#networks-security-and-home-servers

Reupload because accidentally doxxed myself

Lol

Aussie Broadband

I though about getting one of these

Mediatek tho

In laptops they're absolutely ass

yeah i'm not a big fan of mediatek wifi cards for pcs and laptops, they often suck, but they're fine in routers at least
honestly it seems like most consumer routers use mediatek lmao
also for openwrt specifically, mediatek is the preferred chip, since broadcom has a closed source driver and openwrt can't use it fully

though ddwrt has an agreement with broadcom and can use it fully

cool, I'm really tempted to get one to do some testing, does it have an option to change its own mac address when connected to a lan?

It runs on openwrt so yes it should

They have a skin over it but it's still openwrt and you can flash luci

fantastic

Beryl AX cult???

i try all and my leptop is work same before but this all node make somme truble for me ?

with the first node, Grass i make $400 but the app can stole my data ?

@feral eagle yo sus links

ima just delete all of those since they were referral links anyway. but taking a peak I probably wouldn't trust any of those if you are serious about security/privacy

Could you see if the links weren't masks

Ah ok yeah that's what I was wondering

didn't look like it

@nimble sigil do you remember salad

I've had one or two

Lol

It's basically salad but you contribute to ai models

Instead of crypto

Oh

Thats weird

I dont like that more

We were talking about it in techie chat but I couldn't screen the links

How would it even work like

Do you just write an essay?

Send it some photos?

You know how crypto mining works ye?

I think so

Computes answers and generates a crypto

Same idea but you get clustered to work on ai training models instead of crypto coin hashes

Ohh

Ye that's basically from what I can tell what that all was

All 4(?) of them

Bros tryna minnax his referral codes

Yeah kinda seems that way haha

Yeah I wouldn't be comfortable with that since so much ai is trained on data that isn't consented

Or even like pirated

Lookin at you, meta

I mean Facebook

I wouldn't know enough about it tbh

I just recognised the program lol

tbf the sites did have the "ai" tld

which technically is a country tld but ai bros are all over it

Vedal.ai

nah

Lmao, he might just use it as a email

user@vedal.ai

that's weird

just get a .me

http://10.0.0.101/admin

W

127.37.59.168

What ports do you have open?

that's your private IP 💀

Fooled

fool

(loopback)

10.000.000.000 is private ip range

Is your loopback heavily subnetted and VLAN'd?

whose loopback has anything other than 127.0.0.1 💀

Loopback range is the whole /8

bruh

Idk why anybody would ever need like

"I have your IP address it's 127.0.0.1"

How many damn addresses are in a /8 for loopback

I wanna put on a whiteboard somewhere in the school I work at "the campus's IP address is 127.0.0.1 go crazy"

The thing is, that is a bit more recognizable than putting some random numbers within the loopback subnet

True though

Hey does anyone know why my WiFi acts up when I connect a 2nd monitor?

Either your monitor is throwing off a lot of interference or it's a coincidence

Or your monitor is acting as an emf shield if the ap is behind it somewhere

I have disconnected the 2nd monitor since yesterday but my connection to my WiFi isn’t the same anymore.

That sounds like Windows wonkiness

I still get good ping in games I’m playing but my download and upload speeds are shot.

On every device?

Just my PC

I have a loose antenna connection on the back but it always worked just fine before but now I can’t tighten it anymore it seems like. I’m gonna take it apart soon & see what’s going on but I was just wondering if there is anything I can do before hand.

I also got a new desk with metal on it but my PC is on top of the desk so I’m not sure if that has anything to do with it. Cause I heard metal can act as an interference.

Tighten the antenna

Honestly, that might be it. You were behind your PC to plug in the monitor's display connection anyways, probably knocking one of (maybe both?) antenna(s)

I can tighten 1 antenna but no matter what I do to the other one it doesn’t want to tighten. I guess I just have to open it up.

Maybe the Wifi adapter isn’t attached to it anymore?

maybe you've crossthreaded it?

I think amazon gave me a f’d up board

there is no cable going into the left antenna

Only the right one and it’s tied off

But I never had a problem until now which is weird

Maybe it was fine with one until there was a metal desk if that's new, or maybe the monitor placement is blocking the signal

Hard to guess from conjecture

My Pc is on top of the desk as well. Even though the metal is at the bottom will that still interfere?

Depends on alot of factors

Like what? If you don’t mind elaborating on that.

Ap placement, other interference sources, client station placement

Really just physics

I still have everything in the exact placement as before, just with a new desk. Everything went down hill after that 2nd monitor. I’ll move the desk somewhere else and use my old one again and see if that changes anything.

See if taking the 2nd monitor off the desk fixes anything

u know 10.0.0.101/admin is a real ip for me

t brings up my pihole

Any IP between 0.0.0.1 255.255.255.255 is technically a real IP address

i would go on it but my phone keeps refusing to charge for what ever reason

Oh it’s no longer on desk anymore. I moved it since yesterday.

Ah

See if moving the PC to another location makes it better

Or before that actually, try reinstalling your wifi chipset drivers

I updated them yesterday. Should I rollback and then reinstall?

Download the new drivers first, then delete the drivers on device manager, and reinstall

Yeah I already had the newest ones, I just deleted them and now im on the previous version but now I noticed my wifi signal has increased but It wont let me connect to the network.

I just got this AT&T extender in the mail and I can’t even scan the QR code. It detects it immediately but it just doesn’t want to let me scan it. I can’t login either because it keeps saying the login info is wrong. Any ideas?

I'm not really familiar with those specific extenders. If the QR code is required to set it up and it's not working what I would do is contact AT&T technical support.

i was gonna but the dude seemed sus lol

i’ll do it when i get home

indian accent, rushing me to get my account password. just had an attitude in general

I'd go with the support chat from the actual att website, it sounds like you called a number off of google and got a scammer. They do that a lot.

The real reps will NEVER ask for your password

"contact us" section, chat with a rep https://www.att.com/support/internet/

Even if the 800 number on this page is the one you called, it's still possible your call was intercepted by a scammer

Oh and if you did give anyone your password you need to change that immediately or you'll lose access to your account and get new lines activated in random places charged to you

Understood

and no i didn’t give it out dw

went to customer support

they were useless

kept asking me stuff i didn’t know and my mom couldn’t figure out either

eventually just hung up

I logged in i just cant find anything on setting the damn thing up

Which model extender did you get

AirTies 4991?

4971

Found out that what i have won’t work and i’ll just need to get a powerline kit

Well for what it's worth at least https://www.att.com/idpassets/images/support/pdf/Wifi_Extender_QSG_Guide_English_Online.pdf

That was the problem, we couldnt extend it far enough to reach our rooms

What would be a good mix between good and budget for a powerline kit?

I remember being recommended this, but my parents wouldnt pay this much for it https://www.amazon.com/GL-iNet-GL-MT3000-Pocket-Sized-Wireless-Gigabit/dp/B0BPSGJN7T?th=1

ethernet over powerline i would save for a last resort scenario, as high voltage high frequency signals cause alot of interference (you will annoy the HAM radio operators in your area)
if possible, using a wired ethernet (or fiber) connection is always going to be the most ideal scenario, if you don't mind either running a cable through the walls and or attic, or through the house

if your house has concrete or stone internal walls, wireless networking is terrible for that since RF gets very much attenuated by concrete and such

if you're able to use wired ethernet, you would be able to continue to use that airties unit

however, if it costs extra each month to have that unit, return it and buy something else

like an old enterprise AP (make sure it works standalone, and isnt a lightweight ap that requires a controller)

well we rent the place, we can’t do many mods to it

if anything any

been asking for a new closet door and got told no 3 times

rip

so wired isn’t gonna be an option for me

it is* if you and your family don't mind a cable running within the house

they do

oh well

Powerline kits aren't going to be cheaper than the router

yah ik

also yeah powerline kits will end up costing more than that router you linked

yeah i know i asked about the router

i do recommend the beryl ax, i have it and it's great

and sorry, what is it again?

though i'm not sure how it would help you with your current situation

name of the router that you linked

Oh

right

i’ll see if i can pitch in for it then

eh it’s worth a shot

any amount of better wifi is better than nothing

did you manage to set up that airties

the what?

the at&t extender

wifi extenders should be placed within range of the router, if you put it in the same room you want the connection to be, but you dont have signal, it won't work

it's a common mistake i see people make

we couldn’t put it anywhere else but the same room lol

and my stepdad was saying it would be too much of a signal it would be interfering with itself or something like that

and we’re tryna hit the basement

technically true but it's designed specifically not to interfere

lol

Your stepdad doesn't know how that works then lol

and the guys that helped set up our wifi were like “put it closest to the northwestern part of your house”

so now it sits right where my parents watch tv

i’m convinced it’s to hog the wifi

🤷

idk much about networking

he was in the navy and did security work so i just take his word for it

i mean, his knowlege is somewhat true, but not the full story
wifi is allocated a few channels, and if 2 APs are broadcasting on the same channel, they will interfere

yeah that’s more similar to what he was saying

but if you go to the next channel that doesn't overlap the first channel, it wont interfere at all pretty much

(for example, on 2.4ghz, the ideal spacing would be like channel 1, 5, 9, and 13)

right

(except in north america, 13 is restricted, so you only get 1, 5, and 9)

An extender can be set so it broadcasts on a different channel from the main router, no interference then

I see

for now though my parents are just asking for powerline connectors and i dont think theyd wanna get a $100 USD one

Could do something like this so you get a wifi connection in the basement still https://www.newegg.com/trendnet-tpl-430ap-up-to-1-2gbps/p/N82E16833156558?Item=9SIAHFEBJ49640

sent to my parents

ill lyk what they say

That one was only a single unit my bad, this one is the correct full kit https://www.newegg.com/tp-link-tl-wpa7617-kit-powerline-up-to-1000-mbps-ethernet-10-100-1000-mbps/p/N82E16833704613?Item=N82E16833704613

is the threat of the US banning tp link still a worry

Boy I hope not because their archer series has been good for budget routers that have decent range

Hmm https://www.cnet.com/home/internet/the-government-may-ban-tp-link-routers-this-year-how-worried-should-you-be/

I mean things like this are why I always use custom firmware

What the hell are they smoking over there

That would give hundreds of thousands of businesses a lot of headaches

Are these universal? Or is there a specific brand/type depending on motherboard?

Mostly universal

okay cool, is there anything I should avoid?

There's-

Not really anything else to say about this

I guess not cheap $2 temu versions

It's just wire to antennae

Alright thanks!

You just have to use the correct antenna, typically SMA male or SMA female but sometimes RP-SMA is used

Thank you

Would you happen to know the standard length? or what would be the best length for motherboard connection?

measure with a string

There is no standard length of anything related to this

The only things that are standard are the actual connectors

Are these any different other than size? Like are they the same type of u.fl connector?

looks like one is m and one is f?

https://tenor.com/view/facepalm-really-stressed-mad-angry-gif-16109475

thank you

Could you possibly link me to the right cable on amazon? I need a u.fl to rp-sma female but I’m realizing they all say (u.fl MHF1) So I’m guessing those aren’t the right ones?

i believe they're the same standard?

find the cheapest decent one and send it here and i'll take a look

https://a.co/d/f4DdMq7

This is the white one in the pic but when I opened it I realized it was just a sma not a rp-sma so I don’t know if they’ll have different u.fl connecters for the wifi card.

the u.fl connector on the wifi cards are always (at least the 20 or so different wifi cards i've seen) are male

So I’m searching for the wrong cable?

All the ones on amazon seem to be like the white cable in the photo.

No, the one you sent is right

You do need to make sure the antennas you buy or have are the same connector, sma or rp-sma

Can you tell what kind of cable the black one is?

In the picture

The listing says

The black one not the white one

The black cable is the one that came with the motherboard

and the white one is the one that didn’t work.

Oh, black cable is.... Actually, that might be MHF4

Alright thank you!

https://a.co/d/5RAYbSO

I believe this is the correct one?

Some of the reviews say they are too small but I guess ima just take the chance and see.

sorry for writing a book but I'm really derp with networking ngl

I'm running Pi-Hole on a 10700KF/Z590 Unify-X/GTX960 ("Pi") running Ubuntu

I enabled DHCP server in Pi-Hole on the web GUI thing

I followed the instructions on manually setting static IP on the Pi

it works in the sense that when I restart the Pi, the AT&T gateway assigns the same IP address everytime

but

one of the last install instructions tells me to disable the DHCP server on the AT&T gateway because--I believe at least?--the Pi is supposed to be in charge of assigning IP addresses

when DHCP is disabled on the AT&T gateway & I restart the Pi, it won't assign the static IP address

& everything gets borked

The pi-hole can control DHCP but it doesn't have to

I have it set to leave that to the router just in case my server is down, purely convenience

well I just put on Amazon prime on my TV & heckin ads came up

Put more block lists

can u set a static ip on ubuntu ur self

the thing is, I can't force the router to change the DNS

it's a stupid AT&T one that has DNS locked

so I need everything to go thru the Pi so that it can control the DNS

https://v.firebog.net/hosts/lists.php heres how to get list

o nonono

https://github.com/FlipperPA/at-t-pihole/blob/main/README.md

I'm going based on this btw

my bad accidentally called u. the buttons on mobile discord are too small lol

doesn't the Pi need to control all the DNS requests?

if u had a good router you would set dns request to go to the IP of the pihole

heck

I have an ASUS router I could use

but this heckin AT&T gateway doesn't let you bridge

i belive what happens is when you connect a device it ask router, HEY what dns server should i use?? and router goes, use 8.8.8.8, so your request go through 8.8.8.8

Oh and the pi-hole can't block ads that originate from the same server as the content you're viewing

and if u manualy change ur dns server on ur phone, then it uses what ever u tell it to use

So it can't block YT ads either

ya I read that.. like the YouTube app can't be blocked

can confirm, youtube cant be blocked

but i had probems with youtube

it kind of can be with adguard

i had to whitelist a domain or els the vids would pause at 1min excatly

but you need adguard app

& you have to "share" videos from YouTube app to AdGuard's player

what ever u do, whitelist this

or els youtube videos broke

as for your router, you could just portfoward every single port from the isp modem to your router

This is how I avoid YouTube ads on mobile

i dont even watch youtube on my phone kek~4 hell i dont watch realy any media on it

im more of a laptop tv guy

I use it when I go pick my son up from school lol

real

i scroll when i wait to get picked up from school

hmm

I wonder how uBlockOrigin works

the plugin?

i use it on firefox

that it can do it on browser but not on mobile

I use it on Edge lol

you use an android

that & SponsorBlock

it's not available on mobile afik

🧾

bro

ust find a apk or something of modded youtube

I'm cool with using AdGuard. It blocks all sorts of crap

I paid for it already for a year so might as well lol

so what am I accomplishing with this PiHole thing if it won't stop ads on any app? lol

u know those annoying mobile game ads? it stops those

It also reduces network load, since you're not downloading as many ads, reducing page load times, and reducing resource usage on clients

It's also good for blocking ads on devices that can't normally block ads, like an iphone

Adguard does that too

ah okay

so wait, is the Pi-Hole working then?

for anything but the computer it's installed on I mean lol

also, what firewall do you all use?

ufw or whatever?

dunno if that runs on Ubuntu

afaik DMZ does the same thing if you see that

De-Militarized Zone?

yeah

not sure I have that on here ngl lol

DMZ also exposes all your ports to the Internet. No firewall on the router.

but you'd be using the firewalls on the asus router

not sure I even needed to redact that since it's generic anyway

I disabled IPv6 @errant dagger

which would pretty much do the same thing if you were just using the isp router as a bridge, since you'd be giving all the traffic to the specified device in the DMZ

wth is a Cascaded Router? lol

did u set the ipv6 dns kek~4

if I click "Configure" it says

heckers

u have fiber

looks like it's used for basically making another dumb ap

eehh should I?

can't remember rn

seems like the setup process requires you to disable the dhcp server from the cascaded router

u might **https://community.ui.com/questions/How-to-eliminate-ATandT-gateway-from-a-UniFi-setup/6f471739-7694-4512-9bb9-d1c8728d929f

i found this

heck I didn't

ok yeah https://www.wikihow.com/Cascade-Routers lol

I wonder if I could cascade the ASUS

it's not briding, it's just using the other router as an AP

the only problem is I bet the stupid AT&T thing will still be DHCP

ohh

https://community.ui.com/questions/How-to-eliminate-ATandT-gateway-from-a-UniFi-setup/6f471739-7694-4512-9bb9-d1c8728d929f

ya that doesn't really accomplish the goals

no, the isp router can keep dhcp, you do want 1 to be running

lol looking at this now

heck it said this yesterday too

You'd end up with a double NAT if you can't switch the ATT router to bridge

that's always fun

Double NAT can be bad for games, increased latency and you'll never get host again

double nat can be done right tbh

my friend passes thorugh all the ports to his travel router which then he uses to connect his homelab

https://www.youtube.com/watch?v=aShbl1JZMx8

ip passthrough

They weren't working well a few weeks ago

It can be done sure but a lot of games will detect it and immediately disqualify you from being host

Waveform gives similar results

@frank scroll can u find anything with ippassthrough

damn, good thing iv never had that problem

oh I'm a clown

I just realized

the goofy fiber optic cable that connects to the modem thing doesn't connect to the gateway

it's just a regular ethernet port

yeah..

from all the sources i've seen online (from my 2 minutes of searching at least LMAO), outside of the old old at&t routers, and the 2 gigabit or higher plans where you get a sfp module that you can put into a different ONT, you won't be able to bridge or use your own router without double NAT

doesnt mean it will work on any old router tho

I thought it was that metal ethernet port looking thing

you HAVE to use atnt router

unless u do a bypass and all that

https://www.youtube.com/watch?v=BluDAuSU1T4

It's like ONT or something?

that cable ur plugged into goes to your ont

ya that comes from it

yes

huh. that connector really does look like rj45 with the tab like that lmao

You could solve a lot of issues by using your own modem

theirs no modem in fiber

only an ont

I've seen a video where the dude had some little ethernet thing

I'm used to cable lol

you can get a modem that takes fiber?

cable is debatbaly less of a head ache

no

modems are only for cable intenet

the uh

your best solution is to look into a bypass

also you wont be able to remove that from the ont, you'll need to either request (and probably get denied) getting the sfp module for that, or upgrade to a plan where the upgraded router has a removable sfp+ (which they might have changed to being soldered on, which my isp did)
also i highly dont recommend unplugging that fiber cable since you might get dust on it and then your connection is gonna be wack, and you would want to use the specific fiber cleaning things to prevent micro scratches in the cable

older versions of my fiber ont had a removable sfp for the fiber, but they updated it (probably to save costs) to it being non-removable, so rip

my isp requires you to be on a business plan in order to get the modules

i can invite you to a server full of people who do this networking stuff as a hobby and job if u like

so that's called an ONT then?

they will know excatly what u have to do

I'm down if they don't mind hearing a noob sound like a noob

I know that can be annoying haha

okay that's an "Optical Network Terminal"

good thing nobody says that kek~4

okay now I'm caught up on that acronym lol

lmao

better to be embarassed now than call it a modem 30 more times lol

like my good ole' ADSL from back in the day

it's like saying Remote Authentication Dial-In User Service instead of RADIUS (did i even remember the acronym right, i had to memorize this for an exam once but idk if i still remember it properly lol )

I have IP passthrough enabled already I think

Still a better acronym than PHP

PHP stands for PHP Hypertext Preprocessor

Literally

The p is silent

?

real

wanna try somthing, plug your router into the ethernet going to the atnt router and see if it works

P'hypertext Preprocessor

Philipino peso

filipino caseoh?!

i had to ask the homelabbers

@frank scroll

No, it's literally "PHP Hypertext Preprocessor" and that is what PHP stands for. It's a nested acronym.

Wait but then it's infinite

Hold up

under the yellow is the mac address of the Pi (10700KF)

PHP Hypertext Preprocessor Hypertext Preprocessor

fr? lol

(nested once)

Prepare to be doxxed

I actually can almost read the whole thing tbh

LOL

lol I dunno what I'm supposed to hide or anything anyway

more has been said, tldr, they might be forcing you to use their router if your using their ont

Mac address is a good one if you aren't using random mac

heck a couple of those letters aren't too easy to make out

It's like what MSI did with their MSI MEG naming, "Micro Star International Micro Star International Extreme Gaming"

you didnt have to censor a mac address lol that's just the hardware identifier
honestly even if you dox your ip it doesnt even matter since it's going to likely change when you restart the ont

GN had a rant and a half about this lmfao

I mean... I've had two different gateways on it

both from them tho

your own???

ima ddos you

o from them

yeah that make ssense

them ya

if plugging your own doesnt work your best bet would be ip passthroguh mode and just plugging your router into the atnt router, make sure to disable wifi and the firewall on atnt tho

oddly, the latest one had the SSIDs changed

to what they were before

once passthough, firewall, etc is disabled, you pretend atnt doesnt exsist and you use ur own router

2 gateways? you got 2 public ips?

lol not simultaneously

VERY IMPORTANT

@errant dagger Had to delete the pics, sorry but they had naughty words

bruh

ass

13+ server moment

my fav naughty word

That one is fine lol

no they said the poop word

iv seen pg13 movies say worst

that starts with s

🫏

naked people in pg13 movies is fun

uh I think these are all my firewall options

MPAA gives them leeway for exactly one of the designated swear words

amazing

i have a feeling its because the movies whre made in the 90s and such kek~4

Just ask deadpool and wolverine writers

white chicks was a fun movie to watch in class

they are rated r, u can pretty much do what ever u want

seeing i have no idea what that is, id just ignore it and go to disabiling wireless

ur router will handel all that for u ❤️

if you want all your devices to connect to the new router with out having to set them up again, set the same ssid and password to your router that was used on atnt

unfortutnuly this is the way your going to have to do it cause atnt sucks as a isp

ya I figured I'd have to do this tbh

after u DO ALL THAT, your finally set to configure ur dns to point too pihole ❤️

ICMP is pinging (e.g. ping google.com)
SIP ALG is used for VoIP though is recommended to be disabled (apparently it is supposed to improve calls work but may cause call quality issues)
ESP ALG is used for the NAT, apparently for passing through VPNs?
ACL is access control list
honestly everything could just be set to off and you can probably use the default firewall settings of the asus (though do check which are on/off)

and of course do ur own research on ip pasthrough mode too

but if I

what i just told you, ip passthrough mode

atnt is one of the only companys who mke this painful

so wait... I'd have to passthrough to the router that will then passthrough to the Pi thing?

pihole doesnt handle traffic

all pihole does is handel dns request

pihole could fuction with a 10mbps link and have no issues

The second router would be able to set the DNS server and DHCP settings properly

i know too much

heck okay ig I'll have to do that mission lol

gotta rename the stinky wifi

heckers

rn I have pass through set to the Pi

ur confusing me

so I gotta get mac address of this router

u mean your dns server is set to pi

lol no DNS server cannot be changed

or are u litterly using ip passthrough on the pihole server?

😭

https://github.com/FlipperPA/at-t-pihole/blob/main/README.md

I did what this guy said to do

except I ran into a problem:

yeahh.. i wouldnt do that

just do the passthrough blah blah, set the dns server on your router and it should work

after I disable DHCP on the AT&T router, the static IP address I assigned to the Pi gets changed when I reconnect

just.. undo that

like it's not static anymore lol

kek~4

that guide sounds all over

lmfao

i need to go sleep but helping people fun

that guide doesnt need to be used once you do the ip passthrough, just set up pihole the normal way since you have a normal router

also yeah that guide is a little confusing to me lmao

a normal setup

the recomended setup

the setup that will get u the best support if it breaks

.. is it using pihole as the dhcp server

so it can handel the request

it's supposed to

yeahh just ignor that guy

I currently have 12 active leases

it worke too...

idk enough abt this to help you out, sorry

You can use the same name and passphrase as the old network on the new router and it'll be seamless, no config changes needed on clients

I'm still using my network info from 3 routers ago

you do not want 2 conflicting dhcp servers on the same network, if you want to use the pihole dhcp server, make sure to turn off the dhcp server on your passthroughed router

I just let my router (with openwrt) handle it

Disabled that option in pi-hole

either method is fine, though the router is more likely to have better uptime than your pihole

yeah

Precisely

prob easier to troubleshoot too

pihole main feature isnt to do dhcp, the routers entire job is to route

the router should be telling PIhole whats going on, not the other way around

redacting all this crap is exhausting

to be fair, in corporations, you are more likely to see a dedicated dhcp server handling multiple subnets and such, with redundancy as well

makes me miss my trackball mouse fr

but for a home/homelab setup, just use the built in dhcp server

if I do that, it doesn't assign the right static IP to the Pi

you dont need to redact the stuff honestly

atleast no the ip

unless its ur WAN ur fine

There's nothing we could do with a local IP address

the mac address is somewhat useless as well

you just get to learn the vendor id

mmm yes apple made this device

yes yes

very nice

i remember in other serves mods would freak out if i even shown a local ip, let alone a mac

Right there's not a way to target a device on the Internet by mac address alone, you need a target network first and foremost

"damn you got a broadcom? havent you heard they're money grubbers?!"

and if they get into your network.. u have other problems

lol they're gonna steal my $50 or whatever I'm worth at this point

If they get into your network they can get the mac address just by listening to traffic

💀

fr your local traffic is like a street vendor

everybody is just broadcasting out every few seconds lmao

okay so... I leave the DHCP to the router but then, what makes the other devices request the DNS From the Pi??

Plus you can actively scan a network with pings etc and most devices will reply

you can install uhh wireshark (only do it on your own network, since it's illegal to sniff networks that you don't own) and you'll be able to see what anybody with an open source tool can see if they get access to your LAN

The new router will be able to set the DHCP setting so it serves the local pi-hole as the primary DNS server

I thought the Pi handing out the IP addresses made them buddies or something

99% of your traffic is probably encrypted, but you'll be able to see plaintext transmissions

such as if you have a ftp server, which will transmit credentials in plaintext

(very cool)

sftp superiority

lol I put it on anonymous mode to not see it

you manually change the dns server on the router to use the pi

well, that just simply means there's no authentication required lol

u have an asus right

yes. It's not a fancy one tho

you change it here

dns server, set it to the ip of ur pihole

so doing this doesn't make all the other devices request the DNS set on the Pi?

no it doesn't

nope

oh crap I can do this on AP mode??

use router mode

btw you can either set a static lease on your dhcp server to reserve an address for a specific device (every device has a specific MAC, so you just bind it to that MAC), and it'll keep that

or you can change your dhcp server pool to be slightly smaller than your subnet, so you have a few address spaces that don't get automatically assigned, so you can set a static ip on the PI's side to be x ip with x gateway with x dns, and the dhcp server won't assign anything to it (since it isnt part of the dhcp pool)

im using ap mode sense im not using any ip passthroguh and what not

lol RT-AX1800S is the exact router I have

lMFAO

nice

i just use it as an ap in my room, i let my xfinity modem router combo do the rest

the dns setting doesnt do anything, but they never remoed it from the ap mode settings

also you should probably sleep vex if you have something to do tomorrow lol

i shou

ya don't let my networking ignorance keep you up haha

LISTEN I WANNA TEACH U

im tired

heck I know a lot more than I did like 48 hours ago at least

real

networking is hard

I ❤️ openwrt, super easy to config to use my pi-hole

i have a router with open wrt but it does nothing

What do you mean "does nothing"

Doesn't that mean it's working if you don't notice it?

heck I really do miss my trackball mouse... I feel drawing a diagram coming on ngl

does noting as its not plugged in

lol

O

and i keep breaking it trying to make it run as an acceess point

i change something then loose acces to the panel

i cant even figure out how to change the subnet from 192 too 10

You need to designate an IP address to the interface you want to use for management

O

Once you set it to AP mode it won't have the same address

When I’m not tired, maybe something this weekend could you help me do that to it

Sure

ping away, I'll respond when I can

Bet

If I REMBWR to ping you

so my surprise that it worked in AP mode was like uh, kinda right or something?

If you run the Asus in AP mode it will not foward anything to Pihole

(not seeking validation, just that I'm starting to kinda get some of this lol)

It takes extra configuration that you don't need to do in the default router mode

I learned this the hard way

btw today I checked my old crypto wallets

& found like $220

from the residual crap in there

you should all do that later lol

I’ll sleep, your in good hands with gal

Gal

Img

FAL

lol gn thanks for the help

alternatively, set it up, change it to AP mode, and dont ever manage it ever again

I wish

actually, the gl-inet beryl has a button for this
if you dont set a management ip, you can still easily revert the ap mode by holding the reset button, which notably doesnt erase all your settings, but just switches it back to router mode

Huh, that's pretty nifty

or

the app

on your phone

controls like every heckin thing on that router

How do you think the app finds the router

You go fal

Sorry I had to say it

lol it won't find it rn so I dunno

well it finds it but won't connect

I had it set up as AP so it could reach my son's computer

since the old AT&T gateway actually managed to suck more than this one

It finds the router by IP address, which needs to be a valid IP and on the same network as the management interface

Typically home routers will use the LAN ports as management interfaces

Or wifi

hmm maybe since DHCP is on for the Pi, I can't connect cuz it's double NATing rn lol

okay DHCP on Pi is now disabled

Do you have the asus router plugged in right now?

yes but I wanna connect it to the 5g LAN port

wait, why would the pi be double NAT?

cuz only 1/4 is 5g or whatever

AT&T gateway & Pi both giving out IP addresses? I think?

since DHCP was enabled on both

I can’t sleep, disable dhcp on Pihole

It's double NAT because the ATT router won't go into bridge mode and we're adding the Asus router to the net to properly handle the DNS requests

double NAT refers to a router running another subnet within another LAN

ahh

Pihole does not need to do dhcp again

& I can't disable DHCP on the AT&T cuz then the Pi doesn't get the static IP address it's supposed to get oddly

I did

And its going into ip pass through so it gets rid of some the problems double nat has

okay let me go switch LAN ports so the ASUS router is connected to the fastest one so I can get to work here lol

ig I should then ran ethernet from the ASUS to this computer after that?

isp routers are strange but did you make sure to try to assign the ip in the right subnet for the pi
maybe the at&t router is running in like 192.168.1.1/25 instead of /24 for whatever reason

You'll want to use the WAN port on the Asus and a LAN port on the ATT

it's 192.168.1.254. I was just on the little homepage thing in the browser

That’s what I do for my Asus, we conviently have the same one, only difference is he has to run router mode I run AP mode

if the at&t was running with a /25 netmask, then the usable network range would be 1-127

so wait... in AP mode, would any device connected to the ASUS router have its DNS requests handled by the ASUS router? wouldn't AP mean it just asks the main router to handle it?

is that possibly why it won't assign 192.168.1.214 to the Pi when I disable DHCP on the AT&T gateway?

Nope

it could be

It ignores the dns settings I put

Unless router mode

dns server is set by either the dhcp server or manually inputted

so was your PiHole doing anything for any device except itself?

I’m not sure what your asking

btw you can figure out what the netmask is by seeing what ip the dhcp server assigned your pi (it would either be formatted as x.x.x.x x.x.x.x or x.x.x.x/x)

okay I guess the diagram is coming after all lmao

AP mode mostly disables routing functions and leaves switching functions on, so it becomes like a wireless switch

Instead of putting 8.8.8.8 in my dns settings of my phone, I put 10.0.0.101 my pihole

How do you guys set up pihole anyway

And it works, when you plugin your Asus, set it to router mode, configure your ssid, then manually change your dns server to the ip address of Pihole and your finished

I genuinely never looked all the way into it

I hear it's pretty straightforward

It is

in AP Mode, my ASUS Router would show itself & every other device connected to it as ethernet

when I went to AT&T 192...254 website thing

Basically install it, give it a list of ad servers to block, and change router DNS setting

Install where

even in its current borked state, this Pi thing is apparenlty doing something

Wherever you want, preferably a device with as close to 100% uptime as you can

Linux, windows, even mac can run it

connect to ethernet, set, & forget?

iirc pihole uses debian right? if you open a terminal you should probably be able to do ip addr and it should print the current addresses that the interfaces have currently

I'm on ubuntu for the pi

so debian

If you use the pi-hole OS then yes but it can be run as a program on nearly any other OS

just to be clear, I'm running Pi-Hole on Ubuntu on a 10700KF/Z590 Unify-X/GTX960 system lol

that's true

though ubuntu is still debian based

i believe ip addr is still the standard command for ubuntu to check interfaces?

Oh so it's just a device that meddles on the network as a middleman?

I think I need a docker or something to see the Pi anywhere but the web browser

I don't need anything super complicated?

Just a pc?

or a pi

or even just a raspberry pi

(hence name)

You can run it off an old android phone https://www.reddit.com/r/pihole/comments/dy0d8e/2_months_later_android_pihole_setup/?utm_source=share&utm_medium=ios_app&utm_name=iossmf

A laptop without a battery sounds the most economical to me

fr?

made for pi, runs on pretty much anything

I should've used my stupid SurfaceGo2 lmao

I would rather use something without a battery so ig I will consider it

But question

Does it add latency

my friend hosted a jellyfin server with that lmfao

If it adds latency I don't want

it shouldnt*

No, in fact it's faster to connect to a local server than it is to request over the internet

oh but surfacego2 I have to get a usb c to ethernet port adapter which is why I didn't do it in the first place

speaking of which you guys think a pi should be fine for running some low traffic webserver, one being wordpress

i'm sure felix will find a way to make it add latency

with the felix touch

You still have to hop over the net to dns no?

No

Oh it's less turnaround hops?

Wait

technically, but pihole does dns caching as well, so it can be near instant

I get it I answered my own question

Lmao

Hmm

I have an ancient laptop I could probably do this

DNS request is sent by device, router says "DNS server is here and forwards the request, pi-hole says "hey I know this one" and replies with the address

most dns servers have caching tbf, it's to reduce load on the servers higher up in the line (e.g. the tld servers)

And shorter distance is better

It can technically add latency the first time you access a web service

Yeah shorter hops

But it'll cache everything so that's a one time load

one time until the TTL ends

At which time it'll refresh the cache iirc

so it's like

you want the TTL to be like an hour in case a site suddenly changes ip for some reason or another (often times a cause from DDNS)

or actually, load balancing could be a cause as well

okay time to move around some cables

Yes, and any known ad server gets redirected to 0.0.0.0 and fails to load the ad

I have a decent blocklist if you want it

i thought it went to loopback
though i guess that's not an important distinction

should probably hotspot my phone so I can let you all enjoy me breaking my home network live

Hmmm

lol that's step 50 I'm still on 1

I'll have to look into it later

Livestream network crashing lesgo

I don't have a spare pc atm

Not a standalone device anyway

Unless it uses battery which I do not want

wait do I need to like, uninstall Pi-Hole on Ubuntu or something?

No?

get a cheap sbc (not a rpi since those are scalped to hell) but they're very energy efficent

something like a bananapi or smth

oh so it won't care if it gets a new static IP address as long as it gets a new static IP address?

As long as it has nearly 100% uptime it doesn't matter, it uses very little resources

you can even get 2 sbcs and make a cluster with 2 pihole for redundancy

I thought the age of scalped pis was basically over

My KS rig does that but idk if I want pihole on the same device as my stream server

Yeah the pi-hole doesn't care what the IP of the local device is, it simply gets a DNS request and responds

they're still overpriced imo

well ye they can be pricey

okay let me do some quick re-wiring

lol 13900KS system for Pi-Hole

350w npnp

I use my KS system for a few things

NAS, streaming, light games, work

You could even bind the pi-hole to one of the e-cores

I've only ever used mine for hwbot tbh

That doesn't sound ideal to me

I'm on tethering rn

If I'm running something network based I would aim for dedicated thread

Why not? One e-core is better than 2 router cores

Yes but you turn on a game with anti cheat and poof

Anyway
I find it funny how many hoops we had to jump through to get pihole working for ggood
While in my dorm, with an OpenWRT router and a rpi5 (way overkill for this application) it took me more like 20 minutes to setup pihole, and that's only because I read every option available and also looked at the documentation

If I weren't doing my deep dive into pihole, it would've taken me more like 2 minutes to setup

My pihole is currently using 0.07% of the CPU... an E5 1650v2

Maybe I could run it off the KF rig

That's comically small tbf

Yeah I don't have any issues even when I'm using 100% CPU to transcode for Plex

Which is a higher load than you would see when gaming for sure

I tried to see if I could just plex on my main server but kept old system on since it's for testing. and man for some reason plex seems to hate running multiple instances on the same network

okay

wires moved

what a hecker

I probably could've waited on 2/4 of them but whatever

ehh now how to get to ASUS router settings

Is it reset to defaults?

not yet cuz I didn't wanna double NAT

should I?

Yes

Double NAT will only matter for certain services

Everything else should run normally

ah okay

I thought I'd have no access

I did get the wifi to connect from it tho

not sure why it didn't before

but the way to get on it isn't working so let me just factory reset real quick

Double nat is an issue if you want to run a VPN server to access your LAN
Or port forwarding for servers (though technically possible)
And p2p file sharing won't work I believe

Also it would likely increase latency by a millisecond or 2

Most of these things are mitigated by running IP passthrough on the ATT router

Has ggood figured out how to use that feature yet

Not sure, it's not exactly priority 1

sort of

Fair

I had it set to passthrough to the Pi's MAC address

so while I may not understand it, at least I can find it in settings lol

Hmm

That's strange

Later on you should change that to the WAN mac address of the Asus router

Are you unable to find the wan mac for the Asus router

I suspect that ggood might have been trying to input the wrong mac? So it wasn't working

Let's get the asus router working first

Then we can get the mac

We still haven't gotten into the config for that yet

this just appeared

ayyy

Advanced

lol this has been a clusterheck because I can't have my computer connected to both

then I brilliantly named the wifi on the new router the name of the wifi on the old one

so I'm leaving it as [old name]-fix for now

it's activating or something from the app on my phone

so all I can do is wait for now

Yeah you can do that, but later once you actually have it running and can drop the ATT router completely lol

You'll want to disable wifi on the ATT router once that time comes, then you can rename the new wifi net

okay so default gateway from cmd>ipconfig brought me back to the AT&T router

Run from where

client or router

192.168.1.254

client attached to the ASUS Router

via ethernet

the app says my "LAN IP" is 192.168.50.1 for the ASUS Router

WAN IP is 192.168.1.195

the LAN didn't get me on the router let me try the WAN

derp I'm still on AT&T router's wifi that's probably why lol

okay ya that did it lmao

okay so the next step should be:
(a) Connect to AT&T wifi so I can assign static IP Address 192.168.50.1 (LAN Address) to the ASUS router;
(b) Connect to AT&T wifi so I can assign static IP Address 192.168.1.195 (WAN Address) to the ASUS router;
(c) Connect to AT&T wifi so I can set IP Passthrough to the MAC address for the ASUS Router; OR
(d) Stay on Asus Router for...something?

or should I disable AT&T's DHCP server & see what the address is for this router after I reboot the darn thing

so I don't chase my tail like I have been lol

A) The ATT router doesn't care what the LAN address on the Asus router is
B) You can set a static IP to the WAN on the Asus router if you want, not required in this case unless you also enable DMZ
C) Yes set ATT router to passthrough to WAN mac, while you're there you can disable the wifi on ATT router

D) You shouldn't need to connect to the ATT router again for anything

okay let me see if I can find the MAC for this router without having to go check the bottom of it lol

Should be able to grab it from the webpage

copypaste

btw do you disable IPv6 also?

Personally no I don't

oh nice I have the MAC address here on the ASUS router app on my phone

But it can add another layer of complexity to the pi-hole setup

Albeit a thin layer

Just need a DNS for IPv6 also?

Okay connected to AT&T

time to disable everything lol

Basically yes you'd need to configure an ipv6 DNS and set the pi-hole as both ipv4 and ipv6 DNS in DHCP settings

okay Passthrough Fixed MAC Address is now the MAC for the ASUS router

Google's ipv6 dns server if you want to use that
2001:4860:4860::8888
2001:4860:4860::8844

I was planning to use these if that's okay to do?

should I disable all of AT&T's firewall crap so it doesn't interfere with the ASUS Router's?

Nah

everything to off?

ah okay nvm then

okay & I do want to disable DHCP on the AT&T Router again right?

More firewalls can only be a good thing imo, as long as they're not blocking something important by mistake

No you can leave DHCP on for the ATT router

oh heck okay

I thought DHCP determines the DNS or something

In this case the routers are to be treated as 2 separate networks that happen to be connected

but ig it won't matter since nothing but the Asus router will go through the AT&T directly anymore

The DHCP on the Asus router will determine the settings for all devices connected to it

ah right got it

okay so not bothering with IP Allocation (static IP for the Asus Router)

no reason to disable DHCP

so ig all I need to do is take the wifi broadcasts offline

No reason to not disable DHCP rather?if the only device needed is going to get a static ip

okay both the 5g & the 2.4g AT&T gateway wifi are off

I ended up not setting a static IP for the ASUS router

Oh

I just did IP Passthrough to the MAC address for the Asus Router

I mean, you could save your current IP and subnet, set that as a static IP on the Asus, and disable DHCP
To be fair, leaving it on shouldn't affect performance either way, but at the same time it would make a bit more sense imo to use a static ip

Forgot to reply to this, but yes you could use the adguard DNS for another layer of blocking

does it matter since nothing but the router connects to the AT&T gateway? & the Pi-Hole will be connected to the ASUS Router so isn't that the only place I need a static IP Address?

Personally I wouldn't so if it blocks something I want then I have more control over it

I feel like adguards block tables are rather concervative though, I find it to block less (ads) than even the default pihole tables

Yes you'll want the pihole to be static, nothing else is required but more static addresses doesn't hurt

uh what?

The router would also tell clients "hey I can be a DNS too"

It should add the router IP as a backup DNS in case the pihole is down for example

lol soo leave it on yes?

I would yes

okay yes it is then

But where would the router query for DNS

The ATT router

Which it gets the address for via DHCP

And that router uses the ATT DNS

heck isn't that bad tho? lol

That's double nat in a nutshell

It's not too bad though, this is only as a backup

So you don't lose internet entirely if your pihole computer explodes

okay so this needs static IP

yes

There's 3 schools of thought on what address to assign

1. use the same one as the dhcp gave it, it doesn't matter
2. give it a random IP to make it sliiiightly harder to find if a hacker gets in
3. give it an easy to remember IP so you can access it more quickly via browser

On this network the only requirement will be that the address has the first 3 octets as 192.168.50, the last number can be dealer's choice

heck how do I access it? I think it still wants to be the old IP address & it's not like an app/program lol

The pihole? Enter the address in a browser with /admin at the end

oh wait pi-hole -r apparently I can reconfig

192.168.50.84/admin would pull up your pihole config from any device on the local net

you right lol

okay I'm setting static IP for Pi rn

so now I need to set Pi as the DNS for the ASUS Router?

or just IP Passthrough again...?

Yes, you should find the DNS settings under the DHCP section

Assuming the person that designed the interface isn't insane

Yep set DNS server 1 to be your pihole

Leave server 2 as a backup

oh shoot I didn't actually add the static IP lol

You can assign it from that page

At the bottom there

I think that's right then?

Yeah so what that'll do is if the machine running the pihole asks for a DHCP address, it'll get that one every time

It also reserves that address in the DHCP table so nothing else will get it

you can spoof a MAC address in Ubuntu just by going to Wired connection settings lol

there's no reason to do this is there?

Yep no reason, it'll just confuse the router

okay canceled that lol

I don't need the router & me confused

That's a good one to use if you're connecting to public wifi

me is enough

ah I see

you can just make up a MAC address then?

For the most part yes

iphones do this by default too

And a lot of modern androids

oh nice

smart lol

Just makes it harder to track your movements from one place to another if the mac changes every time you reconnect to a net

do I need to install that uwf or whatever firewall on the pi system?

ya but the cell towers probably give you away anyway if it came down to it

ufw? it should be installed by default on ubuntu

oh nvm then lol

right again haha

noice

You'd almost think I've done this before 🙃

time to update adlists then set it & forget it ig

haha fr

Ok so for blocklists

https://github.com/blocklistproject/Lists

oh wait I can add those from this computer

Yep

I was about to type out the URL lol

Personally what I do to avoid adding individual lists is use the everything.txt and then whitelist things I want to use that it blocked

what have you had to whitelist?

But you can add the different categories of lists if you prefer, there's no real limit to that

Whitelisted youtube.com, plex.tv, and s.click.aliexpress.com

ah okay

Also imgur on a wildcard

Fandom.com was also blocked for some reason, added as a wildcard too

fortnite has its own category? lol