Go to advanced search

by uncarvedblock78
Wed Jan 22, 2020 2:57 pm
Forum: Advanced users
Topic: Raspberry Pi4 bootloader - network boot support - BETA
Replies: 92
Views: 33120

Re: Raspberry Pi4 bootloader - network boot support - BETA

After successfully network booting a pi4 tftpboot/nfsroot, I'm currently trying tftpboot/iscsi lun. and getting some odd behavior. I've configured a fresh install of Raspbian (firmware/software updated) on a sd card and synced it to the tftp and lun. Booting from tftp, the boot process stalls at sta...
by uncarvedblock78
Fri Dec 20, 2019 3:24 pm
Forum: Advanced users
Topic: nfsroot - firewall configuration on the client
Replies: 14
Views: 808

Re: nfsroot - firewall configuration on the client

If your LAN is a war zone, redefine its perimeter. The appropriate location for a firewall is in a router, not so much in an end host: too much attack surface, as you say. You're probably right however, why make the router a single point of failure? Also, I occasionally connect consumer devices wit...
by uncarvedblock78
Fri Dec 20, 2019 2:25 pm
Forum: Advanced users
Topic: nfsroot - firewall configuration on the client
Replies: 14
Views: 808

Re: nfsroot - firewall configuration on the client

Eh, you have a writable NFS share to which basically any computer/device in your network can make changes to No, not really. the export is only available to the ip address of the pi. Barring ip-spoofing, or a security breach on the file server, no other devices should be writing to the nfs export. ...
by uncarvedblock78
Fri Dec 20, 2019 2:22 am
Forum: Advanced users
Topic: nfsroot - firewall configuration on the client
Replies: 14
Views: 808

Re: nfsroot - firewall configuration on the client

the following appears to work (just have to remember to insert any other rules before the final deny): # ufw default allow # ufw allow from nfs-host-ip to any app nfs # ufw deny from 0.0.0.0/0 # ufw enable # ufw status Status: active To Action From -- ------ ---- NFS ALLOW nfs-server-ip Anywhere DEN...
by uncarvedblock78
Thu Dec 19, 2019 7:04 pm
Forum: Advanced users
Topic: nfsroot - firewall configuration on the client
Replies: 14
Views: 808

Re: nfsroot - firewall configuration on the client

Alright, sounds reasonable, I can give it a shot.

I really should learn more about iptables, the existence of ufw has just made me lazy on that front lol.
by uncarvedblock78
Thu Dec 19, 2019 6:42 pm
Forum: Advanced users
Topic: nfsroot - firewall configuration on the client
Replies: 14
Views: 808

Re: nfsroot - firewall configuration on the client

Yeah, no dice. the default policy is always run first with ufw. I could set a default allow, then explicit allow nfs, then explicit deny all, but wouldn't the explicit deny all then override the explicit allow (assuming rules are processed in order)? ufw is supposedly a simplified interface for ipta...
by uncarvedblock78
Thu Dec 19, 2019 5:43 pm
Forum: Advanced users
Topic: nfsroot - firewall configuration on the client
Replies: 14
Views: 808

Re: nfsroot - firewall configuration on the client

default deny all
allow from [local subnet, which includes the nfs server]

I start pretty basic, maybe I should set default deny incoming instead of all? didn't think to try that...
by uncarvedblock78
Thu Dec 19, 2019 4:39 pm
Forum: Advanced users
Topic: nfsroot - firewall configuration on the client
Replies: 14
Views: 808

nfsroot - firewall configuration on the client

I've been making a foray into network booting a pi4 and after finally resolving some permission issues on the server side, I am now having some issues firewalling on the client side. My go-to for configuring the firewall has always been ufw (learning iptables has been on my to-do list for a while bu...
by uncarvedblock78
Wed Dec 18, 2019 1:32 am
Forum: Advanced users
Topic: Raspberry Pi4 bootloader - network boot support - BETA
Replies: 92
Views: 33120

Re: Raspberry Pi4 bootloader - network boot support - BETA

Yeah, I do understand why that would be a Bad Thing, I just figured nfsroot would be smart enough to mount / with the appropriate permissions, lol. :P Didn't think the exact permissions mattered on the share itself so long as the the machine doing the actual mounting had at least read/write. Learn s...
by uncarvedblock78
Tue Dec 17, 2019 7:31 pm
Forum: Advanced users
Topic: Raspberry Pi4 bootloader - network boot support - BETA
Replies: 92
Views: 33120

Re: Raspberry Pi4 bootloader - network boot support - BETA

Update: I seem to have the login issues cleared up. Also, no more failed units or other random errors. Your root permissions must be 0755, not 0777 -- I can imagine sshd complaining about that. I changed the mode of the rootfs export on the nfs server from 777 (which is apparently synology's defaul...
by uncarvedblock78
Tue Dec 17, 2019 5:24 pm
Forum: Advanced users
Topic: Raspberry Pi4 bootloader - network boot support - BETA
Replies: 92
Views: 33120

Re: Raspberry Pi4 bootloader - network boot support - BETA

Edit: redacted, of no value.
by uncarvedblock78
Tue Dec 17, 2019 3:26 pm
Forum: Advanced users
Topic: Raspberry Pi4 bootloader - network boot support - BETA
Replies: 92
Views: 33120

Re: Raspberry Pi4 bootloader - network boot support - BETA

I logged into the pi a root and ran a strace, I still need to analyze the output, but while I was logged in, I checked a few other things: dmesg errors. nothing of note. systemctl --failed, a few units failed, notably systemd-timesyncd, journal was of little help, but I did see a Permission denied[2...
by uncarvedblock78
Tue Dec 17, 2019 1:06 am
Forum: Advanced users
Topic: Raspberry Pi4 bootloader - network boot support - BETA
Replies: 92
Views: 33120

Re: Raspberry Pi4 bootloader - network boot support - BETA

are you running idmapd? so checking ps aux, the synology is running idmapd... I was under the impression that that was only really used for nfsv4 though, I will need to research the subject a bit, unless you are able to point me in the right direction? I'm reluctant to disable it completely so as t...
by uncarvedblock78
Mon Dec 16, 2019 4:42 pm
Forum: Advanced users
Topic: Raspberry Pi4 bootloader - network boot support - BETA
Replies: 92
Views: 33120

Re: Raspberry Pi4 bootloader - network boot support - BETA

permissions on /home are uid:gid=root mode=755 permissions on /home/pi are uid:gid=1000 mode=755 digging into the /etc/exports file on the synology, the rootfs export has the following opts enabled: (rw,async,no_wdelay,no_root_squash,insecure_locks,sec=sys) I find it a bit odd that the mode of /home...
by uncarvedblock78
Mon Dec 16, 2019 2:21 pm
Forum: Advanced users
Topic: Raspberry Pi4 bootloader - network boot support - BETA
Replies: 92
Views: 33120

Re: Raspberry Pi4 bootloader - network boot support - BETA

The permissions for /home/pi in the nfs export appear to be correct (uid:gid=1000 mode=755). /home is not a separate mount, it is part of the rootfs mount. The cmdline.txt also includes the rw directive for the nfsroot. cmdline.txt: root=/dev/nfs nfsroot=serverip:/volume1/rpi-rootfs,vers=3 rw Edit: ...
by uncarvedblock78
Sun Dec 15, 2019 6:20 pm
Forum: Advanced users
Topic: Raspberry Pi4 bootloader - network boot support - BETA
Replies: 92
Views: 33120

Re: Raspberry Pi4 bootloader - network boot support - BETA

I'm having kind of a odd issue with network booting raspbian on a pi4 4GB from a Synology nas. I started with a fresh install of raspbian buster lite on a sd card, ran the updates and updated the eeprom. I then shutdown the pi and used my laptop to copy the /boot and /rootfs partitions to the nfs sh...
by uncarvedblock78
Mon Oct 30, 2017 3:56 pm
Forum: Graphics, sound and multimedia
Topic: 20 pin DPI TFT
Replies: 0
Views: 494

20 pin DPI TFT

Hey folks, a buddy of mine recently gave me a Kyocera KCG057QV1DB-G50 industrial TFT that I was hoping to connect to a raspberry pi via DPI but I'm struggling with the pinouts and how to configure the overlays. I was able to find a datasheet for the display: http://www.datasheetspdf.com/PDF/KCG057QV...

Go to advanced search