I’m almost tempted to send my resumé to them, I’m sure I can do better than whoever designed the interface of my 3Com router.
Don’t get me wrong, the router, at an hardware level, is very good. It works pretty well under heavy load, I was able to crash it just once when I tried multiple wireless transfers, but beside that it was pretty stable.
The problems are all on a software level, firmware level, which is what bothers me more, as if they actually opened their firmware I would probably stick with them. Unfortunately as far as I know this type of router is not yet supported by Linux in any way, which drives me crazy.
I blogged about this a little short of two years ago , the problem increased recently because I changed my network graph. The configuration interface of the router does not allow to enable port forwarding (or, as they call it, virtual servers) if the target IP is not in the same /24 network of the router’s IP. This ignoring whatever netmask setting the router has set.
In my case, I ended up creating a 172.16.0.0/16 network here. Why? Because the /28 I was using before dried up, because of another bug in the software of the router. Although leases haven’t been confirmed, the router’s DHCP server will “reserve” the IPs already assigned to a mac address, and I couldn’t find a single way to let it release those leases. If you are not quick by mind on network calculation, a /28 network mask mean there are
(2^(32-28))–2 = (2^4)–2 = 16-2 = 14
IPs available for hosts.
As you can see from this rough schema I have quite a few devices connected on the wireless network. And as it happens, I do support work on Windows systems from time to time, and all the times one of the tasks I need to perform is connecting laptops to the wireless network to make sure they are set up to connect to Internet on their own. Add to that a few PSP that friends of mine bring along, and you can guess that the DHCP address space disappeared pretty easily.
Beside from the /16 network there is a /24 network that is forwarded to Enterprise. I actually was thinking of forwarding a while /17 or /18 for safety, and to avoid mixing 192.168 and 172.16 addresses, but I haven’t gotten around fixing that yet. The reason why I have some address space reserved and redirected to Enterprise is that this way I can have a special network for just the laptop, for iSCSI, NFS and Samba, when I’m working on Windows or moving stuff around on OSX.
Okay so let’s return to the 3Com router now. As I said the router, that has IP 172.16.0.1 does not allow me to redirect ports to the addressed of the DHCP-allocated devices (which, just to make sure, I set to 126.96.36.199/24 — again I cannot let DHCP take more than a /24 range!). And I DHCP-allocate basically anything. Why? Because it’s easier, if I change the network setup, to re-run the DHCP clients on the various devices, rather than having to set them up from scratch again, there are quite a few of them. This meant, up to now, that I had no forwarding at all for no service at all.
Today, by chance, I found a way to get around this. I was booted in Windows XP (to play Empire Earth), and I noticed that the router’s UPnP interface was being identified by Windows, and I could manage it from there. I know a bit about UPnP because, when I had a D-Link router, I already tried writing a simple software for managing port forwarding. I checked and… magically, the router allows me to redirect ports to any IP address, if I do ask it to via UPnP.
Unfortunately, as far as I know, the only work going on regarding UPnP under Linux is for mediaserver devices (including MediaTomb for the PS3), and not port forwarding. I know Azureus supports redirecting port and, if I recall correctly, KTorrent had something too, lately, but I don’t think there is an easy to use library to manage that just yet. If there was, I’d probably be working on a configuration interface myself. I think it should be really useful, and it would allow to set up services so that ports are automatically forwarded on request on the right IP, so not only I wouldn’t have to reconfigure the clients to get the new IP (thanks to DHCP) but I wouldn’t have to tell the router where to find the services either.
Of course, I can see there are a few downsides to this approach, mostly security-related, but I don’t think it’s less or more of an issue whether there is a library that helps implementing this on Free Software or not.
And soon enough I’ll be hitting a new limit of the software in the router. The MAC address table for wireless connection control is limited to 32 entries, not commented. I will have more than 32 allowed elements soon. And I won’t know which entries refer to old laptops I fixed, and which ones refer to devices that I might take care of again soon.
I’m sincerely displeased to see that even a huge and trusted manufacturer like 3Com has very bad firmwares. I wish I could find a router that has hardware as capable as 3Com’s, but a firmware flexible enough to provide IPv6 through a broker, for instance, or that allows me to write my own connection filters.
3Com, please open your firmware! You’ll make all your consumers happy, and they’ll return to you! If you were to release a router that has the same hardware capabilities as mine, with a much more open firmware, and 802.11n wireless, I’d be buying it right away!
It seems like you don’t have WPA2 on your wireless network. Since your nintendo DS is connected to it. Maybe that is a larger security risk than the ones you describe…
Uhh no I don’t use WPA2 or anything else to be entirely honest. Why? Because I live outside the known world and there is noone in the radius of my WiFi (that barely reaches the border of my garden) who could sniff it.Besides, all the important passwords are _never_ sent in clear (GMail and GTalk are over SSL, SSH is obviously safe).If somebody can enter my garden, and can fake his mac address to be one of the ones enabled.. they’re free to use my WiFi. Of course I’d be most likely calling the police unless they were invited in.I was actually thinking of using Fon for the future, it might be a good idea. Too bad that around the hospital there’s no body with a Fon connection.
You want http://www.gupnp.org/ andhttp://burtonini.com/bzr/gu… .