***: ant has joined #arpnetworks
mnathani1 has joined #arpnetworks
mnathani has quit IRC (Quit: WeeChat 0.4.3)
mnathani1 has quit IRC (Client Quit)
mnathani has joined #arpnetworks
mnathani: Test
RandalSchwartz: Test succeeded!
brycec: Test failed.
well that was fun... some kind of blip in connectivity
Anyone else?
Might not have been network, my VPS' loadavg hit at least 30 according to munin once things came back.
mercutio: what host?
brycec: kvr21
from about 13:45-14:00 ARP time
my VPS became unresponsive (syncthing even claimed "Paused state detected, possibly woke up from standby."), then when it came back it got slammed and triggered its OOM killer too
I'm still poking through my logs to figure out what happened
No reboot or anything at least.
Looking at my smokeping slave access logs (the slaves connecting to the master which is this VPS), it looks like there were a handful of missed check-ins. There should be several every 60 seconds, but in that period, at least 1/3 are missing. Packet loss maybe? :/
Looking like it was isolated to ipv6 connections?
mercutio: checking disk situation first
brycec: Cool. I'm not finding much in the way of definitive evidence of what exactly happened (I wasn't paying attention at the time either) :/
***: mkb has quit IRC (Ping timeout: 240 seconds)
mkb has joined #arpnetworks
jcv has quit IRC (Quit: leaving)
jcv has joined #arpnetworks
medum has quit IRC (Ping timeout: 240 seconds)
medum has joined #arpnetworks
mnathani_: I have what seems like a NAT issue
weechat relay on my android device is setup to connect to my residential Public IP
this works fine when I am on 4G / LTE but when I return to my home wifi, connecting to this public IP fails
brycec: @google hairpin nat
BryceBot: 260,000 total results returned for 'hairpin nat', here's 3
Hairpinning - Wikipedia, the free encyclopedia (https://en.wikipedia.org/wiki/Hairpinning) In network computing, hairpinning describes a communication between two hosts behind the same NAT device using their mapped endpoint. Because not all ...
Hairpin NAT - MikroTik Wiki (http://wiki.mikrotik.com/wiki/Hairpin_NAT) Sep 16, 2010 ... In the below network topology a web server behind a router is on private IP address space, and the router performs NAT to forward traffic to its ...
EdgeMAX - NAT Hairpin (Nat Inside-to-Inside / Loopback / Reflection) (https://help.ubnt.com/hc/en-us/articles/204952134-EdgeMAX-NAT-Hairpin-Nat-Inside-to-Inside-Loopback-Reflection-) Aug 13, 2015 ... Overview. Readers will learn about the NAT Hairpin for EdgeRouter. Typically, a NAT Port Forwarding rule is used from the outside network to ...
brycec: ^ That's the name for your issue :)
(Specifically you lack hairpinning)
mnathani_: now all I need to do is figure out how to solve it
GW is Mikrotik if that helps
brycec: @google hairpin nat mikrotik
BryceBot: 409 total results returned for 'hairpin nat mikrotik', here's 3
Hairpin NAT - MikroTik Wiki (http://wiki.mikrotik.com/wiki/Hairpin_NAT) Sep 16, 2010 ... In the below network topology a web server behind a router is on private IP address space, and the router performs NAT to forward traffic to its ...
Port Forwarding from inner network to inner network (hairpin NAT) (http://superuser.com/questions/663820/port-forwarding-from-inner-network-to-inner-network-hairpin-nat) Oct 22, 2013 ... I've successfully setup a port forwarding on a Mikrotik router that translates every request going to WAN ip address on port 8844 (let's say: ...
routing - mikrotik nat redirect to local from local - Stack Overflow (http://stackoverflow.com/questions/20163669/mikrotik-nat-redirect-to-local-from-local) I'm using Mikrotik 750GL and I have such a problem: ... your situation need something called Hairpin NAT... all the explanation i will tell you ...
brycec: :p
mnathani_: @google mikrotik hairpin
BryceBot: 452 total results returned for 'mikrotik hairpin', here's 3
Hairpin NAT - MikroTik Wiki (http://wiki.mikrotik.com/wiki/Hairpin_NAT) Sep 16, 2010 ... In the below network topology a web server behind a router is on private IP address space, and the router performs NAT to forward traffic to its ...
Port Forwarding from inner network to inner network (hairpin NAT) (http://superuser.com/questions/663820/port-forwarding-from-inner-network-to-inner-network-hairpin-nat) Oct 22, 2013 ... I've successfully setup a port forwarding on a Mikrotik router that translates every request going to WAN ip address on port 8844 (let's say: ...
DHCP/DNS, Port Forward, Hairpin... - MikroTik RouterOS (http://forum.mikrotik.com/viewtopic.php?t=99867) DHCP/DNS, Port Forward, Hairpin... Post by bhlowe » Tue Aug 25, 2015 10:11 pm. Automatically assign DNS record for DHCP client_id [off, dynamic and static, ...
mnathani_: lol
mercutio: it would be nice if ipv6 was everywhere
nat is so ick
mnathani_: I was ISP Summit Canada today, and folks there believe IPv6 will be ubiquitous within the next 2 years
mercutio: hmm
i'm pessimistic
mnathani_: I think we will see a lot more CGNAT type stuff before IPv6 becomes mainstream
brycec: I'm realistic :P
mercutio: is this about having ipv6 support available opt-in
or sites actually serving on ipv6?
mnathani_: ISPs rolling it out to subscribers
brycec: Though I was surprised to see TWC offering native IPv6 at the home office.
(tcpdump picked up their RAs)
mnathani_: I'd like to know when it will be OK to provide IPv6 only connections
brycec: I've been seeing more ISPs offering it than I have websites serving over it.
Google, Facebook, Wikipedia (aka: like 75% of my browsing) are all IPv6 which is great. But Twitter and Netflix are not.
mnathani_: Skype isnt either
brycec: Well Netflix actually seems to vary - right now is IPv6 apparently.
(Last I'd checked it was IPv4)
mnathani_: I get BLOCKED
when browsing with IPv6 on
brycec: Hulu and Amazon are both IPv4-only as well
mercutio: are any public news sites on ipv6 at all?
maybe some cdn ones
brycec: Does google.com/news count? :P
wikinews.org is ipv6
mercutio: ebay, amazon, paypal are all ipv4 only
i mean like cnn, fox etc
to use american examples :)
brycec: I thought you said news, not drivel?
mercutio: haha
even if you don't read them lots of people do
brycec: And those all return no ipv6 DNS records.
[for me]
mercutio: yeah same
i just tried heh, the local news stuff here is ipv4 only too
actually ipv6 adoption is rather weak locally
brycec: I blame the hobbits.
***: Speakz has joined #arpnetworks
mercutio: i just think no-one cares
the biggest news site is using coldfusion
-: brycec knows a CF dev. He hates it.
mnathani_: my weechat-relay server is running on : 10.10.2.2 port 8001 as well as public IP: port 60001
brycec: That's good to know. I'll start DDOS'ing 10.10.2.2 right away.
mnathani_: what do I need to change this config to: /ip firewall nat add chain=srcnat src-address=192.168.1.0/24 dst-address=192.168.1.2 protocol=tcp dst-port=80 out-interface=LAN action=masquerade
brycec: dst-address should be your external IP
dst-port should be 60001
to-address should be 10.10.2.2
(I might be unclear about the port)...
BryceBot: That's what she said!!
mercutio: any port in a storm
brycec: heh
mnathani_: :-)
brycec: (Full disclaimer,I'm just going off that mikrotik wiki page, and don't actually know this syntax in the slightest)
mercutio: i prefer to touch routeros as little as possible
so don't have deep understanding
brycec: (re-reading the wiki, apparently you should ignore what I've said :P)
-: mercutio rereads
mercutio: i don't think i understand the problem
brycec: Problem is that from inside his network, he cannot reach $extip:60001
mercutio: oh, you can't connect to your public ip from internal
brycec: From outside his network, that works.
mercutio: yeah that makes much more sense
i'm sure that's googleable
brycec: mercutio: read scrollback ;)
mercutio: i mean not the wiki
brycec: it was Googled, and here we are now :P
mercutio: but real useres.
users
the wiki is terrible
i'd check the forums
brycec: Aw I thought it looked promising. Only difference between the example and mnathani_'s situation is there's a port forward too, not 1:1 port numbering.
mercutio: why not just relay to arp?
brycec: well there were forum results for that too. :P http://stackoverflow.com/questions/20163669/mikrotik-nat-redirect-to-local-from-local seems promising (complete with port number change)
mercutio: relaying through your home setup seems messy
or use a dns naem
brycec: If only he had some kind of public server...
mercutio: and give internal ip for local lookup
brycec: split-horizon DNS?
mercutio: yeah
brycec: Of course he'd have to change the internal port number too, but no reason not to
mercutio: with dnsmasq it's real easy to overload
so you just force a diff ip for local
brycec: (It certainly is)
mercutio: 1 to 1 port mappings are more sensible too
brycec: Not sure I 100% agree with that
mnathani_: I can change the port
brycec: Especially with things like RDP - you can't change Windows' port it listens on, and all number of bots look for 3389
mnathani_: either the public, or the internal one
mercutio: oh true
yeh that's windows though
i was thinking normal servers :)
mnathani_: actually through a registry change you can change the windows rdp port
mercutio: with windows it's probably better to vpn in
brycec: And then there are ISP's that block 25/80/443 so you have to port-forward, but you still want the convenience internally
mnathani_: @google change rdp port windows
BryceBot: 59,000 total results returned for 'change rdp port windows', here's 3
How to change the listening port for Remote Desktop (https://support.microsoft.com/en-us/kb/306759) Describes how to change the port that Remote Desktop listens on. ... Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has ...
Change the Remote Desktop Connection port to your Windows Server (https://kb.iweb.com/entries/23462112-Change-the-Remote-Desktop-Connection-port-to-your-Windows-Server) Mar 29, 2013 ... Windows servers are remotely accessible with Remote Desktop via the TCP 3389 port (default port). In some situations, as when you wish to ...
Change Remote Desktop RDP Port (http://tweaks.com/windows/50743/change-remote-desktop-rdp-port/) Port 3389 is the home of the remote desktop protocol that powers Remote Desktop Services on all modern versions of Windows. If your...
brycec: (It's always better to VPN in. Or at least do a SSH port-forward)
(Incidentally, that's what I've done in the past with weechat relay)
(JuiceSSH)
mercutio: i just run weechat inside tmux myself
mnathani_: I think I got the ports and IPs correct, but the out interface is confusing me
I dont have one labeled LAN
mercutio: maybe it's a friendly name?
mnathani_: reminder: /ip firewall nat add chain=srcnat src-address=192.168.1.0/24 dst-address=192.168.1.2 protocol=tcp dst-port=80 out-interface=LAN action=masquerade
mercutio: out-interface= .. maybe your core issue
mnathani_: I have something called bridge-local
mnathani: Hello
Bridge Local worked
mnathani_: never mind
it kicked me off
***: Speakz has left
mnathani_: checking the stackoverflow link now
mnathani: Test 2
mnathani_: brycec: Thank you! Your assistance was much appreciated. I can now weechat over wifi at home
brycec: Heh, very good :)
mercutio: https://twitter.com/arpnetworks/status/664003063124992000
BryceBot: TWITTER: Checking out Telehouse in Germany https://t.co/2htmDzosjp (Tue Nov 10 08:54:01 +0000 2015, retweeted 1 times)
mercutio: hmm
***: awyeah has quit IRC (Read error: Connection reset by peer)
awyeah has joined #arpnetworks
mercutio: erk
lag 82.398
brycec: PING www.telehouse-rechenzentrum.de (85.90.40.37) 56(84) bytes of data.
64 bytes from telecloud.eu.com (85.90.40.37): icmp_seq=1 ttl=123 time=137 ms
mercutio: weird the lag went away, i tried to mtr and there was no loss
well other than layer3 deprioritisation
brycec: Telehouse looks quite a bit like a prison https://goo.gl/maps/58NckLhMN512
mercutio: 272 msec from nz
data centres are ugly generally
i don't want a pretty data centre myself
omg
BryceBot: That's what she said!!
brycec: lol
mercutio: it's even worse than normal :)
brycec: Looks totally different from the front side though https://ssl.panoramio.com/photo/92207614
mercutio: it looks like a very old building
it's weird how big it is but not tall
weird no ipv6
brycec: (that ping, btw, was from ARP)
mercutio: i have 134 from arp
brycec: I imagine up_the_irons will arrange transit
mercutio: go figure
i don't know much about germany data centres
brycec: Actually, Google indidcates that Telehouse has IPv6 in several locations
NY, Bulgaria, etc
mercutio: well not their primary site
oh telehouse is UK based isn't it?
brycec: Well Telehouse Europe is :p
mercutio: oh
www.telehouse.net says location of london, Uk
brycec: There's also Telehouse America :P
mercutio: cloudflare noc is european.
it's pretty hard to tell where things are based these days :)
brycec: "Together with its parent company, KDDI and sister company Telehouse Europe, Telehouse America operate a total of 44 Telehouse-branded global data centers in 23 cities throughout Asia, Africa, North America and EMEA."
mercutio: since 1990 when it pioneered Europe's first purpose-build data centre in London..
brycec: CloudFlare has NOCs all over, as evidenced by a NOC Engineer job listing in SFO.
mercutio: ahh true, the peering one is somewhere near sweden i'm guessing from phone number
actually it's uk
brycec: Well they do have a Stockholm location https://www.cloudflare.com/network-map/
mercutio: cloudflare is growing quite raidly from what is aw
saw
it's kind of cool because everyone can have CDN
didn't really like the akamai high charging that discouraged small sites.
even their pay for pricing isn't that high
oh yeah nginx just added http/2 to beta version
so http/2 should be around in nginx stable soonish
***: dj_goku_ has quit IRC (Read error: No route to host)
chrismsnz has quit IRC (Ping timeout: 244 seconds)
chrismsnz has joined #arpnetworks
dj_goku has joined #arpnetworks
dj_goku has quit IRC (Changing host)
dj_goku has joined #arpnetworks
BryceBot has quit IRC (Ping timeout: 244 seconds)
dj_goku has quit IRC (Read error: No route to host)
dj_goku has joined #arpnetworks
BryceBot has joined #arpnetworks