XYMer's Home away from Home

When http://bbs.xlr8yourmac.com is down (i.e. always)
It is currently Mon Sep 25, 2017 9:06 am

All times are UTC - 8 hours




Post new topic Reply to topic  [ 116 posts ]  Go to page Previous  1, 2, 3, 4, 5  Next
Author Message
PostPosted: Wed Mar 15, 2017 10:23 am 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 14576
Yikes... good luck.


Top
 Profile  
 
PostPosted: Wed Mar 15, 2017 11:15 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5914
Location: NYC
Just came back from a very slippery, dangerous trip to the car parked not that close to home. Found shoveling impossible. Needs an icebreaker. But was able to clear the hood and driver side door to release the hood latch. Radiator was still full, and reservoir had dropped only a little perhaps. So still good. No warmup in the forecast any time soon, so no idea when I'll be able to bring it in. Probably next week some time. Can make periodic visits to check the level and top up, if necessary.


Top
 Profile  
 
PostPosted: Thu Mar 16, 2017 12:49 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9444
Location: Caught between the moon and NYC
I've come down with some nasty cold bug that's got me shivering and coughing and sneezing like crazy.

You would need to assign a manual address of 192.168.1.2 to your ethernet card. 255.255.255.0 as the subnet mask.

Port numbers are molded into the plastic housing, but its at one end of the LAN ports or another. Depends on the model.

As far as ethernet connections go the N10 and N12 should be about the same speed, its only wireless clients that will be held up by the single antenna.

In case you wanted to get another N12, they're selling refurbs for under $20 with a promo code:
https://www.newegg.com/Product/Product. ... 6833320185


Top
 Profile  
 
PostPosted: Thu Mar 16, 2017 5:03 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5914
Location: NYC
Thanks, hope you feel better soon. "Ethernet card" Assuming that that's another way of describing an ethernet Network location in sys prefs.

Reviews not so great for the refurb. Would be nuts to buy a refurb, when a new one is available for only $4 more. $10 rebate available for the new one, but I will never again go through rebate hell with Asus. Huge pain in the ass. Maybe for more, but not worth the hassle for a $10 prepaid card.

https://www.newegg.com/Product/Product. ... -_-Product


Top
 Profile  
 
PostPosted: Thu Mar 16, 2017 6:00 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9444
Location: Caught between the moon and NYC
Huh. I bought about 4 or 5 refurbs and they worked fine. Then again I didn't even try to use them without flashing them to Tomato, so the flash could have been corrupted by the previous owner (trying to put an incompatible firmware on the router) which would cause much flailing of arms and gnashing of teeth for the average purchaser.

When it comes to what the individual interfaces are called under Network I kind of gloss over, since Apple have changed names periodically. Sometimes its WiFi sometimes its Airport... Ethernet is usually Ethernet but I don't put it past them. You can actually remove any interface in that system preference and add it back with whatever name you want, that's why they fluctuate a bit. The short interface name (lo0, en0, etc.) don't vary much but the long name shown in the system preference can be whatever you want.


Top
 Profile  
 
PostPosted: Fri Mar 17, 2017 9:44 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5914
Location: NYC
MonkeyBoy wrote:
Huh. I bought about 4 or 5 refurbs and they worked fine. Then again I didn't even try to use them without flashing them to Tomato, so the flash could have been corrupted by the previous owner (trying to put an incompatible firmware on the router) which would cause much flailing of arms and gnashing of teeth for the average purchaser.


If that's the reason for some of the poor reviews, then shame on Asus for not refurbing these completely to factory specs. Whatever the previous owner did should be irrelevant.

Unwilling to take any chances in order to save very minimal bucks, placed order for a new one.


Top
 Profile  
 
PostPosted: Fri Mar 17, 2017 11:43 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9444
Location: Caught between the moon and NYC
I doubt these are factory refurbs, I think they're units that were returned to NewEgg who sold them to a third party to "refurbish."

Certainly don't fault you for buying a new one vs. a refurb. Just trying to explain why reviews for refurbs on NewEgg aren't always what they appear. I've started buying more refurbs lately and my dread based on reviews has been slowly receding.


Top
 Profile  
 
PostPosted: Fri Mar 17, 2017 2:07 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5914
Location: NYC
Reason why I thought they were refurbed by Asus is because underneath some of the negative reviews are replies directly from Asus.


Top
 Profile  
 
PostPosted: Mon Mar 20, 2017 2:47 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9444
Location: Caught between the moon and NYC
Yeah, refurbs are a funny business. Even when you buy refurbished units from Apple you're not actually buying units that were refurbished by anyone working for Apple... they just hired some firm to refurbish them.

Meh, no biggie. Maybe its my hardware reverse-curse... devices usually start working when I sit down in front of them.


Top
 Profile  
 
PostPosted: Thu Mar 23, 2017 7:52 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5914
Location: NYC
Now this is getting very weird: Got the new N-12 set up just like the N-10 (as far as I can tell.) But compared to the N-10, it's consistently getting minus 10 Mbps up/down (both hardwired) Internet speed. N-10: ~82 down/87 up. N-12: ~70 down/75 up. Nothing set in either for QOS. Any idea why that could be? What to look for? Don't see why it would make any difference, but try different LAN ports? Don't quite remember, but could be the original, now dead N-12 might have been doing the same. (In addition, by wireless, Internet speed to iMac several rooms away from the router isn't any better with the new N-12 than with the N-10. Both down to ~22 Mbps.)

Also, same router, RT-N12/D1, exact same Shibby firmware originally used on the first N-12, but couldn't use the original N-12 config backup. Got "can't use on different router." Chipset revision, or some kind of unique hardware identifier? So had to do everything some scratch. That I can deal with, but very puzzled about the difference in bandwidth between the two. Thought that, apart from better (maybe) wireless output--two vs single antenna--it would get at least the same bandwidth ethernet connected.

And wondering what you think of the following in Admin/Access to enhance wireless security. Don't anticipate ever needing to SSH into it, but maybe I'm wrong. Default settings are below.

Image

DEFAULTS:

Image


Top
 Profile  
 
PostPosted: Thu Mar 23, 2017 12:37 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9444
Location: Caught between the moon and NYC
The configuration file contains the MAC address of all the various interfaces, so restoring the configuration file essentially would try to duplicate the first router onto a second router. In your case this wouldn't be a big deal, but if someone was deploying 2 or 3 routers into the same area having the same MAC address for all interfaces on all routers would be chaos. So not being able to restore the configuration file onto another router is actually kind of good, I didn't know Shibby had added a check. You would not believe the number of people who post about how they're having a problem, they reset the configuration to defaults, then restored the configuration from the file and zomg they're having the same problem. Most of the time the problem is in their configuration, have to wipe it out and set it up from scratch.

I would try the 132 version of Shibby. It's possible there's been a silent revision to the N12D1 hardware. Everything after 132 is MultiWAN and problematic, unless you want two or more WAN connections in a failover arrangement I would stay away. He's also trimming unused/duplicated (two values that do the same thing) NVRAM values, which given Tomato's spaghetti code is a major challenge. But I've been using 132 since it came out and its solid.

http://tomato.groov.pl/download/K26RT-N ... %20RT-Nxx/

Max or MiniIPv6 non-USB (in the first few entries) are probably what you're after. I use Max primarily because that seems to be what most people use, so therefore I'm less likely to find unique issues.

As far as admin access goes, I normally turn off telnet since if I need terminal access I'll just use ssh.

I convinced my workplace to order 2 more N12D1s this week since they're cheap and we've had a run on N16s dying lately (bad power makes a particular capacitor die young, and we have spectacularly bad power). They just got delivered today, although to the other site, so the earliest I might be able to look at them is tomorrow, and then only if people can avoid going insane.


Top
 Profile  
 
PostPosted: Thu Mar 23, 2017 12:49 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5914
Location: NYC
Thanks for the continuing help on this. Question: if I upgrade the firmware to one of those you linked, do I lose my current settings and need to set them up all over again from scratch?


Top
 Profile  
 
PostPosted: Thu Mar 23, 2017 1:43 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9444
Location: Caught between the moon and NYC
Everything before 132 should be OK. I would recommend maintaining a text file with your configuration noted. Really you just have to note what you changed from default and where and skip all the stuff you left at default, so it doesn't have to be a huge file.

Code:
Basic
Network
  LAN
   IP: 192.168.50.1
   Subnet: 255.255.255.0
   Static DNS: 208.67.222.220
   DHCP Server: Enabled
   IP Address Range: 192.168.50.50-192.168.50.250

Instead of spaces use tabs to clearly delineate which goes where so its easy to read. Then you don't have to worry about routers blowing up or configurations getting corrupted, you just go back to the text file and set it up without any fuss. Takes about 15 or 30 minutes to write the first time from scratch but after that its just a matter of remembering to update the text file if you change the configuration.

Basically you're documenting what settings you use so you can refer back to the documentation in the future. Good documentation takes a hell of a lot of stress out of my life.

Based on the documentation I can uncover the N10P has a BCM5356C0 CPU @ 300Mhz while the N12D1 has a BCM5357C0 CPU @ 300Mhz. So they should be roughly comparable in terms of routing performance. There are sites showing the N10P with a 320Mhz CPU though. I wish I had the N10 on site but I packed it up as part of our move so its 10 miles away from me right now sitting on a cluttered desk... In Tomato on the Status Overview page it shows you the Chipset & Frequency though, you could compare your two and see what it says.


Top
 Profile  
 
PostPosted: Thu Mar 23, 2017 4:01 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9676
Location: North of the State of Jefferson
Is it exactly 10Mb/s and absolutely no higher? If so, is it detecting or setting the WAN Ethernet speed incorrectly to 10Mb rather than 100Mb or Gb? (Not sure how you'd tell -- I've never looked at this firmware and have nothing that will run it).

- Anonymous


Top
 Profile  
 
PostPosted: Thu Mar 23, 2017 4:06 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5914
Location: NYC
Perhaps some misunderstanding or I wasn't clear. With the new router, I'm losng around 10 Mbps off the top. With the N-10, getting ~82 Mbps down. With the new N-12, ~71 Mbps down.


Top
 Profile  
 
PostPosted: Thu Mar 23, 2017 4:16 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9676
Location: North of the State of Jefferson
Yes, that was a misunderstanding. I thought you were getting a flat 10Mb/s, which would be quite awful.

- Anonymous


Top
 Profile  
 
PostPosted: Thu Mar 23, 2017 4:39 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5914
Location: NYC
Anon, before I switched to fiber, I would have been overjoyed to get 10 Mbps down. Was happy if I didn't go below 1 Mbps, with shitty DSL.

MB: I'we been going pretty much on saved screenshots and several text files. But getting everything together in one place sounds like an excellent idea.


Top
 Profile  
 
PostPosted: Thu Mar 23, 2017 4:54 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9444
Location: Caught between the moon and NYC
Oh! I just re-read what I wrote. 132 and earlier are OK. Everything after 132 is MultiWAN.

I don't want to say MultiWAN like its a bad thing but MultiWAN uses extra NVRAM for all the multiple WAN link stuff (hence why Shibby and Toastman are combining & purging variables) and if you're not using it then its kind of a waste. N10/N12/N16 only have 32KB of NVRAM space and Tomato stores everything in NVRAM so losing NVRAM space is a big deal.

I generally doubt going from what you have to 132 is going to screw things up, but it would be a good idea to compile settings. If you were jumping from 132 or earlier to MultiWAN you should clear settings and set it up from scratch since so many NVRAM variables have been purged and changed. It's possible to upgrade w/o having to set it up from scratch but everyone likes to be black & white when the reality is more gray... some people may be able to get away without wiping, while others will have to, so safest would be to wipe. It's all a matter of batting averages, even going between otherwise normal Tomato versions like 125 to 132... most of the time OK, sometimes not. The more drastic the change between versions the more likely not is.


Top
 Profile  
 
PostPosted: Fri Mar 24, 2017 10:11 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5914
Location: NYC
OK, flashed the new N12 with the Max 132, and now I'm getting the Internet speed I had with the N10. HOWEVER, what is driving me nuts is that I'm supposed to be using OpenDNS (set in Dynamic DNS 1, with password I've been using forever I have force updated there numerous times, and it always reports a successful result, have cleared the NVRAM and reflashed with the Max 132, and rebooted numerous times. Maybe one out of 10 tries at https://www.opendns.com/welcome/ returns a successful result. Most often it comes back with a message that I'm not using OpenDNS. Will work until I restart Firefox (same thing with Safari), or reboot the router, but not for long. Just always flakes out one way or another. No idea what else to try or what's causing this. Also, have flushed DNS Cache. Some setting I haven't entered properly? Sys Prefs> Network>Router and DNS at clients is 192.168.1.1, as always.

_____________________________________________

EDIT/UPDATE: from running dig whoami.akamai.net +short (found this command somewhere), I get
208.67.217.17

Which appears to be an OpenDNS server?????? Doing an IP lookup for 208.67.217.17 returns Hostname: m7.nyc.opendns.com

So maybe the problem isn't at my end, but with that https://www.opendns.com/welcome/ link ?????? And I'm really using OpenDNS????? :confused: :confused:

EDIT 2 WTF??? Tried that link again and last 2 times it works. Third time, after quitting FF, doesn't work. So maybe it's been at their end all the time?

EDIT 3: Now dig whoami.akamai.net +short gives
192.221.158.0

Which appears to be a Level 3 server.

No idea what the fuck is going on.

______________________________________________

Have also tried without OpenDNS (set to None there), thinking that I should still be getting it with the Dnsmasq I'm using (copied from yours years ago):

#Only use DNS servers configured here
no-resolv
#Never forward non-routable address requests
bogus-priv
#Never forward requests w/o a .TLD
domain-needed
#Stop ACK and REQ DHCP spam
quiet-dhcp
#Prevent proxy server request spam
dhcp-option=252,"\n"
#Larger cache for dnsmasq
cache-size=5000
#Larger queue for logging
log-async=10

#strict-order (not used)
#OpenDNS servers
server=208.67.222.222
server=208.67.220.220
server=208.67.222.220
server=208.67.220.222

#Level3 servers
server=4.2.2.1
server=4.2.2.2

#Block Verizon DNS servers
bogus-nxdomain=71.243.0.12
bogus-nxdomain=68.237.161.12

#Block iOS update
#address=/mesu.apple.com/10.255.255.1


Screenshot of OpenDNS in Dynamic DNS 1. Notice how "last result" is blank, even though I got a successful update report just before. Shouldn't that always show the last result?:

Image


Top
 Profile  
 
PostPosted: Fri Mar 24, 2017 1:08 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9444
Location: Caught between the moon and NYC
If you want to not use Level3 you should comment out these lines:
server=4.2.2.1
server=4.2.2.2

(put # at the start of each line to turn it into a comment)

With those in the configuration it will periodically use Level3 for DNS.

I think I'm too tired to exactly understand what bogus-nxdomain does right now. Its an option I don't use. I guess if a dns lookup returns that IP it returns a nxdomain instead of the IP?


Top
 Profile  
 
PostPosted: Fri Mar 24, 2017 6:04 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9676
Location: North of the State of Jefferson
I tentatively suspect the bogus-nxdomain returns a real NXDOMAIN response when it encounters a host that handles bogus "Site Finder" responses that should have been NXDOMAIN responses. For example, if you do this:
dig www.asdoifjosdijfsdfasdfa.com @4.2.2.2

You get a response like this:
; <<>> DiG 9.8.3-P1 <<>> www.asdoifjosdijfsdfasdfa.com @4.2.2.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37663
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.asdoifjosdijfsdfasdfa.com. IN A

;; ANSWER SECTION:
www.asdoifjosdijfsdfasdfa.com. 10 IN A 198.105.254.11
www.asdoifjosdijfsdfasdfa.com. 10 IN A 198.105.244.11


...which is, of course, a brazen lie. The domain doesn't exist, so the response status should be NXDOMAIN.

Adding bogus-nxdomain entries for 198.105.254.11 and 198.105.244.11 may neatly resolve the problem. Or you could use a DNS server that doesn't lie. (Not that your ISP isn't going to sell your browsing history to the highest bidder anyway, but it's at least a start...)

- Anonymous


Top
 Profile  
 
PostPosted: Mon Mar 27, 2017 4:56 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5914
Location: NYC
Update: after some more tinkering, plus checking the "Use as DNS" box (that certainly helps--didn't do that initially because it was showing the default Verizon DNS IPs, and thought it referred to those (hadn't really looked at any of this since early 2013 and forgot most of it)--I got the Welcome to OpenDNS link to work.

But it only started working consistently after I did a computer reboot. Not sure why that should have been needed. Otherwise, even with that box checked, it would default to the IPs listed in Dnsmasq, OpenDNS and Level 3.

More on bogus-nxdomain= in Dnsmasq for preventing DNS redirects. My main interest was in keeping Verizon DNS away, but wonder if this could also be used to keep out these kinds of redirects in the Firefox URL bar, as per Anon's topic:

https://hackercodex.com/guide/how-to-st ... hijacking/
https://www.cambus.net/nxdomain-hijacki ... he-rescue/


Top
 Profile  
 
PostPosted: Mon Mar 27, 2017 2:46 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9676
Location: North of the State of Jefferson
With the most recent Orwellian legislative push to commoditize all your browsing data, your best bet might just be to lease a virtual private server in a foreign country with strong data-protection laws, and route all your Internet traffic over a VPN through that remote endpoint. (You could use a different routing rule for Netflix, etc., traffic so they'd keep working.) I intend to do this for myself sometime in the next month. It's kind of a pain in the butt to configure, and will cost a noticeable amount each month, but should neatly solve the problem once it's set up.

- Anonymous


Top
 Profile  
 
PostPosted: Mon Mar 27, 2017 3:22 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5914
Location: NYC
Anonymous wrote:
With the most recent Orwellian legislative push to commoditize all your browsing data, your best bet might just be to lease a virtual private server in a foreign country with strong data-protection laws, and route all your Internet traffic over a VPN through that remote endpoint. (You could use a different routing rule for Netflix, etc., traffic so they'd keep working.) I intend to do this for myself sometime in the next month. It's kind of a pain in the butt to configure, and will cost a noticeable amount each month, but should neatly solve the problem once it's set up.

- Anonymous

Wow, that's pretty drastic. Nothing short of that will do?

In the meantime, check out EFF on Twitter.

https://twitter.com/eff?lang=en


Top
 Profile  
 
PostPosted: Mon Mar 27, 2017 8:37 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9676
Location: North of the State of Jefferson
WZZZ wrote:
Wow, that's pretty drastic. Nothing short of that will do?In the meantime, check out EFF on Twitter.

https://twitter.com/eff?lang=en

No other general solution comes immediately to mind:
* A personal VPN only protects one device.
* HTTPS still reveals the IP and hostname of the destination, and depends on the destination supporting it.
* Tor has the down side of malicious exit node, it's slow, and it's hard to send all your network's traffic through it.
* Poisoning your data with fake requests probably only helps if everyone does it, it still means your history will be sold, and it can almost certainly be defeated with fairly simple statistical analysis. At least it imposes an additional cost on your ISP to perform that analysis. It may also be used in conjunction with other techniques.

I'm open to other ideas.

- Anonymous


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 116 posts ]  Go to page Previous  1, 2, 3, 4, 5  Next

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group