The Linux Thread - The Autist's OS of Choice

[ghastlyretard]

I did but if I go to mysite.com from my local network my videos and data transfers are still capped at my cable internet upload speed, even when everything is on the same network.

Which leads to running a home DNS server to redirect trading to my server to my server's lan IP address

Which leads to finding that most modern browsers don't use the traditional DNS protocol by default, but DNS over HTTPS which is not possible to set up for

This sounds like a routing problem then. I had the same issue at work when I was setting up some services that were accessed locally by the public domain name. If I recall it was a setting related to recursive routing. Once I had that set up local services would work at LAN speeds rather than the 250Mbit we get from the ISP. What are you using for a router?

 

[DavidS877]

I've had no problem telling DoH to piss off, between the canary domain for some browsers and direct settings for others. Chrome for instance should figure it out: "Chrome will not automatically enable DoH if the computer is configured to use a local DNS server or forwarder, even if that server forwards to OpenDNS."

 

[Betonhaus]

This sounds like a routing problem then. I had the same issue at work when I was setting up some services that were accessed locally by the public domain name. If I recall it was a setting related to recursive routing. Once I had that set up local services would work at LAN speeds rather than the 250Mbit we get from the ISP. What are you using for a router?

A TP-Link Archer AX80. It did have an advanced routing feature I haven't figured out but my server's lan IP address is 192.168.x.x and my domain naim points to my wan IP which is different

 

[ghastlyretard]

A TP-Link Archer AX80. It did have an advanced routing feature I haven't figured out but my server's lan IP address is 192.168.x.x and my domain naim points to my wan IP which is different

Looks like the feature is called NAT Loopback on the AX80. Is that enabled?

 

[Betonhaus]

Looks like the feature is called NAT Loopback on the AX80. Is that enabled?

Does that work in conjunction with assigning my wan IP address to my server along with its 192 address? Otherwise wouldn't it just ignore packets addresses to my wan IP?

 

[ghastlyretard]

Does that work in conjunction with assigning my wan IP address to my server along with its 192 address? Otherwise wouldn't it just ignore packets addresses to my wan IP?

What's happening is your traffic is going from device > router > ISP > router > server. NAT Loopback would cut out the ISP component because your router should already know that you're trying to reach the WAN side of it.

If you wanted to get a WAN IP for your server, I think you could just stick a switch between your router and modem, and then hook your server to that switch. Worked that way for me on Spectrum at least. If you have two NICs you could have a local IP and a WAN IP. But I am pretty sure even in this set up you'd have to route through the ISP and be restricted by your WAN speed. NAT Loopback is going to be the solution to the bandwidth issue you're facing.

 

[Betonhaus]

What's happening is your traffic is going from device > router > ISP > router > server. NAT Loopback would cut out the ISP component because your router should already know that you're trying to reach the WAN side of it.

If you wanted to get a WAN IP for your server, I think you could just stick a switch between your router and modem, and then hook your server to that switch. Worked that way for me on Spectrum at least. If you have two NICs you could have a local IP and a WAN IP. But I am pretty sure even in this set up you'd have to route through the ISP and be restricted by your WAN speed. NAT Loopback is going to be the solution to the bandwidth issue you're facing.

It sounds like your method would just go device > router > server > router > isp > router > server, as the server would only pass on packets not addressed to it.

 

[⠠⠠⠅⠑⠋⠋⠁⠇⠎ ⠠⠠⠊⠎ ⠠⠠⠁ ⠠⠠⠋⠁⠛]

It sounds like your method would just go device > router > server > router > isp > router > server, as the server would only pass on packets not addressed to it.

With literally any router I have ever used, if I configured port forwarding on the router to forward traffic on say port 8443 to a internal server on my LAN, for any computer on the LAN accessing [your public IPv4 address]:8443 or [your dynamic or static DNS name pointed at your public IPv4 address]:8443, that traffic would just be bounced from the client device to the router to the internal server. It should never go as far as your cable modem/fiber interface let alone the ISP.

Now obviously, if you're also using a VPN client on the computers you're using internally on the LAN, then that traffic will be bounced through the VPN server and then back through your ISP, rather than staying internal to the LAN- if you want to avoid that, you must use the local network IP address or a hostname pointing at it to access the service directly.

And all bets are off if you're behind some shitty CGNAT and don't even have a proper IPv4 address.

Again, is there a really really good reason to be exposing these servers to the internet? If you just use Tailscale or ZeroTier on all your client devices rather than exposing them to the internet, you could access your internal network from anywhere and not be running the risk of people drive-by installing Monero miners if any of your Docker containers are not immediately patched for any security issues. Or run a Wireguard VPN server internally as your only internet exposed service for when you need to access the internal network remotely.

 

[MatrixMustDie]

I don't know anything about Comcast, but I know of at least two UK ISPs that will give out IPv4 subnets if you pay for it.

Is a random residential customer going to be paying for their own subnet? Obviously no. Take your autism meds.

I did but if I go to mysite.com from my local network my videos and data transfers are still capped at my cable internet upload speed, even when everything is on the same network.

Which leads to running a home DNS server to redirect trading to my server to my server's lan IP address

Which leads to finding that most modern browsers don't use the traditional DNS protocol by default, but DNS over HTTPS which is not possible to set up for home use

Chromium and Firefox will prefer DoH/DoT when it is available, they haven't deprecated regular DNS. Chromium (Settings -> Privacy & Security -> Use secure DNS) should use your OS settings by default. Firefox can have it disabled in preferences under Enable DNS over HTTPS.

I have local DNS deployed for my intranet domains and I've never had to mess with DoH on the browser. If you desperately want remote access then I'd just suggest using wireguard as the man with an unpronouncable name above says. You may run into issues when on public wifi with your vpn enabled, but that's probably won't be very common.

 

[Rusty Metal Skull Gun]

Is a random residential customer going to be paying for their own subnet? Obviously no. Take your autism meds.

Grow up. I pointed out that having your own IPv4 subnet is a plausible thing for a home enthusiast, and your response was autistic screeching.

 

[teriyakiburns]

and your response was autistic screeching.

In fairness, this is the linux thread.

 

[Betonhaus]

Grow up. I pointed out that having your own IPv4 subnet is a plausible thing for a home enthusiast, and your response was autistic screeching.

That might depend on the carrier and can be prohibitively expensive. My city refused to assist with installing fiber and basically told the neighborhoods to handle it on its own, so only the super rich or new neighborhoods have fiber Internet and everyone else has shit.

 

[x3firehexx]

The amount of spergery and autism here is nauseating

 

[Eternal Spirit of Light]

The amount of spergery and autism here is nauseating

Did you come to the linux thread NOT expecting supreme autism?

 

[Kosher Dill]

Is a random residential customer going to be paying for their own subnet? Obviously no.

I think I know what DSP's next upgrade to his real adult business-class internet is.

 

[Marvin]

I don't know anything about Comcast, but I know of at least two UK ISPs that will give out IPv4 subnets if you pay for it.

If you pay for it. Comcast requires you to have "Business Class" to get even a single static IPv4 address, and charges an arm and a leg for it. Not relevant to our discussion of home port-forwarding.

And properly speaking, last time I checked, residential Comcast service comes with a clause that says they can forbid you from self hosting services.

Their concern is generally around if you're burning enough bandwidth to be disruptive to the network, but strictly speaking they always have the option to pull the plug if they want.

In my experience and location (urban US east coast), Comcast IP allocations tend to be pretty static. I have an openvpn install running in my home so that when I'm traveling abroad (often to Bongland), I can vpn home and pretend to my coworkers that I'm still at home. I use a dyndns service in case my IP changes, but I think it's been the same IP for months, if not years by this point.

 

[analrapist]

>come to a thread on the kernel of an operating system
>accuse thread enthusiasts of autism

shooting fish in a barrel, innit?

 

[prollyanotherlurker]

The amount of spergery and autism here is nauseating

Imagine not being a sperg.

 

[Hellwalker]

The amount of spergery and autism here is nauseating

Nevar forget.

 

[graywolf88]