GFRS: The previously mentioned machine in the basement acts as a Gateway to the internet, Firewall, Router, and Server, Let's call it GFRS. GFRS has a fixed IPv4 address of 66.92.74.188 on the internet through its DSL connection. It uses IPtables to forward (some) packets between the internet and the LAN home network, and to do Network Address Translation (NAT). On the LAN, GFRS has address 192.168.1.1.
I can sit in my chair and write, print, move files between computers for backup or sharing, search the web, and watch the mail come and go on GFRS. Life is good. My father would say: "if it ain't broke, don't fix it". So why?
My housemate has two laptops, both bought by and for work. The old one runs MS Windows 7 and has an ethernet socket. That works too. The new one runs Windows 10 and has a broken ethernet socket. I don't know if the problem is hardware or software. Windows doesn't say, it just says "No". The "IT support" at work thinks home networks are not their problem. The end result is that the new computer is useless.
I got an ASUS RT-N66 "Dark Knight" wireless router. You might wonder: Why did you get that router? No matter; any other would be much the same. I got a copy of its manual from the Asus web site.
It has a row of ethernet sockets, one of which is called the Wide Area Network (WAN) socket, the other four, physically identical, sockets are called Local Area Network (LAN) sockets. It has some antennas.
Here is a block diagram of it:It also has some dim blue lights and a tiny factory reset button (not shown).
The labels eth0 and br0 are the names of devices as displayed by arp -n. They stand for "ethernet" and "bridge". The bridge br0 consists of eth1, eth2, and vlan1. The CPU is a MIPS 74K V4.9. Both eth1 and eth2 are Broadcom BCM4331 802.11 Wireless Controller
It wants to be first and alone. The manual says to connect the WAN socket to your ISP and let the magic wizard figure out how to set it up. I want to connect it to the wired LAN I already have, making as few changes as possible to the part that works now.
The reset button on the ASUS sets the Login Name to "admin" and the IP address to 192.168.1.1. By (-:amazing coincidence:-), that IP address is already taken by GFRS, so I can't plug it into the network without breaking it. So I cut a short piece of cable, put some T568B (RJ-45) plugs on the ends, pulled the network connection out of my laptop and connected the one ethernet socket on it directly to one of the LAN sockets on the router.
When I typed address 192.168.1.1 into the browser on my laptop, I saw some web pages with interesting information and forms to fill out. There followed a few late nights of trying things, losing all connection, crawling around under the table moving cables from one socket to another, trying to decide if it was more troublesome to put the room lights bright so that I couldn't see the dim blue lights on the router, or put the room lights dim so that I couldn't see the tiny reset button.
Finally I got something that worked. The WAN socket and and one of the LAN sockets on the router are each connected to the nearest socket of the home network. I was very lucky to have stumbled across a working configuration rather early, because otherwise I would probably have given up. I was not satisified, but every change resulted in a confguration that did not work at all. Many times I had to start over, pushing factory reset and crawling around to move cables, before re-entering the configuration that I had written down and saved.
The configuration forms were filled out as follows:
Login: kwright Password: ???????? Administration>> System>> Enable Telnet: Yes Firewall>> Enable Firewall: No LAN IP to 192.168.1.20 netmask 255.255.255.128 Enable DHCP; DHCP range 192.168.1.32 to 192.168.1.39 Gateway 192.168.1.130 DNS svr 192.168.1.130 WAN static IP 192.168.1.200 mask 255.255.255.128 Enable WAN: Yes; Enable NAT: No; Enable UPnP: No; Gateway 192.168.1.130 DNS Server 1: 192.168.1.130Notice that the netmasks end in 128 instead of the more usual 0 or 255. This is equivalent to a CIDR /25 suffix. I have split my network in half. I also added the following to the setup script of GFRS:
# added 2020-11-25(Wed) -- KW PRIVATE_ISP="192.168.1.130" # LAN IP address for wireless gateway /sbin/ip addr add $PRIVATE_ISP dev ethlan
So I told the router that GFRS is the ISP. That is basically true, but I also told it that there are two networks: 192.168.0.0/25 and 192.168.128.0/25. That's not what I told the other computers years ago.
The addresses given out by DHCP are all in the range 192.168.1.32/29 in case I need to do something special in the future. I don't expect more that eight computers to be connected wirelessly at any one time.
"Enable telnet" (the first in the above configuration) is an interesting option. If I sit with my laptop connected as usual to the home ethernet, I can type:
kwright@fcs22$ telnet 192.168.1.20 Trying 192.168.1.20... Connected to 192.168.1.20. RT-N66R login: kwright Password: ???????? ASUSWRT RT-N66U_3.0.0.4 Wed Oct 2 22:38:55 UTC 2013 kwright@RT-N66R:/tmp/home/root# uname -a Linux RT-N66R 2.6.22.19 #1 Thu Oct 3 06:42:04 CST 2013 mips GNU/Linux
So the router runs Linux! I can reason with it. Things like route -n and arp -n work as expected. My housemate can connect to the wireless network with the new computer, and can see the WWWeb, get email, connect to the VPN at work, and generally act as a citizen of the 21st century.
So why am I not happy?
Mostly I am, I could leave well enough alone, but there are still the following problems and mysteries:
telnet or the administration
pages, but even the wireless network stops working.Well if I weren't so nosy I wouldn't know that. I could just pretend I don't know any shell commands.
There is this ominous comment on
https://en.wikipedia.org/wiki/Switching_loop
Two cables from the ASUS to the Hub look like a loop. The message does not say whether it is an IP or an ethernet packet that was received with own address. I think it might be sending packets to GFRS via the WAN socket, but getting replies via the LAN socket.
Maybe I should not have configured the router with two networks
when all the other computers were told there was one.
What should I do?
Here is a block diagram. The circles are ethernet hubs or switches, they all have more connections shown as "?"; "lan" is short for "192.168". The IP address of the wireless laptop is assigned by the ASUS router by DHCP, but since it is the only client, it always gets the same addess.
GFRS is explained at the top of this page.
The configuration forms are now filled out as follows:
LAN IP to 192.168.1.20 netmask 255.255.255.0
Enable DHCP; blank domain name
DHCP range 192.168.1.32 to 192.168.1.39
Gateway 192.168.2.1
Wireless: set both KDnet (2.4GHz) and KDnetf (5Gz) to WPA2-personal AES
"WPA Pre-Shared Key" means password
WAN static IP 192.168.2.20 mask 255.255.255.0
Enable WAN: Yes; Enable NAT: No; Enable UPnP: No
Gateway 192.168.2.1
DNS Server 1: 192.168.2.1
Firewall>>Respond ping from WAN: Yes; Enable Firewall: No
Guest net: KDguest; Password: ??????
Access Intranet: on -- this seems to be needed, perhaps because I have
-- it installed "backward" inter=intra
In addition the following commands are run by a shell script on GFRS.
# added 2020-12-11(Fri) -- KW # changed to /24 or /16 2020-12-16 -- KW PRIVATE_IP="192.168.1.1/24" # LAN IP address for firewall PRIVATE_ISP="192.168.2.1/24" # LAN IP address for wireless gateway PRIVATE_NET="192.168.0.0/16" # LAN network range iptables -I FORWARD -i ethlan -o ethlan -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT iptables -I FORWARD -i ethlan -o ethlan -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT /sbin/ip addr add $PRIVATE_IP dev ethlan /sbin/ip addr add $PRIVATE_ISP dev ethlan /sbin/ip route del default /sbin/ip route add 192.168.2.0\24 dev ethlan via 192.168.2.20 /sbin/ip route add default dev ethdsl via 66.92.74.1
The current configuration does not seem much different from the
first working configuration (above).
The messages
Dec 24 16:17:20 kernel: vlan1: received packet with own address as source address
Dec 24 17:12:10 kernel: vlan1: received packet with own address as source address
still show up, but I discovered that the ASUS router configuration
web page has a button labeled "System Log", which displays the messages
with a time stamp. They happen a few times per hour. There are so
many because they don't stop.
I now think that what is happening is that the ARP cache times out, the router sends a broadcast message on one network cable, which comes back on the other cable. It logs a complaint and discards the pointless broadcast from itself. That is inelegant, but not much of a problem.
I think I will call it good enough and leave it alone.
|
(checked 2023-04-09 ) |