• 0 Posts
  • 106 Comments
Joined 6 months ago
cake
Cake day: September 26th, 2024

help-circle


  • The Ghz shouldn’t make a difference, so long as it’s on the same network. The spectrum used is the physical medium, a device on the WiFi and wired networks of the same network can talk to each other. Different AP may (should) be on separate channels within the given spectrum to avoid signal overlap, but still work the same.

    Why would you have to specify what frequency it’s on? The only thing the phone would need to replicate to the device is the network ID and key.




  • What you might call a stateful NAT is really a 1-1 NAT, anything going out picks up an IP and anything retuned to that IP is routed back to the single address behind the NAT. Most home users a many to one source nat so their internal devices pick up a routable IP and multiple connections to a given dest are tracked by a source port map to route return traffic to the appropriate internal host.

    Basically yes to what you said, but a port forward technically is a route map inbound to a mapped IP. You could have an ACL or firewall rule to control access to the NAT but in itself the forward isn’t a true firewall allow.

    Same basic result but if you trace a packet into a router without a port forward it’ll be dropped before egress rather than being truly blocked. I think where some of the contention lies is that routing between private nets you have something like:

    0.0.0.0/0 > 192.168.1.1 10.0.0.0/8 > 192.168.2.1

    The more specific route would send everything for 10.x to the .2 route and it would be relayed as the routing tables dictate from that device. So a NAT in that case isn’t a filter.

    From a routable address to non-route 1918 address as most would have from outside in though you can’t make that jump without a map (forward) into the local subnet.

    So maybe more appropriate to say a NAT ‘can’ act as a firewall, but only by virtue of losing the route rather than blocking it.


  • NAT in the sense used when people talk about at home is a source nat, or as we like to call it in the office space a hide address, everyone going to the adjacent net appears to be the same source IP and the system maintains a table of connections to correlate return traffic to.

    The other direction though, if you where on that upstream net and tried to target traffic towards the SNAT address above the router has no idea where to send it to unless there’s a map to designate where incoming connections need to be sent on the other side of the NAT so it ends up being dropped. I suppose in theory it could try and send it to everyone in the local side net, but if you get multiple responses everything is going to get hosed up.

    So from the perspective of session state initiation it can act as a firewall since without route maps it only will work from one side.





  • Yeah, but I try and keep as little MS as possible, so my DC is a Linux system, which works fine for LDAP and MS systems joining, but somewhat ironically I’ve yet to be able to get a Linux system joined to it. They actually have a helper app even outside of sssd but it seems to be poorly maintained. Was trying Bazzite again today based on another comment but no luck so far.





  • This is part of the annoyance of Nix as a desktop though. With windows you have 64bit and (for whatever reason) x86 versions of apps and it’s generally just assumed to work with what your running, unless you have an antique with win98 or something.

    With Nix there are a a whole pile of possible variables and ways to install things. Particularly with people getting so used to phone/tablet app stores the need for easy install, use, removal is needed for mass adoption. Nobody wants to create folder structures and set environment variables to use some app.


  • For server hosting it’s the only way to go.

    Gaming has improved significantly, although it’s rather frustrating that it’s by all these compatibility layers and such rather than native run.

    For desktop, as a workstation and general purpose it’s ‘ok’ with rough edges. Things like (limited tests with a couple common distros like Ubuntu/Mint/Bazzite) the nextcloud app not supporting virtual files that have been available for a while in Windows and domain auth being twitchy where I’ve tried.

    For the end user a big part is being able to just find an app and use it, no compiling or tweaking of settings needed for it to do what’s expected. Package managers help greatly, but with the huge number of distros out there it makes it really hit and miss to say just go for it. The relatively few times you can just download a Linux version of an app from a site (as people are prone to doing if they go read about something on the web) you often would have to go chmod +x it and quite possibly have to run it from a CLI rather than just click the downloaded app.

    So usable yes, but in a place where I could just drop it on someone and say go to town less so…



  • Largely because half the services I host are tied to a Univention DC, and so are the current Windows client machines, I’d like to maintain that state.

    I know Ubuntu has an AD option when you set it up, but it doesn’t seem to work with any of the ‘AD compatible’ replacements I’ve tried.