did something and now i'm getting 750+ mbp/s with ethernet

Are there cable out there that aren't 1gbps anymore? The oldest I've seen is cat5 I think, that does 1gbps right?

i love how i get 100 megabytes per second according to this speedtest but i'm downloading this game at 1.5

cat5e (4 pair ) does 1gbps -- cat5 ( 2 pair ) goes to 100mbps

gotta wait an hour and 30 minutes for this shit

these genshin impact servers are ass

Cat5e does gigabit, cat5 itself only does fast ethernet

Oh looks like drako already answered

Hm that might be your ISP then

Genshin impacts servers have been decent from my experience

About 100mbps download iirc

Can't remember whether it was 100 or 200

well i did a speed test and my ethernet is running at 750 mbp/s

Huh

Interesting

i managed to up it to 4.5 MB/s

Which is 36mbps

Hm

it's manageable. i don't mind

It only took me around 5 or so minutes to download genshin

And start playing

I guess your ISP doesn't play well with genshin then

i also tested downloading on steam and battle net

their speeds are normal

Wow did not know that

it's funny because it'll probably download fine on my phone

just not my PC

So I installed Pterodactyl linux management GUI, but when I try to access the login screen using the local IP, it gives me 404 error soo nothing on it, I have set up the DNS on Cloudflare that I have the domain and can access it while I'm not on my local network, so ports are opened correctly...the only issue is that can't access the panel locally. I have tried opening ports 80 and 443 using iptables for INPUT (if it needs to be output, let me know...). The GUI is based on nginx tho... I'll be glad for some help! (ping me)

the main issue is that I can't access the site locally

but can access it outside my network

@crisp bay sup

I see you are using nginx, does your server (site) configuration use a server_name field?

I'm suspecting nginx is filtering on hostname,
if you set up server_name foo.com

then foo.com may resolve to the IP address of that machine, but it'll only serve the page if the hostname matches

so if you enter a local IP of the same machine, it won't be using that hostname foo.com but rather: 192.168.88.100 or something similair

solution is quite simple:
either, forward your ports properly, with a hairpin, so you can reach the public interface through your hostname

or

add the address from the local network, to the server_name field, you can have more than one entry

If it works from wan, but not from lan using the wan ip, you need nat loopback on the router enabled

Or split dns?

Split dns would work too

But a bit of complexity for just a simple port forward

hairpin nat, and use public IP only.

split dns is messy in home scenarios

It is? Ooh. I always thought of nat reflection as more complex

You already have a network translator in place.

How come?

So why not use it?

instead of trying to fix NAT with DNS

You need to setup a dns server and all lan devices need to use that dns server

yeah, and those who use their own dns and ignore the one they get from dhcp?

While with nat loopback it should just work

hairpinning NAT, fixes the issue

your public IP, when used from your LAN, will just get forwarded as well

@nimble sable

This is the solution to the problem that arises with port forwarding, and reachability behind the translator

quite a lot of consumer routers include a hairpin NAT by default when you port forward

other brands, don't

ooh actually did not know that it was on by default on forwards for consumer routers. i ended up turning it off cuz in my head the dns thing made more sense

@nimble sable It used to automatically hairpin on those tplinks I used for many years

until I used mikrotik

and realized, that hairpin is a 2nd NAT rule

and i just use external url all the time, so the problem was always that "i'd like for it to use the internal ip address when i'm inside"

Yep

thats why the hairpin fix is the cleanest

oh interesting. on pf/opnsense it's just a setting overall

in a professional scenario, you wouldn't even have NAT

NAT is a solution to bring internet to peasants

because we can't seem to get around to using v6

true

/ip firewall nat
add chain=srcnat src-address=192.168.1.0/24 \
  dst-address=192.168.1.2 protocol=tcp dst-port=80 \
  out-interface=LAN action=masquerade

Hairpin on mikrotik ^

ooh

interesting its a seperate rule

To the server on 192.168.1.2, the connection from the LAN will appear as though it comes from the router itself

because its masquerading

yea my issue with hairpin was that it involves the router in internal traffic

i think

like i cud turn off my router and my samba/nfs stuff would be fine

However, the web server only ever sees a source IP address of 192.168.1.1 for all requests from internal clients regardless of the internal client's real IP address. There is no way to avoid this without either using a router that can do application level DNS inspection and can rewrite A records accordingly, or a split DNS server that serves the internal clients the internal server IP address and external clients the external server IP address.

This is called - among other terms - hair pin NAT because the traffic flow has clients enter the router through the same interface it leaves through, which when drawn looks like a hair pin.

yeap

https://wiki.mikrotik.com/wiki/Hairpin_NAT

i was just surprised to here folks like hairpin that's itneresting to know

Its generally not an issue

because the ones that run into this problem, are the ones most often using consumer routers

and those usually hairpin for you

but knowing about it is useful

why wouldn't not consumer folks not encounter this issue?

if you ever run into the scenario where it doesn't work

you know why it doesn't work

@nimble sable Like I said earlier, those consumer routers often do hairpinning by default

they forward all interfaces port <X> to <IP>:<Y>

on mikrotik you'd do this more select

you create a NAT rule for your WAN interface only

oh no i meant

the ones that run into this problem, are the ones most often using consumer routers
implying that folks who do not use consumer rrouters don't run into this issue generally?

People who dont buy consumer gear, because they are in a professional setting

probably wont be using NAT

oh

Because NAT is a typical feature used by end customers

To multiplex a single public IP

i think my company does nat? maybe

Most likely.

If you have a private IP on your machine, then you do.

but that more has to do with security likely

no

on v6 you don't need NAT

every computer has its own public IP

right

security is from firewalling.

NAT as 'firewall' isn't really security

oh right

The only reason we're using NAT in the first place

is because ipv4 is not large enough in terms of address space

we can't give every person a public IP

ugh i had an ISP that did double CGNAT, it was insane to try to do ANYTHING even remotely complex

Meanwhile

I sit on my own /29 IP block

NAT? 🤣

so far that I have done to nginx is just install and get with it..haven't even touched configs yet...

v6? wait do you not have v4 traffic at all

it's not on wan, it's on lan

@nimble sable I don't have v6 either :P

ISP doesn't support it yet

but I have a /29 IPv4 range

8 IP addresses

wtf how?

$$

damn that's nice

my university had that

You can get a /48 of v6 for free

^

Using tunnelbroker

I have a /48 as well, though I dont have my 4to6 tunnel enabled right now

GeoIP breaks netflix for me

I hate geofencing

its idiotic

It doesn't work

and it only makes legitimate use more annoying

I'm in the us so it makes no difference

And don't use Netflix

@tame carbon where does netflix think ure from?

USA

European Netflix library is 10x better than US

oh yea

huh I wonder what kind of v4 block my employer has...i know it's a big one

@nimble sable https://i.imgur.com/buBAoTz.png

basically

nice

@nimble sable and then ofcourse

https://i.imgur.com/wXFnr98.png

I have my own DHCP server that hands out public IPs :)

i wish my ISP did ipv6

@nimble sable its quite easy to setup

https://i.imgur.com/TznC48K.png

https://tunnelbroker.net/

When you set up your tunnel

i tried that once, does the traffic just go thru a tunnel then out as a v6?

@nimble sable no it establishes a route and prefix

your router will have a /48 prefix or /64

and hurricane electric just routes that network to your router

so you essentially have both v4 and v6.

I have it disabled rn

but

https://i.imgur.com/ms6tAkR.png

ooh cool

HE uses actually another /64 for transport

You have a prefix configured that your router routes for

yep ^

but this is a /64 prefix

I dont have the /48 on this router

@nimble sable IPv6 uses a different protocol to hand out IP addresses

you can use dhcpv6, but you don't have to

it can just use NDP (Neighbor discovery protocol)

Your router advertises its prefix

^and that doesn't work on prefixes smaller than /64

ye

hmm i'm gonna try tunnelbroker

i tried a long time ago but that was when my ISP at the time did duoble cgnat

i don't remember the details but it was insane to try to setup around it

also, cgnat is evil

@nimble sable depending on your ISP, IPv6 may feel identical to v4, or be lots slower

Hurricane Electric peers with my ISP, so when I use v6, I only have a 0.5ms increase in latency

nice

You don't get more than 50mbit/s bandwidth, until you finish certification

You have to self-certify ipv6

its automated

they give a small quiz

all the answers to the quiz, you should be able to figure out by just googling

or just think, its not that hard

oooh ok

You know, I actually got my t-shirt

After like 5 or so months

But it was a Large

Pretty sure I put medium but whatever

Free shirt

@peak cloak they saw the US shipping address and were like: naaaah we need bigger one

Btw you need to have a public ip

Can't be behind cgnat

yea that wud be the issue, now that i have a public IP i'll try out tunnelbroker

oh another question, is it POSSIBLE to do 1gbps over wifi?

@peak cloak I thought tunnelbroker worked behind CG-NAT

No

Yeah in ideal conditions

i remember trying VERY hard to get around it, and then giving up

do i need wifi6?

@peak cloak not with 80MHz you wont

Wifi 6 is more improvement in timing, but with 6e you'll get better speeds

or just wider channels

:P

160MHz

I thought ac in ideal conditions could do gigabit

Depends on channel width.

Yeah

But it's possible

If you assume perfect signal, then channel width is your limit

Ye, but not with 80MHz.

btw for 1Gbps i need a wifi AP that is advertised for 2 right? someone told me smthg about half duplex and that u only actually get half the speed?

You top out around ~433mbit/s 866 duplex

With 5ghz

Oh duplex

You need wider channels

if you want 1G

Ye

hmm right now i'm topping out around 700

no matter what i do

@nimble sable most wireless radios can't do more than 80MHz

I think about it this way

oh u need MORE than 80? i see

Do you really need more than 700mbps wifi

use a cable

don't hog the air

@nimble sable yeah but with 160MHz channels, you are quickly running out of channels to use

There's only like 2 160MHz blocks you can use

also depends on region you are in

US is even more restricted

i mean...who wants to do 2160p streaming on not gigabit

use cable

Use a cable

yea actually i probably should\

i need to a run to the bedroom

20/40/80 Ceee

is most common configuration for 5GHz

i did manage to unlock my unifi once even though i bouhgt the US version, but i can't seem to remember how i did it

https://i.imgur.com/QJO7SXI.png

Ceee, C = Control Channel, e = extension channel

each letter is 20MHz

Btw you are legally responsible if someone finds out

FCC

If you are using not right channels for your area

If you squat on frequencies and interfere with something critical

you can be held accountable

oooh yea good point

@peak cloak the RB4011 can do 20/40/80/160 Ceeeeeee

i did it before to get to a free channel

ultrawide channels

when iw as living in a particularly crowded location every single channel was massively used

for maximum efficiency wastage

@nimble sable even on 5GHz ?

yea

turn up radio TX

even on 5ghz every channel was chocker blocked

these days most consumer isp router things use 5ghz

For that big outdoor wireless network I'm helping dad out with soon, I will be using 60GHz

60GHz between the tower on the house, and the individual wireless zones

and like every single wifi ssid was "ATT_something"

or similar

https://mikrotik.com/product/wireless_wire_cube

60GHz stuff is great for backhaul

no interference

Except for leaves

Lol

Yeah you need line of sight

@peak cloak this radio in particular, has dual band

it switches to 5GHz if the 60GHz link dies

so its slower, but still connected

i need new cables for my rooms, while i only got gigabit ethernet, i wonder if i should grab Cat7 or Cat8 cables for connecting stuff... even tho i know my walls have only 6a cables in them, but still, if i buy new cables, i won't go for crap (also i can't seem to find Cat6 SFTP cables at my retailer)

@silent flax you really need foiled cables?

Nah don't waste money on 7 or 8

isn't STP good enough?

6a is more than enough

again, as i said, Cat6A SFTP cables aren't available right now. And there only alternative is Cat6 UTP

cat8 are thick boi cables.

@silent flax are these in conduits&housewall interiors?

because you'll want shielded cables for permanent installs

cat6 UTP would do, but not futureproof

cat6a (STP) would be better

no, i have a wall ethernet plug and i need to connect my PC 5 meters away from it. Unfortunately it seems for some reason it drops to 100mbps at that one spot, so i want to make sure it is shielded and long enough, to rule out switch issue.

@silent flax distance?

and spending 8 euros on cat8 5 meters, 5.5 euros on Cat 7 5 meters or 6.2 euros on CAT6 FTP, doesn't change the stuff much

like we talk about 2.5 euro difference

< 20 meters, and you get 100M instead of 1G?

that's guaranteed, 100% termination issue

yeah, but again, as i said, when i am replacing the cable, i might as well buy the best when the price diff is 2.5 euros 🙂

@silent flax lol while you are at it, do yourself a favor, and buy one of those $10 Ethernet continuity testers

they come as a split unit, master & slave

these are dirt cheap

they do RJ11 and RJ45

btw, is any of these, good?: https://www.amazon.ae/TP-Link-TL-WN823N-Wireless-network-Raspberry/dp/B0088TKTY2/ref=sr_1_2?dchild=1&keywords=wifi+adapter&qid=1623500745&sr=8-2
or would you recommend something else? Looking for something below ~20 usd

@thick minnow lel

that thing is smaller than the wavelength of 2.4GHz

reception = awful

need at least 4-5 cm of antenna

https://www.gembird.com/item.aspx?id=1691

@silent flax if it costs more than $10 dont buy it

& https://www.gembird.com/item.aspx?id=3196

7.8 euros for NCT-1, 16 euros for NCT-2

Its just a battery, a simple clock generator, and 8 LEDs

It cycles one wire after the other

and the order of LEDs blinking ,should be the same on both ends

unless you crafted a cross-over cable

if LEDs do not blink in same order or doesn't light up at all, you made a mistake when terminating

it was a purchased cable, i don't make my own cables. obviously the guys who built the house and did the wiring could have messed up the wall plugs & wiring, but oh well

i just want to rule out stuff outside the walls before i start redoing the wall plugs & wires in walls 😄

i was thinking of getting this adapter what do u guys think?

TP-Link TL-WN881ND

that is very, very old

do you only have 802.11n wifi ?

for sub-$30, you can get cards with AX200, with 802.11ax support https://www.amazon.com/COMFAST-ax200-WiFi-pcbluetooth-Frequency/dp/B08QMN6MXK/

i just want something cheap

Well, it's supposed to be for a server of sorts....
So could recommend something?

What cat cable is the best for a new house? something future proof

cost is no problem

for like in the walls

cat6a

Anyone know what encryption is used in an autounattend.xml file for passwords? I do not want to use WSIM

and $26 is expensive ?

In some places, yes

@thick minnow in what place?

In android there is something that calld "private dns" and I need to use that with domain name. How can I create my own? ( I have a pihole that feaching to the internet but on ip and I own a domain)

for example you want to use the dns of google, normaly that would be 8.8.8.8 or 8.8.4.4 but now that is dns.google

you need to run your own nameserver

and be the authority for resolving DNS requests on your domain

then other dns servers will pull from your nameserver

not sure if pihole can be used for this

the whole idea of running your own dns server on public internet is sketch af

because it can be abused

I know my ISP doesn't allow it, and this is all corporate

The middle east

next to the Arabian gulf

So no that, there is any way to change DNS is wide?

For every new wifi and data

you registered your domain with a registrar

right?

Yes

Either, you use their nameservers

or you can also use your own

but I wouldn't publicly host a dns server otherwise

No I don't want to use private DNS I did some research and its not what I want

I want to put my pihole to my friend but she don't know how to do that every time

wat

Alright from the start

My goal is to let my fride use my pihole but she don't know how to change the DNS without me to do that

Her DNS resolving will be much slower

I know its not matter to us

idk

like

public port 53 is sketch

good luck

lol

this is how DDoS attacks happen

because idiots run public DNS servers

Its all ready faceing to the world

use a vpn

I will not let her to get in side my network

@thick minnow make sure your port forward for the DNS server that's public facing, only permits certain IPs

otherwise it can be abused

I'm honestly surprised your ISP isnt blocking this

they should

@thick minnow https://serverfault.com/questions/634793/how-do-i-set-up-a-secure-open-resolver

https://i.imgur.com/UTgOh6e.png

What they can do? I didn't understand

It takes far less research to set one up than to understand the risks involved in doing so.

https://us-cert.cisa.gov/ncas/alerts/TA13-088A

tl;dr; don't run public facing dns servers if you don't know what you are doing

OK th u

@thick minnow its just a technical flaw in the way DNS works, that its bad practice to run your own dns server

hence, pihole is for LAN or VPN only, shouldn't be public facing, unless you do IP whitelisting

but even that can be spoofed

Can u tell me what they can do?

Like what the risks that I didn't understand

@thick minnow DNS requests are UDP, and its a single request, reply structure

the DNS request contains an IP address where the reply needs to go

this address can be changed to something else

you can use a DNS server to amplify a network attack like a DDoS UDP flood attack

take down a website

Oh u mean men in the middle attack?

@thick minnow no

normally its your computer <--> dns server

but with dns spoofing

attacker -> your dns server -> victim

so they can use your dns server, to attack someone else

NTP is another prime example of this

So if I want for esm to still ur credit card I will make my version of papyl andnlet ur phone to know its the real one?

its another one of those protocols

Network Time Protocol

in the past, those have been used to take down government websites lol

because the ones running NTP publicly, happen to also have Atomic Clocks, and a very fast fiber connection

Oops

What 😄

yeah

so they send a bunch of time requests to the NTP server, and it has this one useless feature

where it just spits out random data

and the attacker then just sends a single small packet to the NTP server

and the destination address for the reply, is spoofed by the attacker so its something else

and then the NTP server sends like 200x the amount of traffic as a reply to the victim

do this with 10 timeservers at the same time

all targetting the same IP address

that network will most likely be unreachable because its completely congested

so you and your broadband internet

can take down a datacenter

using unsecured services

like DNS

DDoS = Distributed Denial of Service

The first D = everyone who runs a public pihole without knowing squat

@thick minnow https://www.youtube.com/watch?v=BcDZS7iYNsA

@thick minnow DoS is quite simple

Faster connection wins

if I had your public IP, and started a UDP flood

your internet would go down

probably because my fiber connection is faster than whatever you have

1. this is illegal

2. I'm not that kind of person

And u already have my ip ;)

do I ?

meh ¯_(ツ)_/¯

Yeh u helped me to setup

once you've been on the receiving end of one of these attacks for a week, you sing a different tune

its just a dick move

So I don't know if u save but I trust u

I remember my minecraft server in 2015

we had like a 6.3gbit/s attack

My fride did me once that and it was fany only because I let him

its just lame

and annoying

Tell me

thats why you run public facing services elsewhere

somewhere with good net and some kind of filter

My old cs:s server had 35gbit attack at 2014 I closed it a year later because the hosting company didn't had a good DDOS protection

😆

i once hosted a VPS at a cheap host, and twice someone decided to do a DDoS attack on my server for some reason (i have next to nothing running there, so no idea why). Their solution was to nullroute my server without informing me, i had to contact support to ask why is my server dead, only then they said it was nullrouted. After they did it second time i stopped using them and switched to Vultr.

i mean i understand the nullrouting. But dammit, at least send a stupid email "You are under attack, we nullrouted your server"

Nulleoute is what many cheap providers do actually

The hosting company im on Hetzner, also nullroutes the specific IP your getting ddos'ed or so for 24 hours im pretty sure

But i never ever got ddos'ed

🤷

I used to use vultr they are good but I wanted dedicated server so went to hetzner 😁
Ovh was too expensive I used them to for 6 months.

Null routing is not associated with a cheap provider. RTBH is widely used across all providers. Flowspec is the next iteration but not at such a scale in a VPS environment

nullrouting was not the issue. Not communicating them doing it was.

you nullroute, you fire an email to the owner of the damn VPS

it is. it means your provider is too low spec

well, i moved elsewhere as i said

a real provider is going to want the ddos to even out peering agreements

all of a sudden level 3 gonna owe a ton of free traffic

can someone help me fix my hyperv network issues?

How I get the switch to do the power over what ever

If you have the US-8-60W the 4 ethernet ports on the right should Auto-Sense devices that use 802.3af PoE when they're plugged in. That being said, you may also need to configure the switch in your Unifi Controller. https://www.ui.com/unifi-switching/unifi-switch-8/

Ports 5-8 auto sense PoE (af only) Plug in a device and it should get PoE power. If its a 24v passive PoE device, it will not work.

UniFi switches act as dumb switches if not adopted & managed through a controller, which also includes PoE

im sorry but nice router and all but that looks scuffed and disgusting

nice router?

I notice a lot of people seem to get very impresssed the more that a router looks like a UFO/alien spacecraft about to take off

My router is just a pc...in retrospect kind of a waste of electricity, maybe

I have an RB4011 wifi model.. it is nice because it has a PoE out port with passive PoE, I use it to power another AP for more coverage

@clear igloo Setup my parents iPads to use a wireguard on demand VPN for SSIDs that aren't home or their workplaces

Lets see how this goes

I have my phone and iPad setup to on demand wireguard but I can't setup their phones to 😐

Because Android doesn't have on demand 😡

anyone know of any good consumer-grade switches? I need something with 4 ports at least and small enough to comfortably fit on a desk, since i'm looking to connect two computers, a printer, my Switch, and (eventually, if I can find one cheap enough) a PS5 or Xbox Series X/S.

Plus some spare ports just in case I need them.

pretty solid for unmanaged/consumer grade https://www.amazon.com/Ethernet-Splitter-Optimization-Unmanaged-TL-SG105/dp/B00A128S24

I personally only like to use managed switches

for a little more money, you could look at this: https://www.amazon.com/Mikrotik-RB260GS-CSS106-5G-1S-Ethernet-Original/dp/B00GAZ2HHS

it has an SFP port too

Best router on the market? Opinions wanted.

Dm or @ me thank you 😊

Best router for what?

My house.

I am interested in learning about networking. I want to buy one that has a good range of function while also being something I can make use of in my study. Essentially high market but something more technical.

I do plan on getting a home lab but that might be a different conversation.

some model of MikroTik router then

I know I heard about unifi dream machine pro.

nah, if you want to learn about networking you'll want a MikroTik device

Ubiquiti stuff, especially things like Unifi and Amplifi and Aircube, are meant for the prosumer market rather than people who want to learn about networking

it is both an advantage and a disadvantage of mikrotik that they use the same OS for their core routers intended to serve as the primary routers for ISPs that they do for their home routers

when you buy a mikrotik home router it has the full feature set of the routers used to run large ISPs

and so you don't end up missing anything

there are many different devices available though

@tender hazel thank you for your advice. I appreciate the response.

Can someone help me i have at problem with the network issues in my computer i download something it just drop to 0 kb for some reason but in my phone is just working fine i try at diffent wifi it sitll the same in the computer what is the problem i don't understand >?

is it the computer issue or the wifi i m so stree out know

noice!

wire at pin 1 was completely disconnected according to the tester, there was no light on that pin whatsoever on either side. no short, no signal, nothing. replaced the cable with that cat8 cable, instant gigabit 🤷‍♂️

@silent flax typical

so its open circuit = no connection

the bad one was a premade patch cable directly from store

That happens more than you think

I throw those cables into the bin immediately, if I cannot reterminate them

because its always a hastle with that one cable

reminds me of 😛

does it do wifi?

If you believe hard enough, yes

read the last word 🙂

if you can't be bothered to not have typos on box, how much effort did you put in product 😄

Sounds like a french guy with a cold trying to pronounce ethernet

@silent flax When you order off aliexpress in netherlands, you can select which country it should ship from

anyway yes, i thrown that cable in ewaste bin as well

Either: Russische federatie (Russian Federation)

or

this was sold locally, ugreen is often available here

Porselein (Porcelein, type of ceramic)

American word for Porcelein = China

for my country, shipping from China or Russia is same thing from July

yeah but its just cringe translate mistakes all over

and you can see how Aliexpress first translates Chinese -> English, before they do English -> Dutch

has to pay VAT from 1st July on everything, even sub-22 euro items. Which requires either a modern ID card with signing capabilities, or pay 9 euro per shipment RIP 😄

Also yes, classical Engrish.

yeah its bs

@silent flax or german customs preventing you from importing anything from outside of EU with a wireless radio

if you order wifi equipment from US, imported to germany, it has to be licensed if it has a radio

even though, the radios certified for the US, when operating in europe, do not violate any frequency allocations

since US frequency space, is more restricted than european models are

wifi specifically.

i mean, if i order a 200 euro board & cpu combo from ali, 9 euro customs fee won't annoy me next to the 50 euro VAT payment. But if i order a 10 euro phone case, then a 9 euro customs fee will annoy me next to the 2 euro VAT payment 😄

@silent flax or when they send a package as 2 units instead of one

twice that 12,50 administration fee

its stupid

but you can't berate the mailguy, he's just doing his job

but they want it, cash, right then and there

they dont even offer bank transfer

anyway, networking fixed... now only if i had use for my old routers LOL

paperweight

Edgerouter X SFP, ASUS RT-N66U, Linksys E2000, in descending order of usability in current internet speeds

I got a pile of 'ol switches

nobody needs a 52 port fast ethernet switch

It has 4x SFP

the saddest part is that the N66U would serve well at mom's place, but the VDSL supplier requires their own modem

but the only reason I haven't thrown these away

you never know when you might have to throw a lan party

or if you ever go mad or insane, and you rig your entire house with IoT stuff

nice to have a swith with lots of ports

100M more than enough for IoT purposes

i don't need that much, i bought this for myself https://www.dlink.com/en/products/dgs-1016s-16-port-gigabit-desktop-switch

What requirements do I need to know before learning socket programming

Anyone running a pi-hole with unbound?

programming and a computer with TCP/IP stack 🤷‍♂️

bruh

Erx is still pretty usable

not for my use case, which is what i talk about. i have these things sitting in box, doing nothing 😄

Sell it

You need more than gigabit?

it is real. what is socket programming ? 1) code a socket server 2) code a socket client 3) connect the client to server and send messages one or other way 😄

Socket.io is pretty damn ez and hides a bit

my ISP (and mom's ISP) demands to use their modem, thus i don't have use for internal routers

Raw websockets are also relatively easy

Ah rip

Those damn all in one routers

Another isp here does the same

Optimum with their fiber

For cable you can use a modem

Mom's Orange VDSL wouldn't run on the ASUS ADSL/VDSL router she have, we had to use the Zyxel modem Orange provided.
My ISP requires their own modem, hands out a /64 IPv6 plus IPv4 via DS-Lite, thus all i could use my routers for is double-NAT with internal DNS at best

But with their new fiber you need to use their ont, where passthrough apparently doesn't work

thus, i have 3 routers sitting in a box, doing nothing. and trying to sell them in covid time, that is another story

usually there is no passthrough because of IPv6 DS-Lite.

Really? Go on r/homelabsales

i live in a small country, shipping fees would kill any interest

Ah rip

Worth a shot tho

If someone local may want it

i can't be bothered to sell much other stuff 😄

i have a 3700X with 32GB RAM, 970 Evo 500GB, R9 380X, EVGA P2 650 in a case sitting in my bedroom as 'HTPC' 😄

Ugh DS-Lite

That's some good stuff

every ISP here does it these days, sadly

What even is ds-lite, never heard of it

IPv6 DS-Lite is IPv4 over IPv6

so you have no public IPv4

Ah

https://en.wikipedia.org/wiki/IPv6_transition_mechanism#Dual-Stack_Lite_(DS-Lite)

Its a V4 in V6 basically

Wasn't there something similar?

Vx something

Someone talked about it before

DS-Lite kinda is like the reverse of having No IPv4

there are many transititioning schemes. DS-Lite is the most common deployment i seen

realistically, for most users the only drawback is 'no public IPv4'

https://en.wikipedia.org/wiki/NAT64
Is one method
464XLAT is another

plus obviously the inability to use own routers, because ISPs are dumb and they restrict IPv6 assignment from their router to /64, so you can't put another IPv6 router behind

4rd/6rd too

That's what I was thinking of

another visualization of DS-Lite

Yeah I prob did at one point

Ah they should at least give a /56

yes, would be nice

Could you request a bigger subnet?

The reccomend spec is /48 actually

DirectAccess VPN (Windows RAS Server with DA), uses NAT64 + DNS64

no. the router gets /56 from IPS, but hands out only /64 and there is no way to request more, the ISP doesn't allow such modifications

That's stupid

Then why give the /56

it's what happens when you order your HW + firmware from china 🙂

for the minimum possible money

AT&T thankfully is now properly supporting IPv6 on all their Fiber and Cable (DOCSIS 3/3.1) Networks

i have given up questioning the ISPs, i have only two bad options really. in IPv4/Ipv6 situation i mean 🙂

And both isps here are still stuck on v4 only

There is actually a reason these transition technologies are being used

So we got 2 "waves" heading over majority of global Retail/Provider infra

First one is: Were out of IPv4, Thanks to shit like Work VPN's only having V6 or new services only having v6, they are finding ways to patch old infra in place with v6 support

option 1 is my current ISP, 1000/50 or 500/30, public IPv6 (but no way to put router behind it because of /64), no public IPv4, cheaper.
option 2 is a FTTH ISP, up to 1000/300, either same situation as above (public IPv6, no public IPv4) or public IPv4, no IPv6 at all, more expensive 🤷‍♂️

This is because its an in place fix while the "second wave" is hitting

Which is going to drop as final very close to the tipping point of "v4 is basically not adequate" timing

• The deadlines that the Number Authorities have assigned

The second wave is a "breather" moment for ISP's to finally go over their entire infra and actually clean it up and sort it out into a central system

Because this is the time they make transition to proper v6 networks

https://opennetworking.org/seba/

https://opennetworking.org/voltha/

This is all cutting very close in terms of time limitations to each other

This is basically the "SDN" or "Software Defined Networking" of the ISP World

can someone help me block ports on a linux firewall?

i have zerotier and i want to block some ports specifically on zerotier

so they remain open to lan

Is anyone here familliar with Pterodactyl linux manager? Ping me...

So what this is coming down to is ISP's waited till last moment

@crisp bay Yes... sadly

Ubuntu?

Its that gameserver panel that uses Docker

mint

Mint is Ubuntu

Right?

tru ig

should be close enough

it was debian iirc tho

"Eggs" are the Server Images IIRC,

So yeah search up ufw

It's ubuntus firewall

can i block ports to like... a specific network?

i dont want them blocked on lan

only on zerotier

https://help.ubuntu.com/community/UFW

Yes

how do i do that the rules section is only asking me ports or the application itself i wanna block

not which ip to block them on

Example sudo ufw allow from 192.168.0.0/24 to any port

Use cli

k

And ufw

yeah so umm I wanna install panel on the VPS and wings (for managing server ig) on my home server..and I have proxying on that server (accessing IP with domain on Cloudflare to my IP at home)...would that work? I have already installed both panel and wings on my home server without luck, starting again, may you please suggest me a tutorial with success or is the official documentation enough?

this will allow all connections from any ip like 192.168.XX.XX to all ports yea?

Allow from 192.168.0.xxx

But yes

how do i define tcp or udp tho?

Read the article

sudo ufw deny 80/tcp

A CF Proxy Will not forward your ports, open wings up to the public Panel on Internet/Cloud, etc

It's all explained in there

So the VPS would need to access Port 8080 (Wings Daemon Port)

So you would have to Port forward 8080 from that server to your Public IP

And the CF Proxy only works if you change wings to 8443 as CF will only proxy that

https://pterodactyl.io/wings/1.0/configuration.html#enabling-cloudflare-proxy

well I'm not expecting CF to forward my ports but it's just for the domain tho

open wings up to the public Panel on Internet/Cloud
wdym?

Port Forward basically

8080 for wings Daemon?

Ideally: In Firewall/Port Forward Config, only allow the VPS IP To Connect

Yes

that on my home server?

ye

Ik iptables can do that

ufw too?

UFW is just an IPTables Interface Basically

With things running docker, I disable or remove UFW

Run IPTables only

Personally

firewalld prem

Your Public IP:8080 <--> Home Game Server:8080

yeah I have some IPTables rules on my VPS so this will work out

but I can just install panel only on VPS and wings on home server, forward 8080 on both, that will work?

You only need to forward 8080 on the wings server IIRC

80/443 On panel for WebUI Access

also, the domain system (for accessing panel), can be configurable with nginx, but then for SSL has to be only the full domain, not the subdomain right?

SSL needs to cover the Subdomain

I just use wildcards

*.domain.tld
domain.tld
Covers everything

definetely easier than let's encrypt?

I don't want to bother you too much tho (I don't know much abt networking that's why I'm a bit confused from here and here...)

Lets Encrypt lets you use Wildcards

hmm okay, I can just start installing panel and wings, then I can start configuring SSL and accessing the panel..?

does linux tend to not mount harddrives unless you tell it to?

or is that a ntfs thing

if on a GUI, It'll automatically mount them

i have to click it to mount it

its not there in file exploer till i do so myself

yeah you have to do it yourself then

im hosting like a file server of a drive that it isnt liking rn

wont mount drive

on boot that is

yeah you need to set the rule to automount it

in /etc/fstab

You have to edit your fstab to auto mount

how?

opened the file

but like....

what is the rule supposed to look like?

https://www.redhat.com/sysadmin/etc-fstab

<device> <dir> <type> <options> <dump> <fsck>

UUID=0a3407de-014b-458b-b5c1-848e92a327a3 / ext4 noatime 0 1
Would mount partition with UUID (That UUID) @ / (Root) and were saying its EXT4 Formatted

how check uuid?

also my system drive has umask=0077 instead of noatime what is that?

sudo blkid

That sets the perms of the mounted file system

do i need to restart for that btw?

yes

k ty

to make it work and apply it

Looking on buying a new router for my tmobile trashcan

Right now eyeing the archer ax50

Decent price for wut u get

Autho Broadcom chip = prob no openwrt ever

Any recommendations on other routers or is the ax 50 good enough

asus? no

@hot hawk depends on your skill level on what you really want to get, those home wifi routers are generally trash

I mean I prefer having a custom firmware, autho ax support seems to be non existent

Pretty sure I can live with home routers or 30 day return

that's not the issue

they die after 3-4 years

That's a berh

U got any recommendations

Again, depends on what level of skill you have, and how much you want to spend

Prob 150 is as high as I'll go

I use all mikrotik here

O

https://mikrotik.com/product/hap_ac2

Learning curve is steep

but they sell wide range of products, all running same OS, so once you are familair its lot easier

more user friendly solution would be unifi

Can u flash openwrt on it

No

berh

@hot hawk OpenWRT is crap compared to RouterOS

Router os is what it comes with?

Yeah its Mikrotik's propietary operating system

has webgui, ssh cli and their special management tool winbox, which doesn't even need an IP to connect, just a MAC

very useful when setting up devices

No ax support it seems

Yeah that's the only issue

They are Wifi 5 only

but idk, never had the need for 6

I get ~390mbit/s download on my wifi

perfectly fine

that hAP ac2

has dual band, and 5x gigabit

for like 60 bucks

How is the range on the router

Live in a fairly sized house

depends on the material and walls

obstructions

but the way I did that here, because we have brick here

Prob wood and wood

is I bought a 2nd one, and used RouterOS's AP manager

you can set up multiple radios on the same network, and it handle it for you

Hmm

similair to what unifi would do

but they are more expensive, but do support wifi 6

idk, once you have their controller, their APs and such, you're already 500, 700 bucks

with mikrotik, you can just buy 2-3 hAP ac2's

and use one of them as controller

:P

the only major downside is

this is not plug and play

you have to manually dial in the configs, which if you haven't done this before, is hard

mikrotik shill.

@low pond what

if I go to the computer store

and want to buy a router with wifi

all I can buy is gamer crap

for insane markups and terrible build quality and software/support

Asus spider things

more better

I didn't mean it as a insult :P I see you shilling and fanboying Mikrotik a lot

no, the solution is more APs

spread out

Idk if I'm buying a ac router, might as well find one that supports openwrt

wired with ethernet

Don't see much of a point for a mesh system

Most decent devices have good wifi antennas anyways

@hot hawk https://i.imgur.com/YxubVRq.png

This isn't a mesh system

its just multiple wireless APs handing off clients between one another

Yea ik

and you have 1 controller who does the authentication

quadcore arm processor

does ~2gbit/s routing

not bad for $60

and it has ipsec acceleration for vpn stuff, up to 400mbit/s

Can u host a vpn server on it r no

Yeah

sadly no wireguard on the stable version yet

beta has it

https://i.imgur.com/Fcr0LAM.png

Rn worried about range

dude the amount of stuff it has

range isnt really a big factor

Wdym

:/

@low pond lol this router in my attic

bunch of fancy routing protocols

https://i.imgur.com/7XuMQ3Q.png

Wait

everything static

Have u tried a nas

OMG w o a h

With it

@hot hawk I have an RB4011 as router

has 10gbit port

the NAS at home here, is connected to a switch, which goes to that 10G port on the router

There's a wireless variant of this one as well

That one is pretty nice

ah yes the picture which you shared like for the 350th time here :P

YeEeep

its just best entry level 10G router lol

for like 160 quid

https://media.discordapp.net/attachments/776722183119699988/777646103775674368/IMG-20200922-WA0001.jpg?width=1129&height=635

Thanks

:P

@low pond I am just here to promote fiber optic use lol

O

and cheap 10G equipment exists

are you not sure makret a few mikrotik products also :P

get a affilate link from them you'd earn a lot 🤣

@low pond I dont' get paid lol

Yea that's the thing

Got no fiber here

xD

and mikrotik doesn't do advertising

I got a tmobile home internet trashcan

I didnt know about them, until someone showed it

y'know i'll get a mtik also

Fiber like speeds, crappy firmware

Can even change dhcp server settings

Cant

@hot hawk meh, that is crap. I always try to get around that, and have an IP on my own router, not something inbetween

in that image up there, you can see a fiber on the left, going into a 1G SFP converter

Rn I prob will need to double nat

ew

Can't even have bridge mode

"cgnat" :P

oh

:p

gaaaarbage

Cheaper than spectrum tho

And much better speeds

No

I can get gaigbit

But 300 a mo

Vs tmobile 60 a mo for speeds 160-600/70

Might just pick up the archer ax50 and hope it doesn't die

Already have a openwrt router

Just it doesn't have 5ghz

Only 802.11 n

:/

Autho got it for free

So can't say much lol

Heheh

@plain siren it's 5g tho

Speeds are super good

I have network

great, we all do

What are good specs for a cache server?

This is prob something real dumb, but for some reason I can't find my answer online. How do I get my ssh signature where it looks like this:

signature ...
-----END SSH SIGNATURE-----

I need it for verifying my git commit

ah nevermind

@clear igloo Making my main SSID 5GHz only 👀

do it!

All devices are 5GHz already

@clear igloo https://i.ryois.me/Pyea31WvYW.png

wow, I've got like 70% of devices on 2.4Ghz still 😛

Should I make my guest 5GHz only 😛 @clear igloo

lol, yes

Just leave 2.4GHz for IoT

heh.

my 2.4 is just for legacy devices and stuff that doesn't support 5ghz

like my laptop

i'm still in awe at the sheer speed of gigabit

never did i ever think i'd be in a position where I could actually download gta 5 in under 15 minutes (gigabit to nvme ssd, of course, as gigabit to a 2.5 inch hard drive caps at just under 50 MB/s)

We have zero personal devices that don't support 5GHz

I would also move to WPA3 only on main SSID @clear igloo but not every device supports that

center of the house lol

yah, still a lot that don't 😦

I'm looking to upgrade my home network, and I'm set on the Ubiquiti line of products. I'm trying to choose between the security gateway, and the Dream Machine.

The Dream Machine has a built in AP.

I'm going to be getting one or two of their WiFi 6 AP's, but the AP built into the DM is only WiFi 5.

Will that cause issues related to jumping between them, or cause instabilities?

Posted network issue in #tech-support . It's related so download speeds. Pls help

@thorn osprey the guys on there didn't advise you very well.. I can guarantee that your slow downloads are not limited by the hard drive

even slow hard drives will write data much much faster than you can download at that speed

so then the network is also showing at atleast 11 mbps. it should go till there. could it be a problem from there side> if it was it should have been resolved by now

i have no clue what it could be

all games have been running fine

no drops in frames or ping

i havetn started any during the download but before they were running fine

i painstakingly restarted the download and its still only at 18 percent

this time iexcluded the hd graphics optional download tho

it could be that someone is limiting the download rate per user

Any way to fix double nat without turning on bridge mode

Because I physically can't do that

whats your set up? how are you getting double nat?

Tmobile trashcan can has trash qos and can't disable dhcp server

To fix trash qos, got my owner router, and connected via wan

Which leads to double nat

@primal ice ^

You could setup a tunnel to a vps you buy

Berh not buying a vps :/

You won't get rid of double nat tho

okay what router did you buy?

You need to get rid of the first router doing nat

Netgear ax1800 rax10-100nas

Well I cant

Or disable nat on yours

Does dhcp also do qos

No

he can yeah if it will let him

Or can I have one device do qos and another do dhcp

Qos in a home env does little to nothing

?

Unless you reallly need to stretch that bandwidth to lots of devices

The bandwidth the trash can gets is good

More likely than not, you don't need qos

Just qos is trash

If anything

Qos slows down things

Use the trash can and you'll find out

Why do you need qos?

Cant even load two pages at the same time

Doubt that's qos

https://www.youtube.com/watch?v=qcgeM6rru6E

guy goes into detail on why u may want second router with double nat

Not watching a vid rn

Well then take my word

nope that isnt happening can confirm

looks like with the standard interface you can not control the port settings so the only thing I can suggest is to not use the WAN port and plug it into one of the lan ports. let the trash can assign all the IP's. that will remove the NAT and Firewall from being used. then you should be able to control the QOS on each of the remaining ports and wireless.

What if the trash can has qos

That means two devices are doing qos?

yeah, you could just disable (turn off) the qos on the trash can.

Cant

set it to some absurd number so it never triggers.

Your funny cuz u think I have settings

Because I dont

All I can touch are change ssid

And turn them off or on

That's ir

It

Literally dog shit with metal poles will have more settings than trash can

https://www.t-mobile.com/support/public-files/attachments/T-Mobile High-Speed Internet Gateway End User Guide.pdf

https://www.t-mobile.com/support/devices/web-gateway-user-interface-gui-high-speed-internet-gateway

?

Does anyone know what brands I should go with starting off. Since I don't have much money atm

tplink, netgear, linksys

those are all inexpensive consumer vendors - I wouldn't say any of those are anything special though

there is D-Link too

They are in the US.

that was for the guy using t-mobile wireless gateway. I personally have 1g fiber FTTH

Can anyone recomend a router under 150 euros right now i looking at tp-link archer ax73

So bois i got a question.
Somehow i got 2 networks in my house.
1 is from GPON terminal which my desktops are wired to.
2nd is from router (wired to gpon)

Is there a way to connect these to together. Right now i can't connect locally to PCs from wifi because all wireless devices connected to router and PCs are to the terminal.

Double nat

Turn off nat on your router

@errant bronze You'll want to make sure you only have one gateway locally

Thanks guys, i will check it now

Yo guys, I have a weird problem... My internet works normally (I can connect to all sites that I have randomly tested) but can't ping 8.8.8.8 in a terminal... If I type 8.8.8.8 in a browser though, it does forward me to dns.google. What could be the reason?

Can you ping any server outside your private network?

Yes.

8.8.4.4 works too.

1.1.1.1 also.

google.com too

You can ping both of those in a terminal?

All of those, yes.

Well then I have no idea

Yeah, that's why I was asking.

It's really strange.

Maybe something is blocking that ip, but seems odd to me if that were the case

*blocking ping

Yes, it is weird, because the website under that IP works fine.

8.8.8.8 is my standard DNS, maybe that's the reason why it's the only one (I've found so far) that doesn't work?

Those two things (http and ping) use different transports, so that isn’t that weird. What is weird is it seems to be that particular ip