2013-02-18T00:12:30 here it comes 2013-02-18T00:14:10 *** LstChld has joined #se2600 2013-02-18T00:14:10 *** ChanServ sets mode: +o LstChld 2013-02-18T00:14:17 sumbit 2013-02-18T00:18:00 *** LastChild has quit IRC (Ping timeout: 276 seconds) 2013-02-18T00:26:09 *** ZeroMinuS|Laptop has quit IRC () 2013-02-18T00:30:24 *** Zero- has quit IRC (Quit: Leaving) 2013-02-18T01:09:58 yawn 2013-02-18T01:49:26 *** LastChild has joined #se2600 2013-02-18T01:49:26 *** ChanServ sets mode: +o LastChild 2013-02-18T01:52:38 *** LstChld has quit IRC (Ping timeout: 244 seconds) 2013-02-18T02:19:16 *** LstChld has joined #se2600 2013-02-18T02:19:16 *** ChanServ sets mode: +o LstChld 2013-02-18T02:22:38 *** LastChild has quit IRC (Ping timeout: 245 seconds) 2013-02-18T03:43:07 I need brain bleach! 2013-02-18T03:43:10 gallons of it 2013-02-18T03:45:46 *** LastChild has joined #se2600 2013-02-18T03:45:46 *** ChanServ sets mode: +o LastChild 2013-02-18T03:49:15 *** LstChld has quit IRC (Ping timeout: 276 seconds) 2013-02-18T04:05:26 *** LstChld has joined #se2600 2013-02-18T04:05:26 *** ChanServ sets mode: +o LstChld 2013-02-18T04:08:03 *** LastChild has quit IRC (Ping timeout: 245 seconds) 2013-02-18T05:36:14 *** LastChild has joined #se2600 2013-02-18T05:36:15 *** ChanServ sets mode: +o LastChild 2013-02-18T05:39:06 *** LstChld has quit IRC (Ping timeout: 276 seconds) 2013-02-18T05:41:12 *** LastChild has quit IRC (Quit: and the monkey flips the switch) 2013-02-18T07:25:21 *** Dolemite has joined #se2600 2013-02-18T07:25:22 *** ChanServ sets mode: +o Dolemite 2013-02-18T07:25:31 I was just talking about you 2013-02-18T07:25:44 mr0ning, be0tches and h0ez! 2013-02-18T07:25:48 In a bad way, I'm sure 2013-02-18T07:26:00 lazy fucker was mentioned I believe 2013-02-18T07:26:14 I can neither confirm nor deny without context 2013-02-18T07:26:26 when you pull make sure you apply the new db changes 2013-02-18T07:26:34 I do 2013-02-18T07:26:47 What are you saying was missed? 2013-02-18T07:27:08 oh I left a form encode out. I also forgot to update teh create.sql 2013-02-18T07:27:12 I need to do that 2013-02-18T07:27:38 was just warning you that I added significant bits in my last few submissions to make sure you got them 2013-02-18T07:28:07 Like what? 2013-02-18T07:28:19 reworked teh tooltips so they are configurable now 2013-02-18T07:28:29 you can pick which fields you want and the order they show in 2013-02-18T07:29:34 Ah, cool 2013-02-18T07:29:48 that was even notlarry tested. so it should be pretty solid 2013-02-18T07:29:50 I have to look over Jose's submitted changes to allow for half slot entries 2013-02-18T07:29:53 you know he can break anything 2013-02-18T07:30:01 I don't know that I like that idea. It will give the admins around here ideas. 2013-02-18T07:30:31 from a brief glance what he sent will work. however... it will have to be picked apart and redone to match the current versions of everythign 2013-02-18T07:30:38 he didn't pull from github and is using old stuff 2013-02-18T07:31:20 There's another UNIX/Linux admin position posted here today, and again it requires a 4 year degree. They need to realize that a lot of admins are opting out of completing college. 2013-02-18T07:31:40 It's like the CIA problem - there are just so many Mormons that you can convince to work in intelligence. 2013-02-18T07:31:44 speaking of.. you get a chance to look at my mess? 2013-02-18T07:32:05 A little. I was busy leveling from 70-77 on Saturday. 2013-02-18T07:32:26 I swear it has gotten so freakin' easy to do 70-80 these days. I think it was easier/faster than 30-60. 2013-02-18T07:32:39 yup 2013-02-18T07:32:58 I'd go into a zone, like Borean Tundra - run around and grab all the quests I could - and before I finished them all, the last 1/3 had turned green. 2013-02-18T07:32:59 and for your sickening fact of the day. my third toon just capped valor for the week. 2013-02-18T07:33:27 So how much gold do you have in your bank? 2013-02-18T07:33:39 currently. 193k 2013-02-18T07:33:53 Ok, so you won't miss 5K so that I can fly fast? :) 2013-02-18T07:34:00 nah. 2013-02-18T07:34:09 That was the expensive one I was trying to remember 2013-02-18T07:34:38 I'm trying to figure out the best way to use my black ox statue as a brewmaster monk 2013-02-18T07:34:48 you haven't played one of those yet, have you? 2013-02-18T07:34:55 nope 2013-02-18T07:34:59 jay would be the one to ask 2013-02-18T07:35:13 I never see him on. He has worse hours than you. 2013-02-18T07:35:50 he popped on long enough to bitch about not seeing the download link on my neworleans gallery. then was gone again 2013-02-18T07:36:29 So I guess in another week I'll finally start looking at Cataclysm content 2013-02-18T07:36:49 Seeing as how I bought that expansion and never really played any of it, other than starting a Goblin toon. 2013-02-18T07:37:07 But I haven't leveled any toon above 80 2013-02-18T07:37:37 I have three 90s and working on a fourth when I get a little motivation. that's been in very limited supply lately 2013-02-18T07:38:12 If they didn't charge such a crazy amount per toon, I'd transfer them over to Mal'Ganis. They should let you transfer several at once as long as they have the same source and destination, but nope, charge per toon. 2013-02-18T07:42:20 You go to Zanies occasionally... did you know Brian Kiley? 2013-02-18T07:42:33 don't think so 2013-02-18T07:42:39 http://www.wsmv.com/story/21230881/nashville-comedian-killed-in-nc-crash 2013-02-18T07:42:40 Title: Nashville comedian killed in North Carolina crash - WSMV Channel 4 (at www.wsmv.com) 2013-02-18T07:42:59 nope. 2013-02-18T07:51:56 what's your supply of brain bleach looking like, dolemite? 2013-02-18T07:52:11 I don't keep any at work, for obvious reasons 2013-02-18T07:52:14 http://www.facebook.com/photo.php?fbid=10102534281276869&set=a.927812299619.2651258.6803277&type=1 2013-02-18T07:52:16 Title: Photo (at www.facebook.com) 2013-02-18T07:53:04 LOL 2013-02-18T07:53:16 try and get that though out of your head 2013-02-18T07:53:17 It took me a second to figure out the NotN reference - should have been KotN 2013-02-18T07:53:48 I keep hoping they'll let Virgil psych out Ivan by showing some of his more eclectic pictures 2013-02-18T07:54:13 alice in wonderland: the musical furry porn 2013-02-18T07:59:25 Virgil never has responded to my friend request from months ago. I guess he's too popular now. :( 2013-02-18T08:02:55 I think he's just waiting for you to get that resume straightened out 2013-02-18T08:03:10 Uh huh 2013-02-18T08:04:39 First, you need to swap your titles with the companies. You list where you were, then what position(s) you had. I'll reformat and send you what I mean. But we also have to put some words in there that will keep someone awake. 2013-02-18T08:05:54 We are supposedly getting some Jr. UNIX Admin positions opening up in the relatively near future, by the way. 2013-02-18T08:11:18 *** CNwaV has joined #se2600 2013-02-18T08:13:21 wilpig: What's the total host / service count on Nagios as of today? 2013-02-18T08:15:15 sec 2013-02-18T08:16:29 # Active Host / Service Checks: 595/2316 2013-02-18T08:17:18 wilpig, Dagmar : http://smurfturf.co/2013/02/18/north-carolinas-battle-for-eight-46-l8-portals/ 2013-02-18T08:17:25 What other apps have they had you writing web interfaces for? 2013-02-18T08:17:41 replaced the scanning logbook 2013-02-18T08:17:45 the dashboard 2013-02-18T08:17:58 minor updates to the change mgmt system 2013-02-18T08:18:25 obviously the inventory 2013-02-18T08:18:56 cobbled together a page to display all the security cameras too 2013-02-18T08:22:31 wilpig, Dagmar : http://www.reddit.com/r/Ingress/comments/18okcv/i_think_i_need_one_of_these_for_my_car_fixed/ 2013-02-18T08:22:34 Title: I think I need one of these for my car [FIXED] : Ingress (at www.reddit.com) 2013-02-18T08:25:19 ok, check your email 2013-02-18T08:25:27 And tell Virgil he can friend me now 2013-02-18T08:27:53 saw and will do 2013-02-18T08:30:36 The changes make sense? 2013-02-18T08:30:59 Never mind, you're trying to escape from work 2013-02-18T08:31:02 haven't looked yet. 2013-02-18T08:31:17 You can look when you get home 2013-02-18T08:31:17 I was off last night. i'm home with no pants on 2013-02-18T08:31:22 I'm just talking to lo at the moment 2013-02-18T08:31:35 Oh dammit, I was about to tell you not to inform us of the state of your undress 2013-02-18T08:31:55 I am wearing socks though. 2013-02-18T08:31:58 only socks 2013-02-18T08:32:11 *foot mittens 2013-02-18T08:32:55 So he's video sexing with his lady friend while his peener's shriveled up from the cold, but his toes are warm 2013-02-18T08:34:17 if that' what you want to picture 2013-02-18T08:34:47 wanna take a guess as to who didn't apply the database updates this morning? 2013-02-18T08:35:50 Dagmar 2013-02-18T08:36:16 got someone running bleeding edge opendcim but doesn't see that i've put out database updates 2013-02-18T08:44:20 *** v4mp has joined #se2600 2013-02-18T08:48:36 Jose? 2013-02-18T08:49:08 andrew 2013-02-18T08:49:23 Ah, yes, I see the chatter 2013-02-18T08:59:33 pig go sleep now. night 2013-02-18T09:39:35 *** Genphlux has joined #se2600 2013-02-18T10:20:25 mr0nin 2013-02-18T10:33:35 Buenos dias, Senor Nacho 2013-02-18T10:35:16 how goes big pimpin? 2013-02-18T10:36:51 Busy as can be 2013-02-18T10:37:15 that sounds like a good thing, maybe 2013-02-18T10:37:48 *** its_jeremy_ has joined #se2600 2013-02-18T10:38:03 I'm overly busy, ans as such have no desire/attention span for the crap I'm suppoed to do; hence IRC 2013-02-18T10:38:19 Yeah, we have a bunch of shuffling of stuff going on to make way for 40 cabinets of super duper disk storage, and a new supercomputer. 2013-02-18T10:38:40 shiny! 2013-02-18T10:39:01 And we're moving all 5 of our SL8500 tape silos. That's about 35,000 tapes. 2013-02-18T10:39:11 damn 2013-02-18T10:39:23 bah, meeting time 2013-02-18T10:39:30 later pimp tater 2013-02-18T10:53:26 *** x86Daddy has joined #se2600 2013-02-18T11:28:15 *** v4mp has quit IRC () 2013-02-18T11:42:11 Hopefully someone acutally understands how the tape libraries work 2013-02-18T11:51:11 Jesus fucking christ 2013-02-18T11:51:39 Outlook now makes you watch a moterfucking VIDEO in order to tell you where they hid the motherfucking signatures settings 2013-02-18T11:53:27 last job i was at had a 8 page .docx about signatures 2013-02-18T11:53:42 how to change them, what could be in them, allowed verbage, font colors, etc 2013-02-18T11:54:54 you guys ever used authpf? 2013-02-18T11:55:10 wazzat? 2013-02-18T11:55:57 Get this... Apparently one of my people from another channel is getting notifications from Facebook that someone's trying to crack his account from a 10.0.0.0/8 address. 2013-02-18T11:56:27 His account is locked, and the website is definitely giving him that address so it's not a spoofed mail 2013-02-18T11:56:29 authpf, it generates dynamic pf rules in freebsd when a user logs into ssh with authpf as the shell 2013-02-18T11:56:30 the DDoS is INSIDE the subnet! 2013-02-18T11:57:10 i don't use bsd 2013-02-18T11:57:14 brimstone: I find it absolutely hilarious that they're letting slip they have an internal problem 2013-02-18T11:57:33 why would facebook say "hey, this ip is crackin' your account" ? 2013-02-18T11:57:41 that's the part that doesn't make sense 2013-02-18T11:57:52 Sometimes it's people close to you. Hint hint. 2013-02-18T11:57:56 maybe "X tried to get into your account Y times and failed" 2013-02-18T11:58:00 Usually it's people close to you, actually. 2013-02-18T11:58:22 Unless you use shitty passwords 2013-02-18T11:59:31 They also like to make shit up 2013-02-18T12:00:16 Several times a month I used to get them trying to push me through extra dialogs in order to ask for my phone number again, with the site claiming I made a "slight misspelling" of my login. 2013-02-18T12:00:35 im sure this is old, but epic non the less and the first time i've seen it 2013-02-18T12:00:36 Considering that I'm using browser auto-complete there, there's no way to fucking misspell anything. 2013-02-18T12:00:39 traceroute -m 66 216.81.59.173 2013-02-18T12:00:48 Synx|hm_: Only about a week old 2013-02-18T12:01:17 Spoofing traceroute replies in general... very old 2013-02-18T12:01:58 Hell the day I learned I could match an iptables rule on a TTL value, I started making it look like my traffic was all mysteriously being routed through DC. 2013-02-18T12:04:08 how so, modifying ttl outbound? 2013-02-18T12:05:04 well shit 2013-02-18T12:05:39 broke some route on my pfsense router, well kinda its routing its own traffice over my vpn, but my local lan traffic over my normal isp gateway 2013-02-18T12:14:41 *** x86Daddy has quit IRC (Ping timeout: 252 seconds) 2013-02-18T12:27:15 *** Synx|hm_ is now known as Synx|hm 2013-02-18T12:27:29 i do not understand this routing table in my router 2013-02-18T12:27:54 0.0.0.0/1 VPN 2013-02-18T12:28:02 default ISP Gateway 2013-02-18T12:28:21 so when i do a traceroute i get sent out the VPN even though my default is my isp gateway 2013-02-18T12:31:06 *** Feltenix has quit IRC (*.net *.split) 2013-02-18T12:31:07 *** peacebyfire has quit IRC (*.net *.split) 2013-02-18T12:36:11 *** Feltenix has joined #se2600 2013-02-18T12:36:11 *** peacebyfire has joined #se2600 2013-02-18T12:36:11 *** wright.freenode.net sets mode: +o Feltenix 2013-02-18T12:37:46 *sigh* 2013-02-18T12:37:50 How can you even say that? 2013-02-18T12:38:06 i duno 2013-02-18T12:38:11 im dumb i guess 2013-02-18T12:38:35 I mean, the VPN mask is probably wrong, but it's going to match LOTS of things... most traffic actually. 2013-02-18T12:38:45 no i do understand that 2013-02-18T12:38:52 its saying route everything over that gateway 2013-02-18T12:39:06 what im confused about is the use of 0.0.0.0/1 mask vs default 2013-02-18T12:39:18 i guess default for anything that doesn't match a mask 2013-02-18T12:39:29 and because 0.0.0.0/1 matches all never use default 2013-02-18T12:39:33 Someone was too lazy to consider that they were ignoring the concept of route metrics 2013-02-18T12:39:53 Doens't match all tho 2013-02-18T12:40:21 Basically it'll match any address where the first bit of the first octet is zero. 2013-02-18T12:40:38 ...so, it won't match localhost at least. 2013-02-18T12:40:54 got ya 2013-02-18T12:41:16 by some pf magic my lan is still routing out my isp gateway 2013-02-18T12:41:36 need to figure out why this vpn client is forcing that gateway 2013-02-18T12:41:46 Someone probably set it wrong 2013-02-18T12:42:18 Most VPN connections rather sensibly deploy a new network mask to route the appropriate traffic through them. 2013-02-18T12:42:30 That having been said, 0.0.0.0/1 is a fairly mad choice. 2013-02-18T12:43:33 i assume its trying to get me to route all traffic over the tunnel, and that is not what i want to do ;) 2013-02-18T12:43:35 ...unless it can _really_ be said that things in netblocks 128.0.0.0 and higher are outside your VPN's purview 2013-02-18T12:44:05 p 2013-02-18T12:45:09 the /1 means the most significant bit in the first octet right? 2013-02-18T12:45:24 10000.0000.0000.0000 ? 2013-02-18T12:45:47 5 bit octets!? 2013-02-18T12:45:47 err missing a few zeros there 2013-02-18T12:45:50 ya haha 2013-02-18T12:45:52 sorry 2013-02-18T12:45:56 Synx: yes 2013-02-18T12:46:01 you get the point haha 2013-02-18T12:46:02 what is this world coming to!? 2013-02-18T12:47:36 Dagmar: wait so if i traceroute 8.8.8.8 shouldn't i goto my default instead of the vpn? 2013-02-18T12:47:37 That mask basically means the first octet has to be below 127. 2013-02-18T12:48:05 Synx: What is the result of 8 AND 127? 2013-02-18T12:48:13 is that inclusive or exclusive 2013-02-18T12:48:20 er 126 actually. 2013-02-18T12:48:47 Lemme put it in globmatch form for hte binary.... 0???????.????????.????????.???????? 2013-02-18T12:49:27 0.0.0.0/1 means that basically only the very first bit matters, and for it to match that rule, the bit in question must be zero. 2013-02-18T12:49:31 duh, i was thinking 1???????.?.?./ 2013-02-18T12:49:53 It's early and I've only had about 100mg of caffiene yet 2013-02-18T12:50:21 ok so... 8.8.8.8 should route over the vpn, but 127.whatever should goto my default gateway 2013-02-18T12:51:04 I should hope not 2013-02-18T12:51:23 Routes are evaluated in order of most specific netmask first 2013-02-18T12:51:30 i.e., the highest number after the slash 2013-02-18T12:51:50 If you don't have one for 127.0.0.0/8 going to lo, you may have other problems 2013-02-18T12:52:23 err 128 and above? 2013-02-18T12:52:50 Synx: Yeah, and _that_ doesn't make much sense 2013-02-18T12:53:04 It's possible, but highly unlikely that it's correct 2013-02-18T12:53:23 but that isn't happening well let me check the rest of the table and find an ip that should follow that rule 2013-02-18T12:54:33 oh those fuckers put in a 128.0.0.0/1 VPN route too 2013-02-18T12:54:34 haha 2013-02-18T12:56:15 Soo... they don't quite understand routing then I suppose 2013-02-18T12:56:26 They're trying to step gingerly _around_ the localhost netmask 2013-02-18T12:56:28 well they is openvpn 2013-02-18T12:56:58 They should be able to use 0.0.0.0/0 and just replace the default route if your goal is mandatory VPN routing 2013-02-18T12:57:42 ya either way i need to figure out how to turn off this action, i do NOT want my default bypassed, i have firewall rules in place to route the traffic i want over the vpn 2013-02-18T12:57:56 Dagmar: this actually leads me to another routing issue i need to solve... 2013-02-18T12:57:59 Eek. Don't use firewall rules for routing 2013-02-18T12:58:12 If you're doing that it's probably not helping 2013-02-18T12:58:36 eh, so i should be doing static routes? what about NAT 2013-02-18T12:58:46 NAT is not routing. 2013-02-18T12:58:48 i need to nat the traffic before it hits the VPN server 2013-02-18T12:59:09 Are you using BSD or Linux? 2013-02-18T12:59:20 fpsense, its freebsd stripped down a bit 2013-02-18T12:59:28 damn it s/fpsense/pfsense 2013-02-18T13:00:26 basically, i've created a vlan setup to tunnel all traffic over the vpn 2013-02-18T13:00:45 it works fine right now actually, just that from the router console all traffic hits the vpn 2013-02-18T13:00:55 Well, under Linux this is the reason NAT rules are applied in the POSTROUTING chain 2013-02-18T13:01:14 ...at least when remapping the source addresses. 2013-02-18T13:01:24 i was wondering about that 2013-02-18T13:02:19 so what would you suggest as the best way to accomplish this 2013-02-18T13:02:23 If you're looking to route traffic for just specific hosts and/or networks to the VPN, you just add routes for those hosts/networks to the VPN and you're done. 2013-02-18T13:02:35 If you're looking for mandatory VPN, you change your default route to that. 2013-02-18T13:03:04 Local networks (which will have narrower routing masks) will still route normally, because they won't get that far down in the routing table. 2013-02-18T13:03:10 ya thats what i've done basically, the freebsd pfrules do NAT first then setup a route for the new address to hit the vpn 2013-02-18T13:03:43 only problem is the stupid openvpn client keeps adding the 0.0.0.0 2013-02-18T13:04:19 actually 2013-02-18T13:04:29 routes can be bound to interfaces correct? 2013-02-18T13:04:40 That means you've configured it for mandatory VPN routing. 2013-02-18T13:04:49 Yes, routes actually *are* bound to interfaces. 2013-02-18T13:04:56 Otherwise they're not doing much. 2013-02-18T13:05:00 That's pretty much their only job\ 2013-02-18T13:05:09 Dagmar: im guessing, using openvpn-as its silly to configure 2013-02-18T13:05:51 so actually i think all should be well however, from the pfsense console traffic is being generated on the vpn interface and not the normal lan or wan interfaces 2013-02-18T13:07:43 thanks explaining this simple stuff to me Dagmar its really helpful 2013-02-18T13:08:09 Well, OpenVPN just cockblocked the default route. Of *course* traffic's going to go over the VPN interface. 2013-02-18T13:09:20 ack 2013-02-18T13:09:38 ok ok let me get this right then 2013-02-18T13:10:59 heres how i think this works... 2013-02-18T13:11:00 *** K4k has joined #se2600 2013-02-18T13:11:00 *** K4k has joined #se2600 2013-02-18T13:11:06 this are the important routes in place 2013-02-18T13:11:19 Dest Gateway 2013-02-18T13:11:28 0.0.0.0/1 VPN GW 2013-02-18T13:11:39 128.0.0.0/1 VPN GW 2013-02-18T13:11:48 MY pub IP ISP GW 2013-02-18T13:12:07 so all lan traffic gets nat'd and because of that it has the public ip when it hits the route table? 2013-02-18T13:12:43 The VPN still needs to be able to reach out to the world, so you're going to need one remaining route that actually goes out through the route to your ISP 2013-02-18T13:13:02 Usually a static host route for the remote VPN host 2013-02-18T13:13:07 well that happens on the vpn server right 2013-02-18T13:13:17 Umm... no 2013-02-18T13:13:41 oh i think i see that hang on 2013-02-18T13:13:44 Your VPN'd traffic gets bundled up inside of other packets which must now make their way out through the VPN interface 2013-02-18T13:14:27 ...which means the machine still needs to be able to route traffic going _through_ (not from) the VPN interface to the remote VPN reciever 2013-02-18T13:15:11 Tha part should be pretty simple tho as it's going to be a static route attached to your ISPs interface witha /32 mask 2013-02-18T13:15:34 doesn't openvpn setup routes for you automatically? 2013-02-18T13:15:44 yes its doing this on its own 2013-02-18T13:15:50 It sort of has to or it's useless 2013-02-18T13:15:52 Dagmar: so i think i had that wrong 2013-02-18T13:16:05 the one that said MY pub IP was actually my VPN server IP 2013-02-18T13:16:12 Ahh 2013-02-18T13:17:58 fuck why is this so confusing 2013-02-18T13:18:43 Becausde routing is too simple to be easy 2013-02-18T13:19:13 haha 2013-02-18T13:19:58 so does that openvpn interface encrypt the traffic then dump it back into the routing table with a new destination of the VPN server? 2013-02-18T13:20:26 Basically, it engages in normal IP-based communication with the remote VPN reciever 2013-02-18T13:20:47 It just _wraps all the traffic it gets_ into envelopes 2013-02-18T13:21:03 ...then sends them over the encrypted-IP tunnel. 2013-02-18T13:21:37 The confusing bit is that you're probably still thinking about this as if the VPN tunnel were on the same "level" as all the other traffic--it's not. 2013-02-18T13:22:04 It's inside the VPN-tunnel, which for all intents and purposes is just another flow of IP traffic from your machine to a particular remote server. 2013-02-18T13:22:38 ok 2013-02-18T13:22:57 The VPN interface just exists in order to direct the packets into the userspace VPN code, instead of the kernelspace NIC driver 2013-02-18T13:23:16 got ya, i think thats where i was confused like you said 2013-02-18T13:23:24 i was thinking of it like a physical nic 2013-02-18T13:23:55 Yeah, the desynch is actually that people think it's more complex than it is. 2013-02-18T13:24:52 haha 2013-02-18T13:25:19 oh man i grill up some chicken last night that i marinated for 1 and a half days in a soy baised huli huli sauce so f'ing good 2013-02-18T13:26:09 http://i.imgur.com/7tnLBoH.jpg 2013-02-18T13:27:12 Dagmar: ok so heres the next question 2013-02-18T13:27:51 i've got an ubuntu server that resides on both my LAN and the VPNTUNNEL_VLAN they both obviously have a way to the internet 2013-02-18T13:29:17 id like to 'bind' some traffic to the vpn 2013-02-18T13:29:32 but i the ip address space i want to send out the vpn is dynamic 2013-02-18T13:32:33 So that would be a nat rule 2013-02-18T13:32:42 Well, dnat in this case 2013-02-18T13:36:27 damn it i cant keep tracking of what port on this switch is what vlan i need to tape a diagram to it when i get this all setup 2013-02-18T13:40:24 ok finally got that part fixed, added route-nopull to the openvpn client config 2013-02-18T13:41:17 OKay. THAT's a problem 2013-02-18T13:41:30 Until you can do this shit in your sleep, _always_ diagram your network changes. 2013-02-18T13:42:07 It's like pulling some complex Lego creation apart without a detailed buildmap until you can do it in your sleep 2013-02-18T13:42:13 well i dont have it set how i want it yet, i just keeping haveing to get on my managment_vlan to config the switch ports to different vlans to test with my laptop 2013-02-18T13:42:55 ya its a mess right now, i've got a new LAN_VLAN and some computers are on that and i've got a rando port here or there on the old untagged LAN so my file servers are still accessable until i get this all migrated over 2013-02-18T13:44:45 ok think ill fix this dual nic lan/vpntunnel_vlan routing issue, then get working on authpf for pfsense 2013-02-18T13:53:49 Dagmar: ok so about this dual nic on different subnets that both have access to the internet thing... 2013-02-18T13:54:01 you got a few more min to explain this to me? 2013-02-18T13:54:12 Two nics on two different subnets 2013-02-18T13:54:35 i understand how i can ping on each subnet because of the routing table 2013-02-18T13:54:47 but there can be only one gateway for all else 2013-02-18T13:54:58 Yes, you get to pick one 2013-02-18T13:55:30 Unless you want to install something like OSPF of BGP, one interface must be the dominant/preferred one 2013-02-18T13:56:05 If you've got two interfaces in the same broadcast domain, traffic will return via whichever one answers ARP first 2013-02-18T13:56:20 hrm 2013-02-18T13:56:32 thats what i was doing before 2013-02-18T13:56:37 they were on the same subnet 2013-02-18T13:56:44 now they are separated 2013-02-18T13:58:15 so what happens when i 'bind' the app to an IP (interface) and try to get to the internet, do i send out a packet on the LAN with an IP address of the other VLAN? 2013-02-18T14:04:23 Depends on your routing table 2013-02-18T14:04:37 The routing table controls which interface the traffic goes to. 2013-02-18T14:04:50 i think this explains what i want to do 2013-02-18T14:04:53 http://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/ 2013-02-18T14:05:03 I should hope not 2013-02-18T14:05:16 99% of the time anything with that title means the user is insane 2013-02-18T14:05:32 Almost by definition you can not have _multiple_ default routes 2013-02-18T14:06:26 ya and some of the explination in there doesn't make any sense 2013-02-18T14:06:40 That's because the user is insane 2013-02-18T14:06:56 in that ping example you should never hit the gateway, thats the point of the 192.168.7.0/24 route 2013-02-18T14:07:19 Automatic interface selection allows for the behaviour he doesn't like _unless you turn it off_ 2013-02-18T14:07:23 https://www.google.com/search?q=linux+arp+hidden 2013-02-18T14:07:24 Title: linux arp hidden - Google Search (at www.google.com) 2013-02-18T14:08:30 ok so heres my current routing table with DHCP on both eth0 and eth1 2013-02-18T14:08:32 Kernel IP routing table 2013-02-18T14:08:32 Destination Gateway Genmask Flags MSS Window irtt Iface 2013-02-18T14:08:32 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 2013-02-18T14:08:32 10.96.60.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 2013-02-18T14:08:35 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 2013-02-18T14:08:53 192.x is my LAN and 10.96.x is my VPN VLAN 2013-02-18T14:09:04 So you're getting a default route set by both dhcp client invocations 2013-02-18T14:09:12 they both have internet, and i need to route to internet on this ubuntu box over both interfaces depending on application 2013-02-18T14:09:16 Pick one to keep doing it, disable it on the other 2013-02-18T14:09:32 ya i turned off the default route from the VPN VLAN dhcp server 2013-02-18T14:09:35 You can't really do it based on the application 2013-02-18T14:09:50 ...or rather, you can, but it would be nightmarishly more complex than you'd believe. 2013-02-18T14:10:01 thats the problem, i need bittorrent traffic to go over the VPN and everything else out the LAN 2013-02-18T14:10:19 You can do it more or less "correctly" by having the application in question bind to a specific interface via the IP it binds to 2013-02-18T14:10:29 You can *not* let them use source auto-selection of 0.0.0.0 2013-02-18T14:11:02 So have the BT app bind to the local VPN interface like it's supposed to 2013-02-18T14:11:10 ok, i've done that 2013-02-18T14:12:48 but it cant access the intarwebs over the vpn because there is no gateway? 2013-02-18T14:14:38 That's because you can't do that 2013-02-18T14:14:54 You can't separate them at a per-application level without a big mess 2013-02-18T14:15:29 You need the BT app to bind to the right interface as well as address it's shit through the interface. Set up a rinkydink connection proxy on the other end 2013-02-18T14:15:29 that page i linked to, the guy is creating two different routing tables that get used in different cases 2013-02-18T14:15:48 No, he's setting routing policies 2013-02-18T14:17:00 shouldn't that do what i want though? 2013-02-18T14:17:27 It could if you were using Linux 2013-02-18T14:17:29 *** Dolemite has quit IRC (Quit: Page closed) 2013-02-18T14:17:52 im using rtorrent it only has the option to bind to an IP, i have no idea how it interacts with the IP stack to either generate on the interface or just with that ip 2013-02-18T14:18:09 Dagmar: oh shit... ya so what i was talking about before was on my router... now im talking about an ubuntu server 2013-02-18T14:18:10 You can't tell it "use my crappy SOCKS proxy at x.x.x.x 2013-02-18T14:18:11 " 2013-02-18T14:18:23 oh i guess i could do that 2013-02-18T14:18:28 That would be simpler than deploying policies 2013-02-18T14:18:59 ill have to deploy another VM for the proxy? 2013-02-18T14:19:13 You can probably get by without it binding to the VPN interface so long as the only correct interface to the remote proxy is through the VPN 2013-02-18T14:19:21 What? No 2013-02-18T14:19:32 connection proxies are freakin simple 2013-02-18T14:20:05 but am i going to run into the same damn problem if this proxy is on this box with the same two nics and routing issues 2013-02-18T14:20:13 If the traffic were just HTTP you could even use Apache 2013-02-18T14:20:35 The proxy would be run on the _other_ end 2013-02-18T14:20:48 i..e., the BT traffic would need to go through the encrypted tunnel to get to it 2013-02-18T14:21:05 oh and add a static route to the proxy 2013-02-18T14:21:27 Not unless you want the traffic coming out from some third host 2013-02-18T14:22:15 id still have to add a route, my vpn vlan is not on the same subnet as the vpn client 2013-02-18T14:23:01 im doing vpn server ----> vpn client (single IP not site to site tunne) ----> NAT ----> different vpn-vlan subnet 2013-02-18T14:23:17 tought i guess that might work too 2013-02-18T14:23:53 ill give that a try first and see if that works 2013-02-18T14:23:55 You need to fall back and punt 2013-02-18T14:24:13 "single IP not site to site tunnel" <-- this is basically word salad 2013-02-18T14:24:42 Study your seven layer cake 2013-02-18T14:24:56 ya im not sure how to describe it in proper speak, im sure im just confused 2013-02-18T14:25:42 so what you are saying is i should probably be spending my day off watching network+/ccent videos instead of hacking my way though a terrible network ill have to fix when i learn what the fuck im doing 2013-02-18T14:27:21 Nah 2013-02-18T14:27:27 Those are probably too high level 2013-02-18T14:27:30 app-presentation-session-transport-network-data-physical i get that right? 2013-02-18T14:27:38 ...as in operate at layers above the three we're working in 2013-02-18T14:28:42 The difference between the type of VPN you're doing and the type I'm guessing you htink is a "site to site" VPN is that in your case, your machine _just isn't acting as a router_ 2013-02-18T14:28:56 Boxes really don't give a fuck where the traffic came from 2013-02-18T14:29:04 Locally generated, remotely generated, they do not care. 2013-02-18T14:29:34 If they're supposed to be acting as a router, traffic will be allowed to come in and cross interfaces to go back out if it wasn't destined for that specific machine 2013-02-18T14:29:38 so what im going to try is establish the vpn link, and dole out dhcp addresses in the same subnet on my vlan 2013-02-18T14:30:00 If they're not supposed to be acting as a router, traffic not destined for them gets dropped when it comes into an interface it's not supposed to 2013-02-18T14:30:40 One of the first things a box does is look at the destination IP address on all incoming packets 2013-02-18T14:31:29 *** x86Daddy has joined #se2600 2013-02-18T14:31:29 If it doesn't match an interface on that machine, it's then checks to see if it's supposed to be a router. If it's not supposed to be a router and the traffic isn't meant for it, the traffic gets aimed at the circular file 2013-02-18T14:32:03 After that point it doesn't care where the traffic came from anymore unless there's some filtering/firewall rules in place 2013-02-18T14:32:52 All it cares about is doing the simple routing calculation and delivering the packet to the appropriate process (if the traffic was destined for it) or getting it on the proper interface and back out the door. 2013-02-18T14:33:26 Locally-generated traffic and remotely-generated traffic are handled identically from that point onwards 2013-02-18T14:33:46 This is one of the ways in which it's less complex than people think. 2013-02-18T14:34:37 ok so heres a rando question then to make sure i understand this 2013-02-18T14:34:44 *** x86Daddy has quit IRC (Client Quit) 2013-02-18T14:34:54 *** x86Daddy has joined #se2600 2013-02-18T14:35:35 if i ping a computer on my subnet, my routing table simply says to hit the interface without use of a gateway and my switch then figure out on what port the device resides that im trying to icmp request and sends it there based on its local ARP table 2013-02-18T14:36:08 if however i try and access a subnet that i am not physically aware of thats where my routing table says, hey use this gateway, so it hits my router which figures out what to do from there 2013-02-18T14:37:35 from my 'edge router' (cable modem in my case) i go out to the isp that is using BGP or something similiar to map subnets and what router to use from there? 2013-02-18T14:38:35 Okay... Stop two lines ago. 2013-02-18T14:38:41 forget about "the use of a gateway" 2013-02-18T14:38:52 You're putting the cart before the horse thinking about it like that 2013-02-18T14:39:12 Whether or not there is a gateway involved only comes into play AFTER the interface is seleted 2013-02-18T14:39:16 er selected 2013-02-18T14:39:40 This is where ARP comes out to play 2013-02-18T14:39:57 If the gateway for a route was 2013-02-18T14:40:25 If the gateway for a route was "0.0.0.0" it basically means the system should holler on that interface "WHO HAS THIS IP ADDRESS, BISHES?" 2013-02-18T14:40:47 "THIS IP ADDRESS" being hte destination IP. 2013-02-18T14:41:15 When/if it gets a response, it will give the packet to _that_ host, unless there was an answer already in the ARP cache 2013-02-18T14:41:51 If there is a gateway specified, it will holler on that interface "WHICH OF YOU BISHES IS THIS IP ADDRESS?" 2013-02-18T14:42:00 "THIS IP ADDRESS" being the gateway 2013-02-18T14:42:58 ...so if there's a gateway specified, that traffic will be delivered to the gateway machine using the layer _below_ IP (i.e., ARP) instead of the ultimate destination 2013-02-18T14:46:13 You make things hard for yourself when you conflate IP and ARP routing 2013-02-18T14:46:30 It's the upper layers of the seven-layer cake that get foggy 2013-02-18T14:46:38 The lower ones are harshly distinct from one another 2013-02-18T14:51:28 ahh 2013-02-18T14:52:29 layer 2 being arp? and 3 being ip? 2013-02-18T14:56:38 *** ZombieChicken has quit IRC (Ping timeout: 252 seconds) 2013-02-18T15:17:24 Yeah 2013-02-18T15:17:43 ARP dictates which other NIC it sends something to 2013-02-18T15:18:55 If there is no gateway specified for the route, ARP looks for the destination host. If there *is* a gateway specified, ARP looks for the gateway host and gives the packet to it to deal with. 2013-02-18T15:19:06 k 2013-02-18T15:52:17 Dagmar: i dont think a proxy is going to work for me 2013-02-18T15:52:31 if i use a socks proxy ill lose incomming connections no? 2013-02-18T16:48:57 *** ZeroMinuS has quit IRC (Quit: Leaving) 2013-02-18T16:51:15 *** K4k has quit IRC (Quit: WeeChat 0.4.0) 2013-02-18T17:04:45 fuck it, added routing policy via iproute2 and different gateways for each interface 2013-02-18T17:04:54 works fine now 2013-02-18T17:05:59 now to setup authpf on pfsense 2013-02-18T17:18:50 *** x86Daddy1 has joined #se2600 2013-02-18T17:18:52 *** x86Daddy has quit IRC (Read error: Connection reset by peer) 2013-02-18T17:20:51 *** CNwaV has quit IRC (Ping timeout: 248 seconds) 2013-02-18T17:59:43 *** CNwaV has joined #se2600 2013-02-18T18:05:59 *** ZeroMinuS has joined #se2600 2013-02-18T18:23:28 *** Genphlux has quit IRC (Quit: Leaving) 2013-02-18T18:48:04 *** x86Daddy1 has quit IRC (Ping timeout: 252 seconds) 2013-02-18T19:34:54 *** NotLarry has quit IRC (Read error: Operation timed out) 2013-02-18T19:44:43 *** CNwaV has quit IRC (Ping timeout: 245 seconds) 2013-02-18T20:01:41 *** ZeroMinuS has quit IRC (Ping timeout: 245 seconds) 2013-02-18T20:15:10 Well, ICANN clearly has no problems hiring people too fucking lazy to do anything but send back form letters. 2013-02-18T20:16:47 yup 2013-02-18T20:17:02 Your turn to reinforce peabody 2013-02-18T20:17:11 I did 2013-02-18T20:17:16 No more mercy for the blues. 2013-02-18T20:17:24 well I hit a few on my way in. i'll run around later and upgrade 2013-02-18T20:17:29 If you want to blow up that cemetery tomorrow, I will applaud. 2013-02-18T20:17:29 well upgrade the rest 2013-02-18T20:17:45 I gotta get more supplies. I haven't farmed since coming home 2013-02-18T20:17:48 They were pretty furious when I did it on Saturday 2013-02-18T20:17:52 I should get a good bit tonihgt 2013-02-18T20:18:07 I went by there on my way in and hacked everything and took back a few that they didn't bother to do shit to 2013-02-18T20:18:11 Cool. I've finally dipped below fucking 300 L6 bursters 2013-02-18T20:18:59 oh no. http://www.explosm.net/comics/3082/ 2013-02-18T20:19:01 Title: Cyanide & Happiness #3082 - Explosm.net (at www.explosm.net) 2013-02-18T20:19:48 youtube.... fuck you! give me back my entire video preloading. you assholes 2013-02-18T20:20:56 I'm hoping someone will take me up on my suggestion tomorrow night at the Ingress meetup 2013-02-18T20:21:10 I talked to bandy last night about going 2013-02-18T20:21:11 ...and take a recyleable glass bottle for Michaudba to put his tears in 2013-02-18T20:21:21 he was thinking about it but has plans now. I will be here at work 2013-02-18T20:21:53 if michaudba were this clue averse all his life he'd be needing someone to tie his shoes for him 2013-02-18T20:23:32 wilpig: That means he probably won't be able to attempt recharging the portals around the peppermint 2013-02-18T20:23:38 * Dagmar rubs his hands together 2013-02-18T20:23:47 he's off tonight 2013-02-18T20:23:57 if you wanna blow up that side of campus he won't even touch it 2013-02-18T20:24:14 I seriously thought about it but I'm really trying to get this ankle fixed up 2013-02-18T20:24:21 if you hit the church down off nolensville close to midori / walmart / lowes / etc he'll come running 2013-02-18T20:24:39 Well, I don't have any particular beef with him so I'm not going to go out of my way to piss him off 2013-02-18T20:24:43 he lives two blocks from there. that was him recharging it not jubil last night 2013-02-18T20:24:54 He's just sitting on the only remaining non-crap level portals in Nashville 2013-02-18T20:25:06 he hit me up about going to get a drink when he realized I was there messing with em 2013-02-18T20:25:29 Yeah he got a little shrill with me but didn't get apeshit stupid like michaudba 2013-02-18T20:25:54 I mean I *could* have just been a dick and told them they don't control anything of merit becuase they're _lazy_ 2013-02-18T20:26:12 Instead I dropped a highly unpleasant amount of information on them 2013-02-18T20:26:37 I do not think they understand that I've been dumping the map data every couple of days and parsing it 2013-02-18T20:26:54 You can see who deploys like a dumbass, and who recharges their stuff if you watch it all 2013-02-18T20:27:25 ...and if they even attempt to keep up this idiocy I'm going to start emaling people report data 2013-02-18T20:27:53 There are still some people on our side who are clearly just hunting targets night and day 2013-02-18T20:28:05 I think they'd like a list of what blue portals none of them seem to have keys for 2013-02-18T20:28:45 If they think they're having a hard time _now_, just imagine what the regular dissemination of partial omniscience would do 2013-02-18T20:30:19 Keeping track of what I've been recharging each night when I'm downtown has been somewhat time consuming, but just tells me the blues have no excuse other than pure fucking laziness for not having big chunks of it 2013-02-18T20:30:29 Laziness, and whining 2013-02-18T20:31:06 I really wanted to tell michaudba straight out "Look motherfucker, I've been dumping the map data for two weeks and I can see how badly you suck to three decimal places." 2013-02-18T20:32:28 Like a third of the resonators I deployed in the cemetery, I got from their portals while they were still blue. 2013-02-18T20:33:11 I took my zaps. I waited for the next deciminite repop, filled back to full, and then blew that place out without losing all my XM. 2013-02-18T20:33:58 Dagmar: what's the deal with BU04? 2013-02-18T20:34:24 Fuck if I know 2013-02-18T20:34:33 there was a weird label on it back in the DC about it being reported on the 15th when I sent you an email about it on the 14th 2013-02-18T20:35:03 Yep. I've already talked to KMac about it. It just needs rebooting to make the light go off. 2013-02-18T20:35:10 I have to coordinate with Jeff 2013-02-18T20:35:42 gotcha. we're trying to figure out the source of these mystery "reported on xx/xx/xxxx" labels on machines back there 2013-02-18T20:35:46 ...and I'll probably have to go through the crap of filing a change for it, and waiting for Scott to get with Zafar about it before he approves it so that we can actually do it 2013-02-18T20:36:34 The light doesn't really tell us shit other than a PCI error occurred 2013-02-18T20:36:50 On a machine that regularly has it's I/O going full blast, this is no big surprise 2013-02-18T20:37:19 I'm not concerned. Weird labels just make me question 2013-02-18T20:37:35 That may be Peter following up 2013-02-18T20:38:31 Some sort of little clip-on whiteboards would be really handy for that 2013-02-18T20:38:41 we have tickets... 2013-02-18T20:38:52 Like a 3x5 card that can just be deployed on the front fo the rack 2013-02-18T20:38:53 with info in them like updates and times... 2013-02-18T20:39:17 Yeah, but people go back there for the checks and don't always see things because it's so much visual noise 2013-02-18T20:39:35 You wind up half seeing just what you've been seeing for days 2013-02-18T20:39:45 see error, make note. check tickets against error lights 2013-02-18T20:40:07 or do the procedural thing and check the tickets BEFORE going back there 2013-02-18T20:41:15 It's going to be raining like hell later 2013-02-18T20:42:20 I'm debating on doing something productive now or playing wow. 2013-02-18T20:42:54 I need to fix this resume. I have a few openDCIM things I could do. I could do inventory here. hrmm... I bet nobody has been to bryan or stevenson lately... 2013-02-18T20:43:02 I'm going to try to finish up with this Skyrim expansion 2013-02-18T20:43:34 I guess I shoudl do this resume stuff. it needs to get dealt with quickly 2013-02-18T20:43:40 That vampire girl is a handy companion to have because she can't die 2013-02-18T20:43:48 ...and she can carry a crapload of gear. 2013-02-18T20:45:06 There's some weird demon dimension I ran to that let me pick up what amounts to a "no friendly fire" trait, which is handy. 2013-02-18T20:45:12 I can use fireballs for pretty much everything 2013-02-18T20:45:46 I actually had my own people turn around and kill me during an escort before that 2013-02-18T20:54:35 *** LastChild has joined #se2600 2013-02-18T20:54:35 *** ChanServ sets mode: +o LastChild 2013-02-18T22:12:55 *** CNwaV has joined #se2600 2013-02-18T22:14:31 *** LstChld has joined #se2600 2013-02-18T22:14:31 *** ChanServ sets mode: +o LstChld 2013-02-18T22:17:30 *** LastChild has quit IRC (Ping timeout: 276 seconds) 2013-02-18T22:48:03 *** CNwaV has quit IRC (Ping timeout: 245 seconds) 2013-02-18T22:51:50 *** CNwaV has joined #se2600 2013-02-18T22:57:31 *** ZeroMinuS has joined #se2600 2013-02-18T23:26:44 *** Synx|hm_ has joined #se2600 2013-02-18T23:29:39 *** Synx|hm has quit IRC (Ping timeout: 276 seconds)