dslreports logo
 
    All Forums Hot Topics Gallery
spc

spacer

Search Topic:
uniqs
20
share rss forum feed


clarknova

join:2010-02-23
Grande Prairie, AB
kudos:7
Reviews:
·TekSavvy DSL
reply to aefstoggaflm

Re: Access to modem combo while in bridge mode

said by aefstoggaflm:

Why do most modems make poor routers? What is wrong with these companies / developers?

Apparently somebody did the research and the math and decided that the extra returns didn't warrant putting more effort into improving the stability or performance of the firmware. They get paid when people buy their product, not necessarily when their product achieves long uptimes or handles more concurrent connections.

#2 So, following »AT&T Southeast Forum FAQ »How do I enable IP Passthrough on a Motorola 2210? would be a not a good idea, If an user has that kind of modem combo, they should put into ( for example as recommended in »AT&T Southeast Forum FAQ » How do I setup a Motorola 2210 modem with a generic third-party router? ) bridge mode.

I've never looked at that particular modem, but a brief read of those two articles suggests to me that "IP Passthrough", mentioned in the former, is just bridge mode for a single PC or host, so if that's the case then I don't see a problem with it if that's the only host (your router) that you have connected directly to the modem.

Quick quote from »Linksys FAQ »How do I access a modem that is connected to the WAN port of a Linksys Router?

quote:
For security precautions, unbind File and Print Sharing and the Client for Microsoft Networks from the second NIC.

If someone does not unbind File and Print Sharing and the Client for Microsoft Networks from the NIC that want to connect to the hub/switch, yes that is unsecure / bad idea.

Is there any other reason besides File and Print Sharing and the Client for Microsoft Networks not being unbinded as directed, why that is unsecure / bad idea?

That article describes a method for connecting a PC directly to the modem, bypassing the router. Despite the fact that the PC has a private static IP address, it is still on the same layer 2 network as all your neighbours, which is why the author tells you to disable some insecure services. Are you sure that your PC has no other services listening on any ports? If that PC is running Windows then your answer is probably "no", and the PC is therefore sitting on the internet waiting for somebody or something to invade it, and now it has full access to your private LAN, thanks to the PC bypassing the router/firewall.

Interesting. Please tell me more about that.

See first screenshot.

#1 While us (power users) can load third party firmware, most other users - nah.

I'll give you that. I thought this thread was for you. I sell routers all the time, and I preload and preconfigure the firmware as often as possible.

#2 Not all routers support third party firmware.

Not worth owning, in my opinion

#3 Voids the warrenty of the router.

If you can flash the factory firmware back on before shipping then it's not a problem. I've done that.

I know that DD-WRT has support for IPv6, but does it have support for IPv6 via GUI?

Couldn't tell you. I'm happy with Tomato.

I heard/read/saw a screen shot - that the tomato beta firmware has a GUI for configuring IPv6.

See second screenshot. Both of these are from Shibby's build, for which I provided the link above.
--
db


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:8
Reviews:
·PenTeleData
·Verizon Online DSL

4 edits
said by clarknova:

That article describes a method for connecting a PC directly to the modem, bypassing the router. Despite the fact that the PC has a private static IP address, it is still on the same layer 2 network as all your neighbours, which is why the author tells you to disable some insecure services. Are you sure that your PC has no other services listening on any ports? If that PC is running Windows then your answer is probably "no", and the PC is therefore sitting on the internet waiting for somebody or something to invade it, and now it has full access to your private LAN, thanks to the PC bypassing the router/firewall.

What if the computer does have at least two NICs and it connected to the hub/switch that is connected between the modem combo and the router - And for security precautions, not only would they unbind File and Print Sharing and the Client for Microsoft Networks from that NIC, they would also make sure that computer is used for nothing else other than for

Quote from »Linksys FAQ »How do I access a modem that is connected to the WAN port of a Linksys Router?

quote:
The Spare PC would have the ability to access the modem and capture packets between the modem and router at anytime.

?

[EDIT] Looks like I answered my own question...

said by clarknova:

See second screenshot. Both of these are from Shibby's build, for which I provided the link above.

Ok, interesting screens there.

#1 What are these firmware:

a) AIO.bin one

b) Big-VPN.bin one

c) BT-VPN.bin one

d) BTgui.bin one

e) Mega-VPN.bin one

??

#2 That is in English?

The reason I ask, because from »tomato.groov.pl/index.php?dir=K2 ··· %2FE4200 I click on the back button two times and I see the page at »tomato.groov.pl/index.php?dir=K2 ··· =K26RT-N

One of the directories has the letters EN in it, to me that sounds like the English Version.

Thanks.
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


clarknova

join:2010-02-23
Grande Prairie, AB
kudos:7
Reviews:
·TekSavvy DSL
said by aefstoggaflm:

#2 That is in English?

The reason I ask, because from »tomato.groov.pl/index.php?dir=K2 ··· %2FE4200 I click on the back button two times and I see the page at »tomato.groov.pl/index.php?dir=K2 ··· =K26RT-N

If the firmware image doesn't have a language designation (EN, PL, ML), then I believe it will be English.

What hardware are you planning on installing this on again? You'll want something from the K24, K26, or K26RT-N directories, depending on the hardware, and then most likely the highest numbered build.
--
db


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:8
Reviews:
·PenTeleData
·Verizon Online DSL
said by clarknova:

said by aefstoggaflm:

#2 That is in English?

The reason I ask, because from »tomato.groov.pl/index.php?dir=K2 ··· %2FE4200 I click on the back button two times and I see the page at »tomato.groov.pl/index.php?dir=K2 ··· =K26RT-N

If the firmware image doesn't have a language designation (EN, PL, ML), then I believe it will be English.

Ok, thanks.

said by clarknova:

What hardware are you planning on installing this on again? You'll want something from the K24, K26, or K26RT-N directories, depending on the hardware, and then most likely the highest numbered build.

Linksys E4200 hardware version 1.
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


clarknova

join:2010-02-23
Grande Prairie, AB
kudos:7
For that router you can use any of those listed in the directory I linked to above. They differ only by included features, but all should have dual-band support and the modem access entry.
--
db


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:8
Reviews:
·PenTeleData
·Verizon Online DSL
said by clarknova:

They differ only by included features

What included features are different?

Thanks.
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:8
Reviews:
·PenTeleData
·Verizon Online DSL
reply to clarknova
Click for full size
said by clarknova:

See first screenshot.

I only see that option if I set it to DHCP OR PPPoE. Both of which, I am not on - I am on Static IP.

I got the tomato-E4200USB-NVRAM60K-1.28.RT-N5x-MIPSR2-083V-AIO.bin one. As you suggested I got it from »tomato.groov.pl/index.php?dir=K2 ··· %2FE4200

Thanks.
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


wayjac
Premium,MVM
join:2001-12-22
Indy
Can you post pictures of that linksys page while it's set to dhcp and pppoe


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:8
Reviews:
·PenTeleData
·Verizon Online DSL
Click for full size
DHCP
Click for full size
PPPoE
said by wayjac:

Can you post pictures of that linksys page while it's set to dhcp and pppoe

I don't know why, but yes sure..
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


clarknova

join:2010-02-23
Grande Prairie, AB
kudos:7
Reviews:
·TekSavvy DSL

1 recommendation

reply to aefstoggaflm
said by aefstoggaflm:

I only see that option if I set it to DHCP OR PPPoE. Both of which, I am not on - I am on Static IP.

Well that is puzzling and unexpected. I don't see any reason why that shouldn't be an option with static IP, unless it's just an oversight. I recommend posing the question on the Tomato forum over at linksysinfo.org, where shibby seems to hang out most.
--
db


wayjac
Premium,MVM
join:2001-12-22
Indy

1 recommendation

reply to aefstoggaflm
I just wanted to see the pages....thanks for posting them

Before the route modem ip option was added to the gui a couple commands could be added to the firewall to allow access to a bridged modem

ip addr add 192.168.1.253/24 dev $(nvram get wan_ifname) brd +
iptables -I POSTROUTING -t nat -o $(nvram get wan_ifname) -d 192.168.1.0/24 -j MASQUERADE


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:8
Reviews:
·PenTeleData
·Verizon Online DSL
reply to clarknova
said by clarknova:

said by aefstoggaflm:

I only see that option if I set it to DHCP OR PPPoE. Both of which, I am not on - I am on Static IP.

Well that is puzzling and unexpected. I don't see any reason why that shouldn't be an option with static IP, unless it's just an oversight.

Seems to be an oversight.

said by clarknova:

I recommend posing the question on the Tomato forum over at linksysinfo.org, where shibby seems to hang out most.

Anyone else having trouble starting threads over there?

See screen shot(s)





--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


clarknova

join:2010-02-23
Grande Prairie, AB
kudos:7
Are you logged in to linksysinfo.org when trying to create a new thread?
--
db


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:8
Reviews:
·PenTeleData
·Verizon Online DSL
said by clarknova:

Are you logged in to linksysinfo.org when trying to create a new thread?

Yes, I was..
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:8
Reviews:
·PenTeleData
·Verizon Online DSL

1 edit
said by aefstoggaflm:

said by clarknova:

Are you logged in to linksysinfo.org when trying to create a new thread?

Yes, I was..

Also, today I tried Firefox's "safe mode"

Still, same thing.

[EDIT] I tried using SeaMonkey and it worked. Posted thread »www.linksysinfo.org/index.php?th ··· n.36651/
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.