tempted to re-open and reply to 1.5 year old support thread
seems easier than providing all the background for a new one
naw that's a bit rude even for me
it sounds less rude if it has relevant data to me
but you could just reference it
true, but it wipes out that sense of closure up_the_irons gets from closing tickets :)
yeah i think I'll just link the original one
yeh
*facepalm* of course i submit ticket and then see this nice tool to do what i want myself w/o harrassing the staff
so i *am* rude!
haha
reverse dns delegation
last time i tweaked reverse dns, i don't recall seeing this, and Garry handled the config, it was just after i had signed up
but it looks like i can edit them myself now :D
ah
heh
i think i should use it :)
as the years go by i seem to care less and less about reverse delegation
unless it's a mail server
i'd by happy if it was just <ip>.arpnetworks.com or something
yeah that would be pretty nice
Gets ARP's name out there a bit
i think that part of the issue is that often there are multipel things happening on one IP
so you end up with just a hostname
And gives users a solid/working rDNS out of the box
yeah mail is the only thing that forces you to care about reverse
that and your IRC /whois results ;)
but the hostname you know from the forward lokoup what IP it goes to anyway
IRC is a distant second
crap laptop, quit lagging
irc i don't care about
my irc reverse lookujp doesn't even seem to be there
even though it's working
i know cos i set it up /years/ ago for reverse for irc :)
actually
maybe someone redelegated your PTRs :)
i'd like it to tsay <ip>.static.arpnetworks.com
my irc isn't on arp
and 4.2.2.2, 8.8.8.8 work with it
freenode just sucks :)
actually i like it when routers say their location too
gotta love hating freenode.  the worst irc network i ever loved
wallshot: Don't worry. If you're the sort of person who worries that they're rude in a tech support query, you aren't rude :)
wallshot: it's actually only as bad as undernet used to be
actually it's better than underent used to be
it's like undernet without the "lag"
and people coming in on diff servers and see themselves talk, and being like i said that 5 minutes ago!
ooh the big old netsplits
it seemed to be slow with netsplits though
i think internet was slower back then too
yeah undernet grew faster than bandwidth capabilities
nah they had ddos issues
dunno how efnet survived
undernet was big here
there usde to be NZ irc server even
but then that went away cos too many ddos issues
and had to use EU servers
cos the US servers blocked non-US IP
mercutio: wallshot : i really don't mind if a 1.5 year old ticket is re-opened
brycec: mercutio : i really should have rDNS working upon new account signup; just another little thing to do...
up_the_irons: good to know.
heh my yearly bandwidth is nearly at my monthly bw quota
it doesn't seem to be on my cp
not that it really matters
ha congrats
heh
i wonder what average utilisation is like
is it normally like 1/10th i imagine?
nixbag: data center day tomorrow.  the huge chassis i was telling you about arrived and i need help racking it.
translated: you get to be my forklift.  and my makita.
Okay, question for those more knowledgeable in IPv6, BGP, etc... wtf is wrong with m0n0.ch? (m0n0wall's website). Their IPv6 interface has been b0rked (or sloooow) for as long as I can remember. Tried connecting today, timed out... Threw their address 2a02:200:3:1::101 into HE's looking glass and they can't reach it. So, what's up with them? Can anyone else reach them?
(I googled and didn't see any mentions of their website failing to load over ipv6)
ok, I know I'm retarded, but when I have my pf firewall enabled, I can't get out using ipv6? for instance, "telnet www.google.com 80" tries to use ipv6 first. Disabling the firewall works fine. Now, this is the same pf.conf I have in play in other fbsd 9 VPS... I feel like I've ran into this and forgot the solution. Anyone?
pjs: can you post a copy of your pf.conf?
sure, one sec (though, like I said, it's literally the same (minus IP network) as all my other VPS's)
could be a lot of things... starting with wrong addresses, blocking IPv6 services like NDP (equiv of blocking ARP), or something stranger
pjs: Other VPS' on ARP?
Yea
brycec: m0n0.ch seems to work fine from my HE tunnel at home
MTR looks alright too
wat, really?
indeed
brycec http://dpaste.com/1014581/
staticsafe: lg.he.net's traceroute gave two he.net hits then bombed out * * *
actually wait
nvm mtr is dying
i guess firefox fell back to v4
lol yeah FF does that
my squid proxy at work defaults to ipv6
which is neat, but prevents things like ff from falling back to ipv4
one sec lemme do a mtr from all my boxes
thx staticsafe
just wondering if I'm losing my mind...
wallshot: lol
hrmm.. comparing that pf.conf (http://dpaste.com/1014581/) with another from a different fbsd 9.1 VPS the only difference is the ext_net..
brycec: http://sprunge.us/HgeM seems like it may not be reachable via HE for some reason
pjs: my guess is you are blocking NDP
my ARP box can't reach it
up_the_irons possible.. but I wonder why my other VPS's dont seem to have this issue
brycec: makes no sense either
the AS that IP is in is peered with HE too
up_the_irons possible to have the kernel default to v4 when making a connection? v4 works fine with the rules I have configured
pjs: no idea how to do that
pjs: it's application not kernel that does that
pjs: why not just disable ipv6 on your NIC?
if ipv6 is turned off, apps won't try to use it
or what up_the_irons said
on Linux, it's some sysctl param
disable_ipv6
sysctl -a | grep disable_ipv6
net.ipv6.conf.all.disable_ipv6 = 0
set that to 1 on linux..
grrr, I hate to disable it.. but I guess they wont be using it
thats a step backwards imo, you should fix your pf rules
if it's pf it's not linux :)
staticsafe I agree
Yea, it's FreeBSD
i'm yet to do ipv6 on freebsd
:O
pjs: i would ask around in ##freebsd or something, probably something simple :P
try google first i'd reckon
Yea, I suppose.. I'm googling :)
Trying some things. Just odd that the same pf file, literally the exact same (except the ext_net variable) works fine
sorry pjs I got dragged away by a power crisis.
pjs: what about the other files that your pf.conf includes?
are those identical across hosts?
notably, badhosts
also, dumb question (because I'm not a pf guru) but I see a lot of pass in inet, but what about inet6?
brycec yes, they are. It's a cronjob that gets sync'd every couple hours.. just blocked IP's that have been trying to ssh in to frequently
I wonder if this is the culprit: net.inet6.ip6.v6only: 1
(I seem to recall there's a sysctl that equates inet6 and inet, a la ffff::ipaddress)
it sucks to disable ipv6
step backwards, like staticsafe said
up_the_irons right, I don't want to do that
the new backup service will be v6 only for direct links
i'm not even enabling v4 for it
time to get serious about v6
Yeah pjs net.inet6.ip6.v6only is that sysctl
(Portal will clearly describe this on the service page)
pjs: so what's net.inet6.ip6.v6only set to on the other boxes? :p
brycec yea, it's sysctl.. but the setting is the same on a working fbsd 9.1 box (same pf.conf)
up_the_irons++
(darn, hoped that was it)
sweet, i just got +1'd
don't think that has ever happened b4
Not according to my logs
shit
(so, not since Sep 30, 2012)
but according to my memory...
wow, indeed, it has happened 4 times
http://irclogger.arpnetworks.com/irclogger_log_search/arpnetworks?search=up_the_irons%2B%2B&action=search&error=0
ha
Poor up_the_irons went all of 2012 without one
up_the_irons+=100
There there, feel better.
(and that's a first)
wow
Adding these 2 fixed it
pass out on $ext_if inet6
pass out on $ext_if proto ipv6
:)
Grrr, gonna drive me up the wall why its required here and not on my others
\o/
so it was blocking v6 outbound
Yea :-/
well that's a way better fix than disabling ipv6! ;)
hah for sure
i'm saving those pf rules to look at later.   they make mine look sloppy as heck, all nicely sorted, with timeout rules and labels on everything
wallshot :)
any JS nerds in here
?
would nerd in your case imply something good? :)
jbergstroem: yes but i figured out my own answer
jbergstroem: didn't think to check #javascript first ;-)
super nerds in that channel haha
damn nerds!
oh yeah, and the answer is probably: have you upgraded the jquerys?
jbergstroem: heh no the answer was closure are created during instantiation of a function not invocation
up_the_irons: what time will you need help?
someone has been trying to brute force my ssh connection this week. well about 3 different people have it seems.
nixbag: that's normal
welcome to the internet :)
my first time looking through my auth logs in awhile :)
nixbag: just run sshguard/fail2ban. gets them after a few attempts
jbergstroem: i'm using fail2ban at the moment. it's already done it's job twice since this morning.
mercutio: "welcome to the internet" reminds me of this http://www.quickmeme.com/meme/35ukyz/
heh
but yeah it's all over the palce now