#networking

not much you can do wrong with those

I have one of those with 8 ports under my desk

that is tiny version of mine

I mean that's router stuff not AP

@peak cloak does it matter?

Tplink routers dont have their ratings on them either

they have gigabit ports

I doubt they can even route at that rate

yes their business omada do

called it

800mbit xD

Its same story on their 2.5G lineup

they cap out around 1.7gbit

and thats with minimal firewall configurations mind you

once you add some more rules, that speed crashes.

@tame carbon it is plenty to aces the intrnet wierlesly an transfer medium files to a nas wierlesly and the gibit loocal can do the rest

sure if you have a decent switch

then its a nonissue

but I have multiple subnets here

https://www.newegg.com/netgear-gs316-100nas-16-x-rj45/p/N82E16833122822?Item=N82E16833122822

and then you do need routing

if you want to be able to use the full 1gbit

cable or router

fiber optics

xD

it is an rj54 switch

cat 6 cable

if you plan on doing VLANs, I wouldn't get that switch...

what is a v lan

virtual LANs

allows you to have multiple networks in parallel on the same cable

loll it is 16 port that is plenty

managed switches are capable of handling this

@tawny hemlock nah, for network segregation and security reasons

Like, my guest network here

is on a vlan

completely isolated from my local network

but its using the same APs

but really, my setup is not really applicable to the situation you have

there is one network if i let pepole on the wifi i know that they wont hack the network

https://cdn.discordapp.com/attachments/776722183119699988/777646103775674368/IMG-20200922-WA0001.jpg

see that one fiber optic in the middle ?

that carries like 6 different networks

the switch on the other side, splits this up into multiple ports

this functionality is part of ethernet

its an extension, that switches can use to 'trunk' connections

@thorny vector new breach, of course it's cloud connected security cameras and a super admin account https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams

lol

someone about to get fired

if you properly isolate your networks

this doesnt happen

@peak cloak the rise of ipv6 with unsecured firewalls

most home users are safe because they are behind a NAT

I mean it's one simple firewall rule

how hard can it be

can't wait to start portscanning v6 and find a camera in your mom's bathtub

deny all new connections

sure

allow established related

but clearly these guys at Tesla

simple

it's not tesla

Are these cloud connected cams?

yes

F

it is called glass wire

@tawny hemlock that's just linus shilling

glasswire?

oh yeah

lol

glasswire is

that won't help you

wireshark

and nmap ftw

^

goodby

@peak cloak in my spare time

might write a small document

we can reference, for like example setups

and what to get

generic questions we get everyday

@peak cloak interesting, but still small potatoes compared to the OWA hack

SolarWinds wasnt too long ago

The exchange hack makes Solarwinds look like small potatoes

It’s been the year of the exploit so far. Even sudo had a major CVE so far this year

russia and china going on the offensive

this one seems to be just some group https://twitter.com/nyancrimew/status/1369373713121083395

NAT isn't security but provides a security like mechanism. But for v6, even just using 2000::/3 it has been proven that even with a substantial botnet, scanners are pretty much useless. Even if you know the /64 it still is a challenge.
People though that do not have a FW or just any/any pretty much deserve whats coming

This would be really useful

@hollow marlin security through obscurity is no security

and yeah, NAT behaving like a security mechanism was exactly my point

but I think UPnP and phone-home-backdoors are the main offender

@plain siren https://www.datacenterknowledge.com/uptime/ceo-says-fire-has-destroyed-ovh-s-strasbourg-data-center-sbg2

what a disaster

How can I connect my gre tunnel to mtik ?
My gre tunnel is centos server.

Shouldn't you move off of CentOS soon?

🤷‍♂️ Well, at least he gets to claim that insurance check. 😃 👍 👍

@lean pebble /interface add gre

https://i.imgur.com/OFurJr5.png

Ya but I can't make it connect to my tunnel

Only the mtik side not working properly with my tunnel.
I can't ping from each side to internal IPs like 10.70.1.1 to 10.70.1.2 I can't do ping.

Route unreachable

is the tunnel active ?

might want to assign the interface to a list

fw might be blocking things

Security company's first sentence on their website: "By approaching safety with a software-first approach, we’re making security as seamless and modern as the organizations we protect."

@lean pebble in the mikrotik docu, they configure routes manually

https://help.mikrotik.com/docs/display/ROS/GRE

https://i.imgur.com/ssNF0yt.png

😉 This is why I will never buy security cameras, not even one for my computer really. The camera on my cell phone is as far as I'll go. If it has a chip in it, it can, and likely will be hacked. 🤷‍♂️

Why?

Just setup a secure home network with ip cameras

And these companies can blow me with this IOT trash as well.

Are we really talking that word "secure"? Come on. 😐

https://tenor.com/view/negan-jeffrey-dean-morgan-really-are-you-sure-the-walking-dead-gif-8372091

If really want to be safe

just dont connect them to the internet

litteraly no way of hacking them

If you say so.

You'd think these "security" companies would have thought of that. 🙃

No because they need remote security and their software is probably garbage

that combination = getting hacked

lol

Ya I used to use it when I was with my fortigate

@lone sun I have my ipcams on their own isolated subnet, with no route to the wider internet

I think it's firewall issue

@thick minnow But these guys are still in business despite being complete shit heads at their job. 😆

In mtik

not for long lol

@lean pebble go to bridge -> ports, make sure it is assigned
otherwise, add the interface itself to an address list

If i had security systems from their company id get other cameras

if you make the tunnel part of your LAN, it should automatically pass through

@thick minnow those cloud connected cams are 0-setup effort

Assigned but I lost connection 😆

but they also phone home

At least I'm testing it on specific internal ip and not on all the network

I planted two trees today ^^

gonna plant two more after this break

digging hole is effort

🤔 Yeah, my school has theirs set up like that. So they were the only thing that still worked when they got hit with a DOS attack. Don't think the perps ever got caught either. Probably old students that did it since they actually show you how to do it. 🤣

my uni was using Eduroam

its an american educational network

and their take copyright serious xD

some students got expelled before for torrenting

I've delt with DMCA before on my content hosted in EU

I love it when stuck up asses in the US come begging for copyright claims xD

I reply: US law does not apply here

and thats usually the end of it

wow

my school just downloads mp3's of exams and shit they really dont care lol

they also just give digital schoolboks

books

my school handed out pirated version of Power Designer

a legit license costs 15k

like

The issue is mtik firewall

@lean pebble it most likely is

@lean pebble did you add the gre tunnel to an interface list???

Trying to understand how to add the rule

Yap

you shouldnt have to add a rule to mikrotik fw

as long as you assign them to the right lists

I did by the guide but I didn't saw anything that say about rule

@lean pebble go to the GRE tunnel settings

make sure keep-alive is enabled, and that allow-fast-path is set to no

coffee break is over, I'm afk for a little while

The server can ping now but I can't surf from my pc

@lean pebble can the tik ping the server?

might still be a routing issue

Yah

if server can ping the router, and vice versa

but your LAN cannot reach the server

then it is indeed a routing issue

Both side reachable, are you that can be route issue ?

I think mtik blocks the connection from surfing

@lean pebble assuming GRE is similair to other tunnels

might be useful if you assign a 2nd bridge

and then route between those

I use a 2nd bridge for my VPN endpoint

Do external to internal and internal to internal ?

something like that yeah

you have a 172.0.0.0 subnet for your GRE tunnel

Gosh sounds like alot of latency

wat

internal routing doesnt add more latency

Well now I'm on 61ms

It should work nothing changed on this server since 2019

It's just the mtik firewall that block me

@lean pebble if you look at the fw counters

when you make a connection, see which one is counting up

assign logging to that rule

so we can see what is happening

Almost all of them

Even drop rules

Well mtik is blocking my tunnel

Well you correct it's something related to the route

might want to add a firewall rule to accept forwarding traffic

I had the same issue with fortigate but it was the fortigate firewall back then

and assign the filter to your GRE tunnel

@lean pebble the thing is, I don't know anything about GRE specifically

I've only set up PPPoE and L2TP tunnels so far

Well gre gateway came from cisco I think if I'm not wrong.
It's nice but I just want to practice it on mtik to in fortigate it was hell

At least I learned not to check on all the network subnet 😆 like I did the first 10 times

I have one that so forward to everything some default rule

Oh my bad the default one is passthrough

Whats the config on the tik? GRE is pretty straight forward and usually a 1) missing route 2) wrong tunnel src./dst. IPs 3) firewall policies

@lean pebble poke

@hollow marlin he was able to get ping capabilities between tik and host, and vice versa

just the routing which is jacked up

Yeah he will need to add statics to get across the tunnel. Id do OSPF

tik website suggests just adding the routes by hand

Statics are easiest which is why

All is configured correctly I guess it's firewall or something like this.
I got ping from the server to the mtik and from mtik to the internal gre ip but can't surf.
I didn't touched the gre server since 2019 so it's should work correctly.

I have 2 routes that configured for the gre tunnel they're reachable

What are the routes pointing to?

I'm testing the tunnel only on specific IP

70.1.1 is my server

20.11 is my vm

my vm gets the ip from the dhcp but can't access the internet while gre tunnel on

@lean pebble do you want your VM to use the GRE tunnel for internet?

because if you don't. Then its a route-metric problem

just for testing for now

otherwise, you might need to setup a NAT rule for your GRE traffic

since GRE -> WAN, would need to be NAT'ed

Testing on one machine instead making my whole network go down

how and where do I do that in mtik?

@lean pebble in NAT, you have a masquerade rule for your LAN -> WAN

might be, that this does not apply to traffic originating from your tunnel

though.. this is odd

this rule goes directly to wan

yeah, it should be a catch all

for any WAN traffic

ya and gre is not wan

no but when you want to browse the internet from the other side of the tunnel

the tik still needs to masquerade the addresses

ya I know

the mtik configuration need to be fixed

Can I add another masquerade rule?

Yeah

found it

@hollow marlin thoughts?

but I guess I did the wrong list to

the new rule doesn't get anything to it

NAT is not needed for GRE, when the source interface is specified its going to use that when sending/receiving and the GRE header is how it determines what tunnel it belongs to

so what should I do ? those routes are ok?

Without a view of the topology, I cant answer that. It sounds like its
VM-->(GRE)-->Tik-->internet?

yap

gre connected to mtik

What is the local interface the host that the VM is on connected to?

the vm have dedicated network card

Whats it's IP

10.0.20.11

https://youtu.be/ex9NonuHXow?t=268
🎵

post your gre config on the mikrotik

Local address needs to be your public if you are trying to connect over WAN

Local and Remote addresses are the interface on which the traffic with be sent and received. The GRE header has a new IP header of these addresses which encapsulate the original packet

for some reason gre tunnel not working at all on mtilk while using the external ip of my netowrk there

Where is the VM located? In the cloud?

what vm? the gre tunnel?

gre vps ya in cloud on my dedicated server

the other vm in my home network on my pc

Its should not be working unless you have another tunnel somewhere in your network. Return traffic will try to send to 10.70.1.2 which the VPS cannot route to

On Mikrotik you will need to add a filter to permit GRE on the WAN interface

oof. the documentation does not say anything about this

Their docs do not take FW into account most the time for simplicity

where?

firewall -> forward chain -> src. IP (public of VPS), protocol GRE, permit. Move that to the top of the list

Wait it might be input chain, as the Tik needs to process it, try input chain instead

ok

I guess still needs to do more things

the rule gets traffic but still not working

Ok so if its getting traffic, is the GRE in the LAN interface list?

or whatever list you setup if the default is not used

yah

the filter gets traffic but the GRE itself get nothing

route unreachable

Well you have a default route right?

ya

so the route table is showing unreachable now? if so paste whats its showing

ya

Thats because the tunnel is down

Let me toss up a diagram on what it should look like

tunnel is up

enabled

Its now showing up?

yah

it was always up

just no traffic to it

Its going to show up always unless there are keepalives, its a hard state protocol by default

On the VPS, what is the config?

the pvs config is correct I used it 4 months ago on my old forti

never changed it

Its still worth looking at to make sure

BOOTPROTO=none
ONBOOT=yes
TYPE=GRE
PEER_INNER_IPADDR=10.70.1.2
PEER_OUTER_IPADDR=82.81.0.0
MY_INNER_IPADDR=10.70.1.1
ZONE=public

btw they both opened in all ports to each other

I think the firewall rule is useless

Well you need to change the peer_inner to your public

are you sure?

it was always like this and worked perfectly

Think of these config statements as maps, "if a packet with the source of 82.81.0.0 and destination of (Public interface) is received with the protocol type of GRE, then logically it matches GRE tunnel 1, forward the packet"

Also with that config, your dst. interface is in the same subnet as your tunnel subnet, that is called recursive routing and will fail. Honestly am not sure how that was working at all

I have the fortigate config and I see there that I had internal port that was configured for both external ips and static route to the internal ip of the router and the gre

thats why I asked where is static routes

Only static routes that should exist are defaults and routes of the **remote **destination subnet

fixed

half

I can ping again

Well progress. Now are both tunnels using src/dst public IPs for the GRE?

ya

nice can ping from both sides but not from my vm

my vm don't get the tunnel ip while surfing the net

So if tunnel interfaces, 10.70.1.0/24 can ping, tunnel is up. Now check the routes on both the Tik and VPS, each should have a single route to the remote subnet with a next hop of the remote side of the tunnel

mtik have 2 routes

It will, a connected route and a static route

ya the static route not working

no more ping

mtik so weird with this gre

the static route not working good

@hollow marlin can you take a look ?

is 10.70.1.1 the mikrotiks GRE tunnel IP?

no the server ip

mtik 10.70.1.2

That route looks good then

so why mtilk not letting use it xD

my vm lost connection again

Its going to use it, especially being a /32

        set srcintf "internal"
        set dstintf "dyson2"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set nat enable
    next```
This is my old fortigate firewall rule for the gre tunnel

without this I had no way to get connection

If you go in cli and run ip route check 10.0.20.11 it will show the route and what path it will take

route ok

but firewall blocks it I guess

GRE sounds like an amazing protocol

its good until firewall gets in your way

xD

https://www.youtube.com/watch?v=e9oNlM7ROeU

It is, its really simple. You just have to have an understanding of routing and how its processed

l2tp was boop and it ran

No L2

yeah its layer 3 tunnel

No I am saying no L2, always go L3

I hate L2

how so?

I have nothing to compare against..

I chose L2TP because its what android can run with "always online VPN"

For P2P its not as bad but now you have BUM traffic chewing up bandwidth, caps and CPU

Add a few sites and now you need proper design with STP

i have a seperate bridge for my VPN

and just route between those

no broadcast from my LAN hits the VPN clients

Yeah thats fine

Ah, so BUM is inefficient

https://upload.wikimedia.org/wikipedia/commons/f/f6/GIF_Uknown_unicast_traffic.gif

Not inefficient, just unnecessary for a majority of cases

@lean pebble You find which FW rule is catching it?

Yes

everything is bad

@thick minnow

Could somebody help me?

I was blacklisted

in https://spfbl.net/delist/

https://spfbl.net/firewall/ Can somebody give me instructions how to install it?

block smtp ports on your network

contact the site about the blacklist. Typically will give a reason and offer a form to fill out to be removed from the list

I cant speak Portuguese

From the error it sounds like your ISP hasn't configured DNS correctly

who knows, I'm not a networking guy

So it was my ISP fault?

I don't even understand the problem right now

possibly, typically IPs get blacklisted for sending spam mail

nope

are you running a mail server

no apparently his IP was just randomly blacklisted, he posted it publicly in LTT even though I told him not to

Its not random, plenty of service gather IPs from malicious activity and are reported and exchanged between each other. Includes bot net, DDoS, mail spam, etc.

I am being ddosd and need help, when i change my router ip can i change it to anything or does it need to be a specific way??

Help

Yeah, I mean spontaneous. I know they won't blacklist his IP without a reason

how do you know you are being ddosed

just change your IP

My down traffic is off the charts

are you running any services

To what tho, any series of numbers

unplug your router

No everything is disconnected

block all inbound traffic and use your mates wifi that's what I'd do

shitty router firewall then

probobly an open service on the WAN side?

I am in the router settings on my pc

What can i change the ip to

Umm how do i acces my router i dont remember if it 192.168.1.1 or 192.168.68 or

what is it?

what I mean by IP is release the DHCP lease and get a new IP, although idk if it would work on PPPoE

English pls

You cannot change your IP unless you have a static block

^

What does that mean

well DHCP

exists

It means your ISP determines your IP

Releasing the lease or leaving it off for a period of time is hit and miss depending on lease time

yeah true

depends on a lot of factors

Our leases are for a week, PPPoE pulls its addresses in the same fashion

still looking for the rule that block it

so

how do i acces router

those numbers

1.1. or what?

Send me the FW in the CLI output in a DM. ip firewall print

bad command name print (line 1 column 13)

why router is nor responsing?

bruh

So i need block stmp ports yes?

@thick minnow

sorry ip firewall export

@peak cloak rofl

the datacenter memes have started

a german meme site went offline, and they literally just came up minutes ago

you think anything is still intact?

2 of their 3 "nodes" were pretty damaged as I've read on the newspapers. It's kinda strange that it ignited that easily

Hello i need help

With technic color router

Technicolor TG589VAC v2 ADSL/VDSL router

@thick minnow shoudl i disable dhcp?

no

no to prevent spam email server?

wdym

you have no control over your public IP @thick minnow

You might've been hacked, and your computers might be part of a botnet. Lithuania is close enough to Russia that it recieves/gives a high amount of cyber attacks

i can

i have router

i can block it

i just need to check it

Seems its out of date

Can some find Technicolor TG589VAC v2 router update file?

I would apreaciate it

Is there anything suspicous?

do i have to have DHCP server option enbaled?

@lavish fog Internals made of wood

@thick minnow @peak cloak that's a troll dont pay any attention to him

@tame carbon From r/networking on the fire and a tweet, like actual serious tweet, of a customer to the DC plant
Any news? In a Professional datacenter putting everything down for a fire is quite unprofessional. How much hours or days we should expect from this? At least we can organize.

lmao

thats quite crass

looks to be a fivem server admin

They mentioned it was a GTA RP server admin, you know, the critical services to be worried about

yeah fivem is a GTA mod

@hollow marlin bunch of people mad that their VPSses are gone

https://i.imgur.com/qYLxxEf.png

is that pile of ash FIPS compliant?

@untold elbow

https://www.datacenterknowledge.com/uptime/fire-has-destroyed-ovh-s-strasbourg-data-center-sbg2

hope they have dr

glad no one was hurt

estimated 3.6 million sites are down

yeah, people were on twitter crying about their GTA:V RP servers being offline

while the stack was still burning

i mean, to be fair, gta:v online is super fun

no backup - no mercy

exactly

sorry but it's true

also EVERY EU Rust (the game) Server is gone

they dont have any data backup anywhere? or is it just not spun up yet?

Cloud to ash

@untold elbow wat? backup?

you do those yourself

nah, virtual rented machines, no actual cloud afaik

bummer

something something "you get what you pay for"

https://cdn.discordapp.com/attachments/765292850219843645/819272935558610944/unknown.png

A "disaster recovery plan" on OVH is "find a new host"

oh god

yeah i guess i'd kind of expect a DR plan to be included with any hosting provider's SLA

unless you were getting super-saver hosting

Well

OVH is that

exactly

never heard of them until now, i'm in the states

they dont have servers in US

because patriot act

god bless murica

you keep those commie fire servers

lol

our servers are made with 100% grade-a american asbestos

nah just means no NSA lurking around

https://i.imgur.com/X89Vuk9.png

that's wood.

is that the datacenter in strasbourg?

no it's wood

this is a similar one

https://www.ovh.co.uk/images/news/rbx4/datacentre_rbx4_construction.jpg

RBX4 another one of theirs

https://www.ovh.co.uk/images/news/rbx4/datacentre_rbx4_ensemble.jpg

no suprise then

metal plates are faraday cage against EM

ok but there are lots of wood buildings that don't burn

i don't think we can just say wood buildings = bad

@untold elbow no fire supression systems

only smoke detectors

wait what really?

yes

wooooooow okay

it's cheaper

:D

^

how is that even legal?

they just build a new one

¯_(ツ)_/¯

Its probably different than US laws idk

yeah, must be

us requires special nsa brand sprinklers in every room

they have very dense racks

basically bare boards on some kind of plastic rack system

water cooled

but its all quite jerry rigged

And this is what Floatplane runs on /s

sinkplane 😦

they also don't do much redundant routing and network

so sometimes you'd have hours of downtime if you were unlucky

no surprise there either

on their lower end gear on SYS and KS harddrive repairs can take multiple days if you are unlucky

they just run this hardware into the ground before they replace it

oh god

I used to use KS back in the day, until I had one drive failure

and no support.

SYS is slightly better. offering SSD storage primarily

though still no backup facilities

and their enterprise lineup, looks well.. the same xD

only difference is some software magic around it

@rocky badge but they are one of the rare few that rent out overclocked desktop processors xD

🥴

those are very popular for minecraft

Yeah....

you dont care about it crashing, you have a plan for that

but oh god

and you run a ramdisk off a 4.5GHz i7

and have blazing fast gamespeed

no latency at all

can run you up to 500 players easily with that hardware

My MC server is running on a Xeon E3 1280v2 😂

but yeah, its a tricky path. And I wouldn't use this without some kind of cluster hosted elsehwere xD

mh. let me see what mine is on. it is SYS...

Running in a friend's basement

model name : Intel(R) Xeon(R) CPU E5-1650 v3 @ 3.50GHz

https://ark.intel.com/content/www/us/en/ark/products/65725/intel-xeon-processor-e3-1280-v2-8m-cache-3-60-ghz.html

Yeah, 3.6ghz/4ghz boost

https://ark.intel.com/content/www/us/en/ark/compare.html?productIds=82765,196645

in a PowerEdge R210 ii

woops

The storage 😂

its running RAID 10

omg nice

https://i.imgur.com/VPHO4gJ.png

not sure

Micron RealSSD P320h

but I'd assume mine is fast??

this was before NVME iirc lol

its PCIE gen 2

69 watt

nice

nice

140 lol

@rocky badge oh you're gonna laugh..

https://i.imgur.com/GHipFcQ.png

😂

what other bare metal hosters are out there besides OVH?

Inmotion, vultur?

drill go brrr

@rocky badge yeah they charge considerably more than OVH

yea

hey

Yeah I saw that and was hoping it wasn't where my servers were. That would have been fun to fix. It will be interesting to find out the cause.

not even the cause, why wasnt it put out before it got anywhere

the places i worked in would have alerted before flame started

building looks modern so idk thats a big miss

is this wifi card any good?

download speed is less than half of my galaxy s9

y

are you far away from your ap?

@wise sedge

my phone and laptop in the same location

is your phone using 2.4GHz and your laptop 5?

this could be an answer

both at 5g

funny

well the 9560 is powerful

oh wait, might be location

is it behind a wall or something?

if I have my phone on top of my laptop speed goes down

in a corner?

yeah, in a corner...

moving like 2 steps goes from 70mb to 300mb

try 2.4GHz then. It MAY go faster

since 2.4GHz has a higher range then 5GHz

and is less sensitive to walls

or move the laptop

if that's an option

the best I can do with 2.4 is ~70 even at an optimal location

is that expected?

Is the router far away?

best you can do with 2.4GHz is 400-600mbp/s

It is as high as I can get it on the first floor

I am on the second floor

so the router is basically touching the ceiling on the first floor and I am on the second floor 5 steps away

5 steps away from direction on top of the router

@dense furnace thanks I dont use 2.4 cause of the interference from microwaves. how do you think I can get better signals with 5g

I dont know why my 2.4 maxes out at 70mb/s then

the ceiling might be the problem

too good isolated I guess

you can do nothing about it then. Install a second router/accesspoint on the 2nd floor

I guess it being a combo box does not help

combo box?

the ISP provided one

the coax terminates in the garage with no way of getting it somewhere else without a key to the switch

combo box does not help unfortunately

you need another accesspoint for your seconds floor

thats the problem with bigger houses

It is not a big house

In a house with multiple floors, you WANT accesspoints for each floor

in order to sustain a good wifi network

obviously big enough to drop your wifi connection to 60mbp/s

what's the RSSI?

RSSI?

https://en.wikipedia.org/wiki/Received_signal_strength_indication

oh

I am at full bars

so....

it's a value measured in dBm

my phone shows -70db with my phone

that's bad

you want a value between -40 and -60

-65db 2 steps over to the door way

the closer the value goes to 0 the better

standing ontop of the ap gives me ~45db

that's good

through the floor

and expected

Oh rlly?

yeah

trough the floor/ceiling?

yesh, ~2m on top of the router

that's awesome! is your laptop standing there?

I cant place it there unfortunately, I do not live in that room

and it is like in a door way

I am just using my phone to measure things

if I place my phone on the floor right on top of the ap I can get it to -30db, but the drop off is quite fast

I mean my laptop is getting -62db at the exact location of my phone which gets -73

better antenna on the laptop?

still getting the slower speed though

nah I don't think a better antenna would change anything

-62dBm is OKAY

noise is not calculated but that's ok I guess

install an accesspoint or use a repeater at staircase

Yeah, will do, probalby the best option

yes and even "bad" wifi devices will benefit from that

I might be able to get a wired connection to my room

even better!

someone installed a line but it does not work

so I might have to replace it

you could use lan for your laptop or lan to another wifi router

oh yeah

what is a "FT4" cable?

I have a current line but no idea if it is useful

That's how I configured my network since I live in a different unit from where the router is installed.

Eh. IDK for sure, but FT4 is about fire resistance

oh

how fast a cable would burn

if exposed to fire

I dont see CAT anywhere on the cable

lol

but the endpoint is RJ45 (LAN)?

yes

maybe it's a cheap one then

is it connected to the router?

well if it's dead, then it's dead

no idea, the ISP came here long ago and had some time so he terminated it

with a jack on both side

it did not have a jack before

I think like 10 years ago

oof

iwc 4pr?

is there a way to test if the two ends actually are connected?

Hmm

Well, yes. Connect the one to the router and the other one to your laptop.
An unconventional way would be to test it with a voltage tester.

But I doubt any voltage tester is long enough

they are just wires right? I can send a voltage down one end and read it on the other

yes

maybe I will replace them with cat6, I should be able to tie the new line on one end and pull the old one out?

Yes!

but secure the jack

maybe with much tape

or the little pin will break

the current one has a date of 1996, no idea if it is the manufacture date or what

oof

that's older then me actually

superior cable w 1996 iwc-4pr 24 csa/acnor ft4/cmg 2322 meters

that is the whole thing on the cable

is it even a network cable?

No

that's for telephone

:D

ah...

maybe cat1?

I see ok, maybe that guy just got some time to waste 10 years ago and wanted to try something out

which is exclusively for telephone :D

y probably

anyway, even if it works, your wifi would still be better lol

idk what your usecase is, but go with cat6 (cat 7 even better for the future)

and install another router

we do have fiber but not paying for it right now

why do I need cat7?

just now you don't

i port forwarded minecraft java but i am unable to port forward minecraft bedrock server can someone help me

firewall settings

i tried tht

it did not work

where is it running? Windows? Linux?

win

can you connect locally?

yes

hello

hi

how are you testing the connection?

hello

how do you try to connect to the bedrock server?

port checker

on the same machine?

from minecraft from another device and another network

dyn or static ip?

static

so you enabled the port in your firewall AND forwared the port to your router?

yes

funny huh

UDP?

oh wait minecraft is tcp right?

both i use

that's really funny huh

should work then

its not u want see tht

can you show me with screenshots?

ok

forwared port in you router and firewall settings

you have UDP/TCP?

ok

both he said

oh, weird

bedrock uses UDP, Java uses TCP

ohhh

ok

25565 is working but 19132 is not working

and windows firewall?

wait

inbound rules

this is modem

you probably need an inbound rule with UDP Port 19132

https://stevegoodyear.files.wordpress.com/2013/05/win-firewall-ports.png

in this window

yes i did

"Remote Port: All ports" is wrong I guess

tht only i showed u

point it to 19132

ok i will try

and remove the tcp 19132 rule since you don't need it

I'm not familiar with windows but where did you get this window?

after creating inbound rule

oh I see

thanks

did it work with remoteport 19132?

no

huh

portchecker.co says closed?

yes

then it's a problem with the router

🤔

since it should say open even without the server running

no its fine it worked with port 25565

the server is running

should i stream and show u

nah I'm at work, gimme a second

I'll test it right now

weird

doesn't work for me either

o.o

no wait

it's open

@thick minnow

The problem with the portchecker is, that it uses tcp

but the bedrock server uses udp

https://check-host.net/check-udp?host=your-ip:19132

use this and click UDP-Port after inserting ur ip

if ALL shows "open or filtered" then your port is open.

Any mtik user online ?

I killed my internet by mistake how can I connect to my mtik ? And now I lost access to my mtik

Fixed

Well, that was quick

Ya

Well it's not complicated like it was with my old fortigate

Still trying to understand the gre tunnel in mtik

@lean pebble L2 login

Could somebody please help me out with something?

What is PON?

I want to get a new router since the one I’m using rn is slow but the Router I have is connected to Fiber Optic Stuff.

Some PON thing.

The routers on Amazon don’t have that. They just have WAN and LAN.

hey, so i have NAS at home which stores videos and pictures, but i don't know how to access these from my tv. Could anyone help me, pls?

is your TV connected to the network?

is it a smart tv tho?

@frozen cobalt

@karmic willow passive optical network

@karmic willow you'll need an ONT from your ISP, most routers cannot interface with PON directly

You should check if the ONT you have, is capable of bridging

if it is, you can just hook up your own router to it

and configure it accordingly

@karmic willow you could ask your isp if they have a dedicated Ont you can get

@tame carbon wifi router/ont combos are the worst

@peak cloak what, even with just an ethernet bridge?

I've heard stories of not everything bridging

yeah because they "bridge"

they just NAT all traffic

those are awful.

Ziggo does that here with their coaxial networks

What

@lean pebble you don't need IP stuff to configure tiks

Ya now I know it

I killed my internet by mistake how can I connect to my mtik ? And now I lost access to my mtik

Found it

yes to both the questions

i found a solution and am going to try it out

btw is there anyway to host a minecraft server on my TrueNAS server? Or would it be better to run them on different systems?

You'd probably use some kind of jail for that

run a linux kernel inside that

Better on separate

specs?

I've heard lots of people hate jails

FreeBSD

hi guys is this is the right place to ask about openmediavault?

No clue what that is but yes this is the right place

ah ok thanks

So I am trying to secure the connection for my openmediavault but I am not sure how. It says I need a certificate but I have no idea how to create it, would anyone know?

you mean a ssl certificate?

https://letsencrypt.org/

+1

You need a public/static IP for this to work

I believe so.

no

if you have a domain then no

there's the DNS-01 challenge

@peak cloak SSL Certificates are signed on an IP address.

If that IP changes, the certificate is no longer valid

no

they can be signed on a domain

does that website work with ssl certificates?

it gives you SSL certs

if you use the DNS-01 challenge you can get a wildcard cert which covers your whole domain, ex: *.example.com

The ONT thing is in my room. They set it up here.

It works as a Router, has two antennae.

I gotta go for now, I have meeting

Has one PON, one Landline and two LAN Ports.

So, if I get a New Router, I have to connect it here?

Through LAN?

@peak cloak and as for dynamic DNS and letsencrypt. it works but its suboptimal at best

if your IP changes, you depend on the DNS TTL

kinda

But this doesn't have a 'WAN'.

yeah

Just two LAN Ports, one PON and one FXS.

you will have double nat

Double NAT?

unless you somehow put it in passthough mode

Is NAT the Gaming Thing?

yeah I have one A record that changes and has a low TTL, all my other's are cnames with a 48 hour TTL

The Modem has Firewall Settings and I set it to Low.

But no NAT Settings.

My Old 4G Router had those settings but this is for Fiber, so, idk.

Hey all, if I buy and setup a vps, would I be able to reroute traffic from it to my pc?

I can't port forward because CGNAT but I want to host a minecraft server for my friends

Atm I'm using zerotier to host my server but it's not ideal since I have to get my friends to download an app and stuff

VPS=?

yes

@slate sonnet with site to site vpn yes

Virtual Private Server?

you can setup a vpn between the vps and your server

and then route the traffic over that vps

yes

wireguard is nice for this

he has to set up a host on his server

yeah

and needs a router that supports wireguard

no

or do it on the target computer directly

^

that

either would work

Are there any cheap vps services that would fit my need?

sure

google "cheap vps" for your location

Oh, okay

starts at 2 to 3 € (in europe) per month

idk the prices for US and around

That's fine

you don't need much power since you only want to route traffic, right?

you would want to get one that's the closest to you

Yes

US, Europe or Asia?

So, how would I go about routing traffic from my pc to a vps? Is there a guide that's like that?

Technically Europe

basically setup a wireguard server on the vps

you familiar with linux?

then connect to it on the pc

Yes

there are many approaches tho

you could reverse ssh your minecraft port to your vps

and your friends can connect via vps ip

That's what I want

My friend connect to the vps ip

And the vps forwards traffic from my pc to them

And vice versa

that would be the easiest setup I guess

but wireguard vps is saver i guess

never used it before tho

Is there a guide to setup wireguard on my pc and a vps?

Or do I not install it

let me look it up

give me a sec

I'm a real noob in networking

you need a wireguard server on your VPS

or get a dyndns service and port forward to your router

and a regular client on your PC

this is the free alternative

on your VPS you then configure a NAT rule to forward all traffic through the VPN tunnel

https://jramtech.gitlab.io/post/getting-over-cgnat-wireguard-gce/

he has cgnat

he can't

@peak cloak that article seems reasonable

@slate sonnet also found this https://github.com/mochman/Bypass_CGNAT

outch

yeah that's the whole reason for all of this

Yes

It hurts

can you buy a static IP?

@slate sonnet is it just a small server with your friends?

in some countrys it's just 3-4€/month

@slate sonnet or do you wish for it to be publicly available?

because if its just with a group of friends, you could get away with Zerotier perhaps

Kinda both probably

he's using that right now

That's what I'm doing right now

lol. use Zerotier on your VPS

NAT from your public IP through your Zerotier network

I don't want my friends to have to download zerotier

Okay

or do it with wireguard

that's the neater solution

then vps or reverse-ssh tunneling is your way

lol or that xD

ssh can do tunnels directly

y but then everyone without vps can join

wdym?

nah, you set up an ssh tunnel between your VPS and your game host

it's public then

you can select specific ports

I don't mind that too much

true

what? ssh?

I mean, it's not gonna be advertised and stuff

Secure Shell @peak cloak

Just going to be between me and my friends

?

I don't get it

I know what ssh is

Oh sorry

If ssh is open just use keys

ssh -L 6379:127.0.0.1:6379 crystal@main

secure

You can map tunnels like so ^