Gaffer (Josh),
My apologies. I somehow forgot that my traffic (queries) go to many
places around our globe. It was not until our 1st exchange that I
realized that you were sharing from a UK TELCO system I do not have.
Once I figured this out (too late!), I did fail to step back in and toss
some water on an increasing "camp fire." Sorry.
Yes, here in the USA, all xdsl is done via a TELCO supplied MODEM.
AND, it is always (in my experience!) pre-loaded w/firmware to BE my
Gateway/Router (Firewall/DNS/DHCP/WINS/XYZ?). Like One MODEM=One PC
attached to the TELCO line. Legally (?) USA TELCOS have spent much
energy trying to preserve this corporate TOS policy.
Since joining the LIST, I have learned that I can re-admin these MODEMS
and make them essentially DUMB DEMOD devices. Essentially, transfer the
above 'services' to a device I buy and choose to use for my home/private
LAN.
If my TELCO suspects that I MIGHT have more that ONE PC attached to
THEIR MODEM, they can query, and/or, deny me service. I accept this; as
I have since 1996. Shortly I will leave xDSL. This whole topic will then
become academic.
No harm, no foul! Now that I fully understand your UK perspective, your
points provide some things to think more about.
My primary firewall lives at my Router. I chose my Router for the
on-board SPI. My previous Router did not offer SPI; it was NAT only.
Yes. I do use the internal client WinXP firewalls also.
I thought I had a strong set of Router Inbound Rules set/allowed.
Perhaps not. I will look deeper into this. (though, I admit, it does
often put me to sleep!!)
Perhaps my Router is no longer up to the task. Stuff happens, because
time marches on.
I have a new Router delivered and under investigation ATM!
Best,
Duncan
On 06/30/2010 15:22, Gaffer wrote:
Hi Josh, Duncan,
On Wednesday 30 June 2010 08:03:57 J MacCraw wrote:
Should I re-write the paragraph verbatim? What clarification do you
need?
You were talking about the ROUTER in bridge mode missing Duncan's
query about the MODEM in bridge mode, that was the thrust of my
response.
Right I see the confusion.
The only DSL modem that I know of that has internal configuration
settings enabling it to be set into bridge mode, is actually a single
port router. And yes I agree can do NAT.
Here in the UK its very rare to see a straight modem. Virtually all the
DSL boxes over here are usually four port routers, with or without
wireless. I often set these to bridge mode when they are feeding a
firewall appliance, which is not very common in a domestic environment.
So apologies to Duncan if I've confused the issue. I hadn't realised
that you were talking about two separate items of kit.
Clearly he was asking from the standpoint of the modem, as
would anyone talking DSL with half a clue as he very well seems to on
this matter. I respect that Duncan comes [H] for answers I like to be
sure he gets a clear, concise answers.
In that case wouldn't it have been incumbent on you to have stepped in
sooner to make clarification !
Quotes:
If you are using your router in bridge mode then it is not doing
NAT or firewalling. Just because Wins has what it calls a firewall
has nothing to do with NAT.
and
You can't have it both ways ! If you have the router firewall
switched on and NAT switched on its not in "Bridge Mode"'
On 6/29/2010 12:14 PM, Gaffer wrote:
Hi Josh,
On Tuesday 29 June 2010 08:00:18 Josh MacCraw wrote:
Uh Gaffer needs to read& process the info better! The only
"bridge mode" here is on the *DSL MODEM* which is where the
*ROUTER* sends the PPOE credentials (if even needed) instead of
the modem resulting in a live IP on the router's WAN port instead
of being double NAT'd.
Would you care to clarify your comments.
On 6/28/2010 3:47 PM, Gaffer wrote:
Hi Duncan,
On Monday 28 June 2010 21:50:10 DSinc wrote:
Gaffer,
My replies are inline............
TNX, anyway.
On 06/28/2010 15:45, Gaffer wrote:
On Monday 28 June 2010 18:54:39 DSinc wrote:
I still use xDSL. Soon I will move to FIOS. Well, as I get
smarter and answer my ?many? questions (another thread in
play!)
I am beginning (again) to have trouble with my xDSL
connection. I suspect someone local (or ?) keeps camping out
on my assigned IP addy from my ISP so that they can just dick
with my xDSL modem or my Router.
I know I have my xDSL modem set to a "bridge" mode. I suspect
this makes it a straight wire connection to my Router's WAN
port.
I would never use "Bridge Mode" unless I was feeding a box that
was specifically setup to be a firewall, something like "IP
Cop".
Should I NOT use "bridge mode" in my TELCO-supplied modem I
would be Double Nat-ng and have 2 firewalls.
If you are using your router in bridge mode then it is not doing
NAT or firewalling. Just because Wins has what it calls a
firewall has nothing to do with NAT.
I view this as excess overhead.
Perhaps my bad.
My router does both NAT and supports its' own firewall and SPI.
Both of these selections have been activated since day one!
You can't have it both ways ! If you have the router firewall
switched on and NAT switched on its not in "Bridge Mode"
I think I have my Router as |strong| as I currently comprehend
its' directions.
Your router is not being used as anything but a modem. Its
most valuable assets are being thrown away by it being
configured as it is.
Can you please share some more logic to this? I believe that my
Router is my single point of 1st protection to Inbound stuff.
Or, perhaps you and I are "wired" differently. This comment I do
not understand.
I doubt that we are "wired" differently. :-)
But you are right, the router should be the 1st point of
protection. If you really have "Bridge Mode" turned on, then its
simply a modem without offering any protection. All "Bridge
Mode" does is pass on the IP address that the ISP assigns to your
connection.
Turns out, I have to save Router logs and reboot the Router
about every 3-7 days to recover a semi-firm connection. The
Router is a DLink DGL-4300. All wireless is disabled. I use
wired LAN only.
I use a Dlink router. I have mine set to firewall and NAT.
The firewall blocks all unrequested incoming traffic and lets
everything out. NAT allows me to use a range of IP addresses
that are not Internet routeable effectively allowing the use of
several machines from the single IP that my ISP assigns me.
Which incidentally changes each time I restart the router.
OK. Understand this logic. Same-same. That's how life is here
too. The problem is I have to re-boot the Router several times a
day!
This is a totally different issue !
This could simply be a noisy incoming line providing a weak noisy
signal. In fact a weak noisy signal to the router could be
anywhere between the CO and the router.
Or it could be that the router is dieing. I've replaced my
router several times because its performance has become degraded,
probably due to high voltage transients on the telephone line
feeding it. I've also had the spark gaps replaced because they
have been damaged during thunder storms.
My router is directly connected to the incoming line. There is no
separate modem. Its built into the router.
Is this possible? Do not know why someone local chooses to
pick on me? I will suppose giggles and laughs for the present!
This is the same view to me as past electrical storm
interference I had with an older (retired) xdsl modem.
The more I read your post, the more I'm inclined to think that
the router could be suspect and the electrical storm interference
you refer to could be the reason.
In light of the above clarification, read "modem" instead of "router" in
the above paragraph.
Its quite possible that you have a tracking beacon installed on
your machine that reports your machines presence on the
Internet. In all probability you wouldn't know if you had.
Please share more about "tracking beacon's?" I will go do a
search/destroy on them as necessary. I have yet to find one/any
yet!
OK ! how about the ones that you installed as part of installing
the driver for a piece of hardware...
Yes, I do NOT KNOW that I might already have an internal
"baddie" in play; other than every scanner I have used comes
up negative.
What makes you think a scanner will find and report every
"baddie" that you might have on your machine.
Oh, I do not. I use what I use. I then use what is suggested to
me by my betters. And, most of the time, I do find a hint from
this List! I have both patience and trust in this List. This
anomaly is just another matter of time at best. At worst, I do
so hope the miscreant will eventually burn in hell!
Thought? Suggestions? Ideas?
Best,
Duncan
Wireshark is good...
