@FATeknollogee said in Help setting up routing: @JaredBusch Just curious, what it the /23 on eth3, is that one of your LAN IP blocks from AT&T? AT&T can't issue private IP addresses.

@JaredBusch said in Vyos Configure DHCP Server: @EddieJennings his second error is related to DNS. This is a working DNS setup. set service dns forwarding cache-size 150 set service dns forwarding listen-on eth7 set service dns forwarding listen-on eth7.2 set service dns forwarding name-server 1.1.1.1 set service dns forwarding name-server 8.8.8.8 set service dns forwarding options server=/domain.local/10.202.0.21 set service dns forwarding options server=/domain/10.202.0.21 Correct. I gambled from his title the immediate interest was DHCP. I lost.

@Dashrender said in Windows Domain routing question - dual-nic: Though - if you have a second layer network like this, you'll need to inform your external router on the internal networks and how to route them. Routing to the internet is mostly just a nice to have.

@Dashrender said in Cisco ASA: @Jimmy9008 said in Cisco ASA: A and B can also RDP/ping devices sitting on C. If this is true, it's just a matter of rules/route allowing C back to A/B or a route specifically for C -> A/B. 172.16.0.0 vlan… switch IP = 172.16.0.1, ASA = N/A, gateway on the vlan is 172.16.0.1 (the switch) this is legacy. What appears to happen is that the switch has 0.0.0.0 set to 192.168.50.10 (the ASA) on a vlan2. So, traffic from 172.16.0.0 hits the switch IP at 172.16.0.1, then hope out 0.0.0.0 ^ I think its this that's causing the issue. This should be fine, this is what allows the C network to get to the internet so, when on the 172.16.0.0 network, the request goes to the switch's IP (172.16.0.1) which forwards it to 192.168.50.10 (the ASA), The ASA then doesn't have a rule allowing traffic from 172.16.0.0 to talk to 10.x, so it just dumps the traffic. At least that's what it looks like to me at this time. “C” network really?

@mary said in Network Address Translation - CompTIA Network+ N10-007 Prof Messer: Is there any kind of slowdown when using just one port if you are getting a lot of traffic? No not really. The most commonly used ports are 80 and 443. They process quite a bit of traffic on your average workstation. In fact, most servers are designed to work with a single port or just a handful of ports open. For custom applications using a specific port makes it easier to troubleshoot issues and restricts non application traffic. Many apps are defaulting to 443 these days. Although, keep in mind SSL /TLS can operate on other ports.

He mentioned proprietary protocols. Do you always have the option to choose between the standard and proprietary or do some force you to use the proprietary?

@mary said in IGP and EGP - CompTIA Network+ N10-007: Hiw important are the different types of protocols for IPV4 and 6? Pretty important, but not things any normal IT pro will ever see. Routing protocols are only modified by large companies, and only by dedicated network admin staff.

@mary said in Static and Dynamic Routing - CompTIA Network+ N10-007 Prof Messer: If you can set a default route, why would you use static over dynamic? Static routes require a human to modify them anytime anything changes. So, for example, the route you want fails because a device dies. If you have static routing, then you simply go offline until you go and change the route to something else manually. When the device is repaired, you won't go back to the optimum route until such time as someone manually puts it back. With dynamic routing, the protocols look for the best routes at all time and can not just adjust for failure conditions, but can also detect new routes that are better when they appear, go back to repaired routes, detect congestion and adjust routes based on temporary traffic conditions, etc. Think of one as having a map telling you how to get from point A to point B and if there is road construction or loads of traffic or an accident, that you just have to sit there until your route clears up. And dynamic routing like a GPS that adjusts based on real world conditions and gives you an alternative route should your main one be blocked or slow.

@scottalanmiller said in Another Major BGP Mishaps Redirects US Traffic to China: I noticed that YouTube was down yesterday for a little bit. Very short, though. Even Facebook got taken out for a bit too... Don't know if it's related or not, but still...

@eddiejennings said in Traffic not flowing for hosts behind NAT - Edge Router Lite: @dbeato said in Traffic not flowing for hosts behind NAT - Edge Router Lite: @eddiejennings said in Traffic not flowing for hosts behind NAT - Edge Router Lite: Take 3 is a partial success. All hosts except the IIS host has full Internet connectivity. The IIS host is accepting web and FTP traffic (so NAT's doing its job now :D); however, I can't ping outside my local network, and it can't resolve DNS. So what is the DNS Server on that Server? Same as all of the other servers that could resolve DNS. The issue was forgetting to reconfigure the source NAT rule. Makes sense now!

@krisleslie said in Hitting the limits of the Ubiquiti EdgeRouter: @jaredbusch My apologies, I meant QoS! Well then, yes, better QoS performance because better processors.

@Dashrender said in Cross Post - Help sorting out a Firewall Issue on a Debian Box: A default gateway on the debian box? My thought. I don't think I've seen a system firewall not accept icmp by default. If you stop iptables and still can't ping it's not the firewall.

Bridging issue solved, kind of a Late-Friday-Problem: Promiscuous mode was turned on, but on the wrong interface - the DMZ facing one. It worked instantly the second I switched it off on the DMZ and instead turned it on on the target network interface. How to turn on MAC spoofing / Promiscuous mode on Hyper-V using PowerShell Get-VM -Name XXXXX | Get-VMNetworkAdapter | Where-Object { $_.MacAddress -eq "XXXXXXXX" } | Set-VMNetworkAdapter -MacAddressSpoofing On

@JaredBusch said in ER-X static routing: I would use a source and destination NAT rule to force it. Thanks. I'll have to wait till after lunch or tomorrow to get that setup. Redoing the server over there as well, so no remote access at this point (I want my jumpbox back!)

@JeffReady said: There was once a good old day when Linksys was good... I run DD-WRT on a Netgear Blackhawk (D7000 iirc, not one of the new ones), and it's been solid. Of course Comcast decided to push a friendly firmware update to my cable modem this weekend which reset the config, took it out of bridge mode and re-enabled the modem's own DHCP and routing services (and Lord knows what else), taking me offline. Annoying (not to mention a potential security nightmare)... mostly because I spent an hour jacking around before it even occurred to me to login to the modem and check it's settings. Are you me? lol This happened to me a couple weeks ago - same setup, same software, different router.

Definitely most everyone that I have seen is on .local. It was the advised standard for so long and it was so during the era when the majority of companies moved to AD. Even though the new standard has been around for a little bit now, nearly every company I deal with moved to AD prior to that time period. New companies get new AD, obviously, but as a market percentage they aren't so much yet, that I've seen.