From: adam@address.invalid   
      
   Moe Trin wrote:   
   > On Sat, 19 Jan 2013, in the Usenet newsgroup alt.os.linux.mandriva,   
   > in article , Adam wrote:   
      
   [Thinkpad T60]   
      
   >> (Although spring-term   
   >> classes are a great place to pick up anything contagious, ugh.)   
   >   
   > Is that medical, or computer contagions?   
      
   Medical, probably a respiratory infection.  Definitely sick with   
   something, also get out of breath easily.  Just started on antibiotics.   
      
   >> everything has a static address specified in   
   >> /etc/sysconfig/network-scripts/ifcfg-whatever .  That's because (a) it   
   >> worked and (b) I don't recall any recommendations to do it any other   
   >> way.   
   >   
   > DHCP is the more common setup   
   > because it usually works and requires little to no thinking on the   
   > part of the person setting up the computer. The technical burden is   
   > transferred to the person who has to set up the DHCP server   
      
   When I first got DSL I used DHCP to get everything up ASAP, but IIRC   
   somebody somewhere suggested using static addressing so I switched.   
      
   >>> Because the wireless side of helot does indeed go out and about,   
   >>> I'd suggest setting it for DHCP.  At home if you're using the   
   >>> wireless, I'd suggest setting the router to hand out a "fixed"   
   >>> wireless address based on the hardware address associated with   
   >>> helot's wireless interface   
      
   I don't see any way for my router to do that.  The router just hands out   
   an unused address within the range I've specified for DHCP, currently   
   192.168.1.55 through 192.168.1.62.  Obviously that range can't overlap   
   with any fixed addresses.  Would enabling MAC authentication on the   
   router help?   
      
   >> Would using   
   >> separate ranges for wired and wireless make things easier or better?   
   >   
   > It may make it easier for   
   > for router, but if it's acting as a bridge this may not be the case.   
      
   Sounds like it might be worth changing eventually.   
      
   > let's start by talking about the routing problem  [...]   
   > Now let's get complicated and have BOTH interfaces up, and some   
   > systems reachable on the Ethernet, some only on wireless.   
      
   I'm doing that already, stolid using its eth0 and eris using its wlan0,   
   and it all works.  I thought that was because the systems didn't   
   communicate with each other directly, but only through the router.  Both   
   systems can also use the network printer, although I don't know what   
   will happen if both try to use it at the same time.   
      
   > I thought you had solved this when you had eris on one   
   > link, and stolid or retread on the other - using the DSL router as a   
   > transparent bridge. That involves telling the router to act as a   
   > bridge and have it do proxy-arp if needed.  Stolid would try to talk   
   > to the hpclj5 by noting it has a "local" IP address, sending an ARP   
   > packet ("who-has 192.168.1.33") and the hpclj5 on hearing the request   
   > responding with a "192.168.1.33 is-at 00:40:17:34:ef:40").  If it   
   > were to try to talk to eris, AND eris is on the wireless link, eris   
   > wouldn't hear the ARP request - and stolid would report "you can't   
   > get there from here"... UNLESS the DSL router is doing bridging and/or   
   > proxy-arp/forwarding.    The router hearing the arp request, AND if   
   > it knows eris is up and on wireless (it should check), would reply   
   > to stolid saying "192.168.1.33 is-at ds:l-:ha:rd:wa:re" and stolid   
   > would be able to talk (with the router silently forwarding packets   
   > each way).   
      
   Is that what I'm already doing?  Even if I don't quite understand that   
   explanation yet? :-)   
      
   [nmap and netstat]   
      
   >> [stolid] is its own DNS server, but shouldn't be acting as one for   
   >> anything else.  Gotta look into that.  (For everything else, to get   
   >> them up quickly they're using the VZ DNS for now.)   
   >   
   > Do you mean it's set to serve for your LAN?   
      
   I think it /is/ set, although I don't think I want it to be.   
      
   [root@stolid ~]# netstat -atpu | grep named   
   tcp  0  0 localhost.localdomain:953    *:*  LISTEN  3512/named   
   tcp  0  0 localhost.localdomain:5380   *:*  LISTEN  3512/named   
   tcp  0  0 stolid.aplomb.invali:domain  *:*  LISTEN  3512/named   
   tcp  0  0 localhost.localdomai:domain  *:*  LISTEN  3512/named   
   udp  0  0 stolid.aplomb.in:domain      *:*          3512/named   
   udp  0  0 localhost.locald:domain      *:*          3512/named   
   [root@stolid ~]#   
      
   I want all the other systems to have connectivity even if stolid isn't   
   available.   
      
   > Betraying my lack of knowledge of your LAN   
      
   Do I really have such an unusual or nonstandard configuration?  What   
   would be "standard practice"?   
      
   > I thought you had everyone using the router as   
   > the DNS, and it was set up as a forwarder (asking the Verizon servers   
   > to resolve names it didn't know about).   
      
   "stolid" (the only one completely configured IMO) is its own DNS.   
      
   > I recall you had it set to forward to an open-DNS server such   
   > as ultradns.net or opendns.com - or google, or...   
      
   The other systems are currently set to forward to the Verizon DNSs just   
   to get them up ASAP, though I intend to change those to some open-DNS   
   then make each system its own DNS.  The router is set up to ask two   
   specific VZ DNS but (a) I don't /think/ any system's network   
   configuration has it doing that, and (b) I don't think it's possible for   
   /me/ to change those addresses in the router, only VZ remotely.   
      
   [open services]   
      
   >> All (except ssh) need to be disabled.   
      
   I'm confused about cups vs. cupsd.  The LJ is connected to the router,   
   while the inkjet has a USB connection to stolid.  I don't have (and   
   don't think I want) a print server as long as everything can use the LJ.   
     For the few things needing the inkjet I'll move the file to stolid and   
   print it from there.  I gather this means that all systems need cups,   
   but none need cupsd, but I'm not sure how to configure that.   
      
   >>> You should check what eris is offering through the firewall (hit it   
   >>> with nmap as above).   
   [...]   
   > Some distros have stuff   
   > running wide-open because it's easiest to do, AND THEN cover their   
   > ass by running a firewall which blocks external access to them.  I'd   
   > prefer to not waste the CPU cycles and memory in the first place, but   
   > a system behind the firewall is better than one out in the open.   
      
   I assume you meant running nmap from within the LAN, not from outside   
   it.  Results are on   
   http://mysite.verizon.net/adam707/sitebuildercontent/sitebuilder   
   iles/nmap-130129.txt   
   and I see CentOS could use some work but I'm not sure what else those   
   results tell me.   
      
   [homemade "laptop desk"]   
      
   Version 1 (the 3/4" board) is now here, mainly so I can see what will   
   need to be added for version 2 (plywood w/veneer).  I put way too much   
      
   [continued in next message]   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)