18 Aug
2017
18 Aug
'17
1:53 p.m.
I am in something of a bind my normal internet access i no longer with
us as the 2G mobile network has been tuned off and although I have many
years experience on Linux, little of this has been with the network
config as (almost) always works "out of the box".
The current situation is a have a Dlink 4G modem router, this has an IP
address of 192.168.0.1. This is to be connected to my fire wall machine
(currently running Debian 7) via a cat 5 cable to eth0. This machine has
a 2 ethernet port motherboard, the second port eth1 will be connected to
a (I think) switch which has my other 4 machines connect to it.
The IP address range is currently 92.168.1.1 (gateway) upwards with 6
address's in use. How is the firewall ports configured, is there a
decent explantion on the net (remember I know little about the low
level nuts and bolts but would like to find out.
I assume the 2 ports on the firewall machine will use 2 different IP
address, is there any logic in there allocation, I also assume the
default route for this machine will be eth0 (the port connected to the
4G modem router. In Debian in the /etc/network/interfaces file how is
the default route determined.
Help, will be GREATLY appeciated.
Trying to get new internet access for when the 2G network was gone has
been a real struggle. At this location only 2 options are availible, NBN
satelite and 4G mobile broadband, unfortunately there is little
information anywhere on how to configure either of them for linux. I
tried satelite NBN but could not get ANY kind of reliable connection. A
4G dongle will work on linux but I could find NO config information at
all and it appears plenty have tried and failed. THe current solution
has been adopted as it only means setting up ethernet ports and doing
bit of routing.
Lindsay
18 Aug
18 Aug
3 p.m.
Hello Ray,
On 8/18/17, Ray via luv-main <luv-main(a)luv.asn.au> wrote:
I am in something of a bind my normal internet access
i no longer with
us as the 2G mobile network has been tuned off and although I have many
years experience on Linux, little of this has been with the network
config as (almost) always works "out of the box".
There are changes, definitely for the worse. My experience was a
little smoother, but I need to do better. When Telstra discontinued
dial-up, I had to move to a 4G broadband mobile modem, and pay for 4G
when I only get 3g from the local mobile phone tower. Since that is
about 500 meters by copper pair, it is well within ADSL range, but the
equipment there is ISDN, no longer available, and voice and mobile
phone. Now I pay $40 a month for 4Gig. Extortion.
The current situation is a have a Dlink 4G modem
router, this has an IP
address of 192.168.0.1. This is to be connected to my fire wall machine
(currently running Debian 7) via a cat 5 cable to eth0. This machine has
a 2 ethernet port motherboard, the second port eth1 will be connected to
a (I think) switch which has my other 4 machines connect to it.
That is better than the Netgear Aircard that they foisted on me. it is
Wi-Fi only, until I spring for the cradle. Telstra have had reports of
it "not working", their network does not provide a reliable connection
configuration every time, their "solution" is to reboot remotely at
times I have yet to see a pattern in. Sometimes that "breaks" a
working setup. I will need the cradle on several grounds, including
running _MY_ router or switch and setting up a home network.
The IP address range is currently 92.168.1.1 (gateway)
upwards with 6
address's in use. How is the firewall ports configured, is there a
decent explantion on the net (remember I know little about the low
level nuts and bolts but would like to find out.
I assume the 2 ports on the firewall machine will use 2 different IP
address, is there any logic in there allocation, I also assume the
default route for this machine will be eth0 (the port connected to the
4G modem router. In Debian in the /etc/network/interfaces file how is
the default route determined.
Help, will be GREATLY appeciated.
Trying to get new internet access for when the 2G network was gone has
been a real struggle. At this location only 2 options are availible, NBN
satelite and 4G mobile broadband, unfortunately there is little
information anywhere on how to configure either of them for linux. I
tried satelite NBN but could not get ANY kind of reliable connection. A
4G dongle will work on linux but I could find NO config information at
all and it appears plenty have tried and failed. THe current solution
has been adopted as it only means setting up ethernet ports and doing
bit of routing.
When the NBN is sorted, you should be offered a mobile broadband modem
on the NBN, much like what you have, but there are too many reports of
problems. Tony Abbot promised the NBN cheaper, sooner and fast enough.
As a result of the changes, it will cost even more, be later and
slower.
As to configuration on the firewall, that is the gateway, the rest of
the network will "see" the internet through the IP address of that
firewall machine that faces your network. You probably need to set up
Network Address Translation / NAT. The "internal" network addresses
need bear no relation to the IP addresses on the firewall and modem
that face one another, that is where you need to do the routing from
one ethernet port to the other on the gateway or firewall machine, and
that routing is what will allow or prevent various connections. I have
not even started networking, so cannot advise on the practicalities, I
too need to read up and would appreciate information.
Lindsay
Regards,
Mark Trickett
7:23 p.m.
On 18.08.17 15:00, Mark Trickett via luv-main wrote:
When Telstra discontinued dial-up, I had to move to a
4G broadband
mobile modem, and pay for 4G when I only get 3g from the local mobile
phone tower. Since that is about 500 meters by copper pair, it is well
within ADSL range, but the equipment there is ISDN, no longer
available, and voice and mobile phone. Now I pay $40 a month for 4Gig.
Extortion.
That is scary, as I'm planning to build and move out to half way between
Sale and Bairnsdale, and that's all that's on offer out there. ATM I
have 30Gig/month for $29.95/month here in Melbourne. A tenfold price
hike is horrific.
...
When the NBN is sorted, you should be offered a mobile
broadband modem
on the NBN, much like what you have, but there are too many reports of
problems. Tony Abbot promised the NBN cheaper, sooner and fast enough.
As a result of the changes, it will cost even more, be later and
slower.
AIUI, a second "Sky Muster" satellite has been sent up, but I've not
heard of rural NBN suddenly becoming acceptable. I don't see how
satellite could ever provide the bandwidth for tens of thousands of
video downloads. And microwave towers aren't much better. If there's
fibre to the mobile tower, then I'm only a bit more than 1 k.m. across
the paddocks. Nothing short of FTTH will solve it, I figure.
Erik
20 Aug
20 Aug
9:21 p.m.
On 18/08/17 19:23, Erik Christiansen via luv-main wrote:
On 18.08.17 15:00, Mark Trickett via luv-main wrote:
I pay $59.99 for 50GB of 4G Plus data, just as a hotspot. Check out
Optus network for your location. I never have problems.
In fact, my "calling" mobile has 1.5GB of data, but most of the time it
connects via the hotspot when I am out and about; that plan gives me
unlimited AU calls/sms/mms as well. It is just $14.99 per month (12
month contract, byo plan).
In terms of mobile data, just use a router that does the job -- although
it might be better to plug it in to a computer directly if you need the
public IP address on an interface -- then it is much like a plain old
56K type modem setup, but via 4G instead (still PPP). So, yes, do not
over complicate things more than you need to.
Cheers
AndrewM
When Telstra discontinued dial-up, I had to move
to a 4G broadband
mobile modem, and pay for 4G when I only get 3g from the local mobile
phone tower. Since that is about 500 meters by copper pair, it is well
within ADSL range, but the equipment there is ISDN, no longer
available, and voice and mobile phone. Now I pay $40 a month for 4Gig.
Extortion.
That is scary, as I'm planning to build and move out to half way between
Sale and Bairnsdale, and that's all that's on offer out there. ATM I
have 30Gig/month for $29.95/month here in Melbourne. A tenfold price
hike is horrific.
9:54 p.m.
On 20.08.17 21:21, Andrew McGlashan via luv-main wrote:
On 18/08/17 19:23, Erik Christiansen via luv-main
wrote:
Ah, thanks for the competitive data point. In addition to the Telstra
mobile tower ~1.5 km south, there's an Optus tower 1 km north, so
reception won't be a problem.
That is scary, as I'm planning to build and
move out to half way between
Sale and Bairnsdale, and that's all that's on offer out there. ATM I
have 30Gig/month for $29.95/month here in Melbourne. A tenfold price
hike is horrific.
I pay $59.99 for 50GB of 4G Plus data, just as a hotspot. Check out
Optus network for your location. I never have problems. In fact, my "calling" mobile has 1.5GB of
data, but most of the time it
connects via the hotspot when I am out and about; that plan gives me
unlimited AU calls/sms/mms as well. It is just $14.99 per month (12
month contract, byo plan).
In terms of mobile data, just use a router that does the job -- although
it might be better to plug it in to a computer directly if you need the
public IP address on an interface -- then it is much like a plain old
56K type modem setup, but via 4G instead (still PPP). So, yes, do not
over complicate things more than you need to.
With my ADSL from Internode, I have only a dynamic IP. I'd try to stay
with them if they're competitive out there, and am not aware of any need
for a static IP.
Haven't used PPP since the old 56K modem days, using Solaris X86 at
home, and it had PPP problems, nearly a quarter of a century ago.
Erik
21 Aug
21 Aug
8:12 a.m.
Hello Andrew,
On 8/20/17, Andrew McGlashan via luv-main <luv-main(a)luv.asn.au> wrote:
On 18/08/17 19:23, Erik Christiansen via luv-main wrote:
There are a few places where my Telstra mobile has no signal, but
another person with Optus has coverage, but that is rare, it is not
uncommon for the reverse. I have two towers nearby, the second being
Optus, but I am not happy with Optus as a business.
On 18.08.17 15:00, Mark Trickett via luv-main
wrote:
I pay $59.99 for 50GB of 4G Plus data, just as a hotspot. Check out
Optus network for your location. I never have problems. When Telstra discontinued dial-up, I had to move
to a 4G broadband
mobile modem, and pay for 4G when I only get 3g from the local mobile
phone tower. Since that is about 500 meters by copper pair, it is well
within ADSL range, but the equipment there is ISDN, no longer
available, and voice and mobile phone. Now I pay $40 a month for 4Gig.
Extortion.
That is scary, as I'm planning to build and move out to half way between
Sale and Bairnsdale, and that's all that's on offer out there. ATM I
have 30Gig/month for $29.95/month here in Melbourne. A tenfold price
hike is horrific. In fact, my "calling" mobile has 1.5GB of
data, but most of the time it
connects via the hotspot when I am out and about; that plan gives me
unlimited AU calls/sms/mms as well. It is just $14.99 per month (12
month contract, byo plan).
There is a profusion of plans, I actually have two mobile services
when I only want one. The phone and the modem. Combining the two with
the right equipment would help on prices, but i am not satisfied with
what is on offer. An Android device, yes, but running Lineage from the
start, and supported by Telstra, with timely updates. The other thing
would be for them to provide ADSL, or better still DSL, it is under
1000 meters or so to the base of the mobile only 500phone tower, and
enough customers who would use.
The mobile modem reboots at times while I am using, nothing I am
doing, and it did not do at first. Given that it gets fed a bad
configuration now and then, I think it is done to try to fix those
symptoms, but it just makes it worse. I have lost faith in how they
all manage their networks, they are looking tlo maximise revenue and
minimise costs, that is consumerist capitalism.
In terms of mobile data, just use a router that does
the job -- although
it might be better to plug it in to a computer directly if you need the
public IP address on an interface -- then it is much like a plain old
56K type modem setup, but via 4G instead (still PPP). So, yes, do not
over complicate things more than you need to.
For my situation, I am cursing that NetworkManager will prioritise the
wired connection over the wi-fi as the default route. It is also that
I will want wired network connections to the printers. It is
assumptions, assume makes an ass out of you and me. I am looking at
what could be and seeing what should be and seeing the deficiencies in
the current offerings. It is aggravating that those who make such
foolish decisions and provide the commercial pressures end up so well
over renumerated.
Cheers
AndrewM
Regards,
Mark Trickett
18 Aug
18 Aug
4:08 p.m.
I'm not sure why you would do any of this.
Most (all?) off the shelf 4G capable routers will accept most (all?) USB 4G
dongles. Plug it in, configure the router to use it.
Your router should have all the required NAT and firewalling and so on
built in, so you just plug all your ethernet devices into the downstream
ports.
Why would you bother with a separate firewall machine? If you want better
control of your firewall rules then run openwrt or some such on the router.
It sounds like you're over-complicating the problem.
On Fri, Aug 18, 2017 at 1:53 PM, Ray via luv-main <luv-main(a)luv.asn.au>
wrote:
I am in something of a bind my normal internet access
i no longer with us
as the 2G mobile network has been tuned off and although I have many years
experience on Linux, little of this has been with the network config as
(almost) always works "out of the box".
The current situation is a have a Dlink 4G modem router, this has an IP
address of 192.168.0.1. This is to be connected to my fire wall machine
(currently running Debian 7) via a cat 5 cable to eth0. This machine has a
2 ethernet port motherboard, the second port eth1 will be connected to a
(I think) switch which has my other 4 machines connect to it.
The IP address range is currently 92.168.1.1 (gateway) upwards with 6
address's in use. How is the firewall ports configured, is there a decent
explantion on the net (remember I know little about the low level nuts and
bolts but would like to find out.
I assume the 2 ports on the firewall machine will use 2 different IP
address, is there any logic in there allocation, I also assume the default
route for this machine will be eth0 (the port connected to the 4G modem
router. In Debian in the /etc/network/interfaces file how is the default
route determined.
Help, will be GREATLY appeciated.
Trying to get new internet access for when the 2G network was gone has
been a real struggle. At this location only 2 options are availible, NBN
satelite and 4G mobile broadband, unfortunately there is little information
anywhere on how to configure either of them for linux. I tried satelite NBN
but could not get ANY kind of reliable connection. A 4G dongle will work on
linux but I could find NO config information at all and it appears plenty
have tried and failed. THe current solution has been adopted as it only
means setting up ethernet ports and doing bit of routing.
Lindsay
_______________________________________________
luv-main mailing list
luv-main(a)luv.asn.au
https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
7:30 p.m.
On 18.08.2017 16:08, cory seligman wrote:
I'm not sure why you would do any of this.
Most (all?) off the shelf 4G capable routers will accept most (all?)
USB 4G dongles. Plug it in, configure the router to use it.
Your router should have all the required NAT and firewalling and so on
built in, so you just plug all your ethernet devices into the
downstream ports.
Why would you bother with a separate firewall machine? If you want
better control of your firewall rules then run openwrt or some such on
the router.
It sounds like you're over-complicating the problem.
First, thanks for the replies from both Cory and Mark, as usual though
simply writing about the problem gave me a better understanding, and I
have a path to follow, a couple of points from the posts................
Cory said, "It sounds like you're over-complicating the problem"
Lindsay replies, I understand the setup I now have, all I am effectively
doing is removing the 2G usb dongle from the my firewall machine and
substituting a 4G modem/router on an ethernet connection to the same
box. I am quite happy with how my current firewall works and do not wish
to have to take the time to workout how the fire wall rules work on the
4G modem/router, from experience this will likely to take a good deal of
time. The current problem is well understood and should not be to
difficult to work out.
Comment from Marks post, I do not have to worry to much about the NBN, I
am currently with Bendigo Telco XL plan, 50gig a month for $60 dollars,
Its reliable and fast (on Windows XP anyway, I downloaded Debian 8.9.0
DVD disk 1 in 18 minutes). This is much CHEAPER than my previous mobile
broadband plan with 10 times the data. The NBN satelite was $50 for
50gig, so the current setup compares well, support for NBN satellite for
both technical and admin was pathetic, where as Bendigo is quite
reasonable and readily availible.
Lindsay
Using Linux since 1993, kernel 0.96d.
7:05 p.m.
On 18.08.17 13:53, Ray via luv-main wrote:
The current situation is a have a Dlink 4G modem
router, this has an IP
address of 192.168.0.1. This is to be connected to my fire wall machine
(currently running Debian 7) via a cat 5 cable to eth0. This machine has a 2
ethernet port motherboard, the second port eth1 will be connected to a (I
think) switch which has my other 4 machines connect to it.
While it is possible to run a firewall on a separate router host as you
describe, all the modems I've used include the router and firewall
functionality, as provided by the ISP, ready to go.
The IP address range is currently 92.168.1.1 (gateway)
upwards with 6
address's in use. How is the firewall ports configured, is there a decent
explantion on the net (remember I know little about the low level nuts and
bolts but would like to find out.
Then it is highly advisable to begin with a simple set-up, and only make
it more complicated if the modem really lacks a firewall. A single subnet,
running off one router/modem port, with all your hosts plugged into a
cheap little ethernet switch, conveniently located, could have you
cruising in no time.
I assume the 2 ports on the firewall machine will use
2 different IP
address, is there any logic in there allocation, I also assume the default
route for this machine will be eth0 (the port connected to the 4G modem
router. In Debian in the /etc/network/interfaces file how is the default
route determined.
It is a long time since I mucked with static routing. You can use the
route command to specify routes for subnets, subnet masks, and the IP of
the gateway. You could use the two subnets you have; 192.168.0.0/24 and
92.168.1.0/24, one on each side of the firewall. In each case, the
subnet mask would be 255.255.255.0.
Looking at what I have on this host, talking directly to my modem, I
see:
$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 denotes the default route, so here anything not for the local
192.168.1.0/24 subnet goes to the gateway (192.168.1.1), which is the
modem. Really simple.
There are a number of examples in the "route" manpage. I did some
reading in the O'Reilly "TCP/IP Network Administration" book before
cutting loose, but my copy is a quarter of a century old now. A quick
google of "linux static routing howto" showed a bunch of promising hits.
There's likely to be more current information in them. E.g. the "ip"
command seems to be popular this century, so let's try:
$ ip route
default via 192.168.1.1 dev eth0 proto static
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2
That doesn't look as familiar as the netstat report to these old eyes,
but it must be conceded that it is usefully informative and highly
readable.
A lot of reading, then some judicious fiddling, cannot fail to be
educational - and possibly successful, in the end. I think we'd enjoy
some questions along the way. You never know what cobwebs they could
dust off.
Help, will be GREATLY appeciated.
Trying to get new internet access for when the 2G network was gone has been
a real struggle. At this location only 2 options are availible, NBN satelite
and 4G mobile broadband, unfortunately there is little information anywhere
on how to configure either of them for linux. I tried satelite NBN but could
not get ANY kind of reliable connection. A 4G dongle will work on linux but
I could find NO config information at all and it appears plenty have tried
and failed. THe current solution has been adopted as it only means setting
up ethernet ports and doing bit of routing.
If there's no firewall functionality on the 4G modem, then you'll have
to climb the networking learning curve, and what's linux for, but for
having a fiddle - if you don't mind having to restore to base settings a
couple of times while figuring it out. (The "ip route restore" command
might be useful there.)
Erik
19 Aug
19 Aug
4:50 a.m.
On 18.08.2017 19:05, Erik Christiansen via luv-main wrote:
It is a long time since I mucked with static routing.
You can use the
route command to specify routes for subnets, subnet masks, and the IP
of
the gateway. You could use the two subnets you have; 192.168.0.0/24 and
92.168.1.0/24, one on each side of the firewall. In each case, the
subnet mask would be 255.255.255.0.
Looking at what I have on this host, talking directly to my modem, I
see:
$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window
irtt Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0
0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0
0 eth0
0.0.0.0 denotes the default route, so here anything not for the local
192.168.1.0/24 subnet goes to the gateway (192.168.1.1), which is the
modem. Really simple.
There are a number of examples in the "route" manpage. I did some
reading in the O'Reilly "TCP/IP Network Administration" book before
cutting loose, but my copy is a quarter of a century old now. A quick
google of "linux static routing howto" showed a bunch of promising
hits.
There's likely to be more current information in them. E.g. the "ip"
command seems to be popular this century, so let's try:
$ ip route
default via 192.168.1.1 dev eth0 proto static
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2
That doesn't look as familiar as the netstat report to these old eyes,
but it must be conceded that it is usefully informative and highly
readable.
A lot of reading, then some judicious fiddling, cannot fail to be
educational - and possibly successful, in the end. I think we'd enjoy
some questions along the way. You never know what cobwebs they could
dust off.
Thanks for your input its been most helpfull, a couple of comments, I
was a complex systems technician for almost 30 years, this has left me
with a strong distaste for unnecasary complexity, also personally i LIKE
to understand how everything I use works. On this problem as usuall, I
am selling my self short on my knowledge of Linux networking (Note 1), I
have actual done my own gateway machine with NAT and a firewall and
while the DLink will do everything you said, trying to get it to
replicate my gateway machine is not something I will find easy to do. I
do know though the Dlink can be set in "pass through" mode where it only
acts as a 4G reciever, connecting when the device is powered up, leaving
me the only thing is changing the routing in my gateway machine,
something that IS a WELL KNOWN (although not as yet by me) solution.
As I was a tech a very long time I have NO fear of learning anything
new................
I will put up what I have done to get it working in case it helps
someone else
Note 1: One will NEVER learn anything unless one is willing to listen.
Lindsay
Help, will be GREATLY appeciated.
Trying to get new internet access for when the 2G network was gone has
been
a real struggle. At this location only 2 options are availible, NBN
satelite
and 4G mobile broadband, unfortunately there is little information
anywhere
on how to configure either of them for linux. I tried satelite NBN but
could
not get ANY kind of reliable connection. A 4G dongle will work on
linux but
I could find NO config information at all and it appears plenty have
tried
and failed. THe current solution has been adopted as it only means
setting
up ethernet ports and doing bit of routing.
If there's no firewall functionality on the 4G modem, then you'll have
to climb the networking learning curve, and what's linux for, but for
having a fiddle - if you don't mind having to restore to base settings
a
couple of times while figuring it out. (The "ip route restore" command
might be useful there.)
Erik
7:23 p.m.
I am doing some testing on this set up and I am unable to talk to the
Dlink 4G router, IT is connected by a short cat5 cable to the eth0. This
port is setup with an address of 192.168.1.6 and is the default route
for the machine. Eth1 is connected to my switch connected to my other
machine, this port has an address of 192.168.1.1 (ie my gateway machine)
Both interfaces are up. THe IP address of the Dlink 4G router is
192.168.0.1, when I point a browser at this address (either Firefox of
links2) there is no response, ifconfig shows some data is excahanged
(around 200 bytes tranmsited and 50 received, so the connection appears
to work.
What am I doing wrong, everyone makes out it is simple to communicate
with these things. What config is required to talk to one of these self
contained routers connected to an ethernet port.
Lindsay
8:23 p.m.
On 19.08.17 19:23, Ray via luv-main wrote:
I am doing some testing on this set up and I am unable
to talk to the Dlink
4G router, IT is connected by a short cat5 cable to the eth0.
Of the firewall host mentioned upthread? (It is the only one described
as having two ethernet ports, IIRC.)
This port is setup with an address of 192.168.1.6 and
is the default
route for the machine.
Sounds like the firewall. We'll keep guessing on this track. But that IP
will only be seen by the modem (i.e. inward traffic), and the default
route is for outward traffic, i.e. all the world's IPs other than your
inboard subnet.
Eth1 is connected to my switch connected to my other
machine, this
port has an address of 192.168.1.1 (ie my gateway machine)
Now you have the 192.168.1.0/24 subnet on both sides of the firewall.
Can you please post e.g. the output of "netstat -rn", to show how you're
routing traffic through the firewall? (It can be split finer, but is
it?)
Both interfaces are up. THe IP address of the Dlink
4G router is
192.168.0.1, when I point a browser at this address (either Firefox of
links2) there is no response, ifconfig shows some data is excahanged
(around 200 bytes tranmsited and 50 received, so the connection
appears to work.
A forward route is only half the story. What do ping and traceroute
report? Here, my modem is on the same subnet:
$ ping router
PING router (192.168.1.1) 56(84) bytes of data.
64 bytes from router (192.168.1.1): icmp_req=1 ttl=64 time=0.599 ms
That tells me that there is a return path.
$ traceroute router
traceroute to router (192.168.1.1), 30 hops max, 60 byte packets
1 router (192.168.1.1) 0.548 ms 0.644 ms 0.836 ms
If I had a firewall in between, that'd tell me whether I'm reaching the
near port or the far one, IIRC.
What am I doing wrong, everyone makes out it is simple
to communicate
with these things.
It's not so simple that it can be done for the first time, without
looking. And it's only simple after you've cancelled out the false
assumptions, and done it right. E.g. a missing return route will stymie a
ping, despite the forward path being peachy.
What config is required to talk to one of these self
contained routers
connected to an ethernet port.
Is the assumption that the router can't reply supported by a failed ping
from the firewall host? If so, the long description above isn't part of
the problem. If the router isn't trusted, temporarily substitute another
host, using the same IP, and test your hops from both ends - as one
might test the links of a chain. Assumptions tend to fall like dandruff,
then.
Happy hunting. :-)
Erik
20 Aug
20 Aug
7:50 a.m.
On 19.08.2017 20:23, Erik Christiansen via luv-main wrote:
This test shows that there is only a connection in one direction, ie no
return path.
On 19.08.17 19:23, Ray via luv-main wrote:
Yes
I am doing some testing on this set up and I am
unable to talk to the
Dlink
4G router, IT is connected by a short cat5 cable to the eth0.
Of the firewall host mentioned upthread? (It is the only one described
as having two ethernet ports, IIRC.) This port is setup with an address of 192.168.1.6
and is the default
route for the machine.
Sounds like the firewall. We'll keep guessing on this track. But that
IP
will only be seen by the modem (i.e. inward traffic), and the default
route is for outward traffic, i.e. all the world's IPs other than your
inboard subnet.
Eth1 is connected to my switch connected to my
other machine, this
port has an address of 192.168.1.1 (ie my gateway machine)
Now you have the 192.168.1.0/24 subnet on both sides of the firewall.
Can you please post e.g. the output of "netstat -rn", to show how
you're
routing traffic through the firewall? (It can be split finer, but is
it?)
Both interfaces are up. THe IP address of the
Dlink 4G router is
192.168.0.1, when I point a browser at this address (either Firefox of
links2) there is no response, ifconfig shows some data is excahanged
(around 200 bytes tranmsited and 50 received, so the connection
appears to work.
A forward route is only half the story. What do ping and traceroute
report? Here, my modem is on the same subnet:
$ ping router
PING router (192.168.1.1) 56(84) bytes of data.
64 bytes from router (192.168.1.1): icmp_req=1 ttl=64 time=0.599 ms
That tells me that there is a return path.
$ traceroute router
traceroute to router (192.168.1.1), 30 hops max, 60 byte packets
1 router (192.168.1.1) 0.548 ms 0.644 ms 0.836 ms
If I had a firewall in between, that'd tell me whether I'm reaching the
near port or the far one, IIRC.
I do a bit of experimenting designing and building electronics, AM
recievers, both using valves and transistors (no IC's) servo circuits
etc, one thing this has shown me is do NOT assume ANY new components
actually meet there spec's, you have to test ALL components for there
spec's. Once I started to do this my success rate went way up, It
appears this needs to be treated the same. I will shift the machine to
one of my work benchs where I can get easy access to all parts, to allow
proper testing to be done.
A second point is I am going to have to find out (again!!, I have done
it once before, quite some time ago) the "nuts and bolts" or the
configuration of Debian's IFUPDOWN system. Sadly I have found Debian's
reference manual is not to clear on this. It does make a point that,
packages like the Network Manager should NOT be used for anything other
than a desk top system with a single connection and the IFUPDOWN system
to be used for anything complex.
Many hanks again for your help, I will let all know how I am getting on.
The situation is not critical as I do have internet access (from
WIndows) via an isolated machine dual booting Linux and Windows XP. Its
something of a pain to swap data via a USB thumb drive, but it DOES give
me access.
Lindsay
What am I doing wrong, everyone makes out it is
simple to communicate
with these things.
It's not so simple that it can be done for the first time, without
looking. And it's only simple after you've cancelled out the false
assumptions, and done it right. E.g. a missing return route will stymie
a
ping, despite the forward path being peachy.
What config is required to talk to one of these
self contained routers
connected to an ethernet port.
Is the assumption that the router can't reply supported by a failed
ping
from the firewall host? If so, the long description above isn't part of
the problem. If the router isn't trusted, temporarily substitute
another
host, using the same IP, and test your hops from both ends - as one
might test the links of a chain. Assumptions tend to fall like
dandruff,
then.
Happy hunting. :-)
Erik
10:05 a.m.
Hello Ray,
On 8/20/17, Ray via luv-main <luv-main(a)luv.asn.au> wrote:
To me, without actual hands on experience, but an interest in reading
around the matter that it is an issue of the routing and iptables
setup on the firewall, that it is currently set to drop all the
incoming packets (or almost all), even when they are replies to
outgoing packets. The firewall mostly needs to prevent incoming
connection initiation, but needs to let in the returns from outgoing
connection initiation.
Network Manager can do more complex things, but it is a pain. I too am
having troubles getting my head around it all. It is well written and
clear, once you know and understand the terminology and context.
Getting that step is the issue for me. Were I close enough for the
beginners workshops, I would pick up a lot quickly, trying on my own
with a lot else to do is another matter.
On 19.08.2017 20:23, Erik Christiansen via luv-main
wrote:
I think that the firewall machine may also fall into the category of a
bridge because it bridges two networks together. That may give you
some reference and a search term when looking to the configuration.
On 19.08.17 19:23, Ray via luv-main wrote:
Yes I am doing some testing on this set up and I am
unable to talk to the
Dlink
4G router, IT is connected by a short cat5 cable to the eth0.
Of the firewall host mentioned upthread? (It is the only one described
as having two ethernet ports, IIRC.) This port is
setup with an address of 192.168.1.6 and is the default
This test shows that there is only a connection in one direction, ie no
return path. route for the machine.
Sounds like the firewall. We'll keep guessing on this track. But that
IP
will only be seen by the modem (i.e. inward traffic), and the default
route is for outward traffic, i.e. all the world's IPs other than your
inboard subnet.
Eth1 is connected to my switch connected to my
other machine, this
port has an address of 192.168.1.1 (ie my gateway machine)
Now you have the 192.168.1.0/24 subnet on both sides of the firewall.
Can you please post e.g. the output of "netstat -rn", to show how
you're
routing traffic through the firewall? (It can be split finer, but is
it?)
Both interfaces are up. THe IP address of the
Dlink 4G router is
192.168.0.1, when I point a browser at this address (either Firefox of
links2) there is no response, ifconfig shows some data is excahanged
(around 200 bytes tranmsited and 50 received, so the connection
appears to work.
A forward route is only half the story. What do ping and traceroute
report? Here, my modem is on the same subnet:
> $ ping router
> PING router (192.168.1.1) 56(84) bytes of data.
> 64 bytes from router (192.168.1.1): icmp_req=1 ttl=64 time=0.599 ms
>
> That tells me that there is a return path.
>
> $ traceroute router
> traceroute to router (192.168.1.1), 30 hops max, 60 byte packets
> 1 router (192.168.1.1) 0.548 ms 0.644 ms 0.836 ms
>
> If I had a firewall in between, that'd tell me whether I'm reaching the
> near port or the far one, IIRC.
>
>> What am I doing wrong, everyone makes out it is simple to communicate
>> with these things.
>
> It's not so simple that it can be done for the first time, without
> looking. And it's only simple after you've cancelled out the false
> assumptions, and done it right. E.g. a missing return route will stymie
> a
> ping, despite the forward path being peachy.
>
>> What config is required to talk to one of these self contained routers
>> connected to an ethernet port.
These self contained routers and modems often have a web interface for
administration, commonly something like www://home or www://m.home the
latter being what is mine
Is the
assumption that the router can't reply supported by a failed
ping
from the firewall host? If so, the long description above isn't part of
the problem. If the router isn't trusted, temporarily substitute
another
host, using the same IP, and test your hops from both ends - as one
might test the links of a chain. Assumptions tend to fall like
dandruff,
then.
Happy hunting. :-)
Erik
I do a bit of experimenting designing and building electronics, AM
recievers, both using valves and transistors (no IC's) servo circuits
etc, one thing this has shown me is do NOT assume ANY new components
actually meet there spec's, you have to test ALL components for there
spec's. Once I started to do this my success rate went way up, It
appears this needs to be treated the same. I will shift the machine to
one of my work benchs where I can get easy access to all parts, to allow
proper testing to be done.
A second point is I am going to have to find out (again!!, I have done
it once before, quite some time ago) the "nuts and bolts" or the
configuration of Debian's IFUPDOWN system. Sadly I have found Debian's
reference manual is not to clear on this. It does make a point that,
packages like the Network Manager should NOT be used for anything other
than a desk top system with a single connection and the IFUPDOWN system
to be used for anything complex. Many hanks again for your help, I will let all know
how I am getting on.
The situation is not critical as I do have internet access (from
WIndows) via an isolated machine dual booting Linux and Windows XP. Its
something of a pain to swap data via a USB thumb drive, but it DOES give
me access.
I know and understand, these days I am running one PC which is Debian
GNU Linux only, although I do have a second available for some tasks,
it too is Linux, but an out of date Ubuntu. It does not have the RAM
or processor or HDD space for an upgrade, just use as it is, but not
networked.
Lindsay
Regards,
Mark Trickett
6:13 p.m.
On 20.08.17 07:50, Ray via luv-main wrote:
On 19.08.2017 20:23, Erik Christiansen via luv-main
wrote:
That's kinda what I expected. It is the likeliest omission when setting
bridging routes. If you can ping the inboard host and the router from
the firewall, then that confirms that the problem is entirely in the
routes you have(n't) set to bridge the two subnets.
Please feel free to post the output of "netstat -rn", or "ip route".
Its output might be preferable, as it's more descriptive:
$ ip route
default via 192.168.1.1 dev eth0 proto static
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2
You'll need to see a similar default route to the router, plus a similar
second route for traffic to the outboard subnet. That'll pass a ping
through the firewall to the router, but not back.
So you need a third path, to the inboard subnet. That must be on the
_other_port_ in your case. To allow a /24 netmask to discriminate
between inboard and outboard bound traffic you will need to move either
the router and eth0 to another subnet, e.g. 192.168.2.0, or do that for
your inboard hosts and eth1. Then the firewall has a way to tell which
packets should go to which port. (Your bridge will then have two ends.)
There is a fourth path needed - in the router. But if it returns pings
from the firewall, then that's already there.
Once that's all in place, a traceroute will show you the improvement.
It's all a lot easier the second time.
Erik
A forward route is only half the story. What do
ping and traceroute
report? Here, my modem is on the same subnet:
This test shows that there is only a connection in one direction, ie no
return path.
21 Aug
21 Aug
6:05 p.m.
As suggested by a number of readers, I have gone back to basics and
tried the "simple" approach. I connected the Dlink 4G router direct to
an ethernet port on one of my machines, I simply disconnected the exist
cat5 connector too my hub/switch and connected the Dlink. I tested the
port prior to doing this and it worked OK and I still cannot get it (the
Dlink) to work. ON switching on the device the Docs say the led that
indicates a correct working Lan connction should come on steady and it
does not, its flashing. If its cat5 cable is disconnected this led goes
out and on reconnection comes back flashing. Three different cables were
tried all behaved the same.
Its unlikley that the DLink is faulty (allthough it cannot be completely
ruled out), so for a "Simple" install there still must be some kind of
custom config required.
What actually is required for a simple direct on PC install, it appears
standard eth0 setup does not work. Unfortunately when I restored the sim
to my dongle and atarted windows I could NOT get an internet connection.
After transfering the sim I tried my spare dongle this behaved the same
way but worked correctly after it was "rebooted", what ever that does.
Note: powering everything down did no good. I may get a router that will
take dongles directly and see if a can get any more success.
I may say this is P.....g me off no end currently particularly this
comming directly after my main machines mother board failed.
Note: I spent 30 years as a complex systems technician and such problems
do not usually bother me but this is getting ....................... And
not having a decent working internet connection is NOT helping AT ALL
(as I cannot easily search for help).
Lindsay
6:29 p.m.
Hello Ray,
On 8/21/17, Ray via luv-main <luv-main(a)luv.asn.au> wrote:
As suggested by a number of readers, I have gone back
to basics and
tried the "simple" approach. I connected the Dlink 4G router direct to
an ethernet port on one of my machines, I simply disconnected the exist
cat5 connector too my hub/switch and connected the Dlink. I tested the
port prior to doing this and it worked OK and I still cannot get it (the
Dlink) to work. ON switching on the device the Docs say the led that
indicates a correct working Lan connction should come on steady and it
does not, its flashing. If its cat5 cable is disconnected this led goes
out and on reconnection comes back flashing. Three different cables were
tried all behaved the same.
Its unlikley that the DLink is faulty (allthough it cannot be completely
ruled out), so for a "Simple" install there still must be some kind of
custom config required.
From the foregoing, I would suspect the Dlink 4G
router. I would get
the supplier to demonstrate that it is working, going in to a
Telstra
shop or whomever the supplier is. That will establish a basic working
state from which to get it working the way you want. As to ethernet
cables, try a known straight through, and crossover cable. Both exist,
and they are different. Most modern equipment is supposed to autosene
and configure itself, but that too is a failure point.
What actually is required for a simple direct on PC
install, it appears
standard eth0 setup does not work. Unfortunately when I restored the sim
to my dongle and atarted windows I could NOT get an internet connection.
After transfering the sim I tried my spare dongle this behaved the same
way but worked correctly after it was "rebooted", what ever that does.
Note: powering everything down did no good. I may get a router that will
take dongles directly and see if a can get any more success.
The USB dongles are yet another can of worms, one that I do not wish
to chase down a rabbit hole.
I may say this is P.....g me off no end currently
particularly this
comming directly after my main machines mother board failed.
Note: I spent 30 years as a complex systems technician and such problems
do not usually bother me but this is getting ....................... And
not having a decent working internet connection is NOT helping AT ALL
(as I cannot easily search for help).
I have been having trouble getting photos off SD cards, I had a device
to plug them into, then a USB port. That died, and the replacement I
bought appeared to not work. Now it looks like the otherwise working
powered 7 port USB hub is flaky. I now have two ways to read the
cards, and a couple that do not work. Why? i would like to know, but
do not expect any answers.
Lindsay
Regards,
Mark Trickett
11:31 p.m.
On 21.08.2017 18:29, Mark Trickett via luv-main wrote:
Yes USB dongles can be a problem, but one can usually come up with some
kind
of solution. A problem I have found with mobile broadband is I have
found is that
some providers DO NOT like sims being swapped between devices, with a 4G
USB dongle
router, I can safely swap the dongle between a USB port on WIndows and
the router
on Linux and not have the service locked out.
Yes it can be a pain. I have 2 SD card readers, one is an external
reader, the other
occupies a 5 inch drive bay, I have never had any problems with either.
A significant
issue here is that USB while simple to use is VERY complex under the
hood and the
more complex something is the more problems one has in the end.
Lindsay
Hello Ray,
On 8/21/17, Ray via luv-main <luv-main(a)luv.asn.au> wrote:
I have tried both straight and crossover cables and yes the Dlink is
supposed to detect wha tthe cable is.
As suggested by a number of readers, I have gone
back to basics and
tried the "simple" approach. I connected the Dlink 4G router direct to
an ethernet port on one of my machines, I simply disconnected the
exist
cat5 connector too my hub/switch and connected the Dlink. I tested the
port prior to doing this and it worked OK and I still cannot get it
(the
Dlink) to work. ON switching on the device the Docs say the led that
indicates a correct working Lan connction should come on steady and it
does not, its flashing. If its cat5 cable is disconnected this led
goes
out and on reconnection comes back flashing. Three different cables
were
tried all behaved the same.
Its unlikley that the DLink is faulty (allthough it cannot be
completely
ruled out), so for a "Simple" install there still must be some kind of
custom config required.
From the foregoing, I would suspect the Dlink 4G router. I would get
the supplier to demonstrate that it is working, going in to a Telstra
shop or whomever the supplier is. That will establish a basic working
state from which to get it working the way you want. As to ethernet
cables, try a known straight through, and crossover cable. Both exist,
and they are different. Most modern equipment is supposed to autosene
and configure itself, but that too is a failure point.
What actually
is required for a simple direct on PC install, it
appears
standard eth0 setup does not work. Unfortunately when I restored the
sim
to my dongle and atarted windows I could NOT get an internet
connection.
After transfering the sim I tried my spare dongle this behaved the
same
way but worked correctly after it was "rebooted", what ever that does.
Note: powering everything down did no good. I may get a router that
will
take dongles directly and see if a can get any more success.
The USB dongles are yet another can of worms, one that I do not wish
to chase down a rabbit hole.
I may say this
is P.....g me off no end currently particularly this
comming directly after my main machines mother board failed.
Note: I spent 30 years as a complex systems technician and such
problems
do not usually bother me but this is getting .......................
And
not having a decent working internet connection is NOT helping AT ALL
(as I cannot easily search for help).
I have been having trouble getting photos off SD cards, I had a device
to plug them into, then a USB port. That died, and the replacement I
bought appeared to not work. Now it looks like the otherwise working
powered 7 port USB hub is flaky. I now have two ways to read the
cards, and a couple that do not work. Why? i would like to know, but
do not expect any answers. Lindsay
Regards,
Mark Trickett
_______________________________________________
luv-main mailing list
luv-main(a)luv.asn.au
https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main 
22 Aug
22 Aug
1:44 p.m.
Hi Lindsay,
I've re-read your original and drawn out what I think your set-up is (or
was). A couple of questions that may help formulate an answer.
What model is your D-Link 4G modem/router?
Which device is providing DHCP for you other devices?
Which device (presumably the D-Link) is providing a NAT service?
On 21 August 2017 at 23:31, Ray via luv-main <luv-main(a)luv.asn.au> wrote:
On 21.08.2017 18:29, Mark Trickett via luv-main
wrote:
Yes USB dongles can be a problem, but one can usually come up with some
kind
of solution. A problem I have found with mobile broadband is I have found
is that
some providers DO NOT like sims being swapped between devices, with a 4G
USB dongle
router, I can safely swap the dongle between a USB port on WIndows and the
router
on Linux and not have the service locked out.
I may say this is P.....g me off no end currently particularly this
Yes it can be a pain. I have 2 SD card readers, one is an external reader,
the other
occupies a 5 inch drive bay, I have never had any problems with either. A
significant
issue here is that USB while simple to use is VERY complex under the hood
and the
more complex something is the more problems one has in the end.
Lindsay
--
Colin Fee
tfeccles(a)gmail.com
Hello Ray,
On 8/21/17, Ray via luv-main <luv-main(a)luv.asn.au> wrote:
I have tried both straight and crossover cables and yes the Dlink is
supposed to detect wha tthe cable is.
What actually is required for a simple direct on PC install, it appears
As suggested by a number of readers, I have gone
back to basics and
tried the "simple" approach. I connected the Dlink 4G router direct to
an ethernet port on one of my machines, I simply disconnected the exist
cat5 connector too my hub/switch and connected the Dlink. I tested the
port prior to doing this and it worked OK and I still cannot get it (the
Dlink) to work. ON switching on the device the Docs say the led that
indicates a correct working Lan connction should come on steady and it
does not, its flashing. If its cat5 cable is disconnected this led goes
out and on reconnection comes back flashing. Three different cables were
tried all behaved the same.
Its unlikley that the DLink is faulty (allthough it cannot be completely
ruled out), so for a "Simple" install there still must be some kind of
custom config required.
From the foregoing, I would suspect the Dlink 4G router. I would get
the supplier to demonstrate that it is working, going in to a Telstra
shop or whomever the supplier is. That will establish a basic working
state from which to get it working the way you want. As to ethernet
cables, try a known straight through, and crossover cable. Both exist,
and they are different. Most modern equipment is supposed to autosene
and configure itself, but that too is a failure point.
standard
eth0 setup does not work. Unfortunately when I restored the sim
to my dongle and atarted windows I could NOT get an internet connection.
After transfering the sim I tried my spare dongle this behaved the same
way but worked correctly after it was "rebooted", what ever that does.
Note: powering everything down did no good. I may get a router that will
take dongles directly and see if a can get any more success.
The USB dongles are yet another can of worms, one that I do not wish
to chase down a rabbit hole.
comming
directly after my main machines mother board failed.
Note: I spent 30 years as a complex systems technician and such problems
do not usually bother me but this is getting ....................... And
not having a decent working internet connection is NOT helping AT ALL
(as I cannot easily search for help).
I have been having trouble getting photos off SD cards, I had a device
to plug them into, then a USB port. That died, and the replacement I
bought appeared to not work. Now it looks like the otherwise working
powered 7 port USB hub is flaky. I now have two ways to read the
cards, and a couple that do not work. Why? i would like to know, but
do not expect any answers.
Lindsay
Regards,
Mark Trickett
_______________________________________________
luv-main mailing list
luv-main(a)luv.asn.au
https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
_______________________________________________
luv-main mailing list
luv-main(a)luv.asn.au
https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
5:47 p.m.
On 22.08.2017 13:44, Colin Fee wrote:
Hi Lindsay,
I've re-read your original and drawn out what I think your set-up is
(or was). A couple of questions that may help formulate an answer.
What model is your D-Link 4G modem/router?
Dlink DWR-921
Which device is providing DHCP for you other devices?
The network has no DHCP service, each machine has the same hosts file
which has all
my machines in it. I did it this way as I general use only a single
machine, the network
providing a simple way to exchange data, so there is no machine that is
on all the time
any machine is running.
Which device (presumably the D-Link) is providing a
NAT service?
I have 5 machines all connected to a switch, one of these machines has
an external
connection, I have a firewall set upon this machine it as well provides
the NAT service.
I also have a caching name server (pdnsd) running, the resolv.conf of
all machines point
to this mmachine, pdnsd providing name service for anything not in the
hosts file.
What I would LIKE to do is replace the old 2G mobile external connection
via a
USB port with an 4G modem router confidured as straight through (Note:
this is
what a would LIKE, ie its not cast in stone) via a second ethernet port
(ie no
firewall or NAT, the Dlink can do this)
Sadly I have not been able to get any response at all from the DLink as
it
(apparently) indicates the LAN conncetion to my switch is not
functioning although
tests I have done indicate it should be OK.
Note: After yesterdays testing when my existing internet connection via
a
windows machine stopped working after swapping my sim between my USB 4G
modem
and the DLink and back I am getting some what "gun shy" of swapping the
sim
back and forth and I am considering getting a 4G router that uses a USB
4G modem
for 4G access. I HAVE had trouble in the past from swapping sims between
devices.
The mobile network apparently does NOT like you doing this, swapping the
usb modems
though is not an issue.
Note 2: I have ordered a router that uses a USB dongle for mobile
broadband access.
Lindsay
23 Aug
23 Aug
1:37 a.m.
Hi Lindsay,
This site might be worth looking at:
http://www.ofmodemsandmen.com/index.html
It doesn't list the Dlink that you have, but it might give you some
ideas and perhaps have you thinking about other equipment that might suit.
Cheers
AndrewM
2042
days inactive
2046
days old
20 comments
6 participants
participants (6)
-
Andrew McGlashan -
Colin Fee -
cory seligman -
Erik Christiansen -
Mark Trickett -
zlinew9@virginbroadband.com.au