how-to block ads
|
RJLadd
Premium
join:2009-04-17
Redmond, WA
|  reply to RJLadd
Re: Good experience with Syswan technical support
The product is a Syswan Duolinks SW24 Dual WAN router. What details do you want, the serial number? The paint color? The name of the person who assembled it?
I joined and posted last Friday. I started occasionally reading this site years ago, but this was the first time I had anything I to say. Today is Monday. How often do you expect anyone to visit this site? Once or twice a week isn't good enough?
Er...who is the shill? Or troll, perhaps? You want more details, ask for them instead of making negative assumptions.
The problem was that computers on the LAN would lose DNS access periodically. Sometimes addresses could be resolved for tens of minutes, sometimes for only a few minutes. The inability to resolve addresses would last anywhere from less than a minute to several (3 to 5) minutes, and then the cycle would repeat. It made no difference whether I configured the machines in the LAN to use DHCP or fixed IP and DNS server addresses. It made no difference whether I configured the modems or the router to use fixed IP and DNS server addresses or DHCP.
During those outages, I could usually use the router's diagnostic tools to ping out through the modems by IP address, but the router couldn't resolve names, either.
The modem manufacturer was completely uninterested; they insisted that it was up to my ISP(s) to provide support. One of the ISPs was not interested in supporting anything other than a "normal" configuration, i.e., a modem with nothing between it and the rest of the LAN, or at least nothing smarter than a switch. The other ISP was willing to help, but couldn't figure it out, either.
Over the weekend I found a workaround. The modems were in bridge mode, but they were still providing NAT and IP filtering. The IP filter rules were simple enough, and looked ok: allow all outgoing, deny all incoming but with stateful inspection, and I added exceptions allowing DNS and some ICMP. For some reason the modem company had a lot of redundant rules, but they looked unnecessary, not wrong.
For some reason, turning off all of the modem's IP filtering of incoming packets from it's WAN port eliminated the problem. No obvious reason why that would work, but it does, and I haven't yet had time to investigate it more completely.
I discovered a couple of very odd behaviors in the modem's configuration manager, like requiring one setting to be saved before changing an unrelated setting. These weren't mentioned in the modem's documentation, but they were mentioned on the modem manufacturer's website if you looked for them just right.
Syslog and a net sniffer both suggest that the modems act oddly in some cases, such as responding to an ICMP Echo Request by sending back an Echo Request instead of an Echo Reply, which was causing the router's heartbeat to take that port down for a while (the router thinks its an attack). Turning off the router's hearbeat increased the average between DNS outages, but didn't entirely solve the problem.
My current guess is that the modem's firmware cuts a lot of corners, and is not standards compliant. The modems are behaving in ways that the router is not expecting, and the router is more picky about those behaviors than the average desktop computer is.
Although the Syswan router appears to be working correctly, anyone who is not familiar with network protocols and doesn't have a standalone net sniffer may not be able to get this setup to work, at least not using the modem's default settings.
And no, I'm not going to name the modem manufacturer, since the point of my original email is to comment on Syswan's technical support, not to provide a dual-WAN HOWTO. But if anyone runs into similar sounding problems, they can post them here and I might be able to make some suggestions. | |
broccoli
join:2007-11-29
Portland, OR
| No, I am not trolling. What do you see in the thread you referred to in your first post? An enthusiastic vendor rep plus a few anonymous users that have nothing but praises for the company or its products. Since then this board has seen a few similar posts (that are no longer viewable) about the same company. Given all that, it's just too easy to jump to conclusions.
As far as I can tell, this company, along with many others (such as this and this), sell the same generic hardware with branded/customized firmware. It's all about the firmware.
The problems you are experiencing are serious and are not what I would expect in a $200 router. Unfortunately the firmware releases posted on the company's website are all version 1 and almost a year old. I known I would be at least mildly upset if the only positive experience with a vendor is the tech support department.
During your DNS outages, you might want to check to see if it's really just DNS problems as opposed to a total routing failure. Can you still reach external sites by IP addresses when that happens? Also I have seen cases where multi-WAN routers could send DNS requests to the wrong ISP's nameserver/wrong WAN port, and the workaround is to use third-party DNS servers that are not ISP specific.
I wish you good luck in your troubleshooting, and keep us posted on your findings. | |
-
|
