Re: Mixing and Matching DHCP and static IPs

On Thu, Dec 28, 2017 at 03:31:11PM +0100, Pascal Hambourg wrote: > Le 28/12/2017 à 13:01, Mark Fletcher a écrit : > > > > Beyond the man pages for DHCPD is > > there a good reference anyone can recommend for exactly what happens > > when a DHCP request is made? > > The authoritative sources are

Re: Mixing and Matching DHCP and static IPs

Le 28/12/2017 à 13:01, Mark Fletcher a écrit : That means that, if the goal were only to get a working setup, that has now been achieved. However, if you'll indulge me further, I'm now very curious about how I can get the AirStation to have a sensible routing table -- surely it must be

Re: Mixing and Matching DHCP and static IPs

On Wed, Dec 27, 2017 at 06:13:41PM +0100, Pascal Hambourg wrote: > Le 27/12/2017 à 16:07, Mark Fletcher a écrit : > > > If you want to check this you can just try to accept any packets forwarded > from the internal interface to itself. > > iptables -A FORWARD -i enp0s20u3 -o enp0s20u3 -j ACCEPT

Re: Mixing and Matching DHCP and static IPs

Le 27/12/2017 à 16:07, Mark Fletcher a écrit : my Stretch desktop inside the AirStation LAN showed that can also now ping to the PI. This represents major progress. However, I still cannot ssh from the Stretch desktop to the PI (although I still CAN ssh from the firewall to the PI, and I can

Re: Mixing and Matching DHCP and static IPs

On Tue, Dec 26, 2017 at 04:33:57PM +0100, Pascal Hambourg wrote: > Le 26/12/2017 à 16:05, Mark Fletcher a écrit : > > > > At the risk of further advertising my ignorance, 3 as an 8-bit binary is > > 0011, and 252 in binary is 1100, so why doesn't that mask "fit" > > with that address? (if

Re: Mixing and Matching DHCP and static IPs

On Tue, Dec 26, 2017 at 05:04:34PM +0100, Pascal Hambourg wrote: > Le 26/12/2017 à 16:49, Michael Stone a écrit : > > > > This is unnecessarily complicated, and will make your life harder than > > it needs to be. The best thing would be to not use the airstation as a > > router at all, just use

Re: Mixing and Matching DHCP and static IPs

On Tue, Dec 26, 2017 at 02:30:27PM -0500, Dan Ritter wrote: > On Mon, Dec 25, 2017 at 08:25:52PM -0600, Paul Johnson wrote: > > On Mon, Dec 25, 2017 at 10:49 AM, Marc Auslander > > wrote: > > > > Sample dhcpd config for a static IP assignment: > > host thatonemachine { >

Re: Mixing and Matching DHCP and static IPs

On Mon, Dec 25, 2017 at 08:25:52PM -0600, Paul Johnson wrote: > On Mon, Dec 25, 2017 at 10:49 AM, Marc Auslander > wrote: > > > The safest way to fix an ip address in a dhcp served network is to tell > > the dhcp server to associate that address with the mac of the unit.

Re: Mixing and Matching DHCP and static IPs

Le 26/12/2017 à 17:20, Michael Stone a écrit : On Tue, Dec 26, 2017 at 05:04:34PM +0100, Pascal Hambourg wrote: As any SOHO router, it is likely that the Airstation masquerades forwarded connections, so other nodes on its WAN side do no see the real 192.168.11.x addresses but only the WAN side

Re: Mixing and Matching DHCP and static IPs

On Tue, Dec 26, 2017 at 05:04:34PM +0100, Pascal Hambourg wrote: As any SOHO router, it is likely that the Airstation masquerades forwarded connections, so other nodes on its WAN side do no see the real 192.168.11.x addresses but only the WAN side address of the Airstation, 192.168.1.2. Yes,

Re: Mixing and Matching DHCP and static IPs

Le 26/12/2017 à 16:49, Michael Stone a écrit : This is unnecessarily complicated, and will make your life harder than it needs to be. The best thing would be to not use the airstation as a router at all, just use it as a switch + wireless access point in a flat configuration, with the router

Re: Mixing and Matching DHCP and static IPs

On Tue, Dec 26, 2017 at 12:23:41AM +0900, Mark Fletcher wrote: I run a home network with what might be slightly unusual topology. At the centre of it is a Buffalo Airstation which services a bunch of iDevices, a couple of Androids, a Windoze laptop, It's bad enough having to read a really

Re: Mixing and Matching DHCP and static IPs

Le 26/12/2017 à 15:50, Dan Purgert a écrit : Pascal Hambourg wrote: Le 26/12/2017 à 12:33, Dan Purgert a écrit : [...] Sounds like perhaps the airstation is blocking client devices from talking to "bogus" network addresses. This is generally a feature of consumer gear to stop you from trying

Re: Mixing and Matching DHCP and static IPs

Le 26/12/2017 à 16:05, Mark Fletcher a écrit : At the risk of further advertising my ignorance, 3 as an 8-bit binary is 0011, and 252 in binary is 1100, so why doesn't that mask "fit" with that address? (if you'll pardon my poor terminology) Put another way, why do I need to zero out

Re: Mixing and Matching DHCP and static IPs

On Tue, Dec 26, 2017 at 03:02:46PM -, Dan Purgert wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > >> > > The netmask is 255.255.255.252. I just tried changing it to 248, ie > > zeroing out one more bit, but that did not help. (changed it by changing > > the netmask supplied by

Re: Mixing and Matching DHCP and static IPs

On Tue, Dec 26, 2017 at 02:31:05PM -, Dan Purgert wrote: > >> No, the airstation having been given an address 192.168.1.x/24 will know > >> that it can directly reach any host 192.168.1.1 through 192.168.1.254 > >> inclusive. > >> > > > > Except for some reason it doesn't seem to (or, rather,

Re: Mixing and Matching DHCP and static IPs

On Tue, Dec 26, 2017 at 02:50:44PM -, Dan Purgert wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Pascal Hambourg wrote: > > Le 26/12/2017 à 12:33, Dan Purgert a écrit : > >> [...] > >> Sounds like perhaps the airstation is blocking client devices from > >> talking to "bogus"

Re: Mixing and Matching DHCP and static IPs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark Fletcher wrote: > On Tue, Dec 26, 2017 at 01:05:03PM +0100, Pascal Hambourg wrote: >> Le 26/12/2017 à 12:33, Dan Purgert a écrit : >> > >> > > Now 192.168.1.1 is the default gateway the firewall supplies the >> > > AirStation (ie it supplies

Re: Mixing and Matching DHCP and static IPs

On Tue, Dec 26, 2017 at 03:43:50PM +0100, Pascal Hambourg wrote: > > > > > > > The firewall's routing rules are (amongst other rules > > which I don't believe relevant -- and external interface name elided): > > > > iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT > >

Re: Mixing and Matching DHCP and static IPs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pascal Hambourg wrote: > Le 26/12/2017 à 12:33, Dan Purgert a écrit : >> [...] >> Sounds like perhaps the airstation is blocking client devices from >> talking to "bogus" network addresses. This is generally a feature of >> consumer gear to stop you

Re: Mixing and Matching DHCP and static IPs

Le 26/12/2017 à 14:55, Mark Fletcher a écrit : I would also expect that if it did not know that, it would send packets for 192.168.1.3 to 192.168.1.1 for forwarding, just as it does every packet that is destined for the internet -- and I would expect the firewall to be able to forward them,

Re: Mixing and Matching DHCP and static IPs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark Fletcher wrote: > --001a113ec1c0f4dccb05613d0b84 > Content-Type: text/plain; charset="UTF-8" > Content-Transfer-Encoding: quoted-printable > > On Tue, Dec 26, 2017 at 20:40 Dan Purgert wrote: > >> >> Sounds like perhaps the

Re: Mixing and Matching DHCP and static IPs

Pascal Hambourg wrote: > And lose the protection provided by the firewall to wireless devices ? > Sounds like a great idea. > It is more dangerous having the WLAN behind your firewall. I hope you understand this. >> or you can turn off the firewall there completely > > And push your logic to

Re: Mixing and Matching DHCP and static IPs

On Tue, Dec 26, 2017 at 01:05:03PM +0100, Pascal Hambourg wrote: > Le 26/12/2017 à 12:33, Dan Purgert a écrit : > > > > > Now 192.168.1.1 is the default gateway the firewall supplies the > > > AirStation (ie it supplies itself as the gateway) when the AirStation > > > makes a DHCP request, and

Re: Mixing and Matching DHCP and static IPs

Le 26/12/2017 à 12:33, Dan Purgert a écrit : Mark Fletcher wrote: [...] AirStation LAN is 192.168.11.0/24, outside AirStation LAN is 192.168.1.1, .2 and .3 -- note the third octet difference for internal You seem to have set up a situation of double-NAT. This means that while 11.x can

Re: Mixing and Matching DHCP and static IPs

On Tue, Dec 26, 2017 at 20:40 Dan Purgert wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Mark Fletcher wrote: > > [...] > > AirStation LAN is 192.168.11.0/24, outside AirStation LAN is > > 192.168.1.1, .2 and .3 -- note the third octet difference for internal > > You

Re: Mixing and Matching DHCP and static IPs

Le 26/12/2017 à 12:10, deloptes a écrit : Looks like Airstation is WLAN router - I would put it infront of the firewall and DMZ to the firewall And lose the protection provided by the firewall to wireless devices ? Sounds like a great idea. or you can turn off the firewall there

Re: Mixing and Matching DHCP and static IPs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark Fletcher wrote: > [...] > AirStation LAN is 192.168.11.0/24, outside AirStation LAN is > 192.168.1.1, .2 and .3 -- note the third octet difference for internal You seem to have set up a situation of double-NAT. This means that while 11.x can

Re: Mixing and Matching DHCP and static IPs

Mark Fletcher wrote: > split -- there are essentially two splits because there are two > firewalls -- one of which I want and one I can't turn off. The firewall > I set up sits at the outermost edge of the network (obviously) and has 2 > interfaces. The other is at the AirStation, which regards

Re: Mixing and Matching DHCP and static IPs

On Mon, Dec 25, 2017 at 10:49 AM, Marc Auslander wrote: > The safest way to fix an ip address in a dhcp served network is to tell > the dhcp server to associate that address with the mac of the unit. The > address should be outside the dhcp range you set up. I normall pin

Re: Mixing and Matching DHCP and static IPs

On Monday 25 December 2017 19:54:10 Mark Fletcher wrote: > On Mon, Dec 25, 2017 at 06:00:00PM +0100, deloptes wrote: > > Henning Follmann wrote: > > > > Mark can start by drawing a diagram of the setup, configuring the > > DHCP an DNS and firewall properly. > > Ad DHCP Mark, you can setup a range

Re: Mixing and Matching DHCP and static IPs

Le 25/12/2017 à 16:23, Mark Fletcher a écrit : There's no way to describe this with all the relevant info in a short way Yes there is a way. You really talk too much. so I'll try instead to make this as entertaining a read as I can. You failed. Ther result is just long and boring. the

Re: Mixing and Matching DHCP and static IPs

On Mon, Dec 25, 2017 at 05:53:42PM +0100, Sven Hartge wrote: > Marc Auslander wrote: > > > The safest way to fix an ip address in a dhcp served network is to tell > > the dhcp server to associate that address with the mac of the unit. The > > address should be outside the

Re: Mixing and Matching DHCP and static IPs

On Mon, Dec 25, 2017 at 11:49:17AM -0500, Marc Auslander wrote: > The safest way to fix an ip address in a dhcp served network is to tell > the dhcp server to associate that address with the mac of the unit. The > address should be outside the dhcp range you set up. I normall pin down > all my

Re: Mixing and Matching DHCP and static IPs

On Mon, Dec 25, 2017 at 06:00:00PM +0100, deloptes wrote: > Henning Follmann wrote: > > Mark can start by drawing a diagram of the setup, configuring the DHCP an > DNS and firewall properly. > Ad DHCP Mark, you can setup a range with static and a range with dynamic IP > addresses. All that has

Re: Mixing and Matching DHCP and static IPs

> Henning Follmann wrote: > > > 1) You talk too much. And you are rude. Solution: learn some manners. If you don't have the attention span to read more than a few lines of prose, I'm not interested in your attempts to make that my problem. As others have demonstrated, plenty people do. > >

Re: Mixing and Matching DHCP and static IPs

2017-12-25 16:23 keltezéssel, Mark Fletcher írta: > Can anyone guess what might be wrong with the setup that is preventing > me from being able to reach 192.168.1.3 from inside the AirStation LAN? > And how I could fix it? Google turned up the static-routes option of > dhcpd, which it appears

Re: Mixing and Matching DHCP and static IPs

Henning Follmann wrote: > 1) You talk too much. > Solution: be precise but not chatty. Get to the point. > > 2) Your network setup is overly complicated. > Solution: simplify! Also very important: complexity is the enemy of > security. Your set up should be straight forward that any issue

Re: Mixing and Matching DHCP and static IPs

Marc Auslander wrote: > The safest way to fix an ip address in a dhcp served network is to tell > the dhcp server to associate that address with the mac of the unit. The > address should be outside the dhcp range you set up. I normall pin down > all my connected devices

Re: Mixing and Matching DHCP and static IPs

The safest way to fix an ip address in a dhcp served network is to tell the dhcp server to associate that address with the mac of the unit. The address should be outside the dhcp range you set up. I normall pin down all my connected devices that way, leaving the dhcp assignment for guests etc.

Re: Mixing and Matching DHCP and static IPs

On Tue, Dec 26, 2017 at 12:23:41AM +0900, Mark Fletcher wrote: > Greetings and Merry Christmas / Happy Hannukah / insert appropriate > greeting here > > There's no way to describe this with all the relevant info in a short > way, so I'll try instead to make this as entertaining a read as I can.

Mixing and Matching DHCP and static IPs

Greetings and Merry Christmas / Happy Hannukah / insert appropriate greeting here There's no way to describe this with all the relevant info in a short way, so I'll try instead to make this as entertaining a read as I can. For the first time ever I have tried to introduce a machine with a