[clug] Firewall settings on NetGear modem/router?

steve jenkin sjenkin at canb.auug.org.au
Sun Jun 28 15:08:20 GMT 2009


Felix Karpfen wrote on 28/6/09 12:16 PM:

The 834 is the top of the line domestic model, from what I know.
Setup & configuration is usually quick & painless :-(

For your other questions about allowing lots of 'inbound' pots, sounds
like you want to set up a "DMZ" (834 supports that IIRC).
You'll need the server locked down and doing it's own firewalling.

> I believe that the NetGear router gives that possibility.  Below is what
> I got.  I hope that it tells you what you wanted.
> 
> 	ROUTING tABLE
> 
> Destination		Mask			Gateway		Metric	Active
> 10.20.20.196		255.255.255.255		0.0.0.0		0	Yes
> 192.168.0.0		255.255.255.0		0.0.0.0		0	Yes
> 127.0.0.0		255.255.0.0		0.0.0.0		0	Yes
> 239.0.0.0		255.0.0.0		0.0.0.0		0	Yes
> 0.0.0.0			0.0.0.0			10.20.20.196	0	Yes

This tells you you've got a working ADSL link (implies username &
password) and It All Should Just Work.

> Router Status
>   
> Account Name	
> Firmware Version 	V5.01.09 
>   
> ADSL Port 
> MAC Address 	00:22:3F:51:D1:0F 
> IP Address 	203.213.66.164

=> ADSL external IP addr. Handly for those inbound connections you'll be
handling. [Dynamic DNS anyone?]


> Network Type 	PPPoE
> IP Subnet Mask 	255.255.255.255
> Gateway IP Address	10.20.20.196
> Domain Name Server 	203.12.160.35
> 203.12.160.36
>   
> LAN Port
> MAC Address 	00:22:3F:51:D1:0E
> IP Address 	192.168.0.1
> DHCP 		On
> IP Subnet Mask 	255.255.255.0

=> these 3 tell you that DHCP is 'working' and the range (implied 2..254
through subnet mask).

>   
> Modem 
> ADSL Firmware Version	A2pB023b.d20e
> Modem Status	Connected
> DownStream Connection Speed	1202 kbps
> UpStream Connection Speed	900 kbps

Strange... should you be getting 1500 downstream?
Min guaranteed by Telco's.

> VPI	8
> VCI	35
>   
>   
> Test ping - from command-line:
> ==============================
> 
> [felixk@ ~]$ ping 203.12.160.35
> PING 203.12.160.35 (203.12.160.35) 56(84) bytes of data.
> 
> --- 203.12.160.35 ping statistics ---
> 26 packets transmitted, 0 received, 100% packet loss, time 25008ms
> 
> ------
> 
> Also - for good measure - the output of "dhclient eth0:
> 
> 
> [root at carrot ~]# dhclient eth0
> Internet Software Consortium DHCP Client 2.0pl5
> Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium.
> All rights reserved.
> 
> Please contribute if you find this software useful.
> For info, please visit http://www.isc.org/dhcp-contrib.html
> 
> sit0: unknown hardware address type 776 ??
> sit0: unknown hardware address type 776 ??              
> Listening on LPF/eth0/00:0e:a6:7a:d9:45
> Sending on   LPF/eth0/00:0e:a6:7a:d9:45
> Sending on   Socket/fallback/fallback-net
> DHCPREQUEST on eth0 to 255.255.255.255 port 67
> DHCPACK from 192.168.0.1
> IOCADDRT: File exists
> bound to 192.168.0.2 -- renewal in 129600 seconds.

These responses tell you the LAN is working and the 834 is serving DHCP.

I don't play with dhcp client on linux much - can't tell you magic options.
I'm interpreting this as the DHCP has failed - you've already been given
192.168.0.2 & 'IOCADDRT: File exists' says.

This is the crux of your problem.

DHCP will automatically setup DNS & default external route - those are
the things that will tell you things are working for the client.


Two things to try (with Netgear fully working first - most important).

- reboot. Very 'windows', but it tests the whole setup.

- ifconfig "down" then "up" eth0. Then rerun dhclient.
  Sorry, don't know the magic/commands on your system for
  network interfaces.:-(

If you just want to explore just with dhclient, try 'release' your IP,
then another request, or try it a 'renew'.

'man dhclient' is your friend .



> -----
> 
> I hope that this provides "grist for the mills" and thank all who are
> taking an interest in my woes.
> 
> Felix Karpfen

Definitely grist for one mill :-)

HTH
stevej



-- 
Steve Jenkin, Info Tech, Systems and Design Specialist.
0412 786 915 (+61 412 786 915)
PO Box 48, Kippax ACT 2615, AUSTRALIA

sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin


More information about the linux mailing list