Posted on

11-Feb-2013

Vigor and IPTV
Last friday I received the hardware to receive TV over IP for each TV, I now have a Motorola Setupbox, that will receive it’s software over the network. Different from the previous ISP, these are to be connected to the router. The signal is relayed in a different VLAN, not to be mixed with Internet traffic (so IPTV is not mixed with “normal” internet traffic) and VoIP – each of them travel in their own VLAN. So I had already setup the Vigor router to have this VLAN bridged to a particular port and separate LAN, and the switch to be used locally has been devided as well. Because of this separate VLAN, it is addressed separatedly. I hooked up the Fritz!Box onto that LAN, as I am told it contains specific software to faciliate the Motorola boxes, connected one of the bocxes to the Fritz!Box and had it boot.
It didn’t work as expected.
First of all, the receiver tries to connect to the network, but if found a DHCP service, which shouldn’t be there. Hoeverer, this separate LAN doesn’t have one , I deliberately disabled this service. Nevertheless, the receiver complaints about a DHCP-service on the “home LAN”. Obviously, there is one, but it resides on the LAN on which the normal internet traffic runs – and due to the setup, this IPTV-LAN should not locate it!
I did some experiments in setup in both the Vigor and the Fritz!box and at some point, the Motorola bootloader didn’t locate this DHCP service, and started loading software, and when that was done, I could watch television – but just the basics: no HD as I was expecting. It might have been too early 🙂
So that was one set working, so I saved both configurations and tried the second one.

Alas: the very same problem occurred: it ran onto a service similar to DHCP. The first one however, seemed to have been basically prepared, did no longe complain, started to load screens and data but it did not complete – it seemed to wait, and wait, and wait …for an answer that didn’t come. In the end, I decided to install the Fritz!Box for the time being, since it had already been set up to forward all internet traffic, so my experiments would not block any TV activity. Retesting will have to be done on moments that watching TV is no priority….

However, there now is one advantage: It could well be that changing the address of the LAN on which IPTV is to be served, will do the trick to pass IPTV through the Vigor: Since both Motorola boxes have now been initialized, I know their address and their default gateway – and that should be the address of this LAN interface. Probably – it is to be determined shortly.

Another thing: I also have a facility to use a fixed prefix so that all services will eb available over IPv6; and since this is a fixed one as well, it is likely that I can set this fixed in the Vigor router, bypassing the prefix-delegation problem. It is no problem either to have this router function as the DHCPv6 server in the home LAN, but that remains to be tested on OpenVMS. It might be that this server is not yet available….
Worst case, the Fritz!Box has to remain the main entrance, in that case I want all traffic but IPTV be passed to the Vigor. It is possible to bridge the normal IP traffic only – including IPv6 – and leave VoIP on the fritz!Box as well.
So this story is “To be continued”

Posted on

16-Jan-2013

New ISP activated
Yesterday, even before the estimated time, the engineer came long to install the new Fiber modem and the new router. No IPTV yet, nor VoIP, although the connections are present: it seems there is some administration to attend first, but the new ISP has promised to work on it as fast as possible, since we’re unreachable by phone for over a month now….Worst case it could take another 2-3 weeks…
Next was the challenge to have DNS updated as soon as possible, so a mail was sent after a phone call, but it was impossible to handle the request that night. But it would certainly be the next working day – that is: today. Indeed, it looks that between 15:00 and 15:30 (local time) the domain registrations were updated.
Outgoing internet was (mostly) working. But incoming wasn’t because of the DNS issue.
But that alone doesn’t mean all is well…
The new router (Fritz!Box 3790) is not connected to be a router: all connections are on the LAN-switch, even the incoming from the modem. No real problem since the router uses VLAN tagging, and the different VLANs are bridged to different ports; it seems that the one carrying the incoming signal is passing the firewall to connect to the port routing into the LAN – presumably all traffic would pass to the Vigor router that is taking care of the boundary for years. In this respect, it would need to get another (fixed, of dynamic) address on the WAN port, and it would need to route all traffic over the new router.
However, that didn’t work as expected. Although I saw packages coming in, they were addresses to the internal address if the new router, and passing the answer back failed altogether, the default route being defined properly the software. The answer would be to bypass the Fritz!box – setting the VLAN up as a bridge, which has been done before (by a script) but that was not at all recommended.
This morning the first attempt was to use the Vigor 2910 insetad, but that fails to connect, because it doesn’t support IPV6 and VLAN tagging, as does its successor (Vigor 2920) or its smaller brother 2310 – though it looks that misses the highly validated security facilities. And because of the difference in price is not that big, I’ll purchase the first.
But to be able to be accessed in the mean time, I copied the port forwarding specification into the Fritz!Box; it didn’t help first since there was a route left over from earlier attempts…Once that was taken off, it all seems to work now.

That is: until a message sent from one of the PC’s was rejected due to denied access. Duh. The SMTP configuration still mentioned the SMTP-server from the previous ISP as alternate gateway. After I changed that, mail also worked. Now it is a matter of waiting for the DNS update has passed over the Internet so mails in transit will be delivered – on the right spot.

Posted on

26-Oct-2010

WAN problems
Once more, incoming mail and FTP traffic were gone last Friday, but this time I could solve the problem by phone – got my son to reset the router. And last week, it happened again but since I was at home, I ran into it quickly and could reboot the router – and look for a reason.
I found it in the log:

Oct 24 01:20:02 Unknown Vigor: 128:41:57.600 wan->lan @S:R=13:1 p 67.195.111.16
Oct 24 01:20:07 Unknown Vigor: 128:42:03.490 wan->lan @S:R=13:1 p 67.195.111.16
Oct 24 01:22:03 Unknown Vigor: WAN 1 is down.
Oct 24 01:22:03 Unknown Vigor: WAN 1 is UP.
Oct 24 01:28:11 Unknown Vigor: --SendMailAlert--
Oct 24 02:14:32 Unknown Vigor: 129:36:36.140 lan->wan @S:R=13:1 p 192.168.0.2,6

and after that, the only incoming traffic passing the router is domain traffic (port 53) and mail (port 2525 in my case). No problem at all for outgoing traffic, just incoming fails time after time. It doesn’t even show up in the log, so the block is basicly on the front end. That also shows by the fact that accessing the secured webs on port 443, all browsers complain that the site’s certificate doesn’t match the one of the site. No wonder: the connection presents the router’s certificate!
Accessing the router from the inside works – but dead slow. Telnet however is fast as ever, so reboot is simple.

This shouldn’t happen in the first place. So I asked the dealer – and he passed information to Draytek – for a solution. Not in, yet…

Spam filter
The spam filter does some checks and the SMTP configuration doesn’t like it:

%%%%%%%%%%% OPCOM 25-OCT-2010 11:38:17.82 %%%%%%%%%%%
Message from user TCPIP$SMTP on DIANA
%TCPIP-W-SMTP_UNRSLVMF, MAIL FROM:< > has unresolvable domain

although this address is set to be acceptable in the SMTP.CONFIG file….Well, not much of a problem, it seems.. I only have to find out why this happens, and what is the consequence.

Another way to be a spammer
Spamfiltering, the Microsoft way – bitten, by itself.

Posted on

31-Aug-2010

No web access possible
This morning, I couldn’t reach the site over the web. Even more weird: then accessing the operator and mail sites, I got the worng certificate, the one of the router-firewall, and so the browser complaiend it was a different site…
It was only after when I got home I could try to locate the problem. Accessing the sites from the inside now didn’t succeed – all machines rendered the site inaccessable. Even accessing the router internally, using it’s web-interface, didn’t work. Just the header showed up, and the remaining data was not found.
Luckily, telnetting to the router was still possible, and that way I found a weird, second DNS mentioned, way outside the normal range but still ‘local’, on address 192.168.51.1. With no external management enabled, this is something where I need to dig deeper.
First of all, I rebooted the router – and after that, HTTP and HTTPS traffic was passed to the VMS box as usual. Next, I took a look to the logging I have enabled – and I found that the outside connection was dropped for a brief moment; followed by a number of PINGS to an external address, originating from the server a few minutes later. But there was no informtion what process issued them.

The weirdiest thing however is that it was just the web-interface having trouble. All outgoing traffic – and incoming mail was not effected at all. Nor was outgoing traffic, it seems.

I’ll have to do some digging. Luckily, I now have the router’s logfiles!

Posted on

10-Mar-2010

Spam source(s) unwired ?
yesterday’s surprise:
61 messages have been received yesterday; 11 have been delivered and 7 discarded. None has been quarantained and the rest (53) has been rejected anyway because of their presence in a blacklist, or because their score was way too high (> 200). Most numbers are rather normal, but none quarantained is remarkable.

Router issues
The new router allows two WAN connections, but the second one shares it’s outlet with one of the LAN ports. Here, I ran into a problem: when the printer is connected to this port, a static route is added to the route-table, and this causes a problem when a system on the LAN tries to access the internet – but existing connections seem to have no problem at all). This behaviour is shown in one of the diagnostic screens. The situation can only be reversed by removing the physical connection and reboot the router.
This has been communicated to Draytek, they have looked into it but said it should just work. But it doesn’t – and I tested it again, taking screendumps from what I’ve seen and sent it over to them. Now it’s just a matter of waiting on their reply. The problem is that I cannot tell – from the LAN – whether incoming traffic is also effected. It may well be, and therefore I cannot risk being locked out for some time.