#soylent | Logs for 2023-04-15
« return
[02:21:09] -!- AzumaHazuki [AzumaHazuki!~hazuki@the.end.of.time] has joined #soylent
[05:15:50] -!- AzumaHazuki has quit [Remote host closed the connection]
[07:39:17] -!- systemd has quit [Ping timeout: 256 seconds]
[07:39:51] -!- chromas has quit [Ping timeout: 256 seconds]
[07:40:49] -!- chromas [chromas!~chromas@Soylent/Staph/Infector/chromas] has joined #soylent
[07:40:49] -!- mode/#soylent [+v chromas] by Imogen
[07:46:25] <chromas> I'm running a box with opnsense for my router. earlier it decided that instead of hairpinning my public ip, it mapped to the firewall interface for awhile, causing all kinds of cert errors
[07:46:28] <chromas> now it rebooted itself
[07:47:00] <chromas> fortunately the logs are all empty
[07:47:25] <chromas> probably Russian haxx
[07:47:41] <chromas> or whatever the current thing is. Elon Musk's GPT5
[07:54:09] <fab23> chromas: hm, so you mean the public IP from WAN was available on the LAN?
[07:54:21] <fab23> chromas: or how should I understand this?
[07:55:07] <chromas> normally if I hit up my public ip from the lan, then it loops back to my little server on the lan
[07:55:10] <fab23> I do have/had multiple OPNsense in operations, even in HA mode in company networks, never had something like this.
[07:55:33] <chromas> but for a bit, it was redirecting to the opensense box itself, so in the web browser, I would get the admin page
[07:55:48] <fab23> chromas: from external yes, but from inside through NAT connecting to the public IP usualy does not work
[07:56:25] <fab23> ah, strange
[07:57:01] <fab23> but on default the admin page is not (should not be) available to the outside
[07:58:39] <fab23> the best is to overwrite the dns response for your server in the resolver, to give out the internal ip instead of the public
[08:00:38] <fab23> if you are using unbound on the OPNsense, it is in Services / Unbound DNS / Overrides :)
[08:00:49] -!- chromas has quit [Ping timeout: 256 seconds]
[08:01:15] -!- chromas [chromas!~chromas@Soylent/Staph/Infector/chromas] has joined #soylent
[08:01:15] -!- mode/#soylent [+v chromas] by Imogen
[08:02:07] <fab23> chromas: I guess you missed most of my answers?
[08:02:41] <chromas> yeah. I forgot I had it doing updates, so it just rebooted again
[08:02:43] <chromas> the previous reboot was all on its own
[08:02:47] <chromas> last message I saw was "chromas: from external yes, but "
[08:02:52] <chromas> though I could go read the Loggie logs
[08:03:14] <fab23> but on default the admin page is not (should not be) available to the outside
[08:03:22] <chromas> so anyhow, I have hairpinning/reflection turned on, so hitting the pubic ip from wan side redirects the connection back into the lan
[08:03:35] <fab23> the best is to overwrite the dns response for your server in the resolver, to give out the internal ip instead of the public
[08:03:41] <fab23> if you are using unbound on the OPNsense, it is in Services / Unbound DNS / Overrides :)
[08:03:48] <chromas> but for a little while there, hitting the public ip from the lan side mapped to the router itself
[08:04:38] <chromas> then I heard a quiet beep, then all the internets went down and I figured out it rebooted itself for no apparent reason
[08:05:32] <fab23> chromas: usually connecting from inside through NAT to the public IP does not really work, but I have no idea what OPNsense does in that case, I have never used them so far to redirecto to a webserver on the inside
[08:06:12] <janrinok> my computer is doing a large download and suggests I go and have a coffee. So I will...... afk10
[08:06:12] <chromas> yeah it's an option, and it works for me, except for like 10 minutes when it was being weird
[08:06:16] <fab23> as mention, the best would be to override the dns answer and use directly the internal ip
[08:07:04] <fab23> chromas: thats really strange yes, was the box doing updates?
[08:07:12] <chromas> no
[08:07:46] <chromas> but after that, I went into it, saw the logs only showed the current boot, then I did have it update. That was the most recent time I disconnected
[08:09:01] <fab23> hm, I would mark that as an one time error, if you do not see it again, problem solved.
[08:10:47] <chromas> I should get one of those banana pis to run it
[08:15:49] <chromas> hopefully I don't have russians in there looking for ukraine
[08:17:22] <fab23> chromas: I recommend to subscribe to this (can even send emails) https://forum.opnsense.org
[08:18:06] <fab23> chromas: and I also have created a cron job for doing minor updates, so only the major I have to do manually
[08:20:38] <fab23> chromas: in System / Settings / Cron and "Automatic firmware update" is available as command
[08:26:31] <fab23> chromas: I don't think that anybody has tried to break into your system
[08:26:51] <chromas> That's just what they want me to believe!
[08:27:07] <fab23> /o\
[08:29:11] <janrinok> I'm ordering some more tinfoil just in case.....
[08:29:55] <chromas> oh yeah? they don't even sell tinfoil anymore! gotta get that government-approved aluminum foil
[08:30:16] <chromas> as americans, we're less selfish, so we have less I in out aluminum
[08:32:19] <fab23> I would enhance it with a layer of lead, just to be sure :)
[08:33:20] <janrinok> you must think I am stupid - how silly would I look with a lead-foil hat!?
[08:33:55] <fab23> janrinok: you can hide it below the tinfoil
[08:33:55] <chromas> how do you know what I'm thinking? You see? With real tinfoil my thoughts wouldn't even be escaping!
[08:36:01] <janrinok> tinfoil, leadfoil and a colander - it is all getting a bit too much
[08:36:24] <janrinok> Mind you, the blond wig hides most of it
[08:36:50] <fab23> \o/
[09:07:43] -!- systemd [systemd!~systemd@487-532-424-912.res.spectrum.com] has joined #soylent
[09:07:43] -!- systemd has quit [Changing host]
[09:07:43] -!- systemd [systemd!~systemd@pid1] has joined #soylent
[10:30:53] -!- norayr [norayr!~norayr@37.252.sq.ypj] has parted #soylent
[11:10:05] -!- Runaway1956 has quit [Ping timeout: 256 seconds]
[11:12:13] -!- Runaway1956 [Runaway1956!~some@the.abyss.stares.back] has joined #soylent
[14:24:50] -!- AzumaHazuki [AzumaHazuki!~hazuki@the.end.of.time] has joined #soylent
[15:25:17] -!- AzumaHazuki has quit [Remote host closed the connection]
[19:16:19] -!- norayr [norayr!~norayr@37.252.sq.ypj] has joined #soylent
[20:14:09] -!- Tekk_ [Tekk_!~tekk@146.70.rly.vln] has joined #soylent
[20:16:55] -!- Tekk has quit [Ping timeout: 256 seconds]
[23:12:01] <Bytram> Can you keep a beat as well as this? I sure can't! ( https://youtu.be )
[23:12:03] <systemd> ^ �03best drumline video ever amazing ( https://www.youtube.com )�
[23:19:32] <Bytram> .
[23:20:51] <Bytram> On a lighter now, get a load of this gymnastics performance ( https://youtu.be )
[23:20:54] <systemd> ^ �031988 Paul Hunt gymnastics comedy floor exercise ( https://www.youtube.com )�
[23:22:05] <Bytram> s/now/note/ (Ooops!)
[23:40:07] <Bytram> .
[23:41:35] <Bytram> ( https://www.youtube.com ) ( https://www.youtube.com ) ( https://youtu.be _
[23:41:37] <systemd> ^ �03Victor Borge�
[23:41:39] <systemd> ^ �03Victor Borge - His Greatest Piano Jokes�
[23:41:41] <systemd> ^ �03Victor Borge ( https://www.youtube.com )�
[23:42:11] <Bytram> .
[23:43:01] <Bytram> I added those in just for fun ;^)