IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#dev
/2021/12/29
~R4SAS
~acetone
~orignal
~villain
&N00B
+relaybot
AreEnn
DUHOVKIN_
Guest7184
Komap-
Most2
Nausicaa
Nikat
Ruskoye_911
Vort
Xeha
anon3
b3t4f4c3
fidoid
nemiga
not_bob_afk
onon
plap
poriori
profetikla
qend
segfault
soos
teeth
tetrimer_
uis
un
unlike
user
weko
whothefuckami
RedFox Подскажите irc.ilita.i2p тоже лежит? Не могу подключиться.
R4SAS а хз
R4SAS я вижу что линк есть
R4SAS а вот всех повыкидывало
RedFox У меня не подключается
RedFox Подключился к irc.acetone.ygg
R4SAS сейчас попробую проверить
R4SAS если вспомню где ирк лежит
R4SAS что то не то там с машиной
R4SAS не отвечает
RedFox И еще вопрос. В i2p.conf установлено bandwidth = 1024 а полоса занята около 6 мегабит
R4SAS это ставит флаг P котроый на 2048
R4SAS но 6 мбит -
R4SAS это примерно 800, не?
R4SAS 1024 KB/s
R4SAS вроде логика там в байтах
R4SAS не битах
R4SAS ну
RedFox То есть ограничение не работает?
R4SAS работает
R4SAS посмотри в скрытых данных какие флаги стоят
RedFox 1024 это килобит или килобайт?
R4SAS КБайт
R4SAS смотри в доки
R4SAS L limit bandwidth to 32KBs/sec, O - to 256KBs/sec, P - to 2048KBs/sec,
R4SAS у тебя стоит 1024
RedFox Ок, понял
R4SAS флаг по лимиту выше ставится - 2048
RedFox Я считал в килобитах и делил на 8
R4SAS а фактически лимитируется на 1024
R4SAS тогда ставь 128
R4SAS поставится флаг O
R4SAS блять, кто написал KBs/sec
R4SAS оторвать руки ему
R4SAS такс... видимо надо илиту зазеркалить
R4SAS ужс как машина там лагает
acetone KB per second per second, R4SAS
acetone по двум таймерам замеряли, чтобы наверняка)))
exokientic are we pack>
exokientic Xeha> iptables -A FORWARD -i ${WAN} -o ${LAN} -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
exokientic okay, accept: established, related, untracked
exokientic fucking 10 firewall rules in this mikrotik's filter list/ "ip-table"
exokientic so I disabled everything except for that one
exokientic Which it did have
exokientic I have two of those rules, one for the "input" chain, and another with the exact same flags, except that its for the "forward" chain
exokientic I am keeping both of those enabled...
exokientic Xeha> iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE
exokientic nat function -check, "postrouting" chain -check, WAN out interface -check, action = 'masquerade' -check
exokientic I have my NAT masquerade rule set exactly like that
exokientic going to let things run for a few days and see if my web-console stop complaining about firewalled/ symmetric NAT
exokientic this thing "should" work like -any- linux based NAT device >.<
exokientic so, with my firewall rules 'slimmed' down to the very basics required for an NAT device, we will see how things go
exokientic one "possible" issue that might be left on the table related to mikrotik specific kernel implementation (from mikrotiks RouterOS documentation):
exokientic "Hosts behind a NAT-enabled router do not have true end-to-end connectivity. Therefore some Internet protocols might not work in scenarios with NAT. Services that require the initiation of TCP connection from outside the private network or stateless protocols such as UDP, can be disrupted. "
exokientic okay, I will agree with that...
exokientic "To overcome these limitations RouterOS includes a number of so-called NAT helpers, that enable NAT traversal for various protocols. When action=srcnat is used instead, connection tracking entries remain and connections can simply resume."
exokientic okay... NAT helpers...???
exokientic so, when action=src-nat it is STILL performing what is defined as a masquerade
exokientic but, using the "STANDARD" masquerade (action=src-nat), when your dynamically assigns WAN IP changes, you have to wait for each currently open link to fail, and then it will initiate a new link using the newly assigned WAN IP
exokientic this -can- sometimes results in connection issues with some types of services (*cough* VoIP *cough*)
exokientic in mikrotik land
exokientic when you choose action = masquerade
exokientic you get a "special" kind of mikrotik masquerade
exokientic that includes "NAT helpers"
exokientic furthermore they elaborate:
exokientic "Though Source NAT and masquerading perform the same fundamental function: mapping one address space into another one, the details differ slightly. Most noticeably, masquerading chooses the source IP address for the outbound packet from the IP bound to the interface through which the packet will exit."
exokientic Now, after reading that sentence like 50 times, I still dont quite understand it, lol
exokientic but, it seems in OpenWRT land, there are similar "connection helpers"
exokientic If I look at the 'postrouting WAN masquerade' rule in the defualt OpenWRT firewall, and tab over to the 'Conntrack Settings' tab, I see that the radio flag for "automatic helper assignment" is checked by defualt
exokientic it has some basic descriptive text:
exokientic "Automatically assign conntrack helpers based on traffic protocol and port"
exokientic sounds alot like mikrotiks NAT-helpers...
exokientic I have a strong suspicion one of the 'drop' rules in the defualt mikrotik firewall table was eating some i2pd packets
exokientic first one was; chain=input connection state=invalid action=drop
exokientic 'drop all invalid input connections'
exokientic Iam not entirely sure what defines a connection as invalid...
exokientic next drop rules
exokientic chain=input in-interface=!LAN action=drop
exokientic !LAN means: anything -other than- LAN
exokientic "drop all not coming from LAN"
exokientic I'm not sure I get the reasoning behind such a rule...
exokientic next drop rule
exokientic chain=forward connection-state=invalid action=drop
exokientic so, same as the first 'drop invalid' ruled, except this one applies to the forward chain as opposed to the input chain
exokientic and, last drop rule:
exokientic chain=forward in-interface=WAN connection-state=new nat-state=dnat action=drop
exokientic "drop all from WAN not DNATed"
exokientic so, essentially, any packet from the WAN that has made it past all the rules (this rule is the last one in the list), and is still looking for someplace to go, will get dropped -unless- it is tagged for dnating
exokientic both drop invalid rules (input and forward) had 10's of thousands of packets attributed to them
exokientic if those were i2p traffic packets, well, that explains the "firewalled" state
exokientic drop all not coming from LAN (input chain) has just about 1 million packets attributed to it
exokientic same deal, if any of that was i2p traffic, well, theres your problem...
exokientic bottom of the list, drop all from WAM not dnated, counter= 0
exokientic so obviousy that wasnt contributing to the issue.... nor does it seem necesary
R4SAS thats why you need to switch to WRT ASAP
exokientic from mikrotik docs:
exokientic "INVALID - The INVALID state means that the packet can't be identified or that it does not have any state. It is suggested to DROP everything in this state;"
exokientic I mean... I am still flashing this thing with wrt
exokientic but its a little difficult to "admit defeat" !
exokientic I am fairly certain its "fixed now"
exokientic okay.... ASUS router running OpenWRT plugged back in :D
exokientic time to get dirty with this mikrotik
xadmpp orignal: я вот задался вопросом. irc ilita полность принадлежит команде i2pd за исключением ноды ацетона? только после сообщения "everyone who connected via irc.ilita.i2p: I'll shut down my mirroring destination, in 10 minutes you'll be reconnected to orignal's" я задумался и понял, что твоей ноды я не видел след-но irc.ilita.i2p
xadmpp твоя.
orignal ну а в чем мысль?
orignal irc.ilita.i2p разумеется моя
orignal вчера была проблема с нодой у впс
orignal R4SAS переадресовал этот тоннель на себя
orignal то есть фактически irc.ilita.i2p стал идентичен irc.r4sas.i2p
orignal счас впс починили и вернули обратно
xadmpp понял. смысл просто за все время решил задаться вопросом кому все же принадлежит илита)
orignal и ilita.i2p моя
xadmpp а кто у сети сервисный узел. это по идеи просто отдельный сервак с бд.
orignal у R4SAS-а
orignal nickserv и chanserv
xadmpp ну это просто отдельная нода, да, orignal? ну не сам ретранслятор сообщений как irc.ilita.i2p и два других.
orignal нет он на irc.r4sas.i2p сидит
xadmpp понятно. пересмотрел видео ацетана про ирку и только щяс задался вопросом как это работает.
xadmpp *ацетона
optic hi !
zzz hello
HidUser0 optic: hi
R4SAS блин, опять трехбукву выкинуло
xadmpp R4SAS: ты же опер. пропиши "/msg HostServ ACTIVATE xadmpp" хочу глянуть как это работает(hostserv)
R4SAS ща
xadmpp о, работает
R4SAS угу
R4SAS возможно как то и без аппрува можно сделать,не изучал
R4SAS -!- villain [villain@jesus.was.a.communist]
xadmpp это, похоже, по дефолту аппрув т.к. на другом сервере точно также надо подтверждать
R4SAS обнаружилось что он тоже делал запрос, но не говорил о этом
R4SAS самое забавное - дата создания: Jul 03 11:09:25 2017 UTC
xadmpp давненько
R4SAS можно попробовать переключить на работу без подтверждения
xadmpp R4SAS: OFFER allows you to offer a list of vHosts to the users of your network that they can accept at will without needing an oper to set the vHost. digitalirc.org/wiki/services/hostserv
R4SAS весьма возможно
R4SAS Now postman's irc didn't return leaseset
user_ygg2 Guys and devs from i2p-java, when irc postamn server will work again? Thnx for answer
R4SAS no one know
user_ygg2 ok, thx. That's sh.t
orignal HidUser0 у тебя LinkShow через сокс работает?
HidUser0 я вот тоже удивился, т.к. через http
R4SAS а юзер аген чего стоит?
R4SAS вот тут тебя за задницу и ловит
orignal а почему zzz.i2p отлуп дает?
HidUser0 R4SAS: так юзер агент чистится же
R4SAS значит какой то хедер лишний шлется
orignal я думаю там надо как в http прокси
orignal MYOB 6.66 типа того
R4SAS так прокся должна сама менять
HidUser0 чуть позже посмотрю, какие еще хедеры отправляет
orignal значит у него таки сокс
orignal либо банит по b32
exokientic goooooooood morning i2pd
exokientic openWRT flashed onto this mikrotik router
exokientic network status: firewalled
orignal ask your ISP then
exokientic whew, fixed it >.<
exokientic pointed the port forward rule to my i2pd computers ip
exokientic 2400 client tunnels
exokientic I "think" i2pd likes this router better...
orignal client or transit?
exokientic definitely client
exokientic ~700 transit tunnels
orignal what do you need 2400 client tuunnels for?
exokientic heya R4SAS; your OpenWRT install (MediaTek MT7621AT chipset)...
exokientic do you have a "switch" menu in your luci web console
exokientic i.e. do you have swconfig installed?
exokientic my isntall seems to be missing swconfig, which is odd considering the MediaTek MT7621AT does have a switch chip...
exokientic okay, furthe reading informs me that swconfig has been deprecated and is now replaced with DSA
exokientic 'distributed switch architecture'
exokientic interesting, my older ASUS openwrt (21.02.1) kernel included swconfig
exokientic bleep bloop
exokientic hahahaha
exokientic Мой русский немного ржавый, а?
Словесник-Былинник да.. вообще никак :)
exokientic next question :D
exokientic it looks like IPv6 is fully supported/ integrated in the OpenWRT (21.02.1)
exokientic what does the required ipv6 port forwarding rule look like for i2p(d) ipv6 traffic?