Belkin DSL Modem Router Port Forwarding

I have replaced my Netgear wireless router with Belkin FD 2401 v1 (Wirelss modem router), I think it is worth bit over $60 on Ebay off the top of my head. It is overall more stable and reliable, so far so good.

While setting its port forwarding feature (Firewall > Virtual Servers), I noticed if the inbound port is a well known port number (0 - 1024) then it simply doesn't work i.e. no access.

However, any port outside this range (including registered ports) functions well - as shown in the examples beneath:

P.S. the Belkin is running on firmware 1.00.38(Jul 1 2010 13:40:12).

Moving to Ethernet over Power

It has been awhile since I last posted, been busy with other commitments.

In this post, I would like to share some recent modifications I made to my home networking.

Motivation

The original intention was to improve the Wifi performance at home. 

Originally, my laptop (in the study) is covered by the living room's Wifi coverage. 

Whenever I watch online TV or backup its files, my whole place's Wifi connection grinds to a halt. Also, the iPad is rendered useless.

The logical approach would be upgrading all my devices to 802.11n, but it is quite a substantial investment considering my laptop is a four years old Sony VAIO and I still use my iPhone 3GS, both supporting  only 802.11g. 

Also, I tried enabling DLNA on a 802.11n smartphone and streamed it to the WDTV media player. It just repeatingly halted. 

I felt there has to be a better option. 

Setup and two use cases

In large, there are three areas being connected: living area (wifi router), study and the storage room. The idea is to dedicate the Wifi signals to the portable devices (e.g. iPad, iPhone with no SIM).

In parallel, all the "non-internet" traffic are to be carried across the home's power line.

• (1) For example, I am using ownCloud to backup my photos and personal documents from my laptop (as illustrated by the blue line, "Use Case 1")

• (2) Likewise, if I would like to display my photos on the LED TV via WDTV media player, then I can share it from either my Laptop or ownCloud (DLNA enabled) – once again, all traffic through the Power line ("Use Case 2".

While all these happen. I can still use my iPad to happily browse the internet (red line), simply because the Belkin Wifi Router is not involved in these use cases.

Some details

If you look at the diagram more closely, there are several small boxes attached to the “Home Power Line” cloud in the center. These are the EoPs' plugs. Their models are Belkin Powerline AV (F5D4070) and TP-Link TL PA-201 respectively. 

This Belkin's support page article describes powerline adapters compatibility. By large, there two standards in the market today. HP 1.0 and HP AV. 

My working combination of Belkin and TP-Link are running on the older Home Plug 1.0 standard. This standard supports up to 85Mbps throughput. 

Originally, I bought a newer pair of Belkins Homeplug AV running on HPAV standard. Unfortunately, these newer plugs cannot detect other HP1.0 devices over the power line.

Further technical details

• The people on Whirlpool forum have done a much better job than myself analyzing Ethernet over Power products available in the market. It’s worth a read if you are considering using it for your home.

http://forums.whirlpool.net.au/archive/1512203#

• I am no electrical engineer, but I do suspect my results may have to do with multiple phases and circuits, as detailed in this Intellon Whitepaper. Cross phase coupling is still good technical information.

http://www.smallnetbuilder.com/mydownloads/plc_cross-phase_coupling.pdf

Glad to hear what you think or your experiences.

Some Tips On Home Networking

A while back, I was chatting with a friend as he was renovating his place and would like to setup his home network (or internet enabled/ multimedia/ high definition/ 3D entertainment center). This eventually became lots of emails exchanged over a period of one and a half year.

Given this background, I have pieced together some tips and information as a reference for those who are interested:


Connection Medium
For home networking, the purpose of any connection is to create a common LAN (Local Area Network) segment. All devices (e.g. laptop, igadgets, alarm clocks) that are connected to the same segment can "speak" to each other. 


1. The most popular connection medium is copper, also known as Cat6. Theoretically supports up to 10Gbps throughput, it depends on the device(s) you are connected to. 
Also, keep in mind the maximum reach is 100m


2. Network over Power leverages your existing electricity connection to extend the reach of Cat 6. Be sure to check the speed supported by the connection interface. For example, if it says 10/100 that means it supports either 10Mbps or 100Mbps.


3. Wireless connection WiFi, or 802.11a/b/g/n with "G" supporting up to 54Mbps (actually 22Mbps in reality due to interference, or half-duplex behavior for the geeks) and "N" is the latest standard supporting up to 300Mbps in theory. 


4. Did you know that there are ethernet/ coaxial cable adapters available in the market? 


On Wireless
- For wireless, ensure your laptop and access point actually have the same mode (g/n) configured. A real story, a friend was complaining about his latest 802.11n laptop often taking awhile to connect to the internet, it turned out his AP supported only 11g and he was waiting for the laptop to "give up" on n and fallback to g. 


- Slightly more details, also be mindful of mixed mode of operation e.g. some devices support 802.11g while other 802.11n in the same Wireless LAN segment. While 802.11n standard has something known as Mixed Mode Format protection build in, for earlier standards e.g. 802.11b/g, mixed mode operation results in a "hit" in throughput performance (I do confess I have not had a chance to try this)


Data and Bandwidth
- Is the data going to stay within your home? For example, is the connection dedicated to streaming HD videos from the NAS on the first floor to the media player on the second floor? Also, is it necessary to have a dedicated 1Gbps connection for internet access, if (say) your home has only DSL access which max at 12Mb/1Mb?


- By the way, it turns out only 10Mbps is required to stream HD video in theory, although real life experience showed even streaming mpeg-2 (dvd quality) over 802.11g shows pause every couple of minutes.


Storage and files access
- Today, most of the off-the-shelf NAS (Network Access Server) supports iTune, so the media files it store are accessible from your iPhone/Pad via wireless (on the same LAN segment).


- What if I want to access my storage while I am away? Do I have to setup dd-client for reverse DNS, security?
How about a simpler solution, have you tried using Dropbox? It is free and is supported on Windows/ Linux/ iOS/ Android... 


Basic Security tips
- Always, always upgrade device firmware when possible. 
- Have you setup your WPA2 authentication on the wireless network? 


What's next? 
- I keep hearing news about Apple TVs and Samsung, I mean, even Ubuntu is onto this... but personally I see more potential in this technology - imagine swiping the web browser from your smart phone onto your TV in real time just like the movie Iron Man 2. 

On Netgear WNR2000 Wifi Router (for Linksys ATA and Iomega NAS to work)

It has been almost 6 months since my last post... I believe I have collected sufficient information from using the Netgear WNR2000 wifi router for another post. By the way, this router is 3 years old and was released back in June 2008 (http://routers.productwiki.com/netgear-wnr2000/).

I purchased a Linksys ATA device and in the process of getting it work behind the Netgear router, there were several interesting findings with regards to the port-forwarding settings:

1. Using WNR2000 default settings, the Linksys ATA could only make out-going phone calls. Incoming phone calls resulted in a "person you are trying to call is unavailable..." message, despite successful SIP registration.

2. Netgear WNR2000 port forwarding settings only came into effect AFTER the router rebooted.

3. F.Y.I. I configured static IP address on the Linksys ATA device (which, by the way, only comes into effect after disabling DHCP on Linksys ATA)

The following Port Forwarding rules were referenced from another post, and the rule numbers on WNR2000 MATTERS. Have them configured the other way around and incoming calls would't work.

Rule 1: Permit UDP 5060, Linksys ATA static IP

Rule 2: Permit UDP 16384 - 16482, Linksys ATA static IP

I also own an Iomega NAS (with an Ethernet port). Interesting enough, everytime after I restarted my laptop, the NAS' share drives were no longer visible (The laptop connects to the same Netgear AP which the NAS is also connected to through a CAT5e). Out of interest, Wireshark capture indicated that when Iomega started up, it first multicasts MDNS queries (port 5353 rather than UDP 53 for standard DNS).

This was then followed by exchanging SMB messages (TCP 445) between the laptop and NAS. While I am no expert in SMB, I recall reading messages annoucing each of the shared directories.

As such, it would appear either the NAS stopped annoucing these messages after the TCP connection timed out (due to laptop restart), or the wireless router stopped new TCP sessions from being established.

The only workaround was to restart the wifi router. Afterwards, the NAS shared drives would magically become visible from my laptop again.

P.S. This morning the Netgear router finally gave in after several restarts. Both my laptop and iPhone had difficulty connecting to the AP. As a result, I have replaced this router with a TP-Link TL-WR740. Upgraded this box to the latest firmware and so far so good... the Linksys ATA was a matter of simply plug-and-play while the IP NAS has remained visible so far... perhaps I shall have more to add after another couple of months.

P.P.S. For convenience, the dialplan on the Linksys ATA has been simplified from
# Original dialplan, local calls only

(*xx|[3469]11|0|00|[2-9]xxxxxx|1xxx[2-9]xxxxxxS0|xxxxxxxxxxxx|<#0:>xx.<:@gw0>.)

To
# For dialing everything
(*xx|xxx.)

Cost Comparison between EoP versus Wifi

Background/ Requirements
I have moved home recently. There are two TV sets connected to a Western Digital Live Media Player and XBMC respectively. Both requires wired Ethernet connection to a Netgear wireless router located in a separate room, in order to access the internet:

The TV connected to XBMC is sitting in a different room. I am reusing the previously built solution DD-WRT Wifi client http://homeopensource.blogspot.com/2010/03/converting-wifi-adapter-into-80211g.html

This setup has proven to be quite reliable, although its throughput is only around 5Mbps. For example, copying a 1.36GB file (DVD) from my laptop to the XBMC takes around 37minutes.

While this is ample bandwidth for Standard Definition video streaming (and of course internet radio stations ~128kbps), the video quality degrades significantly when, say, I am using my laptop to access the internet. 

I would like to calculate the cost of setting up internet connection for the WD Media Player, connected to the second TV through HDMI. It is intended to stream High-Def contents so the bandwidth required will be higher than 11g. Also, I would prefer my YouTube videos being unaffected by wireless internet connection.

Wireless Connection (G/N Dual-Band)

Initially, I considered using g/n dual-band setup with the Access Point supporting both G and N clients simultaneously. A forum post indicates this setup works quite well (http://forums.whirlpool.net.au/archive/1226195) and should be able to support up to 80Mbps throughput - more than sufficient for HD streaming. There is only the additional cost of purchasing a 11n client with a Ethernet port, but unfortunately, they are hard to come by. As most of the commercially available wireless routers' firmware only allows the device to be configured as an Access Point, if I were to go for a wireless router, then it must support DD-WRT.

Ethernet over Power (EoP) 

This device essentially transmits data signal across the residential circuit using a different frequency band to that of electrical, in another words it acts bit like a frequency modulator. Its operation is straightforward, there is no software driver nor any configuration required, simply plug-and-play. I have managed to find an extensive review on TP-Link TL-PA201 EoP adapters (http://www.tp-link.com/products/productDetails.asp?pmodel=TL-PA201), along with its throughput performance http://www.vitocassisi.com/archives/790/6, which is quite similar to that of 802.11n.

Price Point
I searched www.msy.com.au, and found a DLink DIR-600 WirelessN router selling for $50.00, whereas the TP-Link TL-PA201 EoP adapter pair is selling for $109.00 - roughly $60.00 difference. The wireless solution is still significantly cheaper than the EoP adapter pair.


Conclusion

This analysis is rather preliminary in terms of its application (streaming video to TV). Consider when additional users require internet access. Most importantly, the smartphones definitely cannot benefit from a pure Network over Power setup. In another words, NoP effectively hinders internet mobility. This means a wireless router is needed nonetheless. Whereas in a pure wireless environment, we would see a degrade in performance as the number of devices grow, which is bad news for bandwidth sensitive IPTV applications.  

In summary, EoP shows lots of potential (e.g. ease of use, high-throughput, operates independently to wireless internet and no new wires across home required), but it is the pricing and limited application at this stage, that hinders its popularity. In fact, I see these two technologies complimenting each other more than one is better than the other.

Note: 

For those who are interested, please take a look at the FAQ for EoP on Netgear's website, it contains lots of good information including the recommended (maximum) number of EoP adapters, expected throughput etc...

XBMC and DD-WRT Wireless Client

The "Home Media Centre" concept can be summarized as turning your television set into an entertainment centre, i.e. migrating what you usually do on your computer to your TV; such as watching mpeg videos, photos, DVDs, YouTube, IPTV, internet radio and various other medias stored on a hard-drive or over the internet.

Over the past couple of weeks, I have managed to setup my own low-cost media center for around $130, with most of the cost going to a brand-new wireless router as you shall read.

A couple of months ago, I bought a pre-owned Microsoft XBox (the original one) for $50 and installed XBox Media Centre (XBMC http://xbmc.org/) onto it. I followed one of the softmod installation guides found on the internet, which was pretty straight-forward. I completed the whole process at home without needing to bring the console to a shop and modify its hardware. The installation process basically utilizes another desktop PC as a platform to load XBMC OS onto XBox's harddrive (through IDE cable) as though it were its own, and then it's done.

Then I connect the media centre to the internet. My ADSL modem is located quite far away from the television set. As I have previously setup wireless internet, I decided to install dd-wrt (v24-sp2) onto D-Link's DIR 600, set it to "repeater bridge" mode and connect to the xbox with Ethernet cable. As a side note, the wireless router cost me more than $70 but supports only 802.11g...

In terms of functionalities, the original Xbox has component cables (Yellow/Green/White) supporting SD (standard definition) video - good enough for watching DVDs.

The whole setup is now sitting in my living room. I use it mostly for listening to internet radio provided by my ISP and occasionally watching DVD. I have also downloaded a YouTube script so I can watch YouTube on TV... although the Xbox seems to struggle with High-Definition videos. Nonetheless, it is still good value for $50.

As a side note, I also purchased Xbox's DVD kit over Ebay, giving me a remote controller to this media centre. There are some photos of this setup in the "photo gallery"...

Converting WiFi Adapter into 802.11g Access Point (WPA2-PSK) on FreeBSD

I originally had an ASUS WL500g Premium running on DD-WRT (released back in 2006), configured as Access Point with DHCP forwarding enabled. This allowed my laptops and iPhone at home to connect to this AP and automatically connect to the internet through BSD gateway.

I bricked this WiFi router when I did a software upgrade. At the same time, I also have two other WiFi routers at home - NetGear WNR2000 and TP-Link TL-WR740N. Both cannot be configured as WiFi Ethernet Bridge, nor have DHCP forwarding options. Also, there's no DD-WRT support.

I do not wish to add another layer of NAT for my home network, so I purchased the most economical WiFi Adapter I could find and convert it into a WiFi access point. The Adapter is TP-Link TL-WN851N (onboard PCI), running on Atheros 9280 chipset.

Configuring WiFi Access Point

From memory, the necessary kernel options for Atheros driver are already present in GENERIC file by default, so probably no further work was required... there is a chapter in FreeBSD handbook on "Wireless Network" for reference. http://www.freebsd.org/doc/handbook/network-wireless.html

Afterwards, I installed the hardware, startup BSD and the WiFi adapter was correctly recognized as "ath0":

ath0: (Atheros 9280) mem 0xfc500000-0xfc50ffff irq 5 at device 4.0 on pci5

ath0: [ITHREAD]

ath0: AR9280 mac 128.2 RF5133 phy 13.0

Then I proceeded to configure it. It was when I noted the system wouldn't allow me to provision any parameters using "ifconfig ath0". Did some research online and noted in FreeBSD 8.0, a virtual device (wlan0) has to be created prior to provisioning any WiFi configuration... which is different from previous BSD releases [http://forums.freebsd.org/showthread.php?t=11978].

Here is how I created my pseudo wireless device, wlan0. I also needed to set the option "wlanmode hostap" for it to be created as access point:

# ifconfig wlan0 create wlandev ath0 wlanmode hostap

Setting the AP to be WPA-PSK mode requires hostapd. There is an rc.d script to start this. My configuration file "/etc/hostapd.conf" is as follows:

interface=wlan0

debug=1

ctrl_interface=/var/run/hostapd

ctrl_interface_group=0

ssid=(your-ssid)

country_code=AU

hw_mode=g # I tried setting this to 802.11n, but encountered some error.

channel=0

basic_rates=60 120 240

wpa=1

wpa_passphrase=(wifi-passphrase)

wpa_key_mgmt=WPA-PSK

wpa_pairwise=TKIP CCMP

Finally, set IP interface on wlan0 and update DHCP daemon, along with other services to listen on this interface.

To startup this service when system boots, add the following to "/etc/rc.conf" file

wlans_ath0="wlan0"

create_args_wlan0="wlanmode hostap"

hostapd_enable="YES"

ifconfig_wlan0="inet 192.168.2.1 netmask 255.255.255.0 up" # Gateway

So this is how to set your WiFi adapter to become a Wireless Access Point.

After Thoughts - Usage Notes

Having used this for awhile, I must admit it is not as stable as having a dedicated Wireless router. The wireless connection would drop occassionally while "dmesg" kept displaying the message "ath0: stuck beacon; resetting (bmiss count 4)".

I found this wikipage dedicated to the stuck beacon issue. [http://madwifi-project.org/wiki/StuckBeacon]. While I have not resolved the root cause, the issue has been mitigated through running the sysctl variable: net.wlan.0.bmiss_max: 2 -> 10

Here with my setup today... 

[Jan 2012] An additional note: this wireless setting supports WPA authentication, but not WPA2 authentication. 

Internet Connection Failover with PPPoE (DSL) and 3G USB Wireless

Prior to signing up my DSL connection, I also have 3g wireless internet access, which comes with a Huawei E220 dongle. "dmesg" confirms the BSD system can detect this dongle correctly:

ugen1.2: HUAWEI Technologies at usbus1

umass0: HUAWEI Technologies HUAWEI Mobile, class 0/0, rev 1.10/0.00, addr 2 on usbus1

cd0: HUAWEI Mass Storage 2.31 Removable CD-ROM SCSI-2 device

In addition, I have also purchased a TP-Link TD8810, 1 port DSL modem to replace the D-Link DSL modem which bricked. TP-Link modem is cheap ($39 from MSY I last checked), and is configured as an DSL bridge.

Hence, I have created two profiles in the ppp daemon configuration (/etc/ppp/ppp.conf) respectively:

dsl:

set device PPPoE:fxp0 # interface where PPPoE session is dialed out.

set authname

set authkey

set dial

set login

add default HISADDR

3g:

set device /dev/cuaU0.0

set speed 57600

set phone *99\#

set authname

set authkey

set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0

set vj slotcomp off

add default HISADDR

Choose any name you like for both dsl and 3g. Note that for the 3g profile, the line "set ifaddr" is required otherwise dialing ppp gives you an "unable to create IPCP interface" error.

The ppp connection is invoked through "ppp -nat -ddial DSL/3g". Upon successful establishment, "ifconfig" would display a "tun0" interface with two IP addresses (lo0 and public IP).

Add the following to "/etc/rc.conf" so that everytime BSD starts up, it dials PPPoE out of the DSL link:

router_enable="NO" # So BSD does not removes ppp learnt default route

ppp_enable="YES"

ppp_mode="ddial"

ppp_nat="YES" # Original "natd" has been disabled.

ppp_profile="DSL"

I also wished to implement some failover feature. In case if the PPPoE session over DSL gets disconnected, the system would automatically dial out of USB dongle.

By googling failover scripts, I found a very simple script and modified it slightly to suit my needs:

#!/bin/sh

# 1. ping "www.google.com.au" five times. Count the successful pings by grepping the words "bytes from".

count=$(/sbin/ping -c 5 www.google.com.au | grep -c 'bytes from' )

# 2. if ping failed, then stop VoIP and remove "tun0" ppp interface.

# Re-dial ppp session using 3g profile, with "nat" option.

if [ $count -eq 0 ]; then

/usr/local/etc/rc.d/asterisk stop

/etc/rc.d/ppp stop

/sbin/ifconfig tun0 destroy

/usr/sbin/ppp -nat -ddial 3g

fi

I placed this into crontab and runs it once every minute or so. Not the most sophisticated script I admit, although it certainly does the job.

P.S. I have also read about "mpd" multi-protocol daemon being a good choice in implementing what I wish to achieve, and BSD has some firewall packages supporting connection failover or even load sharing (per TCP session, I suppose?). I must admit I have not look deeply into them, so any comments or ideas to improve this implementation is much welcomed.

Internetworking - Day One

The original setup of my home network's gateway was as follows:









For internet access, the BSD system was connected to D-Link 502T configured as a NAT. I used an old 3Com 10/100 NIC PCI (xl0) for this purpose. For internal network, I connected the onboard Intel NIC (fxp0) to an old ASUS WL-500g Premium running on DD-WRT v23 SP2 (09/15/06). The firmware was quite dated but it worked as a WiFi Ethernet Bridge. I configured the ASUS as G-only, AP mode and enabled DHCP forwarder to BSD's internal interface IP address (DHCP listening).

WiFi Ethernet Bridge would be much better than having yet another layer of NAT. It also meant I could ssh into the BSD system through WiFi without setting port forwarding. The BSD system was configured as a NAT device itself to route traffic between internal network and internet access interface.

Diving into more details of BSD's configuration:

In summary, the /etc/rc.conf file included:
- enable BSD as gateway
- set "dhcp" to xl0 interface (internet access)
- set static ip to fxp0 interface (dhcp server address)
- enable nat and ipfw
- enable dhcpd
- enable named

"natd" came with 8.0 installation, and invoking it was as simple as adding afew lines to /etc/rc.conf file. Note the "natd_interface" refers to internet access interface, not the internal facing one.
"firewall_enable" requires kernel to be configured and compiled.

options IPFIREWALL ### NAT Service
options IPFIREWALL_VERBOSE ### Syslog logging
options IPDIVERT ### Socket Divert

In regards to the DHCP server, I did a "make; make install" under /usr/ports/net/isc-dhcp31-server directory for installation. After that, modify the /usr/local/etc/dhcpd.conf file to define DHCP listen interface and other related parameters.
# DHCP Listen interface
DHCPDARGS=fxp0; # Internal network.

Lastly, I installed DNS server (/usr/ports/dns/bind97), and configured the named.conf file. "forwarder" to localhost was configured:
forwarders { 127.0.0.1; };

This meant all DNS queries coming from internal network were consulted by /etc/resolv.conf as populated by upstream (D-Link) NAT gateway.

Restart the system "shutdown -r now". Congratulations, now you have your own Open Source NAT gateway.


There were many guidelines posted by the community on setting up BSD as NAT gateway, I referenced some of them and apologies for the lack of references in this post. However, I must say the settings are more or less the same for everybody...
Please feel free to contact me if you would like to see any of the configuration files, I am happy to share the setup in more details. (although today the setup is quite different from the "day one" configuration, I have the configuration backup).