[OT] A tale of two firewalls

Over the last few months, I had been having sudden access losses while downloading files from the web. (Like long tracts from
rec.crafts.metalworking.) The symptom is that things are going OK, and suddenly all access to the internet is lost. It just stops. No error messages save timeout. If one walks away and comes back an hour later, access is found to have been restored.
I called COMCAST Tech Support twice. The first time, they concluded that I had a bad cable modem, and had me replace it, although their remote diagnostics found no problem. The modem (a Motorola SB5100) is leased, so all this cost me was a trip to their office. However, problem not solved.
The second time, I called while access was stalled. Remote diagnostics again found no problem. This time, tried connecting the computer direct to the modem, without the Linksys BEFSR81B firewall/router: Access restored.
After a long wrangle about my use of static IP addresses in my local network (COMCAST only knows dynamic addresses), Tech Support came up with just one plausible and testable hypothesis, that the Linksys dropped the ball when a new DHCP address was provided by the modem. This was tested by manually requesting a new address, and proved not to be the case. However, I had some difficulty gaining admin access to the router, and the router had again forgotten its non-default password. Very odd.
I decided that I needed another router, if only to have the ability to do A-vs-B tests, and bought a NetGear RP614v4 firewall/router. This worked right out of the box, with factory-default settings, and downloads were quite a lot faster than before. Hmm.
What I think happened is that the Linksys router, installed in December 2000, was OK with the then download speeds, 1.5 mbits/sec max, but choked on today's speeds, at least 6 mbits/sec, with peaks to 12 or 15 if the ads are to be believed, and the jammed router was stumbling and getting confused.
As for the wrangle about static addresses, in retrospect, I think I know the issue. COMCAST does not offer static IP addresses to home users, to prevent those home users from setting up web servers, and Tech Support has lots of canned responses to any mention of static addresses, and was having trouble understanding that this was different, that these static addresses were invisible outside of my local home network. (I use static addresses so devices that are powered up and down at random won't keep changing addresses.) I had to keep reminding them that static addresses were internet standards since the 1970s, predating DHCP by at least 20 years, and that yes COMCAST is expected to follow internet standards. They let slip that their database on me showed that "4 of 5 trouble calls from me were DHCP-related". The 1 of 5 will be when the original modem did in fact break. So, their fixation on static addresses blinded them.
Getting admin access to the brand new NetGear RP614 was a trip. The router kept trying to access a missing URL at Netgear. The available documentation was useless, and I had to call NetGear to learn the magic words to bypass this behaviour. This approach has to be costing them a lot - a call should not have been required. The router cost ~$70 at retail, and the average tech support call costs $30 or $40, so they probably have already lost money on this sale. Nor is it a good idea to depend on a URL for anything - they are far too short-lived.
Joe Gwinn
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

You mean OT-postings like this one?
Here is what your news-server-provider says: <http://www.comcast.net/terms/use.jsp See: Chapter newsgroups <http://www.comcast.net/terms/abuse.jsp
Nick
--
The modular DRO
<http://www.yadro.de>
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Nick Mller wrote:

You are off topic by pointing that out. Knock it off or I'll have to report you to snipped-for-privacy@arcor-online.net for constantly being off topic.
--
Service to my country? Been there, Done that, and I've got my DD214 to
prove it.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Following your logic, you _would_ have just qualified for a complaint. :-)
Nick
--
The modular DRO
<http://www.yadro.de>
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Nick Mller wrote:

Anyone up for a game of round robin logic? It can be implement with hand made relays. ;-)
--
Service to my country? Been there, Done that, and I've got my DD214 to
prove it.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Michael A. Terrell wrote:

Will they be made with metal?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Yes, and like the old (at that time he was young) Zuse made it. Hundreds of hand-filed relays!
Or how the admireable Babbcock (SP?) made his analytical engine. That was craftmanship.
Turing used only a paper strip, he wouldn't qualify for here.
Nick
--
The modular DRO
<http://www.yadro.de>
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

    A rather noisy computer. :-)

    I think that you mean "Babbage".
    That was indeed a beautiful bit of metalwork.

    At least -- for that project. But he certainly worked with relays and other bits of metal for the code-breaking engines during WW-II.
    Enjoy,         DoN.
--
Email: < snipped-for-privacy@d-and-d.com> | Voice (all times): (703) 938-4564
(too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
"Al A." wrote:

SSRs are no fun. ;-)
--
Service to my country? Been there, Done that, and I've got my DD214 to
prove it.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Joseph Gwinn wrote:

Much snippage....
I also have Comcast internet at home. I don't know whether I can help you, but I can make a few comments.
Comcast cable modems fail. The first one I had lasted about a year. Then I'd have to cycle power every couple of days. Then I'd have to cycle power, letting it cool down for several minutes. Then it failed hard and Comcast replaced it. I think I have a Motorola-made unit now.
Even though Comcast only has dynamic IP's, I use mine as static. On the average, it changes every 6-9 months. I don't run servers, but I do have a VPN between home and work. If the home IP changes I do have to reconfigure the routers at home and at work. If the IP changes at home I also have to change a couple of entries in my server at work so that I can ftp and forward email from home.
I use Linksys RV042 routers both at home and work. They seem a little more robust than most home-grade routers. I'm running 1.3.7.2 firmware in them and they are rock-solid.
Having the VPN lets me access the Win Server 2003 boxes and the netcam at work and lets me reprogram my Tivo from work (:
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I had the same experience. COMCAST uses only the Motorola modems unless one gets their home network package. Then they use either Linksys WCG200 or NetGear CG14WGv2, according to Tech Support. These are cable modem wireless-router/firewall units. I didn't want any wireless, and didn't trust them to solve my problem anyway, after all the prattle about static addresses.

I do know this trick, but have not had the need. As I said, I need static addresses only internally, so equipment that is powered up and down at random will nonetheless always have known and stable IP addresses.

Hmm. I really don't want a VPN at all. I spend enough time working as it is. Perhaps it would be better if your VPN router had a terrible accident? You know -- stepped on by a Bridgeport. Very sad.
Joe Gwinn
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Oh hey! Surprise, some Linksys kit crapped out.
I'd say Linksys is the Harbor Freight of networking, but that would be unfair to Harbor Freight and HF stuff actually works.
They're on the same shitlist as Belkin garbage.
-gc
--
It's unfortunate, but the way the American people are, now that they have
developed all this capability, instead of taking advantage of it, they'll
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Gene Cash wrote:

Um, not my experience.
I've had issues with Linksys, but not for a long, long time. I've had zero downtime with my corporate website/network and it uses a Linksys RV042.
If a tool analogy is in order, I'd say that Linksys is closer to Craftsman than HF.

Well, I guess we can agree about Belkin.

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

You know, I bet they all use the same chips inside; only the plastic skin and wall wart varies. All made by one factory deep in China or Malaysia.
Joe Gwinn
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
That is in poor taste. Linksys is made by a main line company. I have used them for years and they keep getting better and better. They were always to spec, but I got booster antenna for comm to the shop.
Remember these are built to a comm spec, the general stuff in it isn't. Martin Former IEEE EDS LIFE and COMM Society......
Martin H. Eastburn @ home at Lions' Lair with our computer lionslair at consolidated dot net NRA LOH & Endowment Member NRA Second Amendment Task Force Charter Founder IHMSA and NRA Metallic Silhouette maker & member http://lufkinced.com /
Gene Cash wrote:

-
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
"Martin H. Eastburn" wrote:

A division of Cisco.
--
Service to my country? Been there, Done that, and I've got my DD214 to
prove it.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Yes I know - long time part supplier and helped designs go better since I knew network stuff and terminations of transmission lines.
I also own stock. Martin
Martin H. Eastburn @ home at Lions' Lair with our computer lionslair at consolidated dot net NRA LOH & Endowment Member NRA Second Amendment Task Force Charter Founder IHMSA and NRA Metallic Silhouette maker & member http://lufkinced.com /
Michael A. Terrell wrote:

-
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Uh, no... Linksys just got bought by Cisco, and they're still crap. I have to deal with various models of their garbage at work every day.
-gc
--
It's unfortunate, but the way the American people are, now that they have
developed all this capability, instead of taking advantage of it, they'll
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Sounds like you need better information or better computers that are connected. They use their stuff inside so would know if something is crap.
If building a large farm concept - they will take a building and make one and prove concept. None of this - believe me stuff.
Cisco has been the owner of Linksys for some time not - nothing new.
Martin
Martin H. Eastburn @ home at Lions' Lair with our computer lionslair at consolidated dot net NRA LOH & Endowment Member NRA Second Amendment Task Force Charter Founder IHMSA and NRA Metallic Silhouette maker & member http://lufkinced.com /
Gene Cash wrote:

-
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
I will lay odds that your problem has nothing to do with either routers or firewalls. You have a fluxuating downstream power level. I had that problem with Cox. After replacing the router and all the cable back to the service entrance they finally sent a service person out with a tester and saw the fluxuating levels. Cox ended up having to send 3 trucks out for most of a day to monitor the line at various points in order to find the problem. They never told me what they found but my connection has been stable at between -2 and 0 dbmV ever since.
On your browser enter 192.168.100.1 to get to the modem. Click on SIGNAL and check the downstream power level. Refresh the display several times over a couple of minutes. It should be between -5dbm and +5 dbmV and not vary more than 1 or 2 dbmV. Ideally it should be at 0 dbmV. If the downstream signal gets to hot (over +5 or to weak (under -15) you will get exactly the symptoms you are seeing.
Upstream should be between 38 and 58 dbmV.
Unfortunately if the signal is outside limits the modem will not respond to your browser so you can't check it while it is failing. All you can do is see if it is unstable while connected. If the problem happens at about the same time every day start checking the power levels a few minutes before. If you see the power level start to rise or fall until the connection drops the problem is definitely on their side.
If you have trouble getting your modem to respond here is a page that can help you temporarily configure your PC to get to it. http://homepage.ntlworld.com/robin.d.h.walker/cmtips/signal.html
--
Glenn Ashmore

I'm building a 45' cutter in strip/composite. Watch my progress (or lack
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Polytechforum.com is a website by engineers for engineers. It is not affiliated with any of manufacturers or vendors discussed here. All logos and trade names are the property of their respective owners.