Network router problem

Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet (More info?)

I've set up 3 routers to provide security between two small networks, yet be
able to share resources.

The setup consists of a Speedstream DSL modem, a Netgear FVS318 immediately
downstream; and two RP614v2 routers plugged into the '318. All computers (6
total) are plugged into the 614's.

I configured the routers so that they each have unique IP addresses, and
serve (DHCP) unique ranges of IP addresses.

I then added an HP LJ 2300 (plugged into the '318) and configured direct
routes (I think that's what Netgear calls making the HP's IP address
"visible" to the computers on the networks) in each of the '614's.

All computers could share the DSL service, and print to the HP printer
without problem. Everything seemed fine.

All worked for about a week. Then one of the 614 router's stopped
functioning. I could not ping from or to any computer connected to that
router. A router reset (reset button on the back) fixed it, temporarily. A
week later the problem repeated. I replaced the router with a new one,
figuring that it had an intermittent problem.

All was fine for another week. Today, the same problem occurred, with the
same router.

Is it possible that the FVS318 is causing these problems in the 614? What
else could cause these symptoms?

Someone suggested a DHCP lease expired and wasn't renewed. How can I check
for a lease expiration?

Thanks,
--
DaveC
me@privacy.net
This is an invalid return address
Please reply in the news group
34 answers Last reply
More about network router problem
  1. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet (More info?)

    In article <0001HW.BCE366F501985A32F03055B0@news.individual.net>,
    DaveC <me@privacy.net> wrote:

    > I've set up 3 routers to provide security between two small networks, yet be
    > able to share resources.
    >
    > The setup consists of a Speedstream DSL modem, a Netgear FVS318 immediately
    > downstream; and two RP614v2 routers plugged into the '318. All computers (6
    > total) are plugged into the 614's.
    >
    > I configured the routers so that they each have unique IP addresses, and
    > serve (DHCP) unique ranges of IP addresses.
    >
    > I then added an HP LJ 2300 (plugged into the '318) and configured direct
    > routes (I think that's what Netgear calls making the HP's IP address
    > "visible" to the computers on the networks) in each of the '614's.
    >
    > All computers could share the DSL service, and print to the HP printer
    > without problem. Everything seemed fine.
    >
    > All worked for about a week. Then one of the 614 router's stopped
    > functioning. I could not ping from or to any computer connected to that
    > router. A router reset (reset button on the back) fixed it, temporarily. A
    > week later the problem repeated. I replaced the router with a new one,
    > figuring that it had an intermittent problem.
    >
    > All was fine for another week. Today, the same problem occurred, with the
    > same router.
    >
    > Is it possible that the FVS318 is causing these problems in the 614? What
    > else could cause these symptoms?
    >
    > Someone suggested a DHCP lease expired and wasn't renewed. How can I check
    > for a lease expiration?
    >
    > Thanks,

    I don't know about the Netgear routers, but my Linksys display's the
    lease remaining time on its main configuration page. However, if the
    two 614s have unique IP addresses, then they're not using DHCP to obtain
    them and there's no lease to expire.

    What happens if you switch the two 614s?

    --
    There are 10 kinds of people in the world:
    those who understand binary, and those who don't.

    Tom Stiller

    PGP fingerprint = 5108 DDB2 9761 EDE5 E7E3
    7BDA 71ED 6496 99C0 C7CF
  2. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet (More info?)

    On Wed, 2 Jun 2004 11:45:05 -0700, Tom Stiller wrote
    (in article <tomstiller-92FBBC.14450502062004@comcast.dca.giganews.com>):

    > I don't know about the Netgear routers, but my Linksys display's the
    > lease remaining time on its main configuration page. However, if the
    > two 614s have unique IP addresses, then they're not using DHCP to obtain
    > them and there's no lease to expire.

    Hmm... of course your right.

    When the problem originally occurred, I figured the router was defective and
    returned it to the store for another 614. I installed the new router and
    configured it identically. Today, about 10 days later, it failed in the same
    mode (I can ping other computers on the network (ie, connected to the same
    614), but I can't get through the 318 to the WAN, or to the IP-configured
    printer plugged into the 318). Power-cycle the router and all is well again.

    I've switched the DC power supplies to the two 614s, in case it was a
    supply/glitch problem, The same router failed.

    > What happens if you switch the two 614s?

    I'm reluctant to do that, because the one Dr. that does have a fully
    functioning network wouldn't be happy if his network crashed, rather than his
    partner's. At least now, it's perceived as a limited problem (not
    office-wide). But if I can't come up with any other possibility, I'll have to
    give that a try.

    Netgear tech support says that it's a power problem. Since it's this one
    router and none of the other equipment, I'm highly skeptical.

    Other ideas?

    Thanks,
    --
    DaveC
    me@privacy.net
    This is an invalid return address
    Please reply in the news group
  3. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet (More info?)

    DaveC wrote:

    > I've set up 3 routers to provide security between two small networks, yet be
    > able to share resources.
    >
    > The setup consists of a Speedstream DSL modem, a Netgear FVS318 immediately
    > downstream; and two RP614v2 routers plugged into the '318. All computers (6
    > total) are plugged into the 614's.
    >
    >
    <snip - problem description (one router hoses after 1 week)>

    Problem is likely that you are using low end consumer gear. The code on
    those "routers" (to me calling these things routers is like calling a
    gocart a car) tends to me not the most stable. Ya get what you pay for.

    Look into upgrading to some "real" routers. Try a sonicwall or
    watchguard at the border of the dsl connection, and put "real" routers
    (cisco 2600 series or nortel ARN) inside the border. and hook them all
    up with real switches, for chrissake! no actual endpoint devices should
    be plugged into routers (yes, I know, the '318's and 614 have the built
    in switch. but these "routers" are giving you problems, aren't they?)


    --
    Copyright 2004 T. Sean Weintz
    This post may be copied freely without
    the express permission of T. Sean Weintz.
    T. Sean Weintz could care less.
    T. Sean Weintz is in no way responsible for
    the accuracy of any information contained in
    any usenet postings claiming to be from
    T. Sean Weintz. Users reading postings from
    T. Sean Weintz do so at their own risk.
    T. Sean Weintz will in no way be liable for
    premature hair loss, divorce, insanity,
    world hunger, or any other adverse relults
    that may arise from reading any usenet
    posting attributed to T. Sean Weintz

    ALSO - FWIW, The following WHOIS Record is years out of date:
    Weintz, Sean (SW2893) tweintz@MAIL.IDT.NET
    Sean Weintz
    462 Sixth Street , #A
    Brooklyn, NY 11215
  4. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    (added comp.protocols.tcp-ip where this really belongs)

    DaveC wrote:

    > I've set up 3 routers to provide security between two small networks, yet be
    > able to share resources.

    > The setup consists of a Speedstream DSL modem, a Netgear FVS318 immediately
    > downstream; and two RP614v2 routers plugged into the '318. All computers (6
    > total) are plugged into the 614's.

    That is what I would do if I wanted security between two nets
    using a common WAN connection.

    > I configured the routers so that they each have unique IP addresses, and
    > serve (DHCP) unique ranges of IP addresses.

    Well, they really need separate subnets. Is that what you mean?

    > I then added an HP LJ 2300 (plugged into the '318) and configured direct
    > routes (I think that's what Netgear calls making the HP's IP address
    > "visible" to the computers on the networks) in each of the '614's.

    Anything on the 318 side should be visible to the other machines
    without doing anything special.

    Machines connected to the 614s must have the default route
    pointing to the appropriate 614, but DHCP should do that for you.

    The printer should have a static address on the appropriate net,
    so that it doesn't change. I suppose its default route should
    point to the 318, though it really shouldn't need one.

    > All computers could share the DSL service, and print to the HP printer
    > without problem. Everything seemed fine.

    > All worked for about a week. Then one of the 614 router's stopped
    > functioning. I could not ping from or to any computer connected to that
    > router. A router reset (reset button on the back) fixed it, temporarily. A
    > week later the problem repeated. I replaced the router with a new one,
    > figuring that it had an intermittent problem.

    (snip)

    > Is it possible that the FVS318 is causing these problems in the 614? What
    > else could cause these symptoms?

    > Someone suggested a DHCP lease expired and wasn't renewed. How can I check
    > for a lease expiration?

    There are two questions. First are the DHCP leases given by the 614's
    to the connected computers. The other is the leases given by
    the 318 to the 614's. I would probably configure the 614's with
    static WAN addresses and default routes, but the normal instructions
    likely use DHCP.

    The machines connected to the 614s should have some way to
    view their DHCP information, I believe IPCONFIG on windows
    machines. The setup system for the 614s should indicate the
    DHCP assignments given by the 318.

    I think the next thing I would do is give the 614's static
    WAN addresses and turn off the DHCP server on the 318.

    Post the network addresses and netmasks used for each of the
    three nets. That way we can figure out if they make sense.
    (There should not be any security related matters in posting them.)

    -- glen
  5. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    On Wed, 2 Jun 2004 11:49:48 -0700, glen herrmannsfeldt wrote
    (in article <gjpvc.36867$eY2.14387@attbi_s02>):

    > There are two questions. First are the DHCP leases given by the 614's
    > to the connected computers. The other is the leases given by
    > the 318 to the 614's. I would probably configure the 614's with
    > static WAN addresses and default routes, but the normal instructions
    > likely use DHCP.

    Indeed, I did use static addresses for the 614s, as someone else in this
    thread pointed out.

    > The machines connected to the 614s should have some way to
    > view their DHCP information, I believe IPCONFIG on windows
    > machines. The setup system for the 614s should indicate the
    > DHCP assignments given by the 318.

    What about for Mac OS 9.x? If I look at the TCP/IP info in the TCP control
    panel, it has a "renew lease" button, but no details about the lease.

    When the router "fails", I am able to ping other computers in that (sub?) net
    (ie, connected to the same 614). I just can't ping the 318 or anything
    beyond, including the IP printer plugged into the 318.

    > I think the next thing I would do is give the 614's static
    > WAN addresses and turn off the DHCP server on the 318.

    I have not turned off DHCP in the 318. I'll try this.

    > Post the network addresses and netmasks used for each of the
    > three nets. That way we can figure out if they make sense.
    > (There should not be any security related matters in posting them.)

    Netgear FVS318
    WAN Port
    IP 67.x.x.x
    Subnet mask: 0.0.0.0
    DHCP: no (basically functions as a bridge?)
    one static route configured in this router for printer: 192.168.0.2

    LAN Port:
    IP 192.168.0.1
    Subnet mask: 255.255.255.0
    DHCP: server
    DHCP range: 192.168.0.2 - 100
    RIP direction: both
    RIP version: RIP-2B
    MTU size: 1500 (default)

    Netgear RP614v2 #1
    WAN Port:
    IP: 192.168.0.3 **
    Subnet mask: 255.255.255.0
    DHCP: client ***
    LAN Port:
    IP: 192.168.1.1
    Subnet mask: 255.255.255.0
    DHCP: server
    DHCP range: 192.168.1.2 - 50

    Netgear RP614v2 #2
    WAN Port:
    IP: 192.168.0.3 **
    Subnet mask: 255.255.255.0
    DHCP: client ***
    LAN Port:
    IP: 192.168.2.1
    Subnet mask: 255.255.255.0
    DHCP: server
    DHCP range: 192.168.2.2 - 50

    Computers are all DHCP clients, no fixed IP's.

    ** The interface between the 318 and the 614s should use unique IP's, right?
    The 318's LAN port IP is 192.168.0.1. The 614's WAN IP's are both
    192.168.0.3. Would this cause a problem? I'll check to confirm these IP's
    when I go to the site in about an hour.

    *** The two 614's should be in "Client: no" mode, right (ie, neither Server
    or Client)?

    All ideas welcome.

    Thanks,
    --
    DaveC
    me@privacy.net
    This is an invalid return address
    Please reply in the news group
  6. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    Update:

    Netgear FVS318
    WAN Port
    IP 67.x.x.x
    Subnet mask: 0.0.0.0
    DHCP: no (basically functions as a bridge?)
    ### Correction: no static routes for this router ###

    LAN Port:
    IP 192.168.0.1
    Subnet mask: 255.255.255.0 ### static ###
    DHCP: server
    DHCP range: 192.168.0.2 - 100
    RIP direction: both
    RIP version: RIP-2B
    MTU size: 1500 (default)

    Netgear RP614v2 #1
    WAN Port:
    IP: 192.168.0.3 ### dynamically assigned ###
    Subnet mask: 255.255.255.0
    DHCP: client
    LAN Port:
    IP: 192.168.1.1 ### static ###
    Subnet mask: 255.255.255.0
    DHCP: server
    DHCP range: 192.168.1.2 - 50
    ### one static route configured to printer: 192.168.0.2 ###

    Netgear RP614v2 #2
    WAN Port:
    IP: 192.168.0.6 ### dynamically assigned ###
    Subnet mask: 255.255.255.0
    DHCP: client ***
    LAN Port:
    IP: 192.168.2.1 ### static ###
    Subnet mask: 255.255.255.0
    DHCP: server
    DHCP range: 192.168.2.2 - 50
    ### one static route configured to printer: 192.168.0.2 ###

    All seems correctly configured:
    318 router is acting as DHCP server (on LAN side)
    614 routers are acting as DHCP clients (on WAN side)
    and acting as DHCP servers (on LAN side)

    All IPs are unique. (There were no duplicate IP's; that was a document/edit
    error on my part...)

    To reiterate:
    When error occurs, computers connected to failed 614 router can ping each
    other, but not any of the routers (192.168.0.1, .1.1, or .2.1). Nor can they
    ping the printer (static route in the 318 router). Power cycle the failed
    router and all is well again for days (approx 10 days).

    Suggestions by some that the equipment isn't "professional" doesn't help. If
    you can tell me *why* this is happening, and *why* more-"professional" brands
    will fix the problem, your argument would be much more persuasive.

    Ideas? (I'm running out, right now...)

    Thanks,
    --
    DaveC
    me@privacy.net
    This is an invalid return address
    Please reply in the news group
  7. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    In article <0001HW.BCE3A4A40004E674F03055B0@news.individual.net>,
    DaveC <me@privacy.net> wrote:

    > Update:
    >
    > Netgear FVS318
    > WAN Port
    > IP 67.x.x.x
    > Subnet mask: 0.0.0.0
    > DHCP: no (basically functions as a bridge?)
    > ### Correction: no static routes for this router ###
    >
    > LAN Port:
    > IP 192.168.0.1
    > Subnet mask: 255.255.255.0 ### static ###
    > DHCP: server
    > DHCP range: 192.168.0.2 - 100
    > RIP direction: both
    > RIP version: RIP-2B
    > MTU size: 1500 (default)
    >
    > Netgear RP614v2 #1
    > WAN Port:
    > IP: 192.168.0.3 ### dynamically assigned ###
    > Subnet mask: 255.255.255.0
    > DHCP: client
    > LAN Port:
    > IP: 192.168.1.1 ### static ###
    > Subnet mask: 255.255.255.0
    > DHCP: server
    > DHCP range: 192.168.1.2 - 50
    > ### one static route configured to printer: 192.168.0.2 ###
    >
    > Netgear RP614v2 #2
    > WAN Port:
    > IP: 192.168.0.6 ### dynamically assigned ###
    > Subnet mask: 255.255.255.0
    > DHCP: client ***
    > LAN Port:
    > IP: 192.168.2.1 ### static ###
    > Subnet mask: 255.255.255.0
    > DHCP: server
    > DHCP range: 192.168.2.2 - 50
    > ### one static route configured to printer: 192.168.0.2 ###
    >
    > All seems correctly configured:
    > 318 router is acting as DHCP server (on LAN side)
    > 614 routers are acting as DHCP clients (on WAN side)
    > and acting as DHCP servers (on LAN side)

    What value is there in employing DHCP between the 318 and the two 614s?
    Why not assign the 614s fixed IP addresses and avoid the whole issud of
    DHCP leases between the routers?
    >
    > All IPs are unique. (There were no duplicate IP's; that was a document/edit
    > error on my part...)
    >
    > To reiterate:
    > When error occurs, computers connected to failed 614 router can ping each
    > other, but not any of the routers (192.168.0.1, .1.1, or .2.1). Nor can they
    > ping the printer (static route in the 318 router). Power cycle the failed
    > router and all is well again for days (approx 10 days).
    >
    > Suggestions by some that the equipment isn't "professional" doesn't help. If
    > you can tell me *why* this is happening, and *why* more-"professional" brands
    > will fix the problem, your argument would be much more persuasive.
    >
    > Ideas? (I'm running out, right now...)
    >
    > Thanks,

    --
    There are 10 kinds of people in the world:
    those who understand binary, and those who don't.

    Tom Stiller

    PGP fingerprint = 5108 DDB2 9761 EDE5 E7E3
    7BDA 71ED 6496 99C0 C7CF
  8. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    "DaveC" <me@privacy.net> wrote in message
    news:0001HW.BCE3803F019E47AEF03055B0@news.individual.net...
    > On Wed, 2 Jun 2004 11:49:48 -0700, glen herrmannsfeldt wrote
    > (in article <gjpvc.36867$eY2.14387@attbi_s02>):
    >
    > > There are two questions. First are the DHCP leases given by the 614's
    > > to the connected computers. The other is the leases given by
    > > the 318 to the 614's. I would probably configure the 614's with
    > > static WAN addresses and default routes, but the normal instructions
    > > likely use DHCP.
    >
    > Indeed, I did use static addresses for the 614s, as someone else in this
    > thread pointed out.
    >
    > > The machines connected to the 614s should have some way to
    > > view their DHCP information, I believe IPCONFIG on windows
    > > machines. The setup system for the 614s should indicate the
    > > DHCP assignments given by the 318.
    >
    > What about for Mac OS 9.x? If I look at the TCP/IP info in the TCP control
    > panel, it has a "renew lease" button, but no details about the lease.
    >
    > When the router "fails", I am able to ping other computers in that (sub?)
    net
    > (ie, connected to the same 614). I just can't ping the 318 or anything
    > beyond, including the IP printer plugged into the 318.
    >
    > > I think the next thing I would do is give the 614's static
    > > WAN addresses and turn off the DHCP server on the 318.
    >
    > I have not turned off DHCP in the 318. I'll try this.

    this does stop you putting other devices on the interconnect LAN and using
    DHCP. Just assign the 614s addresses outside the DHCP range on the 318.

    FWIW i have 2 Netgears cascaded to isolate the "safe" wired LAN from
    wireless.

    topology is
    WAN - FR314 - wired LAN (4 PCs) - MR814 - wireless laptops.

    this lets wireless devices have internet access, but not get to wired shares
    and printers.
    >
    > > Post the network addresses and netmasks used for each of the
    > > three nets. That way we can figure out if they make sense.
    > > (There should not be any security related matters in posting them.)
    >
    > Netgear FVS318
    > WAN Port
    > IP 67.x.x.x
    > Subnet mask: 0.0.0.0
    > DHCP: no (basically functions as a bridge?)
    > one static route configured in this router for printer: 192.168.0.2
    >
    > LAN Port:
    > IP 192.168.0.1
    > Subnet mask: 255.255.255.0
    > DHCP: server
    > DHCP range: 192.168.0.2 - 100
    > RIP direction: both
    > RIP version: RIP-2B
    > MTU size: 1500 (default)
    >
    > Netgear RP614v2 #1
    > WAN Port:
    > IP: 192.168.0.3 **
    > Subnet mask: 255.255.255.0
    > DHCP: client ***
    > LAN Port:
    > IP: 192.168.1.1
    > Subnet mask: 255.255.255.0
    > DHCP: server
    > DHCP range: 192.168.1.2 - 50
    >
    > Netgear RP614v2 #2
    > WAN Port:
    > IP: 192.168.0.3 **
    > Subnet mask: 255.255.255.0
    > DHCP: client ***
    > LAN Port:
    > IP: 192.168.2.1
    > Subnet mask: 255.255.255.0
    > DHCP: server
    > DHCP range: 192.168.2.2 - 50
    >
    > Computers are all DHCP clients, no fixed IP's.
    >
    > ** The interface between the 318 and the 614s should use unique IP's,
    right?

    Yes.

    > The 318's LAN port IP is 192.168.0.1. The 614's WAN IP's are both
    > 192.168.0.3. Would this cause a problem? I'll check to confirm these IP's
    > when I go to the site in about an hour.

    certainly going to confuse the WAN attached router - how can it decide where
    to send return traffic?

    frankly i am surprised it worked OK for a while - it implies that the 2nd
    614 has some sort of workaround - maybe it ignores the configured address if
    it ARPs on power up and sees another device on that IP address.

    or if you "cloned" the config, maybe the 2 614s share other settings - like
    the WAN port MAC address, which might make things work by accident......

    >
    > *** The two 614's should be in "Client: no" mode, right (ie, neither
    Server
    > or Client)?

    if this is on the 614 WAN port then "no DHCP client" is correct

    >
    > All ideas welcome.
    >
    > Thanks,
    > --
    > DaveC
    > me@privacy.net
    > This is an invalid return address
    > Please reply in the news group
    --
    Regards

    Stephen Hope - return address needs fewer xxs
  9. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    "shope" <stephen_hope@xntlxworld.com> wrote:
    >FWIW i have 2 Netgears cascaded to isolate the "safe" wired LAN from
    >wireless.
    >
    >topology is
    >WAN - FR314 - wired LAN (4 PCs) - MR814 - wireless laptops.
    >
    >this lets wireless devices have internet access, but not get to wired shares
    >and printers.

    Do you only allow certain ports thru the MR814, or do you block
    NetBios, or what? I'd think to have real isolation you'd want:

    WAN -> RouterA -> (RouterB & WiFiRouter)

    and then hang the secure LAN off RouterB and the insecure stuff off
    WiFiRouter.

    --
    William Smith
    ComputerSmiths Consulting, Inc. www.compusmiths.com
  10. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet (More info?)

    "T. Sean Weintz" <sean@snerts-r-us.org> wrote in message
    news:10bsbmrr8ns491d@corp.supernews.com...
    > DaveC wrote:
    >
    > > I've set up 3 routers to provide security between two small networks,
    yet be
    > > able to share resources.
    > >
    > > The setup consists of a Speedstream DSL modem, a Netgear FVS318
    immediately
    > > downstream; and two RP614v2 routers plugged into the '318. All computers
    (6
    > > total) are plugged into the 614's.
    > >
    > >
    > <snip - problem description (one router hoses after 1 week)>
    >
    > Problem is likely that you are using low end consumer gear. The code on
    > those "routers" (to me calling these things routers is like calling a
    > gocart a car) tends to me not the most stable. Ya get what you pay for.
    >
    > Look into upgrading to some "real" routers. Try a sonicwall or
    > watchguard at the border of the dsl connection, and put "real" routers
    > (cisco 2600 series or nortel ARN) inside the border. and hook them all
    > up with real switches, for chrissake! no actual endpoint devices should
    > be plugged into routers (yes, I know, the '318's and 614 have the built
    > in switch. but these "routers" are giving you problems, aren't they?)
    >

    or - if you like integrated router / switches, try cisco 831s for a
    reasonable SOHO router with embedded 4 port switch...... even Cisco gets
    around to using good ideas :)

    see http://cisco.com/en/US/products/hw/routers/ps380/index.html
    for more than you ever wanted to know about mainstream low end routers.

    > --
    > Copyright 2004 T. Sean Weintz
    > This post may be copied freely without
    > the express permission of T. Sean Weintz.
    > T. Sean Weintz could care less.
    > T. Sean Weintz is in no way responsible for
    > the accuracy of any information contained in
    > any usenet postings claiming to be from
    > T. Sean Weintz. Users reading postings from
    > T. Sean Weintz do so at their own risk.
    > T. Sean Weintz will in no way be liable for
    > premature hair loss, divorce, insanity,
    > world hunger, or any other adverse relults
    > that may arise from reading any usenet
    > posting attributed to T. Sean Weintz
    >
    > ALSO - FWIW, The following WHOIS Record is years out of date:
    > Weintz, Sean (SW2893) tweintz@MAIL.IDT.NET
    > Sean Weintz
    > 462 Sixth Street , #A
    > Brooklyn, NY 11215
    --
    Regards

    Stephen Hope - return address needs fewer xxs
  11. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip,alt.internet.wireless (More info?)

    >> topology is
    >> WAN - FR314 - wired LAN (4 PCs) - MR814 - wireless laptops.

    I, too, don't understand how this can provide isolation of the wireless net
    from the wired. All traffic for the wireless subnet must pass through the
    wired net. Doesn't this make the wired segment -- by definition -- insecure?

    > WAN -> RouterA -> (RouterB & WiFiRouter)
    >
    > and then hang the secure LAN off RouterB and the insecure stuff off
    > WiFiRouter.

    Yeah, I also would use some configuration like this (view with monospace
    font):

    WAN
    |
    |
    |
    Router A
    | |
    | |
    | |
    Wireless Router B
    Router +------+------+------+
    ~ ~ | | |
    ~ ~ | | |
    ~ ~ | | |
    Wireless PC PC PC
    PCs

    This isolates the two sub nets from each other. I'm using a similar topology
    to isolate 2 wired subnets. They need to be wired in *parallel* to have
    complete isolation, don't they?
    --
    DaveC
    me@privacy.net
    This is an invalid return address
    Please reply in the news group
  12. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    DaveC wrote:

    > Update:

    > Netgear FVS318
    > WAN Port
    > IP 67.x.x.x
    > Subnet mask: 0.0.0.0

    I don't think it should ever be 0.0.0.0.

    > DHCP: no (basically functions as a bridge?)
    > ### Correction: no static routes for this router ###

    > LAN Port:
    > IP 192.168.0.1
    > Subnet mask: 255.255.255.0 ### static ###
    > DHCP: server
    > DHCP range: 192.168.0.2 - 100
    > RIP direction: both

    Probably you should turn RIP off. I can't see where it
    would cause problems here, but it can.

    > RIP version: RIP-2B
    > MTU size: 1500 (default)

    > Netgear RP614v2 #1
    > WAN Port:
    > IP: 192.168.0.3 ### dynamically assigned ###

    I would statically assign this, outside the DHCP range
    of the 318.

    > Subnet mask: 255.255.255.0
    > DHCP: client
    > LAN Port:
    > IP: 192.168.1.1 ### static ###
    > Subnet mask: 255.255.255.0
    > DHCP: server
    > DHCP range: 192.168.1.2 - 50
    > ### one static route configured to printer: 192.168.0.2 ###

    You should not need a static route here. Hosts on the 614 LANs
    should have a static route (DHCP assigned) to the 614s.
    Routers should always know how to get to the directly attached
    nets, unless you remove the route entry.

    The 614's should have a WAN side static default route,
    either through DHCP or statically assigned, pointing to the 318
    LAN side.

    > Netgear RP614v2 #2
    > WAN Port:
    > IP: 192.168.0.6 ### dynamically assigned ###
    > Subnet mask: 255.255.255.0
    > DHCP: client ***
    > LAN Port:
    > IP: 192.168.2.1 ### static ###
    > Subnet mask: 255.255.255.0
    > DHCP: server
    > DHCP range: 192.168.2.2 - 50
    > ### one static route configured to printer: 192.168.0.2 ###
    >
    > All seems correctly configured:
    > 318 router is acting as DHCP server (on LAN side)
    > 614 routers are acting as DHCP clients (on WAN side)
    > and acting as DHCP servers (on LAN side)
    >
    > All IPs are unique. (There were no duplicate IP's; that was a document/edit
    > error on my part...)
    >
    > To reiterate:
    > When error occurs, computers connected to failed 614 router can ping each
    > other, but not any of the routers (192.168.0.1, .1.1, or .2.1). Nor can they
    > ping the printer (static route in the 318 router). Power cycle the failed
    > router and all is well again for days (approx 10 days).
    >
    > Suggestions by some that the equipment isn't "professional" doesn't help. If
    > you can tell me *why* this is happening, and *why* more-"professional" brands
    > will fix the problem, your argument would be much more persuasive.
    >
    > Ideas? (I'm running out, right now...)

    The only other thing I can think of is thermal. Are the
    routers stacked so that one gets hotter? How about a fan
    blowing over them to cool them a little more.

    -- glen
  13. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    On Wed, 2 Jun 2004 16:21:30 -0700, Tom Stiller wrote
    (in article <tomstiller-0D7996.19213002062004@comcast.dca.giganews.com>):

    > What value is there in employing DHCP between the 318 and the two 614s?
    > Why not assign the 614s fixed IP addresses and avoid the whole issue of
    > DHCP leases between the routers?

    It does seem simpler, doesn't it. I'd be glad to try this solution. What is
    the range I should choose the static addresses from for the 614's?

    And just turn off DHCP on the LAN side of the 318? Anything else to it?

    Thanks,
    --
    DaveC
    me@privacy.net
    This is an invalid return address
    Please reply in the news group
  14. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    On Wed, 2 Jun 2004 23:26:33 -0700, glen herrmannsfeldt wrote
    (in article <twzvc.4081$uY.275@attbi_s53>):

    > DaveC wrote:

    >> Subnet mask: 0.0.0.0

    > I don't think it should ever be 0.0.0.0.

    How does one determine what this should be?

    >> RIP direction: both
    >> RIP version: RIP-2B

    > Probably you should turn RIP off. I can't see where it
    > would cause problems here, but it can.

    What is RIP? Where can I read about it?

    >> Netgear RP614v2 #1
    >> WAN Port:
    >> IP: 192.168.0.3 ### dynamically assigned ###

    > I would statically assign this, outside the DHCP range
    > of the 318.

    Or turn off DHCP on the 318 and assign a static IP in each of the 614's in
    what range? (If DHCP is off, can I assign 192.168.0.3, for example? Or is the
    DHCP range verboten even if DHCP is off?)

    >> ### one static route configured to printer: 192.168.0.2 ###

    > You should not need a static route here. Hosts on the 614 LANs
    > should have a static route (DHCP assigned) to the 614s.
    > Routers should always know how to get to the directly attached
    > nets, unless you remove the route entry.

    Haven't specifically removed any routes, yet no computer was able to access
    the IP of the networked printer (plugged into the 318). If I remove the
    static route, no client can print from that subnet.

    > The 614's should have a WAN side static default route,
    > either through DHCP or statically assigned, pointing to the 318
    > LAN side.

    With my limited (but growing) understanding of all things IP, I was baffled
    at this, also. I presumed that if clients could get to the WAN, they should
    be able to get to the printer. But they can't, without a static route.

    > The only other thing I can think of is thermal. Are the
    > routers stacked so that one gets hotter? How about a fan
    > blowing over them to cool them a little more.

    They're stacked one on top of the other, but vertically (ie, parallel with
    the wall) such that heat easily flows in one side and out the other, without
    heating up each other. Large storage room, always low-mid 70's (F)
    temperature.
    --
    DaveC
    me@privacy.net
    This is an invalid return address
    Please reply in the news group
  15. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    In article <0001HW.BCE4766600209BBFF03055B0@news.individual.net>,
    DaveC <me@privacy.net> wrote:

    > On Wed, 2 Jun 2004 16:21:30 -0700, Tom Stiller wrote
    > (in article <tomstiller-0D7996.19213002062004@comcast.dca.giganews.com>):
    >
    > > What value is there in employing DHCP between the 318 and the two 614s?
    > > Why not assign the 614s fixed IP addresses and avoid the whole issue of
    > > DHCP leases between the routers?
    >
    > It does seem simpler, doesn't it. I'd be glad to try this solution. What is
    > the range I should choose the static addresses from for the 614's?
    >
    > And just turn off DHCP on the LAN side of the 318? Anything else to it?
    >

    Yes, turn off the DHCP server for the LAN side of the 318 and configure
    the 614s to use fixed IP addresses. You should be able to use the
    current addresses, but check the manual for the 318 to see if there are
    constraints between allowable fixed IP addresses and DHCP ranges.

    Subnet masks should have 1s in (at least) all bit positions
    corresponding to the network address; the mask may be extended if the
    network employs is true subnetting. Your Class A address (67.x.x.x)
    should probably have a subnet mask of 255.0.0.0 and the class C
    addresses (192.x.x.x) should probably have masks of 255.255.255.0.

    --
    There are 10 kinds of people in the world:
    those who understand binary, and those who don't.

    Tom Stiller

    PGP fingerprint = 5108 DDB2 9761 EDE5 E7E3
    7BDA 71ED 6496 99C0 C7CF
  16. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet (More info?)

    shope wrote:

    > or - if you like integrated router / switches, try cisco 831s for a
    > reasonable SOHO router with embedded 4 port switch...... even Cisco gets
    > around to using good ideas :)
    >
    > see http://cisco.com/en/US/products/hw/routers/ps380/index.html
    > for more than you ever wanted to know about mainstream low end routers.

    er.. aren't some those the old linksys, relabled now that cisco bought
    them out? I have been told they (the linksys stuff) are absolute
    garbage, unstable as hell.

    >
    >>--
    >>Copyright 2004 T. Sean Weintz
    >>This post may be copied freely without
    >>the express permission of T. Sean Weintz.
    >>T. Sean Weintz could care less.
    >>T. Sean Weintz is in no way responsible for
    >>the accuracy of any information contained in
    >>any usenet postings claiming to be from
    >>T. Sean Weintz. Users reading postings from
    >>T. Sean Weintz do so at their own risk.
    >>T. Sean Weintz will in no way be liable for
    >>premature hair loss, divorce, insanity,
    >>world hunger, or any other adverse relults
    >>that may arise from reading any usenet
    >>posting attributed to T. Sean Weintz
    >>
    >>ALSO - FWIW, The following WHOIS Record is years out of date:
    >>Weintz, Sean (SW2893) tweintz@MAIL.IDT.NET
    >> Sean Weintz
    >> 462 Sixth Street , #A
    >> Brooklyn, NY 11215


    --
    Copyright 2004 T. Sean Weintz
    This post may be copied freely without
    the express permission of T. Sean Weintz.
    T. Sean Weintz could care less.
    T. Sean Weintz is in no way responsible for
    the accuracy of any information contained in
    any usenet postings claiming to be from
    T. Sean Weintz. Users reading postings from
    T. Sean Weintz do so at their own risk.
    T. Sean Weintz will in no way be liable for
    premature hair loss, divorce, insanity,
    world hunger, or any other adverse relults
    that may arise from reading any usenet
    posting attributed to T. Sean Weintz

    ALSO - FWIW, The following WHOIS Record is years out of date:
    Weintz, Sean (SW2893) tweintz@MAIL.IDT.NET
    Sean Weintz
    462 Sixth Street , #A
    Brooklyn, NY 11215
  17. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip,alt.internet.wireless (More info?)

    I have this same configuration at home. I've been thinking about exactly
    what you're saying. In the diagram, the wireless devices can see the
    individual wired devices with their individual IP addresses. The wired
    devices see the entire WLAN as a single IP address due to the NAT function
    in Router B.

    Putting the WLAN in the middle seems to make more sense: there would be a
    logical progression from the least secure network (Internet) to the
    mid-secure network (WLAN) to the most secure network (wired LAN). This
    means that traffic from the wired LAN to the Internet would pass through the
    WLAN. Although this seems insecure, that traffic will be even less secure
    when it gets to the Internet. Also, ONLY traffic to the Internet should
    pass through the WLAN. Broadcast traffic on the wired LAN will stay on the
    wired LAN, because broadcasts are not forwarded by routers, and unicasts
    between wired LAN devices will also not be forwarded.

    The reason that I put the wired router in the middle is that this router is
    also my print server. By putting it in the middle, the wireless devices can
    reach the printer. If I had put the WLAN in the middle, then the wired LAN
    and print server would be hidden behind the wired router's NAT function.

    Ron Bandes, CCNP, CTT+, etc.

    "DaveC" <me@privacy.net> wrote in message
    news:0001HW.BCE4715F001F6DFAF03055B0@news.individual.net...
    > >> topology is
    > >> WAN - FR314 - wired LAN (4 PCs) - MR814 - wireless laptops.
    >
    > I, too, don't understand how this can provide isolation of the wireless
    net
    > from the wired. All traffic for the wireless subnet must pass through the
    > wired net. Doesn't this make the wired segment -- by definition --
    insecure?
    >
    > > WAN -> RouterA -> (RouterB & WiFiRouter)
    > >
    > > and then hang the secure LAN off RouterB and the insecure stuff off
    > > WiFiRouter.
    >
    > Yeah, I also would use some configuration like this (view with monospace
    > font):
    >
    > WAN
    > |
    > |
    > |
    > Router A
    > | |
    > | |
    > | |
    > Wireless Router B
    > Router +------+------+------+
    > ~ ~ | | |
    > ~ ~ | | |
    > ~ ~ | | |
    > Wireless PC PC PC
    > PCs
    >
    > This isolates the two sub nets from each other. I'm using a similar
    topology
    > to isolate 2 wired subnets. They need to be wired in *parallel* to have
    > complete isolation, don't they?
    > --
    > DaveC
    > me@privacy.net
    > This is an invalid return address
    > Please reply in the news group
  18. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip,alt.internet.wireless (More info?)

    On Thu, 3 Jun 2004 08:09:19 -0700, Ron Bandes wrote
    (in article <zaHvc.1$jI2.323@news4.srv.hcvlny.cv.net>):

    > I have this same configuration at home.

    Not to niggle, but *which* config do you have?
    --
    DaveC
    me@privacy.net
    This is an invalid return address
    Please reply in the news group
  19. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    DaveC wrote:


    >>>Subnet mask: 0.0.0.0

    >>I don't think it should ever be 0.0.0.0.
    > How does one determine what this should be?

    For the WAN link it should be specified by your ISP,
    but at the least 255.0.0.0, but likely even more ones
    than that.

    >>>RIP direction: both
    >>>RIP version: RIP-2B

    >>Probably you should turn RIP off. I can't see where it
    >>would cause problems here, but it can.

    > What is RIP? Where can I read about it?

    RIP is Routing Information Protocol, to tell machines where
    to find routers, as in dynamic routing. It is possible
    that RIP will add routes or remove static routes that
    you add.

    >>>Netgear RP614v2 #1
    >>>WAN Port:
    >>>IP: 192.168.0.3 ### dynamically assigned ###

    >>I would statically assign this, outside the DHCP range
    >>of the 318.

    > Or turn off DHCP on the 318 and assign a static IP in each of the 614's in
    > what range? (If DHCP is off, can I assign 192.168.0.3, for example? Or is the
    > DHCP range verboten even if DHCP is off?)

    As you seem to understand, 192.168.x.y are class C nets, such
    that 192.168.x is the network part, and y is the host part.
    The netmask, default for 192.168 addresses, of 255.255.255.0,
    specifies that the first three octets are the (sub)network
    address and the last is the host. The first and last host
    address, 0 and 255, are reserved, so you have 254 possible hosts
    on each net. You could use DHCP for some of the 254 host
    addresses and static addresses for the rest. Absolutely do
    not assign static addresses within the DHCP range, as DHCP
    could then assign the address to another host.

    >>>### one static route configured to printer: 192.168.0.2 ###

    >>You should not need a static route here. Hosts on the 614 LANs
    >>should have a static route (DHCP assigned) to the 614s.
    >>Routers should always know how to get to the directly attached
    >>nets, unless you remove the route entry.
    >
    >
    > Haven't specifically removed any routes, yet no computer was able to access
    > the IP of the networked printer (plugged into the 318). If I remove the
    > static route, no client can print from that subnet.

    >>The 614's should have a WAN side static default route,
    >>either through DHCP or statically assigned, pointing to the 318
    >>LAN side.

    > With my limited (but growing) understanding of all things IP, I was baffled
    > at this, also. I presumed that if clients could get to the WAN, they should
    > be able to get to the printer. But they can't, without a static route.

    The router should be doing NAT, network address translation.
    It must, or you couldn't get out. Well, the 318 must do
    NAT, I suppose the 614's don't need to. If they aren't,
    you would need static routes on the 318 pointing to each of
    the 614s for the appropriate net. Is it possible that the 614s
    are not doing NAT?

    >>The only other thing I can think of is thermal. Are the
    >>routers stacked so that one gets hotter? How about a fan
    >>blowing over them to cool them a little more.

    > They're stacked one on top of the other, but vertically (ie, parallel with
    > the wall) such that heat easily flows in one side and out the other, without
    > heating up each other. Large storage room, always low-mid 70's (F)
    > temperature.

    That sounds cool enough, though heat tends to flow vertically
    unless they have fans blowing that direction.

    -- glen
  20. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    On Thu, 3 Jun 2004 10:09:55 -0700, glen herrmannsfeldt wrote
    (in article <CXIvc.1050$Sw.150@attbi_s51>):

    > As you seem to understand

    *barely* (see below)

    > 192.168.x.y are class C nets, such
    > that 192.168.x is the network part, and y is the host part.

    By "network" you mean that that 9 digits uniquely define a network segment,
    and by "host" you mean that the last 3 digits define one of 254 computers on
    that segment?

    > The netmask, default for 192.168 addresses, of 255.255.255.0,
    > specifies that the first three octets are the (sub)network
    > address and the last is the host.

    This is where I get a bit lost. If you've already targeted your destination
    computer by identifing a unique network segment with 9 digits and a computer
    with 3 more (as above), what's the purpose of defining a sub-segment within
    that already-defined network segment? I must have some understanding
    inverted...

    > The first and last host
    > address, 0 and 255, are reserved, so you have 254 possible hosts
    > on each net. You could use DHCP for some of the 254 host
    > addresses and static addresses for the rest. Absolutely do
    > not assign static addresses within the DHCP range, as DHCP
    > could then assign the address to another host.

    > That sounds cool enough, though heat tends to flow vertically
    > unless they have fans blowing that direction.

    Hmm... lemme try that again. They are stacked on top of each other (as they
    would be on a desk or shelf), but turned 90 degrees and the stack is bolted
    to the wall. So heat from one does not effect another (convection-wise,
    anyway).
    --
    DaveC
    me@privacy.net
    This is an invalid return address
    Please reply in the news group
  21. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    In article <0001HW.BCE3A4A40004E674F03055B0@news.individual.net>,
    DaveC <me@privacy.net> wrote:
    >
    > To reiterate:
    > When error occurs, computers connected to failed 614 router can ping each
    > other, but not any of the routers (192.168.0.1, .1.1, or .2.1). Nor can they
    > ping the printer (static route in the 318 router). Power cycle the failed
    > router and all is well again for days (approx 10 days).
    >

    approx 10 days, repeatable?
    well there goes my theory of a periodic/weekly cron job
    on one of the clients causing strife up the wire...

    Since you say it's always this particular one failing,
    I'd still be looking for something happening on that subnet,
    not necessarily inside the router box.
  22. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    On Wed, 2 Jun 2004 22:19:34 -0700, J.Random Luser wrote
    (in article <user-FEC552.17193403062004@scream.auckland.ac.nz>):

    > Since you say it's always this particular one failing,
    > I'd still be looking for something happening on that subnet,
    > not necessarily inside the router box.

    Suggestions? I'm clueless as to what would be causing it.

    The client's got a medical db program running on one computer acting as a
    server to the clients on the subnet. Other than that, just a browser.

    The confusing thing is that applications are identical on both subnets; the
    medical db app (MediMac) is running on both subnets. Identical subnets. One
    router bonks out every week or two.

    Stumped.
    --
    DaveC
    me@privacy.net
    This is an invalid return address
    Please reply in the news group
  23. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet (More info?)

    "T. Sean Weintz" <sean@snerts-r-us.org> wrote in message
    news:10bunusoeo2om3b@corp.supernews.com...
    > shope wrote:
    >
    > > or - if you like integrated router / switches, try cisco 831s for a
    > > reasonable SOHO router with embedded 4 port switch...... even Cisco gets
    > > around to using good ideas :)
    > >
    > > see http://cisco.com/en/US/products/hw/routers/ps380/index.html
    > > for more than you ever wanted to know about mainstream low end routers.
    >
    > er.. aren't some those the old linksys, relabled now that cisco bought
    > them out? I have been told they (the linksys stuff) are absolute
    > garbage, unstable as hell.

    No - real "cisco", and run IOS - same command line and tools as the bigger
    brothers. The earlier version such as the 80x and 82x have the same software
    versions and options, and pre-date cisco buying linksys.

    Work has a couple 1000 of various 8xx routers deployed on ISDN, DSL and
    other managed WANs.
    >
    > >
    > >>--
    > >>Copyright 2004 T. Sean Weintz
    > >>This post may be copied freely without
    > >>the express permission of T. Sean Weintz.
    > >>T. Sean Weintz could care less.
    > >>T. Sean Weintz is in no way responsible for
    > >>the accuracy of any information contained in
    > >>any usenet postings claiming to be from
    > >>T. Sean Weintz. Users reading postings from
    > >>T. Sean Weintz do so at their own risk.
    > >>T. Sean Weintz will in no way be liable for
    > >>premature hair loss, divorce, insanity,
    > >>world hunger, or any other adverse relults
    > >>that may arise from reading any usenet
    > >>posting attributed to T. Sean Weintz
    > >>
    > >>ALSO - FWIW, The following WHOIS Record is years out of date:
    > >>Weintz, Sean (SW2893) tweintz@MAIL.IDT.NET
    > >> Sean Weintz
    > >> 462 Sixth Street , #A
    > >> Brooklyn, NY 11215
    >
    >
    > --
    > Copyright 2004 T. Sean Weintz
    > This post may be copied freely without
    > the express permission of T. Sean Weintz.
    > T. Sean Weintz could care less.
    > T. Sean Weintz is in no way responsible for
    > the accuracy of any information contained in
    > any usenet postings claiming to be from
    > T. Sean Weintz. Users reading postings from
    > T. Sean Weintz do so at their own risk.
    > T. Sean Weintz will in no way be liable for
    > premature hair loss, divorce, insanity,
    > world hunger, or any other adverse relults
    > that may arise from reading any usenet
    > posting attributed to T. Sean Weintz
    >
    > ALSO - FWIW, The following WHOIS Record is years out of date:
    > Weintz, Sean (SW2893) tweintz@MAIL.IDT.NET
    > Sean Weintz
    > 462 Sixth Street , #A
    > Brooklyn, NY 11215
    --
    Regards

    Stephen Hope - return address needs fewer xxs
  24. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    <William P.N. Smith> wrote in message
    news:0jmsb0hi2lbh8v2mp3o1sfufmimf2japkr@4ax.com...
    > "shope" <stephen_hope@xntlxworld.com> wrote:
    > >FWIW i have 2 Netgears cascaded to isolate the "safe" wired LAN from
    > >wireless.
    > >
    > >topology is
    > >WAN - FR314 - wired LAN (4 PCs) - MR814 - wireless laptops.
    > >
    > >this lets wireless devices have internet access, but not get to wired
    shares
    > >and printers.
    >
    > Do you only allow certain ports thru the MR814, or do you block
    > NetBios, or what? I'd think to have real isolation you'd want:
    >
    > WAN -> RouterA -> (RouterB & WiFiRouter)
    >
    > and then hang the secure LAN off RouterB and the insecure stuff off
    > WiFiRouter.

    it isnt intended as a paranoia solution, just to limit access to Microsoft
    shares etc on the wired network from wireless.

    A knowledgeable hacker with some idea of the layout could probably break
    through - this layout limits netbios access since broadcast limiting and
    address translation get in the way, but that isnt going to stop fixed port /
    address attacks

    1 reason for this choice is similar to a later post - the wired to WAN
    router has URL filtering against an "adult" blocking database, and it was
    important to keep that in place for a couple of child laptops going to the
    internet, even when they use wireless.

    The next stage may be another router..........
    >
    > --
    > William Smith
    > ComputerSmiths Consulting, Inc. www.compusmiths.com
    --
    Regards

    Stephen Hope - return address needs fewer xxs
  25. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    "DaveC" <me@privacy.net> wrote in message
    news:0001HW.BCE3A4A40004E674F03055B0@news.individual.net...
    > Update:
    >

    <<SNIP>>

    >
    > All seems correctly configured:
    > 318 router is acting as DHCP server (on LAN side)
    > 614 routers are acting as DHCP clients (on WAN side)
    > and acting as DHCP servers (on LAN side)
    >
    > All IPs are unique. (There were no duplicate IP's; that was a
    document/edit
    > error on my part...)
    >
    > To reiterate:
    > When error occurs, computers connected to failed 614 router can ping each
    > other, but not any of the routers (192.168.0.1, .1.1, or .2.1). Nor can
    they
    > ping the printer (static route in the 318 router). Power cycle the failed
    > router and all is well again for days (approx 10 days).
    >
    > Suggestions by some that the equipment isn't "professional" doesn't help.
    If
    > you can tell me *why* this is happening, and *why* more-"professional"
    brands
    > will fix the problem, your argument would be much more persuasive.
    >
    > Ideas? (I'm running out, right now...)

    the golden rule when you dont understand what is going on, is look at it in
    detail.

    so - i suggest you put a hub between the 2 "layers" of routers, and use a
    sniffer to see what is going on - ethereal is a free packet capture tool you
    could use.

    capture something while everything while everything works.

    then try again when it is broken, and compare the 2 traces.

    and / or leave the sniffer running capturing traffic to a circular buffer or
    saving to disk, until something breaks, then stop the trace. with enough
    trace buffer you should have the details of what happened when the change
    occurs.
    >
    > Thanks,
    > --
    > DaveC
    > me@privacy.net
    > This is an invalid return address
    > Please reply in the news group
    --
    Regards

    Stephen Hope - return address needs fewer xxs
  26. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    On Thu, 3 Jun 2004 12:17:49 -0700, shope wrote
    (in article <eGLvc.721$b%1.471@newsfe1-gui.server.ntli.net>):

    > capture something while everything while everything works.
    >
    > then try again when it is broken, and compare the 2 traces.
    >
    > and / or leave the sniffer running capturing traffic to a circular buffer or
    > saving to disk, until something breaks, then stop the trace. with enough
    > trace buffer you should have the details of what happened when the change
    > occurs.

    Your approach seems to have your experience behind it. I'm sure it would work
    well and quickly.

    But my understanding of all things TCP and IP is probably a smidgen of yours,
    and it would take much training to understand whatever the buffer would
    contain. I'm quite sure that this would lead to the cause of the trouble, but
    I think I'm limited to "it could be that, so try this" troubleshooting.

    (I loath "shotgun troubleshooting"; it is the bane of an experienced and
    knowledgeable tech. But, there I am...)
    --
    DaveC
    me@privacy.net
    This is an invalid return address
    Please reply in the news group
  27. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip,alt.internet.wireless (More info?)

    "Ron Bandes" <RunderscoreBandes @yah00.com> wrote:
    >Putting the WLAN in the middle seems to make more sense: there would be a
    >logical progression from the least secure network (Internet) to the
    >mid-secure network (WLAN) to the most secure network (wired LAN).

    But wouldn't that allow anyone who got into your WiFi LAN to sniff
    traffic and play other games with the WiredLAN traffic?

    --
    William Smith
    ComputerSmiths Consulting, Inc. www.compusmiths.com
  28. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    DaveC wrote:

    > On Thu, 3 Jun 2004 10:09:55 -0700, glen herrmannsfeldt wrote
    > (in article <CXIvc.1050$Sw.150@attbi_s51>):

    (snip)

    >>192.168.x.y are class C nets, such
    >>that 192.168.x is the network part, and y is the host part.

    > By "network" you mean that that 9 digits uniquely define a network segment,
    > and by "host" you mean that the last 3 digits define one of 254 computers on
    > that segment?

    In this case, yes. Well, the division is actually in binary bits,
    and the 32 bit number is written as four eight bit numbers, each
    then written in decimal. So each of the four parts, separated
    by dots, can be between 0 and 255.

    >>The netmask, default for 192.168 addresses, of 255.255.255.0,
    >>specifies that the first three octets are the (sub)network
    >>address and the last is the host.

    > This is where I get a bit lost. If you've already targeted your destination
    > computer by identifing a unique network segment with 9 digits and a computer
    > with 3 more (as above), what's the purpose of defining a sub-segment within
    > that already-defined network segment? I must have some understanding
    > inverted...

    The subnet mask allows you to change the division between
    network and host within an organization, yet from outside
    (as for routing tables) it looks like one net.

    In your case, you could have used only the 192.168.0 net and,
    with subnetting, made four nets out of it. If you use
    255.255.255.192 for the subnet mask, you then have four
    subnets of 192.168.0 such that the hosts 1-62 are on the first,
    65-126 the second, 129-190 the third, and 193-254 the fourth.

    But there are plenty of private nets to go around, so there
    isn't much point in doing that. It is more useful for
    public nets.

    Somewhat later than subnets came supernets, where you could
    have a 255.255.254.0 netmask such that 192.168.0 and 192.168.1
    were both part of a single net with 510 hosts. Not everything
    supports that, as it came later, but most probably do.

    There should be plenty of explanations of subnet masks
    in IP books, maybe even in the router manual.

    >>The first and last host
    >>address, 0 and 255, are reserved, so you have 254 possible hosts
    >>on each net. You could use DHCP for some of the 254 host
    >>addresses and static addresses for the rest. Absolutely do
    >>not assign static addresses within the DHCP range, as DHCP
    >>could then assign the address to another host.

    >>That sounds cool enough, though heat tends to flow vertically
    >>unless they have fans blowing that direction.

    > Hmm... lemme try that again. They are stacked on top of each other (as they
    > would be on a desk or shelf), but turned 90 degrees and the stack is bolted
    > to the wall. So heat from one does not effect another (convection-wise,
    > anyway).

    OK, I see now. I think you are right, but it could be that they
    weren't designed well enough and it still gets too hot from
    conduction. I think 70's sounds fine to me, though.

    If the one that dies was in the middle I might still wonder.

    -- glen
  29. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    On Thu, 3 Jun 2004 20:04:16 -0700, glen herrmannsfeldt wrote
    (in article <QERvc.39939$3x.38476@attbi_s54>):

    >> Hmm... lemme try that again. They are stacked on top of each other (as
    >> they
    >> would be on a desk or shelf), but turned 90 degrees and the stack is
    >> bolted
    >> to the wall. So heat from one does not effect another (convection-wise,
    >> anyway).

    > OK, I see now. I think you are right, but it could be that they
    > weren't designed well enough and it still gets too hot from
    > conduction. I think 70's sounds fine to me, though.
    >
    > If the one that dies was in the middle I might still wonder.

    Nope. The one on top (outermost from the wall).
    --
    DaveC
    me@privacy.net
    This is an invalid return address
    Please reply in the news group
  30. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    "DaveC" <me@privacy.net> wrote in message
    news:0001HW.BCE4E37E00395AE0F03055B0@news.individual.net...
    > On Thu, 3 Jun 2004 12:17:49 -0700, shope wrote
    > (in article <eGLvc.721$b%1.471@newsfe1-gui.server.ntli.net>):
    >
    > > capture something while everything while everything works.
    > >
    > > then try again when it is broken, and compare the 2 traces.
    > >
    > > and / or leave the sniffer running capturing traffic to a circular
    buffer or
    > > saving to disk, until something breaks, then stop the trace. with enough
    > > trace buffer you should have the details of what happened when the
    change
    > > occurs.
    >
    > Your approach seems to have your experience behind it. I'm sure it would
    work
    > well and quickly.
    >
    > But my understanding of all things TCP and IP is probably a smidgen of
    yours,
    > and it would take much training to understand whatever the buffer would
    > contain. I'm quite sure that this would lead to the cause of the trouble,
    but
    > I think I'm limited to "it could be that, so try this" troubleshooting.

    the idea here is to compare "broken" with "working" - the differences should
    show up, and should be enough to send back to Netgear.

    If you can catch the transition from good to broken then you have a fighting
    chance of seeing the effect.

    and if all else fails, someone here should be able to help :)
    >
    > (I loath "shotgun troubleshooting"; it is the bane of an experienced and
    > knowledgeable tech. But, there I am...)
    > --
    > DaveC
    > me@privacy.net
    > This is an invalid return address
    > Please reply in the news group
    >
    --
    Regards

    Stephen Hope - return address needs fewer xxs
  31. Archived from groups: comp.sys.mac.comm,comp.sys.mac.hardware.misc,comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    DaveC <me@privacy.net> wrote:
    >
    > The client's got a medical db program running on one computer acting as a
    > server to the clients on the subnet. Other than that, just a browser.
    >
    > The confusing thing is that applications are identical on both subnets; the
    > medical db app (MediMac) is running on both subnets. Identical subnets. One
    > router bonks out every week or two.
    >

    Even if, & I would regard it as a big if, the apps and systems are
    identical on both subnets, user behaviour will not be...

    thinking outside the square do we have cats pulling cables,
    weather related problems,

    I see someone else suggested traffic sniffing, which should give some
    insight, sorry I don't have the clues to rig a circular buffer to hold a
    manageable piece of data either side of the fail point...
  32. Archived from groups: comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    If I turn off DHCP server in the 318 and use static IPs for the two 614's,
    what address is best to use?

    Private range of /16 addresses is 192.168.0.0 through 192.168.255.255,
    correct? If DHCP is set to "no", I can use any unique addresses in this range
    for my static IPs, yes? There is no "reserved" range of addresses for DHCP if
    it's off, correct?

    Thanks,
    --
    DaveC
    me@privacy.net
    This is an invalid return address
    Please reply in the news group
  33. Archived from groups: comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    "DaveC" <me@privacy.net> wrote in message
    news:0001HW.BCE726BE0042865DF03055B0@news.individual.net...
    > If I turn off DHCP server in the 318 and use static IPs for the two 614's,
    > what address is best to use?

    addresses within the subnet defined on the 318 router - unless you change
    the current 318 setup, then this is:
    192.168.0.2 up to 192.168.0.254

    usually makes sense with manually assigned addresses to make them easy to
    remember.........
    >
    > Private range of /16 addresses is 192.168.0.0 through 192.168.255.255,
    > correct?

    Yes. but lots of IP equipment still "understands" classful addresses, so you
    should use a mask of 255.255.255.0. this means each subnet you use has the
    1st 3 octets fixed.

    i.e. if you use 192.168.4.1 for the routers, all other devices would be
    192.168.4.x

    If DHCP is set to "no", I can use any unique addresses in this range
    > for my static IPs, yes?

    not exactly. the addresses within a specific subnet should fit "within" the
    mask - the mask just defines what is expected to be local, and what is
    accessed by sending the packets to a router for onward delivery.

    There is no "reserved" range of addresses for DHCP if
    > it's off, correct?

    you can use any address in a private network.

    the catch is - you cant talk to a remote network using the same addresses,
    since devices wouldnt know how to resolve the ambiguity (there are a couple
    of ways around this, but all are complex, limited, and cause issues with
    debugging and so on).

    since the RFC1918 addresses are guaranteed not to be used on the public
    internet, it makes sense to use them in a private network connected to the
    internet.

    The address blocks are:
    10.0.0.0 / 8
    172.16.0.0 / 12
    192.168.0.0 / 16

    >
    > Thanks,
    > --
    > DaveC
    > me@privacy.net
    > This is an invalid return address
    > Please reply in the news group
    --
    Regards

    Stephen Hope - return address needs fewer xxs
  34. Archived from groups: comp.dcom.lans.ethernet,comp.protocols.tcp-ip (More info?)

    shope wrote:

    > "DaveC" <me@privacy.net> wrote in message
    > news:0001HW.BCE726BE0042865DF03055B0@news.individual.net...

    (snip)

    >>Private range of /16 addresses is 192.168.0.0 through 192.168.255.255,
    >>correct?

    (snip)

    > The address blocks are:
    > 10.0.0.0 / 8
    > 172.16.0.0 / 12
    > 192.168.0.0 / 16

    In classful days, those were class A, B, and C respectively,
    and even today the default subnet masks are based on those
    classes, so 255.0.0.0, 255.255.0.0, and 255.255.255.0
    respectively.

    The /8, /12, and /16 indicate a range, or set of addresses,
    not implying that one should use the whole range.

    I believe in all three cases the most common subnet mask
    is 255.255.255.0. There is not much reason to use a smaller
    (fewer hosts) mask, except for really large organizations,
    and 254 hosts is plenty for a single ethernet.

    -- glen
Ask a new question

Read More

Routers Macintosh Networking