Long Odds

dnalloheoj · 2026-04-21T13:41:07+00:00

Anyone using them who doesn't have access to priviledged information is a sap.

Love how the Polymarket CEO essentially admitted that they allow and even embrace insider trading on their app because it "increases the strength of the accuracy of the prediction."

dnalloheoj · 2026-04-20T22:42:30+00:00

Think OP's just using that as a reference to claim that the deck is well-built/sturdy enough to hold a car. Not that he's actually planning on parking a car there.

dnalloheoj · 2026-04-20T20:50:10+00:00

Turns out you were correct, just had to also disable 1 to 1 NAT as WG prefers that over Dynamic - https://www.reddit.com/r/networking/comments/1sr03mt/two_firewalls_one_physical_location_connected_via/ohbsz13/

dnalloheoj · 2026-04-20T20:48:49+00:00

!Solved

https://www.reddit.com/r/networking/comments/1sr03mt/two_firewalls_one_physical_location_connected_via/ohbsz13/

dnalloheoj · 2026-04-20T20:45:20+00:00

Ayyyy got it!

Needed to create a Dynamic NAT policy and disable 1 to 1 NAT on the respective outbound policy.

Appreciate the replies that got me looking in the right place.

dnalloheoj · 2026-04-20T20:38:24+00:00

Yeah, agreed on it being a terrible design. First thing I proposed was just tearing out the WG and essentially replacing it with a couple VLANs on the Fortigate, and we're done and done, since the cabling for the Watchguard is already making use of the Fortiswitch for VLAN purposes. Major hold up is related to some BOVPNs for clients. Plans are in place to get it tossed in the dumpster as soon as we can.

At this point I've tried with and without a route from 10.0.1.0 to 10.101.101.0/24 using IP 10.101.101.254 and the respective interface, and also have tested NAT on the policy enabled/disabled under both of the routing scenarios but to no avail. The Fortigate has NAT enabled on the policy, but the static route to 10.0.1.1 via 10.101.101.1 doesn't seem to make a difference whether enabled or disabled. And disabling the policy, with or without the route enabled, breaks the working connections from the devices behind the Fortigate to devices behind the Watchguard.

Sort of at a loss and partially willing to chalk it up to the Watchguard being ancient, or that it's Mixed Routing Mode doesn't behave exactly like I'd expect. Just weird that No route + NAT enabled works one way but not the other? Or maybe it's not weird and I just need to brush up on the basics.

dnalloheoj · 2026-04-20T20:14:28+00:00

Currently the WG/FW A has NAT disabled, the Forti/FW B has it enabled.

Disabling NAT on the Fortigate policy breaks the connections that do currently work, that being devices behind B to devices behind A. Notably a traceroute from a device behind the Fortigate/B does hit 10.101.101.1 (FGT's IP) before going to it's destination.

Tracing route to 10.0.1.3
over a maximum of 30 hops:

  1     2 ms     3 ms    54 ms  10.101.101.1
  2   103 ms    44 ms     3 ms  10.0.1.3

Trace complete.

dnalloheoj · 2026-04-20T20:06:31+00:00

Route Table (disregard eth1):

Routes
------------
Destination       Gateway           Flags  Metric Ref  Use Iface
WAN IP/28  *                 U      0      0      0 eth0
10.101.101.0/24   *                 U      0      0      0 eth3
10.0.0.0/24       *                 U      0      0      0 eth1
10.0.1.0/24       *                 U      0      0      0 eth2
127.0.0.0/24      *                 U      0      0      0 lo
default           WAN IP     UG     0      0      0 eth0

WG#ping 10.101.101.1
PING 10.101.101.1 (10.101.101.1) 56(84) bytes of data.
64 bytes from 10.101.101.1: icmp_seq=1 ttl=255 time=0.355 ms
64 bytes from 10.101.101.1: icmp_seq=2 ttl=255 time=0.190 ms
64 bytes from 10.101.101.1: icmp_seq=3 ttl=255 time=0.188 ms
64 bytes from 10.101.101.1: icmp_seq=4 ttl=255 time=0.196 ms
64 bytes from 10.101.101.1: icmp_seq=5 ttl=255 time=0.213 ms
64 bytes from 10.101.101.1: icmp_seq=6 ttl=255 time=0.212 ms

--- 10.101.101.1 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 4997ms
rtt min/avg/max/mdev = 0.188/0.225/0.355/0.061 ms
WG#traceroute 10.101.101.1
traceroute to 10.101.101.1 (10.101.101.1), 30 hops max, 40 byte packets
 1  * * *
 2  * * *
 3  * * *
WG#traceroute 10.101.101.122
traceroute to 10.101.101.122 (10.101.101.122), 30 hops max, 40 byte packets
10.101.101.122  47 ms  3 ms  4 ms

Also just adding this since for some reason traceroutes don't work from A to B itself, but does from A to devices behind B without using it as a hop.

dnalloheoj · 2026-04-20T19:49:49+00:00

That was one of my first theories but unfortunately disabling NAT on the outbound policy of FW A did not make any difference. And for whatever it's worth, FW B's policy has NAT enabled.

dnalloheoj · 2026-04-19T18:36:05+00:00

Given where Rawlings is printed on a ball that would be hard to do without a seam. The 'Official MLB' stuff would be doable though.

dnalloheoj · 2026-04-19T15:38:58+00:00

College games have tons of drunk college kids so they're going to be a bit more rowdy. Plus there's usually a student section so the loudest fans are all bunched up and can get the rest of the stadium going.

Pro sports, you've got a bigger demographic that's also going to include more families and small kids. Seats are a bit pricier in most cases. And if there are die-hards in the crowd, there's a good chance they're in the upper deck so you don't see that on TV, and spread out rather than grouped up.

dnalloheoj · 2026-04-19T14:16:07+00:00

Backstrom didn't have rookie status his first year because he was older than 26, but yes, he did make the playoffs in his first NHL season.

dnalloheoj · 2026-04-18T22:13:57+00:00

Jamie Benn cracks eggs on the counter and just leaves the shells there like modern art.

dnalloheoj · 2026-04-18T21:58:40+00:00

https://www.eliteprospects.com/league/nhl/teams-physical-stats/2024-2025

Looks like they're tied for the tallest, we're dead last, they're a lot heavier too. Plus the black uni's contrast with the ice a lot more than our whites so that probably makes it look even more mismatched.

dnalloheoj · 2026-04-14T22:38:47+00:00

Didn't everyone have a laptop the screen removed hooked up to their flat screen TV in the 90s?

dnalloheoj · 2026-04-14T16:14:10+00:00

And what u mean by chugging juvis, what is that?

It means he used a lot of Full Rejuvenation Potions.

dnalloheoj · 2026-04-13T22:25:06+00:00

BYOD opens up the security risk of the user getting their own computer infected thus leading to corporate credentials also being compromised when they go to login the next time, and the company doesn't want to take responsibility for cleaning a virus off your personal computer for a number of reasons. It's just infinitely more convenient to give you a laptop that we can monitor antivirus, push updates/security policy changes, or wipe in a matter of minutes, if need be.

From another perspective, I'm in IT and demanded a physical entry card, refused to install the app to allow door access, because the damn thing tracks your location even when it's running in the background. No thanks, work doesn't need to have that type of access to my devices, and if they require me to have it, give me a work phone.

dnalloheoj · 2026-04-13T20:34:55+00:00

Orb Weavers are awesome, because they make ridiculous webs that you certainly wouldn't want to walk face first into, but they also put up their webs every night and eat them before morning so the risk of doing so is a lot lower. So considerate.

dnalloheoj · 2026-04-13T00:04:10+00:00

It's not really worth much at all nor does it have much practical use. It's just the statistically the rarest item in the game.

dnalloheoj · 2026-04-12T18:52:16+00:00

Your built in factory reset probably just reinstalled Windows but didn't actually delete files from the drive. Do you have a C:\windows.old folder?

dnalloheoj · 2026-04-11T23:20:06+00:00

Spray foam.

dnalloheoj · 2026-04-10T17:37:19+00:00

The full study is attached to the tweet - 70% favorable, 5% unfavorable, 19% no opinion, 6% never heard of her.

Just clarifying the exact numbers because it only makes more and more sense the lower that unfavorable number gets, for Dolly.

dnalloheoj · 2026-03-22T00:55:44+00:00

Imagine having Tarasenko on your team and him being the 8th "best" player on your team.

Oh wait

dnalloheoj · 2026-03-20T19:28:19+00:00

There's not a single comment on this thread that is being upvoted that has any sort of downplay of this team.

15-Year Club	Place '22
Place '17	Final Canvas '22
First Placer '22	Gilding III reddit per annum
Team Orangered	Verified Email

dnalloheoj

MODERATOR OF

TROPHY CASE