Crappy networking crap

[angry.bob]

Okay, thanks to Roadrunner support revoking and refusing to give back a MAC address for the beloved 20 port hub that I've been using for the last 10 years, I've been forced to buy a router. The foul thing I bought was a Linksys bef5r41 based on it's lack of a firewall. Unfortunately, I've still had it block all sorts of crap and it's really annoying. Here's what I want to do: Open and forward every port, every minute, for anything that want to do it, in any direction it wants to do it, and without any further involvement on my part after making such changes. Anybody know of anyway to that? logging into the stupid thing and dicking around with this crap to is really pissing me off. It's cut off about half the servers I can get through STEAM, and totally screwed up my speed getting anime via torrents (I normally use USENET anyway as torrent is inferior crap for retards, but some stuff never shows up there).

[Viin]

You should be able to disable any and all of that stuff just by disabling the firewall. The problem with ports is that you are using NAT so you have to forward the ports to a specific machine (otherwise it doesn't know where to send them). Were you not using NAT before? IE: was each machine on the router getting it's own IP address from Roadrunner?

[Roac]

I don't see how that could happen; the IP is assigned to the cable modem, not your PC.  Also, Bob, hubs don't have MAC addresses.

[Miasma]

I'm not a big networking guy but you should be able to set up your computer's IP as a DMZ somewhere, that should stop all interference.

[angry.bob]

You should be able to disable any and all of that stuff just by disabling the firewall. The problem with ports is that you are using NAT so you have to forward the ports to a specific machine (otherwise it doesn't know where to send them). Were you not using NAT before? IE: was each machine on the router getting it's own IP address from Roadrunner?

I don't see how that could happen; the IP is assigned to the cable modem, not your PC.  Also, Bob, hubs don't have MAC addresses.

As far as I know, the router itself doesn't have a firewall. I asked for a router that had no sort of firewall at all. I'll double check though. Previously, each machine was getting it's own IP from Roadrunner and I hapilly paid for the extra IP's. In my old setup I had one of the ancient, original Motorola cable modems and a Cabletron MRXI-2 12 port hub (thought it was 20). After some sort of shitty "upgrade" they did here, the old modem wouldn't work anymore. So I got a new modem. My Roadrunner would work again, but only the first PC that I would turn on after unplugging the modem would get a connection. This happened when we moved and I remembered the guy I had talked to at that time told me that the hub was acquiring it's own mac address. So I was somehow using 2 IP's and needing 3 mac addresses. Honestly, I don't know enough about networking to know if that's crap or not, but my setup worked again after he assigned me a 3rd mac address. This time (4 years later) the support guy just said they are only responsible for supporting Roadrunner supplied equipment, and the manager said the same. In the course of troubleshooting we had disconnected everything from the hub and they had said it had acquired a mac address by itself. I got tired of arguing with them that I paid for 2 computers, not 2 mac addresses versus their "We do not support non-roadrunner supplied equipment, would you like us to come out and set up an unsecured wireless network for a billion dollars?" So I finally gave up and got a router on my own router. It's been QQ ever since.

[Sky]

You're on a cable modem without a firewall? Interesting.

I'm sure you can steal your hentai anime just fine through router + firewall. Only pay for one IP and use NAT with the router. Use the router's MAC. Moto used to use 192.168.100.1 for the homepage for their modem, not sure if they've changed that. And yes, you can DMZ a box to leave it completely open, if you really feel the need to. Not sure why you would, though.

[Viin]

Ok, I see.

Hubs are just pass-throughs, they shouldn't be getting a MAC address, IP address, or anything of that nature.

However, a router will. With the router the router itself gets an IP address (and registers it's MAC address with your ISP), and gives internal IPs to your 2 machines (ie: 192.168.1.x or 10.0.0.x). This is called NATing or Network Address Translation, just FYI.

As suggested above, you might be able to place one of the computers in the DMZ (router config option) but that still may not forward all the ports to that machine. Can you do a range with port forwarding on that router? You might be able to do 1 - 65535 and always forward all ports to that machine (but only 1 machine) that way.

Either that, or try another hub and have each computer register it's own IP address again - maybe your old hub got jacked up with the new cable modem. Or, just plug each computer into your cable modem box - mine has 3 ports for computers IIRC.

[angry.bob]

You're on a cable modem without a firewall? Interesting.

Not without a firewall, I just didn’t want one built into the router. My wife’s PC has a software firewall, antivirus, Spyware Doctor, and is setup as a guest account.

My PC has 3 cartridge hard drives (1 for C: and 2 more for anime and pr0n) and a DVD burner. The amount of security I have depends on the drive I put in. For the gaming drive it’s just a firewall, the general use drive is firewall, antivirus, and anti-spyware/malware. The business/financial drive is the same setup as my wife’s. The other two drive bays I just load with whatever storage drive is appropriate. So it’s not like I’m wanting to run with nothing to stop the entire planet from botting my computers and stealing my passwords and cc#’s. I just didn’t want a firewall built into my router based on hearing a lot of complaints about having to fiddle with them. The same reason I didn’t want to have to use a router at all.

I'm sure you can steal your hentai anime just fine through router + firewall.

Bah, it’s not stealing until they announce a DVD release in my region. And frankly the fansubs are usually higher quality anyway. Also, there’s only so many times you can stomach paying for whatever variation of “Awkward teen male is forced into a group of attractive single females of preset personality types with comical results”. But it’s still fun to watch.

Only pay for one IP and use NAT with the router. Use the router's MAC. Moto used to use 192.168.100.1 for the homepage for their modem, not sure if they've changed that. And yes, you can DMZ a box to leave it completely open, if you really feel the need to. Not sure why you would, though.

However, a router will. With the router the router itself gets an IP address (and registers it's MAC address with your ISP), and gives internal IPs to your 2 machines (ie: 192.168.1.x or 10.0.0.x). This is called NATing or Network Address Translation, just FYI.

As suggested above, you might be able to place one of the computers in the DMZ (router config option) but that still may not forward all the ports to that machine. Can you do a range with port forwarding on that router? You might be able to do 1 - 65535 and always forward all ports to that machine (but only 1 machine) that way.
 

Trying to get both PC’s to work originally, I told the router to clone the MAC address from my PC. I’ve also been forwarding the port ranges for whatever software individually (software wise, not portwise) to my local address, though I have  low confidence I did it right as I simply mimicked walkthroughs I found online and swapped out program names and port ranges without completely understanding the fundamentals of what was involved. Should I reset it back to the defaults to do the DMZ thing, or does it not really matter? Or could having the router clone my MAC address be what’s causing the problems in the first place? I suppose that’s the first sign that I’m reaching the age where new technology will baffle and annoy me. If any of you know where there’s a guide to Linksys’s router software geared towards 6 year olds, the elderly, and mentally challenged I’d appreciate knowing. I’ll gladly trade tech support for mainframes running OS/390 - Z/OS for it…

Hubs are just pass-throughs, they shouldn't be getting a MAC address, IP address, or anything of that nature.

It was given to me by an engineer friend and used to be part of the system they used to control robotic arms in a high tolerance manufacting process for ceramic stator blades for turbine sections of jet engines. Knowing the guy it came from there's no telling how he'd modified it and what that would effect as far that sort of thing - if anything. It work edflawlessly for what I needed it for though.

[Trippy]

Manually configuring port forwarding is only needed if an outside computer is trying to initiate a connection in to one of your comps that has an internal IP address. For example, if you wanted to run a Web server on one of the computers, then outside computers need to be able to initiate a connection on port 80 using your router's IP as the address and the router, through the port forwarding entry, knows to forward those packets to that particular computer on the internal network. The same applies if you want to be the host for an online game like WC3. BitTorrent also gets cranky if you don't forward the proper ports but it still should be usable.

I would delete all the manual port forwarding entries you have now just to eliminate any misconfiguration there as a possible source of your problems and get that stable. Then you can work on opening up the proper ports for BitTorrent if you still aren't getting good download speeds. For STEAM I don't know why it would care (I never opened up any pinholes when I was playing CS: Source briefly) but I haven't used it in quite a while so I don't know if something changed there.

[Sir Fodder]

Sorry I can't help with the router support but your 12 port "hub" is probably a switch with a MAC address. Hubs just forward data physically, switches use MAC addressing, routers use IP addressing, gateways work with protocols.

[ajax34i]

I have a BEFSR41, heh.

I've set it up so it gets an IP address from Roadrunner, on the WAN (internet) side.

On the LAN side, I've turned on DHCP server with it, picked an ip address range in the 192.168.x.x, and I've got all the computers set up to "automatically obtain an IP address" from the BEFSR41.

It seems to work ok.  Plug computer in, turn on, configures itself.  You can have it give IP addresses starting with .100 to .150, so you can set up your printers or servers or whatnot with manual IP addresses in the 192.168.x.10 to .99, and not have them conflict with what the BEFSR41 is giving out.

You can also plug a hub or switch into any of the LAN ports to get more ports, and the whole DHCP thing should work through the hub/switch.

Let's see...

Setup Tab:

LAN IP address:  192.168.whateveryouwant.1
Subnet Mask: 255.255.255.0
WAN IP address: obtain automatically
Login: disable


DHCP Tab:

Enable, .100
Number of users: 15


Advanced Tab, then Dynamic Routing tab:  set it up as Gateway.

That should do it.


Oh yeah, you only pay for ONE IP address with Roadrunner, the one they give your BEFSR automatically.  You can have as many computers as you want inside your house, and they'll all use your internal LAN addresses (192.168.x.x), and the BEFSR should automatically translate the IP addresses (the NAT feature).

Now, if you want to set up VPN so you can connect from the outside, I haven't played with that at all, sorry, can't help you there.  I have, however, set it up on a Linksys RV082; that one has better VPN features, but also has a firewall in it (which you can disable).  Same concept, though, get one IP address from the internet provider, and turn DHCP on to serve as many computers as you want inside the building.

[bhodi]

So you basically don't want to be behind a NAT because you've specifically said you do not want do deal with port activation and forwarding crap. I can understand this. It truly is a pain to deal with. ajax34i's talking about something you've already said you don't want :/

You have two options.
Buy a switch. Since you aren't doing PPPOE it will work, since you rent extra IPs from the company, you don't need any of the NAT/PAT (many computers hanging off a single external IP). The limiting thing here is that you have to rent one IP for every computer you own.

The better option would be to buy a supported device and flash it with dd-wrt. This is a bit of exta work, but what it will get you is the ability to do both NAT and also have external IPs. Your cake and eating it too.

For instance, without getting too technical, this is what it would do for you. Say you buy a 4 port linksys wrt54g, which is a 4 port wireless switch/nat thingy for about $60. It's got 5 ports on the back, one WAN port and 4 switch ports. You plug the WAN port into your roadrunner. Then, you set two of the ports which connected to two of the machines (yours and your wife's) completely open to the internet and in front of the NAT. You'd pay for 3 external IPs. Two of those IPs are your wife's computer and your own which are completely open to the internet, and the third is allocated to the router. Then, you can set the rest of the ports up (including the wireless connection, if you have/desire it) to be 'behind' the router in a NAT, all combined into that one IP. This gives you essentially unlimited computers behind the NAT, with the caviat that anyone outside (on the internet) is unable to establish any connection to any of those computers without that computer initiating the connection. In this regard, NAT also acts like a firewall, and unfortunately intereferes with hosting games, torrenting, things like that. If you needed more ports, you can buy a simple switch like the one above, plug it in to that port, and then all ports on that switch would also be behind the NAT.

So you'd have say, a roadrunner IP of 10.96.12.23, 24, and 25. You take the first two for your machine and your wifes', statically (assigned manually on your computer), and set up the router to use the third. You then set up DHCP on the router (this is as complicated as clicking the 'turn on dhcp' checkbox), and then any machine that connects wirelessly or wired and requests an IP through DHCP will automatically get a NAT IP, internally, of 192.168.X.X. The router then transparently translates anything that's 192.168.X.X into that third IP, 10.96.12.25. The specific network magic that makes it happen is bit more complex than that, but that's the gist of it.

Many of the devices are inexpensive and the firmware upgrade/flashing is as foolproof as it can be (you lose power in the 15 seconds that it's flashing, you brick it, just like with any firmware flashing). dd-wrt is heavily supported by the open source community, and is in fact so popular that linksys released a model designed specificically for it. There are many many features it has that you may need someday -- vpn, vlanning, the ability to tweak wireless strength, dhcp, dynamic dns updating, and tons of other geeky crap that you will never, ever use.

[Yegolev]

About anime and fansubs, often a company will decide what to translate by looking at what is hot in the fansub world.

[Polysorbate80]

Unrelated hijack:  I'm looking to replace a dysfunctional Linksys WRV54G router at my wife's main office, and I think it's time to move beyond her pure wireless setup to a mix of wired/wireless to iron out some ongoing issues.  I was looking at something like the Cisco 1800-series, anyone have any experience/opinions on them?

[Nija]

wrt54G has like 4 10/100 switched ports on it.

Buy a switch of whatever size, plug it into the wrt54g. I'd have the wrt hand out wireless DHCP and I'd use something else as an actual internet facing router.


1800 series is pretty great, but depending on the size of the business it could be totally unnecessary.

[bhodi]

Just make sure you go gigabit - 10/100/1000 - it's not much more expensive. Linksys is about as reliable as the entry-level cisco stuff, and the cisco stuff tends to be twice as expensive. I would not go with the wrt54g, it's got a reduced processor in it. Go with one of the different, higher end models, then plug a gigabit switch into it. Flash it with DD-WRT :D

[Polysorbate80]

They're currently using a WRT54G in place of the failing WRV54G.  The wireless connection is better on the WRT, but it doesn't have the VPN support of the other router.

I actually plan to keep using the WRT54G for access on the second floor of the building, since it will save running half-a-dozen wires up two floors.

[bhodi]

Unfortunately wrt54g requires the dd-wrt micro version without all the vpn. Which sucks because I'd like to set up a permanent vpn to my work. Oh well. Any device that supports the normal image has openvpn built in, though, so you could cheaply replace the WRV54G with another linksys device that's large enough to use the full image, if you're into doing geeky configure and weird network stuff.

[Polysorbate80]

if you're into doing geeky configure and weird network stuff.

I'm trying to do less of it :)  Which is why I'm going to be moving as much stuff as possible to the basement and locking it away where the self-proclaimed office IT guru can't get anywhere near it to fuck with it anymore.  Hell, if I could put up and "invisible fence" around it and make him wear a shock collar, I'd do that too.

[Nija]

Unfortunately wrt54g requires the dd-wrt micro version without all the vpn. Which sucks because I'd like to set up a permanent vpn to my work. Oh well. Any device that supports the normal image has openvpn built in, though, so you could cheaply replace the WRV54G with another linksys device that's large enough to use the full image, if you're into doing geeky configure and weird network stuff.

Well, the wrt54g has about 7 different models now. I run a v2, which supports ALL of the dd-wrt versions.

If you want to buy brand new, I think the version you want is the wrt54gl - L for linux - that doesn't have the wacky, crippled stuff that the v.. 5 I think (v5) wrt54g had.

and a 200 mhz processor is fine for a small office.

I mean -

Cisco PIX Firewall Version 6.1(4)

Compiled on Tue 21-May-02 08:40 by morlee

pix up 38 days 8 hours

Hardware:   PIX-515, 64 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB

That thing had an 1100 day uptime until my colocation facility lost power and didn't fail over correctly about 6 weeks ago. That thing handles a ton of shit, including me typing this message to you.

[Yegolev]

My quick scan of the internets a couple weeks ago basically told me the WRT54GL was the one to get.  I think it's around $65 on newegg.  Thinking hard about it since I believe it might speed up my wireless LAN; right now just the 2Wire DSL modem that came with the BellSouth account.

[bhodi]

Oops, yeah Nija you're completely right. I've got the shitty v5, I forgot that they kept the same model number. I may buy a new one just so I can get the openvpn stuff. dd-wrt micro is good, but it doesn't have all the features I want.