Network Planning help



  • Here's my situation first off; the first major bottleneck on my network is our router, it will stop accepting http and https traffic it it stay on for longer than 1d8 days, everything else will go through, this is even more annoying because it also stops responding when one http's to it directly (which is the only way I have of managing it remotely). I'd rather not have to go through our ISP's magically adept Tech Support, although I fear I might have to. So to take load off the router I had planned on setting up a simple infrastructure box with a DNS server (need help on this one), DHCP server (have this running), and possibly an http proxy. Now as an additional feature I'd like to be able to block an IP from accessing the internet (probably iptables?) because one of our Telus TV boxes tends to left on and running up and down the stairs to turn a TV box off is not fun, they suck 1.5Mb/s according to Telus' marketing. Is there anything else I can do to try and speed up internet access? Also what Distro would be good for the NI box, it currently has Arch Linux on it. Another thing, how can I find what ports aren't blocked by my ISP? They block everything below 1024, also 8000, 9001 and 9009 (9000 is open oddly enough), I really don't feel like asking a friend to test every single port as I setup a sever for that port and redirect etc, it's way to tedious.



    Notes:

    I can't change ISP's; I don't have the authority to do so

    My router is a DSL-604+ if anyone cares

    This is my home network if anyone didn't quite catch that

    Router is also wireless AP, and modem and firewall.



  • @Lingerance said:

    They block everything below 1024, also 8000, 9001 and 9009 (9000 is open oddly enough), I really don't feel like asking a friend to test every single port as I setup a sever for that port and redirect etc, it's way to tedious.

    You sure? It'd be a pretty paranoid ISP that blocks email, telnet, ssh, ftp and http, to name just a few.

    You could test ports through a netcat script, but it'd be simpler just to find a range that isn't blocked and stick to using those for whatever services you need.



  • The german IT publisher Heise offers an IMO quite useful "self port scan service" here. After you checked a confirmation and typed a captcha, their servers will scan the IP you requested the page from.



  • @Lingerance said:

    Here's my situation first off; the first major bottleneck on my network is our router, it will stop accepting http and https traffic it it stay on for longer than 1d8 days, everything else will go through,

    Is your router acting as an HTTP/HTTPS proxy?  Is it a transparent proxy, or do you have to configure your PCs to point at it? If it's transparent, then setting up a proxy server inside your network won't help, because the router'll still be intercepting the port 80 & 443 traffic and eventually die again as usual.

    Does it die consistently at the 1d8 (single 8-sided dice? 1day 8 hours?) point? Or does it happen quicker if you're surfing heavily? Slower if you're surfing lightly? Does a reboot fix the problem? I'd investigate if there's any firmware updates available for the thing. It could have a resource leak of some sort relating to its HTTP proxy.

    As for the ports being blocked, I'm assuming you mean for incoming connections. if outgoing connections to ports below 1024 are blocked, then you couldn't be surfing or using email, period. I don't think it's unreasonable for them to block incoming connections on those ports, especially if your service agreement specifies not running any servers. Doesn't mean you can't have an SSH or HTTP server going, just can't use the standard ports for it.

    If you want to see exactly what incoming ports are blocked, find an outside shell somewhere and do a full port range nmap scan of your IP.

     



  • @MarcB said:

    Is your router acting as an HTTP/HTTPS proxy?  Is it a transparent proxy, or do you have to configure your PCs to point at it? If it's transparent, then setting up a proxy server inside your network won't help, because the router'll still be intercepting the port 80 & 443 traffic and eventually die again as usual.

    Does it die consistently at the 1d8 (single 8-sided dice? 1day 8 hours?) point?


    8 sided dice. The point of the proxy would be to at least have some content on our side while internet is down, as it seems to be dependent on how much we actually use the network before it goes down. The router does not have proxy functionality.
    @MarcB said:
    Or does it happen quicker if you're surfing heavily? Slower if you're surfing lightly? Does a reboot fix the problem? I'd investigate if there's any firmware updates available for the thing. It could have a resource leak of some sort relating to its HTTP proxy.

    Rebooting always fixes the problem.



  • @Lingerance said:

    The point of the proxy would be to at least have some content on our side while internet is down, as it seems to be dependent on how much we actually use the network before it goes down.

     

    Proxies do not work this way and will not do this.

    On a related note, I am assured by somebody with a deep understanding of the subject that transparent HTTP proxies are a fundamentally broken idea, and cannot ever work right - at most they can give the appearance of working right. The correct solution is to deploy automatic proxy configuration via WPAD. (You must deploy both forms: IE only properly accepts the DHCP-based WPAD, and Firefox only accepts the DNS-based WPAD).



  • My gut tells me it's either one of three things, a bad network connection, bad firmware, or bad hardware.  I've seen some network interfaces through a fit if you used a 2 pair network wire vs 4 pair even though the other two pair aren't used. I'd replace the network wire and maybe do some packet sniffing via a regular hub to see if there are any CRC errors coming from any of the devices.

    I'd also make sure that you are running the latest firmware on the router.  If none of that works, a replacement router might be in order.  Routers should not just stop responding - they are meant to function reliably with very little downtime.

     


     


     



  • @lpope187 said:

    I'd also make sure that you are running the latest firmware on the router.  If none of that works, a replacement router might be in order.  Routers should not just stop responding - they are meant to function reliably with very little downtime.

    For what it's worth, I'll second this. 

    I use a lot of upload bandwidth (torrent).

    I had two linksys routers:  one wireless and one not.  The wireless one would shut down, only allowing the bittorrent traffic, after a while.  The wired one did not shut down.  So what I did (WTF ahead) is make the wireless one a subnet of the wired one.  All the bittorrent traffic goes over the wired one only, and I can still do wireless.  However, I couldn't use activedirectory to share folders, printers, etc from the desktop to the laptops.  Eventually, I bought a netgear router and am having no trouble.  One network, it handles all the bittorrent traffic beautifully, and rarely shuts down. 

    Netgear FTW.  Linksys:  DIE!



  • @lpope187 said:

    I'd also make sure that you are running the latest firmware on the router.  If none of that works, a replacement router might be in order.  Routers should not just stop responding - they are meant to function reliably with very little downtime.

     

    you must not have used a linksys router then. 



  • @tster said:

    you must not have used a linksys router then. 

    Nothing wrong (usually) with Linksys hardware. The firmware's another matter. I ditched the stock stuff with DD-WRT for my WRT54gs and never looked back.

     

    DD-WRT VeryBusyBox v1.2.1 (2006.09.15-18:06+0000) Built-in shell (ash)
    Enter 'help' for a list of built-in commands.

    ~ # uptime
    13:21:52 up 39 days, 10:45, load average: 0.01, 0.02, 0.00

    Uptime'd be longer, but there was a brownout. I think it was around 85 days prior to that, which is when I rebooted the router for some config changes.



  • Netgear FTW.  Linksys:  DIE!

    My Netgear at home crashes when I log into a specific VOIP provider. My other VOIP provider works fine and the crashy one works fine on every other router I've tried (Billion, D-Link and iOpen)

    It crashes spectacularly: Cannot ping it even from other computers. No computer can use the Internet wireless or wired. I have tried difference computers, different softphones, different settings, different operating systems. As soon as I register the router just stops responding. It has the latest firmware available (it was very unstable with the first version firmware). Close down the software and wait about a minute and it returns. If I don't shut down the software it never returns.

    So Netgear is not always good!
     



  • Netgear and Linksys are both end-user junk. Sometimes end-user junk is what the budget calls for, but you should always expect to spend a fair amount of time shipping the stuff back.



  • @tster said:

    @lpope187 said:

    I'd also make sure that you are running the latest firmware on the router.  If none of that works, a replacement router might be in order.  Routers should not just stop responding - they are meant to function reliably with very little downtime.

     

    you must not have used a linksys router then. 

    Not too much on the home side of their catalog.  Personally, I go Cisco on the business side and D-LINK on the home side.  I've never had an issue with either of my D-LINKs at home.  They've both been chugging along for years now.  I look at it this way: If you can buy it at Walmart, chances are it is junk.



  • @lpope187 said:

    @tster said:
    @lpope187 said:

    I'd also make sure that you are running the latest firmware on the router.  If none of that works, a replacement router might be in order.  Routers should not just stop responding - they are meant to function reliably with very little downtime.

     

    you must not have used a linksys router then. 

    Not too much on the home side of their catalog.  Personally, I go Cisco on the business side and D-LINK on the home side.  I've never had an issue with either of my D-LINKs at home.  They've both been chugging along for years now.

    Linksys == Cisco end-user products.

     

    I look at it this way: If you can buy it at Walmart, chances are it is junk.

    Probably reliable, but a more reliable indicator is: if it doesn't have 19" mounting rails, it's junk.


Log in to reply