tempted to re-open and reply to 1.5 year old support thread seems easier than providing all the background for a new one naw that's a bit rude even for me it sounds less rude if it has relevant data to me but you could just reference it true, but it wipes out that sense of closure up_the_irons gets from closing tickets :) yeah i think I'll just link the original one yeh *facepalm* of course i submit ticket and then see this nice tool to do what i want myself w/o harrassing the staff so i *am* rude! haha reverse dns delegation last time i tweaked reverse dns, i don't recall seeing this, and Garry handled the config, it was just after i had signed up but it looks like i can edit them myself now :D ah heh i think i should use it :) as the years go by i seem to care less and less about reverse delegation unless it's a mail server i'd by happy if it was just .arpnetworks.com or something yeah that would be pretty nice Gets ARP's name out there a bit i think that part of the issue is that often there are multipel things happening on one IP so you end up with just a hostname And gives users a solid/working rDNS out of the box yeah mail is the only thing that forces you to care about reverse that and your IRC /whois results ;) but the hostname you know from the forward lokoup what IP it goes to anyway IRC is a distant second crap laptop, quit lagging irc i don't care about my irc reverse lookujp doesn't even seem to be there even though it's working i know cos i set it up /years/ ago for reverse for irc :) actually maybe someone redelegated your PTRs :) i'd like it to tsay .static.arpnetworks.com my irc isn't on arp and 4.2.2.2, 8.8.8.8 work with it freenode just sucks :) actually i like it when routers say their location too gotta love hating freenode. the worst irc network i ever loved wallshot: Don't worry. If you're the sort of person who worries that they're rude in a tech support query, you aren't rude :) wallshot: it's actually only as bad as undernet used to be actually it's better than underent used to be it's like undernet without the "lag" and people coming in on diff servers and see themselves talk, and being like i said that 5 minutes ago! ooh the big old netsplits it seemed to be slow with netsplits though i think internet was slower back then too yeah undernet grew faster than bandwidth capabilities nah they had ddos issues dunno how efnet survived undernet was big here there usde to be NZ irc server even but then that went away cos too many ddos issues and had to use EU servers cos the US servers blocked non-US IP mercutio: wallshot : i really don't mind if a 1.5 year old ticket is re-opened brycec: mercutio : i really should have rDNS working upon new account signup; just another little thing to do... up_the_irons: good to know. heh my yearly bandwidth is nearly at my monthly bw quota it doesn't seem to be on my cp not that it really matters ha congrats heh i wonder what average utilisation is like is it normally like 1/10th i imagine? nixbag: data center day tomorrow. the huge chassis i was telling you about arrived and i need help racking it. translated: you get to be my forklift. and my makita. Okay, question for those more knowledgeable in IPv6, BGP, etc... wtf is wrong with m0n0.ch? (m0n0wall's website). Their IPv6 interface has been b0rked (or sloooow) for as long as I can remember. Tried connecting today, timed out... Threw their address 2a02:200:3:1::101 into HE's looking glass and they can't reach it. So, what's up with them? Can anyone else reach them? (I googled and didn't see any mentions of their website failing to load over ipv6) ok, I know I'm retarded, but when I have my pf firewall enabled, I can't get out using ipv6? for instance, "telnet www.google.com 80" tries to use ipv6 first. Disabling the firewall works fine. Now, this is the same pf.conf I have in play in other fbsd 9 VPS... I feel like I've ran into this and forgot the solution. Anyone? pjs: can you post a copy of your pf.conf? sure, one sec (though, like I said, it's literally the same (minus IP network) as all my other VPS's) could be a lot of things... starting with wrong addresses, blocking IPv6 services like NDP (equiv of blocking ARP), or something stranger pjs: Other VPS' on ARP? Yea brycec: m0n0.ch seems to work fine from my HE tunnel at home MTR looks alright too wat, really? indeed brycec http://dpaste.com/1014581/ staticsafe: lg.he.net's traceroute gave two he.net hits then bombed out * * * actually wait nvm mtr is dying i guess firefox fell back to v4 lol yeah FF does that my squid proxy at work defaults to ipv6 which is neat, but prevents things like ff from falling back to ipv4 one sec lemme do a mtr from all my boxes thx staticsafe just wondering if I'm losing my mind... wallshot: lol hrmm.. comparing that pf.conf (http://dpaste.com/1014581/) with another from a different fbsd 9.1 VPS the only difference is the ext_net.. brycec: http://sprunge.us/HgeM seems like it may not be reachable via HE for some reason pjs: my guess is you are blocking NDP my ARP box can't reach it up_the_irons possible.. but I wonder why my other VPS's dont seem to have this issue brycec: makes no sense either the AS that IP is in is peered with HE too up_the_irons possible to have the kernel default to v4 when making a connection? v4 works fine with the rules I have configured pjs: no idea how to do that pjs: it's application not kernel that does that pjs: why not just disable ipv6 on your NIC? if ipv6 is turned off, apps won't try to use it or what up_the_irons said on Linux, it's some sysctl param disable_ipv6 sysctl -a | grep disable_ipv6 net.ipv6.conf.all.disable_ipv6 = 0 set that to 1 on linux.. grrr, I hate to disable it.. but I guess they wont be using it thats a step backwards imo, you should fix your pf rules if it's pf it's not linux :) staticsafe I agree Yea, it's FreeBSD i'm yet to do ipv6 on freebsd :O pjs: i would ask around in ##freebsd or something, probably something simple :P try google first i'd reckon Yea, I suppose.. I'm googling :) Trying some things. Just odd that the same pf file, literally the exact same (except the ext_net variable) works fine sorry pjs I got dragged away by a power crisis. pjs: what about the other files that your pf.conf includes? are those identical across hosts? notably, badhosts also, dumb question (because I'm not a pf guru) but I see a lot of pass in inet, but what about inet6? brycec yes, they are. It's a cronjob that gets sync'd every couple hours.. just blocked IP's that have been trying to ssh in to frequently I wonder if this is the culprit: net.inet6.ip6.v6only: 1 (I seem to recall there's a sysctl that equates inet6 and inet, a la ffff::ipaddress) it sucks to disable ipv6 step backwards, like staticsafe said up_the_irons right, I don't want to do that the new backup service will be v6 only for direct links i'm not even enabling v4 for it time to get serious about v6 Yeah pjs net.inet6.ip6.v6only is that sysctl (Portal will clearly describe this on the service page) pjs: so what's net.inet6.ip6.v6only set to on the other boxes? :p brycec yea, it's sysctl.. but the setting is the same on a working fbsd 9.1 box (same pf.conf) up_the_irons++ (darn, hoped that was it) sweet, i just got +1'd don't think that has ever happened b4 Not according to my logs shit (so, not since Sep 30, 2012) but according to my memory... wow, indeed, it has happened 4 times http://irclogger.arpnetworks.com/irclogger_log_search/arpnetworks?search=up_the_irons%2B%2B&action=search&error=0 ha Poor up_the_irons went all of 2012 without one up_the_irons+=100 There there, feel better. (and that's a first) wow Adding these 2 fixed it pass out on $ext_if inet6 pass out on $ext_if proto ipv6 :) Grrr, gonna drive me up the wall why its required here and not on my others \o/ so it was blocking v6 outbound Yea :-/ well that's a way better fix than disabling ipv6! ;) hah for sure i'm saving those pf rules to look at later. they make mine look sloppy as heck, all nicely sorted, with timeout rules and labels on everything wallshot :) any JS nerds in here ? would nerd in your case imply something good? :) jbergstroem: yes but i figured out my own answer jbergstroem: didn't think to check #javascript first ;-) super nerds in that channel haha damn nerds! oh yeah, and the answer is probably: have you upgraded the jquerys? jbergstroem: heh no the answer was closure are created during instantiation of a function not invocation up_the_irons: what time will you need help? someone has been trying to brute force my ssh connection this week. well about 3 different people have it seems. nixbag: that's normal welcome to the internet :) my first time looking through my auth logs in awhile :) nixbag: just run sshguard/fail2ban. gets them after a few attempts jbergstroem: i'm using fail2ban at the moment. it's already done it's job twice since this morning. mercutio: "welcome to the internet" reminds me of this http://www.quickmeme.com/meme/35ukyz/ heh but yeah it's all over the palce now