Back to Home / #linode / 2021 / 12 / Prev Day | Next Day
#linode IRC Logs for 2021-12-01

---Logopened Wed Dec 01 00:00:26 2021
00:02<dwfreed>react: anycast and tcp don't mix well
00:37<linbot>New news from community: Multiple Queries are not working <https://www.linode.com/community/questions/22154>
02:55-!-enki [~oftc-webi@185.153.180.57] has joined #linode
02:55-!-enki is "OFTC WebIRC Client" on #linode
02:56-!-enki [~oftc-webi@185.153.180.57] has quit [Remote host closed the connection]
03:00-!-WhizzWr [Whizz@000276f4.user.oftc.net] has quit [Quit: Bye!]
03:03-!-WhizzWr [Whizz@000276f4.user.oftc.net] has joined #linode
03:03-!-WhizzWr is "Nothing is real" on #linode #intel-gfx #fdroid #wayland #tor-relays #tor #redditprivacy
03:04-!-JStoker [~jstoker@00017167.user.oftc.net] has quit [Remote host closed the connection]
03:04-!-jstoker [~jstoker@00017167.user.oftc.net] has joined #linode
03:04-!-jstoker is "JStoker" on #zonedstorage #uml #tor-dev #tor #s6 #oftc #musl-distros #musl #moocows #debian-sayhi #debian-irc #debian-ipv6 #debian-blends #debian #alpine-security #alpine-offtopic #alpine-linux #alpine-devel #alpine-commits #alpine-cloud #debian-xen #llvm #linode #kernelnewbies @#jcs #ifupdown-ng
03:12-!-tiny [~tiny@89-212-253-180.static.t-2.net] has joined #linode
03:12-!-tiny is "realname" on #linode
03:14<tiny>Anyone else experiencing rejected emails when sending to clients protected by client.mail.protection.outlook.com ? SPF, DKIM, DMARC all set. We're not listed on any block list. Still we're not getting trough.
03:21<grawity>are you sending over IPv4 or IPv6?
03:22<grawity>and do your emails contain any URLs in the body? (signature included)
03:35<tiny>IPv4, Every email is blocked. No html and URLS in the body.
03:55-!-g0t_ [~username@cpezg-94-253-144-79-cbl.xnet.hr] has joined #linode
03:55-!-g0t_ is "username" on #linode
05:23-!-beedslol [~root@170-39-230-14.static.as62513.net] has joined #linode
05:23-!-beedslol is "root" on #linode
05:23<beedslol>Omg
05:23<beedslol>After all this years linode channel exists/!??!?!
05:23<beedslol>the fuck what
05:28-!-beedslol [~root@170-39-230-14.static.as62513.net] has quit [Quit: leaving]
06:07-!-tiny [~tiny@89-212-253-180.static.t-2.net] has quit [Quit: Leaving]
07:05-!-tiny [~tiny@89-212-253-180.static.t-2.net] has joined #linode
07:05-!-tiny is "realname" on #linode
07:05<tiny>Can I stop the migration process to another DC?
07:13-!-imdan [~root@2a02:2f0e:5704:3000:95c5:fff8:2f8b:b7a8] has joined #linode
07:13-!-imdan is "root" on #linode
07:13<imdan>test
07:15<@jtoscani>hey tiny
07:16<@jtoscani>you could open a ticket for us to take a look at it, but it's possible that your best bet would be to let the migration ride then send the server back to the original DC
07:17<@jtoscani>was the migration unintended, or is it taking too long and you'd like to cancel?
07:17<tiny>It will take 5 hours at least. I would just like to postpone it for tonighrt
07:17<tiny>we're without email now :)
07:18<tiny>jtoscani: ^
07:18<@jtoscani>ok, understood - can you open a ticket then drop the ticket # here?
07:18<tiny>ok
07:19<@pwoods>tiny: something to keep in mind with a cancelled migration is that we will still need to migrate it, though an inner DC migration is much quicker.
07:19<@jtoscani>^^^ but depends on how far along it is already
07:19<@pwoods>Also, the estimated time in Cloud Manager can be pretty alarming, trying to set the expectation that the migration could be that long.
07:20<tiny>pwoods: jtoscani : ticked it 16571854
07:21<tiny>ID*
07:52-!-tiny [~tiny@89-212-253-180.static.t-2.net] has quit [Ping timeout: 480 seconds]
07:55-!-g0t_ [~username@cpezg-94-253-144-79-cbl.xnet.hr] has quit [Ping timeout: 480 seconds]
08:03-!-Mansurbrn [~oftc-webi@2409:4052:e87:e271::60c8:c60b] has joined #linode
08:03-!-Mansurbrn is "OFTC WebIRC Client" on #linode
08:05-!-Mansurbrn [~oftc-webi@2409:4052:e87:e271::60c8:c60b] has quit [Remote host closed the connection]
08:31-!-g0t_ [~username@cpezg-94-253-144-79-cbl.xnet.hr] has joined #linode
08:31-!-g0t_ is "username" on #linode
08:32-!-Shentino [~shentino@50.35.146.151] has quit [Remote host closed the connection]
08:34-!-tiny [~tiny@APN-123-254-100-gprs.simobil.net] has joined #linode
08:34-!-tiny is "realname" on #linode
08:40-!-Shentino [~shentino@50.35.146.151] has joined #linode
08:40-!-Shentino is "realname" on #kernelnewbies #mm #linode #tux3
09:23-!-anomie [~anomie@00018802.user.oftc.net] has joined #linode
09:23-!-anomie is "Anomie" on #linode
09:29-!-tiny [~tiny@APN-123-254-100-gprs.simobil.net] has quit [Quit: Leaving]
09:31-!-linville [~linville@rrcs-24-142-217-66.midsouth.biz.rr.com] has joined #linode
09:31-!-linville is "John W. Linville" on #linode
10:08-!-newbie2021 [~oftc-webi@5-14-194-141.residential.rdsnet.ro] has joined #linode
10:08-!-newbie2021 is "OFTC WebIRC Client" on #linode
10:08<newbie2021>Hello :D
10:09<Peng>Hello
10:09<newbie2021>i need some help / infos with a nanode
10:10<newbie2021>so ... i have installed and configured and connected thru wireguard a router with vpn client
10:10-!-haru_ [~oftc-webi@81-232-140-95-no2006.tbcn.telia.com] has joined #linode
10:10-!-haru_ is "OFTC WebIRC Client" on #linode
10:10<newbie2021>can i do anything to nanode so that i can access my router remotely on the ip of the nanode ?
10:11<newbie2021>i need remote access to my router
10:11<newbie2021>so i think i need to somehow port forward something ? :)
10:11<haru_>have you tried to use openvpn?
10:11<haru_>internally
10:12<newbie2021>not really since wireguard is faster
10:12<newbie2021>what you mean internally ?
10:12<haru_>well sure wireguard is but like what do you want to accomplish is it only remote access to the router?
10:12<newbie2021>i need to have access to my router remotely ... from everywhere
10:12<haru_>You want to be able to login to the gui of the router from a remote place right?
10:13<newbie2021>yea
10:13<haru_>Ahh okay!
10:13<haru_>I would recomend to use a vpn could be openvpn/wireguard if you want to!
10:13<haru_>If you want to do the lazy way you can always use pivpn
10:13<haru_>If you want it up an running fast
10:14<newbie2021>so what your telling me is that i can not access my router ?
10:14<haru_>Well i really don't know what router you have. What router do you have?
10:14<newbie2021>my router is always connected thru wireguard to the nanode
10:14<newbie2021>a small travel router
10:14<newbie2021>from gl.inet
10:15<haru_>Ahh you have one of those
10:15<newbie2021>mango
10:15<newbie2021>GL.iNet GL-MT300N-V2
10:15<newbie2021>green stuff :)))
10:15<haru_>So you want to be able to access the Gl-inet?
10:15<newbie2021>yeah
10:15<newbie2021>i need to be able to access it`s webinterface from any other network
10:16<haru_>I think you actually can run an openvpn server on the router itself!
10:16<haru_>But you also told me the router is behind a vpn as well right?
10:16<newbie2021>like .... i go to kfc and connect to theyr wifi and i want to be able to check my gl.inet router from home or work
10:16-!-vanquangit [~oftc-webi@42.113.59.238] has joined #linode
10:16-!-vanquangit is "OFTC WebIRC Client" on #linode
10:16<newbie2021>the gl.inet router is connected to nanode thru wireguard
10:16<vanquangit>hello
10:16<haru_>Hi!
10:16<newbie2021>so if i connect to my router my ip is the nanode`s ip
10:17<vanquangit>hi
10:17<newbie2021>so all traffic is directed to nanode
10:17<haru_>Ohh that's sounds tricky tho wait so like this GL-inet router -> nanode wireguard -> intraweb or?
10:17<newbie2021>if i put the nanode`s ip into browser i can not access my router
10:17-!-vanquangit [~oftc-webi@42.113.59.238] has quit []
10:17<newbie2021>i have to use my local ip to access the router thru web
10:18<haru_>Okay but you can portforward the openvpn server instead of the GUI of the GL-inet sounds much more safer tho
10:18<haru_>I know what you want to accomplish yeah you want to hide behind a another ip right
10:18<newbie2021>i want to access my router from web browser on my nanode ip
10:19<haru_>Well yeah you can portforward the port that is used to the GLinet router!
10:20<newbie2021>from what i know/think ... i need to make some port forward on nanone to route incomeing traffic to my router(wireguard) ip / port
10:20<haru_>Do you have any knowledge about load balancing
10:20<newbie2021>so if i type in browser my nanode`s ip to be able to reach my router
10:20<haru_>are you going to only do ip tho?
10:20<haru_>yeah i see it will act as the sorter for the loacl nodes yes
10:21<newbie2021>no load balancing knowledge
10:21<haru_>I do get that! you can try that but instead i would port forward the ip of the GL-inets openvpn server and then from there try to type the local ip address from the GL-inet!
10:21<newbie2021>almost no linux knowledge also :))
10:21<haru_>I understand what you want!
10:21<haru_>Like this for example
10:23<haru_>GL router 192.168.1.8:portofguiInt< nanode handles the incoming traffic to send it to the GLrouter< intraweb/public ip
10:23<haru_>Sorry if my english isn't perfect!
10:24<newbie2021>so i access my router locally thru 192.168.8.1
10:24<newbie2021>my external local ip is 5.14.194.141
10:24<haru_>You can't access it thru 192.168.8.1 if you are outside of your LAN network.
10:25<newbie2021>if i connect to wireless or lan on the gl router i will get my external ip the ip of the nanode
10:25<newbie2021>so the tunneling from local network to nanode is ok
10:25<haru_>local 192.168.8.1 do not get routerd over the intraweb
10:25<newbie2021>corect
10:26<haru_>your public ip > nanode > GL-router
10:26<haru_>nanode is the middle hand of the whole internet and the GL-router
10:26<newbie2021>yes
10:26<haru_>you will have to do the portforward on the nanode yes!
10:26<newbie2021>and i want to connect to gl-router from any other network
10:26<haru_>But you really shouldn't do that way if you are serious about security on the GUI of the GLrouter
10:26<newbie2021>better sayd any other internet sourrce
10:27<haru_>then you can connect to the nanode if you just want to change ip
10:27<newbie2021>yea but i kinda need to access it remotely so that i know if any of my local devices gets disconnected or something
10:27<haru_>Yes!
10:28<haru_>could you send me the brand of the router again?
10:28<haru_>Is it a usb router?
10:29<newbie2021>GL.iNet GL-MT300N-V2
10:29<newbie2021>it`s a mini router
10:29<haru_>If it's i understand that you have a middle hand in between but do you have an ethernet cable input or?
10:29<newbie2021>the gl router is connected as an ap to my local network
10:30<newbie2021>i could connect it thru cable also
10:30<haru_>Don't you mean like a bridge with your other nanodrouter?
10:31<haru_>If i could send a drawing but like this. your nanode gives the Glrouter wifi right?
10:31<haru_>And then you have your devices connected to your GLrouter
10:31<newbie2021>no
10:31<haru_>I am trying to grasp on this better!
10:31<newbie2021>let me explain :)
10:31<haru_>Okay :)
10:31<newbie2021>so my isp gives me internet thru fiber optic into my main router ( huawei bla bla bla )
10:32<newbie2021>from my main router i have wifi and lan to devices
10:32<haru_>yes okay!
10:32<newbie2021>now ... for some devices i wanted to use some vpn solution
10:32<newbie2021>and i got the GL.iNet GL-MT300N-V2 mini router
10:33<newbie2021>wich has a wireguard vpn client build in
10:33<haru_>yes
10:33<newbie2021>the GL.iNet GL-MT300N-V2 router is connected to my internet main router thru wifi
10:33<haru_>and your main router is huawei?
10:33<newbie2021>so there`s no cables between them
10:33<newbie2021>yea
10:34<haru_>Let me make a diagram like this MainRouterHuawei > GLrouter
10:34<haru_>Like that!
10:34<haru_>And that's over wifi!
10:34<haru_>Okay then do the portforward on the huawei you also need to see the ip of your GLrouter the local ip
10:34<haru_>192.168.x.x
10:34<newbie2021>isp - huawei main router - gl router thru wifi - nanone thru wireguard
10:35<newbie2021>gl router is connected to nanone
10:35<newbie2021>*nanode
10:35<haru_>Nanode is it a smal adruino?
10:35<haru_>Am i getting that right tho?
10:36<haru_>Am not familiar with the word nanode to be honest!
10:36<newbie2021>nanode is the linode vps running the wireguard server :)
10:36<haru_>Okay!
10:36<millisa>newbie2021: what do you see if you nmap the wireguard ip of the router from an ssh session on your nanode?
10:36<haru_>Okay you do like that but i don't really know if the ubuntu or whatever system you are running actually can do routing tho
10:36<haru_>hmmm?
10:37<newbie2021>ooo millisa :D hello again
10:37<millisa>newbie2021: ie, if the router is 10.0.0.2, can you nmap 10.0.0.2 from the nanode and see any ports listening?
10:37<newbie2021>you know my thoughts :)
10:38<newbie2021>the gl router on wireguard is 10.0.0.2
10:38<haru_>Millisa do you grasp this problem i have hard times hmm? If the glrouter is connected to the wireguard server dosen't it change ip?
10:38<newbie2021>so i need to ssh into router and nanode?
10:38<haru_>So i think i understand that part but how would you make the wireguard system/os route or?
10:38<millisa>the glrouter would have multiple ips. the wan ip, the lan ip, the wireguard ip
10:38<haru_>yeah
10:38<haru_>That's a bit confusing yes
10:38<haru_>Do you really need the wireguard server tho?
10:39<newbie2021>yup :)
10:39<millisa>newbie2021: I'm saying ssh into the nanode and see what is listening on the gl routers wireguard ip from the nanodes perspective.
10:39<newbie2021>Command 'nmap' not found, but can be installed with: apt install nmap
10:39<millisa>ie: I have a wireguard connected centos system at a remote site that uses one of my nanodes as a peer. from the nanode, I can see the ssh port is open on that remote centos system
10:39<millisa>install it, it's a useful diagnostic tool
10:40<millisa>if you can see the from the nanode, you would just want to concentrate on the port forwarding. if you can't see the management ports, you need to get it so you can
10:40<newbie2021> nmap 10.0.0.2 Starting Nmap 7.80 ( https://nmap.org ) at 2021-12-01 15:40 UTC Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 3.05 seconds
10:41<millisa>nmap -p YOURPORTNUMBERYOUCAREABOUT -Pn 10.0.0.2
10:42<newbie2021>ooo
10:42<millisa>or leave off the -p YOURPORT and it'll try a bunch
10:42<newbie2021>nmap -p 22 -Pn 10.0.0.2 Starting Nmap 7.80 ( https://nmap.org ) at 2021-12-01 15:42 UTC Nmap scan report for 10.0.0.2 Host is up. PORT STATE SERVICE 22/tcp filtered ssh Nmap done: 1 IP address (1 host up) scanned in 2.04 seconds
10:43<newbie2021>nmap -p 80 -Pn 10.0.0.2 Starting Nmap 7.80 ( https://nmap.org ) at 2021-12-01 15:42 UTC Nmap scan report for 10.0.0.2 Host is up. PORT STATE SERVICE 80/tcp filtered http
10:43<millisa>so ssh isn't reachable. check the firewall settings on the gl router to see if you can allow access to it from the 10.0.0.x IP of the nanode.
10:43<haru_>10.0.0.0 not routeble
10:45<millisa>the gl router gives this when you try to make the firewall entry?
10:45<haru_>Are you in your local network?
10:45<millisa>n/m you aren't him/her
10:46<newbie2021>i get these info from the nanode terminal
10:46<millisa>!paste
10:46<linbot>Please paste longer snippets over at https://bpaste.net/ and not in the channel
10:46<newbie2021>root@localhost:~# nmap -p 80 -Pn 10.0.0.2 Starting Nmap 7.80 ( https://nmap.org ) at 2021-12-01 15:45 UTC Nmap scan report for 10.0.0.2 Host is up (0.051s latency). PORT STATE SERVICE 80/tcp open http
10:47<millisa>that looks like the nanode can talk to port 80 on the gl device now
10:47<newbie2021>i think now it`s ok ? i loged into gl router / firewall open port on router and input 80 and 22
10:47<haru_>Congrats!
10:47<millisa>assuming you only opened it to the nanode's ip, not the public
10:47<haru_>Does it work if you are not in the same local?
10:48<newbie2021>guess it`s open to public ... i can not put any ips only the port
10:48<newbie2021>name port protocol and enable disable :)
10:49<millisa>no source range or zone?
10:49<newbie2021>nop
10:49<haru_>Ahh so your home public ip is the one you want to input in the browser to access your router yes
10:49<newbie2021>nop
10:49<newbie2021>i want to access the router with the nanode ip
10:49<newbie2021>not my isp public ip
10:50<newbie2021>so if i move the router to other place and connect it to internet i will have the same ip ( the nanode ip )
10:51<millisa>what if you dont use the 'open ports on router' tab and instead use the port forwards tab. that has an external zone entry. maybe you could use the internal lan ip of the router (or maybe the wireguard ip of the router)
10:51<millisa>(I dont know this router to know what does or does not work)
10:51<newbie2021>ok ... so normal forward
10:51<newbie2021>i will try
10:52<millisa>maybe but using the wireguard zone in that dropdown
10:53<millisa>(if it even has it; maybe it only shows up when the wireguard server piece is running)
10:54<newbie2021>so i have
10:54<newbie2021>protocol ( tcp/udp )
10:54<newbie2021>external zone wan lan wireguard
10:54<newbie2021>external port
10:54<millisa>try wireguard. maybe it applies to the client side too
10:55<newbie2021>internal zone wireguard lan guestzone
10:55<newbie2021>internal ip
10:55<newbie2021>internal port
10:55<millisa>internal zone would be lan, ip would be the internal ip of the router 192.168.8.1 or whatever
10:55<millisa>port would be your 22 or 80
10:56<millisa>to do what you want, you may have to look at using the actual openwrt firmware and not their stunted one
10:56<millisa>thats all i got; have to get on a call
10:56<newbie2021>http TCP/UDP wireguard 80 lan 192.168.1.141 80 Enabled
10:57<millisa>if 141 is the router's ip
10:57<newbie2021>yup :) sure it is
10:57<newbie2021>now if i do the nmap on the nanode
10:57<newbie2021>it gives feedback that it`s open
10:57<newbie2021>nmap -p 80 -Pn 10.0.0.2 Starting Nmap 7.80 ( https://nmap.org ) at 2021-12-01 15:56 UTC Nmap scan report for 10.0.0.2 Host is up (0.051s latency). PORT STATE SERVICE 80/tcp open http
10:57<millisa>well, that's promising. make sure it's not open to the public (i'm assuming you removed the open port on router bit you did earlier)
10:58<newbie2021>yes , i`ve undone that router open port
10:58<millisa>ok, do another forward for 22. then you can test ssh'ing to it from the nanode.
10:58<millisa>you can get to the nanode from anywhere, assuming your wireguard stuf is up, you'll be able to jump from there to ssh to the gl.whatever
10:59<millisa>for web stuff you could either reverse proxy it from the nanode, or start looking into port forwarding there (though that's as dangerous as just opening it to the public direct)
10:59<newbie2021>22 open to now
11:00<haru_>from the linode to the GL router?
11:00<newbie2021>yes
11:00<haru_>okay!
11:00<haru_>Are you connected to the wireguard server with your pc?
11:00<newbie2021>nop
11:00<haru_>Like how you would connect to a vpnserver
11:00<haru_>Then?
11:00<newbie2021>pc is to my isp internet
11:00<haru_>How would they be on the same local network?
11:00<haru_>Yes why don't you connect to the wireguard server with your pc as well!
11:01<haru_>Then you can probably reach it!
11:01<newbie2021>because i dont need to put my pc on wireguard :)
11:01<haru_>10.0.0.2 can't be routered over the internet!
11:01<newbie2021>think i`m not makeing myself understood
11:01<newbie2021>my pc is on normal internet ok ?
11:02<haru_>Yeah i see your problem now yes! so like millisa said you need to open the GUI port on the GL router! but i assume then you would type the ip address that you get from your wireguard server
11:02<haru_>What ip does your GL-router get internally from your wireguard server?
11:02<newbie2021>10.0.0.2
11:02<newbie2021>i think
11:03<haru_>One tip as well!
11:03<haru_>Everytime you connect and disconnect the GL router you will just get a random ip as well?
11:03<newbie2021>no
11:03<haru_>Maybe the wireguard server do not allow clients to talk to each other?
11:03<newbie2021>i`ve dhcp reserved it on isp router
11:04<newbie2021>so it will always be 192.168.1.141
11:05-!-newbie2021-vpn [~oftc-webi@139-162-196-139.ip.linodeusercontent.com] has joined #linode
11:05-!-newbie2021-vpn is "OFTC WebIRC Client" on #linode
11:05<newbie2021-vpn>so these is my laptop connected to the gl router running wireguard client
11:05<haru_>never heard of dhcp reverse even though i did 50% of the CCNA course omg
11:05<haru_>Hehe
11:05<haru_>Well
11:06<newbie2021-vpn>dhcp reserve , like a static ip but it`s dhcp
11:06<haru_>Yeah but you want your pc to be connected to the wireguard server and the gl-router and then connect to the gl-router
11:06<newbie2021-vpn>always stays the same for a certain client /pc
11:07-!-duncanm [sid287146@tinside.irccloud.com] has quit [Ping timeout: 480 seconds]
11:07<newbie2021-vpn>so the client doesnt have to remember its ip ... it gets it from dhcp
11:07<newbie2021-vpn>but will always get the same
11:07<haru_>you have an static ip okay!
11:07<haru_>Sorry now i get it!
11:07<newbie2021-vpn>:))
11:07<newbie2021-vpn>man i`m so so bad
11:08<newbie2021-vpn>let me get back to beggining
11:08-!-duncanm [sid287146@id-287146.tinside.irccloud.com] has joined #linode
11:08-!-duncanm is "Duncan Mak" on #linode
11:08<newbie2021-vpn>so i have internet ok ?
11:08<newbie2021-vpn>my isp gives me internet thru fiber
11:08<haru_>I do not even understand with like 50% CCNA network course your problem just goes agains everything i learn like. You want to get access thru the wireguard server?
11:08<newbie2021-vpn>my internet is dinamic , if i restart main router it gets a new ip everytime
11:09<haru_>The wireguard server is that the ip you want to input in the browser!
11:09<newbie2021-vpn>yes
11:09<newbie2021-vpn>if i put my wireguard server ip in the browser i want to reach my gl router
11:10<haru_>Omit 192.168.x.x 10.x.x.1 not routerble on the internet!
11:10<haru_>Yes i get it now!
11:10<haru_>yeah well that won't work!
11:10<haru_>Sorry that isn't how it works!
11:10<newbie2021-vpn>maybe i got the wrong impresion about what vpn should do
11:10<haru_>Yes a bit!
11:10<haru_>So listen!
11:11<newbie2021-vpn>i want to access a certain device / router using the linode ip
11:11<haru_>A vpn is used to create a local network even though you are not physically on the same local network that will be in the same house okay!.
11:11<haru_>You can achive what you want but!
11:11<haru_>One thing you will have to do is connect your pc to the server okay so the vpn does a (LOGICAL Lan network)
11:12<newbie2021-vpn>instead of typing into browser 172.11.1.123 ( my normal ip ) to use my linode ip
11:12<haru_>No you can't use linode ip either!
11:12<haru_>Okay this
11:12<haru_>your pc connect to the server and your gl-router then they will be in the same network!
11:12<haru_>Logically!
11:13<haru_>Even tho you are on a remote site!
11:13<newbie2021-vpn>ok
11:13<newbie2021-vpn>so pc is in a location and gl router other location diferent internets
11:13<haru_>I have never tried to access a router on a vpn server and to put it on a vpn server tho? hmm?
11:13<newbie2021-vpn>if i run vpn client on both devices to connect them to linode
11:13<haru_>yes different local networks yes!
11:13<newbie2021-vpn>they will kinda be in the same network
11:13<haru_>yes there you go!
11:14<haru_>that's what you will have to do yes!
11:14<newbie2021-vpn>ok
11:14<haru_>Then you write the ip that the GL router gets from the wiregurd server!
11:14<newbie2021-vpn>so if i connect pc to linode
11:14<newbie2021-vpn>router to linode
11:14<haru_>First you will have to open the gui port on the router what's the gui port on the router?
11:14<newbie2021-vpn>one will get linodes internal ip 10.0.0.2
11:14<newbie2021-vpn>one will get 10.0.0.3
11:14<haru_>I mean you already have your gl router to the linode so don't do anything with taht!
11:14<haru_>Yes both will get internal ips!
11:15<haru_>PC and the GL router!
11:15<newbie2021-vpn>if i browser 10.0.0.2 ( the gl router ) i should be able to reach it
11:15<haru_>You should yes!
11:15<haru_>But the wireguard server may not permit clients to talk with eachother so that's another problem!
11:15<newbie2021-vpn>not really what i`m searching for :)
11:16<newbie2021-vpn>what i need / want is to access the gl router connected to linode into a browser but using the linode`s ip
11:16<haru_>You can't use the lindoes public ip to access the GL-router sorry!
11:17<haru_>But you can connect your pc to the wireguard server like you did with the GL router!
11:17<newbie2021-vpn>add two peers to linode
11:17<haru_>Peers are also not allowed to talk to each other on the wireguard server so you will need to fix that as well!
11:17<newbie2021-vpn>aint doing that since it`s not what i`m looking for
11:17<haru_>PC > to linode wireguard server GL-router to > linode wireguard server
11:18<haru_>then pc and the GL router will be on the same network then you can access with 10.0.0.x
11:18<haru_>Have you tried this one then!
11:19<haru_>https://www.gl-inet.com/solutions/goodcloud/
11:19<newbie2021-vpn>i know about it
11:19<newbie2021-vpn>but again , not really what i`m searching for
11:19<haru_>It's!
11:19<newbie2021-vpn>let me explain one thing
11:19<haru_>You will be able to control it!
11:19<haru_>That's the point
11:20<haru_>You won't even need ip address for that one!
11:20<haru_>I can show you with my own router if you want that to
11:20<newbie2021-vpn>i know what your saying
11:20<newbie2021-vpn>i have added gl router to that site
11:20<newbie2021-vpn>theyr cloud service
11:20<newbie2021-vpn>but i need a little more than that
11:20<haru_>Yes why can't you control it from there?
11:20<haru_>What do you need?
11:20<haru_>You said you need the gui of the device
11:21<haru_>That is the gui but in their cloud
11:21<newbie2021-vpn>mango can`t be controlled from their cloud service
11:21<newbie2021-vpn>other routers can
11:21<haru_>Ohh sorry to hear that!
11:21<haru_>Well
11:21<newbie2021-vpn>besides
11:21<haru_>Can you use your home ip to access it instead if you don't want to conf the wireguard server to allow peers to talk with eachother
11:21<newbie2021-vpn>i got another situation
11:22<newbie2021-vpn>lets see if you can understand me
11:22<haru_>Sure
11:22<haru_>Go ahead!
11:22-!-CodeMouse92 [~CodeMouse@00025241.user.oftc.net] has joined #linode
11:22-!-CodeMouse92 is "Jason C. McDonald" on #python #packaging #linode #llvm #c++
11:22<newbie2021-vpn>so the gl router is connected to linode wireguard server ok ?
11:22<haru_>yes so it will be connected to another logical lan yes
11:22<newbie2021-vpn>now my laptop is connected to the gl router
11:22<newbie2021-vpn>so now my public ip is the linodes ip
11:23<haru_>yes and you will be able to access it localy but not thru the wireguard server
11:23<newbie2021-vpn>so lets say i am running a program on my laptop
11:23<haru_>Yeah i see what you think but no that's not how it works!
11:23<newbie2021-vpn>now ... you are using the same program
11:24<newbie2021-vpn>for both programs to work they need to communicate thru a certain port nr
11:24<newbie2021-vpn>how do you make my program to communicate to your program if we dont connect to same wireguard server
11:24<haru_><local ip of your pc <>local ip of your router> this is on the wireguard server making the logical lan network
11:25<haru_>With my router i can put it on the cloud!
11:26<haru_>It thought that worked for your router to so that's my bad sorry!
11:26<newbie2021-vpn>so i give you an example
11:26<haru_>Yes do it!
11:26<newbie2021-vpn>i have a device connected to the gl router now
11:26<haru_>yes
11:26<newbie2021-vpn>that certain device uses port 44158 to send and receive data
11:26<haru_>what is that port used for?
11:27<haru_>What kind of data?
11:27<newbie2021-vpn>f me if i know :)
11:27<newbie2021-vpn>all i know is that that certain port has to be open to public access
11:28<newbie2021-vpn>the devices sends and receives info on that port from a server
11:28<haru_>I am very sorry i don't get it!
11:28<haru_>You have two solutions left!
11:29<newbie2021-vpn>if i put it on my local network and do port forward on isp router i get that port opened to public
11:29<newbie2021-vpn>if i connect it to gl router running wireguard client the port is closed :)
11:29<haru_>Make the clients able to talk with each other on the logical lan on your wireguard if not then port for ward from you main router to your GL-routers GUI port
11:29<haru_>Yes you will get it open to the public yes!
11:30<haru_>And that's a safety concern but who would want to attack a small gl router
11:30<newbie2021-vpn>i`m not that concerned about the safety part
11:30<newbie2021-vpn>i`m not a rich dude and will never be :)
11:30<haru_>so when you connect to the wireguard server it will close the port on the GL router?
11:31<newbie2021-vpn>the devices port is always open
11:31<newbie2021-vpn>i made port forward from the device to the gl router
11:32<newbie2021-vpn>now the port can`t be accesed because of the linode
11:32<haru_>Then don't have the GL-router to the linode server
11:32<newbie2021-vpn>that`s the whole ideea
11:32<haru_>Why?
11:33<haru_>You only want to be able to access it right?
11:33<newbie2021-vpn>because i want to run two of the same devices
11:33<haru_>Why do you need a vpn?
11:33<newbie2021-vpn>but can not from the same internet
11:33<newbie2021-vpn>because they use the same port
11:33<haru_>what two devices use the same port?
11:33<haru_>port 80?
11:34<newbie2021-vpn>so i want to trick one device to think it`s on another internet
11:34<newbie2021-vpn>so i could check theyr port status from anywhere
11:34<newbie2021-vpn>one would be on my isp ip address
11:34<newbie2021-vpn>one on the linode ip address
11:35<newbie2021-vpn>basicly it`s the same thing as routing my gl router port 80 on the linode ip
11:35<haru_>yes and that won't work!
11:35<haru_>You want to type like this 122.32.32.54 linode ip to access the GL router
11:36<newbie2021-vpn>yea
11:36<haru_>Not going to work!
11:36<haru_>Not at all!
11:36<newbie2021-vpn>it should :)
11:36<haru_>No that's not how a vpn works!
11:37<haru_>Like i said you can do a logical network with the wireguard server yes but not only just type the public ip of the linode and think that would work sorry!
11:37<haru_>Sorry to break it to you!
11:38<newbie2021-vpn>you could be right but i still think it should work :)
11:38<grawity>I think you just lack imagination
11:38<grawity>like, "port forwarding" through a VPN is definitely doable, just some things make it slightly more annoying than the normal kind
11:39<haru_>Never done that tho!
11:39<haru_>Would you like to help him tho?
11:39<haru_>So you mean the vpn would route from the public ip to the local devices connected to it hmm maybe i don't have that knowladge
11:40<haru_>A vpn acting like a router? never heard of that
11:40<grawity>now by "slightly more annoying" I mean "better hope the VPN client runs Linux, and it'll be ugly like all multi-homing is on Linux, and ugh"
11:40<haru_>xD
11:40<grawity>but it's still fundamentally the same kind of DNAT
11:40<newbie2021-vpn>i`m such a lucky b....
11:40<newbie2021-vpn>gl router has linux :)
11:40<grawity>and I mean a VPN server *always* acts like a router
11:41<grawity>it routes packets, and it even does the same SNAT (masquerading) as a home router would do
11:41<grawity>[the latter if you use the VPN for internet access via your server, that is]
11:41<haru_>But public to logical lan really?
11:41<grawity>yes
11:41<haru_>Ahh okay that's something new!
11:41<haru_>Will check that out
11:41<grawity>making the VPN server DNAT certain packets from WAN to a VPN client is, very nearly the same as doing it on a local router
11:42<haru_>So the vpn would work like a load balancer tho but for clients that are from another place logically
11:42<newbie2021-vpn>so grawity you saying that i could actually have some luck
11:42<haru_>cool
11:42<grawity>(if your local router was Linux, it'd be literally the same kind of iptables DNAT rule)
11:42<grawity>now having that internal device *respond* in the correct direction, that's where the ugly part is >_>
11:42<haru_>Ahh yeah you are right actually my bad!
11:42<haru_>Yeah would you like to help this person. I have not done that thing tho!
11:43<grawity>but let's say you don't mind it being ugly
11:43<haru_>Going to be a heal with config or?
11:43<haru_>haha xD a lot of terminal or?
11:43<grawity>step 1 is making sure the server itself can ping the device that needs t obe accessed
11:43<grawity>if the device itself is the wireguard client, that's probably already working
11:44<newbie2021-vpn>so step one is covered :)
11:44<grawity>step 2 is to configure an iptables (or nftables) DNAT rule on the server, so that it matches packets on the "external" port that you want, and -j DNAT's them --to-destination wg_internal_ip:internal_port
11:45<newbie2021-vpn>ok lost me there :)))
11:45<grawity>knowing iptables would be useful
11:45<haru_>yeah you will need to work in the terminal!
11:46<haru_>I am going then. I hope grawity can help you out!
11:46<haru_>And good luck on this!
11:46<haru_>May the wind be in your direction!
11:46<grawity>but in general it'll probably be something like, "-I PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --dnat-to 192.168.42.53:80"
11:46<newbie2021-vpn>it`s always wind ... i`m at a sea shore :)))
11:47<grawity>then use tcpdump to verify -- e.g. run `tcpdump -eni any "port 80"`, have someone else connect to http://your_linode:80, see if tcpdump shows packets arriving at eth0 and going out through wg0
11:47<haru_>Fast question
11:47<haru_>So you need you really dont need the wireguard or?
11:48<haru_>No okay my bad!
11:48<haru_>Nothing!
11:48<grawity>you need *some* kind of tunnel, whether it's wireguard or openvpn or ipip or gre
11:48<haru_>you need the wireguard server
11:48<haru_>Yes
11:48<haru_>Yes my thought was different yeah you are right yes!
11:48<newbie2021>grawity... where can i find that "-I PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --dnat-to 192.168.42.53:80"
11:49<newbie2021>and dnat to 192.168.42.53 should be 10.0.0.2 ? ( my client wireguard ip address ? )
11:50<haru_>-I PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --dnat-to local ip of the client connected to wireguard server or?
11:51-!-haru_ [~oftc-webi@81-232-140-95-no2006.tbcn.telia.com] has quit [Quit: Page closed]
11:51<grawity>newbie2021: yeah
11:51-!-xon [~oftc-webi@81-232-140-95-no2006.tbcn.telia.com] has joined #linode
11:51-!-xon is "OFTC WebIRC Client" on #linode
11:51<grawity>I'm not sure where's a good "intro to iptables"
11:51-!-xon [~oftc-webi@81-232-140-95-no2006.tbcn.telia.com] has quit []
11:52-!-haru_ [~oftc-webi@81-232-140-95-no2006.tbcn.telia.com] has joined #linode
11:52-!-haru_ is "OFTC WebIRC Client" on #linode
11:52<newbie2021>i need good intro into all linux :)))))
11:53<grawity>anyway, step 3 (the ugly part), when the wireguard client device *responds*, it has to respond through wireguard again, and not directly through internet...
11:54<newbie2021>right
11:54<newbie2021>exactly what i want
11:54<grawity>one easy way to make that happen is to also add a SNAT or MASQUERADE rule on the server, like "-I POSTROUTING -o wg0 -s ! 10.0.0.0/8 -j MASQUERADE", so that your wg_client will think the connection actually came *from* the wg_server itself, and not from the original WAN client host
11:55<grawity>but that's also the downside of this method -- the wg_client can't tell who connected, it thinks all connections came from wg_server
11:55<newbie2021>that aint an problem for me
11:56<grawity>the harder way is to configure "policy routing" on the wg_client device, making it have two routing tables, two default routes ... it's a fairly common thing, not particularly arcane, just the way it's done on Linux can give me a headache
11:56<grawity>well, no, I guess policy routing is a lot simpler when one connection is a static tunnel (like wireguard)
11:56<newbie2021> nmap -p 22 -Pn 10.0.0.2 Starting Nmap 7.80 ( https://nmap.org ) at 2021-12-01 16:55 UTC Nmap scan report for 10.0.0.2 Host is up (0.055s latency). PORT STATE SERVICE 22/tcp open ssh
11:57<newbie2021>so these means that the linode wg server can access my router on port 80 ok ?
11:57<grawity>is 10.0.0.2 your router? and is -p 22 "port 80"?
11:58<newbie2021>10.0.0.2 is my router , 22 is ssh access to it
11:58<grawity>(anyway, otherwise that's basically it, there's no step 4 really)
11:58<newbie2021>sorry i typed wrong :D
11:58<grawity>if nmap says "open", then yeah it's reachable
11:58<grawity>the --reason option usually makes nmap results slightly more informative
11:58<newbie2021>but 10.0.0.2 is my router ip address when i connect it to linode wg server
11:59<grawity>yeah, probably good enough
11:59<newbie2021>so now
11:59<grawity>well the only remaining question is, is it actually *wise* to make your router's HTTP publicly accessible in this way
11:59<millisa>grawity++
11:59<grawity>with most routers that's just invitation for trouble
11:59<newbie2021>yup :)
12:00<newbie2021>verry wise :)))
12:00<haru_>don't care about the sec hehe
12:00<haru_>xD
12:00<haru_>But yeah probably not the most secure hehe
12:00<haru_>Have a long passsword on your GUI
12:00<grawity>I'd rather just connect to the same WG server if I want to access my home network -- i.e. WG from phone/roaming to server, WG from server to home LAN
12:00<dwfreed>most consumer routers have terrible security, and get by on the fact that web browsers are doing a better and better job of preventing CSRF
12:00<newbie2021>just jokeing about the wise part but i do need http access to it :) from anywhere/everywhere
12:00<haru_>same here!
12:00<grawity>the problem isn't so much weak passwords, but also that many routers end up being hackable *without* the password
12:01<millisa>when out and about have the 'anywhere' device also connecting to wireguard on the nanode.
12:01<dwfreed>^^^
12:01<haru_>yes exploits you mean?`
12:01<grawity>yes
12:01<haru_>yup that's true as well!
12:01<newbie2021>i`m not concerned about the security part
12:02<millisa>lesson 0 in learning about linux. you are always concerned about the security part.
12:02<haru_>Agree indeed!
12:02<haru_>That's why you have one million containers as well hehe!
12:02<haru_>Local sec as well
12:02<grawity>other people, who have to live in the same internet as you, are concerned about the security part
12:03<newbie2021>there will be none :)
12:03<newbie2021>that`s why i am not concerned
12:03<haru_>well it just goes to your bridge/router so
12:03<haru_>sure
12:03<grawity>yeah I'd better not receive viagra spam from your router then lol
12:03<haru_>Haha lol!
12:03<newbie2021>ooo you mean other people like everyone using the internet
12:03<haru_>Until it gets exploited have a nice day!
12:04<newbie2021>i thought you mean other people using my router
12:04<grawity>but anyway, *in general,* that's how you port-forward things via VPN -- first the normal DNAT rule, then some hack (either SNAT/masquerade, or policy routing) to have replies go where they should
12:04<grawity>oh, thinking of it... is it always going to be HTTP
12:04<haru_>Sure nice idea i will try that one out but won't use that in production
12:05<grawity>if it's going to be HTTP(S), a "reverse proxy" (proxy_pass in nginx/apache or similar) might be an easier option
12:05<grawity>and slightly more secure too
12:05<haru_>Yup not going to use that with vpn no it's like the vpn now accts as a revers proxy for the well sort of
12:05<haru_>but for ip
12:05<haru_>well well
12:05<millisa>you could at least add some extra layer of security on a proxy. even a simple user/pass prompt is better than leaving a consumer device sitting available to the world.
12:05<newbie2021>let me put it in my terms of understanding :)))
12:05<grawity>since you can have the proxy itself (i.e. apache) require a password, and *those* are rather hardened against exploits
12:06<newbie2021>if i disconect the gl router from the linode
12:06<newbie2021>and i do port forward from my isp router to gl router on a certain external port say instead of 80 to 8099
12:06<newbie2021>i can access my gl router on my isp public ip:8099
12:07<millisa>(which is just as bad/dangerous)
12:07<newbie2021>that is the thing i want to do but instead of isp public ip to input the linode ip
12:07<millisa>you can do that. and we're saying it's in your best interest to do neither of those.
12:07<newbie2021>so if i move the gl router to a new location nothing will change
12:08<newbie2021>that i understood about the hackability ... security concerns and so on
12:08<newbie2021>but it is what i need
12:08<haru_>if you have important devices well then maybe but now you said it was only you but we are concerned that router will get exploited and just send spam mails like other people don't want that you know
12:09<haru_>And yeah I am to tired and my english stopped function sorry!
12:09<newbie2021>to send mails you need port 25 , if i remember corectly
12:10<haru_>再见 你们都很好!
12:10<millisa>you've done the hard part of getting the router talking to wireguard. the easy next step is to get the roving device talking to wireguard too. then the roving device can talk to your router management in a somewhat secure fashion
12:10<grawity>eh, spam was an example, these days more likely it's either part of a DDoS botnet, or an unwilling cryptominer
12:11<newbie2021>sorry millisa but i didnt understand
12:11<millisa>or illegal human trafficking coordination or something that will make you feel equally like a terrible person when you find out something you did was part of . . .
12:11<newbie2021>ok ... i really need to put these in a maner that you awesome people can understand what i need
12:12<millisa>You've made your router manageable from within the wireguard network. If you want to manage it remotely, add your device to the same wireguard network. you don't have to open ports publicly.
12:12<LouWestin>Depending on the router, theres a high chance that there’s a security issue which may or may not get patched
12:12<haru_>What i tried to say for 1 hour ago
12:12<haru_>Yeah
12:12<haru_>That's far more secure better solution/easier i guess
12:12<newbie2021>ok ... lets forget about the router management / web port whatever
12:12<newbie2021>lets say i go secure on it
12:13<newbie2021>so i will get to the router thru the same wireguard server
12:13<haru_>I am sorry i have to study chinese now but you know what it's good that you are playing with linux you know that!
12:13<haru_>Don't stop!
12:13<newbie2021>so good so far ok ? :)
12:14<newbie2021>now comes the trick part
12:14<haru_>You will need both pc and the gl on the same server logical lan yep well they will help you tho!
12:14<newbie2021>yes , pc laptop phone whatever
12:14<newbie2021>run wireguard client with same wireguard server
12:15<haru_>Wonderful people tho! so helpful thanks thanks!
12:15<newbie2021>so if i input 10.0.0.2 in browser i will access gl router
12:15<haru_>should be that yes!
12:15<newbie2021>ok , all good untill these point :)
12:15<newbie2021>now comes the security issues :))))))))
12:15<haru_>But then ask them how you make the peers talk with eachother on the wireguard server locally on it
12:16<newbie2021>like i sayd earlier
12:16<newbie2021>i connect a device to the lan of the gl router
12:16<newbie2021>so that device will have the external ip of the linode wg server
12:16<haru_>no this is a lan on the wireguard server
12:16<haru_>You will need some network books i do have to go tho!
12:17<newbie2021>:)))
12:17<newbie2021>what i am saying is already done
12:17<newbie2021>like my laptop is conected thru wifi to the gl router
12:17<newbie2021>and my laptop external ip is the linode wg server
12:17<haru_>yeah but say you are connected to mcdonalds wifi how would you access it?
12:17<newbie2021>gl router in my pocket :)
12:17<haru_>connect the pc to the wireguard server where the gl lays as well!
12:18<newbie2021>no dude
12:18<newbie2021>i am speaking of a different issue
12:18<haru_>You want me to truly give up?
12:18<newbie2021>if i connect my laptop to the mcdonals wifi and run a wireguard client
12:18<haru_>You want the security part then yeah you would connect pc and gl to the wireguard server that won't expose the port of the gl router
12:18<newbie2021>i will be able to connect to the gl router
12:18<newbie2021>i get that
12:18<newbie2021>so far so good
12:18<haru_>yes a wireguard client yes sure sure
12:18<haru_>yeah you would need that yes
12:19<haru_>your pc needs a wireguard client
12:19<haru_>https://www.wireguard.com/install/
12:19<newbie2021>ok
12:19<newbie2021>everything untill now is ok , fine and done
12:19<newbie2021>security and all
12:19<newbie2021>now i am speaking of a new issue :)
12:20<newbie2021>i am at mc donalds , right ?
12:20<haru_>ok
12:20<newbie2021>i am not running any wireguard client or server or whatever
12:20<newbie2021>i am just connected to mcdonalds internet
12:20<newbie2021>or whatever other place
12:20<haru_>Well then everything is shut off?
12:20<haru_>What?
12:20<newbie2021>the gl router is connected to to wg server on linode ok ?
12:21<newbie2021>and i am at a different location but not running any wireguard stuff
12:21<newbie2021>now the problem is these
12:21<haru_>you at mcdonals and not connected to the wireguard server you wont be able to access it
12:21<haru_>By the way they can also block the port that is used by wireguard
12:21<newbie2021>i dont want to :)
12:21<haru_>Should be pretty easy for them to block that as well!
12:21<haru_>You need to think about a lot of things!
12:22<haru_>not every network permit wireguard sadlt
12:22<haru_>sadly
12:22<newbie2021>man lisen a minute :)
12:22<newbie2021>i repet , gl router is connected to wireguard server on linode
12:22<haru_>I mean the port of the gl router i mean not the wiregurad server sorry
12:22-!-puneet [~oftc-webi@116.193.129.222] has joined #linode
12:22-!-puneet is "OFTC WebIRC Client" on #linode
12:22<newbie2021>on the gl router i connect a pc with lets say ftp server , port 21 ok ?
12:23<puneet>hello,
12:23<millisa>puneet: greetings
12:23<haru_>I am to tired am sorry! why did the others stop response so weird!
12:23<newbie2021>how can i make that ftp server be available to you or anyone else
12:23<haru_>revers proxy with stream
12:23<haru_>But that's something different!
12:23<puneet>right now buy from this email id info.pluggeek@gmail.com
12:23<haru_>I wouldn't do it with wireguard
12:24<puneet>but i am not getting any infomation.
12:24<millisa>newbie2021: that would be the nat setup grawity was giving
12:24<newbie2021>awesome
12:24<haru_>if you talk about ftp server that everyone can access then a reversproxy with stream or normal host pass
12:24<puneet>but showing Your account is currently being reviewed.
12:24<grawity>FTP is a bit annoying with NATs though (due to it using the separate "data connections"), but yeah, still sorta the same.
12:25<haru_>my or?
12:25<newbie2021>i sayd ftp because i know what port it uses :)))
12:25<millisa>puneet: they flag some accounts for review and get to them as quickly as possible. if they need more info they'll send it via an email.
12:25<haru_>is my account under review well well!
12:25<haru_>am not going to use this IRC again tho!
12:25<haru_>Just fun to try out!
12:26<grawity>pretty sure that's just puneet's
12:26<newbie2021>ok so i need to dig into what grawity sayd
12:26<newbie2021>and try to make some sense in my head that has zero knowledge :D
12:27<haru_>The person on this pc is dead now i cant do more sorry! this is the last time you see me maybe hehe! i will probably forget this site tho. One question what happens if you refuse to pay linode tho?
12:27<newbie2021>haru_ i am verry sorry for makeing you not want to use these anymore ....
12:27<millisa>haru_: money is exchanged for goods and services
12:27<grawity>I'd expect they'll just shut down your servers after a few weeks of non-payment...
12:28<grawity>like all hosting providers normally do
12:28<puneet>ok
12:28-!-puneet [~oftc-webi@116.193.129.222] has quit [Quit: Page closed]
12:28<haru_>Yeah but now i need to pay 75 dollar for nothing really?
12:28<newbie2021>i will shut up now
12:28<newbie2021>roll back to what grawity sayd
12:28<haru_>What will happen if i just refuse everything is already closed tho!
12:28<newbie2021>and try to make it work
12:28<haru_>My servers that i had is gone lost everything but i do not want to pay 75
12:28<newbie2021>sorry again
12:29<haru_>Don't they just delete everything like you said
12:29<haru_>Still demand me for money i don't get it!
12:30<millisa>haru_: your invoice should explain what they are billing for.
12:30<haru_>for a service that was on for 2 months ago!
12:31<haru_>It's just gone now so why would i pay it?
12:31<haru_>That's the confusing part
12:31<millisa>why would you pay for a service you used?
12:31<dwfreed>You have to pay for as long as the service *exists*, because it is reserving resources that could be given to another paying customer
12:31<dwfreed>even if it was powered off
12:32<haru_>Okay but can they just delete it or so?
12:32<haru_>Or do i still need to pay?
12:32<haru_>Becuase it was hogging or?
12:32<dwfreed>You still need to pay
12:33<dwfreed>You can delete it when you no longer need it
12:33<dwfreed>and then you'll only be charged for the time it existed
12:34<haru_>So what happens if i don't pay i mean it's gone tho?
12:34<haru_>or?
12:34<haru_>Like sure i may have done this wrong then sure i will need to pay this fine
12:35<dwfreed>If you don't pay, they'll delete it, and lock the account so it can't be used until the balance is paid
12:35<haru_>so that's it!
12:36<haru_>Not like a man would knock on my door and just give me something of value that is 75 dollar or?
12:37<haru_>the bailiff? won't be going to my place like you know what i mean?
12:37<newbie2021>75 dollars ... daaaamn
12:37<haru_>Yeah i did my labs in linode and i fucked up so hard if i need to pay that yes
12:37<millisa>i'm not sure if linode makes their collections process public.
12:37<dwfreed>You should pay your bills, or you'll find they come back to bite you
12:38*millisa imagines caker travelling around on a motorcycle with a list and a bat.
12:38<dwfreed>Take the $75 as a valuable lesson learned
12:39<newbie2021>i can help you abit haru_ for your time and headache
12:39<haru_>No it was a credit that i was given by a youtuber i won't do that!
12:39<haru_>Well sure sure!
12:40<haru_>It was more of a credit you know that was given by a youtube affiliate how can it go over it tho?
12:40<haru_>if the card declines 3 days after they just remove it hto
12:40<haru_>tho
12:40<dwfreed>Because billing doesn't stop just because the credit runs out
12:41<haru_>Well but after 3 days with out a payment that works it will just delete it or?
12:41<dwfreed>The exact timeline varies, but they do provide more leeway than that
12:42<millisa>and that entire time if the system is still provisioned it would continue to accumulate charges
12:42<@pwoods>hey haru_ I can assist here.
12:43<@pwoods>!ops
12:43<linbot>Users with ops are employees of Linode, and know what they're talking about. The rest of us are the ever-so-helpful(?) community. Official Linode contact information: https://www.linode.com/support/
12:43<haru_>That would be awesome!
12:43<@pwoods>haru_: I didn't see it in scroll back, did you have a support ticket open yet?
12:43<haru_>I do have a support ticket open yes!
12:43<haru_>In my linode account yes!
12:43<@pwoods>canyou share the ticket number?
12:44<haru_>Should i do this here?
12:44<@pwoods>If you are wary of sharing that publicly, you can send it to me in a private message
12:44<haru_>#16567618
12:45<haru_>no it's fine then i just thought it maybe wasn't no it's okay!
12:45<haru_>I were using this service for my labs and i forgot to turn of one of the servers and i wonder why it went over the credit score that was given by an affiliate link on youtube
12:47<haru_>What happens if it don't get paid?
12:47<@pwoods>haru_: thanks for the ticket number. A colleague was already looking at the ticket.
12:48<haru_>yes but i don't want this to go about more time you know!
12:48<haru_>Do i need to pay and what would happen if i didn't?
12:48<haru_>Why did it go over the credit?
12:51<haru_>Do i need to pay it or not?
12:51<haru_>I ahve no idea!
12:51<haru_>Like does it just terminate my account or?
12:55<dwfreed>Not sure why you're still arguing about this, just pay the bill, delete everything, and be done with it
12:55<dwfreed>consider it a costly lesson in learning how a service's billing system works
12:56<haru_>I don't understand it tho that's the point i never said i will not pay i wonder what happens if i don't pay / and why did the credit that i got from the affiliate link get over it?
12:57<@pwoods>most promo credits are good for $100/3months, whichever comes first
12:57<millisa>(60 days on the green box promos now)
12:57<millisa>(ex. https://www.linode.com/docs/guides/how-linode-billing-works/ )
12:58<millisa>credits get used first. credits dont stop billing from happening beyond the credit amount.
12:58<haru_>Is it mandatory to pay this bill when the services got removed. And if i need to pay it i will but is it because i forgot to delete things?
12:58<dwfreed>Yes
12:59<haru_>Just cirous what happens when a coustumer do not pay?
12:59<haru_>Then am going to pay this now then but can the worker here then delete my account or how do i terminate it
13:01<LouWestin>You can delete any Linodes you have. That will stop the billing
13:01<haru_>But they are deleted
13:01<haru_>okay
13:02<LouWestin>And any storage stuff. Ok then you shouldn’t be billed next month
13:02<haru_>ok
13:03<@pwoods>Any services removed after an invoice has been issued likely isn't reflected on the account yet.
13:03<@pwoods>We see this nearly every month with billing, since it's a post-paid service.
13:03<haru_>do you still need to pay when they get removed or?
13:03<@pwoods>Yes.
13:03<@pwoods>You are invoiced for the hours that they are on your account.
13:12<haru_>Ok
13:12<haru_>yes
13:12<haru_>It's just to pay then!
13:12<haru_>Thanks!
13:41<haru_>fixed and payed
13:41<haru_>Best support ever tho!
13:41<haru_>So kind!
13:41<haru_>Have a nice day!
13:41-!-haru_ [~oftc-webi@81-232-140-95-no2006.tbcn.telia.com] has quit [Quit: Page closed]
13:43<newbie2021>millisa
13:43<newbie2021>grawity
13:43<newbie2021>you around?
13:43<millisa>about to get on another call.
13:44<newbie2021>so ... i used iptables -t nat -I PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination internalip:port
13:44<newbie2021>and worked like a charm
13:44<newbie2021>now the port is opened public
13:45<millisa>sounds good and dangerous
13:45<newbie2021>in my case iptables -t nat -I PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0.2:80
13:46<newbie2021>yeah ..i get the part about the security
13:46<newbie2021>actually starting to have second thoughts :)))
13:46<newbie2021>in case i change my mind how do i "delete" these ?
13:46<millisa>unless you saved it, that won't survive a reboot
13:47-!-newbie2021-vpn [~oftc-webi@139-162-196-139.ip.linodeusercontent.com] has quit [Quit: Page closed]
13:47<newbie2021>just entered it in terminal
13:47<newbie2021>save it where
13:48<millisa>iptables -L --line-numbers <-- list rules with line numbers. delete a rule by line number: iptables -D INPUT 3 (assuming it's the input chain)
13:49<millisa>reference - https://www.linode.com/docs/guides/control-network-traffic-with-iptables/
13:49<warewolf>iptables -nxvL # what I always use
14:16-!-wasfa [~oftc-webi@39.35.18.239] has joined #linode
14:16-!-wasfa is "OFTC WebIRC Client" on #linode
14:16<wasfa>hello is there anyone contact me here?
14:17<wasfa>Hello
14:18-!-wasfa [~oftc-webi@39.35.18.239] has quit []
14:18<newbie2021> iptables -L --line-numbers Chain INPUT (policy ACCEPT) num target prot opt source destination Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) num target prot opt source destination
14:19<newbie2021>not sure where is the command i put for the port routing
14:20<LouWestin>!next
14:20<linbot>Another satisfied customer! NEXT!
14:21<linbot>New news from community: my linode account is not logging in? <https://www.linode.com/community/questions/22155>
14:21<newbie2021>and /etc/sysconfig/iptables there is no such file :)
14:22<LouWestin>Which distro are you using?
14:22<newbie2021>ubuntu 21.10
14:22<newbie2021>?
14:23<LouWestin>Let me see if I can find a guide
14:25<LouWestin>I think this one might help. https://www.linode.com/docs/guides/control-network-traffic-with-iptables/
14:31<newbie2021>so the rules are deleted at reboot
14:31<linbot>New news from status: Connectivity Issue - Frankfurt <https://status.linode.com/incidents/412j9bwl5ygx>
14:31<newbie2021>and i need to install persistance :)
14:34<LouWestin>Yes
14:34<LouWestin>That’s an easy way.
14:35-!-imdan [~root@2a02:2f0e:5704:3000:95c5:fff8:2f8b:b7a8] has quit [Remote host closed the connection]
14:35-!-imdan [~root@2a02:2f0e:5704:3000:afcc:c50c:74ab:6802] has joined #linode
14:35-!-imdan is "root" on #linode
14:51-!-anomie [~anomie@00018802.user.oftc.net] has quit [Ping timeout: 480 seconds]
14:59-!-anomie [~anomie@00018802.user.oftc.net] has joined #linode
14:59-!-anomie is "Anomie" on #linode
15:18-!-bencc1 [~bencc1@2a00:a040:197:3af:a6cd:c5de:d137:861e] has quit [Ping timeout: 480 seconds]
15:27-!-bencc1 [~bencc1@5.29.18.40] has joined #linode
15:27-!-bencc1 is "realname" on #gstreamer #linode
16:06-!-linville [~linville@rrcs-24-142-217-66.midsouth.biz.rr.com] has quit [Quit: Leaving]
16:30-!-bencc1 [~bencc1@5.29.18.40] has quit [Ping timeout: 480 seconds]
16:45-!-imdan [~root@2a02:2f0e:5704:3000:afcc:c50c:74ab:6802] has quit [Remote host closed the connection]
16:45-!-bencc1 [~bencc1@5.29.18.40] has joined #linode
16:45-!-bencc1 is "realname" on #gstreamer #linode
16:49-!-Ikaros [~ikaros@EP-F4EA-007C-AP.Wi-Fi.cust.Miku.himarinet.moe] has quit [Quit: Updating Bluetooth and Wi-Fi6 drivers, bbl]
16:58-!-Ikaros [~ikaros@EP-F4EA-007C-AP.Wi-Fi.cust.Miku.himarinet.moe] has joined #linode
16:58-!-Ikaros is "Ikaros" on #linode
17:06-!-Ikaros [~ikaros@EP-F4EA-007C-AP.Wi-Fi.cust.Miku.himarinet.moe] has quit [Quit: Reboot requested by 'NVIDIA Installer' [External DDE Call]]
17:08-!-Ikaros [~ikaros@EP-F4EA-007C-AP.Wi-Fi.cust.Miku.himarinet.moe] has joined #linode
17:08-!-Ikaros is "Ikaros" on #linode
17:09-!-jkc [~jkc@0002bd8a.user.oftc.net] has joined #linode
17:09-!-jkc is "jkc" on #linode #debian
17:13-!-newbie2021 [~oftc-webi@5-14-194-141.residential.rdsnet.ro] has quit [Quit: Page closed]
17:51-!-anomie [~anomie@00018802.user.oftc.net] has quit [Quit: Leaving]
18:01-!-g0t_ [~username@cpezg-94-253-144-79-cbl.xnet.hr] has quit [Ping timeout: 480 seconds]
18:11<Peng>Does the Linode office have a machine to make money rain from the ceilings on the first of every month?
18:15<dwfreed>If they don't, they should
18:16<dwfreed>They do work out of a bank, after all
18:17<Peng>An old bank! I wouldn't want to sit near a mechanical money cannon built in the 1920s.
18:18<Peng>I'm imagining like a t-shirt cannon but steampunk and probably dangerous
18:18<dwfreed>haha
18:35<LouWestin>Is the main office an old bank?
18:35<dwfreed>yes
18:35<LouWestin>interesting
18:35<dwfreed>LouWestin: https://www.inquirer.com/philly/columnists/inga_saffron/real-world-philadelphia-mtv-linode-20180504.html
18:37<LouWestin>I love reader view. You have reached your maximum viewing for this month. Me: No I haven't
18:47<Nivex>I wonder how long until they figure out how to evade that. It's an arms race.
18:49<LouWestin>Some sites do already. They basically hide the article
18:53-!-thelounge91 [~nb_@nb.zone] has joined #linode
18:53-!-thelounge91 is "The Lounge User" on #linode
18:59-!-Guest6315 [~nb_@nb.zone] has quit [Ping timeout: 480 seconds]
19:22-!-Redentor [~armando@2806:1000:8004:bf3d:8fd6:73fa:d2a3:7108] has quit []
20:01-!-recsyslabs [~oftc-webi@2601:ca:8280:240:d8f1:34c1:2328:1b28] has quit [Quit: Page closed]
20:08-!-Zr40 [~zr40@000128ef.user.oftc.net] has quit [Read error: Connection reset by peer]
20:09-!-Zr40 [~zr40@000128ef.user.oftc.net] has joined #linode
20:09-!-Zr40 is "Zr40" on #debian-next #linode #debian
20:17<Nivex>Don't worry, soon you'll be able to pay to read the article on the blockchain with web3! *mops up the dripping sarcasm*
21:58<LouWestin>Has web 3 come yet? lol
23:08-!-CodeMouse92 [~CodeMouse@00025241.user.oftc.net] has quit [Quit: Oh freddled gruntbuggly | Thy micturations are to me | As plurdled gabbleblotchits | On a lurgid bee]
23:08-!-Redentor [~armando@2806:1000:8004:bf3d:8fd6:73fa:d2a3:7108] has joined #linode
23:08-!-Redentor is "realname" on #linode #debian-next #debian-mx #debian
23:20-!-fstd_ [~fstd@xdsl-81-173-139-70.nc.de] has joined #linode
23:20-!-fstd_ is "fstd" on #gentoo #oftc #linode #debian #kernelnewbies
23:28-!-fstd [~fstd@xdsl-87-79-98-69.nc.de] has quit [Ping timeout: 480 seconds]
23:31-!-Dan [~oftc-webi@130.105.160.189] has joined #linode
23:31-!-Dan is "OFTC WebIRC Client" on #linode
23:31<Dan>hello?
23:31<linbot>hi
23:31<linbot>Dan: If you have a question, feel free to just ask it -- someone's always willing to help. If you don't get a response right away, be patient! You may want to read http://alexfornuto.com/how-to-ask-for-help-on-irc/
23:31-!-Dan [~oftc-webi@130.105.160.189] has quit [Remote host closed the connection]
23:31<dwfreed>!next
23:31<linbot>Another satisfied customer! NEXT!
23:37-!-JosGCS [~oftc-webi@ip189-216-50-179.ct.co.cr] has joined #linode
23:37-!-JosGCS is "OFTC WebIRC Client" on #linode
23:38-!-JosGCS [~oftc-webi@ip189-216-50-179.ct.co.cr] has quit [Remote host closed the connection]
---Logclosed Thu Dec 02 00:00:28 2021