Since upgrading my Qwest ADSL to a higher speed, I have noticed that my old Cisco 678 router was getting pretty outdated by today’s standards. Qwest primarily uses ActionTec modems which are pretty basic and a bit unreliable, depending on whether you believe the complaints on DSLReports.com. They recently upgraded the firmware on the 701 ActionTec modems and are now offering a more user-friendly 2Wire gateway modem, but I already have a couple of wireless routers at home and with Intel pushing a new wireless standard, it is just a matter of time before a wireless router will be outdated. The undeniable solution is to get a reliable standard ADSL modem and hook it up to whatever wireless router you want. In this case the least inexpensive reliable ADSL modem that I can find was Netopia’s 2240N-VGx ADSL2 modem.
Netopia makes a variety of 2200 series products. These are an inexpensive line of ADSL2 compliant routers that are meant for home consumers versus their higher end business series. The 2240N is the least expensive and is available online for about $67. The 2241N adds a USB connection, and the 2246N is a basic 4 port ethernet router. There is also the 2247NWG which includes wireless features.
Purchasing the 2240N or 2241N can be quite hard, since almost every online distributor has them out of stock. Even eBay doesn’t have much in the way of Netopia 2200 series products. I had to wait about about ten days for my 2240N to be delivered. In case you are interested in purchasing either one of these single ethernet port modems, your best bet is Froogle. Do a search for Netopia 2240N or 2241N on Froogle.com. The two major retailers are Buy.com and TechDepot.com.
The 2240N Out Of The Box
Once I opened the rather plain white box what I found inside was pretty sparse. There was the 2240N modem itself, a standard AC brick powersupply, a purple telephone cable, and a yellow ethernet cable. There is a one page sheet of instructions for setting up the “gateway”, and a setup CD that most advanced users will not need.
For setup purposes, I disconnected my Powerbook from the network. Hooked up the 2240N directly to the Powerbook. I had to change Networking to DHCP and let the Powerbook get a new IP address. Following the included instructions, I then simply used Safari to access the web based interface. The Basic Setup option failed to setup my Qwest DSL connection of course.
Two things were needed for the DSL line to work. The first one is easy, once you find the advanced options, you need to change the ATM connection to Qwest’s preferred settings. Look for VPI and VCI settings. VPI needs to equal 0, and VCI should be set to 32. In my case the last thing to do was to call my 3rd party ISP. It seems that my ISP requires that the DSL line be rebuilt or essentially, reset by them in order for new equipment to be recognized. Perhaps a simple MAC Address change would have fixed it on my end, but since my ISP reset it for me in less than two minutes, I was connected and running.
I then hooked up my Linksys Wireless router to the 2240N and hooked my Powerbook back to the Linksys, changed my Network settings in Mac OS X and I was back to normal.
Cisco 678 Versus Netopia 2240N
The 2240N is actually smaller than the Cisco 678. It has bigger LEDs and while the silver case looks cooler than the charcoal 678, the 2240N still manages to look plainer for some reason. Performance wise, the 2240N does train and reset faster than the 678. Download speed does not seem have changed. Browser tests on DSLReports show no improvement, but what does appear to be different is burst speed. While downloading a large image or flash laden web page, the browser seems to get more data at once, so perhaps multiple connections are scaling better. If there is to be a significant speed improvement it will have to be from Qwest, since the 2240N is ADSL2 compliant, it should be ready for Qwest if and when they bring ADSL2 to my area.
Most routers tend to lock up in general when maxing out connections and while I’ve had the 2240N for about a week now, it has only locked up on me once. There is an actual On/Off switch, so I can simply flip the switch and the router is back to normal.
Netopia’s Web Interface
It appears that all Netopia routers have the same operating system, and so they all share the same blue and white web interface. Although Netopia tries to hide the complexity of their advanced screens behind a simple home screen layout, most users will want to access the advanced options. Netopia features two firewalls, a simple ClearSailing firewall that is enabled by default, and a more tighter firewall that locks everything out from the outside. There is both a Services option that makes it easier for average home users to allow RDP and PCAnywhere type connections, and an advanced Pinholes option to select specific ports and ranges. These features would come in handy on the 2246N and 2247N routers, but for hooking up to another router like a Linksys or Netgear, these features are less used. Although you can have a double-NAT network, gamers will probably want to avoid some of the extra security of the Netopia router if they are using a second router.
Netopia features telnet as well, so if you rather telnet into the 2240N, you can.
One thing that you will notice about modern routers, even cosumer based ones is that they now have advanced features that are disabled by default. Netopia will upgrade your router with new features for an extra fee. In some cases, $35 gets you a business class firewall. For the 2240N this is a bit over the top, but for the 2246N or 2247N, the pay-for-features might be more intriguing. Qwest’s new 2Wire modem can be upgraded with a site blocker for a monthly fee, so extra premium features are now becoming the norm.
At barely $70 the Netopia 2240N-VGx is an excellent buy. If you have a wireless router or a nice GigaEthernet switch already for your local home network, this single port ADSL2 modem is a great solution. You get more features and solid reliability that beats the equivalent ActionTec modem. However if you want to explore a single router solution, then the 2247NWG compares well with the new Qwest 2Wire gateway router. The 2Wire model is more user friendly, but the Netopia product has a more powerful interface and telnet capabilities.
Recently I had to help a friend get his RDP working on his home computer. He has Qwest DSL and just one computer connected directly to an Actiontec 54 Mbps Wireless DSL modem. For some reason these modems have a confusing interface. To get the port forwarding to work, you need to setup your PC with a static IP address first and then configure the Actiontec to forward to this internal IP address.
In the Actiontec web interface, go through the Advanced Setup and then when you get to the Port Forwarding screen, click Advanced in the lower right corner. The screen that comes up will say Advanced Port Forwarding. On this screen, at the top section add your ports and your internal IP address and then click Add. This will keep the setting and you will have restart the modem. This is the only way I got the modem to keep the settings.
If you still have problems after this and you have confirmed that the Actiontec retained your port forwarding settings, check your computer to make sure that you do not have a software firewall blocking the ports.
You might also look at troubleshooting ports on DSL and DSL router forwarding ports problem for more tips.
Every now and then I run into a situation where I need to clear my DNS cache. This is sometimes needed when there are negative DNS values, meaning incorrect IP addresses on my computer for certain internet sites that I want to connect to. You can use the following commands to flush DNS and see if this allows you to reach the site.
Mac OS X:
For OS X, Lookupd takes care of cached DNS entries. You will need to open a Terminal session and type the following command:
On Mac OS X 10.5 Leopard, you no longer have the lookupd command. Use the dscacheutil command instead:
For Windows, the IPConfig utility serves as an easy way to view TCP/IP settings and as a utility to flush DNS. You will need to open up a prompt and type the following command:
Windows2000 & XP save negative DNS entries by default, so you might want to try disabling negative DNS caching to get a more responsive internet connection.
Microsoft has some notes on DNS settings in Windows too that you can reference.
If you read my previous post on Troubleshooting Ports on DSL, then perhaps you will get the whole idea on how to forward ports, but as I discovered, powering off your routers may cause packet loss afterwards.
In a typical DSL setup your main DSL modem provide DHCP services, and although there is only one physical ethernet port that it connects to, unless you specifically setup the DSL modem to forward all traffic to your LAN router, chances are a reset could send packets to another ip address and all of a sudden your packets get lost going to a different ip.
To work around this, you either have to be careful about how you reset your routers or force the DSL modem to route everything to one IP address, therefore losing some of the firewall protection that the DSL modem is providing.
Here is a proper way to reset your home network and routers.
1. Turn off everything. This includes computers, routers, DSL modem.
2. Power on the DSL Modem first. Wait a few minutes until the LAN and WAN lights turn solid, usually green.
3. Power on your home router, the Linksys, Netgear, D-Link, or whatever brand you have.
4. After a couple of minutes, turn on the computers and other devices on your network.
5. Verify the NAT on the DSL modem is still setup properly and that the home router is connecting to the DSL modem with the correct IP address.
For the Cisco 678 ADSL modem, telnet into it and type:
The last lines that come up will show the last packets that were sent and what local ip they were sent to. It should be 10.0.0.2 for the 678, unless you changed it.
Recently I decided to upgrade my DSL broadband connection from Qwest. The upgrade would give me twice the download bandwidth of before and so I thought it was a great idea. However, I started having a lot of problems soon after the connection was upgraded. Most annoying were the web browser issues, where certain sites would come up as being unreachable or timing out due to no response. Most of the time I would just hit refresh and the web site would come up. The DSL connection feeds a small LAN network and so it was not just one computer, but all of them that were having this problem.
This problem is really the result of packet loss or DNS reponse, or as many techs call it DNS timeouts. On a slower connection, you might never experience this issue, but as your connection increases in speed, lag times from certain servers does become more apparant, and you can not assume that because your internet connection just quadrupled in speed, that the servers that you are communicating with will suddenly give your requests more responsive attention. It just does not work that way.
My LAN runs a Window2003 Server with DNS, so I started with this first. All the other computers point to Windows Server as their primary DNS Server. After making sure that DNS was running properly on the server, and that it too was having the same problem, I researched it and found this Microsoft Technote:
Some DNS Name Queries Are Unsuccessful After You Upgrade Your DNS Server to Windows Server 2003
It appears that Windows2003 supports extended DNS information, and that some routers are not letting these UDP packets through because they are larger than usual.
This issue occurs because of the Extension Mechanisms for DNS (EDNS0) functionality that is supported in Windows Server 2003 DNS.
ENDS0 permits the use of larger User Datagram Protocol (UDP) packet sizes. However, some firewall programs may not permit UDP packets that are larger than 512 bytes. As a result, these DNS packets may be blocked by the firewall.
The easy fix is of course to turn off ENDS0.
1. Install the Dnscmd.exe program from the Windows Server 2003 Support Tools. To install the Windows Support Tools, right-click Suptools.msi in the Support\Tools folder on the Windows Server 2003 CD-ROM, and then click Install. Follow the steps in the Windows Support Tools Setup Wizard to complete the installation of the Windows Support Tools.
2. At a command prompt, type the following command, and then press ENTER:
dnscmd /config /enableednsprobes 0
This did help the problem some, but did not make it go away completely, and chances are that if you just have one computer with broadband and you are having the same problem, then you need to start looking at something called the MTU setting.
DSL Reports has more detailed information on MTU settings, but the short story is that MTU is the maximum size packet you can send through your broadband connection to your ISP, without your router splitting it up. Think of it as the maximum occupancy of your connection. The most it can carry at once.
A simple test to find out what your highest MTU setting can be is to open a DOS Prompt and type:
ping -f -l 1472 www.webkeydesign.com
You can ping any server or website you want, but do not ping a site like Google, because Google has multiple servers, and you will end up pinging different ones possibly and get inaccurate results. Pick a specific IP or a site you know only has one server.
If you get the message: packet need to be fragmented, then you need to decrease the number 1472 by 1, until you no longer get that message. If you did not get that message, then you can try adding 1, until you get the highest value that does not fragment. Once you have that number, then just add 28 to that number and that is your MTU. Most setups will work with 1492.
If you are using Mac OS X, you can try using the Network Utility in the Utilities Folder, or just try the 1492 setting for starters.
Now comes the configuration part, you have to change the MTU in all your computers and in all of your routers (broadband modem and wireless router if you have a second router). Most likely your router is defaulting to 1500, so you will definitely need to change that. The MTU setting is network card specific, so you will need to make changes for each network adaptor.
Once you made the changes, the DNS Timeouts should be gone. If they are not then check with your ISP to make sure that you have the right DNS Server addresses. As a general rule with wireless routers or small home office routers, you should type in the DNS addresses into each computer, and not depend on the router for your DNS server. Most small routers have a hard time with serving as primary DNS, so it works out better to just type in the ISP DNS addresses into each computer. If you are running DNS locally with a Windows Server or Linux Server, then you usually can just use the local server as the primary DNS, and type in the ISP addresses as backups.
How To Find MAX MTU?
Last week I wanted to try out a Linux distro that interested me and found that the only way to download it for free was through bittorrent. Since the distro was going to be for my Windows PC, instead of my Powerbook, I went ahead and installed Azureus, which is a JAVA based client. Azureus uses smilies (happy face icons) to tell you if the file download is working or not, the point being is that all your downloads should show green smilie faces. However I was not getting the green smilie face. Under the Tools section, there is a Test option to test your NAT/Firewall to see if there is something wrong. If this fails, then it means you need to configure your router to let the specific port through.
For me, my home DSL connection is provided through a Cisco 678 ADSL modem, which in turn connectes to a Netgear wireless router that in turn services all the home networked machines. For some reason on Windows2003, the packets would never get through, you actually need to configure the Cisco 678 modem to pass on the packets from such and such port, in this case it passes them on to the Netgear router, and on the Netgear router you use the Port Forwarding feature to send the packets through to a specific machine on the local network.
Ironically, on Mac OS X, using a different client, this works fine without any modification to the Cisco 678.
To get the magic green smilie, I ended up doing this:
First telnet to the 678 router, you can use DOS or in Mac OS X, Terminal.
(enter the password for the modem)
(enter on the password, usually there is none, is not enter it)
set nat entry add 10.0.0.2 80 tcp
set nat entry add 10.0.0.2 80 udp
I used the port 80 as an example, but depending on your application, you will probably need a different port. Most of the time you need to do both the TCP and UDP for the same port number. Once you enter on the reboot command, you lose connection with the router, so just close your window and open a new DOS or Terminal window.
To verify the changes log back into the 678 and type:
You should see the rules you added for the forwarding of your port. The next step is to configure the wireless router, in this case the Netgear.
Wireless Router (Netgear):
For this step you need to know the IP address of your computer on the local network. If you reread the commands for the Cisco 678, you should get the idea that you really have two networks, the network between your DSL modem and your wireless router, i.e. 10.0.0.1 and 10.0.02. The changes to the DSL modem make the packets go to the wireless router, and so we now need to tell the wireless router to forward the packets onto the actual computer. This is called Port Forwarding. There should be an option to do this on your router’s configuration screen.
Running IPCONFIG in Windows or using the Network Utility in Mac OS X, should give you the local ip address for your computer. Usually it is 192.xxx.xxx.xxx. You will then specify this address to forward both UDP and TCP ports for such and such port number(s).
Once you do this, the next thing is to reboot both the DSL modem and the wireless router, just to make sure things will work from now on.
Checking The Port:
Now start Azureus or whatever application you want to work, and see if it works. Azureus has the handly Test tool, so just run that and see what the results say. In fact you could use Azureus to test any port, just change the port number in the Test tool and run the test. But just in case you don’t want to install Azureus just for this, you can open up a browser and go to CanYouSeeMe.org and input your port number and it will tell you if the port is reachable and working. If it is still not working, then most likely you have a local software firewall that is blocking it. You will need to configure the Windows firewall, or Apple’s firewall, or any third party firewall you have to allow these ports to be opened.
At this point, it sounds like a lot of work, but eventually you will have it working and your smilie will be green.
I actually changed from the Netgear router to the Linksys WRT54GS and have had less problems with the network.
PortForward.com lists instructions on how to forward ports for all kinds of different hardware routers and modems.
Spazmatic.net is the best online resource for all the Cisco ADSL modems like the 678 and 675.
Some More CBOS Commands:
Depending on your CBOS version you can do some of the following commands. Note that WebKeyDesign is not responsible for any problems you might incur on your hardware. This information is given as a benefit to other curious technicians and so you should know what you are doing before you do it!
This command maps all ports to 10.0.0.2, which for most people would be their wireless router:
set nat entry add 10.0.0.2
I really don’t recommend it as I prefer to have the Cisco 678 protect my local lan as much as possible.
Sometimes you may want to actually redo all you NAT entries, so for that occassion, you can use this command:
set nat entry del all