00:00 <biotim> Oh yeah that hairpinning issue could have something to do with it

00:02 <biotim> or i guess, the lack of hairpinning

00:03 <Gischer> As far as I can tell, I have enabled port forwarding of 80, 443 and 6080

00:03 <biotim> meaning you're unable to talk to devices on your own network using the public address

00:04 <Gischer> Yeah, that looks like why I see the router page when I talk to port 80, for instance.

00:05 <biotim> Can you enable a "DMZ" mode to send all incoming traffic to your server?

00:08 <Gischer> Yes, the router supports that.

00:09 <biotim> If you don't need to manage port forwarding to any other devices, you can try that

00:09 <Gischer> Or I could set up a routing entry for the hairpin, it seems.

00:10 <biotim> oh yeah, if it allow you to create a rule for http and https traffic coming from your own network, to do the hairpin thing (NAT loopback)

00:12 <biotim> it just depends on what your gateway device allows you to do in the settings

00:12 <biotim> if it allows you complete freedom to tailor the iptables rules, then anything should be possible

00:15 <Gischer> Of course, I've never set up any iptables rules before, lol.

00:16 <biotim> iptables can be confusing; which is why someone created ufw

00:16 <biotim> and why most routers have gui menus to enable port forwarding and such

00:20 <biotim> The sandstorm docs suggest creating a DNS rule on your router, mapping the domain name to the internal network IP https://stackoverflow.com/questions/22313142/wildcard-subdomains-with-dnsmasq

00:21 <biotim> Or you could also manually edit the hosts file on whatever machine your using now to connect to the server https://support.rackspace.com/how-to/modify-your-hosts-file/

00:27 <Gischer> Both good ideas.

00:27 <Gischer> I'm on the phone right now, though.

00:27 <Gischer> It's odd though, I set up a previous sandstorm at another place without these problems.

00:28 <Gischer> And thanks for all the suggestions and help, by the way

00:30 <biotim> Yeah, no problem. Good luck getting it working.

02:31 <kentonv> gischer, FWIW, it sounds like your modem doesn't support "hairpin routing". Sadly, this is a very common bug in modems, and there's often nothing that can be done about it. :(

02:32 <kentonv> the people who write modem firmware are not the brightest bunch it seems

04:06 <mokomull> Linux's conntrack stack certainly doesn't help with that either.

04:10 <TimMc> kentonv: Ain't that the truth.

06:12 <JonTheNiceGuy> I don't think it helped that until about 7 years ago, many modem makers didn't think it was a thing people wanted to do.

16:40 <Gischer> kentonv, yeah, this is my conclusion as well. Putting my server into DMZ hasn't helped. I'm going to try one other trick, then go buy another router. Fortunately I learned last night that it wasn't a combo after all.

16:56 <ocdtr_web> wow! https://apps.sandstorm.io/app/uws252ya9mep4t77tevn85333xzsgrpgth8q4y1rhknn1hammw70?experimental=true

17:03 <ocdtr_web> Interestingly, it's metadata lists it as "proprietary", but it's CC BY-SA 4.0, which is "one way compatible" with GPLv3. Though not recommended for use with software.

17:04 <ocdtr_web> By the documentation, Sandstorm only supports adding OSI approved licenses to Sandstorm's package definition, which CC BY-SA is not.

17:47 <TimMc> I wonder what it would take to get Mastodon running on Sandstorm. (Probably a lot.)

17:53 <ocdtr_web> Much like IRC and the like, I suspect it'd need full network access.

17:53 <ocdtr_web> Federation tends to entail a server talking to a lot of other arbitrary servers.

18:27 <TimMc> *nod*

18:27 <TimMc> And inbound ports.

21:27 <biotim> gischer: If the modem and router are separate, it's really the modem that is key for the NAT loopback (since it is the device with public IP, unless it is configured with the router in some kind of bridge mode or IP passthrough mode).

21:33 <biotim> I guess it depends whether it's acting as a "plain modem" or a "gateway" https://forums.xfinity.com/t5/Your-Home-Network/Gateways-and-Bridge-Mode/td-p/2419143

21:35 <biotim> http://www.practicallynetworked.com/networking/fixing_double_nat.htm

21:35 <Gischer> biotim: I'm using my hosts file to deal with the issue for the time being. It lets me keep going anyway.

21:36 <biotim> ah, that's good

21:38 <Gischer> I don't appear to have double NAT, either. The modem appears to be in bridge mode.

21:47 <isd> mastodon should at least be able to get by with just HTTP, rather than $arbitrary_protocol

21:55 <isd> The thing that's going to be super weird though is following links within the app. For the federation to work you basically *have* to have stable URLs, which means using the api endpoints. But the UI is going to link you to those URLs on other servers, and if those are on a sandstorm instance it will likely barf when you visit them in a browser.

21:57 <isd> Having the ability to have stable browser-friendly subdomains for grains would be incredibly useful. apps would be a bit more exposed of course. But there are huge categories of things that are made incredibly difficult without that.

22:18 <TimMc> Oooh, right.

22:42 <isd> (There have also been frequent requests for the ability to have human-memorable domains, for fully-public grains, which are a use case that doesn't work very well right now).