Re: [gentoo-user] Re: [OT] router woes

2017-03-29 Thread Jorge Almeida 
On Wed, Mar 29, 2017 at 12:56 PM, Gregory Woodbury  wrote:
> I have a similar setup here in Frontier territory.  The ADSL circuit
> connects to their Netgeat/Westell B90
> which has wifi and 4 ethernet ports. One ethernet port connects to my
> "internal" DLink-615 which serves
> the rest of the unit.
>
> The only limiting link is the ADSL link, the rest of the place runs at
> 10/100/1000 depending on the device
> capabilities and switch limits. The DLink has a decent processor and only
> loses its mind occasionally when

I found this 
https://www.cnet.com/products/d-link-dir-615-wireless-n-router/review/

I suppose it's not the same model?! Are you sure the DLink is not a bottleneck?

> a memory leak in their implementation overwrites part of the routing tables.

Would dd-wrt or tomato be an alternative to the original firmware?

know you have detected that the TP-link is underpowered and limiting your
> speeds, so replacing that seems
> to be you best option.

I just bought the TP-Link to replace an old ASUS. Another replacement
is not an option.

Regards,

Jorge

Re: [gentoo-user] Re: [OT] router woes

2017-03-29 Thread Jorge Almeida 
On Wed, Mar 29, 2017 at 12:49 PM, Daniel Frey  wrote:
> On 03/29/2017 12:07 PM, Jorge Almeida wrote:
>> I think I need wan-to-lan. Anyway, those numbers seem too good to be
>> true. 919Mbps with a $61 TP-Link AC1200? What would explain my poor
>> results?
>>
>
> I just looked and that's not your router. The router they tested has a
> dual core 800MHz CPU. The model that you have is a single core model and
> I can't find anything after a quick google on speed. It could be a
> 600/800MHz model. The extra core with hardware offloading makes a big
> difference.
Well, that explains it. But just $61? I feel doubly ripped-off.

Thanks

Jorge

Re: [gentoo-user] Re: [OT] router woes

2017-03-29 Thread Gregory Woodbury 
I have a similar setup here in Frontier territory.  The ADSL circuit
connects to their Netgeat/Westell B90
which has wifi and 4 ethernet ports. One ethernet port connects to my
"internal" DLink-615 which serves
the rest of the unit.

The only limiting link is the ADSL link, the rest of the place runs at
10/100/1000 depending on the device
capabilities and switch limits. The DLink has a decent processor and only
loses its mind occasionally when
a memory leak in their implementation overwrites part of the routing
tables. We reboot the DLink daily to avoid
this problem.  The B90 needs a reboot on occasion when Frontier does
something to their internal gateways
that makes the B90 lose sync.

The DLink uses MAC filtering to only allow known devices to use its
services (wifi and ether.) In both the B90
and the DLink there are some virtual servers defined for bitorrent and a
few other protocols. Otherwise, both
devices NAT connections. The double NATting doesn't cause any real
problems, but XBox services detects that
they are double NATted and complain mildly but work anyway. DNS works fine,
but Frontier blocks certain inbound
ports (HTTP/S, SMTP, etc.) so most servers are out of the question.

I know you have detected that the TP-link is underpowered and limiting your
speeds, so replacing that seems
to be you best option.

I'm having ATT FTTH put in early next month and I'm going to opt for SMTP
capability (at an extra charge) but still
no HTTP servers are allowed for consumer/residential connections

-- 
G.Wolfe Woodbury
redwo...@gmail.com

Re: [gentoo-user] Re: [OT] router woes

2017-03-29 Thread Daniel Frey 
On 03/29/2017 12:07 PM, Jorge Almeida wrote:
> I think I need wan-to-lan. Anyway, those numbers seem too good to be
> true. 919Mbps with a $61 TP-Link AC1200? What would explain my poor
> results?
> 

I just looked and that's not your router. The router they tested has a
dual core 800MHz CPU. The model that you have is a single core model and
I can't find anything after a quick google on speed. It could be a
600/800MHz model. The extra core with hardware offloading makes a big
difference.

Dan

Re: [gentoo-user] Re: [OT] router woes

2017-03-29 Thread Jorge Almeida 
On Wed, Mar 29, 2017 at 11:28 AM, Kai Krakow  wrote:
> Am Wed, 29 Mar 2017 04:52:08 -0700
> schrieb Jorge Almeida :
>
>> On Wed, Mar 29, 2017 at 12:45 AM, Neil Bothwick 
>> wrote:
>> > On Tue, 28 Mar 2017 22:52:25 -0700, Jorge Almeida wrote:
>> >
>>
>> >
> >
>> >
>> The ISP provided router is officially managed (whatever this means) by
>> them. As to privacy, I know a packet is visible once it leaves the
>> router via Wan port. What I worry a bit is about the possibility of
>> foul play towards the home network. The computers are firewalled via
>> iptables, but accept connections from 192.168 What prevents a
>> hacked router of impersonating a local origin?
>
> Block packets originating from the router MAC address and that don't
> belong to a known connection. Then deploy a managed switch that can do
> MAC address filtering so it allows only the one MAC address on the
> router port. This should be safe enough. It would be difficult to get
> around such a setup. To be even more safe, use VLAN and exclude all
> your computers from the management port.
>
> This, however, doesn't prevent tampering with packets on their way
> through the router. You could use VPN and place the tunnel endpoints
> only on trusted routers. That way, your ISP only relays VPN traffic,
> and ensures the transfer networks below are only used for VPN and your
> machines accept nothing else.
>
> --
Assuming that the router speed issue has no solution, I think I'll
adopt a different setup: All computers (just 3) with 2 network cards;
one card connected to the ISP router, rejecting all incoming packets
that are not part of an established connection; the other card
connected to one of my routers, accepting  local connections
(different subnet from the one associated with the ISP router;
computers with static IPs, for good measure); This secondary router
has the Wan port disconnected (is this the same as a switch?). This
should allow the home computers to communicate with each other without
any outside interference. Am I missing something?

Regards

Jorge

Re: [gentoo-user] Re: [OT] router woes

2017-03-29 Thread Jorge Almeida 
On Wed, Mar 29, 2017 at 11:16 AM, Kai Krakow  wrote:
> Am Tue, 28 Mar 2017 21:19:29 +0100
> schrieb Jorge Almeida :
>

>
> I'm using a 400 MBps cable link here, directly connected, I can get 48
> MBytes/s out of it (which should be very close if not even little above
> 400 MBps), even when using the TP-Link as switch. If I use bridge mode
> and use TP-Link as router, it stop roughly around 300 MBps. My previous
> router even stopped at 30 MBps. It's a CPU issue. The internal CPU
> needs to do layer 3 routing. Layer 2 routing (switching) can be done by
> hardware. Login to your router and see how the CPU is loaded. Use top.
> If you still loaded it with its original hardware, you cannot do this,
> tho. Try OpenWRT (that is what I used).

You mean, check the % of cpu usage? It must be at about 100%, right?


>
> I think there's a database which contains throughput test results with
> different router hardware and different firmware. However, with a quick
> google search, I cannot find it. You may have more luck.
>
> [some moments later]
>
> I think it's here:
> https://www.smallnetbuilder.com/tools/charts/router/bar/180-lan-to-wan-tcp/31
>

I think I need wan-to-lan. Anyway, those numbers seem too good to be
true. 919Mbps with a $61 TP-Link AC1200? What would explain my poor
results?

Jorge