#networking

set up a tor relay

I'm attempting to open up some ports in windows Firewall, 80 and 8080 to run a simple http server on my PC. Which protocol should I select, TCP or UDP?
I may also later open 27 for FTP...same question

TCP. Also 21 for ftp unless you're running on a nonstandard port on purpose

nonstandard on purpose. And thank you

No problem

TCP

Hey, I recently setup a web server on my UNRaid box. I also setup swag (eg letsencrypt) to handle encryption. This server is accessible from a public domain name.

When I am browsing the site from off my local network everything is fine, but when I attempt to brows the site from my local network I get redirected to my routers setup page.

What routing settings do I need to change so that when I go to the public domain address, and than am redirected back to my own IP I am sent to the web server instead of the router setup page?

I am running a microtik router

Ah yes

Common problem, Nat loopback

Interesting. Now I am getting a "host.tld refused to connect" error.

Im guessing that has more to do with the site config than anything though.

I made a masquerade rule with the source 192.168.1.0/24 and destination 192.168.1.0/24 and it is the first rule

@toxic chasm also, more specifically there are 2 solutions to the problem, either NAT loopback or split DNS

Oh, actually I think there may be more steps

I (apperently) need to setup the mikrotik branded dyndns stuff so that I can change the port forworders from relying on port number to relying on inbound IP address.

?

https://help.mikrotik.com/docs/display/ROS/NAT
go down to hairpin NAT

https://www.youtube.com/watch?v=_kw_bQyX-3U

ill try that first

Yeah, I end up with the same error

hmm

Ok, so using the DDNS address I was able to make an address list that contains my WAN address. I was then able to remove the "IN INTERFACE" field on the port forward and replace it with the "DST ADDRESS LIST" feild.

Basically, instead of looking at any requests that come over the physical WAN interface it is looking at any packets that are coming from the WAN IP.

Now I am getting "ERR_CONNECTION_TIMED_OUT"

Still works from the WAN

Ah, got it. Somehow the hairpin got an out interface assigned to it and that broke it. Just killed that and it was fine

So yeah, this guide is great! Had to setup DDNS and DST Address List, then use that instead of in interface as I have a dynamic IP.

All done now. Have my own cloud server up and running

nice

Hello people. Recently I setup port forwarding in my router's gateway so I could connect to my Raspberry Pi remotely when I'm not home. This is cool and all but now when I try to change my DNS settings to access censored websites it just doesn't work...

Normally it shows a page saying "This site is blocked because of <this> law." but now it just says "Secure Connection Failed" and won't let me in the site. How can I fix this?

When I connect to a VPN everything works fine btw.

I use https://censurfridns.dk as my DNS, I tried using 8.8.8.8 and 1.1.1.1 but it didn't change anything.

okay, i use powerline that rated for 400mbs cable is ethernet cat6 1gbs, and modem is decent month old, not the best package is 300-30 but yet my speeds on pc are 50 there is no way i could run cable to my pc but i have a coax outlet what should i do?

Moca

whats moca

Ethernet over coax

its no way for me to do it... without powerline

?

i cant have 30m long ethernet cable

to my room

You said you have coax

Therefore you can use moca, which Is ethernet over coax.

holdon

Just like power line is ethernet over power circuits

im pretty sure i cant plug it into my modem

what?

it would go
Ethernet out of router -> MOCA Adapter -> COAX -> MOCA ADAPTER -> Ethernet -> PC

can you send me a good moca adapter

I have never used moca so idk

i have this, pretty sure it can be used for it?

used to be tv connected on it

uhh

depends where it goes

needs to be going to the same splitter I think, not too sure

it is in the same splitter

and lets say it is in the same splitter what do i need what cable for that now

coax?

and can coax go to pc?

well no

you need 2 moca adapters

one on each end, just like powerline...

.

nono, modem connects to the outlet i sent above i just need to connect it to pc

that's your internet connection, which is over dociss

you still need 2 moca adapters

ah

internet connection needs to still go through modem and router first

tell me please this modem has intregrated router, but i have another router connected to it by ethernet now would it be fastet if i used the router for powerline or modem

what?

I don't get you

just connect it to main router

look the thing on photo is modem which has onboard router, but i have another router connected to it, now would it be faster to have my powerline on the modem or the router thats connected to modem

no significant difference

unless the second router is old

its not but its only router the thing my powerline is on is a modem withonboard router

forget it my neighbour works at telemach which is main serviser for internet and all goes trough there in my country and hell help me fish ethernet cable trought wall if ill help him make some wooden sleeperchairs for hia balcony

@stray knoll There are some Coax to Network adapters around

😬 Dude, this NTFS file permissions shit is driving me nuts. Here is the problem. I have my dads user account set to "read only" for one file on my mapped network drive. It works on my own computer when signing in with his credentials. He can only read it, but can't change it in anyway. But I can't get it to register on his own laptop. It seems like this is impossible unless I have Windows 10 pro with Active Directory or something. 😕

he would connect to your computer with his account from his computer, should ask for a user name and password once a power cycle of your computer. then what ever is shared on your computer with his account is how it will access the stuff on your computer. basically how ever you set up his account to see or do is how he would interact with your system.

🤨 So he has to remote into my computer with his credentials? I don't get it. 😕

yes basically

what?

how would that work

it's not in AD or anything

it does not have to be an AD. An AD is a server that everyone on the network remotes into.

no?

No, AD is active directory

🤔 So what do I use to remotely access my computer?

RDP

😕 shit

All this just to change a file permission. 😩

AD is just user/computer management, it's not file permissions anyways

Should just be as simple as using your own account with admin rights on his computer, but that didn't work. 🙃

I mean, my user account has full control over the drive. You'd think it'd work by simply making it the owner.

it would be easier to set up NAS on raspi :p then set up access control through that, but to do it correctly you want to setup account access on it. (which you would have to do with an AD, or any solution really)

Or you just do NFS or SMB and strip the permissions to allow 0777 and guest access with no account

he's trying to lock the file though

I thought he said his dad couldn't access the file? or did I read that wrong?

yeah I think what he wants is for PC to be able to share files

share and modify most importantly

his dad's computer could not access the drive. though he set up an account for his dad on his computer.

I still agree that the easiest would be a NAS/RPi/etc to host all the files instead of doing it with multiple computers and accounts between them all

RIP uptime

time for memory upgrade

nice

@clear igloo slowly migrating to M365 😩

Do it faster! Migrate now!

Moved email to M365 yesterday

You add on the security stuff too?

It’s so much better than Google

365 defender I think it is

I have Business Basic rn

Yeah I have M365 Defender shit iirc

yah, it's nice

Not the full version but some

I still have Google Workspace but I’m slowly moving off of that lol

Yah, the top tier doesn't add much compared to the $2/month tier

https://i.ryois.me/VrnkE2No4v.png https://i.ryois.me/3jMU6QAiTy.png

That's a lotta $$$$

Nah

$5/mo

Oh, that's not bad then

https://i.ryois.me/S3js4bwAar.png

Ah, ok, I was thinking each one was its own add-on and extra charge

1TB OneDrive, 50GB inbox, Office web apps

I currently get Office desktop apps from like 3 other accounts that I don't directly pay for

Do you just get an error that the share can't be accessed? What path are you typing on his laptop to access it?

🤔 Well, I removed the "everyone" and "authenticated users" groups at least.

ahh that could be your problem you would want authenticated users.

@clear igloo @waxen scroll IGMP-snooping enabled by default drives me nuts.
Almost every time and incident is escalated from HPBX team, its always deployments where low and behold, no L3 querier was configured. Incident just came in of a school that had a false report where they went in lockdown and attempted to page and most phones never received the broadcast.

I understand why its enabled and should be, but most admins do not understand multicast, let alone IGMP-snooping and its quirks

With most enterprises being SIP now and paging/intercom being used more, this is just a problem creeping up more and more

Can confirm. Nobody knows multicast

Multicast isn't real. it can't hurt you.

🤔 But, the problem is I can't tell exactly WHO has been "authenticated" unless I have Win 10 Pro. Its the same problem with that "everyone" group.

Seems like the pro version would make this a lot easier. But it cost 100 bucks to upgrade though. 😬

do you have his user on the folder/file permissions and share permissions?

🤔 By share permissions, you mean under the "advanced sharing" tab? I just added his user account there.

As "read" only

yea that would be share permissions. then if you right click the file/folder-properties-security tab, does he have access there?

🤔 Yeah. It says "read and write" on all the folders and files. It seems to only want to change on his laptop if I change the permissions for the volume drive itself and have the files and folders inherit that change.

But with inheritance disabled on individual files, doesn't register.

Are you sharing the folder the file is in? or a folder a few levels up?

Well, I just made a passwords folder and moved our password files into it. I added his user account to it as "read" only, in the advanced sharing tab. Maybe that'll work? 🤞

that should. sharing a folder should be super easy, i used to share one so i could access media from my iPad

could also go back to basics, can you ping your machine from his? are you using computer name or IP?

🤔 Well, it did ping. My network drive is using my computers ip address.

When you connect from his laptop are you doing \\ipaddress\folder or \\pcname\folder

\ipaddress\folder name*

Supposed to be\ there

shit

that's on my todo list to learn

Ok. Just wanted to make sure you weren't relying on DNS to resolve the PC name

I can't get my head around it easily

@clear igloo Thinking about upgrading to VOIP for parents

https://i.ryois.me/ZjJSDQRoSg.png

$14.88/mo

I can add hard phones but soft phones should be fine imo

thinking of voip too

if not I can just get an ATA

rn we have like no home phone

was thinking about https://voip.ms/

https://i.ryois.me/U2G19CZvJ6.png

Hey folks i've been having an issue with an IoT device connecting properly. I posted on r/techsupport but haven't gotten much. Any ideas? https://www.reddit.com/r/techsupport/comments/rdl0ht/iot_device_cant_connect/

is the router for the subnet also the dns server? i had something weird with a couple wifi light bulbs that just wouldn't work if I tried to specify a different dns server.

Yep it is.. if i use dig: ;; SERVER: 192.168.0.1#53(192.168.0.1)

alright, I kinda figured it was since you said you tried turning off DoT, but it was my only idea.

without having tcpdump or a way to portmirror, not sure how you'll see what its doing

i mean i can run iptables on the router but even then not sure what i could do at that point

try changing your dhcp pool to like 192.168.0.40-254 then assign Emporia Vue Gen 2 like 192.168.0.38 and see if that changes anything.

I have an HP printer that if its in the dhcp pool IP's refuses to work properly - assign it an IP out the pool range and it works perfectly.

weird.. i'll try making the pool 192.168.0.1...253 ... then give it 254

didn't help. Thanks for the idea though

put IP: 192.168.0.152 in DMZ (or IP Emporia is using right now)
and use Full Cone NAT in WAN settings (for testing)

than check?

i hadn't tried DMZ though by-golly something just worked. I set the DNS Server to 8.8.8.8 in the DHCP section... after i did that it could connect

i can't imagine why that's the case. I sent an email back to them asking if their dev team can comment on if it means something to them

firewall was blocking something then, DMZ is outside the firewall.

Anyone with Unifi Controller and AP adoption experience?

It wasn't DMZ or firewall. It was DNS

yeah I guess I misread some of that. well if their server what ever is looking for a name - www.lookitsmeservice.net and it can not translate that to 123.234.222.111 (what dns does) then that is understandable.

new server rack for $1.2k ftwwwwww

yoooo lets go

i need a server rack for sysadmin roleplaying

thats very bad aint it?

using power line, will fish the ethernet cable trougth wall in a bit hopefully improve it

Ways to fix double nat issue?

One is ont gpon router and other is tplink

Ont device is also a router + modem

either make combo unit just a modem or make the tplink router just an Access Point, no routing

Can confirm, multicast is fake

Just a bit of Cat6 eh?

Yeah gona run it thrgouh the attic in 100 degrees ferenhight Florida weather

Yuck!

Yeah not fun but works out in the end

Yah, I agree, I did some fiber and other attic work a couple years ago, NC summers aren't much better 🙂

Yeah had to do some there for my cousin too and it is not fun

When I got out of the attic, it took me so long and I almost passed out

Yah, I can imagine it now

and of course no breeze or anything to "help" either in that space

Yeah it was not good, what made it worse was that the house was made in the late 60s -early 70s and it is not a great smell either

Even more fun! 😄

Yeah, never doing that agian.

Yup

Do it once and it's done

Also what’s bad about living on the east coast is the moisture

Very true

Exactly, "oh it's only 80 degrees" they said
"oh, humidity is only 90%" I said

Yeah that 80 starts to feel a lot more like 90 then 95 then at it’s peak it feels almost 100

Yah, when I first moved into my current place they didn't even have an attic fan installed!

Oooh that sucks

Yup, I got that fixed very quick

I definitely would too

Another bad part about the house is that the people that lived there where hoarders and also air B and B people so they would let people who stay long use their attic for storage. So there was a bunch of old stuff in there that was difficult to avoid

And one of the things I think was a sowing kit and had a bunch of needles

Haha, that sounds like a movie scene almost

just missing the creep dolls or something

Yeah it was bad

So the owner was a littile creepy and put baby dolls in his back yard to ward off spirits

And we found a bunch of them with their heads cut off cuz the kid hit them when he was bored

can someone help me or reffer me to how to set an interface to only use ethernet?

wtf!!!

Yeah it was crazy

I don’t think I know much people, try the tech help chat I think there are more people there that could help

what hep chat?

#tech-support

The kid was not ok, he had some crazy graffiti on his walls with pictures of guns and people getting shot

Yah, that's just messed up, yikes!

He goes to my school and they are getting him help.

That's good

However one good thing about renovating a new house is that we got our old contractor. He is from Bosnia and moved here because he was in a labor camp for most of his life and finally escaped. And well when he moved here he learned English fast and we hired him, but he is really funny because this man has no filter. He will say the craziest stuff. But he is awesome to hang around still.

He is also huge and drives this littile car and his really crazy and beat up white van that looks like a van someone who kidnappes Childern would use

Haha, sounds somewhat like an old coworker of mine. Crazy guy from Poland, old as heck, always trying to fix things up. His wife is a doctor and he's got like 10 rental properties too, does all the work himself

But inside is just your friend addem

I kid you not, in the middle of a hurricane on the coast he was out there fixing up his place with parts of the roof that blew off his neighbors house!

That’s cool

Sounds like addem, that man can work in the roughest conditions and still put out a good job

Yup

Well I’m going to go now, I have to switch classes and go to ELA

So cya

anyone?

I don't get it?

ethernet is an interface

wireless is a seperate interface

Turn off the wifi?

oh

the button doesnt work

i enabled ens5

but it still doesnt show in router

Ok so I have a bit of a routing question, I have a vps setup and a tunnel between it and my router. I have some PBR setup so all traffic on a specific vlan uses the "VPS WAN" and is on it's own routing table. Everything works just fine, but there is a small issue. When I try to connect to it, it doesn't work as the traffic doesn't reach the server. It reaches the main home router, with the source IP of the router's WAN IP, which I think is causing issues. It never goes out the vlan interface. In what ways can I try to fix this? Some more PBR rules?

does PBR mean what you think it means?

PBR is when you have a routing table say one thing and you override what it wants to do with another policy (not a route) all together

i cant answer cause I think our definitions of PBR are different

i cant connect to internet from my mechine.

I followed this somewhat

https://help.ui.com/hc/en-us/articles/204952274-EdgeRouter-Policy-Based-Routing

but just created another routing table

default via 10.1.1.2 dev wg0 ```

 modify PBR {
     rule 10 {
         description inter-vlan
         destination {
             group {
                 network-group vlans
             }
         }
         modify {
             table main
         }
     }
     rule 20 {
         description "VLAN 200, VPS WAN"
         modify {
             table 2
         }
         source {
             address 10.200.1.0/24
         }
     }
 }

it's really not a big deal as I can just have split DNS

oh, so you need PBRs on ubnt to link to a routing table?

i never tried multi-table on ubnt

whats 10.1.1.2 ?

VPS IP, but on the wg link

do you have a route for it on table 2? other than that default

just ```admin@ubnt# show protocols static table 2
route 0.0.0.0/0 {
next-hop 10.1.1.2 {
}
}

...you said traffic goes into the tunnel fine but not back from the vps?

no traffic works just fine both ways, just not when connecting from my internal network

so when the source IP is my router's WAN IP

that would be table 1?

yeah

so by doing this the internet for table 1 dies?

no

actually in the main table I don't have a 0.0.0.0/0 route configured

but

IP Route Table for VRF "default"
S    *> 0.0.0.0/0 [210/0] via 173.63.205.1, eth1
S    *> 172.16.0.0/12 [1/0] via 10.10.20.42, eth4.1020```

it's just automatic

I don't know if I'm explaining well, let me make a diagram

so you're talking about internal vlan to VPS vlan traffic, nothing on the internet?

no?

@waxen scroll

X is where I stop seeing traffic

it comes in wg0, but not out eth4.200

when you're going into the VPS from the internet, whats the purpose of the system that hosts the public IP. Is that a router or something?

A regular server?

seems like a default route is messed up somewhere

what OS the vps is running? VYOS

no, from anywhere else it works

just not from internal

the fact that you see the routers public IP in the return traffic inside the tunnel means either your public IP is in the route table for the tunnel or you have a bad default route. whats the routing look like for VYOS?

I could easily fix this using NAT as I was doing before but I want to see the IPs of people connecting

that's expected behavior to see my public IP

lol a route table got censored

Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I -, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued route, r - rejected route

S>* 0.0.0.0/0 [210/0] via 159.203.80.1, eth0, 13w3d00h
S>* 10.0.20.0/24 [1/0] is directly connected, wg0, 02:11:33
S>* 10.0.30.0/24 [1/0] is directly connected, wg0, 02:11:33
S   10.1.1.0/30 [1/0] is directly connected, wg0, 02:11:33
C>* 10.1.1.0/30 is directly connected, wg0, 13w3d00h
S>* 10.10.30.0/24 [1/0] is directly connected, wg0, 02:11:33
S>* 10.200.1.0/24 [1/0] via 10.1.1.1, wg0, 03:01:16
C>* 159.0.0.0/20 is directly connected, eth0, 13w3d00h

cuz it had "is is"

dumb

so I'm thinking it's just something to do with my router seeing it's own IP as source and therefore somehow dropping it?

thats possible

seems like nat is the only way

eh, I'll just use split dns

what exactly is the reason for this traffic flow anyway? What are you trying to do i.e. Access minecraft from the WAN

just have traffic go through VPS in case of ddos so my whole network doesn't go down

if I had another public IP, meh

wouldnt ddos be hitting your public IP and thus your tunnel is screwed anyway?

well they don't know my public IP

that's the point

oh you're masking that way hah

ok, makes sense

ive not seen it done exactly this way but I can see why you would in this scenario

generally what you do is accept incoming traffic through the tunnel, thus masking your IP, then you send it out without the tunnel to your provider

im not sure if you can make that work with residential providers or not

how would that work for return traffic then, without NAT?

or do you forge/spoof source IP

Because of BGP.... so I send my tunnel provider a route to my public IP through the tunnel, next incoming traffic gets attracted to the provider, next outgoing takes the default route to my local WAN circuit and travels back to the requestor

no NAT needed for that

your situation is a bit harder

just cause how its designed

I should also tell you I have multiple public subnets

I have the pub to my WAN provider and then the pub I want to protect with the tunnel

ah so you just change the route for your IP basically, so when you send traffic out with your IP it goes back to provider?

yeah

a-symmetric

yeah can't really do that in a residential enviroment

😦

i'm impressed you thought about this though. good job. not many people here can pull that off

@clear igloo @hollow marlin someone in LTT trying to do ddos protection 😄

well I mean the attacker will successfuly take down the server connection

just don't want home internet to be unusable

yeah

Fixed double nat issue by setting other router as access point but games like valo still having frequently package loss and high constant ping

Hello! New here, looking forward to nerd on networking topics

Is there any reason why you would double NAT btw? Just curious

prob cuz they just connected it, router -> router

That would work fine with NAT disabled on the internal router though.

that's what they did

Ah my bad, brain couldnt register the first line well for some reason

I wish I knew this was the career I was eventually going down at that age

From HF to UHF probs. Cool picture

Errm question ? I have a WiFi router used as a hotspot for my whole house ? And currently working like a switch and a phone hotapot link to the Internet? Now I can't seem to get to my nas or 192.168.1.100 router address?

Have I bricked myself here ? I get a ping?

Did you turn of DHCP on your old router that you use as access point?

Listening and measuring station from the telecom agency used to track devices that are interfering on the radio band

@tall pagoda yeah that was the only the phone dhcp would allocate ip addresses

I have a weird setup

So router, phone comes in on hotspot as Internet

A d I'm trying to set a lan lol

ms-dos

Does anyone have any experience using the new Unifi U6 access points?

Not much to say. They work the same as all the other products with the ubnt controller

@clear igloo @waxen scroll 😩 they put an AP up in the catwalk

No wonder why the school WiFi is shit in there

And kept the status lights on

Black electrical tape would have fixed that.

Ether way, not the correct model for a theater

Need the external antenna ones

@rocky badge open a ticket

Depends how the internal antenna array is designed. IT could be a patch antenna in which all is kinda fine. You just have to angel it in a way that allows for good signal distribution.

lol

Did they put sand in the walls of the theater? If that happens you need to have more access points and when you have practice rooms that makes a lot of access points for what could have ordinarily used less access points.

Idk if they did lol

We barely use wireless anyways so idgaf

We try to wire everything where possible

We also try to barely use IT infra too lol

We like to be able to control our own broadcast/multicast/network since we have devices that rely on low latency and such

The status lights don’t annoy me as much as the fact they put intercoms in the theatre

Or at least configured the intercoms to receive bells

Hooked up an old UniFi AP LR to my OPNsense box, I'm not seeing my Emby server or other devices, the IP address on it is 192.168.1.120, grabbed from DHCP 192.168.1.10 - 192.168.1.150. I thought dd see a setting to change the IP from the app, do I set a static map to its MAC address as 192.168.1.2-9?

Hey guys, i got a question about VPNs.
I get the general idea, people want to stay anonymous by using the VPN server as proxy to hide their identity. What I do not understand is why people keep on talking about the idea security. It's said that if you do not use a VPN, many people online may use that to their advantage to snoop and exploit your data traffic. Well, are we just going to pretend that HTTPS does not exist?

But that is clearly not the case, since if that were to be true, there could never be any sort of online backing and document management services. So can someone please give me an example of why VPNs are useful (besides staying anonymous)

It depends on the type of VPN.
The typical NordVPN etc are for staying anonymous, or making it seem like you are in another location (so you can access geo-restricted services).
On the other hand, OpenVPN etc can be used for connecting to private networks securely. Imagine you have a PC at home you need to access while you are away. You can use OpenVPN to access your network (and PC) from anywhere, securely.

There will be more, but those are the ones on the top of my head

I do not understand still

On the other hand, OpenVPN etc can be used for connecting to private networks securely. Imagine you have a PC at home you need to access while you are away. You can use OpenVPN to access your network (and PC) from anywhere, securely.

Why not use SSH?

OpenVPN has more flexibility. If you need to use Remote Desktop? Connect to a database? Even web servers you host yourself, you cannot access that over SSH easily

I'm sure there are specialised protocols for all of this, secure ones too.
To me, a VPN seems only useful for changing your geo location and bridging into a foreign local network

Given the hype for VPN services nowadays, I'm sure i'm missing some key feature

There probably is, but why manage many different services rather than a single OpenVPN service?

Error prone?

Isn't that the general idea for everything

Split it up and have each thing manage it's own task

Making it so there is no a single point of failure.

You can have highly available OpenVPN

If one OpenVPN server goes down, you can use others. It's better than managing highly available remote desktop gateways, SSH bastions, web proxies etc

I suppose that is true to some extent.

Lastly, i want to ask about tunnelling. Why do they call it that specifically, and how are the two networks bridged together?
Sidenote : i'm pretty sure you can SSH tunnel as well (did it once on a linode instance, but i still to this day do not understand how it works)

I'll leave this to someone else... I don't know how SSH tunneling works

I was asking about VPN tunneling

But i suppose i can look that up myself. Thank you.

ssh isn't the best

there is a reason wireguard, openvpn, etc. are used

for example i use wireguard to connect back home

or in the DN42 network to connect other peers

or actually to connect my router to a VPS I have

like I was troubleshooting yesterday https://cdn.discordapp.com/attachments/387022787480387605/920346100693606440/unknown.png

wg0 is a wireguard tunnel interface

And the vps is outside your network?

yes

Then how come communication doesn't pass through your ISP's servers?

but becuase of the tunnel it's on my network

makes no sense

it does, via the tunnel, that diagram is just a representation

the wire is literally going to your isp, how can any network activity not be detected if it's going outside\ your network

So it does pass through the ISP?

It's so hard to picture it in my head from what I've been told so far.
If we were to go by your made image, the initial connection is from your PC to your Router, to your ISP, to your VPS, to any form of service you may want to use or visit (such as a website or some form of filesystem on the VPS) then back to the ISP, to your router, and then back to your PC

Then again comes the question of why use VPN unless you absolutely want to stay anonymous. Https should be perfectly safe and sound for such an operation.
What am i missing?

yes ofc, but in an encrypted tunnel

Well, how is that tunnel any different than https

this isn't to stay anoynmous, just showing what a vpn can be used for

it's just public private key encryption

No, i get it, i'm simply trying to justify using this

since when can https tunnel any type of IP traffic

It cannot

my setup is just so I have a second pubic IP

That I can understand

From everything that I've researched today, I've come to the concussion that a VPN simply offers safer browsing on public or unprotected networks (encrypting traffic since it's just http, and not https (however though, any senstive information is still able to be seen from the VPS to the website)), circumventing geo-blocking measures (in order to use netflix or any piece of information that is blocked in a country), putting an extra curtain between your ISP and your internet activity (the isp can still see the encrypted data, but the destination is only ever going to be that VPS and not many different websites and services)

Does this sound about right?

anything via a vpn can't be seen by isp or other devices in the middle

Why can it not be seen?

The data is moving through the cable, how can it magically disappear?

because it's encrypted

But that is what i said, it's still there but encrypted.

ok the packets can seen, but not the content inside

Yes

so source IP, destination IP, type of protocol can be seen, but not the contents inside

well actually

Like you said and I have confirmed, the destination and the origin of the packets are the same, since it's the VPS server is the endpoint

well no, each packets needs a source and destination. So if there a packet going vps -> router, it would have source IP of vps, destination IP of my router

(my god can't make a proper sentence for the life of me)

How is that any different than what i was trying to say

wdym?

different from non wireguard?

What i'm trying to make clear is that before the VPN, the isp can see which websites (IP address) you are transferring data to and from

yes

Meaning the isp can tell if my IP has knowledge of when i last visited phub

yes

but if we put the VPS in the destination (we are using VPN now), then the ISP is only going to see the IP adress of the VPS

do they actually log that info, idk

yes

Yes, thank you for confirming

All of this misunderstand for me is the cause of the term "tunneling" and the context of many articles saying that no can see your data.

So first of all, anyone can see the data, it's just encrypted by public private key, and it's tunnelling because you are bridging the networks (meaning that foreign ports on the foreign LAN can be accessed on localhost if a tunnel is established)
Please correct me if i'm understanding this wrong

Another day another AWS outage

Help, thought setting a static arp IP to the UniFi AP next to my router also setup as an AP would give devices connected to the UniFi AP LAN access to my devices, it's not seeing any of them. It's set to 192.168.1.4, my phone is receiving 192.168.1.121 (which is in my DHCP range of 192.168.1.100-192.168.1.150), but it sees no other devices.

Anyone know if the AWS outages are just single AZs, or region wide?

Is the only way to avoid these having multi-region deployments?

Or if you're really ambitious, multi-cloud 😱

I have a router running dnsmasq as both DNS and DHCP. Is it possible to configure dnsmasq to resolve subdomains of a host from dhcp. I want to get avoid having to manually set address=/dhcp.home.arpa/192.168.0.1 for a bunch of hosts to enable working subdomains for them.

yeah it def is, I did it on my Edgerouter, but it was behind an abstracted setting

any idea which flag? nothing in the manual seems to jump out and --dhcp-fqdn wasn't it

one part I think is to make sure you have a domain set in dhcp settings as well

I can try to get it once I get home

Thanks for sharing any information you have. I do have a domain=home.arpa set in the config. So nslookup dhcp.home.arpa is working correctly. But I get NXDOMAIN when looking up sub.dhcp.home.arpa

sub as in a host?

so like presentmonkey-pc.dhcp.home.arpa?

or virtual.dhcp-host.home.arpa it doesn't exist

only dchp-host.home.arpa does

https://www.reddit.com/r/networking/comments/rh65pm/fake_ccie_employee/

fake ccar employee

Santa delivered early 🥳

@waxen scroll @clear igloo

"how much service loop do you want?"

"yes"

Not enough, run it again!

@clear igloo

An in progress rack at a middle school for intercoms

lol, not bad

The rack as of 2019 lol

Needs to be pink though, more lambo colors 😄

lmao

broken laptop bin

got two crates of broken laptops 😄 old ones tho... most from hp pavilion saga

this is from one school 😩

they should send stuff to schools for testing 😄

I remember cheap atx cases that had power button punched inside... darn school kids, its atx ffs.... had to fix all of them with glue gun

not sure if this is the part you're actually looking for clarification on, but it's not actually public key encrypted. it's just symmetric key encryption... public key cryptography is far too resource intensive to use for every bit of traffic on the connection. the way basically every VPN system/protocol does it, it uses public/private key cryptography to authenticate and negotiate then exchange a symmetric key which is used for the actual traffic. but in the end this doesn't change the results at all - nobody can see the data between you and your VPN server (ideally self hosted), including coffee shops or your ISP

Tom Scott had a pretty good video about the marketing of VPNs

What can be done is traffic data flow analysis on the encrypted data to guess at what type of data it might be (ftp, http, ssh, etc).

The point is that your data is in theory anonymized with all the other data entering and exiting the vpn server node that it is difficult to determine whose data is what

That they're all scams except for the one you implement and manage?

some have merit

but like, basically lying by saying that the web is dangerous and saying somehow vpn's make it safer

Have I got a story for you all...

Yeah, they don't make anything safer, especially if you host your own VPN server node

So I arrived at a client that had laptops wired into a switch, that was uplinked to the cable modem. It was just a dumb modem, no NAT. The guy had public IPs to his NICs. LOL. And he said that's why he purchased VPN services.

No, what he needed was a business class firewall and someone that could set it up properly. Good God man! Dangerous to be exposed like that.

how long ago was this?

I would love some more public IPs

Last week, here in the US.

lol

Comcast doesn't do CGNAT...at least not yet. Hope they don't

that ISP really didn't limit IPs per customer

well no, the fact that it handed out more than one IP per customer

It was a business account, but normally you have to put your own router in place and have them statically assigned. No clue why a business account would be giving out multiple PUBLIC IPs via DHCP from the modem.

Boggles the mind

He only needed one IP, and it didn't need to be static as he wasn't going to be hosting anything from his home office.

Should I be able to see my LAN devices on one AP from another, both hooked up to my firewall on separate ports?

depends how the ports are configured

LAN bridge

as a switch/bridge, yeah

same L2 network

You're not just turning a router into an AP, right? They're actual real APs?

uh, only one is a real AP, other is a router in AP mode, the third is a router used as a switch.

devices connected to the real AP can't see LAN, devices connected to router in AP mode can't see LAN after I took the switch off daisy chain from router in AP mode.

it's like my bridge isn't actually bridged?

all have internet, all receiving IPs from OPNsense DHCP on LAN bridge.

As long as you're not doing NAT internally other than from the LAN to the WAN (ISP)

what are you checking if they can see each other?

ping?

Unified remote, Emby Media server, let me try pinging.

try arp-scan

never used that before

utilizes arp to check for any connected device on the L2 network

useful

sudo arp-scan --interface=enp0s31f6 10.0.20.1/24

oh, just sudo arp-scan --localnet gave me a list

ah

I need to put the interface for some reason

localnet scans all local addresses, putting in an expected range makes it faster

so desktop connected to switch, connected to OPNsense can see everything it seems...wait...

huh wait, why doesn't my PC see my phone, weird

I don't see my phone which is connected to router in AP mode.

_>

how you see what I'm typign!?

me neither lol, maybe arp doesn't work as I expected it too

actually no, it picked it up now

probobly phone just need to be active to respond to arp requests?

Can't seem to trust PingTools on phone cause it shows my desktop with my Emby media server, but can't connect to it.

Found a Netgate post where someone was trying to do what I'm doing, gonna see what conclusion he came to.

On the router turned AP are you doing anything to only allow certain clients to connect? My Netgear will show a new device to connect and ping other things but nothing else

no plans for that at the moment, as far as i know.....

you may not get a public ipv4 address at some point in the future but i think cgnat is out of the picture for now

ipv6 solves the problem for real

wifi

comcast has v6 iirc

yeah we pretty much moved everything over

I figured it out...I think. I have a 4 port NIC bridged ("LAN" br0) in OPNsense . Under LAN (br0) I have the "Default allow LAN to any rule", but apparently that wasn't allowing them to interconnect together (the 4 ports), so I added that same rule under each separate port, LAN1, LAN2, LAN3, LAN4, now I can connect to any AP on my WiFi and can control my desktop remote and can access my Emby media server from any AP too.

That sounds like a bug to me, unless I'm not understanding what the bridge is doing.

Is every switch/ap off of opnsense or is the first switch off of it then aps off the first switch?

huh, what if you deleted the rule under bridge

let me disable it instead, don't want to mess something up now. LOL

No, looks like that was doing something too, suddenly can't connect to my Unified Remote control or access my Emby server.

ah rip

never used opnsense/pfsense

Feels like a jungle gym 😄

the gui looks so messy tbh

On which?

pfsense/opnsense

routeros too

What do you use?

for core router, ER-X which is edgeos, gui is descent. For other routers, vyos. For most configuration these days I just use cli, as I'm used to it.

idk, I just find the cli much more efficent

tab autocomplete, ? for help

yeah i still haven't gotten my hands on a working edgerouter lmao

just running some bottom tier all in one with openwrt for the moment

Yes, I've got full IPv6 working both internal and out to the internet. Even my DNS through PiHole is IPv6 configured. In fact, almost half of my DNS queries are AAAA which is IPv6.

Just configured and Edgerouter Lite. It's fast, and GUI not too bad. It's better than the majority of consumer router crap, that's for sure.

It's been stated that the MikroTik is a much better value in terms of dollar to performance. But IMHO, I hate the interface. Just my 2 cents.

Yeah I don't like routeros's interface either

Cli interface seems better than webui, but I like my vyatta/junos style cli more

Edgeos webui is pretty descent, main page is nice. I mainly use the webui for stuff like static DHCP leases, monitoring, etc. But for most config now I just use the cli

Is this a reliable site? https://www.smallnetbuilder.com/tools/rankers/router/view

Prob not

Idk

Interesting - https://www.smallnetbuilder.com/wireless/wireless-reviews/33084-ubiquiti-ac-pro-and-ac-lite-access-points-reviewed

Toward the bottom

Anyone using T-Mobile Home Internet?

Curious, with your pihole how are you handling devices that use hardcoded DNS servers?

If you are doing it right, you have a rule in your firewall to forward all packets outbound on port 53 to your pihole and allow only packets from your pihole on port 53 out of your network.

That's the way I did it

lol i had mine doing that but then it broke something i was trying to test for work so i had to disable it.... oops

ideally there'd be a way to easily specify "let this particular device use any DNS server it wants" but not in the software i use

you could do that

filter what addresses the destination NAT rules applies too

yeah i mean... just not easily configured in the software i use. i would have to do the routing all manually and i dont particularly want to

i do enough of that at work lmao

long term though, im probably gonna switch to doing it from scratch anyway, or find a fork/alternative to pihole that's more configurable

adguard?

https://github.com/AdguardTeam/AdGuardHome#installation

thanks, I'll check that out

Did you cheat and use a template? Lol.. I did mine when template was not a thing

Needed to know Linux routing to get it to work

for edgerouter or mtik?

Edge

huh

Snb is a good site.

I got one when they first came out

ah

it didn't have like the ? help and cli interface

It did but I'm talking about gui

ah

You need to understand some Linux network concepts to get it working... Like the nat stuff and all that

It gave you no clues on how to set it up

Come with meeee and you'll see a world of pure imagination as we delve into mysteries of iptables configuration

We'll begin with a mangle Traveling in the world of IP Tables. What we'll see will defy explanation

I just can't do iptables

It's just firewall configuration in text format. Just go look at some examples and you'll eventually understand just by reading it

yeah ik, I've used it. It's unintitive as hell

Eh. I can understand what's going on at a glance nowadays. That being said I have about 15 years of working with iptables so.

Unless you're willing to block 443, DoH (DNS over HTTPS) is now a thing. You would have to have a firewall that does cert inspection or MITM to block it

Hmm, I guess you can block by IP given there's a published list of DoH IPs. You use banIP or some other method.
https://forum.openwrt.org/t/banip-support-thread/16985

https://raw.githubusercontent.com/jpgpi250/piholemanual/master/DOHipv4.txt

https://raw.githubusercontent.com/jpgpi250/piholemanual/master/DOHipv6.txt

Yeah, I cheat. Just needed to "get er done" and move on. It wasn't a complicated setup. But yeah, for many things you have to CLI into it.

And yeah, hate scrolling through config txt. It's really nice to have through (instead of a binary dump) in case the unit fries, and I have to rebuild the router config or equivalent with another device (GUI or CLI).

BTW, I hate SonicWALL. They SUCK!

kind of an odd question... I have 2 ISPs. a 5g tmobile modem router, and an att DSL connection (only 10mbs) so obvously they are 2 seperate networks. But is it possible to connect the two? not nesecarraly for internet, but so the devices on the 2 can talk to eachother. The tmobil only gets used for our live streaming stuff. The att is used for our smarthome stuff as well as our daughters tablet and roku

Yes

You could have a dual wan setup

dont nececarrly need both networks to use both ISPs, just some crosstalk for devices would be nice

Yeah you can do that do

oh ok. so, how to do the thing?

I actually was helping someone else trying to do something similar

Basically the 2 existing routers need to have 2 things,

1. ability to add static routes
2. be on different subnets

First option is if the routers are capable of defining interface ips, which I doubt they are

Second option involves some sort of 3rd router, something like a er-x, hex, etc. But it would basically route between the 2 networks

I'm reusing diagrams, so ignore stuff like the Nas

Well nas is actually gonna be involved, one of the reasons I'm wanting to do this

Ah, nice

Why not a single router

With dual WAN

Policy Based Routing specific devices to specific WAN

That's also an option, they said they didn't want that

That's what PBR is for

But yeah there's many ways of doing this

The tablet, roku and such will still use T-Mo

Yeah you could configure that way

Idk if you can configure the isp router/modems to just modems for a dual wan, one router setup

Only downside if you can't, would be double Nat

Sadly the tmobile is a modem router, as well as the att

Some allow for like passthrough it's called I think

I have the wifi turned off on the att and still have my own router on that one, but I have ran into connection issues with that side before

is there any solution that will let me connect them wirelessly?

the modems are on oposite ends of the room... the tmobile is in the only place that gets decent signal, and att is obvously by the phone jack

Technically yes

oh i know it wont be optimal, but i wont be streaming anythign more that 1080p from the NAS

Idk of any router that can connect to 2 wifi networks at the same time tho

Would require like a bizzard setup maybe

At that point, just run a cable across

The optimal setup would be what blob suggested

1 router, 2 uplinks, setup pbr

what about with dd-wrt firmware? ive messed with that alot in the past with an old linksys rwt54g router (might be dating myself there)

Idk, 2 networks at the same time is like a hardware limitation. Depends on wifi chipset honestly

I have to go tho

its cool, atlest i have a direction to look

where do yall shop for network gear?

online tho

Transceives, cables, king is FS

they have eveythin'

all the way from just some Ethernet cables to some 6000$ transceivers

would anyone here have experience with using wireguard to act as a proxy for port-forwarding? (if that makes sense), basically I want to run my minecraft server for my friends but I'm behind a CG-NAT, and the cheapest option (if I can do it) is to just route my server through a bare-bones AWS lightsail instance running wireguard, and have people connect to that as if it was the minecraft server. I'm able to get the wireguard tunnel setup so that the MC server routes all traffic through the AWS "gateway", but I can't get incoming connections to the AWS instance to be directed to the MC server

What’s AWS doing?

Just a proxy? Why do you need a proxy?

Is it for DDOS protection?

He can't port forward.

Yes, I do it for ddos protection and second ip

You need to have some Nat rules

Outgoing src Nat out of wan

And destination nat to forward to server

My setup is a fair bit more complicated as I have the wg tunnel go to my main router. And then it's just another IP on the network. I have a vlan setup with pbr, so all devices on that vlan use the vps for internet.

Use ngrok, its specifically for this use case

https://ngrok.com/

ngrok has limitations

for 5 bucks a month I have DO vps which I can do anything with

Where?

fs.com

^ yeah, that

as for like other stuff, it's more per brand, not really what online shop

why is it so hard to find a comparision between all wifi router ranges nowadays ? 🙃 I want to buy cheapest long range wifi ap. No extra features just signal strength and reliability.

I do think it was every easy to find it. Its mainly down to chip amplifiers, antennas and the client. Raw range is pretty much a moot point as its all about the same

smallest AWS ARM instance is like $1.80 a month

down to like... $1.15 a month if you commit to 3 years iirc

obviously you have to pay for bandwidth too vs some providers will just do flat rate VM with a couple TB of data transfer

but as long as you avoid the AWS NAT gateway the pricing is pretty reasonable

@clear igloo 😳😳this room has 40 network drops

the switch we’re all connected to is just dedicated to us

Never has AWS bandwidth been cheap and it never will be

For sure would recommend going with some other providers who have heaps of bandwidth for cheap

Nice! all the bandwidth!

40 network drops all from where s? :P

10Mbps hub

Dang.

I was thinking datacenter and 40 different drops from... 40 different carriers
Wait no that ain't possible

Oooof ok that is pricy

Pricy for what exactly

5 extreme switches stacked 21gbps

With 2x10g uplink to the next layer

Our server is on the same switch in the stack as well

what are you looking for?

fs.com is good for like fiber cabling, transievers, etc.

Iptables DNAT + masquerade + enabling up forwarding.

https://www.linuxtopia.org/Linux_Firewall_iptables/x4013.html

https://tldp.org/HOWTO/html_single/Masquerading-Simple-HOWTO/

I might be missing something, but that should be close.

I tried to do it once on ubuntu but failed

ended up just building a cloud vyos image and using that instead

not feeling working with iptables

The dual Wan routers we were talking about

oh no, fs.com is not the place for that

@rocky badge what unifi device would be good for dual-wan?

like this is my router, (bit outdated but I like it), but it can do it https://www.ui.com/edgemax/edgerouter-x/

anything here can do it (configuration is not beginner friendly at all): https://mikrotik.com/products/group/ethernet-routers

I used to mess around with ddwrt a while back amond other things, so I'm not a complete noob

yeah not saying it's cheap but it's 10gig at minimum and performance per dollar is surprisingly good

none tbh LOL

I wouldn't use UniFi for dual WAN

I'd use something else like pfSense or some other router.

UniFi dual WAN is stupid and I hate it

ah

technically doing dual wan rn

idk, I really like the ER-X except that it doesn't play with v6 nicely

yeah Edge OS lineup is fine for dual WAN

it's the UniFi line

yeah

https://tenor.com/view/im-doing-my-part-serious-stare-gif-11979677

can anyone tell me how i am getting 1 mbps on 5mbps plan

any fixes

im using ethernet

@clear igloo ZeroTier is so sexy 😩

I'm maxing the speeds of the remote WAN uplink

I don't know much about Networking protocols and proper knowledge

Is that good? 93.3/4/5?

Considering the remote side only has a 100Mbps uplink

Yes

Yay!

@peak cloak Any ideas on why this stupid thing won't route traffic
I'm trying to my LAN -> ZeroTier VM -> remote LAN via ZeroTier

I've tried Ethernet bridging

I have routes on my main router

I've tried adding routes directly on my PC

I want it so I can access networks on ZT without having to install ZT on every device

IPv4 forwarding is configured, iptables are from snippets I've found online

I think I fucking figured it out idk what was wrong tho

https://i.ryois.me/P5N4mAEXYO.png I'm so happy

can someone help me I get this error when I try to change the ip on my pc?
the default gateway is not on the same network segment (subnet) that is defined by the ip address and subnet mask

Nice

I always forget to add static routes on the remote side

Really should get ospf setup

opsf ftw 😛

What IP, mask, and gateway are you trying to configure

i got it fixed dw

Wtf is zero tier?

Looks like a new hamachi

does this look right ?

it has to be redundant so idk if that how you do it or not

What are you trying to show?

this is what i have to do

i just done under stand how redundancy will work in a switch

Doesn't state how far away the rooms are

Typically, you will do a HA pair of firewalls connected to a pair of distribution switches on the outside (each firewall connected to both switches) then same on the inside

You know anything about Cisco vpc?

You either use active/standby and have failover handled by the client/os to a pair of switches, do VSS (which is pretty old at this point) between switches and a single port-channel to the hosts, or throw in data center hardware that can do virtual port channels(vPC)/MLAG down to the hosts

@peak cloak can you help me set up zerotier again? i reinstalled Windows and now my phone doesn't seem to connect to the SMB location

Working on a vps, I'm unable to access the phpmyadmin from my personal pc, I own Vps and everything, just can't figure this out, first time I'm getting this

this is a web server error, you probably need to double check apache httpd config files and permissions

did you recently install phpmyadmin?

Yeah it is a fresh install @sudden kayak

sounds like the web server is not setup properly

Okay, what kind of hints would you have? I've set it up before on other vps no issue, not sure exactly what I'm forgetting this time lol

my guess is you have a newer version of either the OS or apache that has a safer (but far more inconvenient) default security configuration than your previous VPSs

you will probably need to explicitly write your .htaccess and top level apache config files to allow accessing that directory and running php

Hmm okay, I'll check that out, would downgrading apache be a viable thing as well?

i would very very much recommend against it

but yeah you might be able to find an older distro with an older version but with security fixes backported

True, random question, because I'm not familiar at all with setting that stuff up, if I dm you the access to the vps, would you be open to just setting apache up for that?

it's your vps

it's a issue on your end

oh nevermind I misread you

Would either of you be open to assist setting it up?

I'm unfortunately out right now but also in general i would not recommend giving out passwords to random strangers on discord

I agree lol, I'm just really in a crunch, have to get the server fully running by the first. Heck, if you could even just make a copy of the files and set the files up and send them to me I could import them, that could work too, if you would be open to that

if you're around when I'm home this evening I'm happy to help out

throughts on cloudflare for domain registar?

I'm really stuck on who to go to as my free domain from github dev pack is ending

they annoy me

but they're probably fine

also be aware they don't have support for all tlds

I save so much'

https://i.ryois.me/2zlVeJbZkN.png

That's like $84/year on Google Domains/Namecheap

https://thehackernews.com/2021/12/apache-issues-3rd-patch-to-fix-new-high.html
UGH!!! Stop!!! plz ;-;

https://tenor.com/view/this-is-fine-its-fine-everything-is-fine-burning-house-happy-dog-gif-21646319

$59.99/year on Cloudflare

And CF handles all nameservers and such.

I'd switch from my current Tucows reseller to Cloudflare but last I checked CF still doesn't support .ca domains. Otherwise they look great as a domain reseller if you already use their other services.

@sudden kayak sounds good I'll send a dm to ya

yeah I just have a .me I want to transfer from namecheap

expiring soon

I need to do that as well

Namecheap .me isn't cheap

it was free for a year...

I've had mine for a while

didn't pay at all for the past 2 years (well 2 seperate domains)

yeah most of mine are on namecheap

github student dev pack ftw

someone recommended me porkbun.com but obviously you don't get any of the cloudflare benefits

yeah I was looking at that too

https://i.ryois.me/5egYNxGwow.png

.me on Namecheap

damn i still have a .edu email i wonder if i can get that

https://i.ryois.me/bZ4qJ2sBpJ.png CF

maybe

Github instant verified my .edu

yeah depends

my school .org was auto verfied

My uni is registered with github anyways

while college .edu wasn't

https://i.ryois.me/3giecpjz07.png

lmao

that's new...

it's just a server template

XD

what a joke

still using DO free 100 bucks credits

when you have a $5/month vps, you have a while free

I use it for JetBrains and Termius

also protip

@clear igloo it's so fucking tempting to switch to VOIP

oracle cloud... i know that sounds hilarious but they have an always-free tier with 4cores, 24GB memory on ARM and two 1GB single core epyc VMs

its insanely good for free

compared to like... iirc one 512mb VM on google free tier

@rocky badge Thanks btw, you made me check on my domains on go-failure. I have TWO payment methods that are valid, they let one of my domains WITH AUTO RENEW ON, expire yesterday >.<*

lmao

I even used one of the payment methods to renew the domain, just how fail does your system have to be!!

namecheap did that to me too recently :/ its ridiculous

https://i.ryois.me/ul6zvvX8i5.png

Do it!

How the hell is this an "edit settings" icon

Ummm, because it's a cluster?

idfk

Yah, lol

is it posslble to get an IPv6 address on IPv4 connection? I tried using tunnelbroker, I was able to ping websites with IPv6 with ping6 ipv6.google.com, but I was unable to browse to the website in Firefox. I think that the TCP connection isn't being made for some reason. I was thinking that it might be possible to set up a VPN from a server with IPv6, which could get it working? So is it possible?

what's the error in firefox

timeout? something dns?

It just doesn't load the page. ipv6-test shows that it has no IPv6 connectivity.

just curious what router are you using? because I had a similar issue

I'm using a sky router

I think it's something related to that tbh

hmm idk that, cuz I have an er-x and with hwnat enabled, ipv6 was very slow, like tcp ACK wasn't being sent for some reason

oof

what era/version/model?

SR102

I legit give up with apache. Is anyone available for a screenahare that knows a thing or two about apache?

if you still need help I'll be home at my computer in another 90 minutes or so, but in the meantime make sure you check both file permissions on the actual filesystem and also the permissions in the apache config etc

unfortunately this is older than the hardware that i have any real knowledge of, but i would guess it might just be too old for real ipv6 support

that one is pre RDK

I have a question. With more switches in my network and live tv/ip tv streaming devices in it.
Do all my switches need IGMP Snooping or is it enough that only the first switch has IGMP Snooping?
For example MODEM/ROUTER --> 5-ports switch WITH IGMP Snooping --> 16-ports peo switch WITHOUT IGMP Snooping --> Streaming Decoder (Arris VIP).

whats the go-to cheap'ish 10g switch for home use nowadays?

i have a litle problem with my ethernet connection 😅

to host a minecraft server securely do i need to do anything except for adding a domain?

wdym by secure, and you need to have the server publicly accessible. Domain is not required

secure as in people not being able to see my public ip address

anyone can lookup the domain

that's the whole point of dns, to lookup domain names to get ips

well i just want to avoid people doxxing me is what i mean

having your IP isn't really dox

i guess all they can really do is trace my location, right?

depending on geoip database accuracy, which here isn't that high, just location of ISP fiber cabinet

gotcha

would i need to setup a firewall

how are you hosting

ubuntu server vm on truenas

self hosting I assume

yeah

you would need to port forward as well

did that

you basic firewall is just based on allowing/not allowing ports from an IP range, etc.

like on my router?

both

ah ok

so there really isn't much

your router should already block every new connection on wan

except for the port forwarding rule

kk good

what I do, is I have a vps to proxy all connections through, a anti-ddos thing so I can disconnect that and still be able to use home internet fine

alright how would i go about setting that up?

uhh, it's a bit complicated

my setup is at least

are there guides

yes, but I didn't follow any and did it my way

I should really make a website to post stuff I do

yeah

this is descent

https://github.com/mochman/Bypass_CGNAT

ok cool

not really a guide though it seems

could also use something like tcpshield

i mean tbh i could just remove the ethernet cord whenever i need to take it down

is this some public server or just for friends?

public, but i don’t see many people joining it

cuz I heard stories of people being salty after being banned and ddosing servers

usually if ISP sees ddos they will blackhole your IP for some time, where you won't have internet

hm that wouldn’t be great

but as long as it's not big, eh

like I wouldn't advertize it

yeah and if it gets big i’ll host somewhere else

alright i think that’s everything thanks for helping

why not host the minecraft server on your hardware then get a free tier amazon aws server and use it as a ip passthrough

@old widget

well, aws free tier is not actually free so just beware

but a small paid ARM instance is great performance (especially network speeds) for the money

never used AWS, but I heard billing is confusing AF

yes

intentionally

"cloud is cheaper"

https://tenor.com/view/nope-gif-23756243

it's free in their defined limits

right but... those limits are very poorly documented

and if you unwittingly go over, it will basically just start charging you without warning

and you'll get a $50 bill after your first month of thinking you were on the free tier

The billing dashboard tells you free tier limits for services you are currently using ¯_(ツ)_/¯

right but it's quite easy to miss that before you spin up some new service

You get 750 hours of EC2, you get X amount of transfer, etc

and then by the time the billing dashboard tells you, you're already running a balance

https://i.ryois.me/sjGclXo7EJ.png

i'm at the point where i usually tell beginners not to expect that there's any such thing as a free tier, and that they'll get a smaller but expected bill if they just do a micro ARM instance... vs the free tier where performance is kinda bad and it's easy to get a big bill you weren't expecting

I've heard oracle cloud has a pretty good free tier

yep it's remarkably good

(for now)

or you can do something like Lightsail or some other VPS providers that do fixed pricing

exactly

DO

but AWS billing isn't that hard if you know your usage and keep track of it

that's what i'm saying, either expect to pay for AWS or go somewhere else with a flat fee

I mean, that's the same with any cloud

also there are a bunch of AWS services that are free for the first year but then start charging you

Because it's pay for what you use

yes, it's free tier, not always free

https://i.ryois.me/QvBrAAovKE.png

and it's hard to miss that it's for a year lol

right but point being, if you have to move somewhere else after a year it's not exactly an awesome free deal

and if you're expecting to rely on it being free, you're gonna get a nasty surprise after you leave it for 11 months and forget

its fine for most people who want to just learn AWS or play around with something.

Plus, it's like <$10/mo

in the end its practically just philosophical, but i'd rather know i'm spending $3-5 a month than think something is free and then get a surprise bill for more than expected after a year

the original question in this conversation was about using it to proxy a public production minecraft server