okay.. this is for all the networking guru's

Most of us are not "computer people" so post your technical questions and comments here. If you have computer or Internet expertise, share it here.

Moderators: carlson1, Keith B


Topic author
Russell
Senior Member
Posts in topic: 6
Posts: 2877
Joined: Sat May 20, 2006 12:46 pm

okay.. this is for all the networking guru's

#1

Post by Russell » Thu Jul 20, 2006 3:49 am

The story:

I have 2 routers in my house. Everybody knows that 2 routers in a house don't exactly like to play nicely together, especially if they are of different brands. The one in my bedroom is a netgear, the one in the living room is a linksys. I have a DSL connection from verizon. It is plugged into the router in the living room.

A drawing to make it easier (trust me you might need it, because this could get pretty complicated):

[DSL Modem] ---> [Linksys] ----> [Netgear] ----> [Computers in my bedroom]


The Netgear router is set as the DMZ host for the Linksys router to bypass any NAT problems. I have 2 computers in my bedroom. One is a windows 2003 server that I run several services on, such as FTP, SMB, IIS, etc.

The windows 2003 server is set as the DMZ host on the Netgear router to bypass any NAT problems as well.

Here is my problem"

I cannot mount any network shares outside of my subnet. So say, for example, if I connect to my neighbors wireless router, I cannot mount any of my network drives running on the windows 2003 server. But if I reconnect to my own router, I can just fine.

I have completely disabled the server's firewall to make sure that wasn't the problem, and it wasn't.

Now here's the real kicker:

Any of the other services, such as FTP, I can connect to from the outside world just fine. Everything works but SMB. The error returned from the command prompt is "The network path was not found", which is the same generic error given if pretty much anything goes wrong with connecting to the ports.

Now one thing that I have never been able to solve, is that I can connect to computers connected to the linksys router just fine from my bedroom on a computer connected to the netgear router, but if I am on a computer in the living room connected to the linksys router I cannot connect to any computer in my bedroom that is connected to the netgear router.

In order to rule out that it wasn't just a netgear to linksys translation problem with the network shares, I plugged the windows 2003 server directly into the linksys router, and set that IP address as the DMZ host, yet I still could not connect to any network shares from the outside world. I double and triple checked that the windows firewall was disabled and it was.

This only leads me to believe that verizon is blocking the SMB ports, which I have never heard of before.

Any thoughts? :razz:

User avatar

nitrogen
Senior Member
Posts in topic: 1
Posts: 2322
Joined: Wed Dec 21, 2005 1:15 pm
Location: Sachse, TX
Contact:

#2

Post by nitrogen » Thu Jul 20, 2006 7:21 am

Get a network scanning tool like nmap, and scan yourself.

I'm betting Verizon is blocking netbios ports. DSL providers have started to do this recently.
.השואה... לעולם לא עוד
Holocaust... Never Again.
Some people create their own storms and get upset when it rains.
--anonymous

User avatar

Crossfire
Moderator
Posts in topic: 3
Posts: 5379
Joined: Sun Jan 08, 2006 10:27 am
Location: DFW
Contact:

#3

Post by Crossfire » Thu Jul 20, 2006 7:53 am

Why are you using 2 routers? Wouldn't life be a lot simpler if you got rid of one router and exchanged it for a switch? Then you could at least eliminate one of them as a possible problem.


lrb111
Senior Member
Posts in topic: 1
Posts: 1551
Joined: Sat Feb 25, 2006 9:48 pm
Location: Odessa

#4

Post by lrb111 » Thu Jul 20, 2006 7:55 am

Do you have static Ips in your computers and routers? Or are you using DHCP?

Lately i have found 3 or 4 instances where an out of date, or no longer used version of Symantic/Norton AV firewall is causing similar symptoms.
http://www.majorgeeks.com has the Norton removal tool under their Antivirus heading..
Ø resist

Take away the second first, and the first is gone in a second.

NRA Life Member, TSRA, chl instructor


Piney
Senior Member
Posts in topic: 1
Posts: 535
Joined: Mon Nov 14, 2005 8:42 am

#5

Post by Piney » Thu Jul 20, 2006 8:34 am

Greetings--

1) Same question-- why 2 routers ? Is the #2 (inside) router doing somthing special on your LAN in the house or is it just a connection point for the bedoom-based computers ?

2) Many ISP's are blocking NetBIOS ports-- some may be willing to unblock them if you purchase a static IP for your edge router. Dont know about Verizon.

3) Curious-- why are you trying to mount drives from outside the house ? FOr your own use or others' use ?


kw5kw
Senior Member
Posts in topic: 4
Posts: 837
Joined: Thu Jun 01, 2006 12:18 pm
Location: Fort Worth, Texas

Re: okay.. this is for all the networking guru's

#6

Post by kw5kw » Thu Jul 20, 2006 8:53 am

evil_smurf wrote:The story:

I have 2 routers in my house. Everybody knows that 2 routers in a house don't exactly like to play nicely together, especially if they are of different brands. The one in my bedroom is a netgear, the one in the living room is a linksys. I have a DSL connection from verizon. It is plugged into the router in the living room.

A drawing to make it easier (trust me you might need it, because this could get pretty complicated):

[DSL Modem] ---> [Linksys] ----> [Netgear] ----> [Computers in my bedroom]
You only need one router... get rid of the netgear router and get a simple switch to do this job

The Netgear router is set as the DMZ host for the Linksys router to bypass any NAT problems. I have 2 computers in my bedroom. One is a windows 2003 server that I run several services on, such as FTP, SMB, IIS, etc.

The windows 2003 server is set as the DMZ host on the Netgear router to bypass any NAT problems as well.
Your DMZ host points to the WWW not to your LAN, therefore you have your DMZ host on the WRONG component, but you don't need two routers as said earlier
Here is my problem"

here do this:
your network for your internal working class C network should be set to either DHCP or a 10.x.x.y where x is any number between 1 and 254 and y is any number between 1 and 254 with no two being the same. the 10. x.x must be the same. such as 10.94.36.y where every machine has say 10.94.36 then .100 the next machine would be 10.94.36.101 the next machine would be 10.94.36.102 etc.

your subnet mask on each and every machine has to be 255.255.255.0
no options there!

you will make the router one IP
each machine will be one IP.

Then you set your DMZ for the one machine you wish to have unrestricted access to the internet with no firewall.

your DNS can be one of many, I use 151.164.1.7 and 151.164.1.8. there is also 2.2.2.2 and a whole bunch more more. It is best to get one that is close to your local (speed to and from for initinal networking ... what this does is to translate an english name such as yahoo.com to an ip address 66.94.234.131... (I got this from a simple ping of yahoo.com so it's no secret.) The fewer hops that you have in this initinal step the quicker your internet will perform.

you will find this will fix the rest of your problems.

Russell STringfield
System Administrator
LSC INC.
Burleson, Tx 76028
817-295-1102 x 265



I cannot mount any network shares outside of my subnet. So say, for example, if I connect to my neighbors wireless router, I cannot mount any of my network drives running on the windows 2003 server. But if I reconnect to my own router, I can just fine.

I have completely disabled the server's firewall to make sure that wasn't the problem, and it wasn't.

Now here's the real kicker:

Any of the other services, such as FTP, I can connect to from the outside world just fine. Everything works but SMB. The error returned from the command prompt is "The network path was not found", which is the same generic error given if pretty much anything goes wrong with connecting to the ports.

Now one thing that I have never been able to solve, is that I can connect to computers connected to the linksys router just fine from my bedroom on a computer connected to the netgear router, but if I am on a computer in the living room connected to the linksys router I cannot connect to any computer in my bedroom that is connected to the netgear router.

In order to rule out that it wasn't just a netgear to linksys translation problem with the network shares, I plugged the windows 2003 server directly into the linksys router, and set that IP address as the DMZ host, yet I still could not connect to any network shares from the outside world. I double and triple checked that the windows firewall was disabled and it was.

This only leads me to believe that verizon is blocking the SMB ports, which I have never heard of before.

Any thoughts? :razz:
Russ
kw5kw

Retired DPS Communications Operator PCO III January 2014.

User avatar

Crossfire
Moderator
Posts in topic: 3
Posts: 5379
Joined: Sun Jan 08, 2006 10:27 am
Location: DFW
Contact:

#7

Post by Crossfire » Thu Jul 20, 2006 9:08 am

Russell,

You are too kind. I would have had to charge a consulting fee for that kind of answer!


cyphur
Senior Member
Posts in topic: 4
Posts: 1334
Joined: Fri Jun 23, 2006 10:02 am
Location: DFW, Tx

#8

Post by cyphur » Thu Jul 20, 2006 9:32 am

Great answer Russel!

Why do you have the second router anyway?


Topic author
Russell
Senior Member
Posts in topic: 6
Posts: 2877
Joined: Sat May 20, 2006 12:46 pm

#9

Post by Russell » Thu Jul 20, 2006 1:32 pm

Wow, I had this big long post typed up then opened remote desktop to the 2k3 machine and closed this window without thinking. *sigh* *types again*


Heya guys, thanks for all the help!

The answer all of you seem to want to know is:

I got this second router off of ebay for $3.65, and it's wireless. The one in the living room is not wireless.

------
Your DMZ host points to the WWW not to your LAN, therefore you have your DMZ host on the WRONG component, but you don't need two routers as said earlier
------

I'm not sure what you mean by the wrong component? I know that the DMZ host puts whatever IP you assign it out ahead of that router's firewall. It's as if it is essentially connected directly to the router's uplink. I have the netgear router assigned as the DMZ host for the linksys router, and then the 2k3 server assigned as the DMZ host for the netgear router, so essentially it is as if the 2k3 server is plugged directly into the DSL modem.

In order to test this, like I mentioned earlier, if I FTP to my IP from the outside world, say, my neighbor's wireless internet that they have from cox internet, the prompt comes up from my 2k3 server. Every single service works wonderfully (FTPD, Remote Desktop, HTTPD) except for SMB. So the DMZ setup is working correctly.

As far as the IP assigning scheme I have going on with these two router, I have tried forcing the netgear router to assign in the same class C as the linksys in order to fix this little computer-to-computer problem, and it didn't make a difference. It was weird.

The linksys currently assigns in 192.168.1.x, while the netgear assigns in 192.168.0.x. Both are DHCP enabled of course. Both have and assign the subnet mask of 255.255.255.0.

Another weird thing that makes me think that verizon is filtering the packets is this:


Image


That is from the Shields Up! website. According to it, it can see those open ports, but I still can't even get a listing! If the ports truly were open I should be able to get a listing of the shares from my command prompt, just like I can from all of the machines inside of my LAN. Also, just to clarify, even if I am on my laptop and go to the Shields Up! website it says "Hello fileserver!" (fileserver is the hostname of my 2k3 machine), so the DMZ setup I have is working correctly.


cyphur
Senior Member
Posts in topic: 4
Posts: 1334
Joined: Fri Jun 23, 2006 10:02 am
Location: DFW, Tx

#10

Post by cyphur » Thu Jul 20, 2006 2:51 pm

Replace the linksys with the netgear, and use a switch in place of the second router. That will probably solve most of the "questions" that arise of "why won't this work".

Since you can see the netbios port, but are not getting the packets, then Verizon is probably pruning netbios in their access-lists. Not suprising since its such a vulnerable port.

Also, are you sure you have everything correctly setup on the 2k3 server? I am not questioning your skills or intelligence, only that I have seen the most adept operators screw up 2k3 in the tiniest way and spend a good bit of time hunting it down.


The possibility remains that since you are running two routers, and since most "home" routers are set to use similar default network addresses, you may be running into issues where they conflict with eachother. Cutting it down to one router and 1 switch would certainly eliminate that issue.

Creating remote access straight to the 2k3 server, instead of just putting shares up, would help avoid this as well. Just have to have a static IP on the 2k3 server - OR setup PAT on your router so that anything sent to the router's public address on port xxx is fowarded to the 2k3 server. You can assign the static IP via MAC addresses in the router's DHCP table as well to eliminate the possibility of that changing.



Sorry if that was a little scatter brained, busy day at work....


kw5kw
Senior Member
Posts in topic: 4
Posts: 837
Joined: Thu Jun 01, 2006 12:18 pm
Location: Fort Worth, Texas

#11

Post by kw5kw » Thu Jul 20, 2006 2:56 pm

evil_smurf wrote: The linksys currently assigns in 192.168.1.x, while the netgear assigns in 192.168.0.x. Both are DHCP enabled of course. Both have and assign the subnet mask of 255.255.255.0.
1) You can't have two routers acting as a DHCP server, as each will try to assign an address. They'll fight each other and nothing will be accomplished!

2) 192.168.1.x is most definately on a different class C network than 192.168.0.x. Neither machine will see the other unless you happened to have a 255.255.248.0. subnet mask which will increase your networks size to < 255 devices to > 1500 devices... another lesson entirely

While 192.168.1.x and 192.168.1.x are both class "c" networks that's the default, and actually easier for the 'outsiders' to break, I'd suggest to move to 10.x.y.z where it is harder for hackers to try to break in. (they have to guess harder at least 3 different octects. If you leave it at the factory 192.168.x.y then they don't have to do near as much work.

#1 rule The first three octects of your IP address MUST be identical to be on the same LAN in a class "C" network.

Decide which router will be THE link to the internet. The other router will just become a switch that will direct network traffic in your LAN configeration.

In a small network get away from the DHCP and go with STATIC assigned IP addresses...

I'll do it for you... (using 192.168.x.y... to change to 10.3.x.y just change the first two octets and you supply the third.)

SET ALL SUBNET MASKS AT: 255.255.255.0

Linksys 192.161.1.1
If you're going to keep the NetGear make it 192.168.1.2

Computer 1: 192.168.1.20 (This will be the computer which you wish to be the DMZ'd computer!)
computer 2: 192.168.1.21
computer 3: 192.168.1.22
and on down the line

Set your DMZ in the router that connects to the WWW to 192.168.1.20 (DO NOT CHANGE THE ROUTER'S NETWORK ADDRESS)

if you're using a printer that is networkable or a print server:
printserver 1: 192.168.1.100
printserver 2: 192.168.1.101
etc.

If you're using other IP equipment such as VOIP place them at another "section" such as 192.168.1.150; 192.168.1.151, etc.

If you're using a computer as a server... I place my servers at the 190~210 range. My print servers are at the 210~220 range my routers ( I have 7 routers in house 2 linksys;1 Caymen ; 2 Cisco; 2 Netopia's) at the 240~250 range and my 4 networked color lasers are setting at 250~254 and my Silicone Graphics Unix port switches are at .1~.10 basic users at .11~.99 my DHCP services are from .100~150 and other various IP users are between .151 and .180.

It's about time for me to subnet to a class "B" :) But that's another discussion.
Russ
kw5kw

Retired DPS Communications Operator PCO III January 2014.


kw5kw
Senior Member
Posts in topic: 4
Posts: 837
Joined: Thu Jun 01, 2006 12:18 pm
Location: Fort Worth, Texas

#12

Post by kw5kw » Thu Jul 20, 2006 3:15 pm

Oh, I have a HUGE adversion to wireless routers.

I do not trust them!

<soapbox on>
My best friend had a very secure encryption on his wireless router... 36 bit string with a random encoded string that was very secure. As good as it got at the time.

A neighbor of his spent enough time hacking... We don't know who for sure, for we never actually found out who, it was just somebody who found his router as a gateway... and got into his system. He used my best friends Internet account to trade kiddy porn. Guess who got hammered for 20 in the pen for trading kiddy porn when there was none even found on his hard drive. -- my friend, that's who. It all went back to who the IP was registered to at the time of said transactions kiddy porn trading, and that was my buddy.

Nope, no wireless internet router in my house that could allow anyone who's willing to spend the time to hack my system so they can do something illegal using my IP---------- NO WAY! (I'd loose my CHL--FOREVER!)

<soapbox off>
Russ
kw5kw

Retired DPS Communications Operator PCO III January 2014.


Topic author
Russell
Senior Member
Posts in topic: 6
Posts: 2877
Joined: Sat May 20, 2006 12:46 pm

#13

Post by Russell » Thu Jul 20, 2006 3:55 pm

Well, the linksys as far as I can tell is not attempting to assign any IP to any of my computers linked to the netgear. I attempted to turn off DHCP on the netgear to see if the linksys would just assign the IP's to the computers connect to the netgear router and it didn't, so I was a little lost there.

I remember seeing on a newer style linksys wireless router you can just select on it for it to act like a wireless hub/switch, but I didn't see any options on the netgear for that.

I understand that 192.168.0.x is on a different class C network, but when I attempted to have netgear assign for example 192.168.1.1 to .99, and linksys assign from .100 to .254, didn't make a difference, the comps in the living room still couldnt connect to any comps in my bedroom.

I understand that just moving the wireless router into the living room, and getting rid of the linksys router and just having a switch in my bedroom would be easier, but it's also money :P

It's not that big of a deal, I can always just move the files I want to access from my gf's house to the FTP directory if needed, it was just a project I wanted to attempt.

Honestly, from what it seems like, verizon is just filtering SMB.


Oh well!

BTW, I hadn't even though of the legal ramafications of having the wireless router enabled. Time to turn the access point off until I actually have to use it :P


kw5kw
Senior Member
Posts in topic: 4
Posts: 837
Joined: Thu Jun 01, 2006 12:18 pm
Location: Fort Worth, Texas

#14

Post by kw5kw » Thu Jul 20, 2006 4:17 pm

evil_smurf wrote:
I understand that 192.168.0.x is on a different class C network, but when I attempted to have netgear assign for example 192.168.1.1 to .99, and linksys assign from .100 to .254, didn't make a difference, the comps in the living room still couldnt connect to any comps in my bedroom.

This is one reason it ain't workin'. You simply can't have two things serving IP addresses on the same LAN! It' just don't work! Been there dun that & got the T-shirt.

Only ONE DHCP server.

I accidently had two serving for a couple of days once... actually a oversight on my part... as I had to turn one DHCP server off for maintaince, so I activated a second (backup) DHCP server for temporary use. Well, I must have gotten interrupted and I forgot to turn the second one off after the maintence on the first, so I had two DHCP servers butting heads and I had people with no access. It took me 2 days of scratchin' my head to figure it out.

By accident, I had to look at the 'backup' DHCP server, and I saw that it was serving addy's as well. Turned it off and everything was fixed in a split second!
Russ
kw5kw

Retired DPS Communications Operator PCO III January 2014.


cyphur
Senior Member
Posts in topic: 4
Posts: 1334
Joined: Fri Jun 23, 2006 10:02 am
Location: DFW, Tx

#15

Post by cyphur » Thu Jul 20, 2006 4:27 pm

Ouch, 20 to life for kiddie pics? No bueno.

*offtopic*

I am not a fan of wireless, but at which point I do set it up at my place, I'd rather spend the extra few hundred bucks for Cisco wireless cards and run AES crypto over WPA - tough to crack. At which point that happens, the AP will be handing out IP addresses tied to MAC addresses via a DHCP server on my router, so if you don't match, you don't get anything.

And even if you are wiley enough to do all that, traffic will be religiously logged at the router.

So regardless, I will have met the burden of proof to protect my access from child molesters as well as guarding myself against them and their sick habits. No way I am doing hard time for them.

/offtopic

Post Reply

Return to “Technical Tips, Questions & Discussions (Computers & Internet)”