[blktlr]

I just plugged in a Linksys Wireless Router in my dorm room (wireless access for iBook). My PowerMac is now wired behind the router.

Now I seem to have lost access to the school network and to my machine from anywhere else on the school network. I'm thinking that I need to arrange the router to forward the necessary ports. Is this correct or possible? Is it a relatively simple process? What ports do I need to have forwarded to enable:

AppleTalk, FileSharing (Mac&Windows), Print Sharing, and Personal Web Sharing.

Thanks!

-blake.

[car1son]

If you open the Firewall tab of the Sharing panel of System Preferences it will list those (and you'd need to forward any ports you have open there if they correspond to services you want to access from outside your local network.

Printer - 631
FTP 20-21
Personal File Sharing 548, 427
Personal Web Sharing 80, 427

Also, This Apple KBase article lists the ports Macs use.

This page is a more comprehensive list of internet port assignments.

[aaanorton]

Try disabling the DHCP serving feature on the router. This should allow connected devices to get their IPs from the school's DHCP server, which will keep everything on the same subnet.

[blktlr]

If I disable DHCP, how do I configure my iBook or the router so that the iBook can connect to the internet?

-blake.

[BkueKanoodle]

Originally posted by aaanorton:
Try disabling the DHCP serving feature on the router. This should allow connected devices to get their IPs from the school's DHCP server, which will keep everything on the same subnet.

This won't work, as DHCP requests cannot traverse a router. (they work through broadcasts, which don't work at the Router level.

If this is a true router, (not a firewall/ router) then opening ports is not going to help (since a router doesn't close any ports.)

Instead the problem is that the router has created a new subnet on the schools network. In order for machines on the schools network to see anything on that subnet, they must know the gateay for that subnet (The gateway for the them would be the external address of your router.) Since its unlikely that your schools Administrators are going to change their settings to accomodate you.

So heres your workaround:

1) return that wireless router

2) purchase either

a) a wireless access point. An access point simply acts a bridge between the wireless and the wired network, without changing and of the logical topology.

b) Purchase a wireless Router with Firewall capabilty. Open the ports the previous poster mentioned and forward those ports to your internal ip address on your machine.

You current router may have these capabilities built in so you may just need to set up port forwarding to your machines ip address. The trick then to access your machine from the "external" (read the rest of the schools) network, is to connect to the the external ip address of your firewall, not your machines name or IP address.

[aaanorton]

Originally posted by blktlr:
If I disable DHCP, how do I configure my iBook or the router so that the iBook can connect to the internet?

The same way as before: via DHCP. But instead of getting its IP from your router, it will get it from the school's DHCP server.

[aaanorton]

Originally posted by BkueKanoodle:
This won't work, as DHCP requests cannot traverse a router. (they work through broadcasts, which don't work at the Router level.
...
a) a wireless access point. An access point simply acts a bridge between the wireless and the wired network, without changing and of the logical topology.

By disabling the DHCP serving functions on the router, you are changing it to bridge mode. This is, essentially, an AP. This is done all the time. I have personally done this. People often buy something like an A(E)BS to add to their wired network for a new laptop. By disabling the DHCP serving on it, the clients get their IPs from the next DHCP server up the line.

[kampl]

Can't you just PAT to the DHCP address received from the school's DHCP server(s)? No need to update routing tables elsewhere if you are translating to an address in the scope of the segment you are getting your lease from.

So you end up having your local private network that's outbound and returning traffic looks like it's coming to/from the one address received from the DHCP server to the port you have in your dorm.

[BkueKanoodle]

Originally posted by aaanorton:
By disabling the DHCP serving functions on the router, you are changing it to bridge mode. This is, essentially, an AP. This is done all the time. I have personally done this. People often buy something like an A(E)BS to add to their wired network for a new laptop. By disabling the DHCP serving on it, the clients get their IPs from the next DHCP server up the line.

This is true to some extent, but most Wireless routers do not do this. Why? because its unsafe to assume that because you turned off the DHCP server on the wireless router, the user wants to get their IP address from up line.

Many people turn of the DHCP function because they already have a DHCP server on their internal network or they wish to use staic IP address's. For example my Linksys wgt54t continues to act as a router even if the DHCP server is turned off.

Airport base stations may be differnet, simply because Apple engineers made some assumptions about where their users are going to use the product. If they did indeed implement this functionality, it is a sign of Apples disregards for normal networking topology conventions. I would not be quick to assume that all manufacturers would do the same.

Since every Linksys AP point ( and every other brand) I have used does not display this behavior but rather continues to act as a router, even when the internal DHCP server is turned off, I stand by my original assessment

[aaanorton]

Originally posted by BkueKanoodle:
This is true to some extent, but most Wireless routers do not do this.

Sure they do, wired or wireless.

Why? because its unsafe to assume that because you turned off the DHCP server on the wireless router, the user wants to get their IP address from up line.

Many people turn of the DHCP function because they already have a DHCP server on their internal network...

How are these two scenarios different?

For example my Linksys wgt54t continues to act as a router even if the DHCP server is turned off.

Then how/what is it routing? And how is it then different from a switch (when the DHCP is disabled)?

Airport base stations may be differnet, simply because Apple engineers made some assumptions about where their users are going to use the product. If they did indeed implement this functionality, it is a sign of Apples disregards for normal networking topology conventions. I would not be quick to assume that all manufacturers would do the same.

Every router I've used (including Linksyses) have done this. It's a given, if not, in fact, by definition.

Since every Linksys AP point ( and every other brand) I have used does not display this behavior but rather continues to act as a router, even when the internal DHCP server is turned off, I stand by my original assessment

I simply have no idea what you're talking about. Are you saying that you can't string two Linksys routers together and bridge the second to the first by disabling its DHCP server, thereby keeping all connected devices (on both routers) on the same subnet?

[BkueKanoodle]

To understand the difference between a router and a bridge, you need to understand the OSI model.

There are 7 layers in the OSI model

Application
Presentation
Session
transport
network
data link
physical

These standard layers help protocol designer ensure compatibility and interoperability. For a fuller explanation see this article

http://computer.howstuffworks.com/osi.htm

for how switches (network bridges function the same, but are generally defined as bridging one interface to another interface, not multiple interfaces as a switch) work see

http://computer.howstuffworks.com/lan-switch.htm

To learn how routers work

http://computer.howstuffworks.com/router.htm


Now I'll sum these articles up. Routers (and layer 3 switches, which are genrally only found in high end network equipment) process the data according to the IP address. IP address's are part of the IP protocol which operates at Layer 3 of the OSI Model.

Regular old switches, and bridges operate at layer 2 of the OSI model, and are independent of the higher level IP protocol.

In other words, they don't use the IP address at all, instead they do their calculations on where a packet should go based on the destination MAC (Media Access Control) address of the packet.

A router is more intelligent then a switch and is much more efficient. The problem lies in the fact that DHCP requests are broadcast based. Since the computer does not yet have an IP address, it is incapable of speakng at the network layer. DHCP broadcasts go out to every computer on the subnet and they do not have an ip address in the packet Header. Routers NEED an IP address in the packet header in order to process the data and figure out where the packet goes. Since a a DHCP does not have an IP address in the destination address , the router ignores the request. Thus DHCP will not work over a router. Your can sneak DHCP request though, but it involves having 2 DHCP relay machines tunneling the DHCP requests through the router wrapped in an IP packet wrapper.

Some of the small wireless routers includes built in 4 or 8 port switch. These can function as both a switch and a router, but it is important to note the the router does not send the broadcast requests outside the built in switch or computer connected to the internal switch. The router will NEVER send a broadcast out through its WAN port, so it is impossible to send a DHCP request to an Upstream provider.

Now the airport, (which I've never used) may change to a switching mode when DHCP is turned off, but this is not STANDARD behavior for a router and is one reason why an Airport would not be welcome on a Enterprise network. The Linksys and other manufacturers tend to follow OSI standards more and when the call something a wireless router, it truly is a wireless route. Then again I have never seen an Airport advertised as a router either.

If you go to the store, you will notice linksys does often have 2 products on the shelf. They look the same, except that one is called a wireless access point, and one is called a wireless router. Their is a difference, and from what you described, a wireless access point is closer to what the airport really is, not a router.


I don't mean to sound insulting so please don't take it that way.

[BkueKanoodle]

OK I did the Research and I was right, the airport is unique in that if you disable the DHCP server, it also turns of the NAT (Network Address Translation, a very basic form of router) of the unit. This is not standard behavior among wireless router makers.

Heres a link to a review that mentions this

http://www.wi-fiplanet.com/reviews/article.php/1756051

Heres a a quote:

"Perhaps the biggest limitation of the unit affects Macs and PCs equally--it relates to how you can configure IP addresses. In this regard, the AirPort Extreme is about as flexible as dry pasta.

For example, the AirPort can function as a DHCP server, but you must use the pre-defined private subnet (10.0.1.x) or else supply a handful your own global IP addresses (the "real" ones you get from your ISP). Moreover, if you turn off DHCP, then you can't use NAT. In effect this means that you can't use a private LAN subnet range of your own choosing under any circumstances.

The ability to define your own LAN subnet range is a feature I've seen in every other product I've ever looked at and as a result take for granted at this point. The AirPort's inability to do so might make adding an it to an existing network in particular much more trouble than it needs to be."

[aaanorton]

Well, thanks for the info on the ABS. I don't own one either, but used that as an example as many people post that situation here.
But getting back to the original problem, I still think that the Linksys' NAT functions would allow connected devices to acquire IPs and function on the described (blktlr's) network, after disabling its DHCP serving. You do not. We could debate this over and over, but it would be much easier if blktlr would just try it.
Log into the Linksys
Disable DHCP serving
Restart the router
Try to get an IP on wired and wireless devices

Of course, this wouldn't work if there was any proxy server issues or MAC address filtering/authentication that has not yet been discussed.

[blktlr]

Turning off DHCP doesn't seem to work.

There were, however, a set of default pass through's that I found and they have me back up and running on the network (IPSec, Multicast, PPTP, etc.), so everything I need is fine except for one thing.

Every morning, after my PowerMac (or wirelessly connected iBook) have been asleep for the night, they have no internet connection. I have to reset or unplug/replug the Linksys in order to get back onto the network (internet). This is a little bit annoying and only happens when using the new router. I think it might have something to do with client lease time on the school network? The lease time for computers on the Linksys network is one day (the max, as far as I can tell), but requesting a new lease from the PowerMac or iBook does nothing. How can I force the router to ask for a new lease of its own, or is something else going on (my diagnosis is a mostly uneducated guess)?

Thanks. I appreciate your responses,

-blake.

[BkueKanoodle]

I had the same problem with a belkin AP at one point, never bothered to figure out what it was though.

What linksys Router are you using?

[BkueKanoodle]

Originally posted by aaanorton:
Well, thanks for the info on the ABS. I don't own one either, but used that as an example as many people post that situation here.
But getting back to the original problem, I still think that the Linksys' NAT functions would allow connected devices to acquire IPs and function on the described (blktlr's) network, after disabling its DHCP serving. You do not. We could debate this over and over, but it would be much easier if blktlr would just try it.
Log into the Linksys
Disable DHCP serving
Restart the router
Try to get an IP on wired and wireless devices

Of course, this wouldn't work if there was any proxy server issues or MAC address filtering/authentication that has not yet been discussed.

By its very nature A NAT Firewall, will use a differnet private IP address range on its internal subnet. If you set your NAT box to use the same subnet as your external (read schoold network) It would cease to function as a NAT router. Not to mention, per IEEE specifications a NAT device CANNOT use the same IP subnet on both sides of its interface.

From RFC 1631
http://www.faqs.org/rfcs/rfc1631.html

For NAT to operate properly, it is necessary to partition the IP
address space into two parts - the reusable addresses used internal
to stub domains, and the globally unique addresses. We call the
reusable address local addresses, and the globally unique addresses
global addresses. Any given address must either be a local address or
a global address. There is no overlap.

The problem with overlap is the following. Say a host in stub A
wished to send packets to a host in stub B, but the local addresses
of stub B overlapped the local addressees of stub A. In this case,
the routers in stub A would not be able to distinguish the global
address of stub B from its own local addresses.

This means that his NAT router cannot use IP address in use on the xternal subnet (the school network) on the internal subnet. (The computer behind the NAT router)

Also see IEEE RFC 2131 on DHCP Standards

http://www.faqs.org/rfcs/rfc2131.html


I'm not making this up, these RFC's are the rules of the internet.

I'm a Network Engineer with over 10 years Large Scale Lan/WAN Design experience, I've taught netwoking at the college level, I wouldn't lie to you about this

[blktlr]

Linksys

BEFW11S4

It's the basic Wireless B + 4 port router.

-blake.

[BkueKanoodle]

Originally posted by blktlr:
Linksys

BEFW11S4

It's the basic Wireless B + 4 port router.

-blake.

Do you know which firmware its using? The latest on the linksys site is Firmware Version : 1.44.2

[BkueKanoodle]

A quick search on google turned up alot of complaints of the same type with this router. Most people ended up just returning the unit and getting a different model.

If you're feeling adventurous, you can read these threads, and try the various firmaware updates (and downgrades) to see if any fix it for you.

http://www.broadbandreports.com/foru...p,16~mode=flat

http://www.tek-tips.com/gviewthread....916/qid/446359

[John Strung]

Originally posted by blktlr:
Turning off DHCP doesn't seem to work.

I believe the trick is that as well as turning off the NAT, you have to connect the cable from the school network to one of the LinkSys's 4 numbered LAN ports, not to the WAN port.

It should then act as a bridge (more or less like uplinking the school network to a wired hub.)

[ghporter]

Originally posted by blktlr:
...so everything I need is fine except for one thing.

Every morning, after my PowerMac (or wirelessly connected iBook) have been asleep for the night, they have no internet connection. I have to reset or unplug/replug the Linksys in order to get back onto the network (internet). Thanks. I appreciate your responses,

-blake.

This behavior is fairly common among wireless computers, no matter what type of platform they are. It stemms from the way an 802.11b connection works.

802.11b uses a spread spectrum technique called Direct Sequence Spread Spectrum. Spread spectrum (which means it uses a broad range of frequencies) reduces the possibility of noise and interference rendering the connection useless. Direct sequence spread spectrum steps through a predetermined set of frequencies, never deviating from that sequence. Ok, wake up and read this part ->when your computer goes to sleep, the wireless card loses track of where in the sequence it was, so it isn't synchronized with the rest of the network.

The reason this is a problem is that many, maybe most, wireless cards don't figure out that they're lost when they wake up, and don't try to reinitialize a connection. They just sit there and tell you there's nothing there to connect to.

A work around involves manually disconnecting from the network before putting the computer to sleep, or manually disconnecting when it wakes up. Or you could just turn the computer off instead-all cards start up initially in a search mode.

I have a Windows XP laptop with wireless, and I have to log off from my profile before putting it to sleep or it will do the same thing yours is doing. This is because XP stores network connections for each user profile separately, so when a user logs on, the connection is reinitialized. I haven't figured out a way to do this as elegantly on a Mac, but there must be a way.

[aaanorton]

I like your reasoning, GHP, but I never have problems reconnecting to my .11b network with my iBook. I've used 2 different Asante routers and the MR814 and this has never been a problem for me. I just open it or wake it up and... bing! I'm on.

[BkueKanoodle]

Originally posted by GHPorter:
This behavior is fairly common among wireless computers, no matter what type of platform they are. It stemms from the way an 802.11b connection works.

802.11b uses a spread spectrum technique called Direct Sequence Spread Spectrum. Spread spectrum (which means it uses a broad range of frequencies) reduces the possibility of noise and interference rendering the connection useless. Direct sequence spread spectrum steps through a predetermined set of frequencies, never deviating from that sequence. Ok, wake up and read this part ->when your computer goes to sleep, the wireless card loses track of where in the sequence it was, so it isn't synchronized with the rest of the network.

The reason this is a problem is that many, maybe most, wireless cards don't figure out that they're lost when they wake up, and don't try to reinitialize a connection. They just sit there and tell you there's nothing there to connect to.

A work around involves manually disconnecting from the network before putting the computer to sleep, or manually disconnecting when it wakes up. Or you could just turn the computer off instead-all cards start up initially in a search mode.

I have a Windows XP laptop with wireless, and I have to log off from my profile before putting it to sleep or it will do the same thing yours is doing. This is because XP stores network connections for each user profile separately, so when a user logs on, the connection is reinitialized. I haven't figured out a way to do this as elegantly on a Mac, but there must be a way.

Except the problem is that the router is losing the conenction, not the laptop. Notice he said even the wired machine exhibits this behavior? That would rule out a wireless problem and the common component is the router. It sounds like this router is losing its connection to the WAN, not the clients to the router.

In addition an access point operates in promiscous mode, it doesn't send out the signal initially, but rather the client computer initiates a request and the access point responds. So an access point is never stepping through the signal frequencies constantly, but rather starts after the client has initiated the connection. That way, the client would never "loses" where it was in the sequence.

The problem you have with Windows has more to do the crappy way that Windows manages the wireless network card through software. Thats why alot of drivers for wireless cards include a separate utility to handle scanning, instead of letting windows manage it.

And I've never had a problem with any apple laptop using wireless.

[BkueKanoodle]

Originally posted by John Strung:
I believe the trick is that as well as turning off the NAT, you have to connect the cable from the school network to one of the LinkSys's 4 numbered LAN ports, not to the WAN port.

It should then act as a bridge (more or less like uplinking the school network to a wired hub.)

Exactly! Except it acting as a switch and an access point. The difference though you now have disable any security features this router provides to protect you from the outside network.

[superlarry]

Originally posted by John Strung:
I believe the trick is that as well as turning off the NAT, you have to connect the cable from the school network to one of the LinkSys's 4 numbered LAN ports, not to the WAN port.

It should then act as a bridge (more or less like uplinking the school network to a wired hub.)

bingo.

this should also maintain your wireless ability, as the wireless LAN is most likely bridged to your regular LAN.
make sure that the router's DHCP server is OFF in this case, though, or you could cause a lot of trouble on your school's network ;c)

[kampl]

Originally posted by BkueKanoodle:
Exactly! Except it acting as a switch and an access point. The difference though you now have disable any security features this router provides to protect you from the outside network.

Hi guys. Bridging is not going to fix this issue of not getting IP addresses from the campus DHCP server and not being able to get back to his personal machines from remote locations. Bridging by design is a layer 2 segmentation device that will stop broadcasts unless it is configurable to relay DHCP requests (like an ip helper address in Cisco gear). Bridging limits the size of a broadcast domain.

My personal opinion is that this guy uses his access-point as a router and PATs everything coming off his private segment, and port forwards the services he wants to make available to the world to the respective servers inbound.

I highly doubt his Linksys router/AP can relay DHCP address requests in bridge mode (I don't own one). It is easier to just do some NAT and call it a day. It's unlikely he can jump on the network with a bridge.

I'm happy to discuss why routing is the best solution at this point if anyone is interested.

[BkueKanoodle]

Thats exactly what I've been trying to tell them for the last 6 days.

[kampl]

My opinion about how it should be setup stands, but my spewage about bridging does not (drunk posting sucks). If it really does act strictly as a bridge, datagrams should get through it as bridges only segment collision domains not broadcast domains like I orginally incorrectly stated. So if you can get a DHCP lease through that port, you should be able to get a DHCP lease through a bridge connected to that port.

I need to stop posting on Saturdays. Carry on........

[blktlr]

Okay...

I turned off DHCP on the router and plugged the ethernet cable from the school into one of the four normal sockets (NOT the internet/wan socket). The wired connection to my PowerMac works perfectly now and I have access to everything that I want.

The wireless signal is still there, but I have no wireless internet access.

Am I doing something wrong here?

-blake.

[aaanorton]

On the PB, go to Sys Prefs > Network and Show: Airport. Under Configure, you probably have DHCP selected. Change that to ANYTHING else in that list and apply the change. Then change it back to DHCP and apply that change.

EDIT: Oh, and reset the Linksys.

[blktlr]

Okay - nevermind. Everything is working now aside one small thing...

What I did:

I plugged the school network into one of the four normal ports on the router as advised.

Turned off DHCP.

Then I disabled UDP services (this was why it didn't work on the wireless the second try).

My wired and wireless connections work perfectly now. They're fast and open to networking/filesharing now.

The only problem is that I no longer have access to the administration of my router. I can't access the default IP, so I can't get into the web based access. I guess that if I ever have to in any sort of emergency I can just switch the plug from the PowerMac into the internet/wan port though.

My firmware, by the way, is 1.45.3.

Thanks for your help. You guys are great!

-blake.

[aaanorton]

Or you could just manually set your comp's IP to something on the Linksys' subnet. This will allow you to access the config page.
Sorry I never mentioned plugging everything into LAN ports. I just went back and checked my old posts. I guess I should have mentioned that...

[John Strung]

The only problem is that I no longer have access to the administration of my router.

My recollection is that the ability to access the Admin utility wirelessly is disabled by default on the LinkSys (and most other wireless routers) for security reasons.

[ghporter]

BkueKanoodle, you're right. I really blew it when I scanned, instead of READ the post I responded to. Obviously it's a problem with both wired and wireless clients (I didn't keep straight that one of his computers was wired and the other wireless). However, the problem is not necessarily with the router.

blktlr, what kind of connection do you have? If you're connected straight to your school's network and they told you to use DHCP, it's likely that they simply have your IP lease expiring after 24 hours. Usually the DHCP scheme is also set up to require a specific network card (or router in this case) to hold off for a while before requesting a new IP.

With a computer connected directly to the network it's not problem to do this, because they either go to sleep or turn off for some period of time during the 24 hour period. A router, being on 24/7, will immediately request a new IP when the lease expires. I would try simply turning off the router overnight for a few nights. I've actually heard of people putting their routers on those mechanical light timers, ensuring that they go off at some time overnight, but come on before the user wakes up.

BkueKanoodle and aaanorton, I haven't seen a Mac have trouble when waking up, but I have seen a lot of posts here over the last two years or so about people who had wake up problems with their original AirPort card-equipped iBooks or PowerBooks. There are also a lot of posts elsewhere remarking on this problem with Linksys, D-Link, SMC and Netgear PCMCIA wireless cards. The bottom line with it is that proper implementation of the wireless protocols lets these devices reconnect when the computer wakes up, and poor implementations don't. My original version Linksys WPC11 allowed me to turn off power management on it, and that cured the problem on one machine, but not when I used it on another. (Hmmm, what has Microsoft done to hose me up this time?) But when I used the software from that card's chipset manufacturer, it worked perfectly on both machines. Go figure...