@Pete-S said in Can I use the first IP in a subnet, for instance 192.168.0.0?:

OK, I did some more research and made some test. I believe most people got this one wrong and for reasons that are historical.

Assume we have the network 192.168.1.0/24.
Subnet mask 255.255.255.0. The address range is 192.168.1.0 to 192.168.1.255.

192.168.1.0 is a valid host IP - contrary to what most people believe.
192.168.1.255 is reserved for directed broadcast.

Why?

An IP like 192.168.1.0 used to be excluded from use by a host in the past. This was obsoleted in conjunction with the introduction of classless subnets, CIDR. Mentioned in 1995, RFC 1878, which also obsoleted something related, which was the exclusion of certain subnets called subnet zero and the all-ones subnet.

In the past IPs like 192.168.1.0 has also been used as a broadcast address but that practice is also obsolete. RFC 1812 (also 1995) states that 192.168.1.255 should be used for directed broadcast in the 192.168.1.0/24 network and that 192.168.1.0 is forbidden to use for that purpose.

Problem when something becomes obsolete is that you still have old equipment, old protocols and old habits in use. So it takes many years before you can actually stop doing certain things that were needed in the past.

To test the state of things today I spun up some VMs. I used 172.16.0.0/24 as my network.

No problem setting 172.16.0.0 as IP address on CentOS or Debian for example. Everything works as you would expect.
centos_network_addr.png

You could however see some remnants of the past, like this:
broadcast_ping.png
As mentioned above, it was a long time since that was considered a broadcast address.

Windows 7 was however another story. You can't enter 172.16.0.0 as a valid IP address in network settings. But you can do it on the command line with netsh. And then it shows up as expected. Network works as expected too.
win7_network_addr.png

So all in all, it is technically OK to use the first IP as an host IP. It's not reserved anymore and hasn't been for more than two decades. Protocols that used that IP for broadcast or reserved for the network address are not in use anymore.

The biggest risk is probably to run into applications where they on purpose don't allow you to enter a specific "invalid" IP address.

That said, it would probably be very confusing for most people.

I would assume in a /24 network to not use x.x.x.0 when there are other networks, but in a bigger network, perfectly fine since it's inside the network range.

@mroth911 said in Routing port 80:

So is there any services that I can use, or do I have to build a server? or what can I do to simplify the process.

An external service can't help because you need to direct the traffic once inside your LAN. You just need a reverse proxy, like Nginx, running somewhere and all port 80 pointing to that, and it in turn pointing to the internal resources. So it can be a dedicated server or shared with some other task.

Update: this is what I ended up with.
Route based VPN using this guide as a template.

Master site: 1x ER 12 + 1x ER 4
Sites A, B, C & D :1x ER4 each location
Colo: 1x ER4 & 1x pfSense (SM x10SDV-TLN4F+)

Well, it looks that it is actually FreePBX as part of the problem again with some stupid cron jobs.

And there is an issues with Moodle but I think that is more of an authentication issue and not actually a spam issue.

@WLS-ITGuy

Look good to me .

If you need to send emails from the box itself you need to open additional, but usually you rely on third party services for that like SMTP2GO or SendGrid and for that you dont need to open any additional ports.

I used to firewall port SSH but then i was like I would like to work on machines from anywhere, so I just enable strong SSH auth based security.

However both approaches will work, the thing is imagine if you want to connect on that machine on emergency, you have to go to the 74 IP or vpn to it.

@wrx7m said in IOPS for SSD?:

@travisdh1 said in IOPS for SSD?:

@wrx7m said in IOPS for SSD?:

@Pete-S They dropped the price to 1061.24 since I posted. lol Interesting. Yes, but that is a max of 12 nvme. I may have misunderstood that option with 8 SAS/SATA. I am guessing that the max of 12 would allow for more SAS/SATA, although it doesn't mention it. My issue was also with the available drive capacities and cost per TB for spinning disks in the 2.5" spec.

Yeah, especially direct from the OEM. Have you thought about buying the storage from xByte instead?

Are their drives brand new? I did price out a server with specs as similar to Dell's as possible and it was only off by a couple grand.

IMHO, I consider their drives are 99.9% brand new as its possible an OEM install was done on the drive or something like that. Plus testing of the drive by the OEM and xByte.

Their hardware is manufacturer refurbished, not used. Big difference.

If you can get a Dell ProSupport (w/w-out) Plus 7 year warranty on the server with the drives from xByte, it doesn't really matter if they are new or not. They are under warranty for 7 years and you have no worries.

@Skyetel said in VOIP.ms more secure:

SIP Trunking by IP is so much better than registration, we don't even allow you to register.

About a year ago, a customer came to us from one of our competitors that used SIP Registration. A hacker broke into his PBX, and instead of relaying all the calls through his PBX like they normally do, they got his SIP Trunking username & password for his carrier. They then proceeded to register half a dozen systems and burned through tens of thousands of dollars before the carrier realized something was wrong. They then forced him to pay the bill (which is why he quickly looked to move away to us).

I can rant all day about the pitfalls of SIP Registration, but I shall refrain 😛

Multiple failures in the scenario you listed. Anyone of those failures being not there would’ve made the entire thing not a problem.

@WrCombs said in How to Stop an Ongoing RAID Rebuild HP P420i RAID Controller:

we use Intel Rapid Storage - CTL +I on Boot gets you there? - Disclaimer I may be thinking of Software RAID rather than Hardware RAID - but It may be worth a shot to try..

Yeah, Intel Rapid Storage is the most prominent example of Fake RAID. So it is software.

@black3dynamite said in Ubuntu Updates to 19.10:

@Emad-R It's all great having numbers and visual aid to show results but will you really notice the difference when using Ubuntu compare Debian, assuming you are using the same desktop environment?

That's the tough comparison. Ubuntu has more features and a different desktop. I specifically like Ubuntu's desktop. So going to Debian I'd likely modify it to the point of being Ubuntu, lol.

@Pete-S said in MailCow Command Line Reference:

@scottalanmiller said in MailCow Command Line Reference:

@Dashrender said in MailCow Command Line Reference:

@Pete-S said in MailCow Command Line Reference:

If you don't intend to use the webinterface then what purpose does mailcow have?

You could just install dovecot, postfix etc for email and sogo for calendar and have the same thing without the middle man. I bet you have to tweak config files even with mailcow.

I'm assuming Scott is asking about management stuff - he wants to script that stuff, not GUI manage it.

Right. GUI is fine for low capacity sites. But we are looking at two use cases both in the 10K+ range.

But mailcow doesn't add any functionality that the original packages don't already have. It's just a wrapper. Is it not?

Mostly. But it is handling the testing and integration of the components, which is the hard bit. It's actually doing a fair amount of work. I've built an extremely similar system in the past and the effort was quite large for just the "wrapper" bits that they are doing 😉

And the central API is a huge deal.

@dbeato said in Can't move Stream_Autocomplete.:

I have used the Nk2edit And you can push it to the Office Cloud Autocomplete from an NK2 or the Stream file. However when Nk2edit can’t read a file it is usually corrupted and you need a previous version of the file.

The current file is usable under the in house exchange,, and I have restored a few versions from backup.. Still no luck.. I may just be SOL.

@Obsolesce said in City of Munich Moving to Closed Source Software:

It looks like the whole issue was due to their use of some weird distro years ago.

That article technically doesn't say why they need Windows now, so for all I know they have some new weird requirements I don't know about, but assuming they don't, I think the decision to go to Windows is a horrible idea. They'd be much better off going to Ubuntu instead.

Yes I upvoted a post about how Ubuntu would be better than an alternative. Please no heart attacks people.

@JaredBusch said in Automatically running chocolatey upgrades:

How do various people do this?

Re: Next steps with SaltStack

@marcinozga said in Next steps with SaltStack:

Not salt, but I used https://chocolatey.org/packages/choco-upgrade-all-at which creates the same task, that runs choco upgrade all -y. If salt is using windows task scheduler, then it should just work.

Does that run as the admin account? Users have no rights to run this.

Running the choco install command requires local admin rights - so I assumed either - it ran as system OR it would ask for the creds of the current admin user being used to run the installer.

Clearly you found that it runs as system.

@JaredBusch

Hi

Play with this :

https://docs.saltstack.com/en/latest/ref/states/all/salt.states.win_lgpo.html

If you have windows minions and set it to run every 30/60/90 mins, and BAM you have AD without MS BS

While you can use salt grains to target OSes, I like to diffrentiate them with good naming system:

WIN.001
LIN.001
SRV.001

You might ask how to differentiate between windows SRV and Linux SRV, well frankly my dear i dont give damn, and i dont run Windows servers.

@colejame115 said in ZFS Planning with Heterogeneous Gear:

@scottalanmiller
The reason I was mixing md raid and ZFS was I didn’t think ZFS allowed other ZFS devices to be used under a vdev. To accomplish this, would one need multiple zpools ?

MD RAID can definitely do layers upon layers. But ZFS does this, it's how ZFS does RAID 10, for example, or RAID 60.

https://www.cyberciti.biz/faq/how-to-create-raid-10-striped-mirror-vdev-zpool-on-ubuntu-linux/

@black3dynamite said in Using unison instead of rsync?:

The author, Elliot Cooper says that unison is able to backup new files extremely rapidly compare to rsync

Under certain situations. They each is more performant at different times.

@JaredBusch said in MS SQL Express cannot create compressed backups:

@scottalanmiller said in MS SQL Express cannot create compressed backups:

Would not have expected that.

It is not a game breaker. The DB is only 1.2GB, but out of habit, i always compress backups with the native tools.

This time I have to compress it after the fact. not a huge deal. Just annoying.

Yeah, it's Express. Just seems like an odd feature to remove there. Definitely not a big deal, you can compress manually later.

Just wanted to report back say this little switch was the perfect item for my need. It has been installed for over a month now and I have been very pleased with it. Not that it is doing anything special, it just does its job!

We are using it indoor and we mounted its own little bracket to a single gang wall plate, then installed the wall plate, then attached the switch to its bracket. It makes for a clean install where there once was an ethernet wall jack.

Everything about it is Unifi, so if you are familiar with the Unifi System, this runs like any other Unifi switch.

@Pete-S said in Comparing Server CPU Capabilities?:

@wrx7m said in Comparing Server CPU Capabilities?:

... And I don't have to run a Windows server for vCenter server or upgrade manager anymore.

I haven't played around with VMware much. How does it work with vCenter? Does run in a VM on each hypervisor or completely separate from the hypervisors?

It is a virtual appliance. You can upgrade and migrate from an existing Windows version. You can run it on a single server.

@Pete-S said in Laptop setup - multiple monitors, etc - suggestions?:

@Dashrender said in Laptop setup - multiple monitors, etc - suggestions?:

@Pete-S said in Laptop setup - multiple monitors, etc - suggestions?:

Keep in mind that you're using displayport you can run several monitors off one output.

I know this, when I first deployed some HP mini desktop machines, they only had one DP port, but I needed to drive two monitors. This was a new setup, so I had to buy everything. I purchased two DP monitors, and had to buy a DP splitter (if you will) that provided two video outputs. I tried to purchase one again, and DAMN they are crazy expensive.

I need to look into DP monitors that have a second port designed for daisy chaining... something I might do for this project.

Another option is to just look into getting a larger monitor. 2 x 22" is not a huge amount of screen estate.

You could for instance go with a 34" 21:9 like Samsung. Or just go with something bigger like a 40" 16:9 4K.

LOL - do you know the price difference between those? We go from say $320 for two monitors to something like $600+ (often well over $1000). So sure, while it might be nice to have a single huge monitor, the price gap just doesn't justify it.