XplornetSUCKS  

Go Back   XplornetSUCKS > Satellite Forum (Telesat Anik F2/F3. Hughesnet Spaceway3 KA. KU.) * (older satellites) *
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 11-24-2007, 06:25 AM
Brad R Brad R is offline
Linux Member
 
Join Date: Apr 2007
Location: Ontario
Posts: 607
Arrow Satellite FAQ: Using a Router

(Although I know a little about Internet protocols, I am not a router expert. And there are hundreds of different home and small office routers, all different. I'm going to put some general information about routers here, and then describe how I have configured my particular unit. I encourage others who have successfully used routers with Xplornet to add their own posts, describing their configuration and any problems/fixes they have encountered. - Brad)

If you want to share your Xplornet connection among several computers in the same house (or office), you have two alternatives. 1. Enable "Internet Connection Sharing" on the computer which is plugged into the Xplornet modem, and leave that computer switched on. 2. Use a "router." This FAQ is about option #2.

A router is a small box that connects between your Xplornet modem and your computer(s). Typically it will have jacks for four computers; sometimes more. Do not confuse a router with a similar-looking Ethernet "switch" or "hub". To share your Xplornet connection, you need a router. (If you're using the HughesNet service sold by Xplornet, with the HN7000/7700 modem, you can use a switch or hub. These modems contain their own routing capability.)

Code:
                      __________
[Computer #1]--------|          |
[Computer #2]--------|  router  |
[Computer #3]--------|LAN    WAN|--------[Xplornet modem]
    etc.     --------|__________|
Your computers connect to the "LAN" (Local Area Network) side of the router. The "WAN" connection is to the "Wide Area Network", which means the whole wide world (via your Xplornet modem). If you have a wireless router, any computers in your home which use a wireless connection are also part of the "Local" network.

Network Address Translation

Here's how a router works. When a computer is connected to the Internet, it is assigned an IP address. This is sort of like a phone number, except it has four parts, like 208.114.123.111 (I just made this one up). For Xplornet, this address gets assigned when your modem establishes a connection ("receive" light stays on). If you have one computer, this address gets assigned to your computer.

If you have more than one computer, each one needs its own IP address. But Xplornet gives you only one. Here's where the router comes in. The IP address you get from Xplornet is assigned to your router. On the LAN side, the router assigns its own IP addresses to all the computers. Typically these will be something like 192.168.0.1, 192.168.0.2, 192.168.0.3, and so on. (The numbers may vary from router to router.)

Now, when computer #1 sends a request, it sends it as 192.168.0.1. The router intercepts this request and changes it to a request from 208.114.123.111 (using my made-up example). When the reply comes, the router is smart enough to send it back to the correct computer. This process is technically known as "Network Address Translation", or NAT.

DHCP

The trick with a router is (a) making sure it gets an IP address from the modem, and (b) making sure your computers get their IP addresses from the router. In both cases this is normally done automatically, with a protocol called DHCP.

When your Xplornet modem establishes a connection, it can assign an IP address. (As far as I can tell, this is done by the server at Xplornet, not by the modem itself. In this regard it is exactly the same as a dial-up modem.) Your router sends a "DHCP request" to the modem to get this address. Depending on the design of the router, you may need to wait until the satellite connection is established before turning on the router.

Likewise, you usually need to turn your router on before you turn on your computer. When your computer boots up, it will send a DHCP request to the router. The router can assign an IP address to your PC even if the "Wide Area Network" is not working -- this is how you can share files between your PCs.

When you shop for a router, make sure it includes NAT (sometimes called "Internet connection sharing"), and a "DHCP Server." Almost all modern routers for home and small-office use include these.

Installing a Router

OK, really you need to look at the instruction manual for your router. But in general terms, it's pretty simple:
1. Plug an Ethernet cable between the router's "WAN" jack and the Xplornet modem jack.
2. Plug an Ethernet cable between your computer's Ethernet jack and any one of the "LAN" jacks on the router.
3. Repeat step 2 for additional computers.
4. Connect power to the router.

You will also need to configure your router, and there are no general instructions for that. (Let's hope people post instructions for their specific routers.)

One caution: sometimes you will find "crossover" Ethernet cables which are intended to connect one computer directly to another. Do not use these. From the computer to the router, and from the router to the modem, you should use "straight" Ethernet cables.

Most home routers have a configuration page that you access from your web browser. If you can access your router's built-in web page from your computer, then you know the cable from your computer to the router is good, the router is working, and your PC has been assigned an IP address.

On this configuration page you should be able to see the IP address that has been assigned to your router. The router should tell you this IP address, and may tell you when it was assigned. This indicates that your router is talking OK to your Xplornet modem. If you haven't turned on your modem, you might see "0.0.0.0" as the WAN address.

Using a Router

To be absolutely certain, turn on your components in the following sequence:
1. Turn on your Xplornet modem.
2. Wait for the "receive" light to stay solidly on (connection established).
3. Turn on your router.
4. If your router has a "ready" light, wait for that. Otherwise wait 5 to 10 seconds.
5. Turn on or reboot your computer.

Once you have your router working, you can experiment with this. For example, I can turn my router and the Xplornet modem on together. My router will keep asking for an IP address until the Xplornet modem successfully connects. But if I'm having network problems, I usually go back to switching them on in sequence. (And this is what Xplornet customer service will tell you to do.)

Also, some computers have a way to "re-establish" the Internet connection (get a new IP address) without rebooting the computer. If you know how to do this, you can try it. But rebooting always works....which is why it's what customer service will tell you to do.

Router Limitations

Some web applications don't work well through a router. Others require special configuration. And that's a subject for another FAQ (pending).
Reply With Quote
  #2  
Old 11-24-2007, 06:31 AM
Brad R Brad R is offline
Linux Member
 
Join Date: Apr 2007
Location: Ontario
Posts: 607
Default Router: SMC7004BR

(I'll start things off by posting the details of how I configured my home router. I hope others do likewise. - Brad)

I use an SMC "Barricade" 4-port router, model SMC7004BR. This is an obsolete, wired router, which can still be found on eBay. I use it because it has a backup modem port -- if our satellite service fails, I can switch the router over to dial-up mode, and all of our computers can share the dial-up connection. (We keep a minimum-cost dial-up account with a local ISP, just in case of satellite failure.)

As far as I know, this information applies to all the SMC7004 and SMC7008 (8-port) routers. Some models lack the dial-up option.

Installation

Plug an Ethernet cable from your computer to one of the four LAN ports on the router, Plug an Ethernet cable from the router's WAN port to your Xplornet modem. Turn on your Xplornet modem, and when it has established a connection, turn on the router.

Make sure your computer is configured to obtain a its IP address and DNS addreses from the server. (This is how it would normally be configured for Xplornet or a dial-up ISP. Sorry, I don't use Windows, so I can't be specific. If you know what you are doing, you can configure your PC to use a static IP address on the local network, but that's an advanced topic.)

Configuration

The factory-default IP address for the Local Area Network is 192.168.123.x. If you wish, you can change this in the router's setup page. You access the router's setup page by pointing your web browser to http://192.168.123.254. The factory-set password is "admin"; type that and click "Log in".

Important: change the password to something other than the factory default. There are hacker exploits which involve reprogramming your router remotely through your web browser. Changing the password protects against this. You change the password in the "Toolbox" page. You can also use the Toolbox to reboot the router. Don't change anything else in this page.
Hacker exploit news link. http://www.networkworld.com/news/200...c=netflash-rss

In "Primary Setup," you need to configure the "WAN Type." Click "Change" and then select "Dynamic IP Address". You should also select "Renew IP Forever" in the Primary Setup page. You'll need to reboot the router after you change these settings.

In "DHCP Server", make sure that "Enable" is selected. You can use the default values for Starting and Ending Address, and you can leave Domain Name blank.

In "Virtual Server", "Special AP", "Access Control", and "Misc Items", just use the factory defaults.
The "Virtual Server" page lets you assign incoming requests on certain ports to be directed to certain computers. (Right now, I don't even know if Xplornet lets these requests through.) You can also use the "Special AP" page to assign these ports when your individual computers need them. The "Access Control" page lets you restrict the Internet privileges of certain computers in your home. These are all advanced topics, too long for this FAQ, and you shouldn't mess with them if you don't know what you're doing.

One thing you can do, in the "Misc Items" page, is click the Enable box for "Discard PING from WAN side." I don't know if Xplornet even allows ping requests through, but it's a good idea to discard pings from the outside world.
Operation

On the "Status" page at http://192.168.123.254 you will see "IP Address." This is the address which has been assigned by Xplornet to the router. You will also see the IP address of the "Gateway" that will handle your traffic, and the "Domain Name Server"(s) that you can use. Sometimes you need to write down this information.

When you have just turned on the router, you will see 0.0.0.0, which means no address has yet been assigned. It can take five to ten seconds to receive this address. If you don't see it, turn off the router, turn off the modem, turn on the modem, wait for it to connect, turn on the router, wait five or ten seconds, and then reload the Status page.

Once you see an IP address, you should be able to access the Internet. Try visiting http://www.google.ca. If your browser reports that it is unable to reach the Internet, try rebooting your computer.

In normal operation you never need to visit the router's setup page. Just turn on the modem, then router, then computer, and you should be able to visit the Internet. (In my setup I have both the modem and router on the same power bar, and I turn them on at the same time. This almost always works. When I'm having connection problems, though, I always turn on the modem first, and wait for it to connect before I turn on the router.)
Reply With Quote
  #3  
Old 11-26-2007, 12:55 AM
somethingorother2 somethingorother2 is offline
Member
 
Join Date: Jun 2007
Posts: 56
Default

One thing to note here. The router when powered on, will want to deal with two links. One is the ethernet link to the modem. It will go out looking for a DHCP server for an IP address. That DHCP server is at the ground station for the satellite system ( Vancouver, Winnipeg, Toronto ). In order for the router to be able to obtain the IP address, the modem will have to have been powered on long enough to have the second light from the top ( receive light ) on solid.

Good info you are posting as well, very helpful.
Reply With Quote
  #4  
Old 11-26-2007, 03:01 AM
Installerguy Installerguy is offline
Senior Member
 
Join Date: Jul 2007
Posts: 83
Default

For my customers I use mostly D-Link equipment (it does not mind power spikes as much as linksys) out of the box they work just fine with no setting needed to be changed unless it is a wireless router then ALLWAYS turn on the security if even just WEP and change the SSID, never use your phone number as the passcode for wep and D-link routers do not care what type of cables you use, they will automaticaly switch the pairs in a crossover cable
Reply With Quote
  #5  
Old 11-28-2007, 03:48 PM
Command2A Command2A is offline
Member
 
Join Date: Sep 2007
Posts: 17
Default Local DNS Lookup

Another good way to help decrease your external traffic is to setup a local DNS host rather than use xplornet DNS services. If you have a router with multiple puters going through it you'll notice the benefit right away. What I did was setup an older server I had laying around with WIN2K server and setup DNS on it. It points to public DNS servers and caches the hits (builds a DB of sorts) of all the locations you frequent online. My other puter's point to this server for DNS services. Ultimately the long trip for DNS lookup only happens once, then its stored locally so when you hit that address again the local puters only have to reach my DNS server locally for name resolution. Easy to setup took like 1.5 hours to install O/S and configure.
Reply With Quote
  #6  
Old 01-20-2008, 05:21 PM
xplornetsuck xplornetsuck is offline
....Offline..Moderator....
 
Join Date: Mar 2007
Posts: 903
Default

Linksys router setup with video tutorial.

http://www.tech-faq.com/setup-linksys-router.shtml
Reply With Quote
  #7  
Old 04-19-2008, 07:44 PM
Brad R Brad R is offline
Linux Member
 
Join Date: Apr 2007
Location: Ontario
Posts: 607
Default Hardening your home router against attack

I found this really good advice at the Internet Storm Center: "ADSL Router / Cable Modem / Home Wireless AP Hardening in 5 Steps." If you use a home router, wired or wireless, for any Internet service, you should follow these steps. I'm quoting them in full, except for their step #6 about submitting firewall logs to them:

Quote:
Last month, we discussed the possibility of a D-Link Router worm for consumer network hardware. While there were particular problems with D-Link, there are dangers in all consumer network hardware that require the attention of everyone that installs these devices regardless of the vendor. Taking a device out of the box, plugging it in and letting it go can expose you to "worms" or other remote-based exploitation. This stems from a similar problem with software and operating systems, namely, these things do not ship in a secure-by-default configuration. Here are 5 easy steps to take when you get a network device / access point to harden yourself against "easy" exploitation (and this applies to ALL hardware):

1) Change the default passwords, preferably to a strong password (at least 8 characters the include upper/lower case, numbers, special characters). Many of these devices ship with a password of "password" or "admin" and that is just asking for someone to kick over your router.

2) Disable remote administration. Administration of your router / access point should be "local only", namely, there is no reason to let people from another country access to your network hardware. If you need to make changes, you should be local to the device (i.e. physically connected, internal side of the network, etc).

3) Update the firmware. Believe it or not, consumer network hardware needs to be patched also. Check the support site of the vendor of the device when you get it and check for an update. Sign up for e-mail alerts for updates, if available, or check back on a regular basis for updates.

4) Disable unused services. Many of these devices are "feature rich" and enable these features by default even though 95% of users will never use them. Turn of SNMP, UPNP, "DMZ" features, etc. SNMP, particularly, allows someone to grab all the device settings of your device especially if the community string is "public" (and by default, 99% of the time it is). This is big and likely will lead to the largest amount of exploitation, namely, open SNMP that gives away all your settings to the world on request.

5) Change the default settings of the device. All vendors tend to use the same set of default settings for their devices, such as IP addresses of the internal network. Change these settings to something that makes sense for what you are trying to do. Changing default settings for wireless is also important, especially doing WPA2 authentication and not WEP. Hardening access points is its own topic though as well.
__________________
4G Fixed Wireless Formerly Echostar 17 "Jupiter"; Rogers Rocket Hub; Everus 3.5 GHz Wireless; Telesat Kazam plan; HughesNet Ku.
A computer without Windows is like a chocolate cake without mustard. http://www.goodbyemicrosoft.net
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 10:22 AM.


Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.