|
It's okay to use a dynamic DNS service. 
|
#
¿
Jun 7, 2012 00:46
|
|
|
|
| # ¿ Apr 16, 2024 23:11 |
|
|
Do you want to put the SB6121 recommendation into the Op too? And maybe a good DSL modem? It kind of fits in with the "why does my network suck".
|
|
#
¿
Jun 7, 2012 19:09
|
|
|
I just bought a 6121, I can still return it. Should I get the 6141 instead? I certainly don't have 300mbit downloads, but if the price is almost the same, will 300mbit be common soon? I also don't have TWC.
|
|
#
¿
Jun 9, 2012 01:57
|
|
|
Star War Sex Parrot posted:They're probably the exact same modem, just that the 6141 is brown-boxed as a TW OEM cable modem. Thanks. I'm normally a lot more willing to tweak with stuff, but I've been so frustrated by my mystery disconnections that I'm at my wits end. I installed the SB6121 today and it took about 30m on the phone with comcast to get it to work. Funny bugger assigned a 192.168.100.x address to my router until the network came up, and then gave it a public IP. In the mean time my router filled it's NAT forwarding table with the 192.168.100.x address, so when the IP changed to the real one it got very confused. Clearing the NAT translation tables fixed it, but it was pretty confusing to see 192.168.100.x outbound packets for a while. I was able to download a thing without being disconnected, so good news so far...
|
|
#
¿
Jun 9, 2012 02:02
|
|
|
What kind of certificate errors?
|
|
#
¿
Jun 9, 2012 18:48
|
|
|
I may be being paranoid but that is a lot like what you would see if you were being "attacked". Can you open up a cmd window and run: nslookup paypal.com nslookup facebook.com ping paypal.com ping facebook.com And paste the results here? There's nothing secret in the results, it's just where your computer thinks it should go to access those sites. Of course if someone is paying active attention, they'll read this post and yours before it and know you're on to them and stop what they're doing... Edit: And make sure the date on your PC is correct, while you're at it.
|
|
#
¿
Jun 9, 2012 23:59
|
|
|
Great. That all looks correct, but rather than just tell you what I think I'll  what I did so next time this comes up you/whoever can check yourself.So according to your DNS server at 192.168.1.1, which nslookup queried, the IP addresses for paypal.com are 173.0.88.35 and 173.0.84.3. To check who owns those IPs run "whois" on each address. Linux and BSD and maybe OSX have a whois tool, or you can google for whois, or just go here (which is a front-end to ARIN, but ARIN doesn't seem to offer an SSL version). Punch in the first address and select the IP address radio button and this is what we get: https://www.networksolutions.com/whois/results.jsp?ip=173.0.88.35 posted:NetRange: 173.0.80.0 - 173.0.95.255 All that looks pretty legit. It could be fake, but it's not too likely. Do the same for the Facebook IP addresses (the ones with the dots, ignore the ones with the colons) and check those, but they also look okay. Now look at the output from the ping commands. Did the ping for paypal pick one of the IP addresses that nslookup printed out? Looks like it, same for facebook. This rules out any hosts file manipulation, WINS bullshit, and possibly bad cached DNS entries. It looks like your computer is at least resolving names correctly, at least right now. Are you using Firefox? Do you get the "This Connection is Untrusted" page? What does it say under "Technical Details"? There's still a bunch of other things to check for, like arp poisoning, proxy servers, bad LSP drivers, etc. But this is a start I guess.
|
|
#
¿
Jun 10, 2012 02:14
|
|
|
stubblyhead posted:Nope, ssh is diasbled. I thought maybe it was actively refusing connections on that port, so I enabled sshd and moved it to port 2222, but still nothing. I've tried save, apply settings, and both. I would really hope that a 30/30/30 reset would not be required for something as simple as a new port forwarding rule, but I'll give that a shot later on. Do you need to add an allow rule to the firewall part, too? I don't know much about dd-wrt.
|
|
#
¿
Jun 11, 2012 06:48
|
|
|
How much bandwidth are you going to do? Juniper gear isn't really in the same league as the stuff in the rest of this thread.
|
|
#
¿
Jun 12, 2012 07:18
|
|
|
SamDabbers posted:Head over to the Mikrotik thread. A $100 RB2011 will push 100Mbps easily with QoS, VLANs, etc. I don't know about "easily", per router-board.com the unit can only do 41 mbit worth of small packets (though it would actually be doing NAT and not routing or bridging, so possibly a little less than that?), but I suppose small packets aren't that common. An SRX-100 would definitely be overkill, but they are really nice devices. Still cheaper are SSG-5's, but I haven't used a ScreenOS device in years. Netgear makes cheap firewalls, and their software has improved significantly in the last few years, but I can't find performance numbers for them. If it was me I'd probably hit up Matt at Express Computer Systems, who used to post on here and has sold me a bunch of gently used poo poo, and tell him what you're looking for.
|
|
#
¿
Jun 12, 2012 16:27
|
|
|
Wheelchair Stunts posted:I thought all the smart heads from Netscreen went to Fortinet rather than Juniper. The Netscreen line (now SSG) hasn't seen much in the way of updates as far as I can tell. It's definitely still well supported but the SRX series is what Juniper is putting their muscle behind if you ask me. The SRXs have taken on all the good features of the Netscreens anyway, so the only downside is the cost.
|
|
#
¿
Jun 13, 2012 23:07
|
|
|
Devian666 posted:pfsense caps out around the 3 gigabit mark so it should be suitable for handling the full bandwidth. But pfsense is software, and the total forwarding rate is going to depend on the hardware running the software?
|
|
#
¿
Jun 27, 2012 16:12
|
|
|
SamDabbers posted:While the network stack of FreeBSD has fine-grained locking for greater concurrency, pf is currently single-threaded (though a multi-threaded implementation is in development) which imposes an upper limit on throughput. I didn't know that, thanks for sharing. But even single threaded pf will scale with the instructions per second of the CPU, and on a dual-core system there's probably enough else for the second CPU to do (servicing interface interrupts/polling?) to keep it somewhat occupied. Throwing pfsense on an old laptop won't get you 3gbit/second, is all I'm saying.
|
|
#
¿
Jun 27, 2012 20:58
|
|
|
EmeraldCity posted:The short answer is, it depends what each port on your switch is capable of handling, not the overall switch. It might be advertised as backplane speed or something similar, but there aren't many 10g switches that I can think of that have a backplane speed that won't let you utilize all available interface bandwidth. Unless it's a dlink or something? Regardless the 10g port should at least be able to do > 1g. Perhaps he should tell us the model of the switch.
|
|
#
¿
Jul 6, 2012 19:33
|
|
|
Frozen-Solid posted:I just had a two hour chat log with Netgear support. They had me change CTS/RTS Threshold to 2304 from the 2347 default. We'll see if that does anything, but I doubt it. I can't imagine it will help, that's totally unrelated. How about just setting static IPs?
|
|
#
¿
Jul 20, 2012 22:46
|
|
|
Are you positive you only have one DHCP server enabled? It's possible that you had another DHCP server somewhere that was NACKing the renew request and causing your devices to sit around waiting for the DHCP servers to duel it out.
|
|
#
¿
Jul 23, 2012 02:03
|
|
|
Gothmog1065 posted:Still looking for an answer. Why would Windows have a dialog to configure it to use a static IP that it then later completely ignores, and no one has had a problem with this until now? It's more likely that you have something else going on that's changing that setting, not a part of Windows. I've certainly never seen that.
|
|
#
¿
Jul 27, 2012 22:10
|
|
|
You could plug everything into the same switch and disable DHCP/static IPs without a default gateway on all the hosts you don't want to access the internet.
|
|
#
¿
Aug 1, 2012 03:21
|
|
|
dox posted:i'm pointing to google dns running tomato Then DNS isn't your problem! Next time it fails try pinging 4.2.2.2 and see if the ping works or fails along with everything else.
|
|
#
¿
Aug 10, 2012 05:21
|
|
|
CuddleChunks posted:We shoot these bad boys all over the place. A mile shouldn't be any big deal point-to-point. Making sure you have a clean line of sight is the real issue. They will be much more sensitive to that than lower spectrum equipment (2.4 and lower). It's also important to note that "line of sight" doesn't mean "infinitely narrow line" so much as it means "zone"
|
|
#
¿
Aug 16, 2012 00:51
|
|
|
If there are only those 3 devices and 2 switches on the network, it would only help with transfers involving all 3 devices at once and only if the far right device is gigabit too.
|
|
#
¿
Sep 5, 2012 08:49
|
|
|
My friend has a WRT160Nv2 and complains the range isn't good enough to hit his back yard. He doesn't want to move the router but he's okay with replacing it, external antennas, etc. Any recommendations for a replacement? He's not super technical but he's willing to drop some cash. Ubiquiti?
|
|
#
¿
Sep 20, 2012 07:19
|
|
|
What do you plan to accomplish by doing this? Creating a vlan won't make anything faster.
|
|
#
¿
Oct 4, 2012 19:05
|
|
|
My apartment complex is crowded and so is the 2.4ghz spectrum. Not all my devices support 5ghz N, so would moving to 2.4ghz N be an improvement for me? Or would it be better if I focused on directional antennas?
|
|
#
¿
Oct 7, 2012 20:47
|
|
|
None of those blocked ports will run aground your P2P pirate ship. They're all HTTP/S, email, IRC, and Windows file sharing (over the internet).
|
|
#
¿
Oct 9, 2012 21:32
|
|
|
I'm pretty sure that list isn't a block of source and destination ports in both directions, otherwise users wouldn't be able to use a web browser. Usually providers block running IRC servers because of all of the collateral damage that tend to come along with them.
|
|
#
¿
Oct 10, 2012 01:30
|
|
|
It is enough to stop someone from accidentally clicking on your network and trying to connect, but it will hardly slow down anyone actually trying to connect to your network intentionally.
|
|
#
¿
Oct 17, 2012 09:16
|
|
|
I don't believe there is a specific concern as long as you're using >= Windows 7 or Server 2008.
Ninja Rope fucked around with this message at 01:35 on Oct 29, 2012 |
|
#
¿
Oct 29, 2012 01:32
|
|
|
Saalkin posted:Is this the right place to ask for help with the new network card I just bought or is this routers only chat? If it's in your home. If you rent you can ask but there's no guarantee we'll answer.
|
|
#
¿
Nov 4, 2012 04:16
|
|
|
Do you need a managed switch?
|
|
#
¿
Nov 8, 2012 02:50
|
|
|
revmoo posted:Don't need one but I'd rather have bells and whistles than not have them. I'm running a Debian box for a router if that tells you anything. My personal take on Netgear managed switches is that they can be a little janky. Lots of features and everything works like 99%, but sometimes poo poo like forcing 1gig on an interface or enabling flow control can cause ports to drop offline and only voodoo incantations can get them back. When it's stable it's pretty good, but I don't really love mine. For the price though it's hard to beat. I don't think you'll find anything else in the price range that's as good. The only thing I can think of is dlink, but I don't have any experience with those.
|
|
#
¿
Nov 8, 2012 06:46
|
|
|
Maybe I don't understand what you're trying to do, but if the iMac can already talk on both networks you don't need to add any routes. Connected routes are automatic.
|
|
#
¿
Nov 15, 2012 01:11
|
|
|
If the iMac can talk to the two networks already, you don't need to change anything on it except for enabling forwarding (which it sounds like you did). The routes you need to add are on the client devices. Is the air the same as the laptop? Can you make sure a device on 10.0.0.0/24 can ping a) the internet and b) the imac? Then do the same for a device on 10.0.1.0/24.
|
|
#
¿
Nov 15, 2012 02:23
|
|
|
Bob Morales posted:Right now we have a m0n0wall instance running on our ESX box. You can try doing it with m0n0wall. Put something in cron that runs every minute to check if the link is down, and if so fail over. Something like: ping -c 6 4.2.2.2 || ifconfig $ETHERNET down If your firewall rules are complicated and reference $ETHERNET then you'd have to reload separate rules each time you fail over, etc, and then you start to get further away from using the GUI. It looks like pfsense supports WAN failover, maybe you should try that?
|
|
#
¿
Nov 15, 2012 19:45
|
|
|
The Gadfly posted:Take port 80 for example Your ISP might filter port 80. Try a port > 1023 (and not 6667).
|
|
#
¿
Nov 28, 2012 05:04
|
|
|
Is NAT enabled? If DHCP is then NAT also probably is. Can you get the "WAN IP" or "Public IP" off of the router? Does it start with 10.x or 192.x?
|
|
#
¿
Nov 28, 2012 06:53
|
|
|
Did you mess with any of the advanced wireless settings like beacon interval or DTIM interval? If so make sure you reset those to the defaults.
|
|
#
¿
Nov 30, 2012 00:54
|
|
|
It's not unheard of for China/Chinese ISPs to re-write DNS replies to point wherever they would like (or nowhere at all).
|
|
#
¿
Nov 30, 2012 05:42
|
|
|
If you have a firewall enabled on that host (like the one that comes with Windows) that will be enough to keep you safe. It should be manageable enough that you can open the ports you need through your OSs firewall. Glad it's working.
|
|
#
¿
Dec 1, 2012 06:54
|
|
|
|
| # ¿ Apr 16, 2024 23:11 |
|
|
If it's THAT critical it stay running 24/7 you're in the wrong thread. You need something (or rather, 2+ somethings) from Juniper or Cisco (actual Cisco, not rebranded linksys).
|
|
#
¿
Dec 1, 2012 22:13
|
|