date:20220328

Re: network mystery!!??

2022-03-28 Thread Samuel Sieb


On 3/28/22 12:10, Jack Craig wrote:
i needed more wifi service so i bought the nighthawk thinking to cascade 
the NH behind(required)
arris bgw210700. in last years config, i had all traffic routed through 
the ATT and did port mapping from the internet

from static ip external to internal network(10.0.0.0) on the NH.

10.0.0.0 was not shared with the public subnet and it all just worked.

tracing ip's & networks, i get...

108.90.204.1   isp GW
108.90.204.76 isp ATT rtr (WAN side)

192.168.1.254 ATT rtr access (LAN side)

10.0.0.1   NH  GW   (NH LAN )

10.0.0.101  (aka 108.220.213.121)  WS srvr.

is this an unreasonable configuration given my goal?

it was also asked what networks i used to transition public subnet to
private subnet as, ...

192.168.1.0 to 10.0.0.0


Instead of all this random noise, can you please make a diagram of your 
devices, their ports and which IP is where.  Your questions and 
descriptions are mostly incomprehensible.  You had an almost useful 
diagram a couple of days ago, but with no IP addresses.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

How to retrieveve user's credential from IPA database?

2022-03-28 Thread Roger Seguin

We have a GUI-based computer program that drives an external device/machine.
By default our software only displays limited information on that external 
device.

However, when a power user (group defined in /etc) identifies himself by 
entering their credentials through our software GUI, our software then checks 
those credentials against /etc/shadow using crypt() and getspnam() and, if 
succesful, provides extra functions for configuring our external device/machine.

Actually, our software runs on several networked computers and our users, which 
are all local (defined in /etc), are duplicated on each computer.
This is not ideal and we would rather like to have all users managed by IPA in 
a central place (dedicated computer as the IPA server) with our software 
running in IPA clients. Therefore, our software won't be able to check users' 
credentials using the local /etc/shadow file anymore.

Basically, we would need to be able to query IPA programmatically (C language - 
or at least a shell script) to check that a username+password is correct.

How can we process?
Thanks
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: network mystery!!??

2022-03-28 Thread Jack Craig

thx, i was about to ask for recommendations, i'll read this and see what
coherence i can bring to this site

On Mon, Mar 28, 2022 at 4:30 PM Go Canes  wrote:

> On Mon, Mar 28, 2022 at 3:11 PM Jack Craig 
> wrote:
> > On Mon, Mar 28, 2022 at 7:22 AM Go Canes 
> wrote:
> >> I've been reluctant to contribute as well, due to not really
> >> understanding the setup.  But given the Cable Modem was replaced, I've
> >> been wondering if this is as simple as the prior modem being in
> >> "bridge mode" - i.e. passing all traffic without usingg NAT or routing
> >
> >
> > i had thought of using the firewalls of both the ATT rtr & NH firewalls
> passing through
> > http & https. also i thought bridge mode wsa a security risk???
>
> *Anything* exposed to the internet suffers the security risk
> (including your web server).  If the NH (Nighthawk, I am assuming) is
> running in "firewall" mode, putting the Cable Modem in bridge mode
> moves the risk from the Cable Modem to the Nighthawk.  IMHO, *you*
> control the updates to the Nighthawk, so you can make sure it is
> up-to-date.  Your ISP may or may not keep the Cable Modem up-to-date.
>
> Since you have two firewall/NAT routers (if I have understood things
> correctly), you might consider connecting all the Internet exposed
> systems to the Cable Modem (assuming it has multiple ports), and put
> your private systems behind the Nighthawk.
>
> Crude diagram of what I am suggesting that may or may not survive
> formatting.:
>
> ISP - Cable Modem -| - Web Server
>   | - something else that needs to be
> publicly accessible
>   | - Nighthawk -|- laptop
>  | - desktop
>
> (and I have no idea if this fits in with how your ISP has your IP
> subnet configured - I am starting with a clean slate.)
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: network mystery!!??

2022-03-28 Thread George N. White III

On Fri, 25 Mar 2022 at 23:30, Jack Craig  wrote:

>
> i have a networking mystery ; i hope someone might give me a clue.
>
> i am working to restore a web server to internet access that is failing
> after att update
> the att older modem (pace 5238ac) with arris BGW210-700.
>

Did it come with manuals (or URL's for manuals)?
Arris BGW210-700 Broadband Gateway User Manual and Admin Help - Manuals+

 has:

The BGW210-700 Broadband Gateway hardware platform can host different
software.
The Advanced Residential Gateway supports VoIP, IPv6, video delivery,
security firewall,
and extensive remote management features.  The BGW210-700 Broadband Gateway
delivers robust video, primary line telephony, and high-speed data over
broadband networks
via high-speed Internet connectivity. The four Gigabit Ethernet ports can
be separated into
different services allowing the configuration of dedicated ports for data.

The Ask ARRIS web site gives you web access to service and support tools.
You will
need to register using your support contract ID and email address. Ask
ARRIS is located at:

http://www.arris.com/support

Unless another community member has encountered the same hardware and use
case, you
are going to need a proper technical manual.

> i have a static ip from att in the range 108.220.213.0/255.255.255.248,
> 108.220.213.121 is the external ip for the server.
>
> the bgw210-700 is the primary router/modem and is connected to a 3rd party
> router, netgear nighthawk,
>
>
You might be able to relegate firewall duties to the NetGear box:

Bridge-mode vs IP Pass-through - Setup Information | AT&T Community Forums
(att.com)

[...]

-- 
George N. White III
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: network mystery!!??

2022-03-28 Thread Go Canes

On Mon, Mar 28, 2022 at 3:11 PM Jack Craig  wrote:
> On Mon, Mar 28, 2022 at 7:22 AM Go Canes  wrote:
>> I've been reluctant to contribute as well, due to not really
>> understanding the setup.  But given the Cable Modem was replaced, I've
>> been wondering if this is as simple as the prior modem being in
>> "bridge mode" - i.e. passing all traffic without usingg NAT or routing
>
>
> i had thought of using the firewalls of both the ATT rtr & NH firewalls 
> passing through
> http & https. also i thought bridge mode wsa a security risk???

*Anything* exposed to the internet suffers the security risk
(including your web server).  If the NH (Nighthawk, I am assuming) is
running in "firewall" mode, putting the Cable Modem in bridge mode
moves the risk from the Cable Modem to the Nighthawk.  IMHO, *you*
control the updates to the Nighthawk, so you can make sure it is
up-to-date.  Your ISP may or may not keep the Cable Modem up-to-date.

Since you have two firewall/NAT routers (if I have understood things
correctly), you might consider connecting all the Internet exposed
systems to the Cable Modem (assuming it has multiple ports), and put
your private systems behind the Nighthawk.

Crude diagram of what I am suggesting that may or may not survive
formatting.:

ISP - Cable Modem -| - Web Server
  | - something else that needs to be
publicly accessible
  | - Nighthawk -|- laptop
 | - desktop

(and I have no idea if this fits in with how your ISP has your IP
subnet configured - I am starting with a clean slate.)
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: network mystery!!??

2022-03-28 Thread Jack Craig

On Sat, Mar 26, 2022 at 11:40 PM Jack Craig 
wrote:

>
>
> On Sat, Mar 26, 2022 at 11:06 PM Ed Greshko 
> wrote:
>
>> On 27/03/2022 13:57, Jack Craig wrote:
>> >
>> >
>> > On Sat, Mar 26, 2022 at 10:20 PM Ed Greshko 
>> wrote:
>> >
>> > On 27/03/2022 12:19, Jack Craig wrote:
>> > > after much wailing and gnashing of teeth, att did send a tech and
>> for general internet access its fine.
>> > > just not working with my configuration...
>> > >
>> > > at the moment, trying to find a static route option for att rtr.
>> > >
>> > > static routes on the internal router wont help, right??
>> >
>> > I guess I don't really understand what HW and Physical
>> Configuration.
>> >
>> > You have a DSL router.  The router has 4 Ethernet ports.  In your
>> configuration, what are these ports connected to?
>> >
>> >
>> > ok, ...
>> >
>> > (internet)---lan connect---> nighthawk>--lan connect-[netgear switch]--
>> >
>> > make sense?
>> >
>>
>> Is your srvr configured manually?  Meaning, a static IP?
>>
>> If so, try connecting the bgw210700 directly to the srvr.  Then try
>> accessing sites from the server.
>>
>
> but srvr is on 10.0.0.101, att rtr is between 192.168.1.254 and
> 108.90.204.76.
>
> still make sense??
>

192.168.1.254 is att rtr (i can'see',but not touch 108.90.204.0)
att rtr is dhcp 192.168.63-192.168.1.200)

10.0.0.1 is the NH using port mapping to map 108.220.213.121 <-->
10.0.0.101

is my configuration goal an unreasonable one?

>
>
>>
>> --
>> Did 황준호 die?
>> ___
>> users mailing list -- users@lists.fedoraproject.org
>> To unsubscribe send an email to users-le...@lists.fedoraproject.org
>> Fedora Code of Conduct:
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
>> Do not reply to spam on the list, report it:
>> https://pagure.io/fedora-infrastructure
>>
>
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: network mystery!!??

2022-03-28 Thread Jack Craig

On Mon, Mar 28, 2022 at 7:22 AM Go Canes  wrote:

> On Mon, Mar 28, 2022 at 12:18 AM Ed Greshko 
> wrote:
> >
> > On 28/03/2022 11:33, Samuel Sieb wrote:
> > > Is it really just me?  I see various people responding.  Do you
> actually understand what his setup is?  It doesn't make any sense at all to
> me.
> >
> > It is not only you.  I haven't grasped the setup either.
> >
> > However, I would note that everything was working for him the way he
> wanted until his Broadband supplier
> > replaced the Cable Modem.
>
> I've been reluctant to contribute as well, due to not really
> understanding the setup.  But given the Cable Modem was replaced, I've
> been wondering if this is as simple as the prior modem being in
> "bridge mode" - i.e. passing all traffic without usingg NAT or routing
>

i had thought of using the firewalls of both the ATT rtr & NH firewalls
passing through
http & https. also i thought bridge mode wsa a security risk???

> - and the new modem needs to be reconfigured?
>

att came on site and reconfigured the bgw210700 to its setup
as I bought the static ip & isp service,
i expect they have it properly set, But!
as you see i am over my head...

last year this time,   i had a pace 5238ac in the at&t rtr role.
as the result of a mid february sserive upgrade/rtr replacement.

i needed more wifi service so i bought the nighthawk thinking to cascade
the NH behind(required)
arris bgw210700. in last years config, i had all traffic routed through the
ATT and did port mapping from the internet
from static ip external to internal network(10.0.0.0) on the NH.

10.0.0.0 was not shared with the public subnet and it all just worked.

tracing ip's & networks, i get...

108.90.204.1   isp GW
108.90.204.76 isp ATT rtr (WAN side)

192.168.1.254 ATT rtr access (LAN side)

10.0.0.1   NH  GW   (NH LAN )

10.0.0.101  (aka 108.220.213.121)  WS srvr.

is this an unreasonable configuration given my goal?

it was also asked what networks i used to transition public subnet to
private subnet as, ...

192.168.1.0 to 10.0.0.0

> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: network mystery!!??

2022-03-28 Thread Go Canes

On Mon, Mar 28, 2022 at 12:18 AM Ed Greshko  wrote:
>
> On 28/03/2022 11:33, Samuel Sieb wrote:
> > Is it really just me?  I see various people responding.  Do you actually 
> > understand what his setup is?  It doesn't make any sense at all to me.
>
> It is not only you.  I haven't grasped the setup either.
>
> However, I would note that everything was working for him the way he wanted 
> until his Broadband supplier
> replaced the Cable Modem.

I've been reluctant to contribute as well, due to not really
understanding the setup.  But given the Cable Modem was replaced, I've
been wondering if this is as simple as the prior modem being in
"bridge mode" - i.e. passing all traffic without usingg NAT or routing
- and the new modem needs to be reconfigured?
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: network mystery!!??

How to retrieveve user's credential from IPA database?

Re: network mystery!!??

Re: network mystery!!??

Re: network mystery!!??

Re: network mystery!!??

Re: network mystery!!??

Re: network mystery!!??

8 matches

Site Navigation

Mail list logo

Footer information