The OTHER problem with Netgear WGT624 (and probably others)

On Tue, 01 Aug 2006 19:16:22 GMT John Navas wrote: | On Tue, 01 Aug 2006 09:15:12 -0700, Jeff Liebermann | wrote in | : | |> snipped-for-privacy@ipal.net hath wroth: |>

|>>I made it work on my end by adding a fake DNS zone for routerlogin.net |>>into my own DNS server that was being used for resolving (which BTW is |>>not the same as the authoritative-only servers used to answer queries |>>for my domain names). |>

|>I'll save you the trouble. I setup an A record to point to |>192.168.1.1. Try: |>

| | How does that help? No other setups in your domain?

Someone could type in "

" to their browser and it would go to 192.168.1.1. Maybe the router will refuse it because it checks the virtual hostname. Maybe, or maybe not. That isn't something I tested. If I had implemented the web interface on it I would have made it NOT check virtual host name. But then, I would also have made it NOT do a redirect, either. I would have put in the DNS intercept and had that give out the router's configured IP address.

|>Unfortunatly, it won't work if you're using a different IP address for |>the router. | | Indeed.

And somehow Netgear's method will work where this fails? If you think so, explain how. I think it won't.

On Tue, 01 Aug 2006 16:07:43 GMT John Navas wrote: | On 31 Jul 2006 21:50:32 GMT, snipped-for-privacy@ipal.net wrote in | : | |>On Mon, 31 Jul 2006 19:29:57 GMT John Navas wrote: |>| On 31 Jul 2006 02:19:40 GMT, snipped-for-privacy@ipal.net wrote in |>| : |>| |>|>On Sun, 30 Jul 2006 18:51:11 GMT John Navas wrote: |>|>| Works fine here (and everywhere else I've used it): |>|>| |>|>| >nslookup routerlogin.com |>|>| |>|>| Non-authoritative answer: |>|>| Name: routerlogin.com |>|>| Address: 192.168.1.1 |>|>| |>|>| You may have something wrong in your configuration. |>|>

|>|>Nope. |>| |>| Then why does it work for me and everyone else? ;) |>| |>| I'd be willing to bet you do. |>

|>You'd lose this one. | | Not so.

Since my DNS configuration is absolutely correct, you've already lost.

|>Enter "routerlogin.com" at any of the online DNS |>lookup sites and see what you get. | | What's wrong is that you're resolving over a different Internet | connection. Use the router as intended, and there's no problem.

That's not a DNS issue. That's shortsightedness that you and Netgear seem to share.

Explain why they put 64.202.189.170 in for routerlogin.net instead of

192.168.1.1. Explain what WILL work with 64.202.189.170 that will fail with 192.168.1.1. I suppose you configured your router to have the IP address 64.202.189.170 (yeah, that is the one case that would work).

On 1 Aug 2006 22:59:44 GMT, snipped-for-privacy@ipal.net wrote in :

In fact lots of small businesses do just that.

Seems quite reasonable and workable to me.

On 1 Aug 2006 23:02:20 GMT, snipped-for-privacy@ipal.net wrote in :

Caching is actually quite relevant. Expiration is 7 days. Even Minimum TTL at 60 minutes is long enough to cause problems.

In your opinion (because it works better for you). I think the Netgear approach is fine for the great majority of customers.

On 1 Aug 2006 23:08:53 GMT, snipped-for-privacy@ipal.net wrote in :

As long as you're going through the Netgear router as intended, it will work if you're using a different IP address for the router.

With all due respect, your attack on the Netgear method is based on not using the router as intended, which (IMnsHO at least) is pretty flimsy.

On 1 Aug 2006 23:12:11 GMT, snipped-for-privacy@ipal.net wrote in :

We'll just have to disagree.

Again, we'll just have to disagree.

John Navas hath wroth:

It doesn't help. It's totally useless. Since the router probably has NOT connected to the internet when the URL is first invoked, there's no way for DNS to return the 192.168.1.1 IP address. However, it does provide entertainment value.

Not that I know of. I fumigated the domain last year.

On Tue, 01 Aug 2006 20:36:44 -0700, Jeff Liebermann wrote in :

Like the book/movie "Catch 22". :)

Good idea. My domain used to be afflicted with Creeping Virtual Host Syndrome. Then one day it dawned on me that I really didn't need them. All better now. :)

On Wed, 02 Aug 2006 00:05:36 GMT John Navas wrote: | On 1 Aug 2006 22:59:44 GMT, snipped-for-privacy@ipal.net wrote in | : | |>On Tue, 01 Aug 2006 16:06:27 GMT John Navas wrote: | |>| It's not a problem for computers behind the router, the expected case. |>

|>You mean, computers using the router to connect to the internet as the |>expected case ... not enabling laptops to connect to the LAN, since no |>business in their right mind would ever do anything as useless as that. | | In fact lots of small businesses do just that.

But that's not what Netgear makes routers for ... or at least that's not the expected usage when they create fancy new user friendliness features that break the unintended uses like this.

|>It's just silly to break some cases in order to make other cases work when |>there is a way to do it that won't break any cases and still makes the |>intended ones work. | | Seems quite reasonable and workable to me.

So you prefer to minimize the working cases rather than expand them?

On Wed, 02 Aug 2006 00:13:51 GMT John Navas wrote: | On 1 Aug 2006 23:08:53 GMT, snipped-for-privacy@ipal.net wrote in | : | |>On Tue, 01 Aug 2006 19:16:22 GMT John Navas wrote: | |>|>Unfortunatly, it won't work if you're using a different IP address for |>|>the router. |>| |>| Indeed. |>

|>And somehow Netgear's method will work where this fails? If you think so, |>explain how. I think it won't. | | As long as you're going through the Netgear router as intended, it will | work if you're using a different IP address for the router. | | With all due respect, your attack on the Netgear method is based on not | using the router as intended, which (IMnsHO at least) is pretty flimsy.

But you did agree that the "unintended" use was a legitimate business use after my parody that it would be silly for businesses to use wireless routers for other than internet access.

On Tue, 01 Aug 2006 20:36:44 -0700 Jeff Liebermann wrote: | John Navas hath wroth: | |>>I'll save you the trouble. I setup an A record to point to |>>192.168.1.1. Try: |>>

| |>How does that help? | | It doesn't help. It's totally useless. Since the router probably has | NOT connected to the internet when the URL is first invoked, there's | no way for DNS to return the 192.168.1.1 IP address. However, it does | provide entertainment value.

The case of the router being set up on a LAN in a business that already has "major" access (e.g. T1 or better, as opposed to DSL/cable), with intention that it is being used for authorized laptops in the building to be able access the office LAN (and maybe also internet, but through the big pipe). Of course they could get pure access point device. But there could also be alternative use of the router, such as being able to better segment or block the wireless access (for example block port

25), or possible to actually use DSL as a _backup_ link to the internet in case the big pipe goes down (it happens ... which is why one of my past employers had me putting in triple redundant OC-3 links to three different with triple redundant Cisco routers using HSRP for failover).

On 2 Aug 2006 07:45:18 GMT, snipped-for-privacy@ipal.net wrote in :

Netgear is focusing on its target market.

What I prefer is to do a good job for the target market. More to the point, I don't think your alternative is a good solution (for reasons previously stated).

dOn 2 Aug 2006 07:59:44 GMT, snipped-for-privacy@ipal.net wrote in :

Actually I didn't. I simply said LAN connection was an intended use, as it is, using the wired switch ports on the router. The key word there is router, as distinct from access point.

snipped-for-privacy@ipal.net hath wroth:

I only have a few businesses that use T1's or better. Most would not use a commodity router and prefer Cisco, 3com, Sonicwall, or one of the wireless switch vendors (Aruba, Symbol, Nortel/Trapeze, Cisco/Airespace, etc). Some of my commodity router collection came from ripping them out of such businesses, and replacing them with something that can be monitored and centrally managed.

Yep. Those are not routers, so using routerlogin.com is a bit non-sensical. Perhaps:

they're available.

"Pure" access point? If you find that your access point isn't 100% pure, I can suggest a suitable purification rite.

If I were to actually do such a thing, I would need RIP, OSPF, or BGP4 to switch between redundant paths. Not exactly something I would trust to a commodity router. As for blocking port 25, the rule set required to do it correctly requires a more complex ACL than can be provided in most commodity routers.

Methinks you might be stretching the point a bit here. The allegedly user friendly routerlogin.com idea was to assist in the initial setup of a wireless system that reflects 99.9% of the intended target market. As I previously indicated, your application doesn't qualify.

On Wed, 02 Aug 2006 14:11:30 GMT John Navas wrote: | On 2 Aug 2006 07:45:18 GMT, snipped-for-privacy@ipal.net wrote in | : | |>On Wed, 02 Aug 2006 00:05:36 GMT John Navas wrote: |>| On 1 Aug 2006 22:59:44 GMT, snipped-for-privacy@ipal.net wrote in |>| : |>| |>|>On Tue, 01 Aug 2006 16:06:27 GMT John Navas wrote: |>| |>|>| It's not a problem for computers behind the router, the expected case. |>|>

|>|>You mean, computers using the router to connect to the internet as the |>|>expected case ... not enabling laptops to connect to the LAN, since no |>|>business in their right mind would ever do anything as useless as that. |>| |>| In fact lots of small businesses do just that. |>

|>But that's not what Netgear makes routers for ... or at least that's not |>the expected usage when they create fancy new user friendliness features |>that break the unintended uses like this. | | Netgear is focusing on its target market.

Why it chooses to neglect another market that it could also serve by doing nothing more than just configuring a DNS server correctly makes no sense. Why turn down adding 10% to the revenue base.

|>|>It's just silly to break some cases in order to make other cases work when |>|>there is a way to do it that won't break any cases and still makes the |>|>intended ones work. |>| |>| Seems quite reasonable and workable to me. |>

|>So you prefer to minimize the working cases rather than expand them? | | What I prefer is to do a good job for the target market. More to the | point, I don't think your alternative is a good solution (for reasons | previously stated).

While I know you described things like using the router to access the internet, you have yet to give _details_ about why a menufacturer should avoid an additional market that would use wireless devices to provide its staff that use laptops in the office access to the office LAN, when doing so requires _nothing_ that would break anything, or even degrade the user friendliness or functionality for the primary market. It's as if you actually believe that serving one market in the way things are designed, implemented, and deployed, would require additional effort and cost to also do so for another market.

On Wed, 02 Aug 2006 14:13:29 GMT John Navas wrote: | dOn 2 Aug 2006 07:59:44 GMT, snipped-for-privacy@ipal.net wrote in | : | |>On Wed, 02 Aug 2006 00:13:51 GMT John Navas wrote: |>| On 1 Aug 2006 23:08:53 GMT, snipped-for-privacy@ipal.net wrote in |>| : |>| |>|>On Tue, 01 Aug 2006 19:16:22 GMT John Navas wrote: |>| |>|>|>Unfortunatly, it won't work if you're using a different IP address for |>|>|>the router. |>|>| |>|>| Indeed. |>|>

|>|>And somehow Netgear's method will work where this fails? If you think so, |>|>explain how. I think it won't. |>| |>| As long as you're going through the Netgear router as intended, it will |>| work if you're using a different IP address for the router. |>| |>| With all due respect, your attack on the Netgear method is based on not |>| using the router as intended, which (IMnsHO at least) is pretty flimsy. |>

|>But you did agree that the "unintended" use was a legitimate business use |>after my parody that it would be silly for businesses to use wireless |>routers for other than internet access. | | Actually I didn't. I simply said LAN connection was an intended use, as | it is, using the wired switch ports on the router. The key word there | is router, as distinct from access point.

A router can be an essential feature. If it's needed, buy the box with it already built in. Then you don't have to buy an additional box.

On Wed, 02 Aug 2006 08:08:05 -0700 Jeff Liebermann wrote: | snipped-for-privacy@ipal.net hath wroth: | |>On Tue, 01 Aug 2006 20:36:44 -0700 Jeff Liebermann wrote: |>| John Navas hath wroth: |>| |>|>>I'll save you the trouble. I setup an A record to point to |>|>>192.168.1.1. Try: |>|>>

|>| |>|>How does that help? |>| |>| It doesn't help. It's totally useless. Since the router probably has |>| NOT connected to the internet when the URL is first invoked, there's |>| no way for DNS to return the 192.168.1.1 IP address. However, it does |>| provide entertainment value. | |>The case of the router being set up on a LAN in a business that already |>has "major" access (e.g. T1 or better, as opposed to DSL/cable), with |>intention that it is being used for authorized laptops in the building |>to be able access the office LAN (and maybe also internet, but through |>the big pipe). | | I only have a few businesses that use T1's or better. Most would not | use a commodity router and prefer Cisco, 3com, Sonicwall, or one of | the wireless switch vendors (Aruba, Symbol, Nortel/Trapeze, | Cisco/Airespace, etc). Some of my commodity router collection came | from ripping them out of such businesses, and replacing them with | something that can be monitored and centrally managed.

I was not talking about using a router like WGT624 or WRT54G on an internet access like T1. But I suppose I can. For a business that is doing things on the cheap, a WRT54G might well be fine if the handoff from the T1 or whatever they have is compatible. Do keep in mind that a lot of small business do use DSL. Nevertheless, this *is* a case of using a wireless router to also access the internet, the scenario you assume to be the only one the manufacturers target.

What I was talking about was a business using a T1 or better internet service, through any other kind of router (maybe even a high end Cisco router), and using wireless routers to merely provide wireless access to the LAN, and possibly also to the internet through the LAN and through what ever means the LAN accesses the internet (e.g. proxy server, NAT, or whatever else they may be doing). When a business does that, I do recommend a router rather than a bridge so that all their internal LAN ARP broadcasts are not going over wireless. The actual recommendation is based on what network topology they have, what might be changed, and the type of usage they make. But router based wireless is among the possible recommendations.

|>there could also be alternative use of the router, such as being able |>to better segment or block the wireless access (for example block port |>25), or possible to actually use DSL as a _backup_ link to the internet |>in case the big pipe goes down (it happens ... which is why one of my |>past employers had me putting in triple redundant OC-3 links to three |>different with triple redundant Cisco routers using HSRP for failover). | | If I were to actually do such a thing, I would need RIP, OSPF, or BGP4 | to switch between redundant paths. Not exactly something I would | trust to a commodity router. As for blocking port 25, the rule set | required to do it correctly requires a more complex ACL than can be | provided in most commodity routers. | | Methinks you might be stretching the point a bit here. The allegedly | user friendly routerlogin.com idea was to assist in the initial setup | of a wireless system that reflects 99.9% of the intended target | market. As I previously indicated, your application doesn't qualify.

Methinks you are going out of your way to dismiss a perfectly legitimate use for a wireless router that I believe the marketing people would not want to dismiss (if they understood the distinction), that could be done in a user friendly way, without impacting what they have already done for user friendliness in the "router is used for internet access" cases, by a simple change. I know you are a smart person, so it makes no sense why you would seem to think that such a change would somehow impact the business or the usability of wireless routers for internet access.

On 2 Aug 2006 15:28:34 GMT, snipped-for-privacy@ipal.net wrote in :

It's probably not anywhere near that much, and with the razor thin margins in consumer grade stuff, focus is important. Netgear probably thinks a business is better served with business grade stuff. I would agree.

With all due respect, I think your desires are coloring your perspective, and that you shouldn't be trying to use consumer grade stuff in business grade applications.

I have no desire to go round and round with this, so I'm now leaving the last word to you.

On 2 Aug 2006 15:30:30 GMT, snipped-for-privacy@ipal.net wrote in :

Whatever. It's not worth arguing about.