New router installed
For a few years, I used a Draytek Vigor 2910 router, that includes Wifi and VoIP, and the ability to connect over ISDN (which I never used). That worked fine until the new ISP connection has been delivered. The new ISP has higher demands: IPv6 and multi-VLAN, to begin with. For all easy, they offer a router that is pre-configured for their connections: a AVM Fritz!Box 3790. It makes installation very easy, but the system has a few disadvantages compared to the Draytek: No logging to a syslog daemon; no facilities to block specific systems, ranges or networks. And, appearently, it cuases delays on internal traffic.
So I bought its successor: VG2920 Vn, it supports IPv6 and multiple VLANs.
Since this is the same line as its predecesssor, you could expect that configuration would be just a matter of loading the last saved configuration and adjust what’s added (and changed). But that is too simple. You have to do it all by hand, but that is not as bad as it sounds: access both of the routers and copy setiings from one side to the other. In most aspects, the UI is the same, in others, you really need to look further…But at some point, the basic configuration was such that I could connect to the ISP, and all Internet traffic – both outgoing and incoming – passes the router properly. Blocking works as well.
But accessing the FritzBox as an internal router – for VoIP – was a different matter, so I moved the phones to the Vigor as well. Both numbers now call out – calling them isn’t yet possible since the numbers were deactived by the errorenous deactivation of the connectrion in the beginning of December and not yet installed at the new ISP. But I followed the instructions and it should work.
Another thing to test is IPTV, which has been set up in it’s own VLAN and bridged to a specific port(though it is yet another protocol) so the Fritz!Box will have its use as a normal device – I hope that will work. It seems there is specific software in that box so I’ll need it for IPTV – but if it works without it, even better. That will become clear when IPTV is enabled. Three more weeks….
There is still a minor issue, though it seems to have no real implications – for now, at least: the Vigor doesn’t get an IP6 address. The ISP expects a DHCPv6-client that supports prefix delegation, but this router does not have a choice for “DHCPV6_IA_PD” as is mentioned in the manuals of the ISP. The configuration does show “DCCPV6_client” and a button for “prefix delegation” – and it requires an ID, but as the client, I can define my own. So I did, but still I don’t get an IP6 address….
It might help to take down the connection for some time, in order to run into a timeout so it must be re-initiated from the ground up. It won’t pose a problem in IP4 since it is assured the address won;t change, and it will actually re-initiate the IP6 DHCP again.
Asking the ISP – and the supplier of the router – may also help.
Spam comments arrived
I got a few “comments” – actually: spam messages – though you need to login to comment, and these comments do not come from a logged-in user. The other source of these messages might be a trackback. So I disabled pings alltogether
22-Jan-2013
VPN cannot be established
Following the description of AVM – the manufacturer of the Fritz!Box – to create a VPN tunnel, I found out it requires additional software on any PC that wants to set up such a connection: first in order to create a file (the connection is IPSec based), import that file into the router and into a PC-based program. The first is no problem, but the second one fails. Probably because the router cannot be located? Because though I should be able to connect over the designed port, eventually via a server at AVM, but that fails as well. I know I have remote management enabled, and all other access succeeeds (this post is proof of that…).
Merely a nuissance, I have already ordered the new Vigor router, and that will arrive any day of this week. Setting it up is easy aside the old one, just side by side: Although the 2920 is said to be the successor of the 2910, the configuration of the latter cannot be read in by the new version….Draytek could have done a better job.
Though it works now, the Fritz!Box lacks the facility to block access by address – be it a single address of a complete network. That already showed in the FTP and mail logs…..
16-Jan-2013
New ISP activated
Yesterday, even before the estimated time, the engineer came long to install the new Fiber modem and the new router. No IPTV yet, nor VoIP, although the connections are present: it seems there is some administration to attend first, but the new ISP has promised to work on it as fast as possible, since we’re unreachable by phone for over a month now….Worst case it could take another 2-3 weeks…
Next was the challenge to have DNS updated as soon as possible, so a mail was sent after a phone call, but it was impossible to handle the request that night. But it would certainly be the next working day – that is: today. Indeed, it looks that between 15:00 and 15:30 (local time) the domain registrations were updated.
Outgoing internet was (mostly) working. But incoming wasn’t because of the DNS issue.
But that alone doesn’t mean all is well…
The new router (Fritz!Box 3790) is not connected to be a router: all connections are on the LAN-switch, even the incoming from the modem. No real problem since the router uses VLAN tagging, and the different VLANs are bridged to different ports; it seems that the one carrying the incoming signal is passing the firewall to connect to the port routing into the LAN – presumably all traffic would pass to the Vigor router that is taking care of the boundary for years. In this respect, it would need to get another (fixed, of dynamic) address on the WAN port, and it would need to route all traffic over the new router.
However, that didn’t work as expected. Although I saw packages coming in, they were addresses to the internal address if the new router, and passing the answer back failed altogether, the default route being defined properly the software. The answer would be to bypass the Fritz!box – setting the VLAN up as a bridge, which has been done before (by a script) but that was not at all recommended.
This morning the first attempt was to use the Vigor 2910 insetad, but that fails to connect, because it doesn’t support IPV6 and VLAN tagging, as does its successor (Vigor 2920) or its smaller brother 2310 – though it looks that misses the highly validated security facilities. And because of the difference in price is not that big, I’ll purchase the first.
But to be able to be accessed in the mean time, I copied the port forwarding specification into the Fritz!Box; it didn’t help first since there was a route left over from earlier attempts…Once that was taken off, it all seems to work now.
That is: until a message sent from one of the PC’s was rejected due to denied access. Duh. The SMTP configuration still mentioned the SMTP-server from the previous ISP as alternate gateway. After I changed that, mail also worked. Now it is a matter of waiting for the DNS update has passed over the Internet so mails in transit will be delivered – on the right spot.
14-Jan-2013
Connection troubles – once more
At 12:21 local time (11:21 system time) the connection broke down again. Not just Internet (which O experienced), also phone and TV were gone. After waiting at the phone for about 20 minutes, I was able to contact my (then expected current) ISP to find out that the line had been taken over, presumably by my (then new) ISP, by which all services were gone, even the analogue and digital signal that are converted from fiber to coax. SO I called the new ISP and, after again, some waiting, I learned the line was indeed transferred and the new signal was all available on that connection. It’s just that the modem wasn’t installed.
This was weird, since I already had an appointment with the company that was to install that modem: on Feb. 1st, after postponing from Dec 28th. Indeed – but it was brought to today by the ISP, a ticket was created but since there already was an appointment set, there was no need to re-assign it to today.
Not too bright.
Anyway: the connection will be brought to life tomorrow (15-Jan-2013) between 1600 and 1700 – local time. Because the IP address for the new connection has been assign already (at least, I got an address in the confirmation letter) I can ask my DNS-registrar to reassign my addresses tonight. Or tomorrow morning, after confirmation from my ISP.
In the mean time, I can get on by specifying the addresses in the local configuration.
02-Jan-2013
Last – or first – maintenance
The last data of 2012 has been processed without a problem, not a real surprise, and it has been submitted to run on 1-Feb-2013, just like expected.
PMAS statistics for December
Total messages : 4806 = 100.0 o/o
DNS Blacklisted : 889 = 18.4 o/o (Files: 31)
Relay attempts : 50 = 1.0 o/o (Files: 27)
Accepted by PMAS : 3867 = 80.4 o/o (Files: 31)
Handled by explicit rule
Rejected : 3085 = 79.7 o/o (processed), 64.1 o/o (all)
Accepted : 237 = 6.1 o/o (processed), 4.9 o/o (all)
Handled by content
Discarded : 116 = 2.9 o/o (processed), 2.4 o/o (all)
Quarantained : 360 = 9.3 o/o (processed), 7.4 o/o (all)
Delivered : 69 = 1.7 o/o (processed), 1.4 o/o (all)
Just two files of 5 blocks attempting relay attempts, not a real surprise. Next, all files of 2012 are to be archived…
Webs on Daphne
Biggest issue with WordPress is lack of virtual memory. But after creation and installation of a second (and larger) pagefile, that was solved somewhat. This also proved the number of fileheaders in the master indez was exhaused, so I created a minimal procedure to purge the whole disk, and submitted that job to be run automatically each hour. That solved that issue, for now.
After the WordPress and real blog runs fine, I installed WASD 10.2 on Daphne as well, as well as another PHP-environment, copied from the SWS site; I also created a startup-file that is needed to have all logicals to be defined: PHP_ROOT and PHPSHR – and the shared image is installed by the procedure. This installation runs on another port as SWS so it allows both servers to run simultanously. But it is not possible to have the blog accessable by the two servers, because WordPress stores the URL of WordPress, and the blog in the database – including the portnumber, so the blog can only be accessed by one server, and because the other is running on another port, it cannot access the database….
Of course I could try using proxy, but that is not what I want. The fast way to get around it, is creating a blog and database per server, the right solution means the port number in the database to be variable, to be defined by the server, either taken from the URL, or defined in the configuration file per server. I have questioned it in a WP forum. But for now, I will use a separate blog for each server, until a solution has been found.
Apart from that: I tried the WordPress 3.5 test bklog under WASD, still using the ‘wrong’ port by a simple specification in the configuration file,just these lines:
exec /wptest/**.php (cgi-bin:[000000]phpwasd.exe)/wptest/*.php \
ods=5 script=syntax=unix script=query=none map=once
pass /wptest/* /wptest/* ods=5 search=none dir=noaccess
map /wptest /wptest/
and this works! Not entirely because the reference to the SWS environment. There is however a minor issue with the default homepage, but that can be solved.