Here is the complete list of required ports.

@Carnival-Boy said in Learning Python from Microsoft:

I'm planning on learning Python to help my son who is studying it at school (with a useless teacher).

Python 3 is definitely the best option for learning. My kids have had some luck using the learn online free tools out there.

@Dashrender Confirmed, our MailCow is using ActiveSync to my phone, works beautifully.

@Pete-S said in How do I install gparted on RHEL 7.7 with GUI?:

@JaredBusch said in How do I install gparted on RHEL 7.7 with GUI?:

@Pete-S yum install epel-release absolutely should work.

If I understand correctly yum install epel-release only works on CentOS, not real RHEL.

It was a fresh install too from rhel-server-7.7-x86_64-dvd.iso

Ah, you are correct. I skimmed the RHEL bit. Totally my bad.

Nope.

####################################################################################### ## Network Internet ## ####################################################################################### static.network.ip_address_mode = static.network.span_to_pc_port = static.network.vlan.pc_port_mode = static.network.static_dns_enable = static.network.pc_port.enable = static.network.primary_dns = static.network.secondary_dns = static.network.internet_port.gateway = static.network.internet_port.mask = static.network.internet_port.ip = static.network.internet_port.type = ##V83 Add static.network.preference =

Just installed 19.10, 120MB

@Pete-S said in Can I use the first IP in a subnet, for instance 192.168.0.0?:

OK, I did some more research and made some test. I believe most people got this one wrong and for reasons that are historical.

Assume we have the network 192.168.1.0/24.
Subnet mask 255.255.255.0. The address range is 192.168.1.0 to 192.168.1.255.

192.168.1.0 is a valid host IP - contrary to what most people believe.
192.168.1.255 is reserved for directed broadcast.

Why?

An IP like 192.168.1.0 used to be excluded from use by a host in the past. This was obsoleted in conjunction with the introduction of classless subnets, CIDR. Mentioned in 1995, RFC 1878, which also obsoleted something related, which was the exclusion of certain subnets called subnet zero and the all-ones subnet.

In the past IPs like 192.168.1.0 has also been used as a broadcast address but that practice is also obsolete. RFC 1812 (also 1995) states that 192.168.1.255 should be used for directed broadcast in the 192.168.1.0/24 network and that 192.168.1.0 is forbidden to use for that purpose.

Problem when something becomes obsolete is that you still have old equipment, old protocols and old habits in use. So it takes many years before you can actually stop doing certain things that were needed in the past.

To test the state of things today I spun up some VMs. I used 172.16.0.0/24 as my network.

No problem setting 172.16.0.0 as IP address on CentOS or Debian for example. Everything works as you would expect.
centos_network_addr.png

You could however see some remnants of the past, like this:
broadcast_ping.png
As mentioned above, it was a long time since that was considered a broadcast address.

Windows 7 was however another story. You can't enter 172.16.0.0 as a valid IP address in network settings. But you can do it on the command line with netsh. And then it shows up as expected. Network works as expected too.
win7_network_addr.png

So all in all, it is technically OK to use the first IP as an host IP. It's not reserved anymore and hasn't been for more than two decades. Protocols that used that IP for broadcast or reserved for the network address are not in use anymore.

The biggest risk is probably to run into applications where they on purpose don't allow you to enter a specific "invalid" IP address.

That said, it would probably be very confusing for most people.

I would assume in a /24 network to not use x.x.x.0 when there are other networks, but in a bigger network, perfectly fine since it's inside the network range.

@mroth911 said in Routing port 80:

So is there any services that I can use, or do I have to build a server? or what can I do to simplify the process.

An external service can't help because you need to direct the traffic once inside your LAN. You just need a reverse proxy, like Nginx, running somewhere and all port 80 pointing to that, and it in turn pointing to the internal resources. So it can be a dedicated server or shared with some other task.

Update: this is what I ended up with.
Route based VPN using this guide as a template.

Master site: 1x ER 12 + 1x ER 4
Sites A, B, C & D :1x ER4 each location
Colo: 1x ER4 & 1x pfSense (SM x10SDV-TLN4F+)

Well, it looks that it is actually FreePBX as part of the problem again with some stupid cron jobs.

And there is an issues with Moodle but I think that is more of an authentication issue and not actually a spam issue.

@WLS-ITGuy

Look good to me .

If you need to send emails from the box itself you need to open additional, but usually you rely on third party services for that like SMTP2GO or SendGrid and for that you dont need to open any additional ports.

I used to firewall port SSH but then i was like I would like to work on machines from anywhere, so I just enable strong SSH auth based security.

However both approaches will work, the thing is imagine if you want to connect on that machine on emergency, you have to go to the 74 IP or vpn to it.

@wrx7m said in IOPS for SSD?:

@travisdh1 said in IOPS for SSD?:

@wrx7m said in IOPS for SSD?:

@Pete-S They dropped the price to 1061.24 since I posted. lol Interesting. Yes, but that is a max of 12 nvme. I may have misunderstood that option with 8 SAS/SATA. I am guessing that the max of 12 would allow for more SAS/SATA, although it doesn't mention it. My issue was also with the available drive capacities and cost per TB for spinning disks in the 2.5" spec.

Yeah, especially direct from the OEM. Have you thought about buying the storage from xByte instead?

Are their drives brand new? I did price out a server with specs as similar to Dell's as possible and it was only off by a couple grand.

IMHO, I consider their drives are 99.9% brand new as its possible an OEM install was done on the drive or something like that. Plus testing of the drive by the OEM and xByte.

Their hardware is manufacturer refurbished, not used. Big difference.

If you can get a Dell ProSupport (w/w-out) Plus 7 year warranty on the server with the drives from xByte, it doesn't really matter if they are new or not. They are under warranty for 7 years and you have no worries.

@Skyetel said in VOIP.ms more secure:

SIP Trunking by IP is so much better than registration, we don't even allow you to register.

About a year ago, a customer came to us from one of our competitors that used SIP Registration. A hacker broke into his PBX, and instead of relaying all the calls through his PBX like they normally do, they got his SIP Trunking username & password for his carrier. They then proceeded to register half a dozen systems and burned through tens of thousands of dollars before the carrier realized something was wrong. They then forced him to pay the bill (which is why he quickly looked to move away to us).

I can rant all day about the pitfalls of SIP Registration, but I shall refrain 😛

Multiple failures in the scenario you listed. Anyone of those failures being not there would’ve made the entire thing not a problem.

@WrCombs said in How to Stop an Ongoing RAID Rebuild HP P420i RAID Controller:

we use Intel Rapid Storage - CTL +I on Boot gets you there? - Disclaimer I may be thinking of Software RAID rather than Hardware RAID - but It may be worth a shot to try..

Yeah, Intel Rapid Storage is the most prominent example of Fake RAID. So it is software.

@black3dynamite said in Ubuntu Updates to 19.10:

@Emad-R It's all great having numbers and visual aid to show results but will you really notice the difference when using Ubuntu compare Debian, assuming you are using the same desktop environment?

That's the tough comparison. Ubuntu has more features and a different desktop. I specifically like Ubuntu's desktop. So going to Debian I'd likely modify it to the point of being Ubuntu, lol.

@Pete-S said in MailCow Command Line Reference:

@scottalanmiller said in MailCow Command Line Reference:

@Dashrender said in MailCow Command Line Reference:

@Pete-S said in MailCow Command Line Reference:

If you don't intend to use the webinterface then what purpose does mailcow have?

You could just install dovecot, postfix etc for email and sogo for calendar and have the same thing without the middle man. I bet you have to tweak config files even with mailcow.

I'm assuming Scott is asking about management stuff - he wants to script that stuff, not GUI manage it.

Right. GUI is fine for low capacity sites. But we are looking at two use cases both in the 10K+ range.

But mailcow doesn't add any functionality that the original packages don't already have. It's just a wrapper. Is it not?

Mostly. But it is handling the testing and integration of the components, which is the hard bit. It's actually doing a fair amount of work. I've built an extremely similar system in the past and the effort was quite large for just the "wrapper" bits that they are doing 😉

And the central API is a huge deal.

@dbeato said in Can't move Stream_Autocomplete.:

I have used the Nk2edit And you can push it to the Office Cloud Autocomplete from an NK2 or the Stream file. However when Nk2edit can’t read a file it is usually corrupted and you need a previous version of the file.

The current file is usable under the in house exchange,, and I have restored a few versions from backup.. Still no luck.. I may just be SOL.

@Obsolesce said in City of Munich Moving to Closed Source Software:

It looks like the whole issue was due to their use of some weird distro years ago.

That article technically doesn't say why they need Windows now, so for all I know they have some new weird requirements I don't know about, but assuming they don't, I think the decision to go to Windows is a horrible idea. They'd be much better off going to Ubuntu instead.

Yes I upvoted a post about how Ubuntu would be better than an alternative. Please no heart attacks people.

@JaredBusch said in Automatically running chocolatey upgrades:

How do various people do this?

Re: Next steps with SaltStack

@marcinozga said in Next steps with SaltStack:

Not salt, but I used https://chocolatey.org/packages/choco-upgrade-all-at which creates the same task, that runs choco upgrade all -y. If salt is using windows task scheduler, then it should just work.

Does that run as the admin account? Users have no rights to run this.

Running the choco install command requires local admin rights - so I assumed either - it ran as system OR it would ask for the creds of the current admin user being used to run the installer.

Clearly you found that it runs as system.