~R4SAS
~acetone
~orignal
~villain
&N00B
+relaybot
AreEnn
DUHOVKIN_
Guest7184
Komap-
Most2
Nausicaa
Nikat
Ruskoye_911
Vort
Xeha
anon3
b3t4f4c3
fidoid
nemiga
not_bob_afk
onon
plap
poriori
profetikla
qend
segfault
soos
teeth
tetrimer_
uis
un
unlike
user
weko
whothefuckami
RedFox
Подскажите irc.ilita.i2p тоже лежит? Не могу подключиться.
R4SAS
а хз
R4SAS
я вижу что линк есть
R4SAS
а вот всех повыкидывало
RedFox
У меня не подключается
RedFox
Подключился к irc.acetone.ygg
R4SAS
сейчас попробую проверить
R4SAS
если вспомню где ирк лежит
R4SAS
что то не то там с машиной
R4SAS
не отвечает
RedFox
И еще вопрос. В i2p.conf установлено bandwidth = 1024 а полоса занята около 6 мегабит
R4SAS
это ставит флаг P котроый на 2048
R4SAS
но 6 мбит -
R4SAS
это примерно 800, не?
R4SAS
1024 KB/s
R4SAS
вроде логика там в байтах
R4SAS
не битах
R4SAS
ну
RedFox
То есть ограничение не работает?
R4SAS
работает
R4SAS
посмотри в скрытых данных какие флаги стоят
RedFox
PR
RedFox
1024 это килобит или килобайт?
R4SAS
КБайт
RedFox
Аа
R4SAS
смотри в доки
R4SAS
L limit bandwidth to 32KBs/sec, O - to 256KBs/sec, P - to 2048KBs/sec,
R4SAS
у тебя стоит 1024
RedFox
Ок, понял
R4SAS
флаг по лимиту выше ставится - 2048
RedFox
Я считал в килобитах и делил на 8
R4SAS
а фактически лимитируется на 1024
R4SAS
тогда ставь 128
R4SAS
поставится флаг O
RedFox
Ок
R4SAS
блять, кто написал KBs/sec
R4SAS
оторвать руки ему
R4SAS
такс... видимо надо илиту зазеркалить
R4SAS
ужс как машина там лагает
acetone
KB per second per second, R4SAS
acetone
по двум таймерам замеряли, чтобы наверняка)))
exokientic
are we pack>
exokientic
back*
exokientic
Xeha> iptables -A FORWARD -i ${WAN} -o ${LAN} -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
exokientic
okay, accept: established, related, untracked
exokientic
fucking 10 firewall rules in this mikrotik's filter list/ "ip-table"
exokientic
so I disabled everything except for that one
exokientic
Which it did have
exokientic
I have two of those rules, one for the "input" chain, and another with the exact same flags, except that its for the "forward" chain
exokientic
I am keeping both of those enabled...
exokientic
then;
exokientic
Xeha> iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE
exokientic
okay;
exokientic
nat function -check, "postrouting" chain -check, WAN out interface -check, action = 'masquerade' -check
exokientic
I have my NAT masquerade rule set exactly like that
exokientic
going to let things run for a few days and see if my web-console stop complaining about firewalled/ symmetric NAT
exokientic
this thing "should" work like -any- linux based NAT device >.<
exokientic
so, with my firewall rules 'slimmed' down to the very basics required for an NAT device, we will see how things go
exokientic
one "possible" issue that might be left on the table related to mikrotik specific kernel implementation (from mikrotiks RouterOS documentation):
exokientic
"Hosts behind a NAT-enabled router do not have true end-to-end connectivity. Therefore some Internet protocols might not work in scenarios with NAT. Services that require the initiation of TCP connection from outside the private network or stateless protocols such as UDP, can be disrupted. "
exokientic
okay, I will agree with that...
exokientic
next:
exokientic
"To overcome these limitations RouterOS includes a number of so-called NAT helpers, that enable NAT traversal for various protocols. When action=srcnat is used instead, connection tracking entries remain and connections can simply resume."
exokientic
okay... NAT helpers...???
exokientic
so, when action=src-nat it is STILL performing what is defined as a masquerade
exokientic
but, using the "STANDARD" masquerade (action=src-nat), when your dynamically assigns WAN IP changes, you have to wait for each currently open link to fail, and then it will initiate a new link using the newly assigned WAN IP
exokientic
this -can- sometimes results in connection issues with some types of services (*cough* VoIP *cough*)
exokientic
in mikrotik land
exokientic
when you choose action = masquerade
exokientic
you get a "special" kind of mikrotik masquerade
exokientic
that includes "NAT helpers"
exokientic
furthermore they elaborate:
exokientic
"Though Source NAT and masquerading perform the same fundamental function: mapping one address space into another one, the details differ slightly. Most noticeably, masquerading chooses the source IP address for the outbound packet from the IP bound to the interface through which the packet will exit."
exokientic
Now, after reading that sentence like 50 times, I still dont quite understand it, lol
exokientic
but, it seems in OpenWRT land, there are similar "connection helpers"
exokientic
If I look at the 'postrouting WAN masquerade' rule in the defualt OpenWRT firewall, and tab over to the 'Conntrack Settings' tab, I see that the radio flag for "automatic helper assignment" is checked by defualt
exokientic
it has some basic descriptive text:
exokientic
"Automatically assign conntrack helpers based on traffic protocol and port"
exokientic
sounds alot like mikrotiks NAT-helpers...
exokientic
I have a strong suspicion one of the 'drop' rules in the defualt mikrotik firewall table was eating some i2pd packets
exokientic
first one was; chain=input connection state=invalid action=drop
exokientic
'drop all invalid input connections'
exokientic
Iam not entirely sure what defines a connection as invalid...
exokientic
next drop rules
exokientic
chain=input in-interface=!LAN action=drop
exokientic
!LAN means: anything -other than- LAN
exokientic
"drop all not coming from LAN"
exokientic
I'm not sure I get the reasoning behind such a rule...
exokientic
next drop rule
exokientic
chain=forward connection-state=invalid action=drop
exokientic
so, same as the first 'drop invalid' ruled, except this one applies to the forward chain as opposed to the input chain
exokientic
and, last drop rule:
exokientic
chain=forward in-interface=WAN connection-state=new nat-state=dnat action=drop
exokientic
"drop all from WAN not DNATed"
exokientic
so, essentially, any packet from the WAN that has made it past all the rules (this rule is the last one in the list), and is still looking for someplace to go, will get dropped -unless- it is tagged for dnating
exokientic
both drop invalid rules (input and forward) had 10's of thousands of packets attributed to them
exokientic
if those were i2p traffic packets, well, that explains the "firewalled" state
exokientic
drop all not coming from LAN (input chain) has just about 1 million packets attributed to it
exokientic
same deal, if any of that was i2p traffic, well, theres your problem...
exokientic
bottom of the list, drop all from WAM not dnated, counter= 0
exokientic
so obviousy that wasnt contributing to the issue.... nor does it seem necesary
R4SAS
thats why you need to switch to WRT ASAP
R4SAS
)))
exokientic
;)
exokientic
from mikrotik docs:
exokientic
"INVALID - The INVALID state means that the packet can't be identified or that it does not have any state. It is suggested to DROP everything in this state;"
exokientic
:O
exokientic
I mean... I am still flashing this thing with wrt
exokientic
but its a little difficult to "admit defeat" !
exokientic
I am fairly certain its "fixed now"
exokientic
okay.... ASUS router running OpenWRT plugged back in :D
exokientic
time to get dirty with this mikrotik
xadmpp
orignal: я вот задался вопросом. irc ilita полность принадлежит команде i2pd за исключением ноды ацетона? только после сообщения "everyone who connected via irc.ilita.i2p: I'll shut down my mirroring destination, in 10 minutes you'll be reconnected to orignal's" я задумался и понял, что твоей ноды я не видел след-но irc.ilita.i2p
xadmpp
твоя.
orignal
ну а в чем мысль?
orignal
irc.ilita.i2p разумеется моя
orignal
вчера была проблема с нодой у впс
orignal
R4SAS переадресовал этот тоннель на себя
orignal
то есть фактически irc.ilita.i2p стал идентичен irc.r4sas.i2p
orignal
счас впс починили и вернули обратно
xadmpp
понял. смысл просто за все время решил задаться вопросом кому все же принадлежит илита)
orignal
и ilita.i2p моя
xadmpp
а кто у сети сервисный узел. это по идеи просто отдельный сервак с бд.
orignal
у R4SAS-а
orignal
nickserv и chanserv
xadmpp
ну это просто отдельная нода, да, orignal? ну не сам ретранслятор сообщений как irc.ilita.i2p и два других.
orignal
нет он на irc.r4sas.i2p сидит
xadmpp
понятно. пересмотрел видео ацетана про ирку и только щяс задался вопросом как это работает.
xadmpp
*ацетона
optic
hi !
zzz
hello
HidUser0
optic: hi
R4SAS
блин, опять трехбукву выкинуло
xadmpp
R4SAS: ты же опер. пропиши "/msg HostServ ACTIVATE xadmpp" хочу глянуть как это работает(hostserv)
R4SAS
ща
xadmpp
о, работает
R4SAS
угу
R4SAS
возможно как то и без аппрува можно сделать,не изучал
R4SAS
-!- villain [villain@jesus.was.a.communist]
xadmpp
это, похоже, по дефолту аппрув т.к. на другом сервере точно также надо подтверждать
R4SAS
обнаружилось что он тоже делал запрос, но не говорил о этом
R4SAS
самое забавное - дата создания: Jul 03 11:09:25 2017 UTC
xadmpp
давненько
R4SAS
можно попробовать переключить на работу без подтверждения
xadmpp
R4SAS: OFFER allows you to offer a list of vHosts to the users of your network that they can accept at will without needing an oper to set the vHost. digitalirc.org/wiki/services/hostserv
R4SAS
весьма возможно
R4SAS
Now postman's irc didn't return leaseset
user_ygg2
Guys and devs from i2p-java, when irc postamn server will work again? Thnx for answer
R4SAS
no one know
user_ygg2
ok, thx. That's sh.t
orignal
HidUser0 у тебя LinkShow через сокс работает?
HidUser0
я вот тоже удивился, т.к. через http
R4SAS
а юзер аген чего стоит?
R4SAS
вот тут тебя за задницу и ловит
orignal
а почему zzz.i2p отлуп дает?
HidUser0
R4SAS: так юзер агент чистится же
R4SAS
значит какой то хедер лишний шлется
orignal
я думаю там надо как в http прокси
orignal
MYOB 6.66 типа того
R4SAS
так прокся должна сама менять
HidUser0
чуть позже посмотрю, какие еще хедеры отправляет
orignal
значит у него таки сокс
orignal
либо банит по b32
exokientic
goooooooood morning i2pd
exokientic
openWRT flashed onto this mikrotik router
exokientic
:D
exokientic
rofl
exokientic
network status: firewalled
orignal
ask your ISP then
exokientic
whew, fixed it >.<
exokientic
pointed the port forward rule to my i2pd computers ip
exokientic
wow
exokientic
2400 client tunnels
exokientic
I "think" i2pd likes this router better...
orignal
client or transit?
exokientic
definitely client
exokientic
~700 transit tunnels
orignal
what do you need 2400 client tuunnels for?
exokientic
heya R4SAS; your OpenWRT install (MediaTek MT7621AT chipset)...
exokientic
do you have a "switch" menu in your luci web console
exokientic
i.e. do you have swconfig installed?
exokientic
my isntall seems to be missing swconfig, which is odd considering the MediaTek MT7621AT does have a switch chip...
exokientic
okay, furthe reading informs me that swconfig has been deprecated and is now replaced with DSA
exokientic
'distributed switch architecture'
exokientic
interesting, my older ASUS openwrt (21.02.1) kernel included swconfig
exokientic
bleep bloop
Словесник-Былинник
go back to en channel
exokientic
hahahaha
exokientic
Мой русский немного ржавый, а?
Словесник-Былинник
да.. вообще никак :)
exokientic
next question :D
exokientic
it looks like IPv6 is fully supported/ integrated in the OpenWRT (21.02.1)
exokientic
what does the required ipv6 port forwarding rule look like for i2p(d) ipv6 traffic?