On 11/29/23 14:58, Andrew M.A. Cater wrote:
On Wed, Nov 29, 2023 at 02:19:51PM -0500, Greg Wooledge wrote:
On Wed, Nov 29, 2023 at 01:52:46PM -0500, gene heskett wrote:
On 11/29/23 13:20, John Hasler wrote:
Install chrony. But first fix that address.
How, John? QIDI is afraid of enabling full net access because it
might overwrite some of their special stuff. Right now its
running armbian buster, which is out of support. And surprise,
kiauh.sh is installed, likely how they set the printer up in the
first place. Its just a bash script but its magic!
There are so many things in this paragraph that I don't
understand. What is "QIDI"? Why would enabling full net access
"overwrite stuff"? What "stuff"? What is "kiauh.sh" and how is it
relevant to this question?
QIDI == manufacturer of 3d printers
kiauh.sh == helper script to install Klipper
Klipper == firmware and environment to drive a 3d printer - large
numbers of installed dependencies as I understand it
Either configure a static IP address for this host, or set up a
DHCP server which will assign it the desired IP address. Those are
your two choices.
Just configure your armbian to expect a static address - oh, and try
really hard *not* to use something as old as buster, maybe? There are
reasons that Debian bothers to put out newer releases :)
If you want it to be on an isolated network, then put it on an
isolated network. If it needs an NTP server, make sure you put one
of those on the isolated network as well.
It sounds like you don't want a *physically* isolated network, but
rather, some kind of numeric subnet whose packets won't be routed
to the public Internet. That should be feasible. Here's an
example setup:
Machine R: Router. Configured to talk to the public Internet, and
to the local 192.168.1.x subnet. IP forwarding is enabled (from
192.168.1). Does not know about the 192.168.2.x subnet, and will
not forward packets from that subnet.
Machine T: Time server. Has two IP addresses -- one on 192.168.1.x
and one on 192.168.2.x. Default gateway set to R. Runs NTP,
configured to permit client connections from both subnets, and to
retrieve time from the public Internet.
Machine P: Printer. Has an IP address on the 192.168.2.x subnet
only. Runs NTP, configured to retrieve time from T.
Other hosts: If they need to talk to the public Internet, then they
have an address on 192.168.1.x, and default gateway set to R. If
they need to talk to P, they have an address on 192.168.2.x. Some
will have both. If they run NTP, configure it to retrieve time from
T.
Of course, there are other ways to achieve isolation. You could
also use a single subnet, but set up a fancy firewall in the
router, which blocks the forwarding of all packets from P. Or
which doesn't forward by default, but is specifically configured to
forward packets from T and other identified hosts. You have lots
of choices here.
Gene - in all seriousness, I'd suggest sitting down with a memo pad
and actually writing down what machines you have, what OS they have
and wIhat you want them to *do*
At that point, configure machines individually so that they're
running the latest practicable software. If that means doing them one
by one - do that.
Make a list of what functions you need and configure them one by
one.
Build up something stable rather than constantly hacking and
forgetting the precise details of what you've done.
If needs be, then give each machine a memorable name and assign each
machine a page to note down _precisely_ what changes you make. Take
backups of each file you change before you change it and save them
according to a naming scheme - I've seen someone name a copy of the
original files as x.y.gold where .gold is a suffix that no normal
files have.
As you make individual modifications, save them as x.y.gold.1, gold.2
and so on.
That way, you know how many steps you've taken, how many changes
you've made and you can always go back. Once the file is correct, you
can delete previous copies apart from the original .gold
Just a quick suggestion which you can take or leave as you will ..
Andy
All good advice Andy, but I've been swimming in the bleeding edge stuff
since I turned 16 and could quit school legally, which as you well know
is often a disorganized mess since about 1948 when I quit school and
went to work fixing them newfangled things called tv's.
Me, get organized? At 89 yo, its not likely to happen now.
Thanks Andy, take care and stay well.
Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
