d-link

Modem madness

Dave Farquhar Hardware ,

Well, the 2wire modem experiment is officially over. I broke down and ordered a D-Link combo router/modem/WAP today. I rely heavily enough on my Internet connection to justify having something with a warranty and at the beginning of his lifecycle.After a bad experience with a D-Link switch a few years ago I would have preferred a Netgear unit, but the Netgear equivalent is getting hard to find. There’s a draft-N version of the Netgear out there, but I don’t need that capability, and prefer to buy mature technology anyway.

So we’ll see how the D-Link goes. I’ll post a full review after a few days with it. Decent reviews of that kind of equipment are very hard to come by.

I hate to admit it, but Intel’s NIC drivers are awfully nice

Dave Farquhar Hardware , , , , ,

So we had some servers that were acting squirrelly on the network, refusing to talk to some servers but not others, dropping off entirely, etc. One of my coworkers noticed the servers acting badly were running different versions of the NIC driver than the ones that were behaving.

I found some other servers that had 10/100 cards in them that were using drivers that dated back to the Clinton administration.Here’s the nice thing. Intel keeps drivers available, and updates them on a pretty regular basis. Even those old 10/100 NICs had drivers available that were dated 2007. And they were Windows 2000 compatible, even!

Here’s the even nicer thing. We updated them hot, and they didn’t require a reboot. In a couple of cases, we even updated them remotely, via Terminal Services, and somehow didn’t lose our connection. (Don’t count on that always working.)

I always thought Intel NICs were overrated. Sure, given a choice between Intel and, say, D-Link, it’s no contest. But Intel vs. Broadcom or 3Com? The one guy qualified to comment on that (Linux NIC driver author Donald Becker) has no opinion. But I’ve never heard of being able to change a NIC driver in Windows and just keep on trucking along.

Chalk one up for Intel.

Microsoft getting into the backup business?

Dave Farquhar Software , , , , ,

I take issue with this Register story, which says Veritas has a better name in the storage arena than Microsoft.

Enron has a better name in the storage arena than Veritas. Ditto BALCO and FEMA and Michael Jackson and Martha Stewart.

So Microsoft wants to get into the backup business? Good.I gave three of the best years of my life to the shrink-wrapped stool sample that is Backup Exec. I believed, wrongly, that the Constitution protects sysadmins like me from that piece of software in the clause that mentions cruel and unusual punishment.

After that last job put me out with Thursday night’s garbage, one question I always asked on job interviews was what they used for tape backups. Had anyone said Backup Exec, I would have walked out of the room immediately.

Nobody did. That was good. There are still some smart people in the world. My confidence in humanity was somewhat restored.

Microsoft’s offering will no doubt have problems, but when batch files and Zip drives are more reliable than your competition, who cares? Backup software is one area that desperately needs some competition. Microsoft entering with its usual less-than-mediocre offering will force everyone else with their less-than-mediocre offerings to either improve or die, because Microsoft’s offering will be cheaper, and there will be people who will assume that Microsoft’s offering will work better with Windows because nobody knows Windows better than Microsoft. (In this case, that assumption might actually be true.)

What’s wrong with Backup Exec? Ask your friendly neighborhood Veritas sales rep what they’ve done about these issues:

If a Backup Exec job backing up to disk contains both disk and system state data and it’s the second job to run on a given night, it will fail just as certainly as the sun coming up the next morning. Unless they finally managed to fix that bug, but I doubt it. I sure reported it enough times.

Remote backups happening over second-tier switches (D-Link, Linksys, Netgear, and other brands you find in consumer electronics stores) usually fail. Not every time. But more than half the time.

Those are just the problems I remember clearly. There were others. I remember the Oracle agent liked to die a horrible death for weeks at a time. I’d do everything Veritas support told me to do and it’d make no difference. Eventually it’d right itself and inexplicably run fine for a few months.

Maybe competition will fix what support contracts wouldn’t. And if it doesn’t, maybe Backup Exec will die.

And if Backup Exec must die, I want to be part of that execution squad. Remember that scene in Office Space with the laser printer and the baseball bat?

I never thought I’d say this, but now I’m saying it.

Welcome, Microsoft.

Freesco still works as a router/firewall in a pinch

Dave Farquhar Linux , , , , ,

I set up a Freesco box over the weekend. It makes less sense now that router/switch/firewall combos from the likes of Linksys sell for $50 than it did when they sold for $200, but if you’re long on unused PCs and short on cash, it still works.

My old walkthrough no longer applies directly to the current version 33, but if you’re reasonably technically competent it should get you on your way.As far as what hardware to use, I had a Kingston 10 megabit (NE2000 clone) PCI card and a D-Link card based on a Realtek 8139 chipset. They worked fabulously. The 8139 is a workhorse; networking guru Donald Becker blasted it in print–it’s the only chipset I think he’s ever said anything bad about–but until you start routing between a 100-megabit network and a gigabit network you probably won’t notice, especially if you’re using a 200+ MHz machine as your router, which in these days of $30 Pentium II PCs, is likely.

All you need is a computer with 8 megs of RAM, two NICs, and a floppy drive. To make it easier on yourself, make sure it has PCI slots, use two PCI NICs, and and 16 megs of RAM or more. Since 32-meg sticks are useless to most people these days, they’re cheap.

I suspect that if you have a pile of unused hardware that you’re looking to turn into a router, chances are decent you have a pile of network cards in that stash. Try a few different PCI cards. Life sometimes goes a bit easier if the two cards have different chipsets on them, but it’s not usually necessary to mix it up.

Give yourself a time limit. Mess around with it for an hour. If you get frustrated after an hour, go out and buy a Linksys or a D-Link or a Netgear. If you don’t have it working after an hour but you’re fascinated and you’re learning a lot, then keep plugging away at it. The knowledge you’re gaining is worth more than 50 bucks.

Resolving an issue with slow Windows XP network printing

Dave Farquhar Servers and Networking , , , , , , ,

There is a little-known issue with Windows XP and network printing that does not seem to have been completely resolved. It’s a bit elusive and hard to track down. Here are my notes and suggestions, after chasing the problem for a couple of weeks.The symptoms are that printing occurs very slowly, if at all. Bringing up the properties for the printer likewise happens very slowly, if at all. An otherwise identical Windows 2000 system will not exhibit the same behavior.

The first idea that came into my head was disabling QoS in the network properties, just because that’s solved other odd problems for me. It didn’t help me but it might help you.

Hard-coding the speed of the NIC rather than using autonegotiate sometimes helps odd networking issues. Try 10 mB/half duplex first, since it’s the least common denominator.

Some people have claimed using PCL instead of PostScript, or vice versa, cleared up the issue. It didn’t help us. PCL is usually faster than PostScript since it’s a more compact language. Changing printer languages may or may not be an option for you anyway.

Some people say installing SP2 helps. Others say it makes the problem worse.

The only reliable answer I have found, which makes no sense to me whatsoever, is network equipment. People who are plugged in to switches don’t have this problem. People who are plugged into hubs often have this problem, but not always.

The first thing to try is plugging the user into a different hub port, if possible. Sometimes ports go bad, and XP seems to be more sensitive to an deterriorating port than previous versions of Windows.

In the environment where I have observed this problem, the XP users who are plugged into relatively new (less than 5 years old) Cisco 10/100 switches do not have this problem at all.

This observation makes me believe that Windows XP may also like aging consumer-grade switches, like D-Link, Belkin, Linksys, and the like, a lot less than newer and/or professional grade, uber-expensive switches from companies like Cisco. I have never tried Windows XP with old, inexpensive switches. I say this only because I have observed Veritas Backup Exec, which is very network intensive, break on a six-year-old D-Link switch but work fine on a Cisco.

I do not have the resources to conduct a truly scientific experiment, but these are my observations based on the behavior of about a dozen machines using two different 3Com 10-megabit hubs and about three different Cisco 10/100 switches.

Sneaking up on you: Affordable Gigabit

Dave Farquhar Hardware ,

Gatermann sent me a link to something today, something whose existence shocked me.

Affordable gigabit Ethernet, from a mainstream, second-tier manufacturer.That manufacturer is D-Link. Their 8-port gigabit switch costs $130 at Newegg.com. It wasn’t even five years ago that I paid that much for a Netgear 8-port 10/100 autosensing hub. And it’s a real, honest-to-goodness gigabit switch, not one of those 8-port switches with 7 10/100 ports and just one 10/100/1000 port.

Meanwhile, Netgear is weighing in with gigabit NICs at $31 a pop.

Gigabit’s a nice-to-have, not a need-to-have. Yes, it’s nice for your network drives to be about the same speed as your local drives. No, it’s not necessary sharing an Internet connection and it won’t make the network printers any faster. But if you shuttle large files around your network…

If you get the feeling I really wish I didn’t know this information, you’re right. So I’m sharing my pain.

I can see this becoming very common in households, however. Gigabit means no one has to fight over who gets the monster hard drive. Buy that $250 300-gig drive, then put it somewhere, share it out, and map it on all the computers in the household. Then everyone gets the upgrade.

CompUSA’s $30 house-brand router looks like a rare bargain

Dave Farquhar Hardware , , , , ,

I just built a network for a friend using CompUSA’s $30 cable/DSL router/4-port switch. I’m not sure if the price was a Memorial Day special, or if that’s the regular price. Considering you can’t get a Linksys or D-Link for under $50 without rebate hassles, and usually they cost closer to $80, that’s a nice deal.
The CompUSA unit looks bland and generic–it’s brown and boxy, from the same design school as the original Commodore 64–but that’s the only knock I have on it. Hide it behind your desk if its homely looks bother you. Installing it was literally a plug-in-and-go affair. Plug in the cable modem, plug in the computers, release the computers’ IP addresses and renew them (or reboot if you wish), and they’re all on the network.

If you want to get fancy, then open the manual. You can do port forwarding, set up a DMZ, and do everything else you’d expect from a consumer router. It even includes dynamic DNS support–something the more expensive units didn’t give you, the last I checked.

I can’t speak for the long-term reliability of the unit, since I literally spent 15 minutes with it. The price is good enough that to me, it’s worth a slight risk. In devices like this, it’s the wall wart that’s most likely to fail anyway.

So if you or a friend is looking to share your cable or DSL broadband connection and there’s a CompUSA nearby, it’s worth a look.

Network infrastructure for a small office

Dave Farquhar Servers and Networking , , , , , , , , , , ,

We talked earlier this week about servers, and undoubtedly some more questions will come up, but let’s go ahead and talk about small-office network infrastructure.
Cable and DSL modems are affordable enough that any small office within the service area of either ought to get one. For the cost of three dialup accounts, you can have Internet service that’s fast enough to be worth having.

I’ve talked a lot about sharing a broadband connection with Freesco, and while I like Freesco, in an office environment I recommend you get an appliance such as those offered by Linksys, US Robotics, D-Link, Netgear, Siemens, and a host of other companies. There are several simple reasons for this: The devices take up less space, they run cooler, there’s no need to wait for them to boot up in case of power failure or someone accidentally unplugging it, and being solid state, theoretically they’re more reliable than a recycled Pentium-75. Plus, they’re very fast and easy to set up (we’re talking five minutes in most cases) and very cheap–under $50. When I just checked, CompUSA’s house brand router/switch was running $39. It’s hard to find a 5-port switch for much less than that. Since you’ll probably use those switch ports for something anyway, the $10-$20 extra you pay to get broadband connection sharing and a DHCP server is more than worth your time.

My boss swears that when he replaced his Linksys combo router/100-megabit switch with a much pricier Cisco combo router/10-megabit switch, the Cisco was faster, not only upstream, but also on the local network. I don’t doubt it, but you can’t buy Cisco gear at the local office supply store for $49.

For my money, I’d prefer to get a 24-port 3Com or Intel switch and plug it into a broadband sharing device but you’ll pay a lot more for commercial-grade 3Com or Intel gear. The cheap smallish switches you’ll see in the ads in the Sunday papers will work OK, but their reliability won’t be as high. Keep a spare on hand if you get the cheap stuff.

What about wireless? Wireless can save you lots of time and money by not having to run CAT5 all over the place–assuming your building isn’t already wired–and your laptop users will love having a network connection anywhere they go. But security is an issue. At the very least, change your SSID from the factory default, turn on WEP (check your manual if it isn’t obvious how to do it), and hard-code your access point(s) to only accept the MAC addresses of the cards your company owns (again, check your manual). Even that isn’t enough necessarily to keep a determined wardriver out of your network. Cisco does the best job of providing decent security, but, again, you can’t buy Cisco gear at your local Staples. Also, to make it easier on yourself, make sure your first access point and your first couple of cards are the same brand. With some work, the variety pack will usually work together. Like-branded stuff always will. When you’re doing your initial setup, you want the first few steps to go as smoothly as possible.

I’d go so far as to turn off DHCP on the wireless segment. Most wardrivers probably have the ability to figure out your network topology, gateway, and know some DNSs. But why make life easier for them? Some won’t know how to do that, and that’ll keep them out. The sophisticated wardriver may decide it’s too much trouble and go find a friendlier network.

Why worry about wireless security? A wardriver may or may not be interested in your LAN. But that’s one concern. And while I don’t care if someone mooches some bandwidth off my LAN to go read USA Today, and I’d only be slightly annoyed if he used it to go download the newest version of Debian, I do care if someone uses my wireless network to send spam to 250,000 of his closest friends, or if he uses my wireless network to visit a bunch of child porn or warez sites.

Enough about that. Let’s talk about how to wire everything. First off, if you use a switched 100-megabit network, you can just wire everything together and not give much thought to anything. But if you’re using hubs or wireless to connect your desktops, be sure to put your servers on 100-megabit switch ports. The servers can then talk to each other at full speed if and when that’s necessary. And a switch port allows them to talk at full speed to a number of slower desktop PCs at once. The speed difference can be noticable.

Let’s talk wireless networking

Dave Farquhar Hardware , , ,

When I was at church tonight looking at a power supply they asked me to help them set up a wireless network. I didn’t go about securing it just yet because I was paranoid about locking myself out.
I learned enough anyway.

The first thing I learned was that mix-and-matching your stuff for initial setup isn’t the best of ideas. We had a 3Com access point, a D-Link PCMCIA NIC, and a Linksys USB NIC. The D-Link and the 3Com didn’t want to talk to each other. Differing SSIDs turned out to be the culprit. The 3Com’s SSID was “3Com”. The D-Link’s SSID was “default”. The Linksys’ SSID was “Linksys”. But the Linksys setup program hinted that if you changed the SSID to “Any”, it would work with anything. It was right. It linked right up to the 3Com access point, while the D-Link just kept blinking away, looking for something. So we used the Linksys to configure the 3Com access point and changed the D-Link’s SSID. We had to reboot a couple of times before it kicked in, but then the D-Link connected up and held a link.

So the moral of that story is to make sure your access point and at least one of your cards match. And if you can’t match brands, get one Linksys, since you can set its SSID to “Any” and it’ll connect to anything. (I couldn’t figure out how to make the D-Link do that; maybe if I’d set it to “Any” it would have found the 3Com too.) Of course the only way to find out the 3Com’s SSID was to connect to it, so if we hadn’t had that Linksys, we’d have been up a creek.

So now I just have to figure out how to secure the network and they’ll be set. The plan is to only break the wireless stuff out during events, so it’s not like they’ll become much of a wardriving target, but I’ll still feel better if it’s secure. I’m a little bit afraid to just connect to the access point, enter a passphrase and turn on 128-bit encryption, because I couldn’t figure out how to give the cards themselves the passphrase and I didn’t want to take the chance of whether it’ll ask for it upon initial connection.

Time for more research.

And I think I’ll be getting some wireless stuff for myself soon. I’ve thought about phone networking, but Linux support is spotty. Wireless is less secure and more expensive, but it’s a whole lot easier. And it’ll be nice to be able to take a laptop anywhere I want and still be connected. CompUSA has their wireless gear on sale right now.

A semi-easy firewall

Dave Farquhar Linux , , , , , , , ,

A single-floppy firewall mini-distribution can be a quick and easy way to save yourself some money if you’ve got an old PC in a closet not doing anything, assuming you stumble across a combination of hardware that works right.
If you don’t stumble across a combination of hardware that works together, you can just as easily spend a weekend and accomplish nothing but uttering strings of four-letter words in combinations never before heard by mankind.

In case you came here looking for hardware that works, here are a few hints. A 10-megabit PCI NE2000 clone in combination with virtually any 10/100 PCI card ought to work fabulously. A pair of 10/100 PCI cards based on the RealTek 8139 chipset, which includes the majority of today’s inexpensive cards, probably will not. If you’re buying new stuff and want ease of use, get a 3Com card and a cheapie. If you want cheap and a little inconvenience, get a Netgear FA311 or 312 and a Realtek 8139-based card, such as a D-Link DFE-530+ or a Linksys. You’ll have to hunt down and install the natsemi.o module to get the Netgear working; most other inexpensive cards on the market will work with the rtl8139.o driver.

Freesco doesn’t supply a driver for the Intel EtherExpress Pro series out of the box. If you’ve got an EEpro, you can make it work by downloading the module and copying it to the floppy, but don’t rush out to buy one. And yes, the 3Com and Intel chipsets are high-performance chipsets, especially compared to the 8139, but remember, routers are machines that pull packets out of a 1.5-megabit pipe (if you’re lucky) and shove packets down an even smaller pipe. In this application, a $40 big-brand card doesn’t give you any advantage over a no-name card that costs $6 at Newegg.com

While these firewalls will technically work fine even on a 386sx/16, trying to make them work with ISA cards can be a long, difficult road. Used Pentium-75s are dirt cheap (and Pentium-60s and 66s are even cheaper, when you can find them) and they’re a lot less trouble because PCI cards don’t require you to rejumper them or hunt down a plug-and-play configuration disk to find out its IRQ and address. I’ve had the best luck with Pentiums that used an Intel Triton chipset or newer (the 430FX, HX, VX, or TX). I’ve tried a couple of boards that had a SiS chipset of 1995 vintage or so, and I could get one network card or the other working, but not both. I don’t want to generalize and say that based on two isolated incidents that all Taiwanese chipsets are junk for this application–for all I know, the problem could have been the BIOS on those boards–but I’ve done this on a handful of Triton-series boards and done well on all of them, and on two SiS boards and failed. Your mileage will probably vary.

How much memory do you need? 16 megs is sheer luxury.

Once you put all this together, the question becomes whether you use a floppy distribution or a full-blown distribution. If you want peace and quiet and cheap, the answer is pretty easy–use a floppy and pull out whatever hard drive was in there.

A full-out distribution like Red Hat or Debian will give you more versatility. You can run meaningful Web and FTP servers if you want (and your ISP allows it). You can run a caching nameserver to speed up your Web browsing. If you feel adventurous, you can even install the Squid caching proxy and speed up your browsing even more (but either use a SCSI drive or put in a bunch of extra memory and run Squid’s cache out of a ramdisk–Squid’s performance on IDE is, to put it mildly, terrible).

I’m having a hard time finding the documentation on how to set up a second network interface quickly. I believe it involves the file /etc/interfaces and the files /etc/sysconfig/ifconfig.eth0 and .eth1, but I don’t have a Linux box handy to investigate at the moment.

Anyway, I like Debian for this application (of course) because I can easily fit a minimal Debian on a 100-meg hard drive.

Once you get your network cards all working and talking to each other, you can build your firewall using this online tool. I just copy it, then Telnet into my Linux box using PuTTY, fire up a text editor, and right-click in the window to paste.

If you want versatility and quiet and don’t mind spending some cash, pick up a CompactFlash-to-IDE adapter and a CompactFlash card of suitable size. Don’t create a swapfile on the CF card–you’ll quickly burn it up that way. Your system will recognize it as a small IDE drive, giving you silent and reliable solid-state storage on the cheap.