetzner cloud service is pretty good with AMD processors and Intel processors

https://i.imgur.com/pADFaoL.png

good marketing strategy

And can be very cheap, I advice to go straight on dedicated there because it'll be cheaper for more resources

like who doesnt want a one-click minecraft server with 4GB/month

like, compare this to all the other 'minecraft hosters' that are total ripoffs

Haha ya linode uses a good marketing strategy

and you get two cores

You got vultr that gives minecraft hosting to

which is perfect for minecraft

you can get 1 core for the game, and the rest like network and system IO is on the other core

Depends on what plugins you use

you dont ever get lag

yeah, thats another issue

idk how mc server hosts do like 10gb of ram for 15 bucks

@peak cloak since when

Overselling.

doesn't paper also multithread chunk loading

They over dedicate more than they have on their servers.

like from here

https://aquatis.host/minecraft-hosting/

10gb ram or up to 10gb ram?

it says 10gb ram

Ya sure unmetered storage

ik it's marketing, but like how true is it

I have a friend that sells mc servers by slots not limit your ram

It’s unlimited until you use too much.

😂

i.e. it becomes abuse if you upload a tb of files

I told him I can use 6 plugins to fuck his server

@peak cloak yeah but

they upsell you

I am like: there's no way they can be that cheap

Unlimited memory for mc server

https://i.imgur.com/gkiOg8o.png

yeah, that what what I mean, it can't be that cheap

Only limited to 32 slots

@peak cloak so they bill you for the network traffic

Shared ip

That's why it's cheap

there has to always be a catch

yeah

but thats what I am saying

smallest linode

has like 1TB traffic

do the math

you'll be poor

linode seems fine. What's the clock speeds like though

😆

@lean pebble they mention all but 1 critical element

what about the network

Limited

I guess

doesnt make sense though

https://i.imgur.com/xpXni0I.png

what are they billing you for?

I bet they are on ovh or soyoustart

Gaming servers

they have a discord server apparently

linode?

Unlimited MySQL database

no aquatis

oh yeah that’s normal

Let's upload 10tb db

And test the limit

It's like one of the ISPs here in my country

ah ok so

for the dedicated IP

We offer unlimited internet up to 1Gb

you get billed another 13 bucks

😂

@peak cloak they are just cutting corners

thats why its cheaper

I feel like they just have a high core CPU

with a lot of memory

single system

lowers amount of other components you need

they allocate you a single core for your game, and all the network threads from each server are shared

cus those barely lag your game

and memory, especially DDR3

is dirt cheap

Wtf 1gb ram for free for 7 days for minecraft server

And for 0.5Gb cost 1$

@peak cloak these are probably two monkeys, one in Dallas and the other in Nuremburg

both with a fat fiber pipe, and some coding skills

and old hardware

they found in a junkyard somewhere

but all will reveal

once I pull this IP through WHOIS

Yap

Try order the free mc server

no

Free for 7 days

they have public testing servers

https://i.imgur.com/SHoslgF.png

thank you

Are you sure it's on their same server of their customers?

ofc

ok

so this is why they have all different ports

;; ADDITIONAL SECTION:
jerome.ns.cloudflare.com. 677    IN    A    173.245.59.181
jerome.ns.cloudflare.com. 677    IN    A    108.162.193.181
jerome.ns.cloudflare.com. 677    IN    A    172.64.33.181

Hetzner

xD

EU server

Germany

That's how it's cheap

And dot-tech.net

@peak cloak with a linode box you also get dual stack

For tx

and you can set up a virtual networks between different boxes

tx.aquatis.io

45.43.12.164

Well I bet I know what server brand they use in hetzner

@peak cloak https://dot-tech.net/

so these guys are what aquatis uses

Ya for the tx server

they probably run older hardware

in a private rack

makes it cheap

They are paying 64euro for
I9 9990K
128gb ddr4
2x1tb nvme

In hetzner

4 sure

yeah I guess you could run quite a few minecraft servers on that

they may not oversell on the memory

That's why it's cheap

but they probably oversell on the CPU

CPU ya

Memory they can upgrade to 256gb I think

https://knockturnmc.com/

we use a machine from OVH

have been ever since they introduced their anti DDoS

yeah you need anti-ddos when running a public server

some salty kids who get banned use booters

ye its annoying

Ya they started with it on soyoustart for testing

@lean pebble thats what we were on

they also offered multiple IP addresses

I had servers there to

it was ok

But I wanted more stable network

And better connection so I switched to hetzner

https://i.imgur.com/pAS8TMo.png

Because my ISP have direct connection to frankfort

lol game servers

aka: servers with stupidly high core speeds

Ya

now: with rgb

toggle mode in the web panel

instead of dark mode

I have dedicated server with
Ram: 64GB
Intel i7 6700
With 8tb disk
And 5 IPs

I forget what we run

64GB I believe

For 42 Euros I think

processor    : 1
vendor_id    : GenuineIntel
cpu family    : 6
model        : 63
model name    : Intel(R) Xeon(R) CPU E5-1650 v3 @ 3.50GHz
stepping    : 2
microcode    : 0x3c
cpu MHz        : 3499.997
cache size    : 15360 KB

we have like a stupid amount of cores

oh just 6

well

it runs 7 minecraft servers :3

I have 32 cores on my home computer

🤪

16 here

Let me be more accurate 16 cores 32 threads

Haha

oh cores

lol

6

I thought memory

Lol

I have 64gb ddr4 memory

32gb for windows kvm and 32gb for my main fedora

https://i.imgur.com/FCqvzFW.png

https://i.imgur.com/zqUeleq.png

laptop, server

https://i.imgur.com/2thllDn.png

desktop

we're posting neofetch now?

are we?

https://i.imgur.com/qPj8URl.png

I really have been just test running linux on pop now. I'm pretty comfortable with just the cli, and I installed KDE instead of gnome and use like non of pop's features so I'll install just plain ubuntu one day

can't expect much from ubuntu 16

this is ancient stuff

EoL soon

my kernel is a bit behind

https://i.imgur.com/3XTRRez.png

basically xD

Upgrade

Tell that to EVE-NG, their community edition is still stuck on 16. Pro is now on 18 and why I needed the license as my 3950x is only supported under the 18 kernel. To be fair, the the kernel was rebuilt with their own code for EVE

I think ububtu have the option for upgrading from one version to another.
Correct me if I'm wrong

it does

but unless you want a broken system, I wouldnt use it

besides, the LTS versions do not enjoy upgrades like that

web servers questions can be asked here?

yeah

server/linux/networking is all here

I've opened port 80 on the modem and when i type the ip it shows me the login page of the modem

your public ip?

yup

IOk

that's expected because of NAT-Reflection I think

or lack of NAT-reflection

I forgot

i thought that it could be the login page is on port 80 and it shows me that

instead of sites

yeah, well that could be it too

The problem is that i dont know how to change the port of the modem webserver

because you have the port forwarded on the wan interface, but on the lan interface it's the router's internal server

what modem router combo?

idk can you explain

I mean like what model is it

VMG8823-B50B
sorry

Nat reflection I have an issue with too. For one LAN, NAT reflection works as expected but for LAN2 with different internal private address, it incorrectly redirects to the router page

I need a double NAT rule?

can you change the IP of the service panel of the router?

idk how NAT reflection works. On my erx I just enable it and make sure both lan's are selected under NAT lan

Hmm

its called a hairpin

I have it on pfsense not sure how much different it ks

@oak night is this it?

Yup

found a juniper berry in my sauerkraut

that shouldnt be in there

nom nom

@oak night doesn't seem to be any info on it, but you could host your own local dns server and that way it would work. So requests to myserver.example.com at your home would resolve to let's say 192.168.1.4, but requests to myserver.example.com on the internet would resolve to your public ip. I think it's called split dns

How do i host a DNS server?

or just modify your hosts file

I'm 99% sure you can't in the router

oh you mean on the local computer?

ye

but tbf

what matters it

if he can forward, and external requests are forwarded properly on port 80

wait

is there no way for hairpin NAT ?

There is like no public manual on that router/modem

I agree

Hairpinning is needed because in terms of firewalls, NAT is typically associated with firewall polices and zones, aka from zone X to zone Y then NAT this IP to that IP. When you are trying to reach a public IP that is NAT'd internally, IPs exist on the firewall logically, so the the firewall sees the destination as it self as there is no current NAT connection in the table. Generally hairpinning should be avoided and instead devices with NAT'd public IPs should be reached with privates or in their own zone segmented off

I did it on my fedora only because I don't have enough time to rebuild the kvm machine I have there

Upgraded Fedora 31 to 32

@hollow marlin thats what I do yeah, I dont hairpin here

I just punch the ip in directly

or use dns

though most home wifi routers use a hairpin by default

What is the main problem ?

#networking message

@tame carbon Enterprises very much avoid hairpinning. Its not just a checkbox and some configurations can be a nightmare to not only configure but troubleshoot

yeah on mtik you have to configure a seperate rule

https://wiki.mikrotik.com/images/2/2e/Hairpin_nat_1.png

/ip firewall nat
add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=80 \
  action=dst-nat to-address=192.168.1.2
add chain=srcnat out-interface=WAN action=masquerade

creates the forward

/ip firewall nat
add chain=srcnat src-address=192.168.1.0/24 \
  dst-address=192.168.1.2 protocol=tcp dst-port=80 \
  out-interface=LAN action=masquerade

I should use split dns. Is there an easy way to "sync" the public and private name severs, or should I just not bother and do it manually seperatly.

and this adds the 'hairpin'

@hollow marlin so here its actually sanely configured

Yep. Then in enterprises imagine that have that at scale. While summarizing can alleviate some, it becomes a mess

He opened port 80 and now when he surf to his public IP he get into his router ?

yeah not sure what is going on there

Home routers doesn't support it

From my knowledge