Re: [gentoo-user] Re: [OT] router woes
On Wed, Mar 29, 2017 at 12:56 PM, Gregory Woodbury wrote: > I have a similar setup here in Frontier territory. The ADSL circuit > connects to their Netgeat/Westell B90 > which has wifi and 4 ethernet ports. One ethernet port connects to my > "internal" DLink-615 which serves > the rest of the unit. > > The only limiting link is the ADSL link, the rest of the place runs at > 10/100/1000 depending on the device > capabilities and switch limits. The DLink has a decent processor and only > loses its mind occasionally when I found this https://www.cnet.com/products/d-link-dir-615-wireless-n-router/review/ I suppose it's not the same model?! Are you sure the DLink is not a bottleneck? > a memory leak in their implementation overwrites part of the routing tables. Would dd-wrt or tomato be an alternative to the original firmware? know you have detected that the TP-link is underpowered and limiting your > speeds, so replacing that seems > to be you best option. I just bought the TP-Link to replace an old ASUS. Another replacement is not an option. Regards, Jorge
Re: [gentoo-user] Re: [OT] router woes
On Wed, Mar 29, 2017 at 12:49 PM, Daniel Frey wrote: > On 03/29/2017 12:07 PM, Jorge Almeida wrote: >> I think I need wan-to-lan. Anyway, those numbers seem too good to be >> true. 919Mbps with a $61 TP-Link AC1200? What would explain my poor >> results? >> > > I just looked and that's not your router. The router they tested has a > dual core 800MHz CPU. The model that you have is a single core model and > I can't find anything after a quick google on speed. It could be a > 600/800MHz model. The extra core with hardware offloading makes a big > difference. Well, that explains it. But just $61? I feel doubly ripped-off. Thanks Jorge
Re: [gentoo-user] Re: [OT] router woes
I have a similar setup here in Frontier territory. The ADSL circuit connects to their Netgeat/Westell B90 which has wifi and 4 ethernet ports. One ethernet port connects to my "internal" DLink-615 which serves the rest of the unit. The only limiting link is the ADSL link, the rest of the place runs at 10/100/1000 depending on the device capabilities and switch limits. The DLink has a decent processor and only loses its mind occasionally when a memory leak in their implementation overwrites part of the routing tables. We reboot the DLink daily to avoid this problem. The B90 needs a reboot on occasion when Frontier does something to their internal gateways that makes the B90 lose sync. The DLink uses MAC filtering to only allow known devices to use its services (wifi and ether.) In both the B90 and the DLink there are some virtual servers defined for bitorrent and a few other protocols. Otherwise, both devices NAT connections. The double NATting doesn't cause any real problems, but XBox services detects that they are double NATted and complain mildly but work anyway. DNS works fine, but Frontier blocks certain inbound ports (HTTP/S, SMTP, etc.) so most servers are out of the question. I know you have detected that the TP-link is underpowered and limiting your speeds, so replacing that seems to be you best option. I'm having ATT FTTH put in early next month and I'm going to opt for SMTP capability (at an extra charge) but still no HTTP servers are allowed for consumer/residential connections -- G.Wolfe Woodbury redwo...@gmail.com
Re: [gentoo-user] Re: [OT] router woes
On 03/29/2017 12:07 PM, Jorge Almeida wrote: > I think I need wan-to-lan. Anyway, those numbers seem too good to be > true. 919Mbps with a $61 TP-Link AC1200? What would explain my poor > results? > I just looked and that's not your router. The router they tested has a dual core 800MHz CPU. The model that you have is a single core model and I can't find anything after a quick google on speed. It could be a 600/800MHz model. The extra core with hardware offloading makes a big difference. Dan
Re: [gentoo-user] Re: [OT] router woes
On Wed, Mar 29, 2017 at 11:28 AM, Kai Krakow wrote: > Am Wed, 29 Mar 2017 04:52:08 -0700 > schrieb Jorge Almeida : > >> On Wed, Mar 29, 2017 at 12:45 AM, Neil Bothwick >> wrote: >> > On Tue, 28 Mar 2017 22:52:25 -0700, Jorge Almeida wrote: >> > >> >> > > > >> > >> The ISP provided router is officially managed (whatever this means) by >> them. As to privacy, I know a packet is visible once it leaves the >> router via Wan port. What I worry a bit is about the possibility of >> foul play towards the home network. The computers are firewalled via >> iptables, but accept connections from 192.168 What prevents a >> hacked router of impersonating a local origin? > > Block packets originating from the router MAC address and that don't > belong to a known connection. Then deploy a managed switch that can do > MAC address filtering so it allows only the one MAC address on the > router port. This should be safe enough. It would be difficult to get > around such a setup. To be even more safe, use VLAN and exclude all > your computers from the management port. > > This, however, doesn't prevent tampering with packets on their way > through the router. You could use VPN and place the tunnel endpoints > only on trusted routers. That way, your ISP only relays VPN traffic, > and ensures the transfer networks below are only used for VPN and your > machines accept nothing else. > > -- Assuming that the router speed issue has no solution, I think I'll adopt a different setup: All computers (just 3) with 2 network cards; one card connected to the ISP router, rejecting all incoming packets that are not part of an established connection; the other card connected to one of my routers, accepting local connections (different subnet from the one associated with the ISP router; computers with static IPs, for good measure); This secondary router has the Wan port disconnected (is this the same as a switch?). This should allow the home computers to communicate with each other without any outside interference. Am I missing something? Regards Jorge
Re: [gentoo-user] Re: [OT] router woes
On Wed, Mar 29, 2017 at 11:16 AM, Kai Krakow wrote: > Am Tue, 28 Mar 2017 21:19:29 +0100 > schrieb Jorge Almeida : > > > I'm using a 400 MBps cable link here, directly connected, I can get 48 > MBytes/s out of it (which should be very close if not even little above > 400 MBps), even when using the TP-Link as switch. If I use bridge mode > and use TP-Link as router, it stop roughly around 300 MBps. My previous > router even stopped at 30 MBps. It's a CPU issue. The internal CPU > needs to do layer 3 routing. Layer 2 routing (switching) can be done by > hardware. Login to your router and see how the CPU is loaded. Use top. > If you still loaded it with its original hardware, you cannot do this, > tho. Try OpenWRT (that is what I used). You mean, check the % of cpu usage? It must be at about 100%, right? > > I think there's a database which contains throughput test results with > different router hardware and different firmware. However, with a quick > google search, I cannot find it. You may have more luck. > > [some moments later] > > I think it's here: > https://www.smallnetbuilder.com/tools/charts/router/bar/180-lan-to-wan-tcp/31 > I think I need wan-to-lan. Anyway, those numbers seem too good to be true. 919Mbps with a $61 TP-Link AC1200? What would explain my poor results? Jorge
[gentoo-user] Re: [OT] router woes
Am Wed, 29 Mar 2017 04:52:08 -0700 schrieb Jorge Almeida : > On Wed, Mar 29, 2017 at 12:45 AM, Neil Bothwick > wrote: > > On Tue, 28 Mar 2017 22:52:25 -0700, Jorge Almeida wrote: > > > > > > > It's more a privacy issue that security for me. I have a similar > > setup with a virgin cable router, which I set to what they call > > modem mode, where only one of the ports works and connects to my > > router. The one time I ran tech support they were able to see that > > I was using it this way and even reset the modem for me. I suppose > > it makes life easier for them and their typical customers, but it > > was a little unnerving. > > > > > The ISP provided router is officially managed (whatever this means) by > them. As to privacy, I know a packet is visible once it leaves the > router via Wan port. What I worry a bit is about the possibility of > foul play towards the home network. The computers are firewalled via > iptables, but accept connections from 192.168 What prevents a > hacked router of impersonating a local origin? Block packets originating from the router MAC address and that don't belong to a known connection. Then deploy a managed switch that can do MAC address filtering so it allows only the one MAC address on the router port. This should be safe enough. It would be difficult to get around such a setup. To be even more safe, use VLAN and exclude all your computers from the management port. This, however, doesn't prevent tampering with packets on their way through the router. You could use VPN and place the tunnel endpoints only on trusted routers. That way, your ISP only relays VPN traffic, and ensures the transfer networks below are only used for VPN and your machines accept nothing else. -- Regards, Kai Replies to list-only preferred.
[gentoo-user] Re: [OT] router woes
Am Tue, 28 Mar 2017 21:19:29 +0100 schrieb Jorge Almeida : > I have net by cable with nominal speed 200Mbps. The ISP provides a > modem/router Netgear (from Numericable). I disabled the WiFi and I > have 2 computers connected via ethernet to the router. The speed is > about 156Mbps (measured by http://www.speedtest.net), which seems to > be what to expect. > > Now, having a device provided by the ISP to act as router seems to be > good for people who trust both the ISP and the manufacturer. (Please > comment if I'm being too paranoid.) > > So, I setup the router to work in bridge mode and connected one of the > 4 lan ports to the Wan port of a secondary router TP-link (Archer > C1200, Wireless dual band gigabit). It is supposed to comply with > 802.11b/g/n 2.4GHz and 802.11a/n/ac 5GHz. Not that this matters per > se, as I disabled the WiFi. > > The point is: I connected the computers to the lan ports of my > secondary router (with original firmware, but I intended to install > ddwrt), and the setup works, except that the speed never reaches > 100Mbps. > > Which part is to blame? The secondary router boasts 1300Mbps on 5GHz > WiFi, so I assumed it could deal with 150Mbps on cat5e ethernet cable. > The power consumption is about 4.5w, which seems a bit flimsy. > Or maybe the primary router is thottling speed when in bridge mode? Is > this possible at all? (And if so, what could be the purpose of such > measure? *spooky*) > > Someone has a similar setup? Any experience with that (TP-link) > router? I'm using a 400 MBps cable link here, directly connected, I can get 48 MBytes/s out of it (which should be very close if not even little above 400 MBps), even when using the TP-Link as switch. If I use bridge mode and use TP-Link as router, it stop roughly around 300 MBps. My previous router even stopped at 30 MBps. It's a CPU issue. The internal CPU needs to do layer 3 routing. Layer 2 routing (switching) can be done by hardware. Login to your router and see how the CPU is loaded. Use top. If you still loaded it with its original hardware, you cannot do this, tho. Try OpenWRT (that is what I used). I think there's a database which contains throughput test results with different router hardware and different firmware. However, with a quick google search, I cannot find it. You may have more luck. [some moments later] I think it's here: https://www.smallnetbuilder.com/tools/charts/router/bar/180-lan-to-wan-tcp/31 -- Regards, Kai Replies to list-only preferred.