networking

Hiya, I've got a desktop (connected to wifi), and a server (without a networking card), and I do not have access to Ethernet/or the router. However, I do have a networking switch - and was wondering if I could bridge the WiFi from my desktop(Nobara), to the Switch, and have my other devices such as Raspberry Pi and my main server connect to that. If thats possible please let me know how, or point me to some resources, I believe I have to touch iptables in this case, but have never tweaked those before.

This is a very temporary solution for not having access to a router. But gotta live like this for 5 months, so gotta find a solution to get WiFi on my server, as cheap as possible.

cross-posted from: https://lemmy.world/post/12521221

Dear all, I have some questions for what I'm about to do with my HomeLab. I recently upgraded my connection to a 1000/1000 and the ISP sent me this shit ass router (Fastweb Nexxt) which is very locked down. I want to change it.

Today this Fastweb Nexxt is not doing DHCP because I'm running a VM with OPNSense on it from which I manage IP reservation etc.

The fiber connection comes to my house and it's connected to a small box, an ONT from ZTE. Then an ethernet cable goes to the wan port of the Fastweb Nexxt and then LAN to my server where the OPNSense VM is hosted.

Now, I'm open to solution, the goal is to remove the Fastweb Nexxt.

The "Cheap" idea would be to use a USBC to Ethernet cable so to add a second Ethernet card to my server and connect the ZTE device to it. I would then assign in OPNSense this cable as WAN and leave the existing card as LAN for the switch. I'm quite sure I would need as well to clone the MAC address of the Fastweb Nexxt device and assign this MAC to the wan of my OPNSense right?

I'm open to any kind of suggestion, even something like "this is the best home-router for 100€"

Hiya, quickly wondering if there is a big difference between speeds when using a vpn compared to using a proxy server solution? Anyone got any experience here or good articles to refer to?

Thanks 🌻

VyOS 1.4.0 is finally here as a full LTS release (although, it's early production access).

So many great features are highlighted in the post. I've been using 1.4 images for quite some time, with great success, in my labs. Looking forward to using this one more.

Congrats to the VyOS team.

I posted about OpenWISP a while back but I need to report that it is buggy and unpolished. The community behind it also is very small so not much happens.

Hello networking community

driven by the vision of a decentralised, independent and neutral network, I have set out into the depths of netowrking. I have compared different networks and tried to understand the underlying structures.

But my head is spinning from all the research and I've lost track a bit, which is why I'm turning to you. I would like to compare and categorise all these networks according to their protocols using the osi model.

I would be grateful if you could help me to fill in the following table as good as possible. You can simply copy it or write your answer in the comments.

I'm in need of a cable crimper and some other network tools like a tone gen/probe, cable snipper/stripper, and I'll probably also get a cable tester, for a couple of jobs I'll be doing soon

So, I'm assembling a basic toolkit to install the physical network parts, and I'm asking here for recommendations on mid and high quality tools so I can decide on what to get

As one should do with tools, I'm ready to spend a buck (or euro, in this case) to get good and durable stuff, but these days looking for reviews online is a marketing shitshow, so I thought I'd come here to look for recommendations and try to find someone with actual practical knowledge and experience

Any advice is welcome!

cross-posted from: https://lemmy.ca/post/14107888

I have a very specific questions about Linux Traffic control and u32 filters in particular. However, I don't know where the right place is to ask such a question as it's fairly niche.

The Linux Advanced Routing & Traffic Control site says it has a mailing list for questions, but the last post was from 2019. There is also the incredibly busy 'linux-netdev' mailing list, but, the traffic there looks like strictly source changes.

Any ideas?

The question I'm trying to find an answer to is: The u32 tc filter seems to support negative byte offsets which allows you to examine the Ethernet frame header (I don't think I even found documentation on this, this is thanks to ChatGPT). However, when using u32 values to examine 8 bytes I can only use offsets in increments of 4 - like "at -8" or "at -12", with any other increment giving me the error Illegal "match".

This seems like only a curiosity, but, I've been struggling to get my bit-matching to match the way I expect, and I'm wondering if this suggests that matching doesn't function the way I think.

Hey all, I was wondering if anyone could help me work out how to do this? Basically, I have a stupid number of smart devices and my router has become increasingly unstable. I want to have all my IOT devices on one router and reserve the other for priority devices like phones and PCs.

I plan to put my IOT hub on 2G only and my primary hub on 6G and 6e only to avoid 2G congestion.

Problem is, if I connect both my routers to my modem, only one can connect to the internet. I tried putting a network switch between the routers and the modem, no dice.

Does anybody know how I can have 2 separate networks using 2 separate routers on a single modem? Both require internet connection but they don’t need to be able to communicate.

Thanks in advance for any help people can give :)

I may soon be upgrading to 2.5Gbps internet, however all the routers that support said speed seem to be expensive. Is there any that cost less than $100?

I'm building this implementation of a circular DHT from scratch because I want to learn and understand how peer-to-peer protocols work. So far so good, but I'm realizing I don't know two things and I don't know where to find them:

1. What NAT traversal method to use. Do I necessarily need to rely on relay servers for UDP hole punching or STUN?
2. What is the most reasonable way to test the overall system is working? Should I build a docker network with each node being a container or are there specialized tools for testing networked applications?

Thanks in advance for any answers or pointers!

Hi all!

I have 2 ISPs with their own routers.

Router A: 192.168.0.1/24

Router B: 192.168.20.1/24

I have my servers plugged into Router A and all my endpoint and users' devices connected to Router B.

I want users connected to Router B (192.168.20.1/24) to have access to server 192.168.0.90

I thought plugging a LAN cable and connecting Router A and Router B and then defining static routes in both routers would solve the issue.

However, at the first step itself I have an issue. When connecting the routers via a LAN cable, both routers dont get any IP.

I was also referring to this post on superuser. Though Router B is capable of creating subnet and static route, I am not sure if Router A (Archer XR500v) is capable of creating a subnet and/or a static route.

https://superuser.com/questions/1667068/connect-two-routers-with-different-subnet

I'm looking at a permanent install of a Windows machine that runs a few digital signs. I want to achieve remote access and file upload to the Windows box, as well as accessing the internal web server of the displays on the same LAN. This LAN will be attached to a corporate network, but I would prefer if it did not have access to the internet. I'll have to work with the IT department to get this happening, of course, but I'm hoping to go in prepped with potential solutions. Could anyone tell me if these ideas will work, or what I'm missing?

• VPN tunnel. This would be whichever VPN that their IT supports. Would I be able to simply install the client on the windows box and my machine, and then on my machine connect to the VPN, use TeamViewer in LAN mode for control of the Windows box, and web browser for control of displays? I'm assuming their IT would set up the upstream switch to only pass that VPN connection, so that the Windows box does not see the internet, and I cannot see their internal network.
• Some kind of IPMI/PiKVM solution- This would be a second computer, attached to the corporate network, but not to the signage LAN. It would just be a KVM for the Windows box. I would then dial into that via its webserver, and control the Windows machine. The control for the displays would be accessed via browser on the Windows machine. I like this solution, as it keeps the networks separate, but I think that uploading files will be a challenge.
• Or is there a better way?

I'm trying to set up a Pi-hole on my in-laws' home network. I've got everything configured on the pi but ad-blocking wasn't working. So I did some digging into the logs and found that DNS requests were all coming from the router.

After some reading it seems that the DHCP server that the router used was adding a DNS suffix to all requests (search.charter), so I turned off the DHCP server on the router and used pi-hole's built-in DHCP to see if this would resolve the issue. I didn't have enough time to test the fix, but here's my understanding of what was happening before I changed the configuration:

I set the primary DNS server to the IP address of the pi-hole in the router settings so they would have network wide adblocking. All of the clients get a DHCP assigned DNS server address which was set to the router's address. I would input example.com into a client's browser, the DNS request would be sent to the router, then the router would act as a client in the pi-hole logs. Pi-hole tells the router that example.com is found at 192.158.1.38 and the ads being hosted on the website are at 0.0.0.0. The router sees that the DNS server didn't return a result for one of the queries, so it goes to an upstream DNS server hosted by the ISP where they provide the IP for the ad. Both addresses are sent along to the client device and the pi-hole shows the ad domain as being blocked.

Is that true? Did changing the DHCP server to the Pi-hole fix the problem? Is there anything more that I need to do? Did I totally whiff on troubleshooting? Let me know if you need more information. Any help would be appreciated since I'm trying to learn a little bit more about networking and take a little more control of my home network. Thanks!

I've made eireguard tu nel out to VPS (to circumvent CGNAT). Dns server works, web server + Gitea, Jellyfin,.. works. All the stuff running on my thin Ubuntu client. What doesn't work is forwarding the RDP port to my windows machine. No firewall on the windows machine. Used to work before CGNAT got enabled by my ISP. I've tried also UDP port, but still no connection.

Here is my wg0 conf:

[Interface] PrivateKey = ..... Address = 10.1.0.2/24

PostUp = iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to-destination 192.168.1.21:3389; iptables -t nat -A POSTROUTING -p tcp --dport 3389 -j MASQUERADE

PostDown = iptables -t nat -D PREROUTING -p tcp --dport 3389 -j DNAT --to-destination 192.168.1.21:3389; iptables -t nat -D POSTROUTING -p tcp --dport 3389 -j MASQUERADE

[Peer] PublicKey = ........ AllowedIPs = 0.0.0.0/0 Endpoint = ...oraclevpsIP....:55108 PersistentKeepalive = 25

Link on the bottom if you wish to try out the new VPP addon.

Is it possible? Can proxies somehow "advertise" themselves the way some media services or printers do?

So on my host I run Mullvad VPN all the time due to living in one of the X eyes countries and being over-paranoid, but when I torrent I do almost no uploading due to Mullvad blocking port forwarding. I had the bright idea to create a VM then attach it to my network in a way to completely bypass my host (also running Linux) connection and in-turn bypass Mullvad, I'd then connect this VM to my own Wireguard server that I rent overseas and configure port forwarding on that. I think I'm almost there however I seem to have hit a roadblock that I think the only workaround is attaching a second ethernet cable to my host, in order to get another interface so that the VM doesn't steal my host's connection.

Doing the dual ethernet setup isn't impossible, but it is extra cables and dongles that I'd rather do without, so I was wondering if I could create a second IP address on my host and pass that into the VM to use? I'm using qemu and virt manager for my virtual machines, Artix on my host and probably Linux Mint on my torrent VM.

Again I have no idea if this is possible or not, I simply don't know enough about networking yet to know for certain. I feel like it is but I wanted to ask some people who know what they're talking about :D.

Hi all

Just snagged a fortigate 60D from work that has gone EoL, what can/should I do with it.

another quick question, the 5gHz wifi seems very slow - any pointers?

I run a Ubiquiti DMP at home and I want to help a relative manage their network. They're getting a Ubiquiti Dream Router. Should I set their network up under my account or can they set it up under their own account and share access to it? I don't pay for any Ubiquiti managed services. Any help would be appreciated!

So I need to move my server closet out of the guest room closet and into the basement so the closet can be used as a closet again.

I’ve got like 15 shielded cat6 with insulated risers patched into the back of a rack mount patch panel.

My goal is to end up with all of the existing cable extended 15’ or so to the new patch panel location, with maybe some kind of small door in the wall of the original closet so I can access the splices if anything goes wrong.

I invested in shielded cat6 when networking the house to future proof everything, and I have solid home runs to every location. I’m currently only running gigabit speeds, but I’d like to preserve the integrity of the original cables as much as possible.

With that in mind, what’s the best method for this extension? I’ve seen shielded punchdown junction boxes as well as female/female inline couplers. Keep in mind that there will be a bunch of them, so any advice on keeping things organized is appreciated.