#networking

https://www.microfocus.com/en-us/products/network-operations-management-suite/overview

https://www.microfocus.com/en-us/products/hybrid-cloud-management-x/overview

And the list goes on for them

We here at Linus Media Group think we know that it is better to disintermediate wirelessly than to utilize proactively. We think that most killer web-based applications use far too much Python, and not enough XForms. What do we cultivate? Anything and everything, regardless of incomprehensibility! Your budget for targeting should be at least twice your budget for optimizing. We will utilize the capacity of ubiquitous scalable web-readiness to expedite. What does the industry jargon "next-generation" really mean? Our technology takes the best features of J++ and PHP. What do we scale? Anything and everything, regardless of standing! Imagine a combination of PNG and Python. Think granular. Think virally-distributed. Think 60/24/7/365. But don't think all three at the same time. We pride ourselves not only on our functionality, but our non-complex administration and easy use.

I couldnt even read that

http://www.andrewdavidson.com/gibberish/?companyname=Linus Media Group

corporate jargon generator.

IFTT for IT? Hmm I need to try this

Fantastic.

Micro$haft is the industry leader of scalable power shifts. Do you have a plan to become C2C2B, innovative? We frequently scale strategic co-branded, innovative experiences. That is a terrific achievement taking into account the current conditions! We pride ourselves not only on our customer-defined feature set, but our user-proof administration and newbie-proof operation. We pride ourselves not only on our feature set, but our non-complex administration and newbie-proof use.

Perfect.

xD

@plain siren this one is promising:

Have you ever needed to architect your feature set? With a single click? It comes off as staggering, but it's true! What does the term "visionary" really mean? We will disintermediate the aptitude of infrastructures to envisioneer.

groans

with enough sauce you can sell anything

@plain siren You know what's really interesting, this conversation that we're having, is already in a library somewhere

I'll prove it to you as well

https://i.imgur.com/cgd1Ign.png

https://libraryofbabel.info/search.html

completely indexed the variations of the alphabet, and it is searchable

some very clever math

HahahAHHAHA

@plain siren coolest thing is, once you've found the location

you can find the shelf it is on

and find other books next to it

that are eerilie similar

https://i.imgur.com/pMp81Wr.png

the entire library is shaped as one giant grid of hexagons

@plain siren supposedly the inside of the library looks like this: https://www.theparisreview.org/blog/wp-content/uploads/2015/07/kako-9detwzxqfqxrphos.jpg

https://github.com/librarianofbabel/libraryofbabel.info-algo

This is really an interesting project

The entire function is reversible

so you can locate a piece of text, in the library

a library of all 410 page books with every combination possible.

This can also be considered as a movement towards the infinitesimal. At present we are creating ~2 books/second. In order to create the library in, say, a century, we would need to create one book every 10^-1918657 seconds.

https://libraryofbabel.info/spaceandtime.html

@tame carbon have you read The Last Question? short story by Asimov

that project kinda reminds me of it somehow

https://templatetraining.princeton.edu/sites/training/files/the_last_question_-_issac_asimov.pdf

This is a fun read

it's a great story

would moving my 2.4ghz from 20mhz width to 40mhz width be beneficial?

in terms of speed

my 2.4ghz near me is busy af

Well, you have more bandwidth in the channel so overall throughput increases, but since its a larger spread, you run the risk of more cross talk/interference, bumping with your neighbors AP's (idk how much of a risk this is for your RF Environment, this could be totally useless), or having some legacy devices not connect

Omg, go find out whos not on the proper 1 6 or 11 channels, knock at their door, and tell them they are not helping themselves or anyone by doing channel alignment to anything but those 3

i think there is alot of cross talk in my neighborhood already everyone is using random channels

Yeah

I would be knocking at doors or leaving notes

i live in an apartment complex so not really a choice to knock on others doors, sorta impolite. I mainly use the 5ghz channel anyways

impolite is using anything but channel 1, 6, or 11

😠

Deauth everyone until they comply! Muahaha

they have it set on auto i think as the router just picks it randomly for them i guess, bad coding in the router firmware

Routers dont randomly move between those 3 main channels for 2.4GHz

They did that by hand

100%

really my router auto-ed to channel 3 the other day i set up the first time

with as dirty as your RF background is, I wouldnt doubt some routers would just ignore the rule and start trying to fend for itself if they were a bit more in depth with the rules

But jfc, to get to that point

interesting

this is a single PSU mikrotik switch

Lol, i modded an verson of openwrt to allow a higher power xD (22mW instead of 20mW) and thus have less problems with connecting to my second network. (Yes ofc the hardware isnt made for that but it allows me to do so for some reason and i have an better replacement so whatever)

just tested 40mz and it is slower

@sturdy ledge 40MHz will normally be slower, yes

i am getting 300mbps down / 140 mbps up on 5ghz anyways through 2 thick concrete walls, thank god there any more channels in 5ghz band to avoid congestion

yes you can't really use 2.4ghz effectively in a crowded spectrum

in my apartment downtown here I can only get 10-20Mbps on 2.4GHz

sometimes less

lol wait wot

yeah.. I am puzzled by it.. the only thing I can think of is that because it is a PoE switch that can do 24V passive and 802.3af/at using some kind of converting power supply, perhaps the conversion shows up as a second PSU

it would explain the difference in voltage, but it is confusing

especially with the 0.0 amp current

is there a second rail on the PSU

/system health print what does this print out?

same output

that was one of the first things I checked in case it was a winbox issue

but the /system health print output exactly matches the winbox output

and yes I'm sure the PSU has two rails because it has to be able to deliver 24V and 802.3af/at which is 48/52 volt or whatever

so PSU1 is probably actually rail 1 and PSU2 is probably actually rail 2, but it is still confusing

especially since both show 0.0 amps current

Wait... battery?

no battery

it's in a datacenter

the big UPS and generator in the datacenter provides the battery backup

/system schedule

whats run count for volt monitor

uh what?

the scheduler will be empty on a device unless you created some kind of scheduled task yourself

I have not, so there will not be anything there

the voltage monitoring happens automatically

if you have a scheduled task in there it is probably just to send an email if the voltage is off or whatever

I was going off an assumption that maybe it was set like an alarm somewhere but guess not 😛
If old revision CRS112, CRS210 and CRS109 devices are powered with PoE - Health will show correct voltage only up to 26.7V. If higher voltage will be used - Health will show constant 16V.

Looks like its just the PoE Health

While that note doesnt apply here directly, gives a good idea where its coming from

What program is that?

Wifi Analyzer by farproc

Seems kinda funky to have the PoE Voltage listed in the PSU voltage lists tho heh

yeah it is confusing

Apparently thats normal for Mikrotiks

we had some kind of power issue in the datacenter we are in where we had several devices suddenly reboot this afternoon

so I was trying to figure out if it was linked to one of the two power feeds we have

and looking at the power monitoring of that switch just confused me because I thought for a second that it had redundant power supplies and wasn't sure why the voltages weren't the same

but I thought I recalled that it was just a single power supply and verified the specs that it was just a single PSU switch

Were these devices on a UPS

they are all in a datacenter running from the datacenter's UPS

there are two redundant power feeds, only some devices went down so I assume there was only a drop in one of the power feeds

Holy shit mikrotik, I get it now

we had this happen a month and a half ago too, and it was the same series of devices that lost power

That PoE Out is the same PoE Input circuit, so its treating it like a power supply

Despite being fed from the internal Power Supply, the logic controller has no means of determining this thanks to the rudimentary "Primary Power Source" logic they are using.

ahh

I can't say how things work on mUPS in particular. I have read an explanation by @Normis that when device (a RB device with PoE in) has connected both PoE in and barrel-plug, it'll use which ever power source has higher voltage by some margin (makes sense as it only involves a pair of diodes to make this happen). If one intends to use both power supply options, it is best to have some systematic difference in voltages so that power source used won't change too much.

The scenario of changing power source is the following: let's say that PoE in has 0.5V lower than barrel. Then device will start using barrel power source. As power draw increases, the power adapter will drop voltage slightly and it might decrease to 0.5V below the PoE in. So device will switch over to using PoE in. This will drop voltage on PoE in and allow barrel to increase again, causing barrel voltage to rise significantly above PoE in voltage. And RB will change power source over again.
This changing doesn't harm much the device itself as voltage fluctuations won't be critically high. However it might upset both power adapters due to constant switching between full power draw and idle states.
``` hahahah

this could be... potentially dangerous

in this case we aren't feeding the switch with PoE in - it is only being powered by a standard AC power cord plugged into the PSU

Yeah I figured, it was just a big shock to see this tho.

it's really annoying that mikrotik capsman actually selects invalid channels

it doesn't happen when not using capsman

but for some reason when using capsman it does happen

it will choose the frequency first, then make a random choice from Ceee, eCee, eeCe, or eeeC

but that doesn't work, because the frequency selected determines which of those choices are valid

ex. 5200 Ceee is wrong, it has to be 5200 eCee

AHHHHHH I get why its a "PSU"

Its the fact you can switch between 2 voltages on the PoE-out

So it is a PSU of sorts for PoE Devices.

A controllable one so it makes sense to report the data like such

yeah that's what I said early on

I already figured that out

but I do find it confusing in terms of the way it reports it

it made me think the device had two redundant power supplies

i just read through the entire mikrotik wiki again for some reason and its still a god damn mess of links holy hell

for wifi 6 do you guys set 20/40/80/160mhz width ?

this depends on local RF Environment tbh

Most devices that support ac wifi support 80 mhz right

@sturdy ledge on 2.4GHz wireless you basically use only 20MHz channels

on 5GHz, you have a much wider band, so you can cobble up some extension channels

and go up to 80MHz

Says here that 160MHz channels are part of the 802.11ax spec

so WiFi 6 only.

@sturdy ledge https://en.wikipedia.org/wiki/List_of_WLAN_channels#4.9–5.0_GHz_(802.11j)_WLAN

https://i.imgur.com/NozRHJp.png

So if you use Ch36, you can get up 6 extension channels for total of 80MHz

Country restrictions and indoor/outdoor still applies

as well as DFS channels which you can only use if your device supports it

@plain siren living in china must suck. There's not a single full 80MHz block available for 5GHz.

This is just Xi trolling people: https://i.imgur.com/wtXYUzC.png

people could just change the regions easily in router settings

@sturdy ledge that's against the law

and subject to serious fines if you get cought.

really?

i saw many video makers from china on youtube just suggest user to switch region to USA/AUS for better signal strength

@sturdy ledge technically it works. legally you are on a tightrope

if the bandwidth police arrives, they will fine you

@sturdy ledge especially with DFS

if you operate a radio on those frequencies and don't adjust your transmit power, you can get into a heap of trouble

because you can interfere with doppler radar used by weather surveilance

You can only use DFS if your radio supports DFS channels (It scans for Doppler radar activity, and if one is detected, it reduces transmit power)

@tender hazel is there a way you can explicitly scan for DFS activity on all of the channels?

Yes, but not from a hostapd device

@plain siren yeah but those mikrotiks do an automatic channel selection

if I want to have specific channels for each radio in a designated area

and one of them is used by DFS, I wouldnt have a backup frequency configured for it to use

wait so PoE

how can ethernet give power

it's purely a internet cable

????????????????????

i imagine it can power up small things like maybe a phone

but i see a few companies claim PoE on laptops and such

and im like ???????????????

there is Spare pairs, unused conductors

@flat wagon passive PoE is limited to something like 15 watts of power

higher powered devices use active PoE or PoE+ which is something that the network interface has to negotiate for with the PoE controller

PoE is mostly used by things like wireless access points and IP Phones

You could compare it to something like Phantom power used by audio equipment. It needs 48V to drive a special kind of microphone or instrument

Hello
Probbaly newbie question...
Do I understand this correctly? DDNS will provide me access to my local network from anywhere?
...why (not) use VPN then?

No it doesnt

I found this by mistake when I wanted to make local IP as a DNS to connect to it more easily. Can this be done somehow? I have Pi-hole...could that forward me to local IP with some rule with DNS?

...and is port forwarding anything I should be aware of? I have several devices in my network and I don't know if they can be exploited in some way.

Oh, dammit

All it does is automagically point a DNS Record to your IP, and when it changes, itll update the DNS record.

So if you have domain.tld

you can have it set home.domain.tld to point to your home public IP

So when you are away, you can use in your VPN Connection "Host" option "home.domain.tld"

instead of an IP

Oh, okay. Nice.
Well, opening local network to outside with any service is a gamble.

If you do it blindly yes

...and can I set DNS to local IP when I'm in local network? SO I don't have to write IP:port...but just like nas.home or smthing?

Not worth the headache. I don't need it, I would have to find ways to use it and not just have it for no reason.

You would run a Local DNS server for that.

I have Pi-hole. Can I use that somehow? Planning to make Unbound...that is DNS resolver.

Yes

Unbound is a DNS Server that is basically bog standard for such a thing, same with BIND.

Too bad. Next month project then 😄

hahaha

I never did like running PiHole + Unbound.

How so?

PiHole is just a blocking list

Well, guess what you can put on Unbound

those same damn lists

Oh, really? XD

But I doubt that they can be easily updated.

I use pihole-updatelists for example...

Acutally, they update automatically

Oh...lol. Then my project was pointles...? XDD

This cant be. Then why would people run Pi.hole + Unbound?

https://github.com/cbuijs/unbound-dns-firewall
https://github.com/cbuijs/unbound-dns-firewall/blob/master/dns-firewall.lists < choose your list of choice
Add into unbound.conf

python:
    python-script: "/unbound/directory/dns-firewall.py"

and

server:
    chroot: ""
    module-config: "python validator iterator"

Suddenly.... you got a block list

Interesting... 😄

PiHole is a Proxy DNS/Cache that passes forward your DNS Calls unless it happens to match one of the rules in your blocklist

Then it just resolves to a dead addr

The reason people run it is the fancy UI

But, you can do that same blocking... at your Local DNS, which also forwards your DNS Calls if they are not resolved internally just like Pihole

Just what I thought...

Thanks a lot ❤️

Fancy UI 😄

https://gist.github.com/aras-p/6224951

evil

<@&750150305383186585> We have a spammer here, He's spamming every channel ^

Every channel above networking so far

and below #tech-chat-2

o_o

Huh...is he linked to Lynical.Dev

if Doppler radar is detected it actually changes channels.. it always works on reduced power in DFS frequencies

@tender hazel so how do I scan all the channels lol? I want to make sure they dont start overlapping

and I want to set each antenna to a specific frequency

there's a DFS check that happens for the first 30 seconds or minute or whatever before the radio comes up

if it is going to detect radar it is probably going to happen in that period and just not come up

Can I see if it is using reduced output power?

I still doubt I'll have DFS issues . the area is a valley, in the middle of mountains

yeah I don't think you will either

the biggest risk is probably if you are near an airport or a dam or something like that

@tender hazel there's an old abandoned military base on the other side of the hill lol

supposedly cold war nuclear depot from the americans

The barracks area was completely rebuilt 40 years ago and never put in use

if it is abandoned it is probably not going to have an active radar installation 🙂

we actually skipped the fence 2 years ago

had a look around

we werent the first

every single cable was removed

and not by a technician.

@tender hazel I think the only souvenir we have lying around, is one of those gigantic 400A fuses they used in the switching station

it was just lying on the ground, all the equipment was completely devoid of copper

Unless there is a rat there which coincidentally walks over the on switch and turns the radio on. xD

if my firewall IP is 192.168.10.1, what should my router be that's connected after it?

TP-Link is telling me I can't make it 192.168.10.10 cause it'd be on the same subnet. :/

what firewall?

what router?

and how are they connected

Arris Modem is 192.168.100.1, connected to PFSense firewall box 192.168.10.1 hooked up to TP-Link Archer C7 v2 which says I can't use 192.168.10.10 because it'd be on the same subnet.

ok, but why...

ok here's the issue

the modem doesn't do any routing or NAT

Just thought I'd mention the IP to it, I can only seem to access it's GUI when i've lost connection to ISP.

yeah I know what you mean

it's weird how it works

I had a modem like that

also, why pfsense before router?

_> so there's a firewall working on all my devices? PFBlockerNG, weird stuff, VPN stuff...

router does firewall already?

Are there any good WiFi analyser apps for iOS?

Uh, if you wanna call this a Firewall, the only thing that's under "Firewall" is Stateful Packet Inspection (SPI) which is enabled. There's nothing else.

any router by default should drop all new from WAN

I'm not sure what' you're trying to get at. I haven't been able to figure out how to set up the router since going back to stock firmware, TP-Link was locking up almost daily with DD-WRT in the last few updates. I had the firewall handling DHCP, but every time I try and set up the router how I think it should be, how I had DD-WRT, I lose access to the TP-Link and have to keep resetting it.

ok so this so called "firewall" you actually want it to do dhcp and route?

tea-pea link

Am I reading this right? Hes got pfsense and a TP-Link router?

or is lack of sleep nailing me once again

yeah

I'm confused too

@south blade if you had to, could you draw your network on paper ? xD

I think hes trying to use his TP-Link Router as a "Wi-Fi AP" Only

Im counting three subnets

I think

use LAN port only, and disable DHCP

I need a pen and paper for this

And not on purpose, cause this shit TP-Link won't let me put it under the same subnet under PFSense, I was doing it when I had DD-WRT installed.

pretty sure

yep

so pfsense is being the router?

you have NAT enabled?

and DHCP?

@south blade that TPLInk just needs to have an address in 192.168.10.0/24

Triple NAT

@south blade can you do a tracert 1.1.1.1 for us please

and screenshot the result

only double

the modem IP thing is weird

it's not nating

OmegaNAT

but I was able to access mine at 192.168.100.1

idk how

The RG or the PON

Or is this copper

I forget what this guy previously had as a feed

coax

dociss modem I assume

I had the same modem IP

where do I paste this

Its funny because the AT&T PON is the same IP, 192.168.100.1

@south blade here.

I mean the text. I'm trying to switch to Linux and don't know how to screenshot under here.

wot

I use flameshot

FN+Print Screen is screenshotting, but pasting is not pasting that screenshot.

don't know where that's going

It saves it in ~/Pictures

Yeah this is the only one worth a damn

@south blade just copypasta the text lol

What's the command to only take a screenshot of Terminal?

there really isnt one

 ✘ crystal@watomat  ~  traceroute 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
 1  router.<redacted>.nl (192.168.88.1)  0.144 ms  0.127 ms  0.116 ms
 2  r2.serv.dro.weserve.nl (46.243.152.3)  5.659 ms  5.870 ms  5.652 ms
 3  46.249.55.194 (46.249.55.194)  6.317 ms  6.413 ms  5.774 ms
 4  185.8.179.33 (185.8.179.33)  6.845 ms  6.887 ms  6.442 ms
 5  ams-ix.as13335.net (80.249.211.140)  12.189 ms  12.107 ms  12.145 ms
 6  one.one.one.one (1.1.1.1)  7.677 ms  7.687 ms  7.684 ms

https://i.imgur.com/TSubKZX.png

traceroute 1.1.1.1 | nc termbin.com 9999

that works too

DO that

if you have netcat installed.

1 _gateway (192.168.0.1) 0.270 ms 0.136 ms 0.127 ms
2 pfSense.localdomain (192.168.10.1) 0.376 ms 0.293 ms 0.294 ms
3 10.4.112.1 (10.4.112.1) 12.120 ms 12.068 ms 11.971 ms
4 te0-7-1-5.rcr21.dfw09.atlas.cogentco.com (38.32.80.113) 12.271 ms 12.272 ms 12.293 ms
5 be2664.ccr31.dfw01.atlas.cogentco.com (154.54.41.201) 12.179 ms 12.733 ms 12.491 ms
6 be2443.ccr42.iah01.atlas.cogentco.com (154.54.44.229) 17.725 ms be2441.ccr41.iah01.atlas.cogentco.com (154.54.41.65) 17.094 ms 16.965 ms
7 be3486.rcr22.iah02.atlas.cogentco.com (154.54.30.166) 19.224 ms be3493.rcr21.iah02.atlas.cogentco.com (154.54.30.174) 19.392 ms be3485.rcr21.iah02.atlas.cogentco.com (154.54.28.86) 19.352 ms
8 be3535.rcr51.iah03.atlas.cogentco.com (154.54.30.122) 20.201 ms 19.174 ms be3536.rcr51.iah03.atlas.cogentco.com (154.54.30.126) 19.313 ms
9 154.24.71.34 (154.24.71.34) 19.984 ms 19.926 ms 19.871 ms
10 38.122.74.162 (38.122.74.162) 22.377 ms 22.335 ms 22.362 ms
11 one.one.one.one (1.1.1.1) 18.838 ms 18.796 ms 20.496 ms

tada

GOOD ENOUGH.

dfw
Are you in texas

Texas, yes.

Hacking me!? >_>

  _gateway (192.168.0.1)  0.270 ms  0.136 ms  0.127 ms
 2  pfSense.localdomain (192.168.10.1)  0.376 ms  0.293 ms  0.294 ms
 3  10.4.112.1 (10.4.112.1)  12.120 ms  12.068 ms  11.971 ms

nice NAT.

1

DALLAS

2

and 3

I'm behind a VPN, that's that 10.4.112.1

PIA

Still NAT.

@south blade whatever that 192.168.0.1 is, you don't need it.

I assume thats your tplink

Bruh, you are literally only 8 hops away from my network's IX Demarc... Im using Cogent Communications as one of my transits

Yes, that is the TP-Link

And Im in Houston

which is IAH

be3486.rcr22

@plain siren I have my own Cogent entrypoint :)

 2  r2.serv.dro.weserve.nl (46.243.152.3)  5.736 ms  5.797 ms  5.657 ms
 3  46.249.55.194 (46.249.55.194)  5.975 ms  6.338 ms  6.472 ms
 4  185.8.179.34 (185.8.179.34)  5.999 ms  6.620 ms  6.579 ms
 5  hu0-4-0-4.rcr21.b015960-1.ams03.atlas.cogentco.com (149.14.140.185)  7.082 ms  7.056 ms  7.054 ms
 6  be2456.ccr42.ams03.atlas.cogentco.com (130.117.49.145)  8.478 ms  8.536 ms be2455.ccr41.ams03.atlas.cogentco.com (130.117.49.29)  8.321 ms

Amsterdam

Lets all join the OpenNIC

https://wiki.opennic.org/opennic/dot?redirect=1 Domain Registrars decentralized/removed/separated from the ICANN systems

easy enough to say I don't need it, but it's basically my AP, only 1 wired device to it.

What he is saying is: Your gateway shouldnt be set to that particular device, it should be one up

192.168.10.1

10.1 is PFSense.

Yes

TP-Link should be set to 192.168.10.1?

You add an extra layer of NAT by being behind both pfSense + TP-Link's Routing as it currently is

@south blade your AP doesn't route. It only needs an IP for the management panel, so it should be something like 192.168.10.2

I tried, it says I can't be on the same subnet as PFSense!

Then you arent doing it right

Show me what you are filling out

"Error code: 5008
WAN IP address and LAN IP address cannot be in a same subnet. Please input another IP address."

WAN IP is what PFSense gives it automagically.

So, what do? xD

what model is this TP Link

TP-Link Archer C7 v2.

Ok so disconnect it from the WAN port of that TP-Link

pfSense connects to the LAN port

on the back of the TP Link

Then under Network > LAN, you set the the "IP Address" to 192.168.10.2

Under DHCP > DHCP Settings, You set DHCP Server to Disabled.

And it's gonna know how to get internet from a LAN port? >_>

Yeah cuz its a LAN Device like your Computer is too.

yes because it's natting

you need to turn off nat

yeah do what rouing said

to get rid of nat

it should get ip by dhcp right?

It has to be defined thanks to TP-Links config

Ideally it would be outside his DHCP Range

but hoopla, this is good enough

That LAN port is a Switch (A regular unmanaged switch) built into the router.
So think about it, if you connect it to the LAN port, its gonna act like its another wired LAN Client.... and anyone who connects to Wi-Fi will be as if they plugged into the LAN Ports of the pfSense too

It moves you up a level

God damn, how did I have it working like I have it hooked up now under DD-WRT? Oh, I probably had WAN port set up as a LAN port. Fuck me, DD-WRT was spoiling me till it decided to get wrekt on last few updates.

DD-WRT has a AP Mode

https://www.tp-link.com/us/support/faq/417/
Oh lookie, found it.

Its exactly the same solution too

@south blade Just to claify because I was really confused before. Your pfsense is your router, not just a firewall. I was really confused because you said firewall. And you basically just wanted your tp-link router to be an access point

These damn misnomers are annoying

I need an emoji for :facedesk:

I do too tbh

Yes...but I have 1 wired device on it, because I don't know how to bind 2 ports on PFSense to keep them on the same network, only wired device is my Emby server which I have hooked up to the TP-Link, which is my AP, instead of PFsense box which I have 5 useless ports on.

Interfaces >> (assign) >> Bridges

Put all the ports on 1 bridge

Suddenly its gonna act like a managed switch

when you want to interfaces on the same network it's called a bridge fyi

which is basically a switch

1, 2, 3

I know it should be easy, but I had enough trouble setting up VPN to work on all my devices with the ability to toggle them under Rules.

Focus.

I tried to use PFSense as a switch and I thought that broke my VPN stuff last time, so I'm hesitant to try again.

You have 2 people (+1) who are paid to do this for a living

I get paid for mashing a keyboard

though I dont do network mashing professionally, just a hobby

me? paid...

I'm just in HS

Ok, this monkey will try and follow your guide...after backing up his settings. LOL

SHHHHHHHHHHHH

@plain siren BR0

Dog of wisdom needs to play along

I just saw the 0

DING DING DING

@plain siren "Commandline is too hard"
https://i.imgur.com/5ZRg590.png

b. please.

Ive come to the point I love CLI because im too lazy to use the mouse

Its nice when the marketing dpt be like: we need a new GUI to freshen things up

and every guide breaks.

and how every guide is incompatible with every other guide

Sure, lets just... set background black, text white, remove all graphics....

add some fancy javascript dropdown menus

because this is web 2.0, remember?

Ah yes

what's the ipconfig /release /renew equivalent in Linux?

there isn't one

if you use dhclient you can do dhclient -r

and then dhclient to reobtain

but might not work

not every linux system uses dhclient ;P

ifconfig eth0 down

@plain siren BAD

dhclient -r eth0

You dont use ifconfig anymore.

its now ip

[sryously@localhost ~]$ traceroute 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
1 pfSense.localdomain (192.168.10.1) 0.263 ms 0.218 ms 0.168 ms
2 10.4.112.1 (10.4.112.1) 10.781 ms 10.876 ms 11.925 ms
3 te0-7-1-5.rcr21.dfw09.atlas.cogentco.com (38.32.80.113) 13.584 ms 13.767 ms 13.838 ms
4 be2058.ccr32.dfw01.atlas.cogentco.com (154.54.41.225) 12.745 ms 12.753 ms be2664.ccr31.dfw01.atlas.cogentco.com (154.54.41.201) 12.892 ms
5 be2443.ccr42.iah01.atlas.cogentco.com (154.54.44.229) 17.775 ms 17.731 ms be2441.ccr41.iah01.atlas.cogentco.com (154.54.41.65) 18.015 ms
6 be3494.rcr22.iah02.atlas.cogentco.com (154.54.40.54) 18.191 ms be3486.rcr22.iah02.atlas.cogentco.com (154.54.30.166) 19.080 ms be3485.rcr21.iah02.atlas.cogentco.com (154.54.28.86) 19.001 ms
7 be3535.rcr51.iah03.atlas.cogentco.com (154.54.30.122) 19.002 ms be3536.rcr51.iah03.atlas.cogentco.com (154.54.30.126) 18.331 ms 19.097 ms
8 154.24.71.34 (154.24.71.34) 19.830 ms 21.004 ms 20.961 ms
9 38.122.74.162 (38.122.74.162) 20.918 ms 20.621 ms 21.094 ms
10 one.one.one.one (1.1.1.1) 20.040 ms 19.999 ms 20.197 ms

ifdown eth0; ifup eth0

ip link set down eth0

/etc/init.d/networking restart

@plain siren I did that ^ on my host once with invalid config

oops

had to remove the entire machine from the rack, because no SSH

and no GPU

oh you did it

I know I shouldnt be but I am suprised

_>

Ah he caught that

The biggest problem was that TP-Link stock firmware won't let me use WAN as a LAN like DD-WRT could.

I had been on DD-WRT for the last 5 years, I forgot that shit. Edit: Shoot, now that I think about it I think I've been using DD-WRT for like 8+ years.

@south blade buy a mikrotik.

They have 100% flexible config

here comes the shill police

heh

I can't even use my old TP-link router as a WDS

I hate it

What should I do when some1 has my ip

I have a shit ton of bills and no income to replace the TP-Link right now.

Nothing, it doesnt matter

I mean everyone knows your ip

everyone=computers on the internet

just don't have any stupid services running

Ooohh

like something with vulnerabilities

Then how do I get someone s ip

ask them

run a webserver

Ask them

tell them to go to your website

Without asking

or make a rough guess based on their region

congrats you got someone's IP

basically useless

Or this^

No I still dont

You want some IPs ?

1.1.1.1 is an ip

How other then that

109.237.24.184

Good luck.

xD

192.168.1.1

100.64.96.124

192.168.0.1

52.13.24.1

2001:470:b9ff:10:d4fd:2f8e:4b5b:b257

Goood.

looks valid actually a reserved cgnat ip

216.218.193.62

https://i.imgur.com/0yFhP08.png

not publically routable

So how do I get a IP without making a websever

Warscript running...

did they fix zenmap?

what do you mean fix/

the whole python2 -> 3 thing

2a0d:1a40:fa1::1

I just learned nmap cli

Just guess

There is no easy cheap "I gotcha IP (Read: Nose)" thing for this, and truthfully we dont answer those questions with serious nature because we know the intent. That isnt permitted on a Partnered Discord

Ooohhh

but effectively: Heres everyones IP: 0.0.0.0/0

Hello everyone 🙂 I have a Netgear GS308E Switch. My pc is connected directly to my router, but i would like to login to my switch to change some settings. How can i do it? I tried some ip from netgear website, but they are just not working.

run a network scan

easiest way imo

download zenmap

@peak cloak this build of ubuntu is so old. It aint even heard of python 3 yet.

Open your WebUI on your Router and see the list of "Clients"

ah

How is that everyones ip

that's the ip of the internet

0.0.0.0/0 means "Everything from 0.0.0.0 to 255.255.255.255"

also it's usually 192.168.1.1 or 192.168.0.1 usually

My switch is just not there. This is why i confused.

for v6 it's 2001::/32

@thick minnow the (loopback) IP of your computer is 127.0.0.1

Ah, then it is out of the network scope

or maybe just not a dhcp client

network scan works for me

I bet its a static config

also netgear has this tool to find it

I'm not using wifi

^

ok??

@peak cloak I will try zenmap to scan my network. Thank you for the help 🙂

Wi-Fi is just the same as using an Ethernet Cable, has nothing to do with IP's or Routes

you basically plug in your network so for example 192.168.1.0/24 and it will scan it

Wrong OSI layer there buddeh

there may be some settings you need to tweak however

@peak cloak if that switch was preconfigured on another subnet, or doesnt use dhcp, you can try but wont find it.

like -Pn which disables intial ping scan

there is also this

https://www.netgear.com/support/product/netgear-switch-discovery-tool.aspx

worked for me last time

my netgear switch is a pita

@peak cloak Actually i scanned my network with the same app just on iOS. The app found my switch on 192.168.0.239, but if i use this ip to login nothing happening.

how are you trying to log in?

the netgear app?

or just web brower

I have tried both. Netgear app has a button says web interface (not working) and also i tried from browser.

I forgot what I did though, if I just reset the switch or got it working

I think I just reset it

I will do a hard reset.

And i have the same problem with my modem as well 😂

@peak cloak Appreciate your help bro. I will update you tomorrow. Have a wonderful day.

@plain siren still here?

Maybe-ish

PfSense?

Yeah, trying to figure out how to switch from LAN to Bridge, but DHCP is on LAN, so need to turn it off to do it and I'll be able to put DHCP on Bridge?

Its because you have to undo everything of that LAN Port before adding it to Bridge because its actually BR0 or Bridge that does DHCP

I'm not gonna lock myself out while I'm doing the switching? D:

errrrrrrr, hmm.

No, I am going with "no" but dont quote me

How would I load up a backup if I got locked out?

There's actually more I'd like to do but trying to take it one step at a time. LOL, I've got an onboard NIC and a 4 port NIC card, I'd really like to make the onboard port WAN and bridge the 4 port NICs for LAN. I know I had tried a year or 2 ago but don't remember what happened. :/

I know in vyos there is a difference between commit and save

so you can commit a config and see if it works

if it doesn't you can reboot and it will go back to the previous one

only when you save does it become persistent

idk if there is something like that on pfsense

@peak cloak thanks for dropping nginx into my lap

a proxy pointing to itself.. yeah that wont fly

I don't think there is, I've rarely restarted this thing, changes just apply immediately it seems. So I feel if I turn off DHCP my Linux PC is going to let go of it's IP setup and lock me out of PFSense. LOL

@south blade real router dont need an IP to be configured ;)

no risk of getting dropped if you connect by MAC address instead

you are supposed to use the 100.64 range for CGNAT and not other private ranges

Wut

@peak cloak you sent someone to me

who had a borked nginx instance

and on windows of all the things.

I like nginx for its simplicity

@south blade all I can say is. buy a hardware router

pfsense is strange, and all the interesting parts are confusing to configure

and performance on regular computers is terrible for the amount of power it consumes

No idea how much power it uses, I bought a PC on eBay for like $100 a few years ago and it's just been running, PFSense just has a lot of stuff.

Barely even being pushed:

😆 I'm trying to pull the trigger on trying to flip this stuff around and then:

It's a whole freaking chain of stuff to turn off before I can make changes sigh

@south blade https://i.imgur.com/9qZihBl.png

https://i.imgur.com/VgF5T51.png

https://mikrotik.com/product/rb4011igs_rm

@tender hazel and so it begins: https://twitter.com/EU_SST/status/1380120766071635968

chance of collision between two sattelites

the more debris there is, the more collisions

its a defunct US weatherstation and a Soviet upper stage

Welp, guess what. I locked myself out just like I thought I would.

No idea how to load up this backup so....I'ma just start over and take advantage to update it to the newest PFSense 2.5.5.

ISP say that theres nothing wrong on their end :/

Oh god, is there a Rufus for Linux? xD

dd

anyone know how to connect two pc over ethernet for lan gaming? been using a patch cord and zero tier with no luck atm

🤦‍♂️ Restored to a backup that works on my PFSense, wanted to try and update it through the GUI but now after months of ignoring it telling me there was an update available:

2.4.4_3 = 2.5.0 🤡

Everywhere, saying it's up to date. xD wtf

dd

it's the same thing rufus uses in dd mode

is there any cheap options for PFsence instead of negate

vyos, opnsense

apparently netgate has gotten bad recently

vyos is full cli however

there are some gui's I think for it but I never used them

how come whatup whith them

business practices apparently

ah ok

Use wifi.
https://c.tenor.com/wIxFiobxxbIAAAAM/john-jonah-jameson-lol.gif

did you setup ips

https://shop.netgate.com/products/3100-base-pfsense

@peak cloak

this is what i am planning to buy

for what purpose?

firewall?

home use

router?

yes

i need to get all that stuff setup

for a home router there are better things

crazy expensive

i am allso useing it for the vpnn and dynamic dns and such

ok

look at the HEX S

fill free up some raspery pi's

wiil

https://mikrotik.com/product/hex_s

can do gigabit routing (depends on how many rules)

ipsec vpn

wireguard coming soon

that pfsense box is wayy overkill for home use

if you want something more powerful look at https://mikrotik.com/product/rb4011igs_rm

gui isn't as pretty but it works

wat

its readable.

unlike those web interfaces

you can also use the android/iphone app which is much more user friendly

is that thing even useable?

GUI is ancient looking but Ill take it over GUIs that take seconds to load

yes, the android/iphone app works pretty well

@hollow marlin I like the simplicity of winbox

I've asked mikrotik though for the ability to turn off quick setup for us

just oldschool hyperterminal-esque guis

from '95

I didn't use winbox for the first year or so using Mikrotik, but now its CLI then winbox

quick setup works ok if the device is starting from mikrotiks defaults, but it gets confused by our default config and if you run the quick setup wizard through it will do stupid things like disconnect from the internet and remove all authentication from the wireless interfaces

I often use the terminal in winbox as the CLI

same

because I can open as many terminal windows as I want without having to reauthenticate

but I like the gui for browsing

just having a little window

with things like address lists

and such

is so helpful

why not use ssh keys?

on hundreds and hundreds of customer routers?

things I may be only need to log into directly every few years?

one key to rule them all

what could go wrong

no

you use a keyring

@tender hazel but that makes more sense

all of our mikrotiks authenticate against our active directory radius server, so we can just log in with the corporate username and password to any device

so it is already pretty convenient

@tender hazel lol saw a video today on why VPNs that use TCP are bad

and the answer is quite simple

dont stack TCP

flow control mechanism completely break the available bandwidth

yup

but SSTP can be handy in situations where the firewall is blocking ipsec

I've seen those things

https://i.imgur.com/JH5KJ1e.png

Like what is this?

oh wait

facepalm

this is spanning tree

keep forgetting that exists

LOL

@hollow marlin come use ubnt with me

As in visual wise, for me its perfectly fine but compared to something like pfsense just visual wise it looks worse.

Ubi:

@hollow marlin lets use pfsense in the corporate datacenter

asus as your edge router

But Ubi has "DC level" gear

a leaf with no spine

Wait you don't just ring them all up and rely on STP?

nothing wrong with a little stp

RSTP hopefully

PV hopefully

aren't they all compatible with one another?

MSTP or nothing

STP>RSTP/PVST+>MSTP
Backwards compatible in that order

bpdufilter [on]

@hollow marlin didnt you explain the STP to me?

or was that MSTP?

I cannot remember. I know I didn't explain MSTP, many pieces to it but its overall pretty simple

I know I explained L2 and my absolute hate for it

just wait until you think you know how port channels, spanning tree, etc work and then you meet VPC

yeah but as long as you dont have loops, you don't have to configure it right?

then VPC breaks

with the horizon

you add 1 point to it

normally the protocol does that on its own

and build up that distance tree

VPC/MCLAG/EVPN, all fun when STP is involved

ive learned a few lessons because of VPC

STP works most the time, but many like to say STP broke something rather than their terrible design

i know enough to see what the NOC is about to do to recover a switch and go WAIT STOP!

😄

VPC + switch with unexpected behavior is the devil

we use MSTP in general where we can

on some devices we have to use RSTP but for those we make them stubs

splitting apart an MSTP network with an RSTP device in the middle (ex. MSTP<-->RSTP<-->MSTP) is a bad idea

but MSTP<-->MSTP<-->RSTP, keeping that device as a stub, works ok

We use MSTP because we still have a few Cisco switches scattered throughout and PVSTP+ is not an option to run on them. It gets too hard to filter BPDUs when multi vendors are involved

we used to run PVSTP and moved to MSTP

you start getting problems if you have tagged BPDU's arriving to a switch that is expecting MSTP

yeah im dealing with a nexus <-> mellanox stp now and its not happy

i dont have access to the mellanox though so i have to wait on a vendor

its bpdufiltered lol

its ignoring my better bpdus

Thats what we do. All devices are MSTP. Ciena for our edge PEs in some locations have no form of PVST BPDU filters and running it in core would cause havoc

Did they not get back to you yet on that?

NO!

😤

they're waiting for firewall rules so they can access it but they arent giving me any docs on it

docs dont mean anything anyway. who knows what the actual state is

why not use a token ring?

I don't really know why someone would want to run PVSTP+ instead of MSTP anyway

because you're a cisco shop and thats what ships

last few major companies I worked were all PVSTP+

most implementations are going from a dist thats hosting the L3 to the edge, its not even that big

also everythings practically LACP/MLAG/VPC

but PVSTP+ I don't think has any advantages at all over MSTP, the opposite is true

Or should I say RPVST+

PVST did have it's advantages when it came to old fashioned load balancing of links. But as more are moving to L3 as close to the edge as possible, MSTP is king or RSTP in a single vendor environment

I dont understand any of those names like: "MSTP", "RSTP" but im still reading through it.. nice xD

Um i have a quick question tho.. Is there a difference between a LAN Switch and an LAN Hub? (If both even exists in the first place xD) And if there is a difference, then what are they?

Hub is dumb, it send all the packets to everyone. A switch however sends the packets only to the port that it needs to be sent

hubs are obelete

get a switch

Hm.. tho a hub doesn't need an compute unit in it then (or atleast doesnt need to check to which pc to send it)

So.. wouldnt an cheap hub be faster then an cheap switch?

And to well.. split one lan kabel to multiple ones?

no

hubs are obselete

switches are faster

wdym?

switches don't do anything with IP addresses

all they do is packet switching based on MAC address

||well more advanced switches do more but that's besides the point||

I have an 2 story house, and only one lan cable going up

But i have 5 rooms to "power" up there

With each 2 lan devices.

then use a switch

no reason to buy a hub

switches are cheap

I have the same situation with only 2 cables to the second floor from the basement (where the router is) so I have 2 managed switches (I need features such as vlans which are more advanced)

and poe

which is nice

Poe doesn't work for me

It was a 2 family house earlyer

So..

2 splitted energy lines..

you know what poe is?

Wait.

Nvm

^upstairs distribution switch

I confused it

poe is power over ethernet

Yeah

I confused it with ethernet over power lol

Powerline Networking

Or Whatever its called

powerline kinda sucks

from what I heard

It sure does, and its useless with surge protection.... and guess what.. if your priorities are right your surge protection shouldve been there anyways

So it kinda is a twofer of a joke

Its used in Electric Grid Control Platforms quite nicely tho

Top it all off, you are limited to your branch and thats about it usually

Actually on one etage its quite nice

It gets a transfer speed of around 50mb/s under my devices

Slow...

Which is 5 times faster then my internet

👴

I just have an typical 100k connection

I live on the land

Wow

10mb/s is the limit

Or well 12

But losses and all

DSL

Sat internet?

Yes

Dsl

Oh

We dont have anything else here on the land

Starlink...

Pfft

I pay 30€ for my current connection

Your DSLAM on Provider end is prob run down as fuck too so old

They dont ever maintain those things anymore

Uh no

They do

We pay 40 for 300/300mbps

Yeah germany?

Nah, us

Yeah

See the problem?

250k is like luxus here

How? There is literally no new parts for these devices being made by any OEM or Aftermarket Anymore D:
They are slowly dipping off the map

Heh german engineering

Unless they are just self-refurbishing

Oh riggggght germans.

They produce them here.

1&1 "Wir gehen erst wieder, wenn der Anschluss läuft" -Marcel Davis

Imagine having the luxury to produce your own repair parts at a whim. only in Germany/Japan...

XD

Always those germans

I would kill for that capability

Heh...

Wanna have some old i286 cpus?

ANd yall dont export any of yalls "Rare" Equipment over the whole data laws.

😦

Heh

Remember amigas? Some of the chips still get produced..

Anyways... Ofc its slow.. slower then wifi tbh

Like wifi we have like 1700mb/s

So basically the top what the best router from them can handle

30 euros for 10mb/s? That's the equivalent to paying $180 for Starlink, so you're basically paying double to not pay more for some other service.

Yep

I know

isn't it 100/month?

Yes, at his price to match Starlink speeds...

oh

You signed up yet?

I'm in town right now, still working on getting something built on my rural property. Supposedly my ISP in town is available out there, I bet they'll give me access, but charge me an arm and a leg to go down the street to me. 😛

Nah because I have fiber

@hollow marlin cleared before testing

What else would you live on besides land? a boat?

or "the land" is some magical place that is just called that that I have never heard of

Land I think refers to rural

oh ok.. I would think of land as anything that is not water

Whats the most optimal type of ethernet cable

One that works to spec

Hello People.

So does anyone have a better alternative to 'The Dude' for managing Mikrotik devices? My main concern is Winbox integration.

My house has 4 energy circuits. Ports on the same circuit work OK, other ones are really unreliable and slow. Decent Wifi >

@frigid pine any particular reason you need the d00d

@native cradle more than 1 pair of powerline ethernets = laggy/slow

actually idk

@native cradle nah just saying, that's how it is

they share the medium, and interfere

I thought they had effective methods at like

co existing

There's no well established standard for dlan

Because of Winbox integration. It's easier to access the sites with it.

@frigid pine yeah the dude is ment for monitoring load between various mikrotik devices

the dude can either run inside RouterOS or as standalone server package

I've never had a need for it

How do you login your Mikrotik devices in Winbox?

with winbox

https://i.imgur.com/aw0q2Ww.png

mikrotiks have a mactelnet server

so you dont need an IP to manage them

I have about 3000 devices that I need easy access to.

@frigid pine I believe it is RoMON that you are looking for

RoMON allows you to set up an additional L2 network ment purely for administrative access

I've never used it myself, might want to ask @hollow marlin or @tender hazel

https://wiki.mikrotik.com/wiki/Manual:Tools/RoMON

This is ok for my core devices. But really trouble some for my access devices.

Yeah I am not 100% sure how RoMON does it, but I think it allows you to log onto a router at a specific site

and then access devices on that network

You have something called a RoMON agent

No No I know about ROMON. But That's not what I am looking for.

opening L2 access over a vast netwrok is not safe I think.

We use ROMON when needed but close it after the work is done.

Also, I don't think ROMON works with devices that are separated at L2.

pretty sure it is ment to be used as a gateway

but 3000 devices

yeah you have a completely different problem xD

So I am basically looking for a tool that can get me Winbox access with a right/double click using devices IP.

@frigid pine idk if this makes a difference: https://i.imgur.com/0X4AKGp.png

makes it scriptable

https://i.imgur.com/9woRMCY.png

@frigid pine trying to attack this problem from a developer viewpoint :P

cus this kind of stuff is easily scriptable

romon traffic between L2 devices I believe gets filtered by the tiks themselves

and doesnt show up in packet sniffer or TORCH

Yeah I can write a php application for the job to be done but I don't have time lol. Also I am more interested to search a tool that can monitor the status of my devices too. Like The Dude does.

@frigid pine I think the mikrotiks underneath just use SNMP

As long as you have software for this

should work

might just be that the Dude uses that as well

Yes, But i'll need to wirte a lot of code. 😒

Nagios

Have you worked with Zabbix?

yes

hate it

device configs in zabbix are confusing as fuck

Nothing thats not free xD

https://i.imgur.com/Pe1l6hX.png

IKR. tried to configure it like 4 times and didnt get it correctly. Now it doesnt interest me.

@frigid pine I wrote a monitoring daemon for Zabbix before

it would take healthchecks and post them to zabbix

thankfully I never had to create device configs

the program was written in java. and the 'unit' healthchecks were tiny javascript files

monitoring/daemon/scripthost

the only reason it was written in that way was because of a rediculous set of constraints I had to work with

the software had to be "configurable" without needing recompilation/reinstallation. But at the same time it had to support certain propietary java libraries

solution: script hosting.

uh everything went over my head xD

@frigid pine basically, the old "healthchecker" was a bunch of hardcoded tests in java

some files were 300+ lines

after my rewrite, those healthchecks were tiny 10-20 line javascript files

oh okay got it.

and they just got stored somewhere in /etc

so the sysadmin could 'tweak' the tests without having to bother the developers

Never doing this again though

literally, 5 months after I finished that project

Oracle comes out and says: we're deprecating Nashhorn (1 version later after they initially released it)

nashhorn is the javascript engine for java

there must be other JS engines? backporting shouldn't be hard I guess?

@frigid pine actually, that's a good question

sure, there's alternatives, and I actually wrote my software in such a way, that you could easily add more execution engines

for other languages

you could replace the Nashhorn executor with another one

and most of the code would remain functional

I abstracted the scripting layer

and all of that, in 60 hours xD

hmm

zabbix was the worst though

the code that sent data to zabbix, was a raw TCP socket

so if need be you won't have to spend another 60 Hrs. xD

@frigid pine yeah that was the idea. you have an interface called Script

that contains two fields: code and engine-type

executor looks up what engine it has to use, loads up an instance with the code

and runs it

it passes some context information like zabbix into the javascript VM

so inside your script you can do zabbix.set("my.key", "value")

and ^ this actually calls some bits of java code that communicates with zabbix

script hosting is strange. and I learned most of this by playing with lua.

because lua is kinda ment for this purpose.

Got it.

whats lua

Another programming language

often used as a scripting extension in existing systems or as mod platform for things like games

@frigid pine boils down to this: https://i.imgur.com/X7Y5xqy.png

One language, evaluating scripts from another language

so this is a tiny java program, running lua code inside a vm

print 'hello world' is that bit of lua

but we're waaaay offtopic lol

And I am way underqualified to understand this. xD

I use google to code. lel. So my understanding to coding jargon is limited. 😛

Hi, I have trying to configure dns records in the past tow hours and I could not get it to work. Could I please get some help?

We can try to help. What is your question?

I have some servers in my network and I port forwarding them in my router, this works fine. But I could not understand how to make a srv record

I’m using pork bun if it help

@thick minnow any specific service you are using SRV records for?

format depends on what the application expects

the idea behind SRV is to provide some more context (such as port & protocol) to a domain name

Like I wont to pot nc.mydomain.com to 0.0.0.0:8080

How can I do that

You can't

DNS points to IP addresses.

Some protocols and software can use SRV records for additional information, but this is specific to that program or piece of software

Oh

like for minecraft, you can use SRV records if you host your game on a port other than 25565

but this is only specific to minecraft in this context.

so when you do the domain lookup in the game, it checks if there's an SRV record when no port is provided

if no SRV is found, it will use 25565

by default, like with websites, you just use port 80

I saw I can use alias it’s fine to use it?

Http for websites doesn't use srv

^

HTTP/1.1 uses hostnames

I think because it's a security risk

again, SRV applies only to a couple protocols

Yep

its not a generic solution

not even standardized

There is a solution?

What are you trying to do?

@thick minnow DNS only really has two kinds of records you'd be using

Run multiple websites on one ip?

A records, which point to an IP address

and CNAME records, which point to another domain

Yes

@thick minnow use port 80 and deploy a proxy server.

Then reverse proxy is your answer

you can have multiple hostnames on the same IP address

Ok I will look for it th u

so if example.com A record -> 10.0.0.1

And in this case reverse proxy based on hostname is exclusive to http iirc

you could have a foo.com pointing to the same address

You can't do it for pure tcp

@thick minnow basically, with HTTP version 1.1, the browser sends the hostname with the request (the domain in the address bar)

But i could use sub domain?

and the server can use this, to figure out which website it needs to load