"html":"<p><span class=\"h-card\"><a href=\"https://toad.social/@djg\" class=\"u-url\">@<span>djg</span></a></span> Thanks for this -- but I'm still not figuring it out. The particulars of the BGW320 and Eero are different enough that it's just not that straightforward.</p>",
"text":"@djg Thanks for this -- but I'm still not figuring it out. The particulars of the BGW320 and Eero are different enough that it's just not that straightforward."
"html":"<p><span class=\"h-card\"><a href=\"https://toad.social/@djg\" class=\"u-url\">@<span>djg</span></a></span> Hmmm. So in my case, I'd a static public IP to the Eero gateway and then use it to reserve something in its subnet range to the NAS/server?</p>",
"text":"@djg Hmmm. So in my case, I'd a static public IP to the Eero gateway and then use it to reserve something in its subnet range to the NAS/server?"
"html":"<p>An update to this ask: I more or less flipped the thing upside-down yesterday. Instead of using IP Passthrough to hand all the DHCP business to the Eeros, I instead put the Eeros in bridge mode, so all the DHCP stuff is being handled by the BGW320. It's behaving pretty well, and I have been able to assign a public static IP address to the NAS. The NAS is now of course being subjected to a range of scanning attacks, but my firewall appears to be holding. I would very much like to install a network-level VPN, though (unsurprisingly) AT&T has their hardware locked down in a way that pushes you toward their VPN-as-a-service. If y'all have suggestions for ways to get around that, I'm all ears! <a href=\"https://hcommons.social/tags/AskFedi\">#<span>AskFedi</span></a> <a href=\"https://hcommons.social/tags/BGW320\">#<span>BGW320</span></a> <a href=\"https://hcommons.social/tags/VPN\">#<span>VPN</span></a></p>\n<a class=\"p-category\" href=\"https://hcommons.social/tags/askfedi\">askfedi</a>\n<a class=\"p-category\" href=\"https://hcommons.social/tags/bgw320\">bgw320</a>\n<a class=\"p-category\" href=\"https://hcommons.social/tags/vpn\">vpn</a>",
"text":"An update to this ask: I more or less flipped the thing upside-down yesterday. Instead of using IP Passthrough to hand all the DHCP business to the Eeros, I instead put the Eeros in bridge mode, so all the DHCP stuff is being handled by the BGW320. It's behaving pretty well, and I have been able to assign a public static IP address to the NAS. The NAS is now of course being subjected to a range of scanning attacks, but my firewall appears to be holding. I would very much like to install a network-level VPN, though (unsurprisingly) AT&T has their hardware locked down in a way that pushes you toward their VPN-as-a-service. If y'all have suggestions for ways to get around that, I'm all ears! #AskFedi #BGW320 #VPN\naskfedi\nbgw320\nvpn"
"html":"<p><span class=\"h-card\"><a href=\"https://hcommons.social/@katinalynn\" class=\"u-url\">@<span>katinalynn</span></a></span> Thank you! I’m still pretty verklempt about it all.</p>",
"text":"@katinalynn Thank you! I’m still pretty verklempt about it all."
<p><em>Built with <a href="https://www.11ty.dev/">{{ eleventy.generator }}</a>. All content <a href="https://creativecommons.org/licenses/by/4.0/deed.en">CC BY 4.0</a> if you're human.</em></p></p>
</footer>
<!-- This page `{{ page.url | htmlBaseUrl }}` was built on {% currentBuildDate %} -->
This site is running in 11ty and is built locally and then the live site (which gets built into a folder called \_site) is pushed to my Reclaim Hosting account, where it's served up as kfitz.info. As an intermediate step, I have been pushing the code and content that builds the site to a GitHub repository, and then the \_site folder to another GitHub repository, kfitz-site, mostly for preservation/backup purposes; if something happens to the server or to my local repo, there's another version-controlled pile of code out there from which things can be rebuilt. (Technically, I pull kfitz-site from GitHub to Reclaim. Similarly, presentations.kfitz.info, which runs in revealjs, is built locally, pushed to GitHub, and then pulled to Reclaim.)
This site is running in 11ty and is built locally, after which the live site (which gets built into the \_site folder) is pushed to my Reclaim Hosting account, where it's served up as kfitz.info. As an intermediate step, I have been pushing the code and content that builds the site to a GitHub repository, and then the \_site folder to another GitHub repository, kfitz-site, mostly for preservation/backup purposes; if something happens to the server or to my local repo, there's another version-controlled pile of code out there from which things can be rebuilt. (Technically, I pull kfitz-site from GitHub to Reclaim. Similarly, presentations.kfitz.info, which runs in revealjs, is built locally, pushed to GitHub, and then pulled to Reclaim.)
I've had in my head for a while, though, that GitHub is in and of itself a point of failure, partially because of its ownership structure. On top of which, I haven't been delighted knowing that everything I push there is part of the greater Copilot feeding frenzy.
This post is going to put my full nerdiness and my full cluelessness simultaneously on display, but I am building a home network that is going to include a server hosting much of my online presence, and I am running into some issues that are making the limitations in my knowledge all too apparent. (Also the limitations in internet search in the year of our lord 2025: I can find answers for solving issues in specific one-to-one connections within this network, but they leave out other crucial components such that I can't get the whole thing going all at the same time.) So I am here, appealing to you, to help me think this through.
I have AT&T fiber coming into my house, with a BGW320 modem/router combo. I have a 3-device Eero mesh wifi network, with the gateway Eero connected to the BGW320 via ethernet. I have a Synology NAS connected to the Eero gateway via ethernet, and I'm soon going to have a mini server that... will get connected to all of this somehow that I haven't yet figured out.
I have turned off the wifi radios on the BGW320, so that I only have the wifi network provided by the Eeros. Right now, I have IP Passthrough turned on on the BGW320, set to DHCPS-dynamic; the WAN IP address is being picked up properly by the gateway Eero and the WAN type on the Eero is set to DHCP (Default). The bajillion devices in my house are being doled out IP addresses appropriately vis DHCP, including the NAS, and are for the most part getting good bandwidth (though the gateway Eero seems to have to reconnect to the internet periodically, so there's clearly some setting in the BGW320 that needs futzing with already).
But here's where things start to get complicated: I have purchased a block of 5 static IP addresses from AT&T (really 8, but one gets assigned to the router and 2 are unusable), with the intent of assigning the NAS and the forthcoming server a static IP. So in the BGW320 admin interface, I have both a private LAN subnet and DHCP range (of the 192.168.1.XXX variety) and a public subnet that includes my public gateway address, my public subnet mask, and the 5-address DHCP range.
In passthrough mode, the BGW320 just hands off all DHCP stuff to the Eero mesh, which has the gateway address of 192.168.4.1 (the Eero default). In the Eero admin interface, I can use Reservations & port forwarding to assign a static IP address to a device, like the NAS. However, my static IP addresses are outside the Eero's subnet range, so it won't accept them.
On the NAS, I can use the admin interface to assign the static IP address right there, and it will accept the address, but doing so breaks a bunch of connections between the NAS and the outside world, like Synology's software updaters, whose IP addresses it cannot resolve. I am guessing that this is because assigning the static IP on the device breaks the DNS connection, but it's also possible that it's got something to do with the way I've set up the NAS's firewall rules, which, ugh.
Anyhow, I am wondering at this point whether going with IP Passthrough on the BGW320 is at the root of the problem. If instead I let the AT&T device handle all the WAN/DHCP stuff, and put the Eeros into bridge mode, will the static IP addresses become assignable to devices via the BGW320? If so, will devices connected to the private subnet via the Eeros still be able to talk to the devices on the public subnet? And aside from the ["advanced features" that Eero tells me I'll lose if I go the bridge mode route](https://support.eero.com/hc/en-us/articles/115000825206-What-advanced-features-do-I-lose-access-to-if-I-put-my-eeros-into-bridge-mode), are there other drawbacks?
I think I've talked myself into trying it and seeing what happens... but I'm going to pause for a bit to see if anyone has other suggestions.
There's a moment in the 2001 Michael Bay classic, *Pearl Harbor* (which [Roger Ebert once described](https://www.rogerebert.com/reviews/pearl-harbor-2001) as "a two-hour movie squeezed into three hours"), in which Kate Beckinsale, having been reunited with Ben Affleck, is attempting to explain how she could possibly have abandoned him for Josh Hartnett. Ben, of course, had been reported to be dead, and Josh was hunky and sweet and *there*, so, you know. But a teary Kate says, and I quote: “I didn’t even know until the day you turned up alive — and then *all this* happened,” waving her hand vaguely over her shoulder at the still-smoking wreckage.
I have thought about this moment more times than I'd really like to admit over the intervening 24 years, but never more so than in the last four months. "We were already facing budgetary challenges in the college — and then *all this* happened" (*waves hand vaguely over shoulder at the still-smoking wreckage*). "I was worried about the future of this project -- and then *all this* happened." (You get the point.)
The *all-this*-ness of all this is utterly flippant, to be sure, but I'm beginning to understand the utility of *all this* as a container for the incomprehensible. We are facing circumstances that periodically cause me to lose my vocabulary. I don't know how to name it without breaking down, and I suspect that this is true of a lot of my colleagues. And so we talk about things like "the current moment" or "the federal funding landscape," ways of signaling what we all know -- that we are living through a fucking horror of our country's own making, the destruction of everything that matters to us, the kidnapping and torture of members of our communities, the completion of the descent into what it no longer makes sense to call anything other than fascism -- without landing our conversation in a place in which it becomes impossible to go on.
I am trying to reckon with *all this*, and with the desire to wave my hand vaguely over my shoulder without looking too closely at what it's gesturing toward. I have been doing a bit of writing around it, and am hoping that I'll be able to share some of that in the weeks and months ahead. I'm not sure where it's all headed, but it's at least an attempt to be honest with myself about my reactions to what's happening, as well as an expression of hope that we might find our way through together.
I'm a little astonished to be writing this, but my college has posted the news, so it must be true: [MSU has named me a University Distinguished Professor](https://cal.msu.edu/news/kathleen-fitzpatrick-named-a-university-distinguished-professor/). I am honored, and filled with gratitude toward the colleagues who nominated me, and frankly still a bit stunned that this recognition has come my way.
I am grateful to have received so much support for the work I've done over the years, both on campus and off, from publishers and funding agencies, from colleagues and collaborators, from administrators, from friends and family. But my work has always been on the edge of so many fields -- not really literary studies, not really media studies, not really digital humanities, not really higher education studies -- that it has perpetually felt as though it was at risk of falling through the cracks. So this is a career milestone of a sort that I never thought I'd reach.
I'll also note that my institution, like so many large public R1s, heavily favors engineering, business, medicine, and the sciences; the College of Arts & Letters has been significantly underrepresented in university honorifics in recent years. I am the third University Distinguished Professor to be named in the college since 2003 -- twenty-two years! -- and the two scholars named during that period hold joint appointments with colleges on the STEM side of campus. I collaborate with STEM-leaning folks, and I have been successful in obtaining funding from agencies that are valued in that universe, so I acknowledge that I am recognizable to a university-wide committee in ways that someone more squarely located in a humanities-based discipline might not be. I nevertheless hope that I can find ways to enable this new title to help attune the university at large to the crucial kinds of work being done across the arts and humanities.
<p style="padding-left:20px">Interim Associate Dean for Research and Graduate Studies, <a href="https://cal.msu.edu">College of Arts and Letters, Michigan State University</a>;
<p style="padding-left:20px">Associate Dean for Research and Graduate Studies<br />
University Distinguished Professor of English and Digital Humanities<br />
<a href="https://cal.msu.edu">College of Arts and Letters, Michigan State University</a><br />
<p style="padding-left:20px">Author, <a href="https://www.press.jhu.edu/books/title/12787/leading-generously"><em>Leading Generously: Tools for Transformation</em></a> (Hopkins Press, 2024) and <a href="https://www.press.jhu.edu/books/title/12108/generous-thinking"><em>Generous Thinking: A Radical Approach to Saving the University</em></a> (Hopkins Press, 2019).</p>
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
