On Thu, Dec 28, 2017 at 03:31:11PM +0100, Pascal Hambourg wrote:
> Le 28/12/2017 à 13:01, Mark Fletcher a écrit :
> >
> > Beyond the man pages for DHCPD is
> > there a good reference anyone can recommend for exactly what happens
> > when a DHCP request is made?
>
> The authoritative sources are t
Le 28/12/2017 à 13:01, Mark Fletcher a écrit :
That means that, if the goal were only to get a working setup, that has
now been achieved. However, if you'll indulge me further, I'm now very
curious about how I can get the AirStation to have a sensible routing
table -- surely it must be possible.
On Wed, Dec 27, 2017 at 06:13:41PM +0100, Pascal Hambourg wrote:
> Le 27/12/2017 à 16:07, Mark Fletcher a écrit :
> >
> If you want to check this you can just try to accept any packets forwarded
> from the internal interface to itself.
>
> iptables -A FORWARD -i enp0s20u3 -o enp0s20u3 -j ACCEPT
>
Le 27/12/2017 à 16:07, Mark Fletcher a écrit :
my Stretch desktop inside the AirStation LAN showed that can also now
ping to the PI. This represents major progress.
However, I still cannot ssh from the Stretch desktop to the PI (although
I still CAN ssh from the firewall to the PI, and I can st
On Tue, Dec 26, 2017 at 04:33:57PM +0100, Pascal Hambourg wrote:
> Le 26/12/2017 à 16:05, Mark Fletcher a écrit :
> >
> > At the risk of further advertising my ignorance, 3 as an 8-bit binary is
> > 0011, and 252 in binary is 1100, so why doesn't that mask "fit"
> > with that address? (if
On Tue, Dec 26, 2017 at 05:04:34PM +0100, Pascal Hambourg wrote:
> Le 26/12/2017 à 16:49, Michael Stone a écrit :
> >
> > This is unnecessarily complicated, and will make your life harder than
> > it needs to be. The best thing would be to not use the airstation as a
> > router at all, just use it
On Tue, Dec 26, 2017 at 02:30:27PM -0500, Dan Ritter wrote:
> On Mon, Dec 25, 2017 at 08:25:52PM -0600, Paul Johnson wrote:
> > On Mon, Dec 25, 2017 at 10:49 AM, Marc Auslander
> > wrote:
> >
>
> Sample dhcpd config for a static IP assignment:
>
> host thatonemachine {
> hardware ethernet d0:e
On Mon, Dec 25, 2017 at 08:25:52PM -0600, Paul Johnson wrote:
> On Mon, Dec 25, 2017 at 10:49 AM, Marc Auslander
> wrote:
>
> > The safest way to fix an ip address in a dhcp served network is to tell
> > the dhcp server to associate that address with the mac of the unit. The
> > address should b
Le 26/12/2017 à 17:20, Michael Stone a écrit :
On Tue, Dec 26, 2017 at 05:04:34PM +0100, Pascal Hambourg wrote:
As any SOHO router, it is likely that the Airstation masquerades
forwarded connections, so other nodes on its WAN side do no see the
real 192.168.11.x addresses but only the WAN side
On Tue, Dec 26, 2017 at 05:04:34PM +0100, Pascal Hambourg wrote:
As any SOHO router, it is likely that the Airstation masquerades
forwarded connections, so other nodes on its WAN side do no see the
real 192.168.11.x addresses but only the WAN side address of the
Airstation, 192.168.1.2.
Yes,
Le 26/12/2017 à 16:49, Michael Stone a écrit :
This is unnecessarily complicated, and will make your life harder than
it needs to be. The best thing would be to not use the airstation as a
router at all, just use it as a switch + wireless access point in a flat
configuration, with the router
On Tue, Dec 26, 2017 at 12:23:41AM +0900, Mark Fletcher wrote:
I run a home network with what might be slightly unusual topology. At
the centre of it is a Buffalo Airstation which services a bunch of
iDevices, a couple of Androids, a Windoze laptop,
It's bad enough having to read a really long
Le 26/12/2017 à 15:50, Dan Purgert a écrit :
Pascal Hambourg wrote:
Le 26/12/2017 à 12:33, Dan Purgert a écrit :
[...]
Sounds like perhaps the airstation is blocking client devices from
talking to "bogus" network addresses. This is generally a feature of
consumer gear to stop you from trying
Le 26/12/2017 à 16:05, Mark Fletcher a écrit :
At the risk of further advertising my ignorance, 3 as an 8-bit binary is
0011, and 252 in binary is 1100, so why doesn't that mask "fit"
with that address? (if you'll pardon my poor terminology) Put another
way, why do I need to zero out ano
On Tue, Dec 26, 2017 at 03:02:46PM -, Dan Purgert wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> >>
> > The netmask is 255.255.255.252. I just tried changing it to 248, ie
> > zeroing out one more bit, but that did not help. (changed it by changing
> > the netmask supplied by
On Tue, Dec 26, 2017 at 02:31:05PM -, Dan Purgert wrote:
> >> No, the airstation having been given an address 192.168.1.x/24 will know
> >> that it can directly reach any host 192.168.1.1 through 192.168.1.254
> >> inclusive.
> >>
> >
> > Except for some reason it doesn't seem to (or, rather, t
On Tue, Dec 26, 2017 at 02:50:44PM -, Dan Purgert wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Pascal Hambourg wrote:
> > Le 26/12/2017 à 12:33, Dan Purgert a écrit :
> >> [...]
> >> Sounds like perhaps the airstation is blocking client devices from
> >> talking to "bogus" netw
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark Fletcher wrote:
> On Tue, Dec 26, 2017 at 01:05:03PM +0100, Pascal Hambourg wrote:
>> Le 26/12/2017 à 12:33, Dan Purgert a écrit :
>> >
>> > > Now 192.168.1.1 is the default gateway the firewall supplies the
>> > > AirStation (ie it supplies itse
On Tue, Dec 26, 2017 at 03:43:50PM +0100, Pascal Hambourg wrote:
> > >
>
>
> > The firewall's routing rules are (amongst other rules
> > which I don't believe relevant -- and external interface name elided):
> >
> > iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
> > ip
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pascal Hambourg wrote:
> Le 26/12/2017 à 12:33, Dan Purgert a écrit :
>> [...]
>> Sounds like perhaps the airstation is blocking client devices from
>> talking to "bogus" network addresses. This is generally a feature of
>> consumer gear to stop you f
Le 26/12/2017 à 14:55, Mark Fletcher a écrit :
I would also expect that if it did not know
that, it would send packets for 192.168.1.3 to 192.168.1.1 for
forwarding, just as it does every packet that is destined for the
internet -- and I would expect the firewall to be able to forward them,
sin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark Fletcher wrote:
> --001a113ec1c0f4dccb05613d0b84
> Content-Type: text/plain; charset="UTF-8"
> Content-Transfer-Encoding: quoted-printable
>
> On Tue, Dec 26, 2017 at 20:40 Dan Purgert wrote:
>
>>
>> Sounds like perhaps the airstation is blocking
Pascal Hambourg wrote:
> And lose the protection provided by the firewall to wireless devices ?
> Sounds like a great idea.
>
It is more dangerous having the WLAN behind your firewall. I hope you
understand this.
>> or you can turn off the firewall there completely
>
> And push your logic to t
On Tue, Dec 26, 2017 at 01:05:03PM +0100, Pascal Hambourg wrote:
> Le 26/12/2017 à 12:33, Dan Purgert a écrit :
> >
> > > Now 192.168.1.1 is the default gateway the firewall supplies the
> > > AirStation (ie it supplies itself as the gateway) when the AirStation
> > > makes a DHCP request, and I'm
Le 26/12/2017 à 12:33, Dan Purgert a écrit :
Mark Fletcher wrote:
[...]
AirStation LAN is 192.168.11.0/24, outside AirStation LAN is
192.168.1.1, .2 and .3 -- note the third octet difference for internal
You seem to have set up a situation of double-NAT. This means that
while 11.x can easily
On Tue, Dec 26, 2017 at 20:40 Dan Purgert wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Mark Fletcher wrote:
> > [...]
> > AirStation LAN is 192.168.11.0/24, outside AirStation LAN is
> > 192.168.1.1, .2 and .3 -- note the third octet difference for internal
>
> You seem to have se
Le 26/12/2017 à 12:10, deloptes a écrit :
Looks like Airstation is WLAN router - I would put it infront of the
firewall and DMZ to the firewall
And lose the protection provided by the firewall to wireless devices ?
Sounds like a great idea.
or you can turn off the firewall there completely
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark Fletcher wrote:
> [...]
> AirStation LAN is 192.168.11.0/24, outside AirStation LAN is
> 192.168.1.1, .2 and .3 -- note the third octet difference for internal
You seem to have set up a situation of double-NAT. This means that
while 11.x can e
Mark Fletcher wrote:
> split -- there are essentially two splits because there are two
> firewalls -- one of which I want and one I can't turn off. The firewall
> I set up sits at the outermost edge of the network (obviously) and has 2
> interfaces. The other is at the AirStation, which regards it
On Mon, Dec 25, 2017 at 10:49 AM, Marc Auslander
wrote:
> The safest way to fix an ip address in a dhcp served network is to tell
> the dhcp server to associate that address with the mac of the unit. The
> address should be outside the dhcp range you set up. I normall pin down
> all my connecte
On Monday 25 December 2017 19:54:10 Mark Fletcher wrote:
> On Mon, Dec 25, 2017 at 06:00:00PM +0100, deloptes wrote:
> > Henning Follmann wrote:
> >
> > Mark can start by drawing a diagram of the setup, configuring the
> > DHCP an DNS and firewall properly.
> > Ad DHCP Mark, you can setup a range
Le 25/12/2017 à 16:23, Mark Fletcher a écrit :
There's no way to describe this with all the relevant info in a short
way
Yes there is a way. You really talk too much.
so I'll try instead to make this as entertaining a read as I can.
You failed. Ther result is just long and boring.
the in
On Mon, Dec 25, 2017 at 05:53:42PM +0100, Sven Hartge wrote:
> Marc Auslander wrote:
>
> > The safest way to fix an ip address in a dhcp served network is to tell
> > the dhcp server to associate that address with the mac of the unit. The
> > address should be outside the dhcp range you set up.
On Mon, Dec 25, 2017 at 11:49:17AM -0500, Marc Auslander wrote:
> The safest way to fix an ip address in a dhcp served network is to tell
> the dhcp server to associate that address with the mac of the unit. The
> address should be outside the dhcp range you set up. I normall pin down
> all my co
On Mon, Dec 25, 2017 at 06:00:00PM +0100, deloptes wrote:
> Henning Follmann wrote:
>
> Mark can start by drawing a diagram of the setup, configuring the DHCP an
> DNS and firewall properly.
> Ad DHCP Mark, you can setup a range with static and a range with dynamic IP
> addresses. All that has sta
> Henning Follmann wrote:
>
> > 1) You talk too much.
And you are rude. Solution: learn some manners. If you don't have the
attention span to read more than a few lines of prose, I'm not
interested in your attempts to make that my problem. As others have
demonstrated, plenty people do.
> >
>
2017-12-25 16:23 keltezéssel, Mark Fletcher írta:
> Can anyone guess what might be wrong with the setup that is preventing
> me from being able to reach 192.168.1.3 from inside the AirStation LAN?
> And how I could fix it? Google turned up the static-routes option of
> dhcpd, which it appears co
Henning Follmann wrote:
> 1) You talk too much.
> Solution: be precise but not chatty. Get to the point.
>
> 2) Your network setup is overly complicated.
> Solution: simplify! Also very important: complexity is the enemy of
> security. Your set up should be straight forward that any issue becomes
Marc Auslander wrote:
> The safest way to fix an ip address in a dhcp served network is to tell
> the dhcp server to associate that address with the mac of the unit. The
> address should be outside the dhcp range you set up. I normall pin down
> all my connected devices that way, leaving the dh
The safest way to fix an ip address in a dhcp served network is to tell
the dhcp server to associate that address with the mac of the unit. The
address should be outside the dhcp range you set up. I normall pin down
all my connected devices that way, leaving the dhcp assignment for
guests etc. I
On Tue, Dec 26, 2017 at 12:23:41AM +0900, Mark Fletcher wrote:
> Greetings and Merry Christmas / Happy Hannukah / insert appropriate
> greeting here
>
> There's no way to describe this with all the relevant info in a short
> way, so I'll try instead to make this as entertaining a read as I can.
Greetings and Merry Christmas / Happy Hannukah / insert appropriate
greeting here
There's no way to describe this with all the relevant info in a short
way, so I'll try instead to make this as entertaining a read as I can.
For the first time ever I have tried to introduce a machine with a
stat
42 matches
Mail list logo
