[ale] So, who do we like for a new 4 port gigabit LAN/WAN Firewall Routers these days?

Chuck Payne terrorpup at gmail.com
Tue Feb 23 21:38:24 EST 2021 

I have good luck with pfSense.  I only have Wan/Lan, but if I could find a
cheap 4 port nic card. ( Gave/Left mine at Volacity, regret ).  It's nice
does a lot. Only issue I have, is that it won't do VIP for IP's. I have to
use EOL Sonic Wall NAS3500 for.



On Tue, Feb 23, 2021 at 9:25 PM Neal Rhodes via Ale <ale at ale.org> wrote:

> So, tonight's experiment at removing port triggering and doing port
> forwarding resulted in the exact same failure from the now unsupported
> Cisco router.   Running a traceroute to "progress.com" from the admin
> page results in:
>
> progress.com: Temporary failure in name resolution
> Cannot handle "host" cmdline arg `progress.com' on position 1 (argc 3)
>
> which is interesting, as that error pops up in a lot of unix/linux
> versions.  Is the RV180vpn linux inside?
>
> I've pretty well had it with Cisco, and this router.
>
> WHO do we like for a well supported reliable gigabit firewall router
> with 1 WAN, 4-6 LAN ports, no WIFI needed?
>
> Netgear seems to offer support for 90 days?  Does anyone actually stand
> behind their products?
>
> Of course, I cannot rule out some garbling between the Cisco and the
> Comcast, although my memory is that our linux server directly on the
> Comcast LAN port has no DNS problems.
>
> regards,
>
> Neal
>
>
>
> On 2021-02-22 21:12, neal at mnopltd.com wrote:
> > Ok, replacement Cisco RV180VPN arrives from Ebay today.
> >
> > Flash with latest firmware, load the config, and put it in.
> >
> > aaaaaaaaaaaand, 20 minutes after starting the Jamulus client, it fails
> > the same way.
> >
> > So, the only thing interesting/unique about a Jamulus client on the
> > LAN side is that it is sending data on UDP port 22124.  So, there is a
> > Port Triggering rule on the Cisco.  Which means it is supposed to keep
> > track of who opens this port outbound so it can match responses up
> > when they come back?
> >
> > IS IT POSSIBLE that Cisco failed to test this thoroughly?  And with a
> > client beavering away sending constant compressed audio it overruns
> > its internal data? Since this product is recently at End-of-Life we
> > cannot ask Cisco.
> >
> > Now, practically, there is only ONE client on the LAN side which is
> > sending data on UDP port 22124: the one Jamulus PI box.  (remember? I
> > said linux/raspian WAS involved)  Can't I logically remove the Port
> > Triggering rule, and just Port Forward all UDP 22124 to the Jamulus PI
> > box?  (which has a static DHCP address)
> >
> > regards,
> >
> > Neal
> >
> > On 2021-02-16 10:21, neal at mnopltd.com wrote:
> >> Subsequent failure last night looks like the Cisco Router crapped in
> >> its own nest.
> >>
> >> From the router itself:
> >>
> >> traceroute to 75.75.76.76 (75.75.76.76), 10 hops max, 40 byte packets
> >>  1  * * *
> >>  2  * * *
> >>  3  * * *
> >>  4  * * *
> >>  5  * * *
> >>  6  * * *
> >>  7  * * *
> >>  8  * * *
> >>  9  * * *
> >> 10  * * *
> >>
> >> From a PC trying to access other DNS servers:
> >>
> >> PS C:\Users\sanctuary> nslookup - 1.1.1.1
> >> DNS request timed out.
> >>     timeout was 2 seconds.
> >> Default Server:  UnKnown
> >> Address:  1.1.1.1
> >>
> >> PS C:\Users\sanctuary> nslookup - 208.67.222.222
> >> DNS request timed out.
> >>     timeout was 2 seconds.
> >> Default Server:  UnKnown
> >> Address:  208.67.222.222
> >>
> >> Trying traceroute on cisco after reboot (jamulus was still running):
> >> progress.com: Temporary failure in name resolution
> >> Cannot handle "host" cmdline arg `progress.com' on position 1 (argc 3)
> >>
> >> 2nd reboot after shutting off Jamulus and it is ok.
> >>
> >> So it sure looks to me like the NAT code in the router is garbled
> >> under this load.
> >>
> >> Hopefully replacement router showing up today and we'll flash latest
> >> firmware.
> >>
> >>
> >> On 2021-02-14 06:16, Neal Rhodes via Ale wrote:
> >>> That's a great idea, at least for diagnosis, since I can cause this
> >>> failure any evening I want.
> >>>
> >>> I can at least force an nslookup on a PC to use those and see if it
> >>> works or not.
> >>>
> >>> One really really weird thing: I noticed three warnings in the Cisco
> >>> logs maybe-about the time of failure complaining that IPV6 was not
> >>> configured.  Which it is not.  Ever.   Did the Cisco get a wild hare
> >>> and decide to NAT all the DNS traffic through IPV6?
> >>>
> >>> Thanks and regards,
> >>>
> >>> Neal
> >>>
> >>>> Have you tried using another public DNS service instead of Comcast.
> >>>> I’ve found Comcast DNS to be extremely unreliable and I use a
> >>>> combination of OpenDNS (208.67.222.222 and 208.67.220.220) and
> >>>> Cloudfare (1.1.1.1 and 1.0.0.1).  I’ve heard others use Google or
> >>>> Comodo.   All of these are publicly available.
> >>>>
> >>>> Ray
> >>>
> >>> On 2021-02-13 21:59, Raylynn Knight wrote:
> >>>>> On Feb 13, 2021, at 2:37 PM, Neal Rhodes via Ale <ale at ale.org>
> >>>>> wrote:
> >>>>>
> >>>>> I will apologize in advance for not taking some of the advice given
> >>>>> on our church WAN/LAN regarding making 10.1.10.X see 192.168.x.x.
> >>>>>
> >>>>> The stock small business Comcast router setup is what they call
> >>>>> "virtual bridge mode", meaning no firewall, and being a hybrid
> >>>>> voice/data configuration any significant changes risks bringing the
> >>>>> whole house down.  With no support from them to get it back up.
> >>>>>
> >>>>> I have the access we need working, retaining our Ubuntu audio
> >>>>> server on the comcast side, and letting our cisco router act as
> >>>>> firewall, and I haven't brought down questions about murky security
> >>>>> issues. yet.
> >>>>>
> >>>>> BUT this has to be one for the record books... Configuration:
> >>>>>
> >>>>> Comcast Router <==> Cisco RV180vpn Router <==> 192.168.x.x: Virtual
> >>>>> Studio/Jambox
> >>>>> +Ubuntu Jack/Jamulus
> >>>>>
> >>>>> Comcast router, with Ubuntu server running Jacktrip and Jamulus.
> >>>>> Normal Comcast 10.X.X.X network.
> >>>>>
> >>>>> Cisco Router providing 192.168.x.x LAN behind it.
> >>>>>
> >>>>> Now comes the weird part... outside VS boxes can hit the Jacktrip
> >>>>> or Jamulus all day, for hours, no problem. JackTrip uses TCP port
> >>>>> 4464, and UCP 51002-62000.   Jamulus just uses UDP 22124.   Once
> >>>>> fired up, these are wailing away sending either uncompressed
> >>>>> (jacktrip) or compressed (Jamulus) audio.
> >>>>>
> >>>>> BUT, fire up the VS box on the LAN, connecting to the Jacktrip or
> >>>>> Jamulus server sitting on the Comcast box, and within 2 hours
> >>>>> NOTHING on the LAN will be able to get DNS service.   Not
> >>>>> immediately, but within 2 hours.   The Cisco box doesn't fake DNS;
> >>>>> it tells clients to hit 75.75.75.75, or 75.75.76.76, the standard
> >>>>> Comcast ports.   The DNS failure is visible both in the Cisco
> >>>>> router's Diagnostic tools, AND from a browser, AND from nslookup on
> >>>>> a PC.  The Ubuntu box outside the LAN continues to have normal DNS
> >>>>> responses.
> >>>>>
> >>>>> We can still PING external hosts we have an IP address for.    I
> >>>>> was able to ping my house router.
> >>>>>
> >>>>> This has happened three different days, and in each instance, a
> >>>>> simple reboot of the Cisco router has resolved it for days.   Until
> >>>>> Virtual Studio or Jambox is started again.   Today, being Saturday,
> >>>>> there was NO activity besides me.
> >>>>>
> >>>>> And on Sundays, we have been streaming video without incident.
> >>>>>
> >>>>> The Cisco RV180VPN is in fact not running latest firmware.  I have
> >>>>> another coming (I hope) on Ebay and will flash that with latest and
> >>>>> try it.  Beyond that,  what?   I guess we could buy a brand new
> >>>>> router with current support...
> >>>>>
> >>>>> From a local PC: nslookup
> >>>>> DNS request timed out.
> >>>>>    timeout was 2 seconds.
> >>>>> Default Server:  UnKnown
> >>>>> Address:  75.75.75.75
> >>>>>
> >>>>>> google.com
> >>>>> Server:  UnKnown
> >>>>> Address:  75.75.75.75
> >>>>>
> >>>>> DNS request timed out.
> >>>>>    timeout was 2 seconds.
> >>>>> DNS request timed out.
> >>>>>    timeout was 2 seconds.
> >>>>> DNS request timed out.
> >>>>>    timeout was 2 seconds.
> >>>>> DNS request timed out.
> >>>>>    timeout was 2 seconds.
> >>>>> *** Request to UnKnown timed-out
> >>>>>
> >>>>> I also tried nslookup - 75.75.76.76 with identical results.
> >>>>>
> >>>>> My wife suggested I should run a traceroute to the DNS server when
> >>>>> it's working, and then again when it fails.  I should listen to her
> >>>>> more often.
> >>>>>
> >>>
> >>> _______________________________________________
> >>> Ale mailing list
> >>> Ale at ale.org
> >>> https://mail.ale.org/mailman/listinfo/ale
> >>> See JOBS, ANNOUNCE and SCHOOLS lists at
> >>> http://mail.ale.org/mailman/listinfo
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>


-- 
Terror PUP a.k.a
Chuck "PUP" Payne
-----------------------------------------
Discover it! Enjoy it! Share it! openSUSE Linux.
-----------------------------------------
openSUSE -- Terrorpup
openSUSE Ambassador/openSUSE Member
skype,twiiter,identica,friendfeed -- terrorpup
freenode(irc) --terrorpup/lupinstein
Register Linux Userid: 155363

openSUSE Community Member since 2008.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20210223/f002073a/attachment.html>

More information about the Ale mailing list