okay.. this is for all the networking guru's

[nitrogen]

Get a network scanning tool like nmap, and scan yourself.

I'm betting Verizon is blocking netbios ports. DSL providers have started to do this recently.

[Crossfire]

Why are you using 2 routers? Wouldn't life be a lot simpler if you got rid of one router and exchanged it for a switch? Then you could at least eliminate one of them as a possible problem.

[lrb111]

Do you have static Ips in your computers and routers? Or are you using DHCP?

Lately i have found 3 or 4 instances where an out of date, or no longer used version of Symantic/Norton AV firewall is causing similar symptoms.
http://www.majorgeeks.com has the Norton removal tool under their Antivirus heading..

[Piney]

Greetings--

1) Same question-- why 2 routers ? Is the #2 (inside) router doing somthing special on your LAN in the house or is it just a connection point for the bedoom-based computers ?

2) Many ISP's are blocking NetBIOS ports-- some may be willing to unblock them if you purchase a static IP for your edge router. Dont know about Verizon.

3) Curious-- why are you trying to mount drives from outside the house ? FOr your own use or others' use ?

[kw5kw]

The story:

I have 2 routers in my house. Everybody knows that 2 routers in a house don't exactly like to play nicely together, especially if they are of different brands. The one in my bedroom is a netgear, the one in the living room is a linksys. I have a DSL connection from verizon. It is plugged into the router in the living room.

A drawing to make it easier (trust me you might need it, because this could get pretty complicated):

[DSL Modem] ---> [Linksys] ----> [Netgear] ----> [Computers in my bedroom]
You only need one router... get rid of the netgear router and get a simple switch to do this job

The Netgear router is set as the DMZ host for the Linksys router to bypass any NAT problems. I have 2 computers in my bedroom. One is a windows 2003 server that I run several services on, such as FTP, SMB, IIS, etc.

The windows 2003 server is set as the DMZ host on the Netgear router to bypass any NAT problems as well.
Your DMZ host points to the WWW not to your LAN, therefore you have your DMZ host on the WRONG component, but you don't need two routers as said earlier
Here is my problem"

here do this:
your network for your internal working class C network should be set to either DHCP or a 10.x.x.y where x is any number between 1 and 254 and y is any number between 1 and 254 with no two being the same. the 10. x.x must be the same. such as 10.94.36.y where every machine has say 10.94.36 then .100 the next machine would be 10.94.36.101 the next machine would be 10.94.36.102 etc.

your subnet mask on each and every machine has to be 255.255.255.0
no options there!

you will make the router one IP
each machine will be one IP.

Then you set your DMZ for the one machine you wish to have unrestricted access to the internet with no firewall.

your DNS can be one of many, I use 151.164.1.7 and 151.164.1.8. there is also 2.2.2.2 and a whole bunch more more. It is best to get one that is close to your local (speed to and from for initinal networking ... what this does is to translate an english name such as yahoo.com to an ip address 66.94.234.131... (I got this from a simple ping of yahoo.com so it's no secret.) The fewer hops that you have in this initinal step the quicker your internet will perform.

you will find this will fix the rest of your problems.

Russell STringfield
System Administrator
LSC INC.
Burleson, Tx 76028
817-295-1102 x 265



I cannot mount any network shares outside of my subnet. So say, for example, if I connect to my neighbors wireless router, I cannot mount any of my network drives running on the windows 2003 server. But if I reconnect to my own router, I can just fine.

I have completely disabled the server's firewall to make sure that wasn't the problem, and it wasn't.

Now here's the real kicker:

Any of the other services, such as FTP, I can connect to from the outside world just fine. Everything works but SMB. The error returned from the command prompt is "The network path was not found", which is the same generic error given if pretty much anything goes wrong with connecting to the ports.

Now one thing that I have never been able to solve, is that I can connect to computers connected to the linksys router just fine from my bedroom on a computer connected to the netgear router, but if I am on a computer in the living room connected to the linksys router I cannot connect to any computer in my bedroom that is connected to the netgear router.

In order to rule out that it wasn't just a netgear to linksys translation problem with the network shares, I plugged the windows 2003 server directly into the linksys router, and set that IP address as the DMZ host, yet I still could not connect to any network shares from the outside world. I double and triple checked that the windows firewall was disabled and it was.

This only leads me to believe that verizon is blocking the SMB ports, which I have never heard of before.

Any thoughts?

[Crossfire]

Russell,

You are too kind. I would have had to charge a consulting fee for that kind of answer!

[cyphur]

Great answer Russel!

Why do you have the second router anyway?

[cyphur]

Replace the linksys with the netgear, and use a switch in place of the second router. That will probably solve most of the "questions" that arise of "why won't this work".

Since you can see the netbios port, but are not getting the packets, then Verizon is probably pruning netbios in their access-lists. Not suprising since its such a vulnerable port.

Also, are you sure you have everything correctly setup on the 2k3 server? I am not questioning your skills or intelligence, only that I have seen the most adept operators screw up 2k3 in the tiniest way and spend a good bit of time hunting it down.


The possibility remains that since you are running two routers, and since most "home" routers are set to use similar default network addresses, you may be running into issues where they conflict with eachother. Cutting it down to one router and 1 switch would certainly eliminate that issue.

Creating remote access straight to the 2k3 server, instead of just putting shares up, would help avoid this as well. Just have to have a static IP on the 2k3 server - OR setup PAT on your router so that anything sent to the router's public address on port xxx is fowarded to the 2k3 server. You can assign the static IP via MAC addresses in the router's DHCP table as well to eliminate the possibility of that changing.



Sorry if that was a little scatter brained, busy day at work....

[kw5kw]

The linksys currently assigns in 192.168.1.x, while the netgear assigns in 192.168.0.x. Both are DHCP enabled of course. Both have and assign the subnet mask of 255.255.255.0.

1) You can't have two routers acting as a DHCP server, as each will try to assign an address. They'll fight each other and nothing will be accomplished!

2) 192.168.1.x is most definately on a different class C network than 192.168.0.x. Neither machine will see the other unless you happened to have a 255.255.248.0. subnet mask which will increase your networks size to < 255 devices to > 1500 devices... another lesson entirely

While 192.168.1.x and 192.168.1.x are both class "c" networks that's the default, and actually easier for the 'outsiders' to break, I'd suggest to move to 10.x.y.z where it is harder for hackers to try to break in. (they have to guess harder at least 3 different octects. If you leave it at the factory 192.168.x.y then they don't have to do near as much work.

#1 rule The first three octects of your IP address MUST be identical to be on the same LAN in a class "C" network.

Decide which router will be THE link to the internet. The other router will just become a switch that will direct network traffic in your LAN configeration.

In a small network get away from the DHCP and go with STATIC assigned IP addresses...

I'll do it for you... (using 192.168.x.y... to change to 10.3.x.y just change the first two octets and you supply the third.)

SET ALL SUBNET MASKS AT: 255.255.255.0

Linksys 192.161.1.1
If you're going to keep the NetGear make it 192.168.1.2

Computer 1: 192.168.1.20 (This will be the computer which you wish to be the DMZ'd computer!)
computer 2: 192.168.1.21
computer 3: 192.168.1.22
and on down the line

Set your DMZ in the router that connects to the WWW to 192.168.1.20 (DO NOT CHANGE THE ROUTER'S NETWORK ADDRESS)

if you're using a printer that is networkable or a print server:
printserver 1: 192.168.1.100
printserver 2: 192.168.1.101
etc.

If you're using other IP equipment such as VOIP place them at another "section" such as 192.168.1.150; 192.168.1.151, etc.

If you're using a computer as a server... I place my servers at the 190~210 range. My print servers are at the 210~220 range my routers ( I have 7 routers in house 2 linksys;1 Caymen ; 2 Cisco; 2 Netopia's) at the 240~250 range and my 4 networked color lasers are setting at 250~254 and my Silicone Graphics Unix port switches are at .1~.10 basic users at .11~.99 my DHCP services are from .100~150 and other various IP users are between .151 and .180.

It's about time for me to subnet to a class "B" :) But that's another discussion.

[kw5kw]

Oh, I have a HUGE adversion to wireless routers.

I do not trust them!

<soapbox on>
My best friend had a very secure encryption on his wireless router... 36 bit string with a random encoded string that was very secure. As good as it got at the time.

A neighbor of his spent enough time hacking... We don't know who for sure, for we never actually found out who, it was just somebody who found his router as a gateway... and got into his system. He used my best friends Internet account to trade kiddy porn. Guess who got hammered for 20 in the pen for trading kiddy porn when there was none even found on his hard drive. -- my friend, that's who. It all went back to who the IP was registered to at the time of said transactions kiddy porn trading, and that was my buddy.

Nope, no wireless internet router in my house that could allow anyone who's willing to spend the time to hack my system so they can do something illegal using my IP---------- NO WAY! (I'd loose my CHL--FOREVER!)

<soapbox off>

[kw5kw]

I understand that 192.168.0.x is on a different class C network, but when I attempted to have netgear assign for example 192.168.1.1 to .99, and linksys assign from .100 to .254, didn't make a difference, the comps in the living room still couldnt connect to any comps in my bedroom.

This is one reason it ain't workin'. You simply can't have two things serving IP addresses on the same LAN! It' just don't work! Been there dun that & got the T-shirt.

Only ONE DHCP server.

I accidently had two serving for a couple of days once... actually a oversight on my part... as I had to turn one DHCP server off for maintaince, so I activated a second (backup) DHCP server for temporary use. Well, I must have gotten interrupted and I forgot to turn the second one off after the maintence on the first, so I had two DHCP servers butting heads and I had people with no access. It took me 2 days of scratchin' my head to figure it out.

By accident, I had to look at the 'backup' DHCP server, and I saw that it was serving addy's as well. Turned it off and everything was fixed in a split second!

[cyphur]

Ouch, 20 to life for kiddie pics? No bueno.

*offtopic*

I am not a fan of wireless, but at which point I do set it up at my place, I'd rather spend the extra few hundred bucks for Cisco wireless cards and run AES crypto over WPA - tough to crack. At which point that happens, the AP will be handing out IP addresses tied to MAC addresses via a DHCP server on my router, so if you don't match, you don't get anything.

And even if you are wiley enough to do all that, traffic will be religiously logged at the router.

So regardless, I will have met the burden of proof to protect my access from child molesters as well as guarding myself against them and their sick habits. No way I am doing hard time for them.

/offtopic