The Big Network Refactor – Part 2

The next step in setting up my network was adding additional “LANS” to my network. So while before I was happy with two networks 192168.1.1/24 and 10.10.10.1/24. I really wanted more isolation from my IoT network, Security Camera Network, my Raspberry PI and Smart-Home network and the computers and devices we use all the time.

Here’s a list of my networks:

  • Home Private Network
  • Semi-Private Network & Private WiFi
  • Raspberry Pi Network & WiFi
  • Security Camera Network & WiFi
  • IoT & Media Network & WiFi
  • Guest Network

To do this I needed a router and firewall (EdgeRouter-X) and I needed a few managed switches because I didn’t want to run new cable.

Starting with the router I set-up the following:

EdgeRouter-X Swtich0 Configuration

The interesting thing I needed to learn here is the PVID is a “tagged” VLAN. I made this correspond to the network 192.168.4.1/24. This means anything that connects to this port “unmanaged” will get an IP from the 192.168.4.1/24 DHCP server. But if there’s a managed switch connected to this network, it will be able to route traffic for the VLANs 10,20,30, and 40.

The second thing I needed to do was configure my managed switch. DLink DGS-1100-08V2.

Managed Switch VLAN Configuration

The tagged VLAN port here is eth1. This is tagged with VID = 4. This is the same PVID leaving the router. I have 2 untagged ports eth6 and eth7 for this VLAN. This means they will get IP addresses from the 192.168.4.1/24 DHCP server just like it was connected to eth4 from my EdgeRouter-X.

I connected my Access Point and my other managed switch to eth6 and eth7.

I have eth2 mapped to 10, so now anything connected there will get 192.168.10.1/24 addresses. I have eth3 mapped to 20, so now anything connected there will get 192.168.20.1/24 addresses. I have eth4 mapped to 30, so now anything connected there will get 192.168.30.1/24 addresses. I have eth5 mapped to 40, so now anything connected there will get 192.168.40.1/24 addresses.

Notice the PVID up on the top row as well. 4, 10, 20, 30, 40, 4, 4, 1.

The last setting was configuring my access point. This is an EnGenius EAP1300.

EnGenius EAP1300 Wireless Settings

Installing OctoPrint w/Docker on Pi3

I always found it a pain to deal with Python libraries and virtual environments on my Raspberry Pis. I decided to give Docker a try as it would completely isolate my OctoPrint environment from the other stuff I had running on the PI.

Step 1 – Installing Docker

curl -fsSL https://get.docker.com -o get-docker.sh

sudo sh ./get-docker.sh 

sudo usermod -aG docker pi

#remember to logout and back in

docker info

docker run hello-world

You should get an output like this:

Step 2 – Install and Run OctoPrint

# find your serial port
ls -latr /dev/tty

# create a volume
docker volume create octoprint

# run your container
docker run -d --restart unless-stopped -v octoprint:/octoprint \
-p 5000:80 --device /dev/ttyUSB1:/dev/ttyUSB1 --name octoprint \ octoprint/octoprint

Replace 5000 with the port you want it on and ttyUSB1 with your serial port identifier.

Now you can browser to your PI’s IP address http://ipaddress:5000

That’s it. Happy Printing!

The Big Network Refactor – Part 1

I’ve been having network problems of late and also because of security I wanted to better isolate my network from IoT devices from Google, Amazon, Hue, Etc.

I basically had a few ASUS routers (which have been great) and I’ve been using a Double NAT (Network Address Translation) with my more secure stuff behind another router. It’s worked fine for about 15 years but I wanted more security and more isolation.

First I tried to replace my Asus RT-AC86U and its DUAL WAN capabilities with an EdgeRouter-X by Ubiquity. No luck with the DUAL WAN and multiple LANs. As soon as I unplugged one of the WANS things worked and if I only had one LAN with DUAL WANS it would have worked. In hindsight, I could have just used a managed switch on the other side but I also didn’t want to spend another $300+ on access points.

So I decided to keep my Asus network and its AI Mesh routers for IoT and Media Streaming. My new purchases included:

Total cost $224 plus tax.

With these purchases, I get a VLAN capable Router with a firewall. A few managed switches with simple stand-alone management and web interface. A VLAN capable Multi-SSID Access Point also with stand-alone management.

Synology SSH – No Password

While this is usually a trivial task it took me about an hour to get my permissions correct to get this to work. Here are the steps that finally let me get things working:

Open the sshd_conf by entering:

sudo vim /etc/ssh/sshd_conf

Then edit as follows:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile  .ssh/authorized_keys

Then go to your command line and change some file permissions.

#change {username to your login}
CHOWN the users directory to {username}:users
CHMOD user home directory to 755
CHMOD your .ssh directory to 700
CHMOD your authorized_keys file to 644

If you’re not sure about those files you will need to create and copy your public key to those directories. To do that just google “creating ssh key” then save your id_rsa.pub to the authorized key file below in .ssh/authorized_keys.

Restart your SSHD service via the web admin page (see below).

Big Tech Purge – Alternatives

So if you’re a cord-cutter and want to get rid of YouTube.TV or Cable. Check this out. https://www.suppose.tv/. It will let you select your channels and show you the best options available for you to pick.

Today I canceled the following:

  • Apple Developer Program Renewal – My app “Thors Hammer” will go away, but I can do this via a website, if you recall I had huge problem getting this app “approved” anyway.
  • Amazon Music Unlimited – Might replace with Spotify.
  • Microsoft Game Pass – Will just buy games now.
  • YouTube.TV – Pending – Will substitute with Sling Blue & Maybe ESPN from Disney+ after the NCAA National Football Championship

Other Google services seem to be the easiest ones to cancel… Stay tuned for future updates.

Big Tech Purge – No More Ears…

A bunch of Echoes will now sit in this bag until which time I’m confident these recordings are not shared with Facebook, Instagram, Advertisers… I’ve had too many things happen recently mentioning a company only to see ads an hour or so later….

The Migration From Big Tech

I’ve not done much on my “blog” in the past several years. With FaceBook, Twitter & Instagram it’s been too easy to just post there, but given the censorship and potential Anti-Trust lawsuits I thought it best to get back to owning my own content and start blogging again.

So things to look forward to:

  • No More Images/Video on Facebook or Instagram. They will be post here about CNC, 3D Printing, Making In General and of course my Chevelle project.
  • No More Micro-Blogging on Twitter, though I’ll still keep my @scottpreston handle incase things normalize.
  • Articles on how to “disconnect” from Big Tech. My first will be to consolidate my cloud storage, maybe move everything to DropBox or OneDrive since Microsoft seems the least bad of the 3 (Apple, Google, Amazon). Secondly it will be disconnecting from Gmail, maybe moving to Outlook or just continuing to roll my own via another hosting provider.

All The Best!

Installing Octoprint – Raspberry PI Sketch

As usual, instructions are not complete. I thought I’d share exactly what I did from bash history fresh install. I’ve excluded the fatal errors, with those and repeats excluded this is what I did:

sudo apt-get install git python2.7-dev libyaml-dev libpython2.7-dev
python -v
git clone https://github.com/foosel/OctoPrint.git
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
python get-pip.py --user
~/.local/bin/pip install --user virtualenv
cd OctoPrint
~/.local/bin/virtualenv venv
venv/bin/python setup.py install
venv/bin/octoprint daemon start

 

Scroll to Top