I am in something of a bind my normal internet access i no longer with us as the 2G mobile network has been tuned off and although I have many years experience on Linux, little of this has been with the network config as (almost) always works "out of the box". The current situation is a have a Dlink 4G modem router, this has an IP address of 192.168.0.1. This is to be connected to my fire wall machine (currently running Debian 7) via a cat 5 cable to eth0. This machine has a 2 ethernet port motherboard, the second port eth1 will be connected to a (I think) switch which has my other 4 machines connect to it. The IP address range is currently 92.168.1.1 (gateway) upwards with 6 address's in use. How is the firewall ports configured, is there a decent explantion on the net (remember I know little about the low level nuts and bolts but would like to find out. I assume the 2 ports on the firewall machine will use 2 different IP address, is there any logic in there allocation, I also assume the default route for this machine will be eth0 (the port connected to the 4G modem router. In Debian in the /etc/network/interfaces file how is the default route determined. Help, will be GREATLY appeciated. Trying to get new internet access for when the 2G network was gone has been a real struggle. At this location only 2 options are availible, NBN satelite and 4G mobile broadband, unfortunately there is little information anywhere on how to configure either of them for linux. I tried satelite NBN but could not get ANY kind of reliable connection. A 4G dongle will work on linux but I could find NO config information at all and it appears plenty have tried and failed. THe current solution has been adopted as it only means setting up ethernet ports and doing bit of routing. Lindsay
Hello Ray, On 8/18/17, Ray via luv-main <luv-main@luv.asn.au> wrote:
I am in something of a bind my normal internet access i no longer with us as the 2G mobile network has been tuned off and although I have many years experience on Linux, little of this has been with the network config as (almost) always works "out of the box".
There are changes, definitely for the worse. My experience was a little smoother, but I need to do better. When Telstra discontinued dial-up, I had to move to a 4G broadband mobile modem, and pay for 4G when I only get 3g from the local mobile phone tower. Since that is about 500 meters by copper pair, it is well within ADSL range, but the equipment there is ISDN, no longer available, and voice and mobile phone. Now I pay $40 a month for 4Gig. Extortion.
The current situation is a have a Dlink 4G modem router, this has an IP address of 192.168.0.1. This is to be connected to my fire wall machine (currently running Debian 7) via a cat 5 cable to eth0. This machine has a 2 ethernet port motherboard, the second port eth1 will be connected to a (I think) switch which has my other 4 machines connect to it.
That is better than the Netgear Aircard that they foisted on me. it is Wi-Fi only, until I spring for the cradle. Telstra have had reports of it "not working", their network does not provide a reliable connection configuration every time, their "solution" is to reboot remotely at times I have yet to see a pattern in. Sometimes that "breaks" a working setup. I will need the cradle on several grounds, including running _MY_ router or switch and setting up a home network.
The IP address range is currently 92.168.1.1 (gateway) upwards with 6 address's in use. How is the firewall ports configured, is there a decent explantion on the net (remember I know little about the low level nuts and bolts but would like to find out.
I assume the 2 ports on the firewall machine will use 2 different IP address, is there any logic in there allocation, I also assume the default route for this machine will be eth0 (the port connected to the 4G modem router. In Debian in the /etc/network/interfaces file how is the default route determined.
Help, will be GREATLY appeciated.
Trying to get new internet access for when the 2G network was gone has been a real struggle. At this location only 2 options are availible, NBN satelite and 4G mobile broadband, unfortunately there is little information anywhere on how to configure either of them for linux. I tried satelite NBN but could not get ANY kind of reliable connection. A 4G dongle will work on linux but I could find NO config information at all and it appears plenty have tried and failed. THe current solution has been adopted as it only means setting up ethernet ports and doing bit of routing.
When the NBN is sorted, you should be offered a mobile broadband modem on the NBN, much like what you have, but there are too many reports of problems. Tony Abbot promised the NBN cheaper, sooner and fast enough. As a result of the changes, it will cost even more, be later and slower. As to configuration on the firewall, that is the gateway, the rest of the network will "see" the internet through the IP address of that firewall machine that faces your network. You probably need to set up Network Address Translation / NAT. The "internal" network addresses need bear no relation to the IP addresses on the firewall and modem that face one another, that is where you need to do the routing from one ethernet port to the other on the gateway or firewall machine, and that routing is what will allow or prevent various connections. I have not even started networking, so cannot advise on the practicalities, I too need to read up and would appreciate information.
Lindsay
Regards, Mark Trickett
On 18.08.17 15:00, Mark Trickett via luv-main wrote:
When Telstra discontinued dial-up, I had to move to a 4G broadband mobile modem, and pay for 4G when I only get 3g from the local mobile phone tower. Since that is about 500 meters by copper pair, it is well within ADSL range, but the equipment there is ISDN, no longer available, and voice and mobile phone. Now I pay $40 a month for 4Gig. Extortion.
That is scary, as I'm planning to build and move out to half way between Sale and Bairnsdale, and that's all that's on offer out there. ATM I have 30Gig/month for $29.95/month here in Melbourne. A tenfold price hike is horrific. ...
When the NBN is sorted, you should be offered a mobile broadband modem on the NBN, much like what you have, but there are too many reports of problems. Tony Abbot promised the NBN cheaper, sooner and fast enough. As a result of the changes, it will cost even more, be later and slower.
AIUI, a second "Sky Muster" satellite has been sent up, but I've not heard of rural NBN suddenly becoming acceptable. I don't see how satellite could ever provide the bandwidth for tens of thousands of video downloads. And microwave towers aren't much better. If there's fibre to the mobile tower, then I'm only a bit more than 1 k.m. across the paddocks. Nothing short of FTTH will solve it, I figure. Erik
On 18/08/17 19:23, Erik Christiansen via luv-main wrote:
On 18.08.17 15:00, Mark Trickett via luv-main wrote:
When Telstra discontinued dial-up, I had to move to a 4G broadband mobile modem, and pay for 4G when I only get 3g from the local mobile phone tower. Since that is about 500 meters by copper pair, it is well within ADSL range, but the equipment there is ISDN, no longer available, and voice and mobile phone. Now I pay $40 a month for 4Gig. Extortion.
That is scary, as I'm planning to build and move out to half way between Sale and Bairnsdale, and that's all that's on offer out there. ATM I have 30Gig/month for $29.95/month here in Melbourne. A tenfold price hike is horrific.
I pay $59.99 for 50GB of 4G Plus data, just as a hotspot. Check out Optus network for your location. I never have problems. In fact, my "calling" mobile has 1.5GB of data, but most of the time it connects via the hotspot when I am out and about; that plan gives me unlimited AU calls/sms/mms as well. It is just $14.99 per month (12 month contract, byo plan). In terms of mobile data, just use a router that does the job -- although it might be better to plug it in to a computer directly if you need the public IP address on an interface -- then it is much like a plain old 56K type modem setup, but via 4G instead (still PPP). So, yes, do not over complicate things more than you need to. Cheers AndrewM
On 20.08.17 21:21, Andrew McGlashan via luv-main wrote:
On 18/08/17 19:23, Erik Christiansen via luv-main wrote:
That is scary, as I'm planning to build and move out to half way between Sale and Bairnsdale, and that's all that's on offer out there. ATM I have 30Gig/month for $29.95/month here in Melbourne. A tenfold price hike is horrific.
I pay $59.99 for 50GB of 4G Plus data, just as a hotspot. Check out Optus network for your location. I never have problems.
Ah, thanks for the competitive data point. In addition to the Telstra mobile tower ~1.5 km south, there's an Optus tower 1 km north, so reception won't be a problem.
In fact, my "calling" mobile has 1.5GB of data, but most of the time it connects via the hotspot when I am out and about; that plan gives me unlimited AU calls/sms/mms as well. It is just $14.99 per month (12 month contract, byo plan).
In terms of mobile data, just use a router that does the job -- although it might be better to plug it in to a computer directly if you need the public IP address on an interface -- then it is much like a plain old 56K type modem setup, but via 4G instead (still PPP). So, yes, do not over complicate things more than you need to.
With my ADSL from Internode, I have only a dynamic IP. I'd try to stay with them if they're competitive out there, and am not aware of any need for a static IP. Haven't used PPP since the old 56K modem days, using Solaris X86 at home, and it had PPP problems, nearly a quarter of a century ago. Erik
Hello Andrew, On 8/20/17, Andrew McGlashan via luv-main <luv-main@luv.asn.au> wrote:
On 18/08/17 19:23, Erik Christiansen via luv-main wrote:
On 18.08.17 15:00, Mark Trickett via luv-main wrote:
When Telstra discontinued dial-up, I had to move to a 4G broadband mobile modem, and pay for 4G when I only get 3g from the local mobile phone tower. Since that is about 500 meters by copper pair, it is well within ADSL range, but the equipment there is ISDN, no longer available, and voice and mobile phone. Now I pay $40 a month for 4Gig. Extortion.
That is scary, as I'm planning to build and move out to half way between Sale and Bairnsdale, and that's all that's on offer out there. ATM I have 30Gig/month for $29.95/month here in Melbourne. A tenfold price hike is horrific.
I pay $59.99 for 50GB of 4G Plus data, just as a hotspot. Check out Optus network for your location. I never have problems.
There are a few places where my Telstra mobile has no signal, but another person with Optus has coverage, but that is rare, it is not uncommon for the reverse. I have two towers nearby, the second being Optus, but I am not happy with Optus as a business.
In fact, my "calling" mobile has 1.5GB of data, but most of the time it connects via the hotspot when I am out and about; that plan gives me unlimited AU calls/sms/mms as well. It is just $14.99 per month (12 month contract, byo plan).
There is a profusion of plans, I actually have two mobile services when I only want one. The phone and the modem. Combining the two with the right equipment would help on prices, but i am not satisfied with what is on offer. An Android device, yes, but running Lineage from the start, and supported by Telstra, with timely updates. The other thing would be for them to provide ADSL, or better still DSL, it is under 1000 meters or so to the base of the mobile only 500phone tower, and enough customers who would use. The mobile modem reboots at times while I am using, nothing I am doing, and it did not do at first. Given that it gets fed a bad configuration now and then, I think it is done to try to fix those symptoms, but it just makes it worse. I have lost faith in how they all manage their networks, they are looking tlo maximise revenue and minimise costs, that is consumerist capitalism.
In terms of mobile data, just use a router that does the job -- although it might be better to plug it in to a computer directly if you need the public IP address on an interface -- then it is much like a plain old 56K type modem setup, but via 4G instead (still PPP). So, yes, do not over complicate things more than you need to.
For my situation, I am cursing that NetworkManager will prioritise the wired connection over the wi-fi as the default route. It is also that I will want wired network connections to the printers. It is assumptions, assume makes an ass out of you and me. I am looking at what could be and seeing what should be and seeing the deficiencies in the current offerings. It is aggravating that those who make such foolish decisions and provide the commercial pressures end up so well over renumerated.
Cheers AndrewM
Regards, Mark Trickett
I'm not sure why you would do any of this. Most (all?) off the shelf 4G capable routers will accept most (all?) USB 4G dongles. Plug it in, configure the router to use it. Your router should have all the required NAT and firewalling and so on built in, so you just plug all your ethernet devices into the downstream ports. Why would you bother with a separate firewall machine? If you want better control of your firewall rules then run openwrt or some such on the router. It sounds like you're over-complicating the problem. On Fri, Aug 18, 2017 at 1:53 PM, Ray via luv-main <luv-main@luv.asn.au> wrote:
I am in something of a bind my normal internet access i no longer with us as the 2G mobile network has been tuned off and although I have many years experience on Linux, little of this has been with the network config as (almost) always works "out of the box".
The current situation is a have a Dlink 4G modem router, this has an IP address of 192.168.0.1. This is to be connected to my fire wall machine (currently running Debian 7) via a cat 5 cable to eth0. This machine has a 2 ethernet port motherboard, the second port eth1 will be connected to a (I think) switch which has my other 4 machines connect to it.
The IP address range is currently 92.168.1.1 (gateway) upwards with 6 address's in use. How is the firewall ports configured, is there a decent explantion on the net (remember I know little about the low level nuts and bolts but would like to find out.
I assume the 2 ports on the firewall machine will use 2 different IP address, is there any logic in there allocation, I also assume the default route for this machine will be eth0 (the port connected to the 4G modem router. In Debian in the /etc/network/interfaces file how is the default route determined.
Help, will be GREATLY appeciated.
Trying to get new internet access for when the 2G network was gone has been a real struggle. At this location only 2 options are availible, NBN satelite and 4G mobile broadband, unfortunately there is little information anywhere on how to configure either of them for linux. I tried satelite NBN but could not get ANY kind of reliable connection. A 4G dongle will work on linux but I could find NO config information at all and it appears plenty have tried and failed. THe current solution has been adopted as it only means setting up ethernet ports and doing bit of routing.
Lindsay _______________________________________________ luv-main mailing list luv-main@luv.asn.au https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
On 18.08.2017 16:08, cory seligman wrote:
I'm not sure why you would do any of this.
Most (all?) off the shelf 4G capable routers will accept most (all?) USB 4G dongles. Plug it in, configure the router to use it.
Your router should have all the required NAT and firewalling and so on built in, so you just plug all your ethernet devices into the downstream ports.
Why would you bother with a separate firewall machine? If you want better control of your firewall rules then run openwrt or some such on the router.
It sounds like you're over-complicating the problem.
First, thanks for the replies from both Cory and Mark, as usual though simply writing about the problem gave me a better understanding, and I have a path to follow, a couple of points from the posts................ Cory said, "It sounds like you're over-complicating the problem" Lindsay replies, I understand the setup I now have, all I am effectively doing is removing the 2G usb dongle from the my firewall machine and substituting a 4G modem/router on an ethernet connection to the same box. I am quite happy with how my current firewall works and do not wish to have to take the time to workout how the fire wall rules work on the 4G modem/router, from experience this will likely to take a good deal of time. The current problem is well understood and should not be to difficult to work out. Comment from Marks post, I do not have to worry to much about the NBN, I am currently with Bendigo Telco XL plan, 50gig a month for $60 dollars, Its reliable and fast (on Windows XP anyway, I downloaded Debian 8.9.0 DVD disk 1 in 18 minutes). This is much CHEAPER than my previous mobile broadband plan with 10 times the data. The NBN satelite was $50 for 50gig, so the current setup compares well, support for NBN satellite for both technical and admin was pathetic, where as Bendigo is quite reasonable and readily availible. Lindsay Using Linux since 1993, kernel 0.96d.
On 18.08.17 13:53, Ray via luv-main wrote:
The current situation is a have a Dlink 4G modem router, this has an IP address of 192.168.0.1. This is to be connected to my fire wall machine (currently running Debian 7) via a cat 5 cable to eth0. This machine has a 2 ethernet port motherboard, the second port eth1 will be connected to a (I think) switch which has my other 4 machines connect to it.
While it is possible to run a firewall on a separate router host as you describe, all the modems I've used include the router and firewall functionality, as provided by the ISP, ready to go.
The IP address range is currently 92.168.1.1 (gateway) upwards with 6 address's in use. How is the firewall ports configured, is there a decent explantion on the net (remember I know little about the low level nuts and bolts but would like to find out.
Then it is highly advisable to begin with a simple set-up, and only make it more complicated if the modem really lacks a firewall. A single subnet, running off one router/modem port, with all your hosts plugged into a cheap little ethernet switch, conveniently located, could have you cruising in no time.
I assume the 2 ports on the firewall machine will use 2 different IP address, is there any logic in there allocation, I also assume the default route for this machine will be eth0 (the port connected to the 4G modem router. In Debian in the /etc/network/interfaces file how is the default route determined.
It is a long time since I mucked with static routing. You can use the route command to specify routes for subnets, subnet masks, and the IP of the gateway. You could use the two subnets you have; 192.168.0.0/24 and 92.168.1.0/24, one on each side of the firewall. In each case, the subnet mask would be 255.255.255.0. Looking at what I have on this host, talking directly to my modem, I see: $ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 denotes the default route, so here anything not for the local 192.168.1.0/24 subnet goes to the gateway (192.168.1.1), which is the modem. Really simple. There are a number of examples in the "route" manpage. I did some reading in the O'Reilly "TCP/IP Network Administration" book before cutting loose, but my copy is a quarter of a century old now. A quick google of "linux static routing howto" showed a bunch of promising hits. There's likely to be more current information in them. E.g. the "ip" command seems to be popular this century, so let's try: $ ip route default via 192.168.1.1 dev eth0 proto static 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2 That doesn't look as familiar as the netstat report to these old eyes, but it must be conceded that it is usefully informative and highly readable. A lot of reading, then some judicious fiddling, cannot fail to be educational - and possibly successful, in the end. I think we'd enjoy some questions along the way. You never know what cobwebs they could dust off.
Help, will be GREATLY appeciated.
Trying to get new internet access for when the 2G network was gone has been a real struggle. At this location only 2 options are availible, NBN satelite and 4G mobile broadband, unfortunately there is little information anywhere on how to configure either of them for linux. I tried satelite NBN but could not get ANY kind of reliable connection. A 4G dongle will work on linux but I could find NO config information at all and it appears plenty have tried and failed. THe current solution has been adopted as it only means setting up ethernet ports and doing bit of routing.
If there's no firewall functionality on the 4G modem, then you'll have to climb the networking learning curve, and what's linux for, but for having a fiddle - if you don't mind having to restore to base settings a couple of times while figuring it out. (The "ip route restore" command might be useful there.) Erik
On 18.08.2017 19:05, Erik Christiansen via luv-main wrote:
It is a long time since I mucked with static routing. You can use the route command to specify routes for subnets, subnet masks, and the IP of the gateway. You could use the two subnets you have; 192.168.0.0/24 and 92.168.1.0/24, one on each side of the firewall. In each case, the subnet mask would be 255.255.255.0.
Looking at what I have on this host, talking directly to my modem, I see:
$ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 denotes the default route, so here anything not for the local 192.168.1.0/24 subnet goes to the gateway (192.168.1.1), which is the modem. Really simple.
There are a number of examples in the "route" manpage. I did some reading in the O'Reilly "TCP/IP Network Administration" book before cutting loose, but my copy is a quarter of a century old now. A quick google of "linux static routing howto" showed a bunch of promising hits. There's likely to be more current information in them. E.g. the "ip" command seems to be popular this century, so let's try:
$ ip route default via 192.168.1.1 dev eth0 proto static 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2
That doesn't look as familiar as the netstat report to these old eyes, but it must be conceded that it is usefully informative and highly readable.
A lot of reading, then some judicious fiddling, cannot fail to be educational - and possibly successful, in the end. I think we'd enjoy some questions along the way. You never know what cobwebs they could dust off.
Help, will be GREATLY appeciated.
Trying to get new internet access for when the 2G network was gone has been a real struggle. At this location only 2 options are availible, NBN satelite and 4G mobile broadband, unfortunately there is little information anywhere on how to configure either of them for linux. I tried satelite NBN but could not get ANY kind of reliable connection. A 4G dongle will work on linux but I could find NO config information at all and it appears plenty have tried and failed. THe current solution has been adopted as it only means setting up ethernet ports and doing bit of routing.
If there's no firewall functionality on the 4G modem, then you'll have to climb the networking learning curve, and what's linux for, but for having a fiddle - if you don't mind having to restore to base settings a couple of times while figuring it out. (The "ip route restore" command might be useful there.)
Erik
Thanks for your input its been most helpfull, a couple of comments, I was a complex systems technician for almost 30 years, this has left me with a strong distaste for unnecasary complexity, also personally i LIKE to understand how everything I use works. On this problem as usuall, I am selling my self short on my knowledge of Linux networking (Note 1), I have actual done my own gateway machine with NAT and a firewall and while the DLink will do everything you said, trying to get it to replicate my gateway machine is not something I will find easy to do. I do know though the Dlink can be set in "pass through" mode where it only acts as a 4G reciever, connecting when the device is powered up, leaving me the only thing is changing the routing in my gateway machine, something that IS a WELL KNOWN (although not as yet by me) solution. As I was a tech a very long time I have NO fear of learning anything new................ I will put up what I have done to get it working in case it helps someone else Note 1: One will NEVER learn anything unless one is willing to listen. Lindsay
I am doing some testing on this set up and I am unable to talk to the Dlink 4G router, IT is connected by a short cat5 cable to the eth0. This port is setup with an address of 192.168.1.6 and is the default route for the machine. Eth1 is connected to my switch connected to my other machine, this port has an address of 192.168.1.1 (ie my gateway machine) Both interfaces are up. THe IP address of the Dlink 4G router is 192.168.0.1, when I point a browser at this address (either Firefox of links2) there is no response, ifconfig shows some data is excahanged (around 200 bytes tranmsited and 50 received, so the connection appears to work. What am I doing wrong, everyone makes out it is simple to communicate with these things. What config is required to talk to one of these self contained routers connected to an ethernet port. Lindsay
On 19.08.17 19:23, Ray via luv-main wrote:
I am doing some testing on this set up and I am unable to talk to the Dlink 4G router, IT is connected by a short cat5 cable to the eth0.
Of the firewall host mentioned upthread? (It is the only one described as having two ethernet ports, IIRC.)
This port is setup with an address of 192.168.1.6 and is the default route for the machine.
Sounds like the firewall. We'll keep guessing on this track. But that IP will only be seen by the modem (i.e. inward traffic), and the default route is for outward traffic, i.e. all the world's IPs other than your inboard subnet.
Eth1 is connected to my switch connected to my other machine, this port has an address of 192.168.1.1 (ie my gateway machine)
Now you have the 192.168.1.0/24 subnet on both sides of the firewall. Can you please post e.g. the output of "netstat -rn", to show how you're routing traffic through the firewall? (It can be split finer, but is it?)
Both interfaces are up. THe IP address of the Dlink 4G router is 192.168.0.1, when I point a browser at this address (either Firefox of links2) there is no response, ifconfig shows some data is excahanged (around 200 bytes tranmsited and 50 received, so the connection appears to work.
A forward route is only half the story. What do ping and traceroute report? Here, my modem is on the same subnet: $ ping router PING router (192.168.1.1) 56(84) bytes of data. 64 bytes from router (192.168.1.1): icmp_req=1 ttl=64 time=0.599 ms That tells me that there is a return path. $ traceroute router traceroute to router (192.168.1.1), 30 hops max, 60 byte packets 1 router (192.168.1.1) 0.548 ms 0.644 ms 0.836 ms If I had a firewall in between, that'd tell me whether I'm reaching the near port or the far one, IIRC.
What am I doing wrong, everyone makes out it is simple to communicate with these things.
It's not so simple that it can be done for the first time, without looking. And it's only simple after you've cancelled out the false assumptions, and done it right. E.g. a missing return route will stymie a ping, despite the forward path being peachy.
What config is required to talk to one of these self contained routers connected to an ethernet port.
Is the assumption that the router can't reply supported by a failed ping from the firewall host? If so, the long description above isn't part of the problem. If the router isn't trusted, temporarily substitute another host, using the same IP, and test your hops from both ends - as one might test the links of a chain. Assumptions tend to fall like dandruff, then. Happy hunting. :-) Erik
On 19.08.2017 20:23, Erik Christiansen via luv-main wrote:
On 19.08.17 19:23, Ray via luv-main wrote:
I am doing some testing on this set up and I am unable to talk to the Dlink 4G router, IT is connected by a short cat5 cable to the eth0.
Of the firewall host mentioned upthread? (It is the only one described as having two ethernet ports, IIRC.)
Yes
This port is setup with an address of 192.168.1.6 and is the default route for the machine.
Sounds like the firewall. We'll keep guessing on this track. But that IP will only be seen by the modem (i.e. inward traffic), and the default route is for outward traffic, i.e. all the world's IPs other than your inboard subnet.
Eth1 is connected to my switch connected to my other machine, this port has an address of 192.168.1.1 (ie my gateway machine)
Now you have the 192.168.1.0/24 subnet on both sides of the firewall. Can you please post e.g. the output of "netstat -rn", to show how you're routing traffic through the firewall? (It can be split finer, but is it?)
Both interfaces are up. THe IP address of the Dlink 4G router is 192.168.0.1, when I point a browser at this address (either Firefox of links2) there is no response, ifconfig shows some data is excahanged (around 200 bytes tranmsited and 50 received, so the connection appears to work.
A forward route is only half the story. What do ping and traceroute report? Here, my modem is on the same subnet:
This test shows that there is only a connection in one direction, ie no return path.
$ ping router PING router (192.168.1.1) 56(84) bytes of data. 64 bytes from router (192.168.1.1): icmp_req=1 ttl=64 time=0.599 ms
That tells me that there is a return path.
$ traceroute router traceroute to router (192.168.1.1), 30 hops max, 60 byte packets 1 router (192.168.1.1) 0.548 ms 0.644 ms 0.836 ms
If I had a firewall in between, that'd tell me whether I'm reaching the near port or the far one, IIRC.
What am I doing wrong, everyone makes out it is simple to communicate with these things.
It's not so simple that it can be done for the first time, without looking. And it's only simple after you've cancelled out the false assumptions, and done it right. E.g. a missing return route will stymie a ping, despite the forward path being peachy.
What config is required to talk to one of these self contained routers connected to an ethernet port.
Is the assumption that the router can't reply supported by a failed ping from the firewall host? If so, the long description above isn't part of the problem. If the router isn't trusted, temporarily substitute another host, using the same IP, and test your hops from both ends - as one might test the links of a chain. Assumptions tend to fall like dandruff, then.
Happy hunting. :-)
Erik
I do a bit of experimenting designing and building electronics, AM recievers, both using valves and transistors (no IC's) servo circuits etc, one thing this has shown me is do NOT assume ANY new components actually meet there spec's, you have to test ALL components for there spec's. Once I started to do this my success rate went way up, It appears this needs to be treated the same. I will shift the machine to one of my work benchs where I can get easy access to all parts, to allow proper testing to be done. A second point is I am going to have to find out (again!!, I have done it once before, quite some time ago) the "nuts and bolts" or the configuration of Debian's IFUPDOWN system. Sadly I have found Debian's reference manual is not to clear on this. It does make a point that, packages like the Network Manager should NOT be used for anything other than a desk top system with a single connection and the IFUPDOWN system to be used for anything complex. Many hanks again for your help, I will let all know how I am getting on. The situation is not critical as I do have internet access (from WIndows) via an isolated machine dual booting Linux and Windows XP. Its something of a pain to swap data via a USB thumb drive, but it DOES give me access. Lindsay
Hello Ray, On 8/20/17, Ray via luv-main <luv-main@luv.asn.au> wrote:
On 19.08.2017 20:23, Erik Christiansen via luv-main wrote:
On 19.08.17 19:23, Ray via luv-main wrote:
I am doing some testing on this set up and I am unable to talk to the Dlink 4G router, IT is connected by a short cat5 cable to the eth0.
Of the firewall host mentioned upthread? (It is the only one described as having two ethernet ports, IIRC.)
Yes
I think that the firewall machine may also fall into the category of a bridge because it bridges two networks together. That may give you some reference and a search term when looking to the configuration.
This port is setup with an address of 192.168.1.6 and is the default
route for the machine.
Sounds like the firewall. We'll keep guessing on this track. But that IP will only be seen by the modem (i.e. inward traffic), and the default route is for outward traffic, i.e. all the world's IPs other than your inboard subnet.
Eth1 is connected to my switch connected to my other machine, this port has an address of 192.168.1.1 (ie my gateway machine)
Now you have the 192.168.1.0/24 subnet on both sides of the firewall. Can you please post e.g. the output of "netstat -rn", to show how you're routing traffic through the firewall? (It can be split finer, but is it?)
Both interfaces are up. THe IP address of the Dlink 4G router is 192.168.0.1, when I point a browser at this address (either Firefox of links2) there is no response, ifconfig shows some data is excahanged (around 200 bytes tranmsited and 50 received, so the connection appears to work.
A forward route is only half the story. What do ping and traceroute report? Here, my modem is on the same subnet:
This test shows that there is only a connection in one direction, ie no return path.
To me, without actual hands on experience, but an interest in reading around the matter that it is an issue of the routing and iptables setup on the firewall, that it is currently set to drop all the incoming packets (or almost all), even when they are replies to outgoing packets. The firewall mostly needs to prevent incoming connection initiation, but needs to let in the returns from outgoing connection initiation.
$ ping router PING router (192.168.1.1) 56(84) bytes of data. 64 bytes from router (192.168.1.1): icmp_req=1 ttl=64 time=0.599 ms
That tells me that there is a return path.
$ traceroute router traceroute to router (192.168.1.1), 30 hops max, 60 byte packets 1 router (192.168.1.1) 0.548 ms 0.644 ms 0.836 ms
If I had a firewall in between, that'd tell me whether I'm reaching the near port or the far one, IIRC.
What am I doing wrong, everyone makes out it is simple to communicate with these things.
It's not so simple that it can be done for the first time, without looking. And it's only simple after you've cancelled out the false assumptions, and done it right. E.g. a missing return route will stymie a ping, despite the forward path being peachy.
What config is required to talk to one of these self contained routers connected to an ethernet port.
These self contained routers and modems often have a web interface for administration, commonly something like www://home or www://m.home the latter being what is mine
Is the assumption that the router can't reply supported by a failed ping from the firewall host? If so, the long description above isn't part of the problem. If the router isn't trusted, temporarily substitute another host, using the same IP, and test your hops from both ends - as one might test the links of a chain. Assumptions tend to fall like dandruff, then.
Happy hunting. :-)
Erik
I do a bit of experimenting designing and building electronics, AM recievers, both using valves and transistors (no IC's) servo circuits etc, one thing this has shown me is do NOT assume ANY new components actually meet there spec's, you have to test ALL components for there spec's. Once I started to do this my success rate went way up, It appears this needs to be treated the same. I will shift the machine to one of my work benchs where I can get easy access to all parts, to allow proper testing to be done.
A second point is I am going to have to find out (again!!, I have done it once before, quite some time ago) the "nuts and bolts" or the configuration of Debian's IFUPDOWN system. Sadly I have found Debian's reference manual is not to clear on this. It does make a point that, packages like the Network Manager should NOT be used for anything other than a desk top system with a single connection and the IFUPDOWN system to be used for anything complex.
Network Manager can do more complex things, but it is a pain. I too am having troubles getting my head around it all. It is well written and clear, once you know and understand the terminology and context. Getting that step is the issue for me. Were I close enough for the beginners workshops, I would pick up a lot quickly, trying on my own with a lot else to do is another matter.
Many hanks again for your help, I will let all know how I am getting on.
The situation is not critical as I do have internet access (from WIndows) via an isolated machine dual booting Linux and Windows XP. Its something of a pain to swap data via a USB thumb drive, but it DOES give me access.
I know and understand, these days I am running one PC which is Debian GNU Linux only, although I do have a second available for some tasks, it too is Linux, but an out of date Ubuntu. It does not have the RAM or processor or HDD space for an upgrade, just use as it is, but not networked.
Lindsay
Regards, Mark Trickett
On 20.08.17 07:50, Ray via luv-main wrote:
On 19.08.2017 20:23, Erik Christiansen via luv-main wrote:
A forward route is only half the story. What do ping and traceroute report? Here, my modem is on the same subnet:
This test shows that there is only a connection in one direction, ie no return path.
That's kinda what I expected. It is the likeliest omission when setting bridging routes. If you can ping the inboard host and the router from the firewall, then that confirms that the problem is entirely in the routes you have(n't) set to bridge the two subnets. Please feel free to post the output of "netstat -rn", or "ip route". Its output might be preferable, as it's more descriptive: $ ip route default via 192.168.1.1 dev eth0 proto static 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2 You'll need to see a similar default route to the router, plus a similar second route for traffic to the outboard subnet. That'll pass a ping through the firewall to the router, but not back. So you need a third path, to the inboard subnet. That must be on the _other_port_ in your case. To allow a /24 netmask to discriminate between inboard and outboard bound traffic you will need to move either the router and eth0 to another subnet, e.g. 192.168.2.0, or do that for your inboard hosts and eth1. Then the firewall has a way to tell which packets should go to which port. (Your bridge will then have two ends.) There is a fourth path needed - in the router. But if it returns pings from the firewall, then that's already there. Once that's all in place, a traceroute will show you the improvement. It's all a lot easier the second time. Erik
As suggested by a number of readers, I have gone back to basics and tried the "simple" approach. I connected the Dlink 4G router direct to an ethernet port on one of my machines, I simply disconnected the exist cat5 connector too my hub/switch and connected the Dlink. I tested the port prior to doing this and it worked OK and I still cannot get it (the Dlink) to work. ON switching on the device the Docs say the led that indicates a correct working Lan connction should come on steady and it does not, its flashing. If its cat5 cable is disconnected this led goes out and on reconnection comes back flashing. Three different cables were tried all behaved the same. Its unlikley that the DLink is faulty (allthough it cannot be completely ruled out), so for a "Simple" install there still must be some kind of custom config required. What actually is required for a simple direct on PC install, it appears standard eth0 setup does not work. Unfortunately when I restored the sim to my dongle and atarted windows I could NOT get an internet connection. After transfering the sim I tried my spare dongle this behaved the same way but worked correctly after it was "rebooted", what ever that does. Note: powering everything down did no good. I may get a router that will take dongles directly and see if a can get any more success. I may say this is P.....g me off no end currently particularly this comming directly after my main machines mother board failed. Note: I spent 30 years as a complex systems technician and such problems do not usually bother me but this is getting ....................... And not having a decent working internet connection is NOT helping AT ALL (as I cannot easily search for help). Lindsay
Hello Ray, On 8/21/17, Ray via luv-main <luv-main@luv.asn.au> wrote:
As suggested by a number of readers, I have gone back to basics and tried the "simple" approach. I connected the Dlink 4G router direct to an ethernet port on one of my machines, I simply disconnected the exist cat5 connector too my hub/switch and connected the Dlink. I tested the port prior to doing this and it worked OK and I still cannot get it (the Dlink) to work. ON switching on the device the Docs say the led that indicates a correct working Lan connction should come on steady and it does not, its flashing. If its cat5 cable is disconnected this led goes out and on reconnection comes back flashing. Three different cables were tried all behaved the same. Its unlikley that the DLink is faulty (allthough it cannot be completely ruled out), so for a "Simple" install there still must be some kind of custom config required.
From the foregoing, I would suspect the Dlink 4G router. I would get the supplier to demonstrate that it is working, going in to a Telstra shop or whomever the supplier is. That will establish a basic working state from which to get it working the way you want. As to ethernet cables, try a known straight through, and crossover cable. Both exist, and they are different. Most modern equipment is supposed to autosene and configure itself, but that too is a failure point.
What actually is required for a simple direct on PC install, it appears standard eth0 setup does not work. Unfortunately when I restored the sim to my dongle and atarted windows I could NOT get an internet connection. After transfering the sim I tried my spare dongle this behaved the same way but worked correctly after it was "rebooted", what ever that does. Note: powering everything down did no good. I may get a router that will take dongles directly and see if a can get any more success.
The USB dongles are yet another can of worms, one that I do not wish to chase down a rabbit hole.
I may say this is P.....g me off no end currently particularly this comming directly after my main machines mother board failed. Note: I spent 30 years as a complex systems technician and such problems do not usually bother me but this is getting ....................... And not having a decent working internet connection is NOT helping AT ALL (as I cannot easily search for help).
I have been having trouble getting photos off SD cards, I had a device to plug them into, then a USB port. That died, and the replacement I bought appeared to not work. Now it looks like the otherwise working powered 7 port USB hub is flaky. I now have two ways to read the cards, and a couple that do not work. Why? i would like to know, but do not expect any answers.
Lindsay
Regards, Mark Trickett
On 21.08.2017 18:29, Mark Trickett via luv-main wrote:
Hello Ray,
On 8/21/17, Ray via luv-main <luv-main@luv.asn.au> wrote:
As suggested by a number of readers, I have gone back to basics and tried the "simple" approach. I connected the Dlink 4G router direct to an ethernet port on one of my machines, I simply disconnected the exist cat5 connector too my hub/switch and connected the Dlink. I tested the port prior to doing this and it worked OK and I still cannot get it (the Dlink) to work. ON switching on the device the Docs say the led that indicates a correct working Lan connction should come on steady and it does not, its flashing. If its cat5 cable is disconnected this led goes out and on reconnection comes back flashing. Three different cables were tried all behaved the same. Its unlikley that the DLink is faulty (allthough it cannot be completely ruled out), so for a "Simple" install there still must be some kind of custom config required.
From the foregoing, I would suspect the Dlink 4G router. I would get the supplier to demonstrate that it is working, going in to a Telstra shop or whomever the supplier is. That will establish a basic working state from which to get it working the way you want. As to ethernet cables, try a known straight through, and crossover cable. Both exist, and they are different. Most modern equipment is supposed to autosene and configure itself, but that too is a failure point.
I have tried both straight and crossover cables and yes the Dlink is supposed to detect wha tthe cable is.
What actually is required for a simple direct on PC install, it appears standard eth0 setup does not work. Unfortunately when I restored the sim to my dongle and atarted windows I could NOT get an internet connection. After transfering the sim I tried my spare dongle this behaved the same way but worked correctly after it was "rebooted", what ever that does. Note: powering everything down did no good. I may get a router that will take dongles directly and see if a can get any more success.
The USB dongles are yet another can of worms, one that I do not wish to chase down a rabbit hole.
Yes USB dongles can be a problem, but one can usually come up with some kind of solution. A problem I have found with mobile broadband is I have found is that some providers DO NOT like sims being swapped between devices, with a 4G USB dongle router, I can safely swap the dongle between a USB port on WIndows and the router on Linux and not have the service locked out.
I may say this is P.....g me off no end currently particularly this comming directly after my main machines mother board failed. Note: I spent 30 years as a complex systems technician and such problems do not usually bother me but this is getting ....................... And not having a decent working internet connection is NOT helping AT ALL (as I cannot easily search for help).
I have been having trouble getting photos off SD cards, I had a device to plug them into, then a USB port. That died, and the replacement I bought appeared to not work. Now it looks like the otherwise working powered 7 port USB hub is flaky. I now have two ways to read the cards, and a couple that do not work. Why? i would like to know, but do not expect any answers.
Yes it can be a pain. I have 2 SD card readers, one is an external reader, the other occupies a 5 inch drive bay, I have never had any problems with either. A significant issue here is that USB while simple to use is VERY complex under the hood and the more complex something is the more problems one has in the end. Lindsay
Lindsay
Regards,
Mark Trickett _______________________________________________ luv-main mailing list luv-main@luv.asn.au https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
Hi Lindsay, I've re-read your original and drawn out what I think your set-up is (or was). A couple of questions that may help formulate an answer. What model is your D-Link 4G modem/router? Which device is providing DHCP for you other devices? Which device (presumably the D-Link) is providing a NAT service? On 21 August 2017 at 23:31, Ray via luv-main <luv-main@luv.asn.au> wrote:
On 21.08.2017 18:29, Mark Trickett via luv-main wrote:
Hello Ray,
On 8/21/17, Ray via luv-main <luv-main@luv.asn.au> wrote:
As suggested by a number of readers, I have gone back to basics and tried the "simple" approach. I connected the Dlink 4G router direct to an ethernet port on one of my machines, I simply disconnected the exist cat5 connector too my hub/switch and connected the Dlink. I tested the port prior to doing this and it worked OK and I still cannot get it (the Dlink) to work. ON switching on the device the Docs say the led that indicates a correct working Lan connction should come on steady and it does not, its flashing. If its cat5 cable is disconnected this led goes out and on reconnection comes back flashing. Three different cables were tried all behaved the same. Its unlikley that the DLink is faulty (allthough it cannot be completely ruled out), so for a "Simple" install there still must be some kind of custom config required.
From the foregoing, I would suspect the Dlink 4G router. I would get the supplier to demonstrate that it is working, going in to a Telstra shop or whomever the supplier is. That will establish a basic working state from which to get it working the way you want. As to ethernet cables, try a known straight through, and crossover cable. Both exist, and they are different. Most modern equipment is supposed to autosene and configure itself, but that too is a failure point.
I have tried both straight and crossover cables and yes the Dlink is supposed to detect wha tthe cable is.
What actually is required for a simple direct on PC install, it appears
standard eth0 setup does not work. Unfortunately when I restored the sim to my dongle and atarted windows I could NOT get an internet connection. After transfering the sim I tried my spare dongle this behaved the same way but worked correctly after it was "rebooted", what ever that does. Note: powering everything down did no good. I may get a router that will take dongles directly and see if a can get any more success.
The USB dongles are yet another can of worms, one that I do not wish to chase down a rabbit hole.
Yes USB dongles can be a problem, but one can usually come up with some kind of solution. A problem I have found with mobile broadband is I have found is that some providers DO NOT like sims being swapped between devices, with a 4G USB dongle router, I can safely swap the dongle between a USB port on WIndows and the router on Linux and not have the service locked out.
I may say this is P.....g me off no end currently particularly this
comming directly after my main machines mother board failed. Note: I spent 30 years as a complex systems technician and such problems do not usually bother me but this is getting ....................... And not having a decent working internet connection is NOT helping AT ALL (as I cannot easily search for help).
I have been having trouble getting photos off SD cards, I had a device to plug them into, then a USB port. That died, and the replacement I bought appeared to not work. Now it looks like the otherwise working powered 7 port USB hub is flaky. I now have two ways to read the cards, and a couple that do not work. Why? i would like to know, but do not expect any answers.
Yes it can be a pain. I have 2 SD card readers, one is an external reader, the other occupies a 5 inch drive bay, I have never had any problems with either. A significant issue here is that USB while simple to use is VERY complex under the hood and the more complex something is the more problems one has in the end.
Lindsay
Lindsay
Regards,
Mark Trickett _______________________________________________ luv-main mailing list luv-main@luv.asn.au https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
_______________________________________________ luv-main mailing list luv-main@luv.asn.au https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
-- Colin Fee tfeccles@gmail.com
On 22.08.2017 13:44, Colin Fee wrote:
Hi Lindsay,
I've re-read your original and drawn out what I think your set-up is (or was). A couple of questions that may help formulate an answer.
What model is your D-Link 4G modem/router?
Dlink DWR-921
Which device is providing DHCP for you other devices?
The network has no DHCP service, each machine has the same hosts file which has all my machines in it. I did it this way as I general use only a single machine, the network providing a simple way to exchange data, so there is no machine that is on all the time any machine is running.
Which device (presumably the D-Link) is providing a NAT service?
I have 5 machines all connected to a switch, one of these machines has an external connection, I have a firewall set upon this machine it as well provides the NAT service. I also have a caching name server (pdnsd) running, the resolv.conf of all machines point to this mmachine, pdnsd providing name service for anything not in the hosts file. What I would LIKE to do is replace the old 2G mobile external connection via a USB port with an 4G modem router confidured as straight through (Note: this is what a would LIKE, ie its not cast in stone) via a second ethernet port (ie no firewall or NAT, the Dlink can do this) Sadly I have not been able to get any response at all from the DLink as it (apparently) indicates the LAN conncetion to my switch is not functioning although tests I have done indicate it should be OK. Note: After yesterdays testing when my existing internet connection via a windows machine stopped working after swapping my sim between my USB 4G modem and the DLink and back I am getting some what "gun shy" of swapping the sim back and forth and I am considering getting a 4G router that uses a USB 4G modem for 4G access. I HAVE had trouble in the past from swapping sims between devices. The mobile network apparently does NOT like you doing this, swapping the usb modems though is not an issue. Note 2: I have ordered a router that uses a USB dongle for mobile broadband access. Lindsay
Hi Lindsay, This site might be worth looking at: http://www.ofmodemsandmen.com/index.html It doesn't list the Dlink that you have, but it might give you some ideas and perhaps have you thinking about other equipment that might suit. Cheers AndrewM
participants (6)
-
Andrew McGlashan -
Colin Fee -
cory seligman -
Erik Christiansen -
Mark Trickett -
zlinew9@virginbroadband.com.au