dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2344
PJL
join:2008-07-24
Long Beach, CA

PJL to rchandra

Member

to rchandra

Re: New Router

said by rchandra:

Now you see some of the strangeness of IE.

As I replied to fishacura, IE's method is more secure than some other browsers that still allows a user to go to an IP address versus a typical URL domain.

rchandra
Stargate Universe fan
Premium Member
join:2000-11-09
14225-2105

rchandra

Premium Member

Yeah, I will give you that. IE keeps the user constrained when close to all the time they should not be visiting sites with bad certs.
fishacura
join:2008-01-25
Phoenixville, PA

fishacura

Member

But it happens in Chrome too I just didn't post that one because the error was less descriptive. Maybe I'm SOL on this one.

rchandra
Stargate Universe fan
Premium Member
join:2000-11-09
14225-2105
ARRIS ONT1000GJ4
EnGenius EAP1250

rchandra

Premium Member

so hold on here a sec...what you're getting is complaints about certs. Maybe I made an incorrect assumption in that the firmware you're trying to access redirected you from HTTP to HTTPS. If that's not the case, taking the "s" off of "https:" might help; if indeed that's what it does, it'll just redirect you back to https like I guessed. I see ":8080" in there for using an alternate port number. If you're being redirected so that you must use HTTPS, maybe the redirect isn't smart enough to use a different port number. It's typical for the alternate port number for HTTPS to be 8443 (basically, these alternate port numbers are 8000 + the original port). So I wonder if you also tried »192.168.1.254:8443/
fishacura
join:2008-01-25
Phoenixville, PA

fishacura

Member

I will try these suggestions. I am typing the URL in exactly as it appears on the earlier attached screen shot from the routers remote access settings page. 8080 is simply the port # I chose (can be any 4 digit number between whatever the range is they state on that screen). I may also change a security setting and try it. NOt the end of the world, just frustrated it will not work...it's like a puzzle now more than anything else becuase by all accounts it should work fine. Is there any kind of "pass through" setting on the actiontec I need to tweak??? Only asking because the connection is through that router before getting to the netgear.
fishacura

fishacura

Member

I did notice on one of the Actiontec screens (one of the port forwarding screens) it has 8080 as one of the options so maybe just picking a different random number will work??? Security changes made no difference...still doesn't like it.

Thinkdiff
MVM,
join:2001-08-07
Bronx, NY

Thinkdiff

MVM,

Everything is working if you can reach those "pages". There aren't any settings on the Actiontec that need to be changed. It's your browser / security settings.

You could try changing the remote management port, but shouldn't make a difference.
fishacura
join:2008-01-25
Phoenixville, PA

fishacura

Member

Yes changed it to 1024 and no different. Typed "1025" too and doesn't find anything at all so the fact that I'm getting that security page with "1024" tells me it is finding the router. I changed the security settings, played around with the browser proxy settings, etc. Nothing. Pretty much going to call it a day. Will bother me for awhile but I'll get over it

Of course I went into the "netgear" genie software and it did say something about "IPV6" and perhaps that causing me not to be able to connect. I'll research that next. So much for the fleeting thought of quitting.
fishacura

fishacura

Member

EUREKA! I have found it!!!

OK...just downloaded a firmware upgrade, rebooted the router, and it works. Not sure why/how but it works!!! THANK YOU ALL!!!
gadgetboyj
Premium Member
join:2009-08-25
Staten Island, NY

gadgetboyj

Premium Member

They must have replaced the certificate hosted on the webserver within the router for the login interface with a new, valid one. Glad you've got everything working now!
fishacura
join:2008-01-25
Phoenixville, PA

1 edit

fishacura

Member

Well yes and no After all that...after ALL the success...here's what I found.

The blocking that's happeneing through DNS is happening because the ROUTER itself has a DNS setting...but it's still not reading the network DNS settings.

In other words, on openDNS it allows you to lock the router itself down via a wizard of some sort. But I also paid for a DNS account to lock the specific network down too. When I turn off the router settings to use the better, more customizable account settings, nothing works. Even though I have the DNS servers set up correctly on the netgear it's not working. It's either the openDNS router part of the account or nothing.

Been searching a lot and it looks as if it may simply not be possible to do behind the VZ router. Will post if I find anything else out. It's fine...it's pretty much working...but again I just don't understand why it wouldn't work with just the network settings (unless the network IP I used was somehow for the VZ router and not the netgear Router....but the web site only auto picked up one 108.16.35.210 there's no option for another anyway.

rchandra
Stargate Universe fan
Premium Member
join:2000-11-09
14225-2105
ARRIS ONT1000GJ4
EnGenius EAP1250

1 edit

1 recommendation

rchandra

Premium Member

I am doubtful it can be done behind any (NAT) router. There is nothing in the base DNS protocol which will identify a client, so OpenDNS likely does its identification work using the publicly routable IP address. The only way I know of to identify a client (which your router would be) in the DNS protocol itself would be the DNSSEC extensions, specifically TSIGs (transaction signatures).

Maybe all you need is a reversal of your LAN roles. The controlled LAN will be the Internet-facing router (the Actiontec), and the unrestricted LAN will be behind the Netgear. The only way this would not work is if the Internet-facing router denies usage of arbitrary name resolvers (either drops packets for UDP port 53, or NATs them to its own caching resolver). So you could potentially set up your Netgear with resolvers of your choice and have their queries passed on/NATted by the Actiontec. It would also be possible to put your Netgear as the "DMZ" address.

A more complicated solution would be to employ IPv6, which (for the most part) does not use NAT. So therefore individual routers, each with their own globally routed addresses, would have independent, individually identifiable recursive resolvers. OpenDNS supports IPv6 (resolvers at 2620:0:ccc::2 and 2620:0:ccd::2); however, I'm not sure whether individualized resolution happens via these addresses. Another complication is Verizon does not (yet) provide native IPv6 addressing, so tunnelling would be required. AFAIK, the Actiontec supports (native) IPv6, but not tunnelling. SixXS tunnels supposedly work through NAT (I believe they use UDP, much like NATT IPsec), but I do not have experience with them. I personally prefer Hurricane Electric, but their tunnels are only 6in4 (IP protocol number 41). At least my Rev.I supports forwarding arbitrary protocols, so if your Netgear supports 6in4 tunnels, it's possible to forward all protocol 41 traffic very much like you would forward TCP or UDP.

OK, probably TMI, but I thought I'd at least propose something from what I know.
fishacura
join:2008-01-25
Phoenixville, PA

fishacura

Member

Thanks! I may tinker with it over the coming weeks but have a workable solution for the time being thanks to many of you!

Thinkdiff
MVM,
join:2001-08-07
Bronx, NY

Thinkdiff to rchandra

MVM,

to rchandra
There's no reason the 2nd router behind the Actiontec router should not work. I've never used OpenDNS, but a DNS request coming from the Netgear router right now would look exactly the same as if the Netgear router was primary. This is not a NAT problem.

When you activate the network-level controls through OpenDNS you should be using your public IP address, but nothing else has to change on your Netgear router. The settings you're using right now stay the same. When you say nothing works, what do you mean exactly? What kind of problems do you have on the Netgear network?

rchandra
Stargate Universe fan
Premium Member
join:2000-11-09
14225-2105
ARRIS ONT1000GJ4
EnGenius EAP1250

rchandra

Premium Member

Oh, right...true. My bad. There would be no way to distinguish them if the Internet-facing router were also set to use the OpenDNS servers for recursive resolution.

The only difference in that case would be the source port number, one would have to be NAPTted (from the Netgear), and the other chosen by the Actiontec (like it normally does for recursive resolution).

eival
join:2008-07-09
Richland, WA

eival to fishacura

Member

to fishacura
get a DD-WRT compatible router, you can look through their database to see which ones do, id recommend the ASUS RTACxxU series which has a line of factory supported ones (just google Asus DDWRT and you'll find their page) and depending on if WIFI is important you can get a high end fully featured one for 60$ (AC52U) at amazon or spend an extra 30 for the AC56U which has double the ram and cpu speed and is the same amount as all other more expensive versions (again, only difference being the WIFI technology) will be more than enough to run your network for the foreseeable future which includes everything verizons 200$ fancy "Quantum" routers do

if you go with another brand just make sure it has atleast 100MB memory since looking at my new install on the 56U, its idling at just under 60MB for the DDWRT firmware and settings (full version) but since i have 250MB thats nothing to concern about but if you get a router that just barely supports it, then you could run into bottlenecking issues, since bandwidth/connections/ports are what eat up most of that.

so even the 52U at 128MB would be efficient, but again, this on a completely wired network, how ever im sure since you already need the fios router you could repeat the signals and not see any issues either way.

one final note, the ASUS line has a default fairly nice easy to use set of options (especially compared to the verbiage of the fios Actiontec) DDWRT will give you every option you could ever need and actually use verbiage that makes sense (take a look at the Actiontec's QoS page for a perfect example of non-user friendly verbiage)