<<Prev Next>> Scroll to Bottom
Stuff goes here
L1[00:00:35] <stephan48> hrm no it should not break local stuffs.
L2[00:01:49] <stephan48> stuff passes the first rule, not coming from 2223 or 3000 via the public interface. getting redirected over the link.
L3[00:03:09] <stephan48> theoretically this must mean that some host on the internet replies to stuff on 2223/3000 because it cant come via the wg link
L4[00:03:21] <stephan48> cant come = does not match
L5[00:04:05] <Michiyo> 2223, 3000, and 51820 are all on the WG Server. 2223 is sshd, 3000 is Corded's built in webserver, and 51820 is WGServer
L6[00:04:09] <stephan48> then we have the other rule, stuff from the internet should go to the wg link except if its 51820 udp.
L7[00:04:21] <stephan48> i think the first rule needs to be dport too
L8[00:04:36] <stephan48> and could then be consolidated with the third one
L9[00:05:07] <Michiyo> I tried using dport but I can't specify multiple ports.
L10[00:05:19] <stephan48> https://ipset.netfilter.org/iptables-extensions.man.html
L11[00:05:20] <Michiyo> and they're split in 2 rules one for TCP one for UDP
L12[00:05:25] <stephan48> dports like you use with sports
L13[00:05:28] <stephan48> oh right!
L14[00:06:20] <Michiyo> oh, sport and dport.. ffs source and destination
L15[00:07:20] <stephan48> also a little evil hack, iptables -t nat -A PREROUTING ... -j ACCEPT should work :) so you could just "drop out early" for each of these ports, saves you the negation and makes it maybe slightly more clear
L16[00:07:27] <Michiyo> well, swapped sport for dport and it still doesn't work.
L17[00:07:54] <stephan48> can you check the rule chains? you are doing "-A" so if existing stuff is in there the new rules will never work
L18[00:08:29] <Michiyo> i have postdowns that should clear everything out... but sure
L19[00:08:34] <stephan48> what does tcpdump say?
L20[00:09:37] <stephan48> i tend to cheat here and have dedicated chains for vpn stuff - setup with netfilter-persistent/iptables-persistent, and i flush them in PostUp/PostDown so i can be fairly sure i am not stupid.
L21[00:09:59] <Michiyo> It says that I'm in over my head, and should just give up while I'm ahead
L22[00:10:11] <Michiyo> the link works for what I need it to.
L23[00:12:32] <stephan48> its probably just one stupid little detail - like always. just ping me again when you next look and i will try my best.
L24[00:13:03] <S​3> @stephan48 I was in there for like 5 hours connecting 48 strands of fiber on both ends
L25[00:13:30] <stephan48> one other thing iptables-save is your friend. it dumps the complete iptables ruleset, i had it often enough that there was a rule hidden in f.e. the mangle table(low low level packet manipulation) or raw(before any processing happens) and forgot about them... looked for 2 days
L26[00:16:08] <Michiyo> https://paste.pc-logix.com/guloxoremi.rb
L27[00:16:15] <Michiyo> SSH works again to the WGServer
L28[00:16:39] <stephan48> nice :)
L29[00:16:50] <Michiyo> I cleared everything, then cycled the wg interface
L30[00:17:10] <Michiyo> Connecting to pc-logix.com (pc-logix.com)|66.42.69.73|:443... failed: Connection refused.
L31[00:17:11] <Michiyo> This still happens though.
L32[00:17:19] <Michiyo> I also just realized the same happens from the webserver.
L33[00:17:27] <Michiyo> soooo not quiet as working well enough as I'd hoped.
L34[00:18:07] <stephan48> ohhhhhhhh
L35[00:18:34] <Michiyo> at least now I can reconnect to the WGServer if / when I need to disconnect. I've had this session open for 3 days unable to reboot or anything lol
L36[00:19:00] <stephan48> wait yes, add the same rules under OUTPUT to PREROUTING: -t nat -A OUTPUT -o enp1s0 -p tcp -m multiport ! --dports 2223,3000 -j DNAT --to-destination 10.51.35.2
L37[00:19:11] <stephan48> small wins :)
L38[00:19:33] <stephan48> reasoning is, that PREROUTING just works for stuff COMING into your machine from the outside.
L39[00:20:20] <stephan48> if you want to redirect local traffic you need to add rules into OUTPUT/INPUT.
L40[00:21:13] <Michiyo> Ok, so did iptables -t nat -A OUTPUT -o enp1s0 -p tcp -m multiport ! --dports 2223,3000 -j DNAT --to-destination 10.51.35.2 on WGServer, still no connection.
L41[00:21:50] <Michiyo> https://paste.pc-logix.com/oqisesinaz.css
L42[00:22:15] <stephan48> can you drop the -o enp1s0?
L43[00:22:43] <S​3>
L44[00:23:13] <S​3> I usually use the mikrotik one but
L45[00:24:21] <Michiyo> !
L46[00:25:11] <Michiyo> I Think that did it
L47[00:25:16] <stephan48> nice!
L48[00:25:22] <Michiyo> Almost... lmao
L49[00:25:26] <stephan48> oh?
L50[00:25:27] <Michiyo> it works from the WG Server now
L51[00:25:32] <Michiyo> but it still doesn't work from the webserver
L52[00:25:57] <Michiyo> So webserver -> wg link -> server but it never makes it back around
L53[00:25:58] <PewPew​Cricket> i hate UEFI development
L54[00:26:09] <PewPew​Cricket> the shell of death
L55[00:26:23] <stephan48> can you see with tcpdump where the packages are lost?
L56[00:26:38] <CompanionCube> whatcha doing with UEFI
L57[00:27:33] <S​3> Something I do at home is have the entire wan interface on a vlan
L58[00:27:41] <S​3> That way I don't need to port forward anything
L59[00:28:05] <S​3> I can just buy an IP and route the VLAN through my switches to three host that needs one
L60[00:28:49] <S​3> I still have to source nat most of the hosts
L61[00:29:02] <Michiyo> The point of this is that I'm on a residential connection, and my IP has changed twice since I moved to hosting locally. I'd REALLY rather not have everything go down for hours because I'm asleep or not home.
L62[00:29:17] <S​3> But not all of my subnets have nat anyways
L63[00:29:28] <Michiyo> So I point everything to my VPS IP, then I route all the traffic over WG to my local server. I pay $6 for a VPS and I have 20 TB of local storage.
L64[00:31:54] <Michiyo> stephan48, I seem to not know how tcpdump works. :P If I run 'tcpdump -i any -nnnvvv port 443 and host 10.51.35.1' on the webserver, I never see anything, if I run 'tcpdump -i any -nnnvvv port 443 and host 10.51.35.2' I see everything, which makes it hard to know what I'm looking for, I have a decent bit of traffic.
L65[00:32:27] <Michiyo> if I run tcpdump -i any -nnnvvv port 443 and host my actual public IP, I can see all of my own requests from my desktop though.. lol
L66[00:32:53] <Michiyo> Which is kinda neat, I honestly expected to only ever see 10.51.35.1
L67[00:34:13] <stephan48> can you add another rule similar to the enp1s0 but with the wg interface name(or drop that filter) to PREROUTING?
L68[00:34:39] <Michiyo> I can add / remove whatever you want, but reminder I know jack all about iptables.
L69[00:35:14] <stephan48> because right now the packet will be hitting server, linux being an OS which attributes IPs to the system and not individual interfaces will never "give" the packet to the public interface and the rule never matches
L70[00:35:58] <stephan48> iptables -t nat -A PREROUTING -p tcp -m multiport ! --dports 2223,3000 -j DNAT --to-destination 10.51.35.2 + the OUTPUT rule should make it work for all eventualities
L71[00:36:58] <Michiyo> Ok, gotcha, hang on
L72[00:37:59] <Michiyo> Well, it no longer instantly goes connection refused.
L73[00:38:10] <Michiyo> It also doesn't connect.
L74[00:39:01] <stephan48> hrm. access from wg server -> webserver(ext ip: 443) still works?
L75[00:39:25] <Michiyo> WGServer->webserver: Connecting to pc-logix.com (pc-logix.com)|66.42.69.73|:443... connected.
L76[00:39:59] <stephan48> you should now see the traffic on the wgserver "dst port 443 and src 10.51.35.2"
L77[00:41:00] <Michiyo> I see lots of traffic when I do that as well, can I filter this further, like with a host 10.51.35.2 as well?
L78[00:41:47] <stephan48> src should filter it to packets coming from the webserver and dst port should make it just show client traffik. oh. maybe add "and dst 66.42.69.73"
L79[00:41:49] <Michiyo> Hmm, tcpdump -i any -nnnvvv port 443 and src 10.51.35.2 and host 10.51.35.2 still shows other hosts, I'm assuming because I'm matching on src AND host.. I need both
L80[00:41:52] <stephan48> host matches both src and dst
L81[00:41:57] <Michiyo> ah
L82[00:42:35] <Michiyo> tcpdump -i any -nnnvvv port 443 and src 10.51.35.2 and dest 10.51.35.1
L83[00:42:35] <Michiyo> tcpdump: can't parse filter expression: syntax error
L84[00:42:43] <Michiyo> ignore the 1 there...
L85[00:42:55] <Michiyo> it's a 2, I was just seeing if it didn't like src and dest being the same..
L86[00:43:13] <Michiyo> dst
L87[00:43:16] <stephan48> yup
L88[00:43:18] <Michiyo> I need to learn to effing read
L89[00:43:39] <Michiyo> 10.51.35.2.39934 > 10.51.35.2.443: Flags [S], cksum 0xb620 (correct), seq 1829762809, win 64860, options [mss 1380,sackOK,TS val 217000887 ecr 0,nop,wscale 7], length 0
L90[00:43:44] <Michiyo> Yes, webserver can see that traffic
L91[00:44:09] <stephan48> oh damn i know whats happening. ouchy.
L92[00:44:14] <Michiyo> uhoh
L93[00:44:23] <stephan48> you should see the same packet going into the wg link
L94[00:45:05] <Michiyo> Yes
L95[00:45:35] <Michiyo> 00:45:19.353933 wg0 Out IP (tos 0x0, ttl 63, id 40419, offset 0, flags [DF], proto TCP (6), length 60)
L96[00:45:35] <Michiyo> 10.51.35.2.60482 > 10.51.35.2.443: Flags [S], cksum 0x4f38 (correct), seq 1220056403, win 64860, options [mss 1380,sackOK,TS val 217106519 ecr 0,nop,wscale 7], length 0
L97[00:45:40] <stephan48> so webserver->wglink->wgserver->wglink->webserver will work, but now the packet does not get send back over the link to "come from" the wgserver ip but stays on the webserver
L98[00:46:22] <Michiyo> can I... somehow just route requests to 10.51.35.2 back to itself on the webserver?
L99[00:46:49] <Michiyo> Well... that's not going to help
L100[00:46:53] <stephan48> not easily as its reverse path protection bla i.e. packets should come back over the expected path
L101[00:46:56] <Michiyo> cause DNS says 66. wtf ever
L102[00:47:48] <stephan48> iptables -A POSTROUTING -s 10.51.35.2 -d 66.42.69.73 -i wglinkifname -j SNAT --to-source 66.42.69.73
L103[00:47:54] <stephan48> on wgserver
L104[00:48:01] <Michiyo> Gonna be a second, work
L105[00:49:25] <stephan48> hrm.
L106[00:50:20] <Michiyo> to confirm, this is on the wgserver, or the webserver?
L107[00:50:25] <stephan48> wgserver
L108[00:50:34] <stephan48> but i am not too sure about it atm.
L109[00:50:56] <Michiyo> iptables v1.8.7 (nf_tables): Can't use -i with POSTROUTING
L110[00:51:25] <stephan48> the intention is that stuff coming from the wglink from a client on webserver destined for public-ip are natted to the public ip before going back there
L111[00:51:45] <Mim​iru> Oh... hey Discord -> IRC embeds are broken?
L112[00:51:55] <Mim​iru> OH... no... the bridge is broken
L113[00:51:57] <Mim​iru> neat.
L114[00:52:05] <Michiyo> !update
L115[00:52:15] <Michiyo> No? yeah... not surprised
L116[00:52:30] <stephan48> okey lets try the following: iptables -A POSTROUTING -s 10.51.35.2 -d 10.51.35.2 -o wglinkifname -j SNAT --to-source 66.42.69.73
L117[00:52:58] <Michiyo> iptables -A POSTROUTING -s 10.51.35.2 -d 10.51.35.2 -o wg0 -j SNAT --to-source 66.42.69.73
L118[00:52:58] <Michiyo> iptables: No chain/target/match by that name.
L119[00:53:04] <stephan48> -t nat please
L120[00:53:37] <stephan48> assuming we got a packet which comes from webserver, which tries 66.42.69.73:443 gets PREROUTING natted to 10.51.35.2:433 would go back over the link and stuck there as the webserver does not know it needs to go back over the tunnel.
L121[00:54:29] <stephan48> but with that rule, such packets should be SNATed to the public IP, thus webserver will send them over the tunnel and then the wgserver "unnats" them and sends back the correct package to the client on webserver
L122[00:55:38] <stephan48> if its webserver internal communication even via the wg ip it should never hit that rule, as traffic will not pass over the tunnel, so this should really just fix stuff in your specific scenario
L123[00:55:55] <Michiyo> Connecting to pc-logix.com (pc-logix.com)|66.42.69.73|:443... failed: Connection timed out.
L124[00:56:12] <stephan48> can you see on wgserver if the rule is triggered?
L125[00:56:32] <stephan48> and give me an iptables-save again, please?
L126[00:56:54] <Michiyo> https://paste.pc-logix.com/lazuhixoko.rb
L127[00:57:34] <stephan48> /wglinkifname/ please replace with your actual interface name for wireguard
L128[00:57:42] <Michiyo> oh.. fuck me
L129[00:57:46] <stephan48> I should have used $wglinkifname :P
L130[00:57:47] <Michiyo> did I forget to do that this time?
L131[00:57:55] <Michiyo> I'd been doing it correctly before
L132[00:57:58] <Michiyo> ._.
L133[00:58:34] <Michiyo> I guess I just missed it this time. *sigh*
L134[00:58:41] <Michiyo> I swear to fuck if that was the issue this tim,e
L135[00:58:49] <Michiyo> GOD DAMN IT
L136[00:59:08] <stephan48> it actually works?
L137[00:59:16] ⇦ Quits: Vexatos (~Vexatos@p200300eaef26ad001f84a993b4db5da2.dip0.t-ipconnect.de) (Quit: Insert quantum chemistry joke here)
L138[00:59:33] <Michiyo> Connecting to pc-logix.com (pc-logix.com)|66.42.69.73|:443... connected.
L139[00:59:37] <Michiyo> You're fuckin awesome stephan48
L140[01:00:03] <Michiyo> works from both sides perfectly
L141[01:00:05] <stephan48> heh :)
L142[01:00:07] <stephan48> nice!
L143[01:00:13] <Michiyo> Thank you!
L144[01:00:20] <stephan48> you are welcome
L145[01:00:43] <Michiyo> Now, let's see if I can properly rehash my IRCd now that it can connect to my git server properly
L146[01:01:19] <Michiyo> I can move MichiBot back online now too, which means her web interface will work again
L147[01:01:27] <Michiyo> is discord fixed?
L148[01:01:28] <Michiyo> no.. ok
L149[01:01:45] <stephan48> and in next weeks middle of the night firewall magic across half the world session, how to do this in a life migration to nftables without any outtage!
L150[01:01:49] <stephan48> mh.
L151[01:01:56] ⇦ Quits: Corded (~Corded@2001:19f0:8001:d8f:5400:4ff:fea5:61b0) (Remote host closed the connection)
L152[01:01:59] ⇨ Joins: Corded (~Corded@2001:19f0:8001:d8f:5400:4ff:fea5:61b0)
L153[01:01:59] zsh sets mode: +v on Corded
L154[01:02:03] <Michiyo> uh oh
L155[01:02:22] <Michiyo> Hmmm this is ungood.
L156[01:02:35] <Michiyo> Connecting to github.com (github.com)|20.29.134.23|:443... connected.
L157[01:02:35] <Michiyo> ERROR: no certificate subject alternative name matches
L158[01:02:51] <stephan48> i see
L159[01:02:57] <Michiyo> fatal: unable to access 'https://github.com/CaitlynMainer/Yuri.git/': SSL: certificate subject name (pc-logix.com) does not match target host name 'github.com'
L160[01:03:04] <stephan48> remove -A OUTPUT -p tcp -m multiport ! --dports 2223,3000 -j DNAT --to-destination 10.51.35.2
L161[01:03:38] ⇦ Quits: Corded (~Corded@2001:19f0:8001:d8f:5400:4ff:fea5:61b0) (Remote host closed the connection)
L162[01:03:39] <stephan48> use as a replacement: iptables -t nat -A OUTPUT -p tcp -d 66.42.69.73 -m multiport ! --dports 2223,3000 -j DNAT --to-destination 10.51.35.2
L163[01:03:40] ⇨ Joins: Corded (~Corded@2001:19f0:8001:d8f:5400:4ff:fea5:61b0)
L164[01:03:40] zsh sets mode: +v on Corded
L165[01:04:12] <stephan48> this limits this rule to only be active for stuff trying to reach 66.42.69.73 and not everything else.
L166[01:04:18] <Michiyo> That looks good.
L167[01:04:27] <st​e48> blub
L168[01:04:37] <stephan48> irks a discord stephan.
L169[01:05:36] <Michiyo> Hmm, I didn't need the replacement I don't think. I just removed the first one, and it seems ok?
L170[01:06:00] <Michiyo> https://paste.pc-logix.com/mibugawogu.rb
L171[01:06:02] <stephan48> wgserver -> webserver would not work without this rule
L172[01:06:17] <Michiyo> Very true..
L173[01:06:18] <Michiyo> yes
L174[01:06:18] <stephan48> or rather should not
L175[01:06:56] <Michiyo> Correct, it doesn't without
L176[01:06:56] <stephan48> -m comment --comment "" another true friend of mine :P just tack that at the end of each rule to write a comment for them which persists
L177[01:06:57] <Michiyo> works with
L178[01:07:20] <Michiyo> Thank you again
L179[01:07:24] <Michiyo> Gotta go get my spouse from work
L180[01:07:31] <Michiyo> I'm 7 minutes late already lol
L181[01:07:45] <Michiyo> It's ok, she knows Fridays are always long for me...
L182[01:07:50] <stephan48> you are welcome, figureing out stuff like this is fun :)
L183[01:08:00] <stephan48> atleast you got a good reason for it!
L184[01:14:42] <S​3> I will say though that, I recommend never using IP addresses in IP tables if you can avoid it
L185[01:14:49] <S​3> I just assign them to address lists
L186[01:15:11] <S​3> That way it shows up as a name or something for easy review
L187[01:16:38] <stephan48> address lists in iptables? you mean chains?
L188[01:16:50] <S​3> Nope
L189[01:17:05] <S​3> But I do something similar for chains
L190[01:17:11] <stephan48> ipset?
L191[01:18:38] ⇦ Quits: Hawk777 (~Hawk777@2001:569:7e40:1300:346a:8452:ee59:8342) (Quit: Leaving.)
L192[01:18:46] <S​3> Yes, I forget that's what IP tables calls them. I just call them address lists from mikrotik experience
L193[01:19:33] * Amanda snuggles up around Elfi, reads about a neutronium-dense egg and her gender-affirming trip to hell
L194[01:19:36] <S​3> So like, I make a list for every subnet, and a chain for every subnet, and a/32 list for every special host, like a server
L195[01:20:22] <Amanda> ( https://www.scribblehub.com/series/792008/hellish-rescue-team/ )
L196[01:20:23] <stephan48> mh.
L197[01:20:30] <S​3> This allows me to create a jump rule for every subnet that gets forwarded to, then provide filter rules on forward that check against source and destination address lists
L198[01:21:09] <S​3> The only IP address I generally ever write then is 0.0.0.0/0
L199[01:21:30] <stephan48> the issue i see here is that for many entries/matches this works well but for single IPs it is usually overkill (and costly for each lookup) i agree with chains through to group stuff
L200[01:22:07] <stephan48> i.e. if you have multiple rules using the same common filter, write it once, jump into a chain and do the per rule specifica there
L201[01:22:24] <S​3> I don't think it's very overkill when you can have several special use case IP addresses
L202[01:22:36] <S​3> and you want to quickly read through a set of rules and don't know for sure what IP is really which
L203[01:22:59] <S​3> The other thing is, I only filter new connections anyways so it's not like it's a performance thing either.
L204[01:23:41] <S​3> I have a mangle rule that checks for connections that aren't in the connection state table, and it will "reroute" them to another router which is my firewall
L205[01:23:49] <S​3> otherwise it fasttracks
L206[01:24:02] <S​3> So that one is super simple
L207[01:24:19] <S​3> but the firewall itself has a ton of rules, and keeping track of IP addresses alone is a pain
L208[01:46:02] <Forec​aster> %sip
L209[01:46:04] <MichiBot> You drink a chewy white potion (New!). Forecaster doesn't seem to have any research points. (Rem. uses: 0)
L210[01:46:12] <Forec​aster> It's 3 am
L211[01:46:19] <Forec​aster> Why am I awake
L212[02:04:44] <S​3> Go to bed
L213[02:05:28] <Forec​aster> I am in bed
L214[02:05:37] <Forec​aster> I just woke up
L215[02:10:28] <Amanda> Go to bed better
L216[02:36:29] ⇨ Joins: Hawk777 (~Hawk777@2001:569:7e40:1300:d5f2:ee1:1fd3:6155)
L217[02:37:34] <walks​anator> %sip
L218[02:37:35] <MichiBot> You drink a forked solarium potion (New!). walksanator gains the proportional strength of a sloth for 3 hours.
L219[03:39:50] <Brisingr​ Aerowing> https://themessenger.com/news/people-cant-access-their-ai-girlfriend-because-the-service-went-down-after-ceo-jailed-for-setting-his-apartment-on-fire
L220[03:40:08] <Brisingr​ Aerowing> What a headline.
L221[04:36:39] ⇨ Joins: Neo (neo@cloaked-nlu.noc.4jv0r9.IP)
L222[04:36:49] *** Server sets mode: +nt
L223[05:14:00] ⇦ Quits: Neo (neo@cloaked-nlu.noc.4jv0r9.IP) (ZNC 1.8.2 - https://znc.in)
L224[05:14:39] ⇨ Joins: Neo (~neo@heimdall.pc-logix.com)
L225[05:14:49] *** Server sets mode: +ntz
L226[05:19:56] <Va​ur> %tonk
L227[05:19:57] <MichiBot> Fopdoodle! Va​ur! You beat walks​anator's previous record of 4 hours, 35 minutes and 37 seconds (By 1 hour, 39 minutes and 36 seconds)! I hope you're happy!
L228[05:19:58] <MichiBot> Vaur's new record is 6 hours, 15 minutes and 13 seconds! Vaur also gained 0.0083 (0.00166 x 5) tonk points for stealing the tonk. Position #1.
L229[06:04:37] <Hawk777> Michiyo: at least you only did it to yourself and not a substantial percentage of the planet! https://web.archive.org/web/20190415002901/https://archive.nytimes.com/www.nytimes.com/external/idg/2010/04/08/08idg-a-chinese-isp-momentarily-hijacks-the-internet-33717.html
L230[07:41:11] <Forec​aster> She wasn't trying hard enough
L231[08:12:03] ⇨ Joins: local (~local@43.163.237.51)
L232[08:15:31] ⇦ Quits: local (~local@43.163.237.51) (Ping timeout: 190 seconds)
L233[08:19:05] ⇨ Joins: Vexatos (~Vexatos@p200300EAef36Bb00BB1bcE4F995981fC.dip0.t-ipconnect.de)
L234[08:19:05] zsh sets mode: +v on Vexatos
L235[09:13:03] ⇦ Quits: Hawk777 (~Hawk777@2001:569:7e40:1300:d5f2:ee1:1fd3:6155) (Quit: Leaving.)
L236[09:41:50] ⇨ Joins: dan (~dan@37.212.203.41)
L237[09:46:15] ⇦ Quits: dan (~dan@37.212.203.41) (Ping timeout: 186 seconds)
L238[10:09:27] ⇨ Joins: ben_mkiv (~ben_mkiv@200116B814ca0f00Fe3497FfFEA975f2.dip.versatel-1u1.de)
L239[11:00:39] <Forec​aster> I realized I already knew that the power from the outputs was insufficient to power the relay coil
L240[11:00:42] <Forec​aster> I just forgot
L241[12:00:45] <stephan48> Michiyo: change -t nat -A PREROUTING -p tcp -m multiport ! --dports 2223,3000 -j DNAT --to-destination 10.51.35.2 to -t nat -A PREROUTING -d 66.42.69.73 -p tcp -m multiport ! --dports 2223,3000 -j DNAT --to-destination 10.51.35.2
L242[12:01:53] <stephan48> after dropping the -i enpbla it will now redirect everything passing through wgserver on non 2223/3000 to webserver. changing this rule will make it only do so when the destination is actually wgserver itself
L243[12:02:24] <stephan48> it was not needed before because with the interface filter the rule just applied to stuff coming from the internet.
L244[12:02:47] <stephan48> i am annoyed, i should have spotted this last night.
L245[12:02:59] <stephan48> ^ @Michiyo @Mimiru
L246[12:07:54] ⇨ Joins: lily (~lily@161.65.73.184)
L247[12:08:20] <Lili​rine> Hm, I could've sworn PsychOS had a tapefs
L248[12:09:57] <lily> oh, no, that was gamax92's, nvm
L249[12:10:22] <Forec​aster> we all have tapefs, in our hearts
L250[12:11:45] <lily> I know PsychOS can boot off tape, guess it just doesn't have a tapefs
L251[12:18:44] <Forec​aster> %tonkout
L252[12:18:45] <MichiBot> Woah! Forec​aster! You beat Va​ur's previous record of 6 hours, 15 minutes and 13 seconds (By 43 minutes and 34 seconds)! I hope you're happy!
L253[12:18:46] <MichiBot> Forec​aster has stolen the tonkout! Tonk has been reset! They gained 0.006 tonk points! plus 0.005 bonus points for consecutive hours! (Reduced to 50% because stealing) Current score: 1.84395842. Position #2 Need 0.03038 more points to pass Va​ur!
L254[12:32:12] ⇦ Quits: lily (~lily@161.65.73.184) (Quit: Konversation terminated!)
L255[14:43:20] <Elfi> I haven't heard from gamax in a long time, I wonder how they're doing
L256[14:53:11] * Amanda stirs awake, wonders who overloaded her with tireds last night
L257[14:57:33] <Forec​aster> They have to go somewhere!
L258[14:58:03] <Forec​aster> I apparently didn't need them this morning
L259[15:22:52] <Amanda> ACTION curls up around Elfi, meows about her weird dreams where her dad let a random family into our holiday unit, and they they started breaking stuff like tvs and such and my dad wouldn't ask them to leave. Also there was a b-plot of a csi-like show where they were using insane pseudoscience tech to try and find out if a car crash was a deer or a lion who shouldn't be living in $show_location. Except the truck full of tech was po
L260[15:22:57] * Amanda ... secured so it got hacked remotely.
L261[15:23:46] <Forec​aster> uh
L262[15:32:14] <Forec​aster> what's with `ACTION` and the cut-off message...
L263[15:34:00] <Amanda> Oh. My bouncer probably didn't guess the right cutoff spot. Or cut it off imoriperly
L264[15:34:13] <Amanda> * improperly
L265[15:37:35] <Amanda> Here's the full message on my end:
L266[15:37:40] <Amanda> https://matrix.camnet.site/_matrix/media/v3/download/camnet.site/MZgqoPQdWbVeYYnSgwhMdxxz/Screenshot%20from%202023-11-18%2010-37-28.png
L267[15:40:23] <Amanda> Worth remembering CTCP has a \01 at both the beginning and the end of the message, so if it got cut off improperly it'll not parse as a /me
L268[16:08:38] <Forec​aster> I wont remember that
L269[16:18:02] ⇦ Quits: dustinm` (~dustinm@static.38.6.217.95.clients.your-server.de) (*.net *.split)
L270[16:18:02] ⇦ Quits: uis (~uis@95.165.156.213) (*.net *.split)
L271[16:18:02] ⇦ Quits: Izzy (~izzy@210.1.218.92) (*.net *.split)
L272[16:18:02] ⇦ Quits: brayden (brayden@2a01:4ff:f0:1c59::1) (*.net *.split)
L273[16:18:02] ⇦ Quits: cynic (~cynic@a.very.silly.computer) (*.net *.split)
L274[16:18:02] ⇦ Quits: feldim2425 (~feldim242@178-191-244-167.adsl.highway.telekom.at) (*.net *.split)
L275[16:18:02] ⇦ Quits: simon816 (~simon816@2a05:d01c:df1:6d00:80c4:46f5:c237:9944) (*.net *.split)
L276[16:18:02] ⇦ Quits: ThePiGuy24 (~ThePiGuy2@90.246.127.245) (*.net *.split)
L277[16:18:02] ⇦ Quits: Teris (sid315557@id-315557.helmsley.irccloud.com) (*.net *.split)
L278[16:19:07] ⇨ Joins: dustinm` (~dustinm@static.38.6.217.95.clients.your-server.de)
L279[16:19:07] ⇨ Joins: uis (~uis@95.165.156.213)
L280[16:19:07] ⇨ Joins: Izzy (~izzy@210.1.218.92)
L281[16:19:07] ⇨ Joins: brayden (brayden@2a01:4ff:f0:1c59::1)
L282[16:19:07] ⇨ Joins: cynic (~cynic@a.very.silly.computer)
L283[16:19:07] ⇨ Joins: feldim2425 (~feldim242@178-191-244-167.adsl.highway.telekom.at)
L284[16:19:07] ⇨ Joins: simon816 (~simon816@2a05:d01c:df1:6d00:80c4:46f5:c237:9944)
L285[16:19:07] ⇨ Joins: ThePiGuy24 (~ThePiGuy2@90.246.127.245)
L286[16:19:07] ⇨ Joins: Teris (sid315557@id-315557.helmsley.irccloud.com)
L287[16:26:26] ⇦ Quits: dustinm` (~dustinm@static.38.6.217.95.clients.your-server.de) (*.net *.split)
L288[16:26:26] ⇦ Quits: uis (~uis@95.165.156.213) (*.net *.split)
L289[16:26:26] ⇦ Quits: Izzy (~izzy@210.1.218.92) (*.net *.split)
L290[16:26:26] ⇦ Quits: brayden (brayden@2a01:4ff:f0:1c59::1) (*.net *.split)
L291[16:26:26] ⇦ Quits: cynic (~cynic@a.very.silly.computer) (*.net *.split)
L292[16:26:26] ⇦ Quits: feldim2425 (~feldim242@178-191-244-167.adsl.highway.telekom.at) (*.net *.split)
L293[16:26:26] ⇦ Quits: simon816 (~simon816@2a05:d01c:df1:6d00:80c4:46f5:c237:9944) (*.net *.split)
L294[16:26:26] ⇦ Quits: ThePiGuy24 (~ThePiGuy2@90.246.127.245) (*.net *.split)
L295[16:26:26] ⇦ Quits: Teris (sid315557@id-315557.helmsley.irccloud.com) (*.net *.split)
L296[16:27:16] ⇨ Joins: dustinm` (~dustinm@static.38.6.217.95.clients.your-server.de)
L297[16:27:16] ⇨ Joins: uis (~uis@95.165.156.213)
L298[16:27:16] ⇨ Joins: Izzy (~izzy@210.1.218.92)
L299[16:27:16] ⇨ Joins: brayden (brayden@2a01:4ff:f0:1c59::1)
L300[16:27:16] ⇨ Joins: cynic (~cynic@a.very.silly.computer)
L301[16:27:16] ⇨ Joins: feldim2425 (~feldim242@178-191-244-167.adsl.highway.telekom.at)
L302[16:27:16] ⇨ Joins: simon816 (~simon816@2a05:d01c:df1:6d00:80c4:46f5:c237:9944)
L303[16:27:16] ⇨ Joins: ThePiGuy24 (~ThePiGuy2@90.246.127.245)
L304[16:27:16] ⇨ Joins: Teris (sid315557@id-315557.helmsley.irccloud.com)
L305[16:31:33] <ThePiGuy24> epic netsplit moment
L306[17:10:50] ⇨ Joins: Hawk777 (~Hawk777@2001:569:7e40:1300:eaa1:2c6c:5a85:9a3e)
L307[17:19:24] ⇨ Joins: hedey (~hedey@s23.mcskill.net)
L308[17:19:54] ⇦ Quits: hedey (~hedey@s23.mcskill.net) (Client Quit)
L309[18:07:07] <Forec​aster> %sip
L310[18:07:09] <MichiBot> You drink a ripe quicksilver potion (New!). It tastes sour.
L311[18:08:49] ⇦ Quits: ben_mkiv (~ben_mkiv@200116B814ca0f00Fe3497FfFEA975f2.dip.versatel-1u1.de) (Quit: Leaving)
L312[18:49:50] <Michiyo> those were tiny splits.. lol
L313[18:51:38] *** Guest81914 is now known as Skye
L314[18:53:35] <Amanda> %choose comfort or utility or laptopnaptim
L315[18:53:35] <MichiBot> Ama​nda: I received a message from future you, said to go with "comfort".
L316[19:50:49] ⇨ Joins: NEWfoufoufux (~NEWfoufou@91.197.6.145)
L317[19:51:12] ⇦ Parts: NEWfoufoufux (~NEWfoufou@91.197.6.145) ())
L318[20:04:47] <stephan48> Michiyo: did my change idea work?
L319[20:18:11] <Michiyo> stephan48, no idea, not had a chance to do it yet.
L320[20:27:13] <S​3> I am starting to remember that Minecraft mods are about as stable as a 1 ton anvil being held up by a couple of toothpicks
L321[20:28:17] <Izzy> @Lilirine rtfs works on block devices, and the partition manager presents partitioned tapes as a block device
L322[20:31:42] <Corded> > <Z0id​burg> I am starting to remember that Minecraft mods are about as …
L323[20:31:42] <Forec​aster> Well it *is* Minecraft
L324[20:40:36] <Amanda> toothpicks? puh-lease, that's too thick
L325[20:44:45] <Amanda> Elfi halp, I'm being co-opted to do construction work in the bathroom
L326[20:49:41] <Forec​aster> %tonk
L327[20:49:42] <MichiBot> Consarn it! Forec​aster! You beat your own previous record of <0 (By 8 hours, 30 minutes and 57 seconds)! I hope you're happy!
L328[20:49:43] <MichiBot> Forecaster's new record is 8 hours, 30 minutes and 57 seconds! No points gained for stealing from yourself. (Lost out on 0.00852)
L329[21:22:39] <S​3> Omg so now I'm having an issue where the client won't connect because it says neoforge is required. Same version. Same mods... same neoforge version. LOL.
L330[21:22:54] <S​3> I swear this game was made by children or something.
L331[21:24:48] <Amanda> Close, a neo-nazi
L332[21:26:36] <Amanda> might as well be a child.
L333[21:50:10] <Izzy> Amanda, ThePiGuy24, @Kristopher38: did any of you use ender pearls from my base or am I misremembering having some?
L334[21:50:17] <Amanda> Izzy: I did not
L335[21:50:26] <Kristo​pher38> I did not
L336[21:50:27] <Amanda> I stole 4 gold which I'll replace next time I go mining though
L337[21:51:01] <Kristo​pher38> Izzy: I have a disassembler at my base now so if you have any spare t2 wireless cards you can recycle them
L338[21:51:20] <Izzy> no it's just I could swear I had some
L339[21:52:47] <Izzy> admittedly, me going insane isn't an unlikely or hard to believe thing, but
L340[22:02:51] <Amanda> %choose laptopnaptime?
L341[22:02:51] <MichiBot> Ama​nda: A faraway lamp turns red
L342[22:02:59] <Amanda> Guess so.
L343[22:41:45] <walks​anator> %tonk
L344[22:41:46] <MichiBot> I'm sorry walksanator, you were not able to beat Forecaster's record of 8 hours, 30 minutes and 57 seconds this time. 1 hour, 52 minutes and 3 seconds were wasted! Missed by 6 hours, 38 minutes and 53 seconds!
L345[22:45:51] <Amanda> Oh right, almost forgot to %splash @Forecaster with mutable potion
L346[22:45:51] <MichiBot> You fling a mutable strawberry potion (New!) that splashes onto @Forecaster. @Forecaster turns into a turtle boy until they have a blue potion.
L347[23:03:43] ⇦ Quits: Hawk777 (~Hawk777@2001:569:7e40:1300:eaa1:2c6c:5a85:9a3e) (Quit: Leaving.)
L348[23:16:31] <walks​anator> %sip
L349[23:16:32] <MichiBot> You drink a robust redstone potion (New!). walksanator feels a strong urge to recycle the potion bottle.
L350[23:17:14] <walks​anator> *throws potion bottle towards recycle bin*, *missed*, *gets up and puts it in recycle bin*
L351[23:52:53] <Izzy> https://media.shadowkat.net/media/d4f3fcc39f97f0f36a344a364fa7572cf38c674863ddb031e543520a9b8d4361.webm
L352[23:53:43] <Amanda> Izzy out here throwing out psychic damage in CW'd on IRC
L353[23:53:55] <Amanda> Un-CW'd
<<Prev Next>> Scroll to Top