Re: DS10 on a NETGEAR DHCP Router

From: John E. Malmberg (wb8tyw_at_qsl.network)
Date: 12/18/04 

Date: Fri, 17 Dec 2004 23:50:20 -0500

Beach Runner wrote:
> My cable company makes us rent their routers. They also lock us out of
> them.

Your posting I.P. address indicates that you are using RR.COM, and I
have never heard of that restriction with them. Unless something has
changed, RR.COM has some of the least restrictions as compared to other
broadband suppliers.

My broadband provider probably would prefer that I rent a router
equivalent to that retails for less than $50 for an extra $5 to $10 a
month, but they do not require it. Even more so, it looks like they
would prefer that I pay for an I.P. address and cable modem connection
for each computer in my house.

They have put some language on one of their web sites at times saying
that "routers" are prohibited, but on the "official" terms of service
they are allowed, just "unsupported".

I would recommend looking over the terms of service agreement again. It
is likely that they will only "support" and "service" a router that they
provide, and then only with a limited number of operating systems.

I would also recommend looking at the official documents as I have found
that many of the broadband ISP employees that I have had to work with
are not aware of their contents. Your ISP should have them available
for your inspection at one of their web sites.

But they should not have any prohibition from of a hardware device that
is essentially required to keep some non-VMS operating systems from
becoming compromised.

For connection to an ISP, you usually need a sacrificial PC running an
operating system that the ISP support in order to troubleshoot such
problems.

I have had a firewall/router fail on me, so it does happen.

> It is a Netgear 802.11 router.

The Netgear should have a status page that you can get to with a web
browser.

802.11 is a wireless protocol, it has nothing to do with a wired connection.

Of course, as I am not up to date with all the products that Netgear
makes, they could have used it as a model number of a unit that could do
wireless.

> I can't get dhcp to work on my alpha with it.
> I've tried 100, full duplex
> and twisted pair. It never returns.
> I've tried a fixed tcpip address. Doesn't return.
>
> What am I missing?

I do not know. Unless you can get access to the status page or the
router, or have some way to capture and interpret the data packets it is
hard to troubleshoot these issues.

I would recommend going to the NETGEAR web site. It is
http://www.netgear.com . There you can probably find out information
about your specific router.

In general (and does not seem specific to NetGear.)

Most new routers and many other network devices come with a default I.P.
address that you must connect to with a web browser to configure them.

And so far, all the routers that I have seen (only two) have the DHCP
server by default disabled.

So to configure the firewall and enable the DHCP server, you must
configure the system with the web browser with a fixed address in the
same subnet as the firewall router's default address.

The non-routable I.P. address of 192.168.0.1 seems to be popular and has
been used as a default I.P. address of the two firewall routers that I
have had.

Assuming that the firewall router was at 192.168.0.1, you would
temporarily set the system that you would run the web browser on to
192.168.0.2.

So the first things that you do with a new device is change the access
passwords and move the I.P. address to something else, like 192.168.0.100.

The access passwords need to be changed to prevent exploits, including a
"backchannel" exploit, which I do not want to explain here. Verify that
there is not a separate remote access password than the local ones. The
crackers out there know all the default remote access passwords. And
some of them know how to try a backchannel exploit.

The I.P. address needs to be moved because if you acquire certain other
types of network devices, you will otherwise have to set up a private
LAN network to configure them, because you can not have two devices with
192.168.0.1 on the same network.

You can use the 192.168.0.1 through .255 as you wish on the router side.
  If you want to use other I.P. addresses, you need to look up what the
other non-routable I.P. addresses ranges are. At this time of night, I
can only remember the 10.*.*.* range.

Then use the CLONE MAC or CLONE hardware address to make the Router
present the same I.P. address as the sacrificial PC.

This is for two reasons:

1. It allows you to switch between the Router and the PC with out
powering off the Cable Modem, which speeds up troubleshooting.

2. Some cable companies lock down the cable modem to the first MAC
address that it sees. And changing that MAC address for a new computer
requires you to reach a technical support person to do that. And it can
be the case that some of an ISP's network will just accept a new MAC
address with power cycling the cable modem, other sections will not.

With this, the less that you need to deal with the ISP's support people,
the better. If you look at your contract, the only thing that they care
about is if it works with your sacrificial PC.

You can then enable the DHCP server in the firewall modem, and use it.
The DHCP server provides the clients with the ISP assigned subnet name,
and the ISP assigned name server addresses.

At my ISP, these things have only changed twice in four years. So I
just used fixed assignments, and have set up my DS-10 as a local caching
DNS server.

When I notice that some sites, especially such as DYNDNS.ORG domains
become inaccessible, but others that I visit are inaccessible, then I
can then check to see if I need to update the information in the DNS.

I am currently running a NETGEAR FR114P between my DS-10 and my ISP.
The LPR implementation is not compatible with TCP/IP services
implementation. It will transfer the file to the printer and then halt
on error, so do not expect that feature to work. From what I can find
on the web, the FR114P is the only print server that NETGEAR makes that
does not support the RAW mode, which is what OpenVMS prefers.

-John
wb8tyw@qsl.network
Personal Opinion Only

Relevant Pages

  • Re: SBS 2003 Misconfigured?
    ... I've thrown quite a bit at them, and just have to disagree that they are inherently less secure than the netgear. ... setup DHCP and I have also gone in and manually created a new scope ... when I first used the Netgear router with SBS 2003, ... than one SBS server in a company makes no sense. ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 Misconfigured?
    ... Yeah, maybe it's not that different from the Netgear, for all that. ... that when I first used the Netgear router with SBS 2003, ... tech spend 4+ hours on my system, and then tell me to enable DHCP ... more than one SBS server in a company makes no sense. ...
    (microsoft.public.windows.server.sbs)
  • Re: Advice needed - running Exchange
    ... the router to your nic ... You'll need to have your ISP create two additional DNS records for your ... delivery is set to the Exchange mailbox, ... I currently only have one NIC in my SBS server ...
    (microsoft.public.windows.server.sbs)
  • Re: Simple Question About NAT Routers
    ... >> is) but I cannot ping myself? ... >> the ISP service. ... You may need to register your new Netgear ... >> NETGEAR router? ...
    (comp.os.linux.networking)
  • Re: network topology
    ... I called my ISP, went through a few tests, repowered the modem, hubs and ... There is nothing but a hub between the server and the ISP's cable ... All computers on the wireless router network are working fine ... I changed IP to .225 on SBS and still no result. ...
    (microsoft.public.windows.server.sbs)
Loading