A multifunction Ethernet network appliance? ^_^
A multifunction Ethernet network appliance? ^_^
Perhaps for small networks it's trivial. This was a series of four medical offices which merged. I was part of the effort to standardize the apps and network. Including remote users and VPN users, there were about 200 machines, which was barely enough to be accommodated by a single Class C IP block. Instead, we renumbered the networks of each remote office to avoid duplication problems. It was not particularly complicated, but it was time consuming and required a rehearsal.
For a typical home user, this problem is not even an issue. The IT department of wherever they're trying to VPN to takes care of the issues. In most cases, they simply force ALL traffic from the connecting client machine to go through the tunnel. The disconnects the user from his own LAN, and forces plenty of wasted traffic going through the VPN, but is the safest and most secure method. One could even have duplicated gateway IP's and it would still work. Too bad local network printers won't print, but there are workarounds (i.e. USB printing).
Sure. Let's try a bit of math. I have about 15 customer sites that run a VPN of some manner. Each site consumes about 10 static IP's, 10 dynamic IP's, and needs a VPN IP pool of perhaps 20 IP's. That's 40 IP's per site. If all these sites subscribed to the consumer brand of VPN router, which defaults to 192.168.1.xxx, I would need 15*40=600 unique IP addresses to avoid duplication. Obviously, this is not going to fit in a single Class C IP block, which allows only 256 addresses. I can widen the netmask to perhaps /22 for 1024 addresses, but many cheap routers don't work well with more that 256 IP's. Obviously, not all 15 customer sites need a tunnel between them, so this estimate is worst case. Still, it does illustrate why I have a simple rule for assigning IP blocks for remote sites with VPN's. I pick a random IP block starting with 192.168.[3-254].xxx. I avoid building networks using 192.168.[0-2].xxx as these are where the typical home routers are located.
Incidentally, since I started doing this perhaps 10 years ago, I haven't had many address conflict problems. I've also fixed a few small networks that were having weird call in problems by renumbering the office LAN so that the home users can use whatever IP block their router manufacturer finds fashionable.
Agreed. I think I stated that when I mentioned the problem of duplicated gateway (default route) IP addresses.
Of course. Many times with many variations on weirdness and failure depending on flavor (PPTP or IPSec), hardware, firmware, client software, and versions. I have the resources, but I'm lazy/busy and don't want to do anything more while waiting the worlds slowest backup to finish (USB 1.1).
This is interesting but I think we're way off the original question and subject, whatever they might be.
I thought the discussion involved dueling routers. ^_^
Egads. Y'er right. However, that's all wrong as the photo on the same page only shows the back of the 4100/4200 with a single ethernet port.
What? Me confused? I never said that a switch was required. I merely stated that the 4100/4200 does NOT have a built in 4 port switch as you claimed. It does one ethernet port, which doesn't require a switch (or hub) to work.
Because they've been disabled by AT&T and other vendors. I posted the page at:
because that's what I've been using to attempt to recover features that were disabled. For example, I can't telnet into the modem. SNMP doesn't work. From the manual, it appears that it can become a proper ethernet router, if the necessary features weren't turned off.
This is what the AT&T version looks like:
Note the lack of router-like menus.
This is what the non-AT&T version looks like:
The firewall/DMZ features are missing in the AT&T version. I'm discussing what can be done with the AT&T version.
I have one 4200 and five 4100 DSL modems scattered around the office, car, and house. All have only one ethernet port. I've never seen one with 4 ports in back. I searched with Google images and couldn't find one with 4 ports.
Sigh. Ok, we're done with outgoing redirection. All I said about incoming is that the 4100/4200 sends all ports to a single IP address. No magic (as in the outgoing redirection).
Neither do I. If the AT&T mutation of the 4100 had all the router features mentioned in the docs, it would certainly call it a router. As it stands, it has all the important router features disabled, leaving only the one port "router". I'm undecided as to whether routing the entire internet to a single IP port is really routing.
Yep. That's the recommended AT&T method, double NAT and all. It works because all the IP ports are sent to the 2nd routers WAN IP.
Me? I usually setup the 4100/4200 (and others) for bridging. For AT&T, the PPPoE login is in the router, not the DSL modem (as AT&T recommends). This is not officially correct or default method, but it has given me less grief than any other method. Since the 4100/4200 is now a bridge, I tend to call it a DSL modem. If I wanted to be exact, it's a DSL to ethernet bridge.
In my rant that started this umm.... discussion, I mentioned how it works for incoming traffic in exactly one sentence. Everything I've been talking about has been about the outgoing redirection of the management IP address.
Huh? What does "makes its presence know" mean? I seem to have missed something here.
Thanks. That's awful, but understandable. They want to be sure you don't clone the protocol with another application, or use the Skype client on a non-Skype system. I just wished they didn't have to destroy the code quality in order to accomplish this. No clue if Microsloth can clean up the mess. Hopefully yes, because I like and use Skype, despite the glitches.
Maybe DMZ Host, as mentioned in the wiki, is the better term.
My recollection of the Vietnam war is the DMZ wasn't so DMZd.
My solution to SKYPE is to use it as little as possible. I can't even use all my minutes.
As an alternative to SKYPE, some wireless plans support UMA. You maintain your own phone number and all the wifi calls are covered under one fee.
In the states, as far as I know, only T-mobile supports UMA. When you need it, it is a godsend. I've been in buildings where cellular can't reach the interior, but the UMA worked fine over the wifi.
Google Talk is supposedly similar, but google doesn't have the failure is not an option mentality of a telecom provider. [Less so past the AT$T breakup, but you get my point.]
UMA is an interesting technological black hole. It has a real potential for hacker mischief, so public documentation is a bit slim. My ISP, which sells their own VOIP, was blocking what they considered 3rd party VOIP. They denied it, but repeated complaints made the problem go away.
Argh! Nope, not progress. You're still missing my point. Oh well.
You left a lot of things hanging.
This part got answered later in the thread. It's because people are ignoring the router built into the modem and adding a second router, usually for reasons unknown.
This part didn't get answered, other than the fact that some people perhaps didn't realize their modem/router combo even had a router, so they added what they thought was the only modem, but it turned out they were running two modems in series. RTFM usually helps.
Trial by combat was easier.
One last try. This is the article that started the ummm... discussion on the modem/router/bridge/box/whatever functions:
Is there anything in this one rant that you find wrong, dubious, debatable, argumentative, fishy, etc? Actually, I just found a small mistake, but I'm not telling.
I think you mean two ->routers
What I thought I read (repeatedly) was that since the 4200 has only 1 Ethernet LAN port, it can't possibly house a router, or something to that effect. That's completely wrong, of course, and I wanted to point out that a router doesn't need more than 1 Ethernet port. We had several exchanges on the specific topic of whether the 4200 includes a router. It does. It apparently doesn't house a switch, contrary to the User Guide, but there's no question that it houses a router.
Huh? So you've morphed from "modem/bridge only, no router" to "yes, it has a router but most of the features are disabled"? We could have just started there and agreed right off the bat rather than all of this discussion.
You should have been focusing on whether the 4200 includes a router rather than whether it includes a switch. A switch is easy to see while a router takes a (tiny) bit of sleuthing.
A neutered router doesn't magically become some other type of network element. I wonder what you would have called the Linksys BEFSR11, a one port router. There's nothing weird or unusual about a one port router. Any multi-port NAT router you can think of starts as a one port router, to which a switch is bridged.
Ok, thanks, that's probably why you call the 4200 a modem, since you're used to ignoring and/or disabling its router.
Yep, Linksys calls it DMZ. Standard stuff.
Good so far, to which I replied that forwarding all the ports to a single IP is standard router stuff. Every junk router does it. Linksys calls it a DMZ. It's barely worth mentioning, except that it's nice that they do it by default rather than having the customer explicitly do it.
But then you went on to say that forwarding all the ports to a single IP meant that adding more than one computer would result in the extra computers not working, to which I pointed out that that has nothing to do with port forwarding, but is simply the fact that only a single IP address is available. No sense worrying about port forwarding when you don't have an IP address to forward to.
Have we beat this horse to death yet?
This was my follow-up to that post.
I think we've addressed everything, some more than once, except your paragraph that begins with "There's one other item that might be of interest." There wasn't anything in that paragraph that made sense, so I assume your small mistake is there. I'm not worried about correcting all mistakes, especially small ones. I just wanted to figure out what you were trying to say. I'm not sure, but I think it might relate to the "redirection" topic that you kept steering back to for some reason. If so, we're done.
On the VPN stuff, I give up. My head hurts and the wall is getting damaged.
Thanks for the discussion. I appreciate it.
It makes sense to me. It was my initial explanation of how the DSL modem was redirecting outgoing traffic to its management port. I don't think I could explain it much better.
Agreed. I'm now behind on my year end bookkeeping and billing. If I go broke, it's your fault. Actually, I was looking for a suitable diversion.
Ok. Bug me if you want to try again. I had to learn most of that the hard way. It wasn't in any of the books on VPN setups.
I see Linksys calls it a one port router. ;-) This is better than calling it a modem I suppose. It at least warns the use to think about double NAT, DMZ, etc.
Something just dawned on me and I apologize that I didn't recognize it much earlier.
When you talked about disabling the 4200's router and how it then forwarded all ports to a single IP, I should have recognized the situation and complained right away. I think we agree that disabling the router section essentially turns the 4200 into a DSL-Ethernet bridge. Bridges operate at Layer 2 and have absolutely no concept of ports. Therefore, they can't do any port forwarding.
Port forwarding refers to rewriting the destination IP when the destination port matches a certain value, and bridges don't rewrite destination IP's. Your description of port forwarding led me to believe that the router section was still active, since only the router can do port forwarding, but I see now that you were talking about standard bridge behavior and not port forwarding at all. The use of "port forwarding" when port forwarding wasn't involved was unfortunate.
You also mentioned that, with the 4200's router section disabled, you can only plug in one computer, and you made it seem like a limitation, saying additional computers wouldn't work. Again, though, that's standard bridge behavior. Your DSL ISP probably only allows you one IP address. If you need more, you need a router. (You also tangled up the port forwarding stuff into that mess, but it has no place there.)
Next, you mentioned that the 4200 can only do NAT to one device with the router section disabled. Again, that's not quite right. Bridges don't do NAT. (Bridges operate at L2 and have no concept of IP addresses.) What you should see is the single IP address allocation allowed by your ISP. There's no NAT involved unless the router section is active.
This clears up just about everything for me. Let me know if you have any questions or clarifications.
I'm avoiding the VPN stuff. I'll test it myself someday, just to satisfy my curiosity.
I used a BEFSR11 for many years, which is why I used it as an example. In my case, the "1 port" aspect warned me that I had to supply my own switch. (I'm not sure how double NAT and DMZ issues apply here? You wouldn't pair it with another router.)
But yeah, there's no shame in a 1 port router. I think they fell by the wayside when people started expecting a switch to be included, but to be honest I typically only use 1 of the 4 ports anyway, ignoring the other 3. More and more, I'm installing Gigabit networks, so everything is Gig until I get to the single link to the gateway router, which can be 100Mb since that's still much faster than the ISP link. Everything internal flies, including mail server and other intranet stuff.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.