On 11/29/23 14:20, Greg Wooledge wrote:
On Wed, Nov 29, 2023 at 01:52:46PM -0500, gene heskett wrote:
On 11/29/23 13:20, John Hasler wrote:
Install chrony. But first fix that address.
How, John? QIDI is afraid of enabling full net access because it might
overwrite some of their special stuff. Right now its running armbian buster,
which is out of support. And surprise, kiauh.sh is installed, likely how
they set the printer up in the first place. Its just a bash script but its
magic!
QIDI is the name of the Chinese outfit that makes mid-range printers in
the thousand dollar category. Come with all the stuff you normally spend
another $800 making a $150 printer work a little better, so its not that
bad a deal when you tally up all the stuff a $150 printer is missing.
Plus its 3 or 4 times faster than the $150 printer. The X-MAX 3 is the
top of their line of printers.
There are so many things in this paragraph that I don't understand.
What is "QIDI"? Why would enabling full net access "overwrite stuff"?
What "stuff"? What is "kiauh.sh" and how is it relevant to this
question?
They claim they custmized it to drive their printer better, but I'll
reserve judgement on that.
kiauh.sh (Klipper Installer And Update Helper) is a shell script that
keeps a klipper and friends install up to date AND also keeps the OS up
to date too, run it 2 or 3 times a week, and you always got the latest
stuff as klipper, somewhat like marlin but faster is under fairly rapid
development. And its doing things months ahead of marlin.
Either configure a static IP address for this host
Which is what I want to do but I've been told that
/etc/network/interfaces is not the "today way" to do it. OTOH its buster
and I think that works in buster. However, my only access to work on
this is ssh -X root@address, so I have to be sure I don't brick it.
or set up a DHCP
server which will assign it the desired IP address. Those are your
two choices.
Then its something else I'll have to maintain as my network grows, its
far easier to edit a hosts file. I had set a 30 character passwd from a
random generator based on the number of centuries it would take a hacker
to get thru it. Nobody has, including me...
If you want it to be on an isolated network, then put it on an isolated
network. If it needs an NTP server, make sure you put one of those
on the isolated network as well.
isolation is not really on my todo list. Every other machine on my local
net has a desktop and a browser, fully capable of downloading the newest
yak milk recipe from a satellite fed, solar powered yurt 35 klicks north
of Ulan Bator. Firefox is an IRQ pig, playing hell with the machines
latency, so I don't cut steel and run firefox a the same time.
It sounds like you don't want a *physically* isolated network, but rather,
some kind of numeric subnet whose packets won't be routed to the public
Internet. That should be feasible. Here's an example setup:
Machine R: Router. Configured to talk to the public Internet, and to
the local 192.168.1.x subnet. IP forwarding is enabled (from 192.168.1).
Does not know about the 192.168.2.x subnet, and will not forward packets
from that subnet.
Machine T: Time server. Has two IP addresses -- one on 192.168.1.x and
one on 192.168.2.x. Default gateway set to R. Runs NTP, configured to
permit client connections from both subnets, and to retrieve time from
the public Internet.
Sounds like something I could do with a bananapi-m5, And it would reduce
my footprint at debians time servers by aabout 8 machines banging on
them now. But that project is 4 or 5 lines from the top of the list.
At present I'd like to blow away the systemd and install chrony,
configuring that to take over one machine at a time. Can someone lead
me to do that?
The original protocol could push at intervals and ISTR I had it working
on my amiga 2000 and on my color computer 3 running nitros9, circa
1999-2001. Fun times.
Machine P: Printer. Has an IP address on the 192.168.2.x subnet only.
Runs NTP, configured to retrieve time from T.
Other hosts: If they need to talk to the public Internet, then they have
an address on 192.168.1.x, and default gateway set to R. If they need
to talk to P, they have an address on 192.168.2.x. Some will have both.
If they run NTP, configure it to retrieve time from T.
Of course, there are other ways to achieve isolation. You could also
use a single subnet, but set up a fancy firewall in the router, which
blocks the forwarding of all packets from P. Or which doesn't forward
by default, but is specifically configured to forward packets from T
and other identified hosts. You have lots of choices here.
Thanks Greg, take care & sty well.
Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
