On Wed, Nov 29, 2023 at 02:19:51PM -0500, Greg Wooledge wrote: > On Wed, Nov 29, 2023 at 01:52:46PM -0500, gene heskett wrote: > > On 11/29/23 13:20, John Hasler wrote: > > > Install chrony. But first fix that address. > > > > How, John? QIDI is afraid of enabling full net access because it might > > overwrite some of their special stuff. Right now its running armbian buster, > > which is out of support. And surprise, kiauh.sh is installed, likely how > > they set the printer up in the first place. Its just a bash script but its > > magic! > > There are so many things in this paragraph that I don't understand. > What is "QIDI"? Why would enabling full net access "overwrite stuff"? > What "stuff"? What is "kiauh.sh" and how is it relevant to this > question? >
QIDI == manufacturer of 3d printers kiauh.sh == helper script to install Klipper Klipper == firmware and environment to drive a 3d printer - large numbers of installed dependencies as I understand it > Either configure a static IP address for this host, or set up a DHCP > server which will assign it the desired IP address. Those are your > two choices. > Just configure your armbian to expect a static address - oh, and try really hard *not* to use something as old as buster, maybe? There are reasons that Debian bothers to put out newer releases :) > If you want it to be on an isolated network, then put it on an isolated > network. If it needs an NTP server, make sure you put one of those > on the isolated network as well. > > It sounds like you don't want a *physically* isolated network, but rather, > some kind of numeric subnet whose packets won't be routed to the public > Internet. That should be feasible. Here's an example setup: > > Machine R: Router. Configured to talk to the public Internet, and to > the local 192.168.1.x subnet. IP forwarding is enabled (from 192.168.1). > Does not know about the 192.168.2.x subnet, and will not forward packets > from that subnet. > > Machine T: Time server. Has two IP addresses -- one on 192.168.1.x and > one on 192.168.2.x. Default gateway set to R. Runs NTP, configured to > permit client connections from both subnets, and to retrieve time from > the public Internet. > > Machine P: Printer. Has an IP address on the 192.168.2.x subnet only. > Runs NTP, configured to retrieve time from T. > > Other hosts: If they need to talk to the public Internet, then they have > an address on 192.168.1.x, and default gateway set to R. If they need > to talk to P, they have an address on 192.168.2.x. Some will have both. > If they run NTP, configure it to retrieve time from T. > > Of course, there are other ways to achieve isolation. You could also > use a single subnet, but set up a fancy firewall in the router, which > blocks the forwarding of all packets from P. Or which doesn't forward > by default, but is specifically configured to forward packets from T > and other identified hosts. You have lots of choices here. > Gene - in all seriousness, I'd suggest sitting down with a memo pad and actually writing down what machines you have, what OS they have and wIhat you want them to *do* At that point, configure machines individually so that they're running the latest practicable software. If that means doing them one by one - do that. Make a list of what functions you need and configure them one by one. Build up something stable rather than constantly hacking and forgetting the precise details of what you've done. If needs be, then give each machine a memorable name and assign each machine a page to note down _precisely_ what changes you make. Take backups of each file you change before you change it and save them according to a naming scheme - I've seen someone name a copy of the original files as x.y.gold where .gold is a suffix that no normal files have. As you make individual modifications, save them as x.y.gold.1, gold.2 and so on. That way, you know how many steps you've taken, how many changes you've made and you can always go back. Once the file is correct, you can delete previous copies apart from the original .gold Just a quick suggestion which you can take or leave as you will .. Andy
