[06:50] *** ant has quit IRC (Ping timeout: 250 seconds) [06:51] *** ant has joined #arpnetworks [12:56] *** mnathani1 has joined #arpnetworks [12:57] *** mnathani has quit IRC (Quit: WeeChat 0.4.3) [12:57] *** mnathani1 has quit IRC (Client Quit) [12:57] *** mnathani has joined #arpnetworks [13:11] Test [13:19] Test succeeded! [13:21] Test failed. [14:04] well that was fun... some kind of blip in connectivity [14:05] Anyone else? [14:17] Might not have been network, my VPS' loadavg hit at least 30 according to munin once things came back. [14:30] what host? [14:33] kvr21 [14:33] from about 13:45-14:00 ARP time [14:34] my VPS became unresponsive (syncthing even claimed "Paused state detected, possibly woke up from standby."), then when it came back it got slammed and triggered its OOM killer too [14:34] I'm still poking through my logs to figure out what happened [14:35] No reboot or anything at least. [14:37] Looking at my smokeping slave access logs (the slaves connecting to the master which is this VPS), it looks like there were a handful of missed check-ins. There should be several every 60 seconds, but in that period, at least 1/3 are missing. Packet loss maybe? :/ [14:38] Looking like it was isolated to ipv6 connections? [14:38] checking disk situation first [14:39] Cool. I'm not finding much in the way of definitive evidence of what exactly happened (I wasn't paying attention at the time either) :/ [15:02] *** mkb has quit IRC (Ping timeout: 240 seconds) [15:11] *** mkb has joined #arpnetworks [16:29] *** jcv has quit IRC (Quit: leaving) [16:30] *** jcv has joined #arpnetworks [18:32] *** medum has quit IRC (Ping timeout: 240 seconds) [18:33] *** medum has joined #arpnetworks [20:13] I have what seems like a NAT issue [20:14] weechat relay on my android device is setup to connect to my residential Public IP [20:14] this works fine when I am on 4G / LTE but when I return to my home wifi, connecting to this public IP fails [20:15] @google hairpin nat [20:15] 260,000 total results returned for 'hairpin nat', here's 3 [20:15] Hairpinning - Wikipedia, the free encyclopedia (https://en.wikipedia.org/wiki/Hairpinning) In network computing, hairpinning describes a communication between two hosts behind the same NAT device using their mapped endpoint. Because not all ... [20:15] Hairpin NAT - MikroTik Wiki (http://wiki.mikrotik.com/wiki/Hairpin_NAT) Sep 16, 2010 ... In the below network topology a web server behind a router is on private IP address space, and the router performs NAT to forward traffic to its ... [20:15] EdgeMAX - NAT Hairpin (Nat Inside-to-Inside / Loopback / Reflection) (https://help.ubnt.com/hc/en-us/articles/204952134-EdgeMAX-NAT-Hairpin-Nat-Inside-to-Inside-Loopback-Reflection-) Aug 13, 2015 ... Overview. Readers will learn about the NAT Hairpin for EdgeRouter. Typically, a NAT Port Forwarding rule is used from the outside network to ... [20:15] ^ That's the name for your issue :) [20:16] (Specifically you lack hairpinning) [20:16] now all I need to do is figure out how to solve it [20:16] GW is Mikrotik if that helps [20:16] @google hairpin nat mikrotik [20:16] 409 total results returned for 'hairpin nat mikrotik', here's 3 [20:16] Hairpin NAT - MikroTik Wiki (http://wiki.mikrotik.com/wiki/Hairpin_NAT) Sep 16, 2010 ... In the below network topology a web server behind a router is on private IP address space, and the router performs NAT to forward traffic to its ... [20:16] Port Forwarding from inner network to inner network (hairpin NAT) (http://superuser.com/questions/663820/port-forwarding-from-inner-network-to-inner-network-hairpin-nat) Oct 22, 2013 ... I've successfully setup a port forwarding on a Mikrotik router that translates every request going to WAN ip address on port 8844 (let's say: ... [20:16] routing - mikrotik nat redirect to local from local - Stack Overflow (http://stackoverflow.com/questions/20163669/mikrotik-nat-redirect-to-local-from-local) I'm using Mikrotik 750GL and I have such a problem: ... your situation need something called Hairpin NAT... all the explanation i will tell you ... [20:16] :p [20:16] @google mikrotik hairpin [20:16] 452 total results returned for 'mikrotik hairpin', here's 3 [20:16] Hairpin NAT - MikroTik Wiki (http://wiki.mikrotik.com/wiki/Hairpin_NAT) Sep 16, 2010 ... In the below network topology a web server behind a router is on private IP address space, and the router performs NAT to forward traffic to its ... [20:16] Port Forwarding from inner network to inner network (hairpin NAT) (http://superuser.com/questions/663820/port-forwarding-from-inner-network-to-inner-network-hairpin-nat) Oct 22, 2013 ... I've successfully setup a port forwarding on a Mikrotik router that translates every request going to WAN ip address on port 8844 (let's say: ... [20:16] DHCP/DNS, Port Forward, Hairpin... - MikroTik RouterOS (http://forum.mikrotik.com/viewtopic.php?t=99867) DHCP/DNS, Port Forward, Hairpin... Post by bhlowe » Tue Aug 25, 2015 10:11 pm. Automatically assign DNS record for DHCP client_id [off, dynamic and static,  ... [20:16] lol [20:29] it would be nice if ipv6 was everywhere [20:29] nat is so ick [20:30] I was ISP Summit Canada today, and folks there believe IPv6 will be ubiquitous within the next 2 years [20:30] hmm [20:30] i'm pessimistic [20:31] I think we will see a lot more CGNAT type stuff before IPv6 becomes mainstream [20:31] I'm realistic :P [20:31] is this about having ipv6 support available opt-in [20:31] or sites actually serving on ipv6? [20:31] ISPs rolling it out to subscribers [20:31] Though I was surprised to see TWC offering native IPv6 at the home office. [20:31] (tcpdump picked up their RAs) [20:32] I'd like to know when it will be OK to provide IPv6 only connections [20:32] I've been seeing more ISPs offering it than I have websites serving over it. [20:33] Google, Facebook, Wikipedia (aka: like 75% of my browsing) are all IPv6 which is great. But Twitter and Netflix are not. [20:33] Skype isnt either [20:33] Well Netflix actually seems to vary - right now is IPv6 apparently. [20:33] (Last I'd checked it was IPv4) [20:36] I get BLOCKED [20:36] when browsing with IPv6 on [20:37] Hulu and Amazon are both IPv4-only as well [20:37] are any public news sites on ipv6 at all? [20:37] maybe some cdn ones [20:37] Does google.com/news count? :P [20:37] wikinews.org is ipv6 [20:37] ebay, amazon, paypal are all ipv4 only [20:38] i mean like cnn, fox etc [20:38] to use american examples :) [20:38] I thought you said news, not drivel? [20:38] haha [20:38] even if you don't read them lots of people do [20:39] And those all return no ipv6 DNS records. [20:39] [for me] [20:39] yeah same [20:39] i just tried heh, the local news stuff here is ipv4 only too [20:39] actually ipv6 adoption is rather weak locally [20:39] I blame the hobbits. [20:40] *** Speakz has joined #arpnetworks [20:40] i just think no-one cares [20:40] the biggest news site is using coldfusion [20:40] * brycec knows a CF dev. He hates it. [20:40] my weechat-relay server is running on : 10.10.2.2 port 8001 as well as public IP: port 60001 [20:41] That's good to know. I'll start DDOS'ing 10.10.2.2 right away. [20:42] what do I need to change this config to: /ip firewall nat add chain=srcnat src-address=192.168.1.0/24 dst-address=192.168.1.2 protocol=tcp dst-port=80 out-interface=LAN action=masquerade [20:43] dst-address should be your external IP [20:43] dst-port should be 60001 [20:43] to-address should be 10.10.2.2 [20:43] (I might be unclear about the port)... [20:43] That's what she said!! [20:44] any port in a storm [20:44] heh [20:44] :-) [20:44] (Full disclaimer,I'm just going off that mikrotik wiki page, and don't actually know this syntax in the slightest) [20:44] i prefer to touch routeros as little as possible [20:45] so don't have deep understanding [20:45] (re-reading the wiki, apparently you should ignore what I've said :P) [20:45] * mercutio rereads [20:46] i don't think i understand the problem [20:46] Problem is that from inside his network, he cannot reach $extip:60001 [20:46] oh, you can't connect to your public ip from internal [20:46] From outside his network, that works. [20:47] yeah that makes much more sense [20:47] i'm sure that's googleable [20:47] mercutio: read scrollback ;) [20:47] i mean not the wiki [20:47] it was Googled, and here we are now :P [20:47] but real useres. [20:47] users [20:47] the wiki is terrible [20:47] i'd check the forums [20:47] Aw I thought it looked promising. Only difference between the example and mnathani_'s situation is there's a port forward too, not 1:1 port numbering. [20:48] why not just relay to arp? [20:48] well there were forum results for that too. :P http://stackoverflow.com/questions/20163669/mikrotik-nat-redirect-to-local-from-local seems promising (complete with port number change) [20:48] relaying through your home setup seems messy [20:49] or use a dns naem [20:49] If only he had some kind of public server... [20:49] and give internal ip for local lookup [20:49] split-horizon DNS? [20:49] yeah [20:49] Of course he'd have to change the internal port number too, but no reason not to [20:49] with dnsmasq it's real easy to overload [20:49] so you just force a diff ip for local [20:49] (It certainly is) [20:50] 1 to 1 port mappings are more sensible too [20:50] Not sure I 100% agree with that [20:50] I can change the port [20:50] Especially with things like RDP - you can't change Windows' port it listens on, and all number of bots look for 3389 [20:50] either the public, or the internal one [20:50] oh true [20:50] yeh that's windows though [20:51] i was thinking normal servers :) [20:51] actually through a registry change you can change the windows rdp port [20:51] with windows it's probably better to vpn in [20:51] And then there are ISP's that block 25/80/443 so you have to port-forward, but you still want the convenience internally [20:51] @google change rdp port windows [20:51] 59,000 total results returned for 'change rdp port windows', here's 3 [20:51] How to change the listening port for Remote Desktop (https://support.microsoft.com/en-us/kb/306759) Describes how to change the port that Remote Desktop listens on. ... Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has ... [20:51] Change the Remote Desktop Connection port to your Windows Server (https://kb.iweb.com/entries/23462112-Change-the-Remote-Desktop-Connection-port-to-your-Windows-Server) Mar 29, 2013 ... Windows servers are remotely accessible with Remote Desktop via the TCP 3389 port (default port). In some situations, as when you wish to ... [20:51] Change Remote Desktop RDP Port (http://tweaks.com/windows/50743/change-remote-desktop-rdp-port/) Port 3389 is the home of the remote desktop protocol that powers Remote Desktop Services on all modern versions of Windows. If your... [20:51] (It's always better to VPN in. Or at least do a SSH port-forward) [20:51] (Incidentally, that's what I've done in the past with weechat relay) [20:52] (JuiceSSH) [20:52] i just run weechat inside tmux myself [20:55] I think I got the ports and IPs correct, but the out interface is confusing me [20:55] I dont have one labeled LAN [20:55] maybe it's a friendly name? [20:55] reminder: /ip firewall nat add chain=srcnat src-address=192.168.1.0/24 dst-address=192.168.1.2 protocol=tcp dst-port=80 out-interface=LAN action=masquerade [20:55] out-interface= .. maybe your core issue [20:56] I have something called bridge-local [20:57] Hello [20:57] Bridge Local worked [20:58] never mind [20:58] it kicked me off [21:00] *** Speakz has left [21:03] checking the stackoverflow link now [21:08] Test 2 [21:11] brycec: Thank you! Your assistance was much appreciated. I can now weechat over wifi at home [21:15] Heh, very good :) [22:03] https://twitter.com/arpnetworks/status/664003063124992000 [22:03] TWITTER: Checking out Telehouse in Germany https://t.co/2htmDzosjp (Tue Nov 10 08:54:01 +0000 2015, retweeted 1 times) [22:03] hmm [22:10] *** awyeah has quit IRC (Read error: Connection reset by peer) [22:10] *** awyeah has joined #arpnetworks [22:11] erk [22:11] lag 82.398 [22:12] PING www.telehouse-rechenzentrum.de (85.90.40.37) 56(84) bytes of data. [22:12] 64 bytes from telecloud.eu.com (85.90.40.37): icmp_seq=1 ttl=123 time=137 ms [22:13] weird the lag went away, i tried to mtr and there was no loss [22:13] well other than layer3 deprioritisation [22:14] Telehouse looks quite a bit like a prison https://goo.gl/maps/58NckLhMN512 [22:14] 272 msec from nz [22:14] data centres are ugly generally [22:14] i don't want a pretty data centre myself [22:14] omg [22:14] That's what she said!! [22:15] lol [22:15] it's even worse than normal :) [22:15] Looks totally different from the front side though https://ssl.panoramio.com/photo/92207614 [22:15] it looks like a very old building [22:15] it's weird how big it is but not tall [22:16] weird no ipv6 [22:16] (that ping, btw, was from ARP) [22:16] i have 134 from arp [22:16] I imagine up_the_irons will arrange transit [22:17] go figure [22:18] i don't know much about germany data centres [22:18] Actually, Google indidcates that Telehouse has IPv6 in several locations [22:18] NY, Bulgaria, etc [22:19] well not their primary site [22:19] oh telehouse is UK based isn't it? [22:20] Well Telehouse Europe is :p [22:20] oh [22:20] www.telehouse.net says location of london, Uk [22:21] There's also Telehouse America :P [22:21] cloudflare noc is european. [22:21] it's pretty hard to tell where things are based these days :) [22:21] "Together with its parent company, KDDI and sister company Telehouse Europe, Telehouse America operate a total of 44 Telehouse-branded global data centers in 23 cities throughout Asia, Africa, North America and EMEA." [22:22] since 1990 when it pioneered Europe's first purpose-build data centre in London.. [22:22] CloudFlare has NOCs all over, as evidenced by a NOC Engineer job listing in SFO. [22:22] ahh true, the peering one is somewhere near sweden i'm guessing from phone number [22:23] actually it's uk [22:23] Well they do have a Stockholm location https://www.cloudflare.com/network-map/ [22:23] cloudflare is growing quite raidly from what is aw [22:23] saw [22:24] it's kind of cool because everyone can have CDN [22:24] didn't really like the akamai high charging that discouraged small sites. [22:24] even their pay for pricing isn't that high [22:25] oh yeah nginx just added http/2 to beta version [22:25] so http/2 should be around in nginx stable soonish [23:46] *** dj_goku_ has quit IRC (Read error: No route to host) [23:46] *** chrismsnz has quit IRC (Ping timeout: 244 seconds) [23:47] *** chrismsnz has joined #arpnetworks [23:47] *** dj_goku has joined #arpnetworks [23:47] *** dj_goku has quit IRC (Changing host) [23:47] *** dj_goku has joined #arpnetworks [23:55] *** BryceBot has quit IRC (Ping timeout: 244 seconds) [23:55] *** dj_goku has quit IRC (Read error: No route to host) [23:56] *** dj_goku has joined #arpnetworks [23:58] *** BryceBot has joined #arpnetworks