Router dropping connection -- please help!

thesun · #1 28th October 2004, 01:35 PM

I cannot figure out what's going on but this is a huge pain. I hope someone out there can help me get this problem fixed.

I have three computers (desktop1, desktop2, and notebook1) which are all connected to a Netgear Wireless Router (WTG64, I believe). The desks are plugged in directly and the notebook is wireless. Desktop1 is my main computer and I access it via ssh and vnc.

Desktop2 and notebook1 are fine. No problems. However desktop1 keeps dropping the connection to the router about every 20 minutes. After 2-3 minutes it connects again. I have to kill my ssh window, wait, and relogin every 20 minutes.

One additional problem (could be totally unrelated, I don't know) is that whereas the two other machines can access the router's config page (at 192.168.0.1) from a web browser, the main desktop1 cannot. It returns a connection refused error message.

None of the machines are able to ping each other. I get a "no route to host" error.

Please help me! Thanks in advance...!

(My router is the new piece. Prior to purchasing it a few days ago I had desktop1 IP masq/NATing for desktop2 through eth1, with the notebook just sitting by itself, not connected to anything. The main desktop1, with a Bastille-firewall was connected directly to the cable modem through eth0. Could something relating to a previous firewall or security setting be causing some of this?)

Dog-One · #2 28th October 2004, 02:41 PM

if you cannot ping from Desktop2 to Notebook1 back'n forth, your router is filtering between your LAN in ways it shouldn't. Either it's not handling ARP messages properly or it's filtering traffic. In either case, if you cannot configure your router to get this much working, I would consider getting a $10 switch, connect all your machines to it and then connect the switch to your router and give that a try.

Get basic ping function to work for all your machines on your LAN, then we can take a closer look at why Desktop1 drops the connection after 20 minutes, if it still does.

Dog-One · #3 28th October 2004, 02:47 PM

Is this the router you are using?

If it is LMK. I plan to download the manual for it to see if there is a configuration setting that needs to be changed. It's also possible the device needs a firmware upgrade, I see those posted on the Netgear websit.

I missed that your notebook is wireless so a basic switch would be of little help for that. :o

Hang in there bud.

thesun · #4 28th October 2004, 03:19 PM

Yes, that's the router alright. Or the culprit, not sure which. ;-) Yes, I've considered that perhaps there's a firmware problem. One reason I thought this is that when I went to a web-based port-scan site they were able to see the IP of my desktop1 machine (192.168.0.2) and that seemed problematic. Shouldn't the router be stopping things at its door? Or will port-forwarding 80 (for HTTP) allow folks to see that kind of info?

You've been a great help thus far...if only to have me trying different things and thinking about it. I am pondering just going out and getting a different router and seeing if I still have the same problems. I don't know about a switch---shouldn't the router itself be doing this?

I'm surprised---I thought that routers were far less finicky somehow. But live and learn, I guess. :-)

Thanks for your ideas and suggestions and I'll wait and hope to get another suggestion. In case you're wondering, I've also been in contact with Netgear. It's clearly some guy in India reading a manual and just entering in stock sentences. So they haven't been any help at all. I suppose if this works its way up the line I might hear something useful...but that's taken almost a week thus far.

Over and out for the moment...and thanks again!

Dog-One · #5 28th October 2004, 05:53 PM

Quote:

Originally Posted by thesun

Yes, that's the router alright. Or the culprit, not sure which. ;-) Yes, I've considered that perhaps there's a firmware problem. One reason I thought this is that when I went to a web-based port-scan site they were able to see the IP of my desktop1 machine (192.168.0.2) and that seemed problematic. Shouldn't the router be stopping things at its door? Or will port-forwarding 80 (for HTTP) allow folks to see that kind of info?

It sure shouldn't. NAT mangles the IP addresses so all anyone from the Internet should see is something on some port at your Internet IP address. It should never see the private IP addresses.

Are you sure that you have things connected to the correct ports?

Quote:

You've been a great help thus far...if only to have me trying different things and thinking about it. I am pondering just going out and getting a different router and seeing if I still have the same problems. I don't know about a switch---shouldn't the router itself be doing this?

There are a few different categories of network devices: routers (work at the IP level), bridges (work at the MAC address level) and switches (which are for the most part, multiport bridges). Oh, and there are hubs/repeaters that just copy everything they see coming in to all their ports going out--hard to even find these anymore. How I date myself.

Now routers that filter things at the IP level are usually referred to as firewalls. True routers like most Cisco boxes, do serious routing and take advantage of specialized routing protocols like OSPF, RIP, IGRP and the like, but you typically don't see these used in the consumer market.

Quote:

I'm surprised---I thought that routers were far less finicky somehow. But live and learn, I guess. :-)

I don't mind all-in-one solutions when they work properly. They are a pain when they don't. For my home network, I did everything in pieces. I use an old laptop as my firewall running Fedora Core 2. I have a cheap 100Mb/s 8-port switch and a cheap Linksys Wireless Access Point. If any particular part breaks or starts acting screwy, I can isolate and replace just the faulty unit. Also having Linux as my firewall, I can tweak it to my hearts content and never settle for good enough.

Quote:

Thanks for your ideas and suggestions and I'll wait and hope to get another suggestion. In case you're wondering, I've also been in contact with Netgear. It's clearly some guy in India reading a manual and just entering in stock sentences. So they haven't been any help at all. I suppose if this works its way up the line I might hear something useful...but that's taken almost a week thus far.

Over and out for the moment...and thanks again!

I'll take a look at the manual for your Netgear device and see if I can discovery something for you to try.

Dog-One · #6 28th October 2004, 08:14 PM

I see a few things you can do. Turn RIP and UPnP off for sure. I do not know about spoofing your MAC address. I think I would leave that set to default if your ISP can handle it. There is a feature to remotely administer the router. If you want me to try that for you, send me a private message and we'll see what we can do. Other than that, I really don't see anything obvious that could be incorrect.

thesun · #7 29th October 2004, 03:50 AM

Okay, RIP is off and UPnP was on (it's off now). But I'm beginning to think that perhaps I have a faulty router. One, the port forwarding is pretty straightforward---really, a bonehead could set it up. But when I go to a firewall testing website my NATed IP (192.168.0.xyz) is showing up (and it shouldn't, that's the whole purpose of a darn firewall, right?) and I'm not getting any other ports open except for 22. And that shuts down every 20 minutes for no apparent reason. There just aren't that many options to configure...it's pretty simple, and after hearing that confirmed by you (who knows worlds more about routers than I do) I'm even more convinced that perhaps there's something totally messed up with it.

On the other hand, when I go to the other computer (desktop2) and check, it doesn't find my NATed IP anymore. But it doesn't find any other ports open, either. Nor can I ping the other computer...

Is there any way my previous system's security or firewall settings could be screwing up the router? I used to use desktop1 as a router itself, and could easily have tweaked those settings to something weird. Can I check any config files (/etc/sysconfig/network? httpd.conf? bastille?). I have it set to force passive mode, I think...but that's for FTP. Part of the problem of Linux is that it's gotten so easy to use that a bozo like me can wade in there and get things working even if he knows very little about WHY they're working (or how to undo damage if it's done...)

I am pretty sure your thought about "connecting everything to the right ports" is closer to the mark. I feel like there's something _in the computer, desktop1_ that's confusing the router, rejecting it, or something. The other two computers have no problems (though they can't ping each other) and seem to be properly behind the firewall.

I know I have the cable modem connected (properly) to the router, and desktop1 and desktop2 are connected physically to the router in slots 2 and 4. One of them, however, is a solid light and the other is flashing. I would assume that if all were good the lights would either both be solid or both would be flashing. I've got the cables going to eth0 on both computers. :-) The main computer is using a beat up (modified, tweaked, ancient) version of RH8.0.

So...what else can I try?

thesun · #8 29th October 2004, 02:28 PM

Last clue: I just noticed that when I ping from desktop1, it is using the eth1 IP (192.168.0.10) instead of the eth0 address (192.168.0.2). Is it trying to ping through the unused eth1? It looks like it...

Not sure if that helps the ssh dropping problem, but that seems to be important...

thesun · #9 29th October 2004, 03:05 PM

The plot thickens...

I slogged through my various ethernet related config files and found that my eth0 had "bootproto" set to "none." I changed it to "dhcp" and now, whew, I seem to be getting my ping routing through the right place---192.168.0.2. I can also now access the router config from desktop1 (I don't get a "connection refused" anymore).

So it looks like you were right: there was something messed up in my ethernet configuration. Now it's better (I can't say perfect...just better!)

However, I still have a visible NATed IP. And the only open port, despite the port forwarding, is 22. Could this be a firewall failure? It will still be under warranty for a few more days...should I get another one and try to see if I have the same problems?

thesun · #10 29th October 2004, 07:11 PM

I have discovered that VNC appears to be releasing the NATed IP address. If I log in normally on any of my computers then the internal IP is hidden. But if I go via VNC then it appears to divulge the internal IP.

Dog-One · #11 30th October 2004, 04:53 AM

That would make sense then. VNC in tunneled to no IP mangling can occur.

If you have eth1 shut down, no DHCP or anything like that running and iptables shutdown, you should be in business. Sounds like all is well actually.

Sorry I left you hanging there for a bit--I'm building a new (actually an old POS) machine to test FC3 RC1. It's been real fun so far.

LMK if you have any more problems.

thesun · #12 30th October 2004, 11:19 PM

Well, my VNC *is* tunneled, so I'm not sure why the internal IP is showing up, but I'm not super concerned anymore about that. The only mystery left is related to the websites---I'm just not getting anything open on port 80 or 8080 or 8090. 22 is showing up as open (as it should), but why are my web pages not being able to be served? Port 80 and the virtual hosts' ports should also be open...right?

I'm running FC3 on my desktop2 and loving it. No problems. It seems sharp and snappy...FC2 had some funky install issues, but FC3 is great. Except for the ALSA sound issue, but I'm fed up with trying to get it to work. I don't need sound (sniff, sob...) on this machine anyway. Good luck with your install!

;-)

If you can think of anything else to try to get the websites back up that would be great. I can move them off to free hosting places, but I'd rather not.