Jump to content

brwainer

Member
  • Content count

    2,289
  • Joined

  • Last visited

Awards


1 Follower

About brwainer

  • Title
    Veteran

Recent Profile Visitors

1,656 profile views
  1. Port Forwarding Question?

    Everything said above is 100% true, I just want to add a few things. If you don't want your users to have to type in a port number in order to connect to the second (third, etc) minecraft server on the same external IP, you can buy a domain name and set up SRV records to encode both the IP and the port. Not all programs support this, very old versions of Minecraft didn't (before 1.3). For more information see this page or search for "Minecraft SRV" https://www.noip.com/support/knowledgebase/how-to-add-a-srv-record-to-your-minecraft-server-remove-the-port-on-the-end-of-the-url/ If you need a domain name, I recommend NameCheap, but that's just a personal choice.
  2. Firewall/Domain/make the pipes work question

    The Meraki MX system is capable of Layer7 inspection and is a poor example to use unless you know someone has that system or one that is equally capable. EDIT: actually looking at the Meraki page you linked, the 1:Many NAT is just normal PAT or Port Forwarding. That feature on its own can’t distinguish between HTTP hosts. I believe a full featured Meraki system is capable of doing so, but not with the feature you linked. When that page talks about 1:1 and 1:many, they are talking about using one public IP for multiple inside servers, as opposed to the 1:1 which is just transferring all traffic between a public IP and a private one. This is useful for devices that you need a lot of external ports publicly available but you still want to provide UTM protection to.
  3. Firewall/Domain/make the pipes work question

    I think @Homeless Pineapplemade a typo, and they meant to write "domain1.example.com:80 to the internal port 192.168.11.50:80 and domain2.example.com:8080 to the internal port 192.178.11.51:8080." or "domain1.example.com:80 to the internal port 192.168.11.50:80 and domain2.example.com:8080 to the internal port 192.178.11.51:80." When a router is processing the port forwarding (Port Address Translation or PAT, which is part of NAT, and normally implemented firewall) it has no idea what hostname you have put in. At the level of TCP/IP, the hostname isn't included only the IP address. Yes messages from the browser will include the full hostname, but that is in the HTTP layer and a normal router will never look there in order to route things differently. If your router is capable of making Layer 7 Firewall Rules then you may be able to do something like this, but otherwise it is not possible to use the same outside IP:Port with two different inside services.
  4. doing routing in a L3 switch works for when you want top performance, but they usually can't do any security besides applying an ACL, and may not even be able to do that. For anything that you want protected by your firewall (like access to the MGT and Surveillance VLANs from the workstations) it would still go through the UTM. Of course that level of security might be overkill for your use and the L3 switch doing routing into those VLANs might be fine.
  5. Looking for a good locking rack

    if its just switches, UPSs, and the odd short-depth server, then I am very happy with NavePoint racks. They are the cheapest option for enclosed/locked small racks.
  6. Nics in m2 slots?

    "NIC" means Network Interface Card. A NIC could be for ethernet, SFP, Wifi, or any other network type. So the suggested parts aren't wrong because until now you never actually stated or confirmed you were looking to add wireless. Finding a key B or M or B+M wireless NIC is probably impossible because that isn't intended and is in low demand. An adapter from B/M to E would be difficult to make and probably doesn't exist, but if you want to search for one go ahead.
  7. Help with my Ping to Google timed out

    Looks like the second connection is for IPTV or something like that - anything starting with “10.” is a private IP address, and you can see that second connection has NAT disabled. So for the OP, 36.81.32.1 is the IP that should be pinged to see if the “local” connection is the issue, or something within the ISP’s network.
  8. POE lighting

    This is very interesting, and I know you said BETA store but I was initially confused because I could only find the old and basically abandoned mFi line. This is also an option to keep an eye on. I don’t like the specs (specifically temperature and CRI) of their first gen LED panel though.
  9. Nics in m2 slots?

    If by NIC you mean wireless card, possibly, except that wireless cards are almost always “key E” whereas M.2 slots meant for storage are either “key B” “key M” or “key B+M”. Check the wikipedia page on M.2 to see what the different keyings are. I’m not aware of any M.2 ethernet NICs. EDIT: the slots on the motherboard will only be a single Key, but M.2 devices might be compatible with multiple.
  10. Help with my Ping to Google timed out

    Log into your router and see what the “default gateway” IP that it is getting from your ISP is. Start running a ping to that to see if that drops out. That IP will usually be the device at the other end of your telephone or coax cable, or worst case a few miles away in one of your ISP’s offices.
  11. POE lighting

    The video from Genisys is pretty slick, both their implementation and their control software. But its really just an application of active POE with LED lighting. I’d love to see what other competitor solutions there are. For a few years I’ve thought about using POE for lighting and other low wattage always on items. For refence, 802.3af POE can provide up to 15W per port and 802.3at POE+ can provide 25.5W. A common 60W replacement LED bulb can use 4-7W. I’m sure the office ceiling tube replacement units might push close to 25.5W just because normally those fixtures produce a lot of light, but with a fully integrated system like they are showing, I’m sure they have designed those right up to the limit.
  12. If it is a very small complex, like just a single building, or is owned by a private landlord, then it is very common that they have purchased a single consumer connection with a router (or maybe a combo unit). Generally only multi building complexes or ones run by a management company will make a contract with an ISP for service. Also there is three types of service a complex can purchase: -individual connections for each unit from the local cable or telephone company -“community” internet from the local cable or telephone company -“community” internet from a provider that specializes in this I am an engineer for a company that does the third option. Among apartment complexes, the three options are about equally split. The second and third option are the same architectually - a non-consumer internet connection is brought in to the main building and then shared via ethernet or DOCSIS - I’ve seen properties where consumer grade cable all-in-one modems were reprogrammed into basically APs. The OP said they are in a single 4-story building split into apartments by floor. My bet is that this is privately owned and that there is no contract with an ISP to provide individual service, based on experience. My recommendation is to use a normal router, and if there is any concern for privacy, pay for an encrypted VPN and program the router to send all traffic through it. This may require a more expensive router than is needed just for providing NAT and a stateful firewall (which is every router currently made).
  13. 5Ghz Wireless Access Point With PoE.

    If you buy Ubiquiti APs individually then they include the POE injector in the box. If you buy a multipack (ex. 5 Unifi AP AC's) then that does not include injectors because they expect you to have a POE switch when using that many APs. Ubiquiti Unifi APs are very good value for high-end home use and small businesses.
  14. Attenuation and repeaters

    If talking about very long range PtP or PtMP communication, and we are comparing wireless to copper based wired, then yes for a given long distance link you will need less "repeaters" for wireless than for wired. Example, microwave wireless versus coax or telephone cables. Microwave might have a single-link range of 30km (with tall enough towers) but the copper line might have a max range of a few km. But then when you add in fiber to the comparison, the max link distance goes out to hundreds of kilometers - a standard single mode 10Gb SFP can do 10km links reliably, and then you can go to specialized equipment.
  15. Namecheap prices for .com: $10.99 plus WhoisGuard free for 1 year; Whoisguard costs $2.88 after the first year but base price stays the same 1and1 price for .com: $0.99 first year, $14.99 after, “Private Registration” is free If paying one year at a time (namecheap offers discounts if you pay multiple years at onec) and including WhoisGuard, then the break-even is at about 7 years. Under 7 years, 1and1 is cheaper due to that $0.99 first year. After 7 years, namecheap saves you money. So do you expect to have this domain for a long time? Edit: Looks like I did that math wrong, the break-even is at 10 years. The calculation is attached. The same question still remains though.
×