<<Prev Next>> Scroll to Bottom
Stuff goes here
L1[00:06:32] <Izzy> ngl I've been meaning to implement VLANs in Minitel for ages
L2[00:06:39] <Izzy> (by running the protocol on different ports)
L3[00:22:20] ⇨ Joins: Hawk777 (~Hawk777@2001:569:7e40:1300:7d48:be2:cfcb:fdc9)
L4[02:00:07] <Amanda> (silly) We need to talk, Elfi. If there's girlkissers and boykissers and enbykissers, is there fluidkissers?
L5[02:00:30] * Amanda collapses into a pile of floof next to Elfi, does a heccen zzzmew
L6[02:01:26] <Amanda> Night girls
L7[04:23:53] <Forec​aster> %sip weather
L8[04:23:54] <MichiBot> You drink a gloopy weather potion (New!). It tastes sweet.
L9[04:30:36] <Spider ​EveryOS> %tonk
L10[04:30:36] <MichiBot> Darn it! Spider ​EveryOS! You beat Va​ur's previous record of 7 hours, 35 minutes and 29 seconds (By 1 hour, 41 minutes and 47 seconds)! I hope you're happy!
L11[04:30:37] <MichiBot> Spider EveryOS's new record is 9 hours, 17 minutes and 17 seconds! Spider EveryOS also gained 0.0136 (0.0017 x 8) tonk points for stealing the tonk. Position #3. Need 0.75904 more points to pass Va​ur!
L12[06:30:38] ⇨ Joins: Vexatos (~Vexatos@p200300eaef06ee0057ee3d32306817da.dip0.t-ipconnect.de)
L13[06:30:38] zsh sets mode: +v on Vexatos
L14[07:34:09] <S​3> Amanda: I have over 20 VLANs deployed on my home network. I use them for separating groups of hosts and applying security profiles in the firewall. Ubiquiti does support VLAN tagging, and you can do a lot of neat things with it, such as allowing only certain tags to flow through certain ports, or setting a tag to assign incoming traffic
L15[07:34:09] <Corded> and prohibiting clients on a port from setting their own VLAN, etc. even my WAN connection to the Internet is on a VLAN (untagged outgoing), allowing me to assign a public, static IP address to any host on my network without any port forwarding or anything, even if that Host is multiple switches tucked away behind the router.
L16[07:34:14] ⇦ Quits: Hawk777 (~Hawk777@2001:569:7e40:1300:7d48:be2:cfcb:fdc9) (Quit: Leaving.)
L17[07:38:42] <S​3> In the Ethernet header itself is a space for a vlan tag. It contains a 12 bit VLAN id which, if set to 0 is considered "no vlan". VLAN 1 and VLANs 4094,4095 should never be used if possible. I separate my VLANs by category in sets of 10
L18[07:38:42] <S​3> So, in my scheme, 10-19 are management networks to get into routers, switches, etc. ssh and IPMI, vnc are generally listening there. 20-29 is something Else, like general purpose servers for example. 30-39, printers for example, etc.
L19[07:39:14] <S​3> * 4094 and 4095 should never be used if possible. I separate my VLANs by category in sets of 10
L20[07:39:15] <Corded> So, in my scheme, 10-19 are management networks to get into routers, switches, etc. ssh and IPMI, vnc are generally listening there. 20-29 is something Else, like general purpose servers for example. 30-39, printers for example, etc.
L21[07:39:26] <S​3> Craig I edited by accident
L22[07:39:32] <S​3> Crap*
L23[07:39:47] <S​3> I always forget!
L24[09:41:41] <nadja> Amanda: you most importantly still need (device) bridges because you need to get the ethernet frames out of the VM and into your physical network somehow (but luckily that also means you can do the entire VLAN tagging on the VM host for easier configuration!)
L25[09:48:13] <nadja> I guess you could also make your VM host be a router instead of a bridge (i.e. fancy switch), but that doesn't change *that* much
L26[10:30:11] <Izzy> S3: I'm tagging the PPPoE connection from my modem going into my switch so I can use the other 900Mbps of the port on the router that would otherwise be used with a direct connection to do teaming
L27[10:47:02] <ThePiGuy24> Izzy: those sure are words that definitely make sense to me
L28[10:47:40] <Izzy> good to hear! for my next trick, I'll do multiple SSIDs per access point on different VLANs for Security reasons
L29[10:58:58] <S​3> Yeah without a large amount of nics or vnics (which is what I use) you would need a bridge on the hypervisor but you would be able to put all VMs on the same bridge and use bridge vlan filtering in order to choose what VLANs go where
L30[11:01:53] <S​3> I use a VIC on my hypervisor, which completely bypasses the need for bridges at all. Basically I can create virtual network cards on demand from my IPMI console that act as full PCI decides I can even PCI passthrough individually., and I can do VLAN trunking / access on the virtual nics as well. Basically, I am snakimg all of my VMs and
L31[11:01:53] <Corded> containers directly back all the way to the router. The hypervisor doesn't manage their network at all.
L32[11:02:30] <S​3> PCI devices*
L33[11:02:58] <S​3> I am snaking*
L34[11:09:04] <Izzy> openvswitch is cool
L35[11:09:11] <Izzy> overkill for my needs, but cool
L36[11:10:26] <Va​ur> %sip
L37[11:10:27] <MichiBot> You drink a smooth silver potion (New!). Vaur hears a scream from nearby.
L38[11:19:37] <Amanda> nadja, @S3: I see, so I'd use the vlan stuff to like put a VM on my iot vlan instead of my server vlan, and it'd get an IP from the iot subnet instead?
L39[11:20:19] <Amanda> It just clicked that that's what the different vlan IDs are for in unifi
L40[11:24:38] <Amanda> I thought that the vlans were just another way of saying a managed subnet
L41[11:27:05] <Forec​aster> I don't think that pinged properly
L42[11:28:24] <Amanda> Bah humbug, @S3 ^
L43[11:29:52] <Forec​aster> that looks the same
L44[11:30:25] <Forecaster> @Forecaster
L45[11:30:35] <Forec​aster> that worked
L46[11:30:44] <Forec​aster> weird
L47[11:30:49] <Forec​aster> @S3
L48[11:36:37] <Amanda> I blame the foxen, as per my want
L49[11:53:28] <S​3> I actually don't like open switch all that much. It's an interesting idea, but I dislike its configuration system and also it's not very performant in high bandwidth networks because the switching itself isn't hardware offloaded (what would you do about that anyways)
L50[12:00:30] <Forec​aster> %sip
L51[12:00:31] <MichiBot> You drink a salty gold potion (New!). The potion contained a computer virus! Forecaster hears a maniacal laugh as their cursor flips upside down!
L52[12:00:37] <Forec​aster> aw
L53[12:07:01] <S​3> @Forecaster check out the Cisco VIC 1227
L54[12:07:37] <Forec​aster> why?
L55[12:20:49] <Amanda> @S3 I had to disable some kind of hardware networking in my nucs because it keeps hanging the network card and getting restarted
L56[12:42:06] <Amanda> Sophia: I have to have "tso-offload off" in my /etc/network/interfaces
L57[13:38:51] ⇦ Quits: Amanda (~m-yt727s@pool-108-16-20-147.phlapa.fios.verizon.net) (Remote host closed the connection)
L58[13:40:02] ⇨ Joins: Amanda (~m-yt727s@pool-108-16-20-147.phlapa.fios.verizon.net)
L59[14:01:05] <S​3> @ForecasterI figured you were responding "weird" to my VIC card
L60[14:01:15] <S​3> so I told you what model it was, not that it works on non cisco gear
L61[14:01:40] <Forec​aster> ah, no, it was about the pinging thing
L62[14:01:43] <S​3> Oh
L63[14:02:07] <S​3> Yeah whats with the weird numbers
L64[14:02:28] <Brisingr​ Aerowing> I blame Discord.
L65[14:02:40] <Brisingr​ Aerowing> Those are the User ID IIRC.
L66[14:03:07] <Forec​aster> except it's not S3s user id
L67[14:03:24] <Brisingr​ Aerowing> I still blame Discord.
L68[14:03:28] <Forec​aster> which might be why it fails
L69[14:03:29] <Brisingr​ Aerowing> It's a buggy mess.
L70[14:04:56] <S​3> Amanda: Yeah no VLANs are incredible. You can use just about any VLAN id you want. The reason I mentioned to avoid VLAN 1 is because that is the VLAN that most devices use for internal use. For example, spanning tree protocol often works on VLAN 1, but it just untags as it goes out to whatever interfaces so you never see VLAN 1 tagged on a
L71[14:04:56] <Corded> frame unless you use wireshark on a bridge or something.
L72[14:05:40] <S​3> It's technically a security concern to use vlan 1 in your network
L73[14:06:01] <Forec​aster> you heard it here first, no VLANs are incredible! Scientists say VLANs can't be incredible!
L74[14:06:06] <S​3> Haha
L75[14:06:07] <Forec​aster> more at 11
L76[14:06:20] <Amanda> Huh. weird. My unifi has the default VLAN for it's default network as VLAN 1
L77[14:06:31] <S​3> It can also be useful to choose a default vlan to "sink traffic into" if you care about security
L78[14:06:32] <S​3> yes
L79[14:06:35] <S​3> Cisco does the same crap.
L80[14:07:01] <S​3> We explicitly change all of our default vlans on Cisco gear to a specific black hole vlan
L81[14:07:03] <Amanda> The only devices on that vlan though are my dream machine and my unifi switch
L82[14:07:19] <S​3> It is not abnormal that when you dset up a vlan trunk you will have a default vlan of 1
L83[14:07:36] <S​3> and, on Linux usually the bridge would be tagged on vlan 1
L84[14:07:52] <S​3> Which makes sense, if you want spanning tree and other protocols to work
L85[14:08:10] <S​3> The only thing I am recommending is not to use vlan 1 for your individual ports to other things
L86[14:08:43] <Amanda> looks like unifi doesn't actually let you change the default network's vlan
L87[14:09:13] <Amanda> and you can't delete it, I don't think
L88[14:09:22] <S​3> you should be able to still not "tag" an individual port on vlan 1 and ensure that you chose a default "pvid" for access ports.
L89[14:09:36] <S​3> Linux's bridge vlan filtering will let you do that
L90[14:10:46] <S​3> In reality as long as you don't tag other ports as vlan 1 for the vlan filters and don't put things on vlan 1 directly or subnet it it should be fine.
L91[14:11:44] <S​3> Trying not to be confusing though and I am probably not helping XD
L92[14:12:15] <S​3> I guess the baseline is "don't put hosts directly on vlan 1. Don't use it for anything other than Ubiquiti does already"
L93[14:12:42] <Amanda> yeah that's what I ended up doing anyway
L94[14:12:45] <S​3> 4095 is also reserved and on many devices so isn't 4094
L95[14:12:56] <Amanda> the only thins on the vlan1 is unifi hardware
L96[14:13:01] <S​3> yeah
L97[14:13:06] <S​3> So I was the one that was confused 🙂
L98[14:13:53] <Amanda> so what I gather is I'd be able to like put things on my IoT "Network" (vlan 4) by poking at proxmox to tag a vlan for the VM?
L99[14:14:04] <Forec​aster> don't do it or you'll be arrested by the LANPD
L100[14:14:35] <Forec​aster> %tonkout
L101[14:14:36] <MichiBot> Kapow! Forec​aster! You beat Spider ​EveryOS's previous record of 9 hours, 17 minutes and 17 seconds (By 26 minutes and 41 seconds)! I hope you're happy!
L102[14:14:37] <MichiBot> Forec​aster has stolen the tonkout! Tonk has been reset! They gained 0.009 tonk points! plus 0.008 bonus points for consecutive hours! (Reduced to 50% because stealing) Current score: 1.40557. Position #1
L103[14:15:02] <Amanda> I wasn't sure I'd be able to do that otherwise because previously I tagged the ports in unifi as the server vlan, but I gather I could override that in proxmox?
L104[14:15:03] <S​3> If you find yourself making a bunch of vlans that you have to remember, I know I can't, I have way too many. I assign a domain to every single vlan. For example, wifi.alondo.etherealryft.net, net.alondo.etherealryft.net, net.jita.etherealryft.net, gensrv.jita.etherealryft.net, and so forth for every vlan. This means that when I make
L105[14:15:03] <Corded> firewall rules, I can make a subnet address list with a name for that domain, then all I have to do is be like, if destination address list is "net.jita.etherealryft.net" and source address list is "gate.etherealryft.net" then allow port 22
L106[14:15:22] <S​3> You don't have to do this, but it makes my firewall rules and remember what is what so much easier.
L107[14:15:51] <Amanda> yeah I've got four "networks" -- lan.home, srv.home, iot.home, and unnamed ( Guest )
L108[14:15:57] <S​3> It also makes it nice with DHCP because unless I make a cname every device on all of my vlans have a domain name attached from DHCP which is from their vlan
L109[14:16:36] <S​3> It just gets messy quick if you have numbers all over the place. It's also why I separate vlan categories in groups of 10
L110[14:17:40] <S​3> I think 10 for example is net.alondo.etherealryft.net and 11 is net.jita.etherealryft.net, both of which are ssh / ipmi / vnc management networks for two separate divisions of my network, since I separate all of my servers from my home stuff.
L111[14:17:53] <S​3> so 10-19 is the first management group
L112[14:18:03] <S​3> Then 20 is like general purpose or some crap
L113[14:18:11] <Amanda> I see
L114[14:18:12] <S​3> 20-29 that is
L115[14:19:00] <Amanda> so vlans is what unifi is internally using for these "networks" which each have their own subnet/dhcp leases/etc?
L116[14:21:45] <S​3> It could be. We use EdgeOS for some purposes at work but I have never used Unifi. It should be at least using vlan 1 for things like STP and OSPF, etc technically.
L117[14:21:57] <Amanda> Yeah I guess so, since this is in a tooltip for what I used to assign a port in my switch to a Network:
L118[14:21:58] <Amanda> https://matrix.camnet.site/_matrix/media/v3/download/camnet.site/xBfxuKxSeeNZVVogUVGlubIC/image.png
L119[14:22:48] <Amanda> And it has options to control what tagged traffic is handled as (accept, only specific vlans, deny all)
L120[14:22:52] <S​3> Yeah. I'm trying to think what my native vlan is for mine, I think I just use vlan 9 or something which has no subnet and doesn't go anywhere
L121[14:22:55] ⇦ Quits: Izzy (~izzy@210.1.218.92) (Ping timeout: 195 seconds)
L122[14:23:09] <S​3> so all of my access ports I just set to vlan 9 by defauylt and set trunks to native vlan 9
L123[14:23:31] <S​3> and they go to the nether because I don't use vlan 9 that is not allowed XD
L124[14:23:52] <S​3> At least that's how I use the native vlans at home
L125[14:23:55] <Amanda> So what you have it where a vlan is just a blackhole, so anything plugged in there without configuring the port is instead blackholed?
L126[14:24:45] <S​3> That's what we do at work and I do at home, I think you mentioned though that Ubiquiti didn't play nice with changing the native vlan though unless I heard you wrong.
L127[14:25:07] <Amanda> It straight up doesn't let you change the vlan 1 "network"'s ID
L128[14:25:09] <S​3> We do it because, at work, our scale is more than 50,000 ethernet ports. We have to do whatever we can to minimize security breaches.
L129[14:25:32] <S​3> And at home, I have friends I wouldn't trust with my personal stuff going through my network to the servers and such
L130[14:26:16] <S​3> So I've separated my network into two halves and have a border with pretty strong defaults on security to prevent what I call a "vlan leak"
L131[14:26:34] <Amanda> I've currently got an IoT network, but the only thing I do with it at the moment is throttle it, I'm htinking I'll move my hass VM onto it, and then disallow it to talk to outside the vlan
L132[14:27:05] <Amanda> So random crap we buy isn't getting access to my homelab servers, except for to hass
L133[14:27:42] <Amanda> Then lock down any ports going to iot devices to just the iot vlan
L134[14:28:03] <Amanda> ( We've got a networked camera, and a "Streaming Box" )
L135[14:28:07] <S​3> I have GNS3 setup on my personal laptop, I could show you a topology of what my network looks like actually. Though... I am at work and I didn't bring my laptop
L136[14:29:03] <S​3> If you haven't used GNS3 before, it's a network simulator that uses QEMU, so I can set up VMs with Linux / BSD, run docker containers, wireshark instances on links, virtualized Mikrotik / Cisco routers etc
L137[14:29:11] <S​3> However Ubiquiti is dumb and doesn't give us VM images
L138[14:29:27] <S​3> It would be nice if they did because then you could simulate and test your config on GNS3 before deploying
L139[14:29:43] <S​3> Mikrotik actually has a VM of its own Router OS
L140[14:30:05] <S​3> I use Mikrotiks at home so I can simulate everything at home all in GNS3 then just copy configs over
L141[14:31:04] <S​3> The problem, is that Mikrotiks practically require you to be a network engineer to even understand them, so I don't generally recommend them to people even though I absolutely love their products. It's sucky.
L142[14:31:58] <Amanda> Oh hey, all the Port Profiles I made using Terraform awhile ago are all defaulted to deny non-default vlans:
L143[14:31:59] <Amanda> https://matrix.camnet.site/_matrix/media/v3/download/camnet.site/LFiGOwwZgQVttzBkdZAxWLTT/image.png
L144[14:32:29] <Amanda> So stuff in the IoT profile can't jump vlans, that's nice
L145[14:32:56] <S​3> Oh neat. Like an interface template or something?
L146[14:33:06] <Amanda> Yeah
L147[14:33:11] <S​3> That's cool
L148[14:33:34] <Amanda> Instead of setting all the options in each port, I can go to the port and select "Servers (No PoE)" and it'll go on the server vlan, and disable PoE if that port supports it
L149[14:34:06] *** Skye is now known as skyem123
L150[14:35:17] *** skyem123 is now known as skyem
L151[14:36:27] <S​3> I have to be careful right now because when I add a new vlan to a port I have to replace all tagged vlans, there's a way to add them individually but it's not that intuitive. I'm looking to replace this with Ansible tasks
L152[14:36:32] *** skyem is now known as Skye
L153[14:36:54] <S​3> The problem is I could slip up and forget to re-add an interface to a vlan and pull one out
L154[14:37:17] <S​3> It's not as dangerous as cisco though
L155[14:38:33] <Amanda> I wonder how bad it'd be if I started changing the network's VLAN ids with a bunch of devices connected. I imagine not bad since at the moment it's all controlled by Native VLAN configs
L156[14:38:52] <Amanda> I'm kinda tempted to steal your scheme
L157[14:42:12] <Amanda> %p
L158[14:42:13] <MichiBot> Ping reply from Ama​nda 0.28s
L159[14:42:23] <Amanda> Answer: It causes wifi to be restarted
L160[14:42:29] <Amanda> interesting
L161[14:56:59] <Forec​aster> Could be worse
L162[15:01:25] <Amanda> indeed, it was. I had to restart the dream machine because wifi wouldn' connect after changing it's VLAN
L163[15:02:09] <Amanda> %p
L164[15:02:10] <MichiBot> Ping reply from Ama​nda 0.29s
L165[15:12:46] <Forec​aster> Ohno
L166[15:20:36] <S​3> Amanda: changing VLANs shouldn't do anything. The risk you run into is when you have multiple switches with redundant links and you might accidentally create a loop somewhere
L167[15:21:18] <S​3> If you do, you should be aware that low bandwidth loops on decent network hardware can take weeks to show up hahaha
L168[15:22:49] <S​3> Spanning tree will try to prevent loops on trunks, but if you create a loop using access ports spanning tree isn't going to block it even with bpdu guard enabled as long as bpdus aren't being received on the ports.
L169[15:23:05] <S​3> I'm assuming your setup is simple enough not to need spanning tree though
L170[15:23:29] <Amanda> I assume that applies when there's more than one ethernet connection between the switches? Therre's just a simple tree at the moment, Modem -> Dream MAchine -> Network Switch, each with a single ethernet connection between them
L171[15:24:49] <S​3> Yeah. When you start connecting multiple paths between your switches
L172[15:25:53] <S​3> You can still technically loop bridges on a single link but
L173[15:26:04] <S​3> You will probably notice the performance issues much faster
L174[15:26:11] <S​3> And it's unlikely
L175[15:26:44] <S​3> That would be a "why are you doing that" sort of moment
L176[15:30:57] <S​3> We have to be super careful where I work at our scale because most all of our switches have two links to one another
L177[15:31:58] <S​3> We implement a lot of security profiles to prevent people from doing stupid stuff, but as a network engineer I can loop it by accident pretty easily if I am not careful, and since a lot of our buildings are at dual 10 gig links, they would go down in a matter of secconds if I looped it
L178[15:32:41] <S​3> If a regular user looped the network with their IP phone or something though it would shut off their port pretty much immediately
L179[15:32:54] <S​3> So our biggest threat is us engineers XD
L180[15:45:50] <Corded> > <Forec​aster> I don't think that pinged properly
L181[15:45:50] <Mim​iru> SO, there is another user with the nickname "S3" in a server Corded is also in. their username is different, but the ping tries to match on S3 first... Hmm
L182[15:46:46] <Mim​iru> I should see if I can make it match only on users in the same server the message came from. Though currently it just loads all users into its cache
L183[15:48:48] <Mim​iru> https://github.com/CaitlynMainer/Yuri/blob/main/yuri.js#L264-L284 Yeah, it just searches the entire cached user list, so all users in all servers
L184[15:48:59] <Amanda> There, put the networked camera on it's own VLAN, which has no internet access, and only can talk to the other VLANs if the other VLAN initiates the connection. Also the guest VLAN simply can't talk to the cameras at all
L185[15:49:40] <Amanda> At least, I think that's what I did
L186[15:50:02] ⇨ Joins: Izzy (~izzy@210.1.218.92)
L187[15:54:02] <S​3> Mimiru I could change my nickname
L188[15:54:06] <Mim​iru> Nah
L189[15:54:37] <Amanda> @Z0idberg Do you know how vlans work in /etc/network/interfaces? It seems that's what proxmox uses to determine what devices to list for a VM to connect to, how would I add a new bridge for VLAN 30 (My IoT VLAN)
L190[15:54:52] <Amanda> At least I assume I'd need a new bridge
L191[15:55:00] <Michiyo> @z0idburg Test
L192[15:55:10] <Michiyo> Ok, so MY ping worked, but Amanda's didn't
L193[15:55:12] <S​3> Hi
L194[15:55:21] <Amanda> I'm guessing it's becaus eI did uppercase-Z
L195[15:55:29] <Michiyo> I guess account name pings are case sensitive?
L196[15:55:51] <S​3> Last I checked /etc/network/interfaces is debians or systemd's config thing right?
L197[15:55:57] <Amanda> debian's yeah
L198[15:56:15] <S​3> I've definitely used it before but I also remember not knowing for sure if what I was entering was "correct" either
L199[15:56:37] <Mim​iru> The switch from /etc/network/interface to netplan confused me... I still screw up a lot.
L200[15:56:39] <S​3> Debian has good documentation on it iirc...
L201[15:57:18] <S​3> Here's part of it I think
L202[15:57:19] <S​3> https://wiki.debian.org/NetworkConfiguration#A.2Fetc.2Fnetwork.2Finterfaces
L203[15:57:20] <Amanda> I've got my proxmox nodes /etc/network/interfaces handled by ansible, so I can propigate the "tso-offload off" setting I need to stop networking getting flaky af from the hardware impl of that hanging
L204[15:57:34] <S​3> Not sure if you saw that, but I remember part of it being on here
L205[15:57:45] <S​3> I do remember you have like, two ways to configure them
L206[15:57:57] <S​3> A) You could use Linux's vlan subinterface thing
L207[15:58:08] <S​3> I kinda hate that mechanism to be honest
L208[15:58:26] <S​3> B) you can configure bridges in that directory for your network interface configuration and set up vlan filtering
L209[15:58:37] <S​3> That's the one I think I had trouble finding good documentation for
L210[15:58:50] <S​3> The one I linked you is the subinterface method
L211[15:58:53] <Amanda> Looks like I can do this? https://cumulusnetworks.github.io/ifupdown2/ifupdown2/userguide.html#using-templates
L212[15:59:52] <Amanda> at least the syntax that template would compile to
L213[16:00:21] <S​3> Yeah. It looks likle that uses the subinterfaces method, so if you prefer that route, it should work for that
L214[16:00:26] <S​3> There's also this:
L215[16:00:26] <S​3> https://computingpost.medium.com/create-linux-bridge-on-vlan-interface-in-debian-11-10-e5679e3894bd
L216[16:00:47] <Amanda> Oh...
L217[16:00:48] <Amanda> https://matrix.camnet.site/_matrix/media/v3/download/camnet.site/HQHpTAPZMnaCyoiDCFKvltxf/image.png
L218[16:01:05] <Amanda> There's just a box for it in the VM Network config
L219[16:01:06] <S​3> Which is a more thorough example of subinterfaces
L220[16:01:11] <S​3> Oh neat
L221[16:01:23] <S​3> Hmm. I wonder how that works under the hood
L222[16:01:31] <S​3> if it's just a filter or a vlan interface or what
L223[16:02:47] <S​3> you could set a vlan tag then do an ifconfig, a bidge vlan show, and maybe I think, brctl show to see what method it uses
L224[16:03:23] <S​3> if you see anything in bridge vlan show, then it is using vlan filtering under the hood
L225[16:04:03] <S​3> This all isn't required but it might help to understand how proxmox is setting up your network just for being in the know
L226[16:17:20] <Mim​iru> I either fixed it, or broke relying entierly let's find out!
L227[16:17:24] <Mim​iru> !update
L228[16:17:24] ⇦ Quits: Corded (~Corded@2001:19f0:8001:d8f:5400:4ff:fea5:61b0) (Remote host closed the connection)
L229[16:17:27] ⇨ Joins: Corded (~Corded@2001:19f0:8001:d8f:5400:4ff:fea5:61b0)
L230[16:17:27] zsh sets mode: +v on Corded
L231[16:17:41] <Michiyo> @Mimiru Test
L232[16:17:45] <Michiyo> Yep
L233[16:17:48] <Michiyo> @Michiyo Test
L234[16:17:51] <Michiyo> ok..
L235[16:17:55] <Michiyo> @S3 test
L236[16:18:01] <Michiyo> yep, broke the shit out of it lol
L237[16:18:06] <Amanda> :D
L238[16:18:27] <Michiyo> Relaying DOES work, but now ONLY account name pings work. lol
L239[16:29:23] <S​3> Ha
L240[16:30:16] * Amanda disallows the IoT VLAN to access anything in the servers VLAN except for the pihole servers
L241[16:30:46] <Amanda> this is kinda fun, assuming I've even done any of this right
L242[16:35:07] <S​3> well you can try sending network traffic from other vlans and see if they drop
L243[16:35:08] <S​3> OH
L244[16:35:14] <S​3> OH I almost completely forgot
L245[16:35:51] <S​3> IF you use routing on proxmox, you "might" have to set a firewall rule that says any vlan interface can't route to another vlan interface (unless a rule says otherwise)
L246[16:36:22] <S​3> For example... Let's say that your proxmox server had a vlan interface with an IP address as a gateway for every VLAN you had
L247[16:36:41] <S​3> if you have layer 3 routing, the devices on each vlan could talk to eachother by crossing the router
L248[16:37:02] <S​3> To fix this on Linux, I add every vlan interface to a list called "vlan"
L249[16:37:16] <S​3> then I just made a firewall rule that just says drop all from vlan to vlan
L250[16:37:17] <S​3> XD
L251[16:37:32] <S​3> Proxmox might be smarter than that
L252[16:40:07] <S​3> You could also just have a rule at the buttom that just says drop everything I guess
L253[17:05:35] <Forec​aster> %sip
L254[17:05:36] <MichiBot> You drink an oxidised honey potion (New!). A genie appears out of the empty bottle, turns it into a pie, then vanishes.
L255[17:05:47] <Forec​aster> Oh free pie
L256[17:07:09] <gruetzkopf> on ~oldish cisco gear some VLANs around 1000 (forgot the exact IDs ) are reserved for FDDI/Tokenring... interop
L257[17:09:03] <S​3> Cisco interestingly enough does a lot of weird shit sometimes
L258[17:09:34] <S​3> Though IOS XE has smoothed out pretty well, now that we're using 9000 series hardware
L259[17:12:50] <Spider ​EveryOS> %tonk
L260[17:12:50] <MichiBot> Wow! Spider ​EveryOS! You beat Forec​aster's previous record of <0 (By 2 hours, 58 minutes and 15 seconds)! I hope you're happy!
L261[17:12:51] <MichiBot> Spider EveryOS's new record is 2 hours, 58 minutes and 15 seconds! Spider EveryOS also gained 0.00297 tonk points for stealing the tonk. Position #3. Need 0.75607 more points to pass Va​ur!
L262[18:04:28] <the 4 dogs of ​the apocolypse> is there a way to expand pc ram? mineos is complaining despite having max level
L263[18:06:14] <Forec​aster> A server have more slots for ram
L264[18:06:27] <Forec​aster> * has more slots for ram
L265[18:13:01] <the 4 dogs of ​the apocolypse> can you use a server like a computer?
L266[18:13:30] <Mim​iru> A sever *is* a computer.
L267[18:14:19] <Forec​aster> Of course not, in only allowed to give useless advice since that one court case
L268[18:14:27] <Forec​aster> * I'm only allowed to give useless advice since that one court case
L269[18:14:33] <the 4 dogs of ​the apocolypse> i mean connecting it to peripherals
L270[18:14:43] <Mim​iru> It's *literally* a computer.
L271[18:14:48] <Forec​aster> Why wouldn't you
L272[18:14:56] <Mim​iru> The rack can be configured to pass a side directly to a server.
L273[18:15:09] <Forec​aster> Maybe you should just try it
L274[18:15:30] <the 4 dogs of ​the apocolypse> yeah, i just dont have a ton of time and wanted to check
L275[18:15:56] <Mim​iru> It took more time to ask and wait for an answer than it would have to just drop a rack and slap a server in it. But ok.
L276[18:16:21] <Forec​aster> Well, assuming creative mode
L277[18:17:50] <Mim​iru> I guess I may be unique that I do testing of stuff like that in a creative world. *shrug*
L278[18:18:29] <Elfi> %splash Forecaster with mutable potion
L279[18:18:29] <MichiBot> You fling a mutable violium potion (New!) that splashes onto Forecaster. Forecaster turns into a rubium dragon girl until someone turns on a lamp.
L280[18:18:48] <Elfi> Well, that's tragic
L281[18:18:53] <Elfi> On one hand, dragon girl. On the other, lämp
L282[18:19:47] <Forec​aster> Hey D:
L283[18:22:34] <the 4 dogs of ​the apocolypse> help, server gave error- no bootable medium found; /init.lua
L284[18:25:14] <Forec​aster> ...
L285[18:25:42] <Forec​aster> So put something bootable in it
L286[18:25:52] <the 4 dogs of ​the apocolypse> ? i put in an eprom
L287[18:26:09] <Forec​aster> Which one
L288[18:26:34] <the 4 dogs of ​the apocolypse> normal wouldnt work, lua gave that error
L289[18:26:51] <the 4 dogs of ​the apocolypse> * "normal" wouldnt work, lua gave that error
L290[18:27:31] <Forec​aster> The lua bios eeprom tries to load an operating system from attached storage
L291[18:27:46] <Forec​aster> I'd there is none it will give that error
L292[18:28:02] <the 4 dogs of ​the apocolypse> wait so i need to preload a drive?
L293[18:28:04] <Forec​aster> The "normal" one is just an empty eeprom
L294[18:28:37] <Corded> > <the 4 dogs of ​the apocolypse> wait so i need to preload a drive?
L295[18:28:38] <the 4 dogs of ​the apocolypse> oor am i just misunderstanding?
L296[18:28:47] <Forec​aster> You need an OS on a floppy or installed on a disk
L297[18:29:12] <the 4 dogs of ​the apocolypse> but... i can't find a slot for a disc...
L298[18:29:21] <Mim​iru> Servers don't have a floppy drive. So either an external floppy drive or a HDD with OpenOS
L299[18:29:28] <the 4 dogs of ​the apocolypse> oh
L300[18:29:32] <the 4 dogs of ​the apocolypse> one sec
L301[18:29:42] <Amanda> There's a floppy drive you can put in the rack as well
L302[18:31:04] <Forec​aster> It's floppy disk, not disc
L303[18:31:58] <the 4 dogs of ​the apocolypse> yeah, ik but mispelled. also i found the drive, it works now. thnx
L304[18:33:05] <the 4 dogs of ​the apocolypse> hey... does the remote terminal work? i cant bind it even though im shift-RCing it
L305[18:33:26] <Forec​aster> What remote terminal
L306[18:33:33] <the 4 dogs of ​the apocolypse> the item?
L307[18:33:57] <the 4 dogs of ​the apocolypse> it says to src the rack
L308[18:34:11] <Forec​aster> Oh, did you put the terminal server in the rack?
L309[18:34:17] <the 4 dogs of ​the apocolypse> oh
L310[18:34:20] <the 4 dogs of ​the apocolypse> mb
L311[18:35:20] <the 4 dogs of ​the apocolypse> k... moment of truth...
L312[18:35:54] <the 4 dogs of ​the apocolypse> yay! mineos works
L313[18:36:05] <Forec​aster> Also, just so you know, we don't provide support for mineos
L314[18:36:27] <Forec​aster> Nobody here uses it that I'm aware of
L315[18:37:08] <the 4 dogs of ​the apocolypse> thats fine. i just need help with the base mod
L316[18:40:40] <S​3> @the 4 dogs of the apocolypseWait WAIT WAIT WAIT. You are playing a game, which is a thing that people use for the purpose of WASTING TIME, and you are complaining about not having a lot of time. What the heck?
L317[18:41:01] <S​3> Literally makes no sense.
L318[18:41:11] <S​3> Games waste time. It's what they do.
L319[18:41:21] <S​3> That can be a good or a bad thing.
L320[18:41:26] <S​3> But in the end, they waste time.
L321[18:43:36] <Forec​aster> Well, there's wasting time in something you want to, and wasting time you don't want to
L322[18:43:47] <Forec​aster> * on something you want to, and wasting time you don't want to
L323[18:47:53] <S​3> Yeah
L324[18:48:16] <S​3> Dopamine based attention span?
L325[18:49:34] <S​3> Here
L326[18:49:34] <S​3> https://ocdoc.cil.li/block:server_rack
L327[18:49:36] <S​3> woohoo
L328[18:49:48] <S​3> "Server's are basically computers in item format"
L329[18:50:26] <S​3> I am an asshole today
L330[18:50:30] <lunar_sam> i need to see how servers work under the hood
L331[18:50:39] <lunar_sam> use that to create compute cards
L332[18:50:52] <lunar_sam> i might work on OSSM, who knows
L333[18:51:00] <S​3> Oh hey
L334[18:51:04] <S​3> Where have you been?
L335[18:51:05] <S​3> Stranger 😛
L336[18:51:24] <lunar_sam> working and sleeping, life's slowly driving me insane :v
L337[18:52:10] <lunar_sam> ~also playing a particular, terrible free to play game with fighter jets and tanks~
L338[18:57:15] <S​3> Oh yeah?
L339[18:57:19] <S​3> That sounds normal
L340[19:02:10] <lunar_sam> yeah
L341[19:02:31] <lunar_sam> i just ramble to izzy sometimes lmao, haven't done much programming in a while
L342[19:35:36] * Amanda offers Elfi some snacks while she waits for the hot-box to get hot
L343[20:57:35] <gruetzkopf> meow
L344[21:04:07] * Amanda meows hello yo gruetzkopf:
L345[21:11:03] <Corded> > <Z0id​burg> @the 4 dogs of the apocolypseWait WAIT WAIT WAIT. You are p…
L346[21:11:03] <the 4 dogs of ​the apocolypse> i wanted to have eenough time to waste with the actual game instead of troubleshooting something in the game.
L347[21:13:43] <Amanda> %choose laptopnaptime?
L348[21:13:43] <MichiBot> Ama​nda: Hm, yeah okay.
L349[21:14:40] * Amanda curls up around Elfi, tries to decide what story about sufficiently advanced technology to read, the one with a panther girl, or the one where aliens turn a city into a magical girl reality TV show
L350[21:20:49] <the 4 dogs of ​the apocolypse> hey so, what is "relay mode", and can to servers be used in tandem for additional resources? like rerdstone cards and such?
L351[21:21:51] <Izzy> relay mode decides whether the rack will relay network packets between the different sides
L352[21:21:53] <Izzy> it's quite slow tho
L353[21:22:01] <the 4 dogs of ​the apocolypse> ok.
L354[21:22:14] * Amanda meows good meowning to Izzy
L355[21:22:14] <the 4 dogs of ​the apocolypse> and what about the tandem thing?
L356[21:22:30] <Amanda> If someone writes software for that sure
L357[21:22:38] <the 4 dogs of ​the apocolypse> huh
L358[21:22:47] <Amanda> Afaik nobody has though.
L359[21:22:47] <Izzy> redstone cards can be proxied over minitel RPC
L360[21:22:49] <Izzy> :)
L361[21:23:02] <Amanda> Other than things like Izzy's minitel rpc
L362[21:23:26] <the 4 dogs of ​the apocolypse> unrelated question, are these bots the kind that people use tto keep their profiles private? or...
L363[21:23:33] <Amanda> Which can be used to expose components across the network
L364[21:23:41] <Amanda> %discorded
L365[21:23:41] <MichiBot> Cor​ded is a relay between IRC and Discord. It uses a webhook (most of the time) to send IRC messages to discord, which is why there is a Bot tag
L366[21:23:51] <the 4 dogs of ​the apocolypse> ok, thought so
L367[21:24:43] <Amanda> %irc
L368[21:24:44] <MichiBot> all the "bots" are real people, using the superior IRC chat protocol. https://youtu.be/O2rGTXHvPCQ
L369[21:24:54] <Amanda> That's the command I was looking for
L370[21:26:00] <the 4 dogs of ​the apocolypse> one last thing for now, do nanomachines change the player's size to that of a baby zombie? my camera position sstayed the same but i went into third and suddenly noticed i was small.
L371[21:26:41] <Amanda> I'm not sure, that might be one of the random effects they can have? I thought they just had random buff/debuffs though
L372[21:27:09] <the 4 dogs of ​the apocolypse> huh
L373[21:28:07] ⇦ Quits: Vexatos (~Vexatos@p200300eaef06ee0057ee3d32306817da.dip0.t-ipconnect.de) (Quit: Insert quantum chemistry joke here)
L374[21:42:59] <Amanda> Elfi: post-rainbox snack, cake or iced creams?
L375[22:42:58] <Saphire> aaRawr
L376[22:44:10] <stephan48> Am I crazy for considering to use keepalived and glusterfs to build a redundant PXE setup between three machines so I can even work on the server(which is currently hosting it and its annoying when it fails and I can't use PXE)? i need to maybe a few times a year
L377[23:57:24] <S​3> hmm. Why not use VRRP?
L378[23:58:20] <S​3> With VRRP, you give as many hosts as you want the same exact IP address. They share a virtual mac address. When one fails, another takes over. It's meant for routing, but can be used for anything that you want to be redundant that doesn't already have redundant features, stephan48.
L379[23:58:38] <S​3> Then you could have 2 or more PXE servers that are just clones of eachother
L380[23:59:46] <S​3> if you're running servers as thin clients or something, then it's a bit different
<<Prev Next>> Scroll to Top