[clug] Firewall settings on NetGear modem/router?
steve jenkin
sjenkin at canb.auug.org.au
Sun Jun 28 15:08:20 GMT 2009
Felix Karpfen wrote on 28/6/09 12:16 PM:
The 834 is the top of the line domestic model, from what I know.
Setup & configuration is usually quick & painless :-(
For your other questions about allowing lots of 'inbound' pots, sounds
like you want to set up a "DMZ" (834 supports that IIRC).
You'll need the server locked down and doing it's own firewalling.
> I believe that the NetGear router gives that possibility. Below is what
> I got. I hope that it tells you what you wanted.
>
> ROUTING tABLE
>
> Destination Mask Gateway Metric Active
> 10.20.20.196 255.255.255.255 0.0.0.0 0 Yes
> 192.168.0.0 255.255.255.0 0.0.0.0 0 Yes
> 127.0.0.0 255.255.0.0 0.0.0.0 0 Yes
> 239.0.0.0 255.0.0.0 0.0.0.0 0 Yes
> 0.0.0.0 0.0.0.0 10.20.20.196 0 Yes
This tells you you've got a working ADSL link (implies username &
password) and It All Should Just Work.
> Router Status
>
> Account Name
> Firmware Version V5.01.09
>
> ADSL Port
> MAC Address 00:22:3F:51:D1:0F
> IP Address 203.213.66.164
=> ADSL external IP addr. Handly for those inbound connections you'll be
handling. [Dynamic DNS anyone?]
> Network Type PPPoE
> IP Subnet Mask 255.255.255.255
> Gateway IP Address 10.20.20.196
> Domain Name Server 203.12.160.35
> 203.12.160.36
>
> LAN Port
> MAC Address 00:22:3F:51:D1:0E
> IP Address 192.168.0.1
> DHCP On
> IP Subnet Mask 255.255.255.0
=> these 3 tell you that DHCP is 'working' and the range (implied 2..254
through subnet mask).
>
> Modem
> ADSL Firmware Version A2pB023b.d20e
> Modem Status Connected
> DownStream Connection Speed 1202 kbps
> UpStream Connection Speed 900 kbps
Strange... should you be getting 1500 downstream?
Min guaranteed by Telco's.
> VPI 8
> VCI 35
>
>
> Test ping - from command-line:
> ==============================
>
> [felixk@ ~]$ ping 203.12.160.35
> PING 203.12.160.35 (203.12.160.35) 56(84) bytes of data.
>
> --- 203.12.160.35 ping statistics ---
> 26 packets transmitted, 0 received, 100% packet loss, time 25008ms
>
> ------
>
> Also - for good measure - the output of "dhclient eth0:
>
>
> [root at carrot ~]# dhclient eth0
> Internet Software Consortium DHCP Client 2.0pl5
> Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium.
> All rights reserved.
>
> Please contribute if you find this software useful.
> For info, please visit http://www.isc.org/dhcp-contrib.html
>
> sit0: unknown hardware address type 776 ??
> sit0: unknown hardware address type 776 ??
> Listening on LPF/eth0/00:0e:a6:7a:d9:45
> Sending on LPF/eth0/00:0e:a6:7a:d9:45
> Sending on Socket/fallback/fallback-net
> DHCPREQUEST on eth0 to 255.255.255.255 port 67
> DHCPACK from 192.168.0.1
> IOCADDRT: File exists
> bound to 192.168.0.2 -- renewal in 129600 seconds.
These responses tell you the LAN is working and the 834 is serving DHCP.
I don't play with dhcp client on linux much - can't tell you magic options.
I'm interpreting this as the DHCP has failed - you've already been given
192.168.0.2 & 'IOCADDRT: File exists' says.
This is the crux of your problem.
DHCP will automatically setup DNS & default external route - those are
the things that will tell you things are working for the client.
Two things to try (with Netgear fully working first - most important).
- reboot. Very 'windows', but it tests the whole setup.
- ifconfig "down" then "up" eth0. Then rerun dhclient.
Sorry, don't know the magic/commands on your system for
network interfaces.:-(
If you just want to explore just with dhclient, try 'release' your IP,
then another request, or try it a 'renew'.
'man dhclient' is your friend .
> -----
>
> I hope that this provides "grist for the mills" and thank all who are
> taking an interest in my woes.
>
> Felix Karpfen
Definitely grist for one mill :-)
HTH
stevej
--
Steve Jenkin, Info Tech, Systems and Design Specialist.
0412 786 915 (+61 412 786 915)
PO Box 48, Kippax ACT 2615, AUSTRALIA
sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin
More information about the linux
mailing list