Recently I had to help a friend get his RDP working on his home computer. He has Qwest DSL and just one computer connected directly to an Actiontec 54 Mbps Wireless DSL modem. For some reason these modems have a confusing interface. To get the port forwarding to work, you need to setup your PC with a static IP address first and then configure the Actiontec to forward to this internal IP address.
In the Actiontec web interface, go through the Advanced Setup and then when you get to the Port Forwarding screen, click Advanced in the lower right corner. The screen that comes up will say Advanced Port Forwarding. On this screen, at the top section add your ports and your internal IP address and then click Add. This will keep the setting and you will have restart the modem. This is the only way I got the modem to keep the settings.
If you still have problems after this and you have confirmed that the Actiontec retained your port forwarding settings, check your computer to make sure that you do not have a software firewall blocking the ports.
You might also look at troubleshooting ports on DSL and DSL router forwarding ports problem for more tips.
Every now and then I run into a situation where I need to clear my DNS cache. This is sometimes needed when there are negative DNS values, meaning incorrect IP addresses on my computer for certain internet sites that I want to connect to. You can use the following commands to flush DNS and see if this allows you to reach the site.
Mac OS X:
For OS X, Lookupd takes care of cached DNS entries. You will need to open a Terminal session and type the following command:
On Mac OS X 10.5 Leopard, you no longer have the lookupd command. Use the dscacheutil command instead:
For Windows, the IPConfig utility serves as an easy way to view TCP/IP settings and as a utility to flush DNS. You will need to open up a prompt and type the following command:
Windows2000 & XP save negative DNS entries by default, so you might want to try disabling negative DNS caching to get a more responsive internet connection.
Microsoft has some notes on DNS settings in Windows too that you can reference.
If you read my previous post on Troubleshooting Ports on DSL, then perhaps you will get the whole idea on how to forward ports, but as I discovered, powering off your routers may cause packet loss afterwards.
In a typical DSL setup your main DSL modem provide DHCP services, and although there is only one physical ethernet port that it connects to, unless you specifically setup the DSL modem to forward all traffic to your LAN router, chances are a reset could send packets to another ip address and all of a sudden your packets get lost going to a different ip.
To work around this, you either have to be careful about how you reset your routers or force the DSL modem to route everything to one IP address, therefore losing some of the firewall protection that the DSL modem is providing.
Here is a proper way to reset your home network and routers.
1. Turn off everything. This includes computers, routers, DSL modem.
2. Power on the DSL Modem first. Wait a few minutes until the LAN and WAN lights turn solid, usually green.
3. Power on your home router, the Linksys, Netgear, D-Link, or whatever brand you have.
4. After a couple of minutes, turn on the computers and other devices on your network.
5. Verify the NAT on the DSL modem is still setup properly and that the home router is connecting to the DSL modem with the correct IP address.
For the Cisco 678 ADSL modem, telnet into it and type:
The last lines that come up will show the last packets that were sent and what local ip they were sent to. It should be 10.0.0.2 for the 678, unless you changed it.
Recently I decided to upgrade my DSL broadband connection from Qwest. The upgrade would give me twice the download bandwidth of before and so I thought it was a great idea. However, I started having a lot of problems soon after the connection was upgraded. Most annoying were the web browser issues, where certain sites would come up as being unreachable or timing out due to no response. Most of the time I would just hit refresh and the web site would come up. The DSL connection feeds a small LAN network and so it was not just one computer, but all of them that were having this problem.
This problem is really the result of packet loss or DNS reponse, or as many techs call it DNS timeouts. On a slower connection, you might never experience this issue, but as your connection increases in speed, lag times from certain servers does become more apparant, and you can not assume that because your internet connection just quadrupled in speed, that the servers that you are communicating with will suddenly give your requests more responsive attention. It just does not work that way.
My LAN runs a Window2003 Server with DNS, so I started with this first. All the other computers point to Windows Server as their primary DNS Server. After making sure that DNS was running properly on the server, and that it too was having the same problem, I researched it and found this Microsoft Technote:
Some DNS Name Queries Are Unsuccessful After You Upgrade Your DNS Server to Windows Server 2003
It appears that Windows2003 supports extended DNS information, and that some routers are not letting these UDP packets through because they are larger than usual.
This issue occurs because of the Extension Mechanisms for DNS (EDNS0) functionality that is supported in Windows Server 2003 DNS.
ENDS0 permits the use of larger User Datagram Protocol (UDP) packet sizes. However, some firewall programs may not permit UDP packets that are larger than 512 bytes. As a result, these DNS packets may be blocked by the firewall.
The easy fix is of course to turn off ENDS0.
1. Install the Dnscmd.exe program from the Windows Server 2003 Support Tools. To install the Windows Support Tools, right-click Suptools.msi in the Support\Tools folder on the Windows Server 2003 CD-ROM, and then click Install. Follow the steps in the Windows Support Tools Setup Wizard to complete the installation of the Windows Support Tools.
2. At a command prompt, type the following command, and then press ENTER:
dnscmd /config /enableednsprobes 0
This did help the problem some, but did not make it go away completely, and chances are that if you just have one computer with broadband and you are having the same problem, then you need to start looking at something called the MTU setting.
DSL Reports has more detailed information on MTU settings, but the short story is that MTU is the maximum size packet you can send through your broadband connection to your ISP, without your router splitting it up. Think of it as the maximum occupancy of your connection. The most it can carry at once.
A simple test to find out what your highest MTU setting can be is to open a DOS Prompt and type:
ping -f -l 1472 www.webkeydesign.com
You can ping any server or website you want, but do not ping a site like Google, because Google has multiple servers, and you will end up pinging different ones possibly and get inaccurate results. Pick a specific IP or a site you know only has one server.
If you get the message: packet need to be fragmented, then you need to decrease the number 1472 by 1, until you no longer get that message. If you did not get that message, then you can try adding 1, until you get the highest value that does not fragment. Once you have that number, then just add 28 to that number and that is your MTU. Most setups will work with 1492.
If you are using Mac OS X, you can try using the Network Utility in the Utilities Folder, or just try the 1492 setting for starters.
Now comes the configuration part, you have to change the MTU in all your computers and in all of your routers (broadband modem and wireless router if you have a second router). Most likely your router is defaulting to 1500, so you will definitely need to change that. The MTU setting is network card specific, so you will need to make changes for each network adaptor.
Once you made the changes, the DNS Timeouts should be gone. If they are not then check with your ISP to make sure that you have the right DNS Server addresses. As a general rule with wireless routers or small home office routers, you should type in the DNS addresses into each computer, and not depend on the router for your DNS server. Most small routers have a hard time with serving as primary DNS, so it works out better to just type in the ISP DNS addresses into each computer. If you are running DNS locally with a Windows Server or Linux Server, then you usually can just use the local server as the primary DNS, and type in the ISP addresses as backups.
How To Find MAX MTU?
Last week I wanted to try out a Linux distro that interested me and found that the only way to download it for free was through bittorrent. Since the distro was going to be for my Windows PC, instead of my Powerbook, I went ahead and installed Azureus, which is a JAVA based client. Azureus uses smilies (happy face icons) to tell you if the file download is working or not, the point being is that all your downloads should show green smilie faces. However I was not getting the green smilie face. Under the Tools section, there is a Test option to test your NAT/Firewall to see if there is something wrong. If this fails, then it means you need to configure your router to let the specific port through.
For me, my home DSL connection is provided through a Cisco 678 ADSL modem, which in turn connectes to a Netgear wireless router that in turn services all the home networked machines. For some reason on Windows2003, the packets would never get through, you actually need to configure the Cisco 678 modem to pass on the packets from such and such port, in this case it passes them on to the Netgear router, and on the Netgear router you use the Port Forwarding feature to send the packets through to a specific machine on the local network.
Ironically, on Mac OS X, using a different client, this works fine without any modification to the Cisco 678.
To get the magic green smilie, I ended up doing this:
First telnet to the 678 router, you can use DOS or in Mac OS X, Terminal.
(enter the password for the modem)
(enter on the password, usually there is none, is not enter it)
set nat entry add 10.0.0.2 80 tcp
set nat entry add 10.0.0.2 80 udp
I used the port 80 as an example, but depending on your application, you will probably need a different port. Most of the time you need to do both the TCP and UDP for the same port number. Once you enter on the reboot command, you lose connection with the router, so just close your window and open a new DOS or Terminal window.
To verify the changes log back into the 678 and type:
You should see the rules you added for the forwarding of your port. The next step is to configure the wireless router, in this case the Netgear.
Wireless Router (Netgear):
For this step you need to know the IP address of your computer on the local network. If you reread the commands for the Cisco 678, you should get the idea that you really have two networks, the network between your DSL modem and your wireless router, i.e. 10.0.0.1 and 10.0.02. The changes to the DSL modem make the packets go to the wireless router, and so we now need to tell the wireless router to forward the packets onto the actual computer. This is called Port Forwarding. There should be an option to do this on your router’s configuration screen.
Running IPCONFIG in Windows or using the Network Utility in Mac OS X, should give you the local ip address for your computer. Usually it is 192.xxx.xxx.xxx. You will then specify this address to forward both UDP and TCP ports for such and such port number(s).
Once you do this, the next thing is to reboot both the DSL modem and the wireless router, just to make sure things will work from now on.
Checking The Port:
Now start Azureus or whatever application you want to work, and see if it works. Azureus has the handly Test tool, so just run that and see what the results say. In fact you could use Azureus to test any port, just change the port number in the Test tool and run the test. But just in case you don’t want to install Azureus just for this, you can open up a browser and go to CanYouSeeMe.org and input your port number and it will tell you if the port is reachable and working. If it is still not working, then most likely you have a local software firewall that is blocking it. You will need to configure the Windows firewall, or Apple’s firewall, or any third party firewall you have to allow these ports to be opened.
At this point, it sounds like a lot of work, but eventually you will have it working and your smilie will be green.
I actually changed from the Netgear router to the Linksys WRT54GS and have had less problems with the network.
PortForward.com lists instructions on how to forward ports for all kinds of different hardware routers and modems.
Spazmatic.net is the best online resource for all the Cisco ADSL modems like the 678 and 675.
Some More CBOS Commands:
Depending on your CBOS version you can do some of the following commands. Note that WebKeyDesign is not responsible for any problems you might incur on your hardware. This information is given as a benefit to other curious technicians and so you should know what you are doing before you do it!
This command maps all ports to 10.0.0.2, which for most people would be their wireless router:
set nat entry add 10.0.0.2
I really don’t recommend it as I prefer to have the Cisco 678 protect my local lan as much as possible.
Sometimes you may want to actually redo all you NAT entries, so for that occassion, you can use this command:
set nat entry del all