#networking

like does the bgp impact ping

no

a lot or smth

hmhmhnhm

sounds complex indeed lmao

bgp changes the routes of routers

@snow lance they have a bunch of contracts with other ISPs and service providers.

The "Edge" router (big ass routers) compute all of these routes, into a routing table

ahhh

networking is complex

then it loads this routing table into the memory

but damn fucking interesting

@snow lance the actual routing of packets has to be really fast

so all those routes are pre-computed

yeyeye I figured

however I must go now

it just looks at the IP, and finds the most specific network it matches for, and sends it out to there

you spelled fun wrong 😛

😂

I think we overwhlemed him.

@snow lance and BGP is the protocol used by all the different parties on the internet, Border Gateway Protocol. A mechanism for two edge routers to exchange routing information

bgp is the duct tape holding the internet together

exactly

and it relies a lot on trust

although now

Before BGP

most of it was OSPF

there are some security measures being put in place

RPKI validation mainly

I was taught OSPF in school

and then had to even implement my own, for a mesh network

self healing mesh network, with routing

using arduinos and nRF24L's

this is a pretty alright vid

https://youtu.be/K9gnRs33NOk

@snow lance

YES!, HALF AS INTERESTING

who let the pakistanis on BGP

BGP predates OSPF by almost a decade if I remember. Before BGP it was basically RIP and static routes

BGP is simple yet solid. The problem is not the protocol but the people handling them. No protocol has scaled to the level BGP has

RPKI is the newest but prior and still the biggest route verification is RadB. A database that contains ASes and their advertised routes. Basically if we have a customer that wants to advertise their own space, for us to advertise it we have to register the subnets in RadB. This updates the database which updates the filters/ACLs on our peer routers and allows the advertised routes to be accepted.

Its basic but pretty effective. But if engineers are sloppy it leads to route leaks we have seen over the past few years

they did a mistake

ah

lmao

oh ye ik that guy

but like if DNS services redirect you to the websites how do you make sure they're all the same

they don't "redirect"

wdym

if I asked a DNS service hey can I have this URL how is it going to be uniform for all DNS services

idk when they send you to website

also it's domain, not url

they are different

domain is part of a url

huh

google.com is a domain

same with www.google.com

but https://www.google.com is a url

ohhh but the thingi

yeyeye

ok well if I say I want this domain and they go ok

how will other DNS services know

ah

well for each domain name you have a nameserver

that's usually the domain registar

but you can change it

that server holds the records

I am confusion

so the server has a name and you set that name to your domain?

kinda hard to explain

let me find something that will explain it better

How DNS works articles will work

https://www.youtube.com/watch?v=XeLnBkjdiGo

@snow lance this seems good

thank will watch when home

oh boi lmao

@peak cloak wait if root and authorative servers are a thing, does that mean changing to a dns like those 1.1.1.1 ones do very little at protecting your website history?

those top level servers don't log much

changing dns is really to stop your ISP

ah

cuz then it aint my isp who manages the dns querries?

yeah, then it bypasses your ISPs dns server

ahhh ye

smart smart

but what about root servers, do they log your stuff?

the guy said they get like toooons of data

prob not

because of the VAST amount of data

ah ye cuz it aint only users connecting right?

but idk

hmmm

yeah even 1.1.1.1 (cloudflare) sends requests to the root servers

yee that the one i use

is it good?

it's fast

they have a big anycast network

ah nice

but problem is

when they go down

half the internet does lol

lmfao yeah i saw them a lot of places

ohhh wait

at home what I have is my router has multiple upstream dns servers

and the router is acting as a server

so thats why i saw IPs and when i looked them up it said it was cloudflarenet

wow

well cloudflare proxy is a different thing

much advanced i see

not really

to me it seems

most home routers run their own dns server

not public facing of course

wait so are they like

the root server for discord?

does discord have their own servers?

no, they are a proxy for discord

prevent ddos and such

ahhh ye i have seen the ddos protection then when you go onto website

discord is actually ran in google cloud

ahhh

wait does google log data from google cloud?

idk

but how come the dns always find the authorative dns server, will it sometimes just not work?

because of root servers

the root servers will tell the ips for the TLD servers

iirc

https://www.iana.org/domains/root/servers

Root hints

ahh

then TLD (.com, .net, etc.) will have the nameserver for that specific domain

ye i saw tghat iana thing in the video he sent me

ye wasnt it verisign

for those 2

then the nameserver (whatever you have it set as) will be used for queries

maybe

but each TLD may be different

but that's the purpose of the root servers

ahh ye

smart

is this networking stuff

communications, so yeah

is it c the same?

ohh wait the c stand for communication right

oh wait nvm

thats just the level lmao

well pogness i guess ill have networking when i start in college after summer lmao

you can always learn now

myes get that A+

from what I heard

lots of university classes are pretty outdated

oh 😂

oof

cuz the teachers dont learn the newest shits?

I guess, idk

still network classes

classless is the standard now

welp ill only have it for 1 year and i aint gonna do networking stuff i think lmao

thats stupid doe

what degree?

wdym degree

oh which kind of thingie thing im choosing on the college?

when you go to uni, don't you have a major/degree

ye

huh this is not uni

its the 10-13th year

oh

lmao

well i chose the computer science one

if thats what you thinking about

if you're not paying for it

why not take it

indeed i am not

its free, you'll gain something if its good and if its shit, you didn't pay for it

the college or networking learning stuff?

whatever you posted above, if that's not in the college but whatever school you are in right now

rn i am in high school mine doesnt have any networking or tech classes

oh, nvm then lol

ye lmao but i am going to HTX college which is technical college so more tech goodness

wait then what's 10-13

college

that's uni/college then

yes

we have like the normal school which is a requirement its 10 years from 0th to 9th class

huh

HS is 9-12

then college is 12+

0-3 is "inschool", 4-6 is "middle step", 7-9 is "outschool" then different building (gymnasium) is 1-3g, and then uni

oh well if you count kindergarten too ig college is 12+

oh new logo just changed lmao

huh

kindergarden here is technically grade 0

the huh

then 1st - 5 is elementry

whats before kindergarten?

6-8 is middle school

nothing mandatory

there's preschool

if you want

this varies between school district

for example elementry for me was 1-6 and middle school was only 7-8

but HS is always 9-12

oh yeah i dont think preschool is mandatory here

hmm

im guessing im going to high school then? 😂

shits confusing

we call it gymnasium here

poland?

denmark

ah

same name in poland for HS

ye lmao

ahh

welp high school here is 11-14 actually

lmao

Hey , if anyone uses apache2 webserver , can you please dm me I need some help

don't ask to ask

just ask

Basically my website has 2 pages, home and contact , they are in 2 separate html files , how do I host them , and how do I set up a domain

I'm sorry I'm pretty much a noob to hosting

First you need a Domain.

if it's just a simple home.html, contact.html that's ez

Then you need somewhere to host said files + webserver

I reccomend nginx tho

not apache

I would first like to try it just on my local network

you don't need

yeah that's fine

You can use IP's instead of a Domain to do some testing

you can even use local domains

I have apache set up on my raspberry pi 3b+ , and yeah I can use nginx , apache is the first thing I got

sudo apt install nginx

Yeye I've worked with Linux

I'm going to assume nginx for the rest, make a folder in /var/www called your website name for example /var/www/mysite

Oke , then?

server {
    root /www/data;

    location / {
        index index.html index.php;
        try_files $uri $uri/ $uri.html =404;
    }  
}

put your files there

change home.html to index.html

index will be the main page

Well i mean you could uh

That makes sense

index home.html index.html index.php;

technicaally

yes

Will it automatically redirect to contact from the button on home?

after your done with that, go to /etc/nginx/sites-enabled

depends on the href

what does the button link to

/contact?

Umm

Idk rn , I'm in bed , I can try tomorrow morning

I just turned off my setup and pi

ah

I can't inspect it on phone for some reason

so link needs to be href=/contact iirc

you made this in some website maker software I assume

Yeah

it shows

I do know html

I was lazy

I mean, basically all big websites are not written in pure html anymore

This one is just for testing final would be a lot better

True

it's all frameworks and stuff

Hmm

Ig I'll try stuff tomorrow morning

linux?

java -version

I think

use linux if it's a old pc

not windows 10 of all things

clearly it's not the latest java version

what specs, just curious?

You need to download java 16 not 8

https://www.oracle.com/java/technologies/javase-jdk16-downloads.html

he said it was latest

that's 8

16 and 8 are different builds

not if you really want to

your choice

Just download java 16 from the link, it's right there =/

^

https://www.oracle.com/java/technologies/javase-jdk16-downloads.html

@hollow marlin @clear igloo i cant believe i just watched a 20min sponsored video on LTT

lol

i also got triggered cause work management software

thx JIRA

There are few things as satisfying as homelab web pages having that little lock icon

https://giphy.com/gifs/gutearbeitoriginals-perfect-top-l3q2LH45XElELRzRm

Hi Y’all I’m looking for a Unifi Dream Machine but I’m on a really tight budget. I’ve been trying to get a couple from eBay (used or new) but I usually end up in a bidding war for a used item for the same retail price. I was wondering if anyone knew where I could buy one for a bit cheaper? Thx in advance

I installed nginx but i need to stop apache for it to work , How do I do that? @peak cloak @plain siren

systemctl stop httpd && systemctl disable httpd

Do you want nginx to work as the main web server or as proxy ?

main

so the 2 commands I already sent

Another reason why Teams is so garbage

it automatically pauses any music playing, when a call starts

and then resumes the music when call ends

there's no way to disable this stupid behavior

Funny, that hasn't happened to me

Perhaps because it won't update for me

waht are all the malicious things someone can do with your ip and is it a big deal

'cause I had to self-sign the package to allow for vcam support. WHEN WILL YOU GIVE ME VCAM SUPPORT microsoft team.

DOS, or ddos I guess. Also if you haven't secured it, just scanning and seeing for vulnerabilities

People overreact

It's not too big of a deal

If you are hosting a service then ddos is more likely to happen

Like

so ddos is the most malicious thing?

Wow I have your ip, now what. I can scan it, if there is nothing open, eh whatever

I mean you could also threaten non-techie people

If have thinga open in the firewall that your shouldn't are are insecure, then that I would say would be the most malicious

Someone could get access

lmao aight

ye

i have port 25565 open am i vulnerable

To ddos, yes

why so

Also I have everything that is hosting something on a seperate isolated network

It's an open port

Someone could DOS or ddos you

yeah but what can they do

Take your service down

what difference does it make from ddosing the router to ddosing my pc

DOS is kinda ez to mitigate

whats dos?

is it just ddos in a different way?

Denial of service

Disc OS.....
/s

Ddos is distributed denial of service

DOS comes from one other device

ah okay

but theyd need my local ip too right?

https://wiki.mikrotik.com/wiki/DoS_attack_protection

No

hey, so I have set my local server static IP address using netplan and when I try to change it, it doesn't apply a new one (sudo netplan apply), even after reboot...any help would be appreciated

why?

since you port forwarded

but then they only ddos the router right

no

when i port forward do they get my local ip?

port 25565 is forwarded to your pc

no

ahhh ye

this is all assuming ipv4

so whats the difference between ddosing my router and ddosing me

ipv6 is different

its ipv4

the router would need to be hosting a service

wdym

need to have an open port to ddos

you need to understand how a ddos/dos works

it works by sending many requests to a device

yes ik

its send lotta bullshit

but it needs something to send them to

do you still use ipv4?

oh no jelle here

lmao

lots of people still do

yes

I'd say most of the world still do

dual-stack is the standard now

verizon fios still has no native v6

@snow lance https://help.mikrotik.com/docs/pages/viewpage.action?pageId=28606504

yes -_-

ah but if you ever get ddosed you just call isp and get new ip and its all good right lmao

ik

kinda

isp usually has ddos measures as well

but if there is a security problem, the network could be accessed,

not with a ddos

no but because he has my ip he could scan

yes ofc

but you should everything secure

not security by obscurity

#networking message

access the nas, when a error in the security is found etc

remote into my computer

I mean

depends

it's not that simple

is your NAS port forwarded?

are you exposing rdp directly?

if you are, that's your problem

idk, my dad has the most important nas, and my own one isn't

but no, traffic coming from outside is blocked

and everything is getting logged

I'm often suprised by how much is open

everything?

doubt it

oh yeah i noticed this in my router settings is it any good against blocking ddos?

my father works in the ICT fixing ddos attacks, phising, etc. he teaches me te be carefull af with IP's etc, and is now teaching me how to do networking

he knows how to keep stuff save

yes

that's isnt much actually, it doesnt do much

i figured

must a bit of storage

and then it rotates

well, it get's deleted after a something like a month

that itself won't do much probobly

yeah its not a mikrotik or smth omegalul

That's not the only reason, DDoS protecc is complicated than that

yes ik its a joke

plz dont kill me

A good router is not all you need to protect from any ddos xD

an actual ddos needs a bit of bandwidth for mitigation

doesn't cf now have free argo tunnels

Id expect it to be superUnrealible™️ because its CloudFlare™️

https://blog.cloudflare.com/tunnel-for-everyone/

but I'm gonna inform me father that me ip got leaked, and we'll see what to do then... (I don't know whit about networking btw, only basic stuff)

Unless you dont get hit nothing will happen 🤷‍♂️

and even if you do get hit, then you can take actions, is it a dynamic ip or something

I believe it isn't, but the router ofc does support it, and the internet provider also could change it

Like a simple reboot won't change the IP's?

no

that's turned off

if you have business internet

most have ddos protection

doesn't for me

that's on the ISPs end

not on router

how long the lease is basicaly

I don't really care about DDOS, it's just a home network, it would just be switching everything off and on again. we don't have servers running...

I care more about the possibility that someone would remote into my computer once they are in the network

I mean who di'ja get it leaked too, man there's a lot of skids out there really who just threathen but do nothing

that'd require a serious vnurl on windows or something

because that would be easy, a simple ssh would do it

you can't really get access into the network if you have everything from WAN blocked

yeah this too pretty much, they can only hit your router, you need to forward the damn ports for it to actully interface to the devices in it

yes, but nothing is water tight

unless you click on something and then some reverse tunnel is made to the attacker

but that's on a user level

not really network

you have ssh open?

perhaps

lmao i see now

A DDOS attack sucks but it is only "temporary". For defense against remote attacks it is far more likely to come from a virus or some other malicious site/software than an IP-based external attack

do you get why I'm freaked out?

yes lmao

well, is the ssh secured enough? you dont use root and root as the user and password like i do to my machine right?

let me just sudo rm -rf /

do you have key auth?

or password auth

It would only work should they havve his password, right?

such funny

idk i dont have ssh open

Which. y'know, isn't unheard of: https://en.wikipedia.org/wiki/EternalBlue

well yeah, but you shouldn't use password auth

use key auth

how to send ssh?

and secure the key

That reminds me, I should probably turn off ssh on my VPN server

by setting a passphrase on the key

If it's pretty much key'd auth and your root is also disabled then its pretty secure. so many cloud VPS's have their SSH open on normal ports and dont get hacked, only if ya stop root fully and use keys

So, it goes ssh with key, use password to use key

yes, but I can be pwned without knowing, and brute forcing could also be done, even though it's a bit extreme

thing is

you don't use password auth

wdym

Yeah, can't brute force a key

Probably should be using a key

Or at least, mere mortals can't

ssh with key, then the key is encrypted with with a password you need to enter to decrypt it

you use key auth

key auth can't be brute forced

ok I'll do that

https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server

well yeah

Not unless you decide to dump that private key onto the interwebs

secure your priv key

thats why you use a passphrase on it too

I'll save it in a txt on my computer 😂

jelle whats your username on your pc

it's not funny stfu

yes it is

fuck you

he doesnt even have your public ip. why scared.

he does

i used to

wow

If you're worried about having ssh open on your LAN, you might also consider only starting it up when you actually need it, shut it down when you don't, and use a non-standard port for it.

well, yeah, I'll do that

That's what I do for quick config changes on my tablet for example.

I see, I'm feeling stupid I didn't think of that myself

Bah - few how-to's contain advice like that beyond "this is how to get it running".

Hmmm, I feel like I've seen you before, AngryAnt. . . . . .. .. .
Eh, must be a coincidence

on lan, I have ssh open

no worries about that

if i have ssh open and whitelist my phone thatll be safe right

I never looked into it much

how to

die

I wouldn't be too worried about it either, but it seemed to be the core concern in play here.

like I said, if someone tries to enter from outside the network, it'll be blocked

no, it was opening to WAN

Ooof

id close port 22 before i sudo rm -rf /

lmao

how many times have you made that joke?

twice

-_-

-_________________________-

SSH for anything on WAN is a really bad idea. I would definitely try to solve whatever use case is covered by that via some other service.

VPN'ed or not.

my SSH is always open technically 🤷‍♂️ I get v6 so it's open

no

ipv6 != open

so if i do this but for ssh then id be lan right

you still have a firewall

you should at least

It's opened all thru 😛

bad

how to

die

why, vpn and then ssh. Pretty secure

I did no config at all, I by mistaking had my IP on my clipboard and was on a VPS, I pinged it thru and was like "wait, wut?!" and realized even ssh works :P

router had no firewall?

fin was talking about this before

Nope, I'm pretty sure I did no config whatsoever. It just works

isps rolling out v6 with no firewall on default routers

that something works doesn't mean it works well

and my distro right now also has no firewall tool too, firewalld or other thing

Because you're risking the whole castle on the strength of the walls - leaving complete access for anyone who finds a way over the wall. Obviously it depends what your threat model looks like, but if the option is there to minimize the maximum possible damage on the inside, why not take it?

well yeah, but everything is a risk if you look at it that way. I have wireguard as my vpn, you need a key for that, not even password auth. Then you need a key for ssh

SSH is just such a massive sledgehammer fix for use cases.

ssh is pretty secure

right?

It is pretty much, its already encrypted

It is pretty secure, yes.

That doesn't make it invulnerable though or, more likely, at risk of mis-configuration. All I'm saying is that if some service with less all-reaching access could solve the concrete use case you're looking to have solved, I would definitely go for that.

It sort of falls in the same category of IOT devices on separate networks vs. on the same network as your valuables. Splitting them up is a pretty good idea, but not doing so is probably fine too.

The problem with IoT devices is that they are:

1. Poorly secured from a webservice standpoint (exploitable APIs or front-ends with poor security)
2. Phoning home to cloudprovider X

is OpenVPN a protocol as well as a software?

OpenVPN is trash

this is more for a documentation rather than exploitation

yes

yes it's a protocol?

but wireguard is better imo

OpenVPN is its own protocol, with associated software

Its a client-server protocol

aaah i see

The implementation of this protocol is the OpenVPN software

same with wireguard

so it doesn't use pptp l2tp or any of the sort?

no, OpenVPN is entirely done in software

i see

same with wg

yep, they are on the IP layer

@magic python there's a difference between say: wireguard, openvpn and the classic tunnel protocols like L2TP, PPP, PPTP

the latter protocols, create a layer 2 tunnel

wireguard and openvpn are layer 3 tunnels

l2tp can be used with ipsec, to provide encryption

hmmm

not quite sure i understand it all

@magic python do you know what Layer 2 and layer 3 means?

Or what data encapsulation is

hahahahahahahahahaha

the iso layers sure

encapsulation no lol

OSI

openvpn is openvpn

lets be honest, everything is encapsulated to hell these days

HTTP is treated as a transport layer.

Its a TCP protocol yeah

stuff beyond layer 4 is kinda irrelevant from a networking perspective

@magic python layer 2 describes ethernet, a way to exchange ethernet frames between connected computers

except when it isn't

@magic python you can put an IP packet inside an ethernet frame, and send it forward

There are more protocols besides IP, that can be used with ethernet

L2TP creates an ethernet tunnel, allowing you to use features, you wouldn't otherwise be able to use, on an IP-only tunnel

openvpn over ssh port forwarding over openvpn for greatest encapsulation

@keen urchin openvpn has higher latency, as well as more CPU load

obviously

same with ssh

thats why: wireguard

optimized encryption routine, get much higher throughput

I still use l2tp/ipsec over here, just cus my router has hw acceleration for it

that's cool. I mean, openssh is pretty clunky

openssh is amazing for the features that it gives you

its the swiss army knife when it comes to fixing things over the network

looks like wireguard is basically a modern implementation of the same core concept

set up tunnels on the fly, transfer files, run programs, :)

run rsync

rsync is ssh

no, rsync is rsync

or rather, it can use ssh as one of the source/drains

no it uses ssh as a transport

rsync runs over ssh

same as scp

rsync CAN run over ssh

it also has its own protocol

it can also do ftp

rsync like many things in linux, is pluggable

you can attach any sort of filesystem or directory you want

sshfs ❤️

for our offsite backups, I rsync them to an EC2 instance, which copies them to s3, because there's not enough bandwidth/time to get them all to s3 otherwise

The worst was when the new version of sftp assumed quiet in batch mode, and my automation layer that used sftp failed silently, which was fantastic. Fortunately I was able to patch it, and the maintainer also modified it, so newer versions are now fixed.

@keen urchin I don't use sftp for automated things. scp's interface is better suited for scripting

yes and no - for b2b integration, you need sftp

(which is what this is for)

sftp is for interactive use, or at least, that's what Ive always used it for

I've used sftp to integrate file transfers with... many businesses

'ye 'ol scraper

well that was what I started with

but then I changed to batch mode, and grab the output

I've made lots of money from small scraping scripts lol

4 hours work, 800 bucks

so there's no integration as such - it runs, and it either succeeds or fails

haha, my best was $3k for 4-5 hours work. had to flash a whole bunch of physical devices, and it was a huge pita and took ages. Automated it with AHK and was done quickly

oh I do that on the side !

laptop SSD upgrades

those are ez money

with 0 effort

clonezilla and then just wait

swap out the drive, and give them the old one, as backup, should the ssd upgrade cause unexpected problems

ah yeah I don't do anyones personal stuff except myself and immediate family 🙂

yeah

I need a tshirt that says: Yes I am a programmer, No I will not fix your computer

programmer, noun.
see: genious, magician

I literally have a mug that says "no I will not fix your computer"

nice

@keen urchin do you have a network whip?

haha, I'm not into that

https://www.getdigital.eu/lart-network-whip-cat5-o-nine-tails.html

yeah I know it

I prefer the classic etherkiller

lol the one with mains voltage?

I decided I wanted to be a sysadmin after reading BOFH

way back in the 90s

I drifted into that seat lol

someone has to maintain servers, and if nobody can do it.. I'll do it ¯_(ツ)_/¯

late last year I made our website 10x faster over a weekend

it was pretty intense, but I got there

i need some guidance, is 8 gigs for a 30 person vanilla (no bukkit or any of that) minecraft server (me and a few friends, and some friends of friends) running ubuntu good?

if theres 30 people id say at least enough ram for 1 gig each

but im not sure

just plain vanilla jar?

you should use something optimized like papermc

yeah just the vanilla jar

vanilla jar may have trouble

use papermc

it's better

what’s bad about the vanilla jar?

is it horribly broken?

unoptimized

not multithreaded

papermc atleast does some multithreading

Oof

MCMT does a bit better multithreading

You can get normal forge and install MCMT

https://github.com/jediminer543/JMT-MCMT

forge is a pita

Well it's only a single mod here, and it's worth it because it kind of does actually does decent multi threading

also on a more real world application, is MoCa any good for getting an ethernet connection to other rooms if the only line is coming from outside?

like, would I be able to take advantage of the gigabit internet I’m paying for if I used moca?

yeah moca 2.0 can do 1 gig (idk if duplex) but moca 2.5 can do 2.5 gig

I myself have no experience with it

aight thanks, i’m just tryna figure out the networking situation at the place i’m moving into, while keeping any modifications to a minimum beyond the ISP running the fiber to the unit and an ethernet line into the place.

moca is expensive tho

50 bucks or more for each end

ik

just run ethernet if you can

i cant tho

rip

well i COULD, if the landlord approves of me destroying the wall to run one cable to a switch in my bedroom or wherever. But I’d rather not.

powerline seems good if it weren’t for the bulky adapters and high latency (house is around 100 years old)

so i’m probably just gonna stick to moca and pay the price for (from what others say, anyways) close to Ethernet performance. Besides, even if it doesn’t work I could always use the ax wifi card I installed into my desktop, but again I’d rather not unless moca proves to not work or to be too cumbersome.

What does this mean?

Is my NFS share only open to 192.168.0.101 or more than that?

I would want my NFS and SMB share from my NAS to be avaliable to only 2-3 clients I have...
(101, 108 and 145)

Manual page didn't clarify much...even after translating it's a mess for me 😄

/24 is for all the network from 101 to 254

Oh, okay. THats bad.

Thanks

no

192.168.0.101 - 254.
For all the network...

no

depends on the context

I would open each IP address to the nfs with /32 at the end of it.
192.168.0.101/32
192.168.0.108/32
192.168.0.145/32

do you even need the CIDR

Actually no

exactly

I used to work with nfs at my work for backup servers never used cidr

/24 for that network is 192.168.0.1 through .254

Specifying an IP like OP did just saves you having to put in the subnet mask 255.255.255.0 elsewhere

I mean if it's just something like an IP whitelist it doesn't need the subnet right?

depends on how the whitelist is setup, most of the time an ACL will want a subnet or inverse mask unless you specify it's a host. With single hosts you shouldn't need it but it might, all depends on the app

I know on cisco CLI for example an ACL with the host keyword is just shorthand for using 255.255.255.255 or /32 (ipv4 of course)

but other applications and whatnot I've used (such as DNS addresses) you just do a CSV input of values for those hosts

So /24 or /32 or nothing?

in what context

Depends on how you want to subnet and the host range

it's an NFS share

Yah but you could do /28 depending on the host range and bit boundary is what I was getting at

At Tomini

I have no idea what you are talking about

You asked /24 or /32 or nothing with no context, there are other subnet masks larger or smaller you can use

I want my three clients to be able to access NFS (and SMB) shares

Nothing less and nothing more.

well then you'll need to do /32 for hosts

or just no CIDR, how I understand it

Haven't done host limits on smb before so I can't say for sure

Could you explain why /32?
r/ExplainItLikeImFive

@topaz mirage what software is that

Forget SMB, not NFS only.
As SMB needs login credentials and NFS doesn't and is open.

OpenMediaVault

Running in Linux.

there

we needed documentation

https://openmediavault.readthedocs.io/en/5.x/administration/services/nfs.html

So I will need to do multiple shares?

...per client

imo if I were you, I would use the linux firewall instead

Oh, okay...

I will take a look

Any guide I should check out first?

Yeah and for now until I set the firewall... with or without /xx

the CIDR aka the / is used to set a range of ips to be allowed. For example you have a whole 10.0.0.0/8 network but you only want 10.1.1.0 - 10.1.1.225 to be able to access it, then you would put 10.1.1.0/24

I don't think there is a way to do it they way you want to, since it says once entry is allowed

so you can't input multiple ips

but if you could you would just list the whitelisted ips without the /

I can make multiple identical shares with different IPs

seems like a hacky workaround, but go ahead

For NFS...I will only need once client. I can use SMB on the rest two.

So single IP without CIDR

Yeah. More like ghetto/whacky

yeah

Still can access the share without /24 on wanted device. Good.

Now I"trying without insecure

Interesting. Can't access the share without insecure option

Sounds like a tls issue

You can use nfs for windows to, nowadays windows finally support nfs share

I know that windows 10 pro have this option. (From what I saw on my windows 10 pro vm)

Yes, it has. But I have Home Edition 😄

...and I think I cant upgrade without reinstall

I think home edition have it to

It does not

But I don§t need NFS on PC. I use NFS mainly for Kodi as it has bad overhead and bad performance with SMB

Just gotta tune the samba stuff

Yeah only works on pro and up

I use smb on Linux because my storagebox in cloud only supports this , webdav, ssh, sftp , ftp and ftps.
SMB is annoying sometimes when it gets disconnected without alerting me with the system mail I setuped

Doubt. I read so many forum posts with people trying...I don't see a point in it anyway for SMB. SMB is Windows protocol anyway...

That's understandable. FTP is kinda cr*p.

Yeah

It's all in the tuning, and its not necessary for most. I have my tuning doc with my setting lying around somewhere

I dug through Kodi forum and found no solution. It works on NFS...dont have any feature that SMB can offer.

The access time and even bandwidth is really bad.

You wouldn't find it there. More likely to find it on redhat forums, stuff like that

network arch places

and I get full gigabit to my samba share from my windows. It's really just fine

No offense to kodi users, but for more technical configurations, that's not where I would look

SMB is fine on windows not on Linux

That is disrespecting...

What makes you think that there aren't technical people?

SMB is horrible on Linux

Changing to Shield running on Android didn't help one bit.

I'm not saying there aren't any. But if you want nitty-gritty config changes, you go to the source. Redhat, centos, samba's own forums

Kodi caters to more consumers that want to just set stuff up and have it work, so the user base reflects that

Source of the problem is from Kodi...so that's where should I look.
Asking on forums made for networking in general will result only in troubleshooting and I don§t wanna bother people with this.

Have you ever used Kodi? You are talking more about Plex...

Plex is easier to configure and use

For dummies? It's a good start, but for advanced stuff...you are on your own.

Yes, I am talking about kodi. Their users are on par with jellyfin users, and less technical than plex users

https://www.samba.org/samba/docs/old/Samba3-HOWTO/speed.html stuff like this is that good stuff

Exactly. And closed as fck.
Only "advanced" thing in Plex is remote access. Even that can be easily done

Plex is fine. Only thing I don't like about it is it talking upstream

Lol. Okay 😄
I'm not going to argue with randoms about stuff like this...

I use jellyfin

Pretty good

Does what I need it to

Simply stream from server to tv

Cool...but...why? Samba is for Windows. NFS is simpler and not bloated with garbage stuff that makes it slower. NFS works for me and nothing worked with SMB.

Do what works then. But SMB is not samba

Well, you are on-par with Kodi people. You seen it here first, mister.
But don't worry...that is compliment. As Kodi users are more active with making addons and caring for this project as a whole.
Plex is great if you want remote access and transcoding to devices straight. Less customization, none control over the system as a whole

I know.

SMB is a protocol and Samba is implementation. But both have roots with Windows.

windows adopted SMB, but it was originally made as a standard by ibm

I just don't tinker with it, I could but it already does what I need it to.

Samba never has been associated with windows

I was sarcastic. I never used it.

https://www.monoprice.com/product?p_id=11207

are these cables good quality?

monoprice and cable matters are my go to personally

the plastic tabs covering the rj45 clip are hit or miss though

yeah i hate when they break off

i received a defective ethernet cable from an ebay seller

https://www.ebay.com/itm/182640699043

dont buy these from sjbcable

that picture looks like the "Graphic design is my passion" memes

i gott an old windows pc with a netwrk switch ;-;
it was kinda broken from the beginning but it lasted for around 15 years and today it just gave up :(
so just before i try and add a new one is there a way to enable the netwrk via a software

the network switch itself is broken?

mhm

like atm only the spring exists ;-;

and then the metal body

hmm, can you send a picture or something?

hmm i dont think i can... its a laptop and its kinda hard to disassemble

lemme check if i can find a pic

nope couldnt find any photos

its an
Acer 5571 celeronf tht helps

||idk how||

I'll search it up

imma too

wait so you mean a network jack which is spring loaded to take less space?

its called a wirless switch

I'm very confused lol

this is a similar issue

wat

o its fine
old laptops had this thing called a netwrk switch

to save internet payments ig idk

wat

lmao wat

so you mean a toggle button for wireless radio?

mhm

Wut lol

dont use the word switch

switches mean something else in #networking

Wtf

oh y?

oo sry

Oh

now I'm back on track, yeah always be careful when you use the word switch here

this is a normal two way swith if tht makes sense

An actual physical switch lol

Not a networking switch

yeh lol

;-;

An electrical switch

OOOOO LMAO NO

SRYYYY

we're way too network savvy here

im like is my q tht dum ;-;

yeh makes sense

yeah I think they too confused it for a network switching device

this is more of a #tech-support (or maybe somewhat related to #peripherals)

(this question I mean)

can just disable the device in software

thats what that button does

i did try it

doesnt wrk

https://i.imgur.com/yGcq3rb.png

mhm i did do tht

this manually breaks the connection to the reciever ig

is addin a jumper fine

..

doubt it

coz im pretty sure i dont have the switch

@tame carbon on older devices the wireless radio can't be toggled in software

ikr

its not tht old

most of the user functions like additional buttons, are done via i2c busses on the motherboard chipset

tht option does exist

but even adter its enabled

theres this brek to the recieveer

and those are handled by the operating system

ok.....

your wireless card could also just be broken :P

oo and another thing
i feel like this button doesnt rlly break the connection

nah

this has happened alotta time

s

its not the netwrk card for sure

it could be defective though

wha?

doin wut could be....

I need help with figure out why my vpn stopped working properly after the last mtik upgrade

the wireless network card could be defective from factory

I'm guessing it's some dns related

no wut happens is it does an auto off thing if the netwrk isnt used for a while

which happened i turned the laptop on after a week

but this time i was a little impatient and broke the entire switch T_T

wait so what are you trying to achieve in the first place

turn it on

in what way is it broken though

i usually did it with the electric switch but now its borken

the protrudin portion of the electric switch just snapped off

so i cant turn it on

so i wanna find a way to turn it on usin bios or smthin

if its possible

screwdriver to the rescue?

you can't turn it on in software

tht just yonked the entire plastic off ;-;

yeh tru

now all i see is a spring stickin out

you have to get the switch to work well enough to enable wireless, something which I don't have time to help you with

mhm i get it

wired does wrk so imma stick with dat for a while

thnks for helpin doe :D

you're welcome

bumping this to allow someone able to help see it

I mean , what's not working

The link itself?

Hey does anyone know who I should talk to if I wanted to donate a computer part to the linus team?

Sir this is a #networking channel

post onto reddit in r/pcmasterrace, get 300,000 upvotes and check your inbox

man... r/pcmr

i was OG then unsubbed a long time ago

place is cancer now

r/sysadmin is getting there too

they used to ban low effort posts, now its a bunch of "i got a new job!"

Can't surf / use WhatsApp and all this

Yeah that's not relavent

Is the link working

Can you ping

By link working I mean link up

I can connect to the VPN but no surf or use any internet app

Well no ping to anything

no ping for you

Depending on the vpn, might not support icmp through it 🤷‍♂️

Just found out the timeclock system at work is running some weird portable version of windows 10 and it explains sooooo much. None of the tech decisions around here make any sense bc theyd rather save a dollar now then save thousands later.

L2tp VPN

sry if this is supposed to be in tech support
but i'm the only device lagging in my house, i'm 2mb up 2mb down lol
i tried to see if distance was the issue so i tried it with my phone, but the phone went from 40mb next to my computer to 60mb next to the router
help lol no forums are helping

Hmm, both pihole and adguard seem to default to resolving blocked DNS queries to 0.0.0.0, the pihole docs say that it's "unspecified address" and that "it must never be assigned to any node"

However, on every machine I've tried, opening a connection to 0.0.0.0 is the same as opening a connection to localhost, so all blocked DNS queries open a connection to my webserver running on localhost lol

okay - super stupid question incoming - I have an intel dual nic in my server (2nd half optiplex); if I buy a separate router and put that between my lan and the second port on the nic for site-to-site vpn accessing the server... that works right?

Depends how you use the port on the server, but it certainly is possible.

i have a mikrotik chr on a vps so I want to link a hex s to link that second port on the optiplex back to the CHR

that way when I road-warrior vpn back home, I'm not going directly to my house's lan (so no DDNS, or direct exposure of my public ip) i'm going via a CHR?

Makes sense. Not sure why the second router though.

home network is unifi and has a bunch of things on it i'd rather not expose... i could tunnel direct from the 2nd router to the vps?

Why not tunnel from 1st router with all traffic routed to your 2nd server port?

Two-router setup should definitely work. Just seems unnecessary.

@vestal surge I got a mikrotik RB4011 here, controlling like 5 different networks

mostly put together with VLANs

you can put the 2nd interface on a different vlan, and use your existing router

that is, if it supports vlans

Thanks AngryAnt! Crystal - hmmm I might try that tomorrow before buying anything then. My home router/gateway is a UDM

How can I make nfs share folder inside my smb share ?
I have storagebox that only supports smb,webdav,ssh,ftps,ftp,sftp

@vestal surge I actually simplified the cabling of my network by moving to 10G.
The server is connected with fiber optics to my switch.

and the 5 virtual machines, each have their own VLAN

this is the current topology.

already using vlans via unifi so there isn't any reason I couldn't add another.

I got an RB4011 paired with a CRS305

gives you just enough connectivity to set up a fast backbone at home

not sure how the site-to-site would work from the unifi to the CHR? I don't want to route all traffic through the site-to-site

all your gigabit stuff just branches off that

@vestal surge some PPP-type tunnel and a firewall rule? :D

depending on what routes you set up, and their route metric

packets prefer one route over the other

my networks have mostly been linear, never really done much site2site stuff

yeah honestly I'm being a geek and overcomplicating things.

@vestal surge not the only one :P https://i.imgur.com/tbeBAym.png

one of 4 mikrotiks

all those vlans you see on the SFP+ interface, those go to my switch

its so pretty... one day i'll get something like that

@vestal surge https://mikrotik.com/product/rb4011igs_rm

list keeps growing https://i.imgur.com/BLMSZfq.png

Trying to understand ACL's.

Is there a difference between these ACL's?

a)
access-list 100 permit tcp host 1.1.1.1 host 2.2.2.2 eq 80
access-list 100 deny ip any host 2.2.2.2
access-list 100 permit ip any host 3.3.3.3

b)
access-list 100 permit tcp host 1.1.1.1 host 2.2.2.2 eq 80
access-list 100 deny ip host 1.1.1.1 host 2.2.2.2
access-list 100 permit ip any host 3.3.3.3

In both examples only TCP from 1.1.1.1 can reach 2.2.2.2 and nothing else, correct?

access-list 100 deny ip any host 2.2.2.2
access-list 100 deny ip host 1.1.1.1 host 2.2.2.2

One blocks all communication to destination 2.2.2.2 while the other denies only 1.1.1.1 -> 2.2.2.2

Both examples will have a hidden deny all at the end of the list as well.

so in the case of access-list 100 deny ip host 1.1.1.1 host 2.2.2.2
its implied that all other traffic to 2.2.2.2 is allowed? In that case I think I understand

nope. all other traffic to 2.2.2.2 is denied unless you specifically said to permit it