Router Comms
Robb01
I have a problem with comms between my Home Network Router and the wan
port of my Asus wl-520GU router. The HNR browser interface indicates
that the wireless connection from the Asus to the HNR is 192.168.0.7
where the HNR is at 192.168.0.1. The laptop can ping the HNR ok but
when I ping to 192.168.0.7 I get:
PING 192.168.0.7 (192.168.0.7) 56(84) bytes of data.
From 192.168.0.7 icmp_seq=1 Destination Port Unreachable
traceroute however says:
traceroute 192.168.0.7
traceroute to 192.168.0.7 (192.168.0.7), 30 hops max, 60 byte packets
1 192.168.0.7 (192.168.0.7) 170.660 ms 170.496 ms 170.389 ms
which suggests to me that packets are being received. Is that a
correct interpretation?
I can ping successfully between 2 PCs connected to the router.
Andy set the Asus firewall up with (thanks Andy):
# Enable SSH (port 22) for remote access
iptables -t nat -A prerouting_rule -i eth0.1 -p tcp --dport 22 -j
ACCEPT
iptables -A input_rule -i eth0.1 -p tcp --dport 22 -j
ACCEPT
# Enable LuCI web server for remote access (port 8080)
iptables -t nat -A prerouting_rule -i eth0.1 -p tcp --dport 80 -j
ACCEPT
iptables -A input_rule -i eth0.1 -p tcp --dport 80 -j
ACCEPT
# Enable Ser2Net for remote access (port 2000)
iptables -t nat -A prerouting_rule -i eth0.1 -p tcp --dport 2000 -j
ACCEPT
iptables -A input_rule -i eth0.1 -p tcp --dport 2000 -j
ACCEPT
and it worked ok at the 'Space. Suggests that the problem is with the
HNR but the firewall there is disabled and I have tried port
forwarding for ports 80 and 22 without success. HNR is Netgear
CDG24N.
Any ideas?
Thanks Rob B.
Sam Sabey
Hey Rob,
Have you got stateful packet inspection running on the HNR?
Sam.
> --
> You received this message because you are subscribed to the Google Groups "Aiko distributed platform" group.
> To post to this group, send email to aiko-p...@googlegroups.com.
> To unsubscribe from this group, send email to aiko-platfor...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/aiko-platform?hl=en.
>
Robb01
the firewall enabled or disabled the ping is unsuccessful. Telnet and
ssh obviously won't connect either.
Rob.
Robb01
SPI Firewall Help
When Firewall Features are enabled, the gateway will perform Stateful
Packet Inspection (SPI) and protect against Denial of Service (DoS)
attacks.
but seems not to help.
Rob
Andy Gelme
On 2010-11-6 17:39 , Robb01 wrote:
> I have a problem with comms between my Home Network Router and the wan
> port of my Asus wl-520GU router.
Surprisingly, in your original email ... you didn't actually state the
details of what the problem is.
Can you please include what you were attempting to do ... and how it
didn't work (compared to what you expected).
For the moment, I'll assume that you are trying to access the
Aiko-Gateway (ASUS router) web-server and/or SSH connection using your
laptop PC connected to your Home Network Router.
> The HNR browser interface indicates
> that the wireless connection from the Asus to the HNR is 192.168.0.7
> where the HNR is at 192.168.0.1. The laptop can ping the HNR ok but
> when I ping to 192.168.0.7 I get:
> PING 192.168.0.7 (192.168.0.7) 56(84) bytes of data.
> >From 192.168.0.7 icmp_seq=1 Destination Port Unreachable
It is possible that the Aiko-Gateway (ASUS router) is configured to not
respond to "ping" (ICMP) messages.
See https://forum.openwrt.org/viewtopic.php?id=19162
Ensure that "ping" (ICMP) is enabled.
> traceroute however says:
> traceroute to 192.168.0.7 (192.168.0.7), 30 hops max, 60 byte packets
> 1 192.168.0.7 (192.168.0.7) 170.660 ms 170.496 ms 170.389 ms
Traceroute uses a different mechanism (compared to "ping") ... which is
why you are seeing different results (between "ping" and "traceroute").
With TCP/IP and UDP/IP and ICMP there are several layers and different
protocols. On top of that, there is DHCP, DNS, routing / gateways and
firewalls.
When resolving difficulties, you need to diagnose and ensure that each
piece is working correctly ... starting from the bottom (IP / ICMP) and
working up.
I don't wish to put you off ... but, it is less frustrating if you are
aware of what is involved and how it hangs to together.
Typically, home routers (either commercial-off-the-shelf or D.I.Y like
OpenWRT) are set-up for the most common usage scenarios. As soon as you
attempt to do something custom ... it is possible, but you need to have
some working knowledge of what's under-the-hood.
> and it worked ok at the 'Space.
What we tried at CCHS was ...
1) Using a PC on the LAN (side of the Aiko-Gateway) to access the web-server
2) Using a PC on the LAN (side of the Aiko-Gateway) to connect via SSH
3) Using a PC on the WAN (side of the Aiko-Gateway) to access the web-server
4) Using a PC on the WAN (side of the Aiko-Gateway) to connect via SSH
I don't recall using either "ping" or "traceroute" on the WAN (side of
the Aiko-Gateway).
Your email doesn't mentioned what you've attempted regarding either HTTP
or SSH access, which is what we set-up.
I'd suggest that from your laptop PC on the WAN (side of the
Aiko-Gateway) you use "telnet" (which is what we used at CCHS) and try ...
telnet 192.168.0.7 80 # HTTP
telnet 192.168.0.7 22 # SSH
... and let us know what happens then.
> Suggests that the problem is with the
> HNR but the firewall there is disabled and I have tried port
> forwarding for ports 80 and 22 without success
You will definitely NOT need to change the "port forwarding" on your
Home Network Router, because both your laptop PC and the Aiko-Gateway
(ASUS router) are both on the Home Network Router LAN, i.e. there is no
need for port forwarding. I'd recommend that you undo any specific port
forwarding that you've made on your Home Network Router, in regards to
this problem.
Port forwarding is only required when trying to permit connections from
the WAN-side of a router interact with devices on the LAN-side of the
router.
As you noted in your email, there was port forwarding set-up on the
Aiko-Gateway (ASUS router) for ports 22, 80 and 2000, so that devices on
the WAN (side of the Aiko-Gateway) can connect to the services running
on the Aiko-Gateway. That's the only port forwarding required in your
desired set-up ... and, as noted, this worked at CCHS ... and should be
sufficient at your home.
--
-O- cheers = /\ /\/ /) `/ =
--O -- http://www.geekscape.org --
OOO -- an...@geekscape.org -- http://twitter.com/geekscape --
Robb01
On Nov 7, 1:40 pm, Andy Gelme <an...@geekscape.org> wrote:
> Surprisingly, in your original email ... you didn't actually state the
> details of what the problem is.
>
> Can you please include what you were attempting to do ... and how it
> didn't work (compared to what you expected).
troubleshooting the real problem of not being able to connect to
192.168.0.7 using any of http, telnet or ssh using their appropriate
ports.
> 3) Using a PC on the WAN (side of the Aiko-Gateway) to access the web-server
> 4) Using a PC on the WAN (side of the Aiko-Gateway) to connect via SSH
> I'd suggest that from your laptop PC on the WAN (side of the
> Aiko-Gateway) you use "telnet" (which is what we used at CCHS) and try ...
>
> telnet 192.168.0.7 80 # HTTP
> telnet 192.168.0.7 22 # SSH
>
telnet: Unable to connect to remote host: Connection refused
telnet: Unable to connect to remote host: Connection refused
Thanks Andy.
Rob
Sam Sabey
It seems your Aiko Gateway/SEGbox is online, it's hitting api.smartenergygroups.com at the time of this email, including data from your SEGmeter! Great stuff!
At my home, if I want to talk to any of my Aiko Gateways I determine their ip address from my ADSL modem/router and ssh directly in, eg.
for gateway 1
ssh ro...@192.168.0.23
for gateway 2
ssh ro...@192.168.0.55
etc...
This is ok, however mostly I use the wifi from the Aiko Gateway/SEGbox to connect my pc, then just ssh directly to the relevant address, e.g. 192.168.100.1
Sam.
Andy Gelme
On 2010-11-7 23:07 , Robb01 wrote:
> The comments relating to ping and traceroute were my attempts at
> troubleshooting the real problem of not being able to connect to
> 192.168.0.7 using any of http, telnet or ssh using their appropriate
> ports.
> telnet 192.168.0.7 80 # HTTP
> Trying 192.168.0.7...
> telnet: Unable to connect to remote host: Connection refused
> telnet 192.168.0.7 22 # SSH
> Trying 192.168.0.7...
> telnet: Unable to connect to remote host: Connection refused
Thanks, now we can see what is broken.
Have you confirmed that the Aiko-Gateway WAN IP address is definitely
192.168.0.7 ?
Briefly connecting your PC to the LAN-side of the Aiko-Gateway and using
the OpenWRT LuCI web-interface may be the quickest (and most reliable)
means of verifying the details of the Aiko-Gateway WAN-side
communications configuration.
Did you try "enabling ping (ICMP)" for the WAN-side of the Aiko-Gateway
(as suggested in the previous email) ? What was the result ?
You might also like to try ...
- Connect your Aiko-Gateway WAN to your home network (so it has internet
access)
- Connect your PC to the LAN-side of the Aiko-Gateway
- See if you can access anything on the internet, e.g. some web-site or
"ping google.com"
- From your PC (still connected to the Aiko-Gateway LAN-side) use "ssh
ro...@192.168.1.1"
- When logged onto the Aiko-Gateway try ...
- ping your home network router ... "ping 192.168.0.1" (I presume)
- ping something on the internet ... "ping google.com" (that will
also check DNS)
- ping another device on your home network ... "ping 192.168.0.???)
I believe that testing some of the more fundamental (and simpler) cases
will either ... (1) give you confidence in the basic networking
configuration, or (2) discover a network configuration problem. Either
result is helpful. It is best to work from simpler towards more complex
network set-ups ... until it is all understood by you and working correctly.
If you bring your Aiko-Gateway router along to the CCHS meeting tonight,
we can re-check it ... and then, go through a diagnostic process that
you can try at home.