1. Home
  2. ⏣ General Metalworking
  3. [OT] A tale of two firewalls

[OT] A tale of two firewalls

Over the last few months, I had been having sudden access losses while downloading files from the web. (Like long tracts from rec.crafts.metalworking.) The symptom is that things are going OK, and suddenly all access to the internet is lost. It just stops. No error messages save timeout. If one walks away and comes back an hour later, access is found to have been restored.

I called COMCAST Tech Support twice. The first time, they concluded that I had a bad cable modem, and had me replace it, although their remote diagnostics found no problem. The modem (a Motorola SB5100) is leased, so all this cost me was a trip to their office. However, problem not solved.

The second time, I called while access was stalled. Remote diagnostics again found no problem. This time, tried connecting the computer direct to the modem, without the Linksys BEFSR81B firewall/router: Access restored.

After a long wrangle about my use of static IP addresses in my local network (COMCAST only knows dynamic addresses), Tech Support came up with just one plausible and testable hypothesis, that the Linksys dropped the ball when a new DHCP address was provided by the modem. This was tested by manually requesting a new address, and proved not to be the case. However, I had some difficulty gaining admin access to the router, and the router had again forgotten its non-default password. Very odd.

I decided that I needed another router, if only to have the ability to do A-vs-B tests, and bought a NetGear RP614v4 firewall/router. This worked right out of the box, with factory-default settings, and downloads were quite a lot faster than before. Hmm.

What I think happened is that the Linksys router, installed in December

2000, was OK with the then download speeds, 1.5 mbits/sec max, but choked on today's speeds, at least 6 mbits/sec, with peaks to 12 or 15 if the ads are to be believed, and the jammed router was stumbling and getting confused.

As for the wrangle about static addresses, in retrospect, I think I know the issue. COMCAST does not offer static IP addresses to home users, to prevent those home users from setting up web servers, and Tech Support has lots of canned responses to any mention of static addresses, and was having trouble understanding that this was different, that these static addresses were invisible outside of my local home network. (I use static addresses so devices that are powered up and down at random won't keep changing addresses.) I had to keep reminding them that static addresses were internet standards since the 1970s, predating DHCP by at least 20 years, and that yes COMCAST is expected to follow internet standards. They let slip that their database on me showed that "4 of 5 trouble calls from me were DHCP-related". The 1 of 5 will be when the original modem did in fact break. So, their fixation on static addresses blinded them.

Getting admin access to the brand new NetGear RP614 was a trip. The router kept trying to access a missing URL at Netgear. The available documentation was useless, and I had to call NetGear to learn the magic words to bypass this behaviour. This approach has to be costing them a lot - a call should not have been required. The router cost ~$70 at retail, and the average tech support call costs $30 or $40, so they probably have already lost money on this sale. Nor is it a good idea to depend on a URL for anything - they are far too short-lived.

Joe Gwinn

Reply to
Joseph Gwinn
Loading thread data ...

You mean OT-postings like this one?

Here is what your news-server-provider says: See: Chapter newsgroups

Nick

Reply to
Nick Müller

You are off topic by pointing that out. Knock it off or I'll have to report you to snipped-for-privacy@arcor-online.net for constantly being off topic.

Reply to
Michael A. Terrell

Following your logic, you _would_ have just qualified for a complaint. :-)

Nick

Reply to
Nick Müller

Anyone up for a game of round robin logic? It can be implement with hand made relays. ;-)

Reply to
Michael A. Terrell

Will they be made with metal?

Reply to
Al A.

Yes, and like the old (at that time he was young) Zuse made it. Hundreds of hand-filed relays!

Or how the admireable Babbcock (SP?) made his analytical engine. That was craftmanship.

Turing used only a paper strip, he wouldn't qualify for here.

Nick

Reply to
Nick Müller

A rather noisy computer. :-)

I think that you mean "Babbage".

That was indeed a beautiful bit of metalwork.

At least -- for that project. But he certainly worked with relays and other bits of metal for the code-breaking engines during WW-II.

Enjoy, DoN.

Reply to
DoN. Nichols

Much snippage....

I also have Comcast internet at home. I don't know whether I can help you, but I can make a few comments.

Comcast cable modems fail. The first one I had lasted about a year. Then I'd have to cycle power every couple of days. Then I'd have to cycle power, letting it cool down for several minutes. Then it failed hard and Comcast replaced it. I think I have a Motorola-made unit now.

Even though Comcast only has dynamic IP's, I use mine as static. On the average, it changes every 6-9 months. I don't run servers, but I do have a VPN between home and work. If the home IP changes I do have to reconfigure the routers at home and at work. If the IP changes at home I also have to change a couple of entries in my server at work so that I can ftp and forward email from home.

I use Linksys RV042 routers both at home and work. They seem a little more robust than most home-grade routers. I'm running 1.3.7.2 firmware in them and they are rock-solid.

Having the VPN lets me access the Win Server

2003 boxes and the netcam at work and lets me reprogram my Tivo from work (:
Reply to
Jim Stewart

SSRs are no fun. ;-)

Reply to
Michael A. Terrell

Oh hey! Surprise, some Linksys kit crapped out.

I'd say Linksys is the Harbor Freight of networking, but that would be unfair to Harbor Freight and HF stuff actually works.

They're on the same shitlist as Belkin garbage.

-gc

Reply to
Gene Cash

Um, not my experience.

I've had issues with Linksys, but not for a long, long time. I've had zero downtime with my corporate website/network and it uses a Linksys RV042.

If a tool analogy is in order, I'd say that Linksys is closer to Craftsman than HF.

Well, I guess we can agree about Belkin.

Reply to
Jim Stewart

I will lay odds that your problem has nothing to do with either routers or firewalls. You have a fluxuating downstream power level. I had that problem with Cox. After replacing the router and all the cable back to the service entrance they finally sent a service person out with a tester and saw the fluxuating levels. Cox ended up having to send 3 trucks out for most of a day to monitor the line at various points in order to find the problem. They never told me what they found but my connection has been stable at between -2 and 0 dbmV ever since.

On your browser enter 192.168.100.1 to get to the modem. Click on SIGNAL and check the downstream power level. Refresh the display several times over a couple of minutes. It should be between -5dbm and +5 dbmV and not vary more than 1 or 2 dbmV. Ideally it should be at 0 dbmV. If the downstream signal gets to hot (over +5 or to weak (under -15) you will get exactly the symptoms you are seeing.

Upstream should be between 38 and 58 dbmV.

Unfortunately if the signal is outside limits the modem will not respond to your browser so you can't check it while it is failing. All you can do is see if it is unstable while connected. If the problem happens at about the same time every day start checking the power levels a few minutes before. If you see the power level start to rise or fall until the connection drops the problem is definitely on their side.

If you have trouble getting your modem to respond here is a page that can help you temporarily configure your PC to get to it.

formatting link

Reply to
Glenn Ashmore

Have you done all the firmware updates available from Linksys?

Im glad its working for you. I rate NetGear slightly higher than D-Link..and both in my experience, suck the big one. YMMV of course.

Gunner

"A prudent man foresees the difficulties ahead and prepares for them; the simpleton goes blindly on and suffers the consequences."

- Proverbs 22:3

Reply to
Gunner

No. They never suggested one, and I suspect that the hardware has changed a lot since 1999 (when it was likely made). Firmware cannot increase the inherent speed of the hardware. Only decrease.

Linksys does continue to sell the BEFSR81 today, but I bet there have been a few versions since 1999.

Also, if I recall, the then update process required a PC; this is a Mac shop. But I don't have anything to lose for trying. Might be instructive.

I just looked. They do have a Mac process now, but my router is too old: new firmware is only for v3, not v2. Oh well. After six years, that router owes me little.

Joe

Reply to
Joseph Gwinn

The COMCAST folk can read the signal strength and history from their Tech Support center in Texas, and claimed that the signal strength was adequate. And I have not observed a problem since replacing the router.

I had been wondering how to get into the modem. I knew that it was possible. I'll try this. (I will have to bypass the router to get at the modem, but that's no problem. I'll just connect directly.)

More generally, does anybody know where I can get a manual for the Motorola SB5100?

That website is a goldmine. Thanks.

Joe Gwinn

Reply to
Joseph Gwinn

You know, I bet they all use the same chips inside; only the plastic skin and wall wart varies. All made by one factory deep in China or Malaysia.

Joe Gwinn

Reply to
Joseph Gwinn

I had the same experience. COMCAST uses only the Motorola modems unless one gets their home network package. Then they use either Linksys WCG200 or NetGear CG14WGv2, according to Tech Support. These are cable modem wireless-router/firewall units. I didn't want any wireless, and didn't trust them to solve my problem anyway, after all the prattle about static addresses.

I do know this trick, but have not had the need. As I said, I need static addresses only internally, so equipment that is powered up and down at random will nonetheless always have known and stable IP addresses.

Hmm. I really don't want a VPN at all. I spend enough time working as it is. Perhaps it would be better if your VPN router had a terrible accident? You know -- stepped on by a Bridgeport. Very sad.

Joe Gwinn

Reply to
Joseph Gwinn

On the other hand...algorythems and improvements can utilize the hardware better. Hence upgrades to firmware. They provide them to improve the hardware usage, not degrade it. Except for Microsoft of course....:(

Mac shop? Sorry to hear that.

I updated a Linksys AP..and it improved the throughput by a significant ammount.

Gunner

"A prudent man foresees the difficulties ahead and prepares for them; the simpleton goes blindly on and suffers the consequences."

- Proverbs 22:3

Reply to
Gunner

Up to a point, yes. More often to fix bugs. But six years is two or three lifetimes in consumer electronics.

It's a feature!

I'm sorry to hear about all those PC problems with viruses et al.

Any idea of the numerical improvement? Percentage increase, or a factor?

Joe

Reply to
Joseph Gwinn

PolyTech Forum website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.