I am trying to configure a cups server located in a subnet, that have to comunicate with printers installed in others subnets. For example:
cups server ip: 192.168.0.1 /16
printer 01 ip: 192.168.1.10/16
printer 02 ip: 192.168.2.10/16
(and so on)
The cups server is installed on a Debian server, and from this server I am able to ping all the printers. I have installed the printers with lpd protocol (like many others times with that machines) but when I launch a print job, the error_log file tell me that the printer is unreachable. I suspect that I need to modify the /etc/cups/cupsd.conf file, but I can't find out the right option. Someone can help me?

Thanks for taking a look to my issue and think with me for a solution. I have a samba server on a subnet 172.23.3.55/23 (2.0 --> 3.255) and within that subnet I can access the server no problem. Also the 172.23.4.0/23 subnet that lives on the same Core Switch can access the server no problem. Even our Office Subnet 129.228.114.0/23 can access the system through the firewall with no issue. But when I connect to our VPN network, 172.23.45.0/24 or when I come from a different office with totally different ranges I cannot access the server. The server responds, and I need to login, but the login is rejected always. Here is my [global] and [share] section of the smb.conf workgroup = localdomain.nmc netbios name = AMS-QTGW02 server string = %h server (Samba %v) # hosts allow = 172.23.202.0/24 172.23.45.0/24 129.228.114.0/23 129.228.70.0/24 129.228.109.42 129.228.109.83 force user = nobody force group = nobody force create mode = 0666 force directory mode = 0777 create mode = 0666 directory mode = 0777 guest account = vimn security = user passdb backend = tdbsam ntlm auth = yes log file = /var/log/samba/log.%m log level = 2 passdb:5 auth:5 max log size = 50M #Performance Tuning: use sendfile = true kernel oplocks = no strict locking = no # macOS files veto files = /.DS_Store/.AppleDesktop/.AppleDB/.AppleDouble/.Temporary Items/ delete veto files = yes printing = cups printcap name = cups load printers = no cups options = raw [AMS-HATCH] comment = HATCH Storage Share (AutoCleaned 30 Days) path = /quantum/AMS-HATCH browseable = yes writable = yes guest ok = yes force user = nobody force group = nobody valid users = @LinuxAdmins, vimn, mll As you can see I outhashed the line "hosts allow" so that all IP's can access them, later when all is working I would like to limit access through that (or "hosts deny"). The credentials are checked already multiple times, and they are enterred correctly. I red something about samba-winbond for non-domain servers to be disabled, but I did not install it, is there a setting I don't know about that I mis or should use? In the log file of this session I have this: [2018/02/19 11:21:07.724423, 5] ../source3/auth/server_info_sam.c:122(make_server_info_sam) make_server_info_sam: made server info for user vimn -> vimn [2018/02/19 11:21:07.724461, 3] ../source3/auth/auth.c:249(auth_check_ntlm_password) check_ntlm_password: sam authentication for user [vimn] succeeded [2018/02/19 11:21:07.724516, 5] ../source3/auth/auth.c:292(auth_check_ntlm_password) check_ntlm_password: PAM Account for user [vimn] succeeded [2018/02/19 11:21:07.724537, 2] ../source3/auth/auth.c:305(auth_check_ntlm_password) check_ntlm_password: authentication for user [vimn] -> [vimn] -> [vimn] succeeded [2018/02/19 11:21:07.725216, 5] ../source3/passdb/pdb_interface.c:1749(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 513. [2018/02/19 11:21:07.725264, 5] ../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid) pdb_getsampwrid (TDB): error looking up RID 513 by key RID_00000201. [2018/02/19 11:21:07.725300, 5] ../source3/passdb/pdb_interface.c:1825(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2018/02/19 11:21:07.725317, 5] ../source3/passdb/pdb_interface.c:1535(pdb_default_sid_to_id) SID S-1-5-21-3363938291-73671434-3978610123-513 belongs to our domain, but there is no corresponding object in the database. Password is authenticated correctly, but still the connection is cut-off. Thanks a lot people. edit: added the log section.

I have been trying to setup a per-application filtering on a network interface using cgroups v2 but I can't. Here is an example using network namespaces and veth pairs: ip netns add somenetns ip link add foo type veth peer name bar netns somenetns ip link set foo up ip -4 addr add 10.0.0.1/24 dev foo ip -6 addr add fd00::1/64 dev foo ip netns exec somenetns ip link set bar up ip netns exec somenetns ip -4 addr add 10.0.0.2/24 dev bar ip netns exec somenetns ip -6 addr add fd00::2/64 dev bar ip netns exec somenetns ip -4 route add default via 10.0.0.1 dev bar ip netns exec somenetns ip -6 route add default via fd00::1 dev bar ip netns exec somenetns ip link set lo up What I want is to make only applications running inside certain cgroup to have their listening points available to the subnet of network interface (in the case of network namespace, have 10.0.0.1 available inside network namespace). I ran a basic TCP server listening on IP of network interface: # sudo bash -c "echo \$\$ >> /sys/fs/cgroup/blah/cgroup.procs; nc -k -l 10.0.0.1 1234" # sudo ip netns exec nsx nc -z 10.0.0.1 1234 Connection to 10.0.0.1 1234 port [tcp/*] succeeded! Connection is made. But when I try to apply some iptables rules, it fails: iptables -A INPUT -i foo -m cgroup --path blah -j ACCEPT iptables -A INPUT -i foo -j DROP iptables -A OUTPUT -o foo -m cgroup --path blah -j ACCEPT iptables -A OUTPUT -o foo -j DROP # time sudo ip netns exec nsx nc -z 10.0.0.1 1234 ^C real 0m37.504s user 0m0.000s sys 0m0.003s Is there a way to make a listening point in the IP of a network interface available to its subnet being the program which is listening, is inside a cgroup and filter all the rest? If it is possible to do that, what would be the correct iptables rules that I must apply?

Actually, this is for a redis cluster, I have 3 master ips and 3 slave ips, need to produce 3 pairs of IP addresses where the addresses in the pair are in different /24 subnets. Or in other words, given a list of n IP addresses (n being an even number, and not more than half of the IP addresses being in the same /24 subnet), how to partition them into n/2 pairs where the two addresses in each pair are in different /24 subnets? The pairs should be stored as key and values of an ip_map associative array. For example, given a list of IP addresses stored in a $ips array: ips=( "172.211.91.63" "172.211.90.61" "172.211.91.30" "172.211.90.173" "172.211.89.233" "172.211.89.166" ) The result could be: declare -A ip_map=( [172.211.91.63]=172.211.90.61 [172.211.91.30]=172.211.89.233 [172.211.90.173]=172.211.89.166 )

I am very new with Linux networking. I have the following network topology: I have WiFi router connected to ISP. "Host 1" and Debian 12 server are connected to the router (and Internet) via WiFi. WiFi connection on Debian server uses 'wlo1' interface configured to have static IP address. Here is it's NetworkManager config: Debian server has the second ethernet interface 'enp2s0' to which the "Host 2" is connected. I created the following bridge in NetworkManager: And added to the bridge ethernet connection based on 'enp2s0' interface: Now I have "Network 2" subnet 10.42.0.0/24. The "Host 2" automatically got IP address 10.42.0.139. Here is the output of 'nmcli connection' command: From inside Debian server I can successfully ping all devices in "Network 1" and in "Network 2". But I can not ping "Host 2" from "Host 1" and vice versa. So my task is how to configure Debian server to make devices in "Network 2" visible to devices in "Network 1" and vice versa. Ideally I want that "Network 2" to be managed by WiFi router to have the IP addresses 192.168.1.0/24. In other words I want to join "Network 1" and "Network 2" into a single network managed by WiFi router. How can I do that?

I want an unmanned WireGuard client to work with redundant WireGuard servers. Physical: ----- - I have a master database server in a VPS of provider A in the USA. - I have continuous replication running to a slave server in a VPS of provider B in Europe. - I have a backup database server, also running as a replication slave, on a WiFi LAN in my home office. Network: ----- - The master database server in the USA runs a WireGuard server as 10.20.**20**.1. - The slave database server in Europe runs a WireGuard server as 10.20.**10**.1. The backup database in my home office is successfully configured to interact with either the master or slave remote WireGuard servers **individually**. To connect via USA I need someone at home to do:

suda wg-quick down wgEUR; suda wg-quick up wgUSA;

To connect via Europe I need someone at home to do:

suda wg-quick down wgUSA; suda wg-quick up wgEUR;

However!! The point is to be able SSH into the home office machine, from where ever I am in the world, via either one of the WireGuard servers; if one goes down the other is still available. How can I configure routing in the home office WireGuard client to permit **simultaneous** access from both remote WireGuard server's subnets? --------------------------------------------- Settings ----- Europe (37.xxx.xxx.139:34567): wg0.conf

[Interface]
Address = 10.20.10.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o eth0  -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o eth0  -j MASQUERAD
ListenPort = 34567
PrivateKey = MNf4xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxiVg=

[Peer]
PublicKey = durAZO/EtWQnqwnbadbadbadzDa9+klqUmqCT6VplWc=
AllowedIPs = 10.20.10.16/32

USA (185.xxx.xxx.36:34567): wg0.conf

[Interface]
Address = 10.20.20.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERAD
ListenPort = 34567
PrivateKey = EGdxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxp2Q=

[Peer]
PublicKey = durAZO/EtWQnbadbadbadMkTzDa9+klqUmqCT6VplWc=
AllowedIPs = 10.20.20.16/32

Client wgEUR.conf:

[Interface]
### PrivateKey_of_the_Client
PrivateKey = EBmxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxaXlE=
### IP VPN for the Client
Address = 10.20.10.16/24
### DNS Server
DNS = 8.8.8.8, 8.8.4.4

[Peer]
###Public of the WireGuard VPN Server
PublicKey = pTm/tJwOWJ3QRwEcbadbadbadWx/BbCthbFa52M2uVE=

### IP and Port of the WireGuard VPN Server
##### Syntax: IP_of_the_server:Port
Endpoint = 37.xxx.xxx.139:34567

### Allow all traffic
AllowedIPs = 0.0.0.0/0

Client wgUSA.conf:

[Interface]
### PrivateKey_of_the_Client
PrivateKey = EBxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxXlE=
### IP VPN for the Client
Address = 10.20.20.16/24
### DNS Server
DNS = 8.8.8.8, 8.8.4.4

[Peer]
###Public of the WireGuard VPN Server
PublicKey = f/H+1b/jkkXvbhYPEbadbadbadkKMBMgEW1IvmOeCEE=

### IP and Port of the WireGuard VPN Server
##### Syntax: IP_of_the_server:Port
Endpoint = 185.xxx.xxx.36:34567

### Allow all traffic
AllowedIPs = 0.0.0.0/0

I have setup a small apache webserver on a RHEL 8 VM that is accessible to machines on that particular subnet (10.x.x.x), but not on another subnet (172.x.x.x). This webserver has no internet access. I have tried temporarily disabling firewalld as well as SELinux when troubleshooting, but neither made a difference. From my Windows machine on a 172.x.x.x IP (website doesn't work), I get this in Powershell: > tnc 172.22.6.9 -port 80 WARNING: TCP connect to (172.22.6.9 : 80) failed ComputerName : 172.22.6.9 RemoteAddress : 172.22.6.9 RemotePort : 80 InterfaceAlias : Ethernet 3 SourceAddress : 172.16.195.117 PingSucceeded : True PingReplyDetails (RTT) : 31 ms TcpTestSucceeded : False On my other machine on the 10.x.x.x subnet (where the website works) I get this: > tnc 172.22.6.9 -port 80 ComputerName : 172.22.6.9 RemoteAddress : 172.22.6.9 RemotePort : 80 InterfaceAlias : Ethernet SourceAddress : 10.0.236.53 TcpTestSucceeded : True Tcpdump shows this below. I am ssh'ed in, so I believe this is whats showing up for port 22: $ tcpdump -nn -i ens192 | grep 172.16.195.117 dropped privs to tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes 08:23:28.730189 IP 172.22.6.9.22 > 172.16.195.117.50600: Flags [P.], seq 664703141:664703221, ack 3210526827, win 488, length 80 08:23:28.730354 IP 172.22.6.9.22 > 172.16.195.117.50600: Flags [P.], seq 80:176, ack 1, win 488, length 96 08:23:28.730574 IP 172.22.6.9.22 > 172.16.195.117.50600: Flags [P.], seq 176:304, ack 1, win 488, length 128 08:23:28.730676 IP 172.22.6.9.22 > 172.16.195.117.50600: Flags [P.], seq 304:400, ack 1, win 488, length 96 08:23:28.730761 IP 172.22.6.9.22 > 172.16.195.117.50600: Flags [P.], seq 400:528, ack 1, win 488, length 128 08:23:28.730839 IP 172.22.6.9.22 > 172.16.195.117.50600: Flags [P.], seq 528:624, ack 1, win 488, length 96 08:23:28.760000 IP 172.16.195.117.50600 > 172.22.6.9.22: Flags [.], ack 624, win 1022, length 0 08:23:35.942843 IP 172.22.6.9.22 > 172.16.195.117.50600: Flags [P.], seq 624:896, ack 1, win 488, length 272 08:23:36.023088 IP 172.16.195.117.50600 > 172.22.6.9.22: Flags [.], ack 896, win 1021, length 0 08:24:01.938129 IP 172.22.6.9.22 > 172.16.195.117.50600: Flags [P.], seq 896:1200, ack 1, win 488, length 304 08:24:02.017682 IP 172.16.195.117.50600 > 172.22.6.9.22: Flags [.], ack 1200, win 1025, length 0 08:24:05.957775 IP 172.22.6.9.22 > 172.16.195.117.50600: Flags [P.], seq 1200:1472, ack 1, win 488, length 272 08:24:06.035691 IP 172.16.195.117.50600 > 172.22.6.9.22: Flags [.], ack 1472, win 1024, length 0 08:25:01.976052 IP 172.22.6.9.22 > 172.16.195.117.50600: Flags [P.], seq 1472:1776, ack 1, win 488, length 304 08:25:02.051839 IP 172.16.195.117.50600 > 172.22.6.9.22: Flags [.], ack 1776, win 1023, length 0 08:25:05.991836 IP 172.22.6.9.22 > 172.16.195.117.50600: Flags [P.], seq 1776:2048, ack 1, win 488, length 272 08:25:06.066825 IP 172.16.195.117.50600 > 172.22.6.9.22: Flags [.], ack 2048, win 1022, length 0 08:25:33.318464 IP 172.16.195.117 > 172.22.6.9: ICMP echo request, id 1, seq 282, length 40 08:25:33.318493 IP 172.22.6.9 > 172.16.195.117: ICMP echo reply, id 1, seq 282, length 40 Where would you all start looking, even if the firewall service is disabled? The file - /etc/httpd/conf/httpd.conf shows Listen 80 One thing I did noticed while firewalld was running was the "trusted" zone didn't have the 172.x.x.x CIDR address listed. I'm not sure if this matters though because firewalld is disabled right now: $ firewall-cmd --get-active-zones libvirt interfaces: virbr0 public interfaces: ens192 trusted sources: 10.0.0.0/16 The output of this command firewall-cmd --get-active-zones | grep -P '^[^\s]' | xargs -I{} firewall-cmd --info-zone={} libvirt (active) target: ACCEPT icmp-block-inversion: no interfaces: virbr0 sources: services: dhcp dhcpv6 dns ssh tftp ports: protocols: icmp ipv6-icmp forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule priority="32767" reject public (active) target: default icmp-block-inversion: no interfaces: ens192 sources: services: http https ssh ports: 3389/tcp 9524/tcp 9524/udp 80/tcp 443/tcp protocols: forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: trusted (active) target: ACCEPT icmp-block-inversion: no interfaces: sources: 10.0.0.0/16 services: ports: protocols: forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: Also: grep -PRn '^\s*Listen\s+' /etc/httpd 2>/dev/null shows: /etc/httpd/conf/httpd.conf:45:Listen 80 Any ideas? Thank you.

I'm with some problems setting up a Samba server between two subnets; I Have one subnet that has the Samba server and every computer in this lan can access the files. But now I have another server in another place with a subnet and I want that the computers that are in this Server2 subnet access the files in the Samba that are in Server1. The servers are connected with an OpenVPN connection and they share a Cups server, both are Debian 5.10 servers and can ping on both sides and they recognize each other. So my smb.conf looks like this: [global] netbios name = MY_SERVER server string = Compartilhamento workgroup = MY_GROUP security = user map to gues = Bad User wins support = yes dns proxy = no os level = 100 auto services = global name resolve order = lmhosts, host, wins, bcast cups options = raw load printers = yes interfaces = lo eth1 192.168.1.0/24 hosts allow = 127. 192.168.1. 192.168.10. passdb backend = tdbsam ntlm auth = yes preferred master = yes domain master = yes logon path = %Nprofile%u invalid users = root server min protocol = NT1 In the

allow

I put both subnets. The Server1 is 192.168.1. and Server2 is 192.168.10. When I try to log in via smbclient using this command:

-d3 -U "MY_GROUP/user" //192.168.1.3/share

I get this error: lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[global]" added interface enp11s0 ip=192.168.2.253 bcast=192.168.2.255 netmask=255.255.255.0 added interface enp12s2 ip=192.168.10.3 bcast=192.168.10.255 netmask=255.255.255.0 Client started (version 4.13.13-Debian). Connecting to 192.168.1.3 at port 445 Connecting to 192.168.1.3 at port 139 protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE Or when I try to mount the Samba server in the Server2 with

-t cifs -o username=user,vers=1.0,sec=ntlmssp //192.168.1.3/share /mnt/

it returns mount: /mnt: a chamada de sistema de mount(2) falhou: Host está desligado. I don't know how I connect the servers. Do I have to mount Samba in Server2? Am I losing something? I saw 2 posts that look like my problem, but they do not help at all, they are Samba share across two subnets and Mount CIFS Host is down I asked the same question in *ServerFault* but I get no answer, so I'm asking here.

I've got a few devices on my LAN running different Linux distros: * Ubuntu 20.04 * CentOS 7 * Fedora 33 They're all in the same subnet 192.168.50.0/24. Network map:  Until recently, from my PC (192.168.200.0/24) I was able to access (ssh,http) all three devices. The other day, I restarted the ubuntu box due to a prompt from the motd. After the restart I wasn't able to access (ping,ssh,http) into the ubuntu box any more. However, I can still access the ubuntu box **via** the other linux boxes. ie. Login to the centos box; Then login to ubuntu box from the centos box. What I've found out is if I run a **vpn tunnel** (wireguard server is on the ubuntu box) I was able to access this device directly without going through the centos box or fedora box. Apart from the fact this device acts differently to the centos box and fedora box, what can I do in terms of routing that allows me to access this device directly without running a VPN tunnel? Thanks everyone ---------- **Environment** * OS: 20.04.2 LTS (Focal Fossa) ---------- **Debugging Results** Routing tables

ubuntu # ip route show
default via 192.168.50.1 dev enp3s0 src 192.168.50.2 metric 202
10.6.0.0/24 dev wg0 proto kernel scope link src 10.6.0.1
192.168.50.0/24 dev enp3s0 proto dhcp scope link src 192.168.50.2 metric 202
192.168.50.1 dev enp3s0 proto dhcp scope link src 192.168.50.2 metric 100

centos # ip route show
default via 192.168.50.1 dev enp4s0
192.168.50.0/24 dev enp4s0 proto kernel scope link src 192.168.50.3

fedora # ip route show
default via 192.168.50.1 dev enp3s0 proto dhcp metric 100
192.168.50.0/24 dev enp3s0 proto kernel scope link src 192.168.50.4 metric 100

What is the network 169.254.0.0/16 used for in the routing table on a virtual machine (guest: Debian; host: Lubuntu)? How can I find out some or all the network interfaces assigned with IP addresses in the range? https://en.wikipedia.org/wiki/IPv4#Special-use_addresses shows the network is "subnet". Are subnet IP addresses used effectively the same as private IP addresses? Thanks The routing table on the host Lubuntu is $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 600 0 0 wlp5s0 192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp5s0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 The routing table on the guest Debian is: $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.122.1 0.0.0.0 UG 0 0 0 ens3 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 ens3 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 ens3

I came across an ip like this the other day 255.255.255.1/16 I thought the /16 referred to the number of subnetting addresses the IP could generate. However, I suspect I may be horribly wrong and felt that the Linux/Unix experts on this forum could assist.

I am trying to setup a PXE server on my laptop on CentOS 7 to connect to a physical test client, following the tutorial on: https://www.linuxtechi.com/configure-pxe-installation-server-centos-7/#comment-35567 All of the configuration files and setup procedures are from this website. On “Step: 6 Start and enable xinetd, dhcp, and vsftpd service.”, The commands: “systemctl start xinetd” and “systemctl enable xinetd” work, but when I run the command: “systemctl start dhcpd.service”, I receive the following error message:

Job for dhcpd.service failed because the control process exited with error code. See “systemctl status dhcpd.service” and “journalctl -xe” for details.

When I run “systemctl status -l dhcpd.service”, I receive the following error message:

systemctl status -l dhcpd.service
 dhcpd.service - DHCPv4 Server Daemon
   Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2022-07-05 11:18:07 EDT; 1min 12s ago
     Docs: man:dhcpd(8)
           man:dhcpd.conf(5)
  Process: 11655 ExecStart=/usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid (code=exited, status=1/FAILURE)
 Main PID: 11655 (code=exited, status=1/FAILURE)

Jul 05 11:18:07 localhost.localdomain dhcpd:    to which interface virbr0 is attached. **
Jul 05 11:18:07 localhost.localdomain dhcpd: 
Jul 05 11:18:07 localhost.localdomain dhcpd: 
Jul 05 11:18:07 localhost.localdomain dhcpd: No subnet declaration for enp0s20f0u13 (10.249.6.154).
Jul 05 11:18:07 localhost.localdomain dhcpd: ** Ignoring requests on enp0s20f0u13.  If this is not what
Jul 05 11:18:07 localhost.localdomain dhcpd:    you want, please write a subnet declaration
Jul 05 11:18:07 localhost.localdomain systemd: dhcpd.service: main process exited, code=exited, status=1/FAILURE
Jul 05 11:18:07 localhost.localdomain systemd: Failed to start DHCPv4 Server Daemon.
Jul 05 11:18:07 localhost.localdomain systemd: Unit dhcpd.service entered failed state.
Jul 05 11:18:07 localhost.localdomain systemd: dhcpd.service failed.

Also here is the Dhcpd.conf file:

#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#
# DHCP Server Configuration file.
ddns-update-style interim;

ignore client-updates;

authoritative;

allow booting;

allow bootp;

allow unknown-clients;

# internal subnet for my DHCP Server

subnet 172.168.1.0 netmask 255.255.255.0 {

range 172.168.1.21 172.168.1.151;

option domain-name-servers 172.168.1.11;

option domain-name "pxe.example.com";

option routers 172.168.1.11;

option broadcast-address 172.168.1.255;

default-lease-time 600;

max-lease-time 7200;

# IP of PXE Server

next-server 172.168.1.11;

filename "pxelinux.0";

}

What do I need to change in my dhcpd.conf file to make the command “systemctl start dhcpd.service” work so I can finish going through the PXE server tutorial?

I having a hard time understanding IP subnetting for /16 mask. I went through some tutorials and understood the host part and non-vlsm but with vlsm and dividing into equal parts, is something I am not sure yet. Especially for the below sample, if someone can help me with the output, I will be able to deduce the explanation. **For this: 10.0.0.0/16, I have been asked to divide into 5 equal parts**. Based on the tutorials I followed, one of them is this : [IP Subnetting](https://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13788-3.html) , I came up with these but my mentor says its wrong and I am not sure why.

10.0.0.0/18 --- IP Range: 10.0.0.1 ==> 10.0.63.254 (16384 IP addresses)
10.0.64.0/18 --- IP Range: 10.0.64.1 ==> 10.0.127.254 (16384 IP addresses)
10.0.128.0/18 --- IP Range: 10.0.128.1 ==> 10.0.191.254 (16384 IP addresses)
10.0.192.0/19 --- IP Range: 10.0.192.1 ==> 10.0.223.254 (8192 IP addresses)
10.0.224.0/19 --- IP Range: 10.0.224.1 ==> 10.0.255.254 (8192 IP addresses)

I am assuming it's incorrect because it's not in equal parts. I hope someone guides and can provide the correct answer to it. Thanks in advance!

I have setup a small Wireguard VPN network between 3 devices: - Digital Ocean VPS (server, 10.222.0.1) - Raspberry Pi on my home network (peer, 10.222.0.2) - iPhone 11 (peer, 10.222.0.3) From any device, I can ping the others. The VPN is functional. What I want now is for the iPhone (which is outside of my home network) to see an IP camera on my home network which has an IP address of 192.168.1.64. This is beyond my capabilities to do alone so I was looking for some assistance. Ultimately, I need the iPhone which his entering the Pi to be connected/routed from the 10.222.0.x subnet to the 192.168.1.x subnet. Would appreciate an suggestions, thanks.

I have a problem with the usage of a pxe server and internet sharing to work together. In first place, I had only one network adapter and used DNSMASQ, every time I had to install a computer's OS. I had to disable DNSMASQ in order that other users on the same ISP router still have internet. Now that I have a second network adapter, I tried to setup the PXE server using ICS-DHCP, without DNSMASQ. But I got stuck with the internet sharing on the PXE client. Information: ISP router IP: 192.168.1.1 Ubuntu server static IP: 192.168.1.19 -> Connected on the ISP router Second adapter static IP for pxe install and internet sharing on it, uses 192.168.0.1 My question is, "How can I make all to computers connected to the ISP router continue working, while the server (connected to the same router with eth0), to deploy the PXE files and share the net over the second adapter, connected directly to the computer that needs its system installation? The problem seems to be that the default gateway can't be set for another subnet. Can I route the gateway itself ? If so, how ? **cat /etc/network/interfaces :** auto lo iface lo inet loopback auto eth0 allow-hotplug enp5s0 iface enp5s0 inet static address 192.168.1.19 netmask 255.255.255.0 gateway 192.168.1.1 auto eth1 allow-hotplug enp7s4f1 iface enp7s4f1 inet static address 192.168.0.1 netmask 255.255.255.0 network 192.168.0.0/24 broadcast 192.168.0.255 **dhcpd.conf** ffDHCPDARGS=enp7s4f1; default-lease-time 86400; max-lease-time 604800; authoritative; ddns-update-style none; allow unknown-clients; subnet 192.168.0.0 netmask 255.255.255.0 { range 192.168.0.2 192.168.0.10; filename "pxelinux.0"; option subnet-mask 255.255.255.0; } **nmcli d** DEVICE TYPE STATE CONNECTION enp5s0 ethernet connecté server enp7s4f1 ethernet connecté pxe-client **/etc/default/tftpd-hpa** TFTP_USERNAME="tftp" TFTP_DIRECTORY="/var/lib/tftpboot" TFTP_ADDRESS="192.168.0.1:69" TFTP_OPTIONS="--secure" RUN_DAEMON="yes" After installing a Windows 10 with the PXE server, I didn't have internet on the new computer. But I could access all other services, like samba shares for example.

I have some CentOS 7 servers hosting VMs. The VMs are connected to a network bridge on their respective hosts that allows them to communicate with each other and with the host (via a dummy adapter on the host). The hosts also each have a physical adapter which allows external communication. **The bridges must not be connected to the physical adapters.** This diagram should make the current layout clear. Subnet A connects the hosts to each other. Subnet B exists entirely within host 1. Subnet C exists entirely within host 2. **The VMs must not have addresses on subnet A.** I'd like to combine the two bridges into a single virtual subnet so all the VMs share the same address space and broadcast domain. Is there a way to do this? Here's the goal: The VMs have CloudStack "public" IP addresses, which need to belong to their respective subnets. The VMs must not be in the same address space as subnet A. CloudStack public IP ranges are defined at the zone level, so the VMs would have to be all on the same subnet to get them into the same zone, let alone the same pod. The hosts can route traffic between the subnets. I can't add more subnet A addresses to the hosts, and I also can't use NAT on the hosts. I'm also unable to set up VLANs in subnet A. For most purposes, subnet A is outside the scope of what I can control.

I teach a class which requires me to switch between projecting my ipad (handwritten notes) and my computer desktop (code, simulations, etc.). To do this, I installed uxplay which allows me to host an airplay server on my computer, and I have no issues mirroring my ipad on my home network. However, the network at my job is not compatible with airplay, so I need a different solution. I noticed that if I turn off wifi on the laptop and iphone, and then tether my computer to the iphone using USB, my laptop gets an IP address and I can mirror the iphone to the Linux computer (again, using uxplay). Now I'd like to make it so that when the ipad (which does not have LTE and does not have the tethering option) is plugged into the Linux computer, it will obtain a "local" IP address from my laptop (i.e., not on the work network), and I could launch uxplay using this "mini network" and mirror my ipad. I have seen a similar setup for the raspberry pi, but don't have enough knowledge to adapt it to my situation: https://www.hardill.me.uk/wordpress/2019/11/02/pi4-usb-c-gadget/ In particular, I don't understand what the shell script does...

Let's say I want to create an internal network with 4 subnets. There is no central router or switch. I have a "management subnet" available to link the gateways on all four subnets (192.168.0.0/24). The general diagram would look like this: 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 10.0.4.0/24 In words, I configure a single linux box on each subnet with 2 interfaces, a 10.0.x.1 and 192.168.0.x. These function as the gateway devices for each subnet. There will be multiple hosts for each 10.x/24 subnet. Other hosts will only have 1 interface available as a 10.0.x.x. I want each host to be able to ping each other host on any other subnet. My question is first: is this possible. And second, if so, I need some help configuring iptables and/or routes. I've been experimenting with this, but can only come up with a solution that allow for pings in one direction (icmp packets are only an example, I'd ultimately like full network capabilities between hosts e.g. ssh, telnet, ftp, etc).

Is it possible to have two interfaces (eth0, eth1) that are connected to different networks but the same IP configurations? For example: NETWORK0 (10.0.0.1/24) eth0 (10.0.0.100/24) eth1 (10.0.0.100/24) NETWORK1 (10.0.0.1/24)

I'm building a website on my laptop. To see how it renders, I serve it locally on port 80 with lighttpd. I can then open it in my laptop's browser via any IP or URL referring to the laptop http://localhost or http://192.168.1.47 (IP on the local subnet) or http://coulomb (its hostname) . Fine. Now I want to test its responsive design, so I try to open the laptop address in my phone's browser: http://192.168.1.47 or http://coulomb . Both devices (phone and laptop) are in the 192.168.1.* subnet of my Wifi DSL box. Strangely to me, the phone's browser (be it Firefox or Chrome) "rephrases" the IP into "localhost". The connexion then fails with a "site unreachable"-like error. lighttpd is not the culprit. To check this I instead served the files of some directory of the laptop with sudo ruby -run -ehttpd . -p80, the behavior is the same. There is something with the port. **If I serve the website on port 3000 (as shown in lighttpd docs) or 8000 or 8080 it works: the phone's browser opens 192.168.1.47:3000 (or :8000 or :8080) and I see the website.** The phone _seems_ not to be the culprit either: I can open the HTTP interface of the DSL box at 192.168.1.1, default port, without problem. (If asked to, I might try and use a computer client instead of the phone, but it's not easy for practical reasons.) If you wonder why I insist on serving it on port 80: it is built with Wordpress, and doesn't work right on a custom port, the plain text is shown but no css or images are loaded. I don't want to workaround the problem by tweaking Wordpress to make it custom-port-compatible, because when the site is ready I'll mirror it to a public server.