Language:
switch to room list switch to menu My folders
Go to page: First ... 10 11 12 13 [14] 15 16 17 18 ... Last
[#] Sun Feb 07 2021 10:06:09 EST from Nurb432

Subject: Re: WiFi Bridge

[Reply] [ReplyQuoted] [Headers] [Print]

Yes having a built in switch would take this to the next level, even tho its is only 100mb ( more than i need for my use case ). But, i just Velcroed it to the top of a small 5 port switch.    Tested with a netgear 20 port i had in the closet, but i had forgot how noisy those fans were.  So back in the closet it went.

May get another, and ditch the AC/Ethernet extender thingie i have out in the garage for my crypto miners. ( or not.. they dont need much bandwidth i guess. no real need to spend the $ )

The only real issue other than nearly zero documentation i ran into is it really needs higher amp power supply.  The pc i had planned on using for power, wast quite enough. It sort of 1/2 way worked. really frustrating until i figured it out was a power thing.  I had set it up. got ti working, moved it, toast. Rinse repeat a couple of times. 



[#] Sun Feb 07 2021 11:09:23 EST from ParanoidDelusions

Subject: Re: WiFi Bridge

[Reply] [ReplyQuoted] [Headers] [Print]

Ok... so I am understanding what this does right then? It is basically a modern version of what I have - except you have to uplink it to your own switch for it to bridge multiple ethernet devices to your WiFi?

 

Sun Feb 07 2021 10:06:09 EST from Nurb432 Subject: Re: WiFi Bridge

Yes having a built in switch would take this to the next level, even tho its is only 100mb ( more than i need for my use case ). But, i just Velcroed it to the top of a small 5 port switch.    Tested with a netgear 20 port i had in the closet, but i had forgot how noisy those fans were.  So back in the closet it went.

 



[#] Sun Feb 07 2021 11:29:27 EST from Nurb432

Subject: Re: WiFi Bridge

[Reply] [ReplyQuoted] [Headers] [Print]

Yup.

Or it could be use for a single device too of course.  

Sun Feb 07 2021 11:09:23 EST from ParanoidDelusions Subject: Re: WiFi Bridge

Ok... so I am understanding what this does right then? It is basically a modern version of what I have - except you have to uplink it to your own switch for it to bridge multiple ethernet devices to your WiFi?

 

 


[#] Sun Feb 07 2021 18:42:41 EST from IGnatius T Foobar

Subject: Re: WiFi Bridge

[Reply] [ReplyQuoted] [Headers] [Print]

I have considered running some shielded cat5 outside and around the
side of the house, same path/hole that the old coax is in, or even
over the stupid roof .. paint it grey and no one will even notice.


That is unfortunate. I have a low truss roof as well, and even without any ductwork blocking the way, it was a gigantic effort to spelunk to the other side, dragging a piece of Cat5E and a piece of RG6 along with me.

If you have leftover coaxial cable in the house from when it had cable tv, you could also use a pair of MoCA bridges ... but if the coax goes outside then you might as well just run ethernet alongside it. Or maybe a few strands of single-mode fiber to make it truly future proof :)

[#] Mon Feb 08 2021 07:08:04 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

I thought about that, but the cable that goes to the back is fried ( old left over stuff from Comcast ). The coax that is intact, only goes to the roof ( OTA antenna ) so i have to run something, no matter what i do at this point.



[#] Mon Feb 08 2021 08:18:02 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

Forgot to mention, if i did run wire up there, id tie a string to my belt, and crawl with that, not try to lug the wires during the entry.  Then just pull the string and the wires on the other end.

My brother used to run cable for a living and often had no help ( houses, businesses, etc ).  He 'borrowed' one of my RC cars, and a pistol crossbow.   

 

Back when i did that i always had help, which reminds me of the time I re-did an office and was going to mange their hardware too. "i want all this old stuff out of here, we are going VoIP" "are you sure, we can leave it for the future and run our lines beside it, well ok, its gone then". Next day "where are my phone lines, i'm not going to pay you for the work"..    wtf.  "fine, we pull our stuff back out, including the patch panel, switch and server, and we dont want your business.  



[#] Fri Feb 12 2021 09:13:17 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Ok then ... powerline networking? :) Anything but wireless

[#] Fri Feb 12 2021 13:38:10 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

Heh

Fri Feb 12 2021 09:13:17 EST from IGnatius T Foobar
Ok then ... powerline networking? :) Anything but wireless

 



[#] Fri Feb 12 2021 13:46:29 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

Lol, just talked to my brother 5 minutes ago and he wants me to that it at his house for some new security cams hes wanting to install, doesn't want wireless. 

Fri Feb 12 2021 09:13:17 EST from IGnatius T Foobar
Ok then ... powerline networking? :) Anything but wireless

 



[#] Sat Feb 20 2021 22:17:42 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]


Lately I've been doing a lot with IPv6. And it leads me to believe that IPv6 is awesome, and dammit, I want IPv6 everywhere and I want it NOW.

I am using a module called "jool" [http://jool.mx] which is an absolutely fantastic NAT64 gateway for Linux. It can map a /96 IPv6 block to an entire IPv4 network, so you only have to set it up once. For example, if you know that you've mapped dead:beef::/96 to an IPv4 network, and you know that there's a host on that network at 192.168.0.100, then you can reach it at dead:beef::c0a8:0064 (which, you might not know, can actually be written as dead:beef::192.168.0.100, and your operating system *will* understand that).

From the IPv4 network's point of view, all traffic appears to originate from the gateway, just like when you access the IPv4 Internet from behind your home router, all traffic appears to originate from the outside address of the router. And just like that home router, you can map individual ports in the other direction. So if you have a service on the IPv6 network that needs to be reachable from IPv4, you map that service's port, and they connect to it on the gateway, which forwards the connection along to the origin server (again, with the correctly mapped address).

But it gets more fun than that. I mapped a bunch of *different* private IPv4 networks, most of which have overlapping addresses, each to its own /96 block. (And I did it on the same Linux machine by using namespaces, but that's a different topic altogether.) From my point of view on the IPv6 network, the whole thing looks like ONE BIG NETWORK. It is just so amazingly cool.
No "jump boxes", no application gateways, no 1:1 static NAT44 mappings. You map it once and you're done. I can access any address on any IPv4 network as if they were native IPv6.

In the next message I will wax eloquent over some of the reasons this is so cool.

[#] Sat Feb 20 2021 22:51:09 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]


(continued)

One of the private IPv4 networks I experimented with was my home network, which is IPv4 only because Verizon still hasn't upgraded my town to dual stack.
I attached it to my gateway using a Wireguard VPN, and mapped a /96 block to it.

Then I went to a *distant* part of my IPv6 network, and started connecting to individual hosts in my home. Everything just works. I didn't have to worry about address boundaries, I didn't have to worry about conflicting address namespaces, everything is just reachable, no problem at all.

And that, my friends, is what IP was supposed to be all about in the first place. You don't realize how much time is wasted on the effort required to hop from network to network, until you don't have to do it anymore. For those not already aware -- you don't use NAT with IPv6. When a host has an address on an IPv6 network, that address is globally unique.

That means if you know the address of a host, anywhere in the world, and the firewall rules permit access, you can get to it. And it might take a bit before you realize how mind-bogglingly useful that is.

Think about your average "thing" on a private network. You want to be able to get to that "thing" from anywhere in the world. What do you have to do?
Well if you're on a corporate network, your network administrator has to set up a NAT mapping, maybe create some firewall policies, etc. And if you're on a home network, good luck getting that to work because the chances are 99.9% that you're not someone who knows networking, so the manufacturer of the "thing" has probably set up some "cloud service" to act as a connection broker.

But on IPv6? Once you know the address, that address is valid world wide.
You can learn the address while you're on the home network and then it will be valid somewhere else. Yes, you still have to deal with the firewall; there are a bunch of ways to handle that. One might be to simply use UDP, since there's no longer any such thing as "I know my port number, but I don't know what the firewall changed it to". Multiplayer games use this method, but since they're on NAT44 they need help from a central connection broker to help set up the mesh. Not so with IPv6.

This is the way IP was meant to be. With IPv6 there is no NAT and I see it happening. And it's *wonderful*.

[#] Sun Feb 21 2021 10:23:55 EST from darknetuser

[Reply] [ReplyQuoted] [Headers] [Print]

This is the way IP was meant to be. With IPv6 there is no NAT and I

see it happening. And it's *wonderful*.



DO you mean that IP was intended to let your ISP decide how you assign subnetworks in your home LAN? Because that is precisely what you get in ipv6. If your ISP does not set proper prefix delegation and you wanto to segment your network, you are back to NAT boxes and application firewalls, with the inconvenience that many ipv6 applications don t work with those (as opposed to ipv4 applications that do).

Slaac is a half assed solution for configuring LANs by the way. It was designed to configure your network but it is uncapable of transfering the information you need for a serious one, so you end up pulling good old DHCP anyway for that. Total bummer.

Then we have the mess of temporary ipv6 addresses, privacy extensions, and the RFCs for ipv6 firewalls suck cocks. You have to let a lot of traffic through in order to certain ipv6 functions to work at all, but this it not self-evident.

tl;dr I like what ipv6 tries to do, but in the long run it is gonna suck suck suck suck.

[#] Tue Feb 23 2021 13:15:10 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Those aren't problems with IPv6. They're anticipated issues with deployment strategy. Numbering on your internal network is a good example, because that is *exactly* how it originally was with IPv4. You bought service from a provider, and they gave you a block of addresses to use. NAT created the illusion that you could have a permanent addressing scheme using addresses that didn't belong to you.

Personally I believe that mid to large scale IPv6 deployments will end up looking more like IPX than like IPv4. IPX got it right -- you derived an address from the router announcement and your MAC address (which is *exactly* what SLAAC does) and then you announced yourself into the name service. The problem, of course, is that SLAAC only provides network discovery and not service discovery, but that has been addressed in RFC 8106 so maybe that's solved too.

[#] Wed Feb 24 2021 19:42:47 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

NAT also gives you a bit of protection.

One place i worked, wont mention the name this time, had one of the first class As given out. They gave those addresses out to all their workstations AND servers across the entire corporation ( world wide ). And were route-able, *from* the outside...   Once i got there i started waving a red flag "we cant do this just because you can" but was ignored. This was around 92ish so it was windows 3.x and OS/2 days. 

They also wrote their own anti-virus software up at corporate.  I was one of the test subjects to test for regression. i had a box of floppies with various infections.  A RED box, with a lock.  and a dedicated machine, off network ( i removed the network card and taped the thing shut ) to test with.

They were ahead of the curve on workstation and server builds, had their own system where you boot off floppy, choose the machine type, and away it went. That was nice, and a bit ahead of their time. Saved me countess hours of floppies..   I wonder how much time over the decades i have sat and waited while i loaded machines, from stacks of floppies, to CDs/DVDs, then to network images ( ghost, and later clonezilla ) and RIS type automated services via network boot. 

 

 

Tue Feb 23 2021 13:15:10 EST from IGnatius T Foobar
Those aren't problems with IPv6. They're anticipated issues with deployment strategy. Numbering on your internal network is a good example, because that is *exactly* how it originally was with IPv4. You bought service from a provider, and they gave you a block of addresses to use. NAT created the illusion that you could have a permanent addressing scheme using addresses that didn't belong to you.

Personally I believe that mid to large scale IPv6 deployments will end up looking more like IPX than like IPv4. IPX got it right -- you derived an address from the router announcement and your MAC address (which is *exactly* what SLAAC does) and then you announced yourself into the name service. The problem, of course, is that SLAAC only provides network discovery and not service discovery, but that has been addressed in RFC 8106 so maybe that's solved too.

 



[#] Thu Feb 25 2021 04:51:15 EST from darknetuser

[Reply] [ReplyQuoted] [Headers] [Print]


I was thinking, ipv6 is only going to give you the illusion of end-to-end connectivity, since any corporate sysadmin is going to put his network behind a firewall, so the devices will have Internet routable addresses, but won't be reachable from the outside unless then administrator adds a rule for such effect.

Pretty much like we have with ipv4 in big deployments. And in small deployments it makes no difference since either.

[#] Thu Feb 25 2021 09:10:13 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

Home users better do it too, or we cant even imagine the havoc that it will create as every commodity IoT device on the planet gets infected.. 

Thu Feb 25 2021 04:51:15 EST from darknetuser

I was thinking, ipv6 is only going to give you the illusion of end-to-end connectivity, since any corporate sysadmin is going to put his network behind a firewall, so the devices will have Internet routable addresses, but won't be reachable from the outside unless then administrator adds a rule for such effect.

Pretty much like we have with ipv4 in big deployments. And in small deployments it makes no difference since either.

 



[#] Thu Feb 25 2021 14:19:21 EST from ParanoidDelusions

[Reply] [ReplyQuoted] [Headers] [Print]

How many man-hours do you think have been spent rebooting servers and waiting for memory counts, PERC controllers to come up, and system checks to complete, while troubleshooting production downtime issues? 

I got yelled at in Ohio for having a smoke break during a production downtime. 

It takes 20 minutes for a machine to do a complete reboot, including shutdown and restart diagnostics. I can sit there and look at a black screen with white text just sitting there counting down numbers for that 20 minutes if you want, or I can go out and have a cigarette and think about the issue. Either way, you're paying me - but the cigarette is probably going to help me fix your problem faster. 

 

Wed Feb 24 2021 19:42:47 EST from Nurb432

  I wonder how much time over the decades i have sat and waited while i loaded machines, from stacks of floppies, to CDs/DVDs, then to network images ( ghost, and later clonezilla ) and RIS type automated services via network boot. 

 

 

Tue Feb 23 2021 13:15:10 EST from IGnatius T Foobar
 


[#] Fri Feb 26 2021 00:37:30 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

NAT also gives you a bit of protection.

Yes, I get it, and I still am not quite on board with that idea. It's one of those "security through obscurity" things.

When I started out in networking, no one was using NAT because IPv4 addresses were plentiful; a mid size corporation could easily acquire a /16 and put a native address on every computer, even the desktops. I think you're a bit older than me so you probably remember it too. There was no such thing as "hiding" your network topology. If you had a firewall it performed access control, and *only* access control. That's the proper way, and IPv6 will bring us back there.

It may sound unlikely that home users would be able to implement a proper IPv6 firewall, but it wasn't that long ago that we wouldn't have been able to imagine home users setting up routers at all. The residential-grade devices that currently support IPv6 default to the most typical configuration: DHCPv6 client on the WAN side, DHCPv6 server on the LAN side, and the LAN side /64 prefix being learned through Prefix Delegation.

It's not perfect, but it's far better than the mess we have now. We have outgrown IPv4 and it needs to go away.

[#] Fri Feb 26 2021 00:58:38 EST from ParanoidDelusions

[Reply] [ReplyQuoted] [Headers] [Print]

It isn't really security through obscurity. You're not routable - you're not directly reachable, if you're behind NAT.

Your router has to direct traffic to you and from you through it. Now granted, that has to happen for you to get outside, and so you can still be *touched*. But you've got a device in the middle that has to forward that traffic to or from you. 

Unless someone gets inside. Or if there is a backdoor, like a rogue WiFI AP that has weak security. There are vulnerabilities - but NAT does have a built in level of isolation that having a public, routable IP address does not. 

 


Fri Feb 26 2021 00:37:30 EST from IGnatius T Foobar
NAT also gives you a bit of protection.

Yes, I get it, and I still am not quite on board with that idea. It's one of those "security through obscurity" things.

When I started out in networking, no one was using NAT because IPv4 addresses were plentiful; a mid size corporation could easily acquire a /16 and put a native address on every computer, even the desktops. I think you're a bit older than me so you probably remember it too. There was no such thing as "hiding" your network topology. If you had a firewall it performed access control, and *only* access control. That's the proper way, and IPv6 will bring us back there.

It may sound unlikely that home users would be able to implement a proper IPv6 firewall, but it wasn't that long ago that we wouldn't have been able to imagine home users setting up routers at all. The residential-grade devices that currently support IPv6 default to the most typical configuration: DHCPv6 client on the WAN side, DHCPv6 server on the LAN side, and the LAN side /64 prefix being learned through Prefix Delegation.

It's not perfect, but it's far better than the mess we have now. We have outgrown IPv4 and it needs to go away.

 



[#] Fri Feb 26 2021 08:43:39 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

i agree that NAT isn't the end all to be all and just one piece of the puzzle, but i think its a bit more than just obscurity.

 



Go to page: First ... 10 11 12 13 [14] 15 16 17 18 ... Last