# Router Firewall problem.....



## Alan Moore (21 Dec 2004)

Recently took the plunge and got broadband at home through Eircom who sent me out a Netopia modem/router - 3547W ( the wireless one ). Its all working fine expect that I don't seem to be able to use WinMx or other file sharing programs anymore. Have read up on the internet that this is likely due to the fact that the router has a firewall and this needs to be turned off. Have Norton and it seemed to work okay before I got the router.

Now the solution according to Netopias site and some forums is the open up explorer and change the settings by browsing Netopias web interface at 192.168.1.254. However when I try this I get nothing and it times out saying the gateway is not contactable. Rechecked the address by way of ipconfig and it seems to be correct.

Any ideas?


----------



## ClubMan (21 Dec 2004)

*Have read up on the internet that this is likely due to the fact that the router has a firewall and this needs to be turned off.*

I thought that the firewall was an optional add-on to that _Netopia_ device and is not included by default when shipped by _eircom_? I.e. to enable it you have to buy an additional _Netopia_ license key.

*Now the solution according to Netopias site and some forums is the open up explorer and change the settings by browsing Netopias web interface at 192.168.1.254. However when I try this I get nothing and it times out saying the gateway is not contactable. Rechecked the address by way of ipconfig and it seems to be correct.*

What are the _TCP/IP_ settings (i.e. the output of iconfig /all) on the host PC from which you are attempting this connection?

Presumably you have connected the _USB_ _802.11_ wireless interface to the host PC so that it can contact your _Netopia Access Point_? If so then it should be getting a _DHCP_ lease from the device and should probably be 192.168.1.1 or something like that. If it's not then your PC is not on the same network as the _Access Point_ and that's the initial cause of your problems.

Does that make sense to you?


----------



## Alan Moore (21 Dec 2004)

*Mmmm*

Thanks Clubman. Makes some sort of sense. Wouldn't be an IT expert but can normally find my way around with a little help from google.

The IP address is 192.168.1.1 as far as I remember.

"Presumably you have connected the USB 802.11 wireless interface to the host PC so that it can contact your Netopia Access Point?" - Yep all connected up, have no problems with accessing the www or e-mail. I just have this problem with file sharing. DHCP Lease? Now that is sort of double dutch to me. But assume it refers to the IP address. 

Problem. When trying to download a file now using WinMx, I used to get a "negotiating with server". Now I get a "waiting for network reply" which eventually times out. Have tried E-Mule as an alternative but having the same problems.


----------



## ClubMan (21 Dec 2004)

*Re: Mmmm*

*DHCP Lease? Now that is sort of double dutch to me. But assume it refers to the IP address. *

Sorry - the _Netopia_ device includes a _DHCP_ (_Dynamic Host Configuration Protocol_) server which issues ("leases") IP addresses to other hosts on the _LAN_. If your PC is 192.168.1.1 and other stuff works OK anyway then chances are it is getting its TCP/IP configuration settings correctly from the _Access Point_. One way to check is to do ipconfig /renew on your host PC and see that it renews the _DHCP_ lease. It should get the same IP address anyway but no errors certainly means that you are getting a _DHCP_ lease from your _Access Point's_ _DHCP_ server (well hopefully yours and not your neighbour's or somebody else's!   ).

*When trying to download a file now using WinMx, I used to get a "negotiating with server". Now I get a "waiting for network reply" which eventually times out. Have tried E-Mule as an alternative but having the same problems*

I am not really that familiar with peer to peer filesharing applications such as _WinMX_ seems to be but I presume that they need to send data out on a particular port as well as accept inward connections on other ports. It's possible that to do the latter you need to configure certain aspects of your _Access Point_ such as the firewall (if enabled) and/or port forwarding or the like. This might well be the root of your problem if the only applications affected are _P2P_ filesharing applications. 

One way to check which ports are open is to use the _ShieldsUp!_ firewall tester on the Gibson Research site (scroll down to the _Hot Spots_ section and click on the _ShieldsUp!_ link).

On a separate note, bear in mind that the _Netopia_ _Access Point_ as it arrives from _eircom_ is not configured for security and you might be as well to review the relevant settings (e.g. change the _Access Point's_ administrator password, disable remote administration mode, disable _SSID_ broadcast, lock access down to the _MAC_ address(es) of your home PC(s), enable _WEP_ encryption etc.). Otherwise it's quite possible that anybody in the vicinity of your home could access your _LAN_ and/or broadband connection wirelessly.


----------



## Alan Moore (21 Dec 2004)

*Thanks Clubman....*

....thats my homework for the night.


----------



## ClubMan (21 Dec 2004)

*Re: Thanks Clubman....*

Best thing to do is tackle things in this order:
<!--EZCODE LIST START--><ol><li>Find out why you can't access the _Netopia_ control panel by entering 192.168.1.254 into your browser address bar.</li><li>Research the _LAN_/router/firewall etc. requirements for _P2P_ filesharing applications a bit more</li><li>Implement any firewall/port forwarding etc. changes that you need for _P2P_ filesharing at your _Access Point_</li><li>Deal with the security issues when you have sorted the other stuff out (personally I would do this first but you might want to defer it).</li><li>Test your _LAN_ security with _ShieldsUp!_</li></ol><!--EZCODE LIST END-->


----------



## Alan Moore (22 Dec 2004)

*Still at a loss as to why....*

.....I can't access the Netopia control panel by entering 192.168.1.254 your browser address bar. Read the documentation which came with the router. It says to clear the address bar and put in 192.168.1.254 but still says can't reach the gateway.

Had a notion on the 46A this morning that maybe its timing out without giving the router a chance. Any other notions appreciated.


----------



## ClubMan (22 Dec 2004)

*Re: Still at a loss as to why....*

Can you post the output from executing ipconfig /all in a _DOS_ command shell on your desktop PC please? In particular it would be interesting to see what your PC's default gateway setting is.

If accessing the _Access Point's_ web based configuration console is the priority then presumably you could connect the PC to the _Access Point_ directly via one of the four _10/100BaseT_ at the back using a standard _CAT5_ cable? (If I recall correctly this device includes a 4 port _10/100BaseT_ hub).

*Had a notion on the 46A this morning that maybe its timing out without giving the router a chance.*

Maybe what is timing out? The PC/browser end of the connection? Realistically if things are working properly then timeouts should not be a factor.


----------



## EAMONN66 (22 Dec 2004)

*Re: Still at a loss as to why....*

as previously stated, use ip config /all from a dos window to check your net cards settings
the default gateway is your router

if inet explorer does not work try telnet

oped a dos window
telnet 192.xxxxxxxx

it couild be that the web interface is not turned on which is an option with some routers


----------



## Alan Moore (22 Dec 2004)

*Re: Still at a loss as to why....*

Cheers Clubman & Eamonn66. Will do later on or perhaps tomorrow if Christmas lunch turns sloppy.


----------



## Alan Moore (24 Dec 2004)

*This is what I'm looking at when I run ipconfig....*

Any notions

Windows IP Configuration


Ethernet adapter Wireless Network Connection 2:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.1.1
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : fe80::202:78ff:fee7:b  e9%5
        Default Gateway . . . . . . . . . : 192.168.1.254

Tunnel adapter Teredo Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : fe80::5445:5245:444f%4
        Default Gateway . . . . . . . . . :

Tunnel adapter Automatic Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.1%2
        Default Gateway . . . . . . . . . :



When I run Telnet 192.168.1.254 I get the following

Terminal shell v1.0
Copyright ⌐2004 Netopia, Inc.  All rights reserved.
Netopia Model 3347W Wireless DSL Ethernet Switch
Running Netopia SOC OS version 7.3.3 (build r0)
Multimode ADSL Capable
(Admin completed login: Full Read/Write access)

Netopia-3000/15342872>


----------



## car (24 Dec 2004)

*help*

Hi alan,
anything useful ?


----------



## ClubMan (24 Dec 2004)

*Re: help*

Some of the details above seem to have come out garbled - in particular some of the IP addresses don't seem to have replicated correctly and I'm not sure why the _MAC_ (_Medium Access Controller_ addresses don't seem to be listed). At least the gateway address is correct. Do you know what those "tunnel" adapators are?


----------



## zag (25 Dec 2004)

*Re: help*

If they are enabled then try turning off the proxy settings temporarily in your browser window and trying to browse again.

Sometimes there can be a bit of confusion (or misconfiguration) when you are trying use a proxy to access machines on the same network as yourself.  In this case you are trying to access the machine that the proxy process is running on.

The fact that you can telnet means there is no inherent connectivity problem.  Remaining options include something (like your browser redirecting to a proxy) stopping the web traffic between the two machines or perhaps there might be no web interface running on the netopia.  I reckon the proxy settings are the problem.  If the web interface is turned off then you will have little option but to telnet in and turn it on, but this assumes you a) have the password and b) know the commands.

z


----------



## ClubMan (26 Dec 2004)

*Re: help*

Good point _Zag_. Another test might be to run telnet 192.168.1.254 80 to connect to the web port (port 80) of the _Access Point_. You may need to hit return/enter a few times but if you get something back (most likely the raw _HTML_ of the _Access Point's_ web configuation interface main page then things are working OK and the proxy configuration could well be the cause of problems when trying to connect the browser to the web configuration front end.


----------



## Alan Moore (27 Dec 2004)

*Thanks for the tips...*

But its a case of 1 step forward , two steps back.

Have managed to get the web interface going by rebooting the router via telnet. A lot of sites seem to suggest port forwarding but winmx is still not letting me download. I'll keep at it. Have tried some of the suggestions above but not making a breakthrough.

The two steps back. I have changed some settings which appear to be affecting the download speed. IE seems to be slower finding sites but once it does the speed is okay. For example, it might take 10 secs to find AAM but once in I can move around fairly quickly. Is there a simple way to reset the windows lan settings to what they were?


----------



## Alan Moore (28 Dec 2004)

*Got...*

Limewire to work. Seems to be as good as WinMx so that problem is solved. Now I just need to get my internet back up to speed. Methinks it might be something to do with protocol but not sure.


----------



## zag (28 Dec 2004)

*Re: Got...*

Delays finding sites and then good throughout when you find them is normally down to DNS issues.

What happens is that your machine needs to translate www.askaboutmoney.com into an IP address like 1.24.30.75 and then make the connection to that IP address.  A bit like the way you don't ring George Bush - you look up his number in a phone book and then ring the number for George Bush.  The problem comes about when the first place you look doesn't know the answer but doesn't tell you this.  Your machine then waits 10 seconds or so and tries the second entry on the list - this comes back with an answer straight away and your machine then connects to the destination.

Check your DNS entries against those that your ISP recommends and make sure they are pointing to the correct place.  If you are using a proxy then it is the proxys DNS settings you need to modify.

z


----------



## Alan Moore (28 Dec 2004)

*Re: Got...*

Thanks Zag.

Not so sure. The DNS settings are automatically set by the ISP ( eircom ). In the instructions provided by eircomom they suggest to set "Obtain IP address abd DNS server address" to automatic which I have. When I look at the automatic settings they seem to tie in with eircom.


----------



## zag (29 Dec 2004)

*Re: Got...*

Yes *BUT*

Have you checked the DNS settings on the netopia ?  eircom may well have set it for you, but you said above that you changed a few things - maybe you unset it.

I restate my earlier statement - delays getting to a site for the first time in a session followed by good throughput indicate DNS problems.

My netopia sends me out a DHCP config which points my DNS resolver at the netopia.  My netopia knows nothing about DNS, so it forwards on the requests to the main eircom DNS servers which either know the answer or know which DNS server to ask to get the answer and the answer eventually gets back to me.  If the first device I ask has a dud entry in its list of servers to forward to then I have to wait for the request to time out before the device asks the correct DNS server.

Check your netopia web page and see what values you have for DNS-1 and DNS-2

z


----------



## Alan Moore (29 Dec 2004)

*Re: Got...*

Thanks Zag, you could be right, what would I know.

From Netopia:

Primary DNS         159.134.237.6
Secondary DNS         159.134.248.17

Really convinced my problem lies within the following settings which you might check against your own.

Under Avanced TCP/IP settings:
IP Settings: DHCP Enabled
DNS: Only "append primary and connection specific DNS suffixes ticked
Wins:  Enable LMhosts + Nios Setting Default ticked
Options: TCP/IP : Enable TCP/IP filters  ( all adapters ) not ticked 

Some websites seem to advise to set up pinhole ports for TCP/UDP. However when I do, all goes pear shaped. No P2P and web acesss is extremely slow. 

The way I've got set up. P2P is hit and miss and web is fairly quick once contact is made with website.

Remember, guiding me through this is like telling a woman    how to put air in her tyres. Sorry Mrs M.


----------



## Alan Moore (23 Jan 2005)

*A month later.....*

... eventually fixed. Suspected it was something to do with those "tunnel adapter" thingamajigs and DNS issues. Found a link suggesting i do an uninstall ipv6. Did so, the tunnel adapters disappeared and speeds are back to normal. Not sure why but it works. Cheers all.


----------

