What's new

Setting up an ASUS RT-N66U running Merlin on an existing network

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I would be curious to also see the output of
Code:
nslookup www.google.com 10.201.4.1
Sometimes DNS server problems can look like Internet problems.
 
Is this student housing?
 
My apartment complex abruptly terminated Comcast's ability to provide internet to our complex without notice and, only after proding to find out what happened in part with Comcast's help, did we actually find out that they pulled the hardware out that allows Comcast to connect here and replaced it with a very insecure setup that is essentially four or so commercial Cisco switches serviced by a dedicated fiber optic line connected through a DFOG (Fiber Optic Router).

This setup has made it impossible for me to run my network the way I had. Worse yet, the performance over the network is absolutely abysmal. It's not simply that the speed or latency is bad, its also the fact the network forces me to send any network traffic all the way down to their switch and back up to computers in the apartment. That means any of these services I mentioned above, as well as such things as my network printer or my software KVM are exposed to the network and forced to travel the 5,000 feet or so down to the network switch and back. The in-network latency is over 5000 ms.

Your apt complex landlord switched providers... simply put - it's not secure/insecure, just a different network topology.

You'll need to change up your configs, and recognize that some services are just not going to be available any more - esp. anything that was exposed to the public side. Keep in mind that most residential broadband connections strongly resist someone running a server/s...

The "new" ISP is probably assigning /3o or /32's to end-points within the complex LAN, and you might even run into some Carrier Grade NAT within the IPv4 space.
 
I'm likely to start messing around with WRT on a spare atom computer to see if I can get different results from it.

If you have any thoughts after looking at the log, please let me know. If you need more details, let me know.
 
Ok, this is a COMPLETELY reset router. I noticed that I was probably trying a few things on some previous screen shots.

I tried to grab as much as I could to ensure nothing is left to the imagination.

Here is the folder link to all the images:
https://ln.sync.com/dl/a8ac66900/zmfexb9u-wvradrsf-xg347mab-67rbnnsv

The TL/DR version

8.8.8.8 times out
192.168.1.1 properly grabs the address
10.201.4.1 properly grabs the address

I also have a bunch of screen shots of the router configuration that I feel are relevant (can and will grab others by request).

I also grabbed tools I ran as well.

---

Some additional information that may be useful:
  • I finally broke down and looked for all the complex's routers on the network. There are 16 all following the format 10.201.*.1 (* denotes 0 through 15).
  • They are running their DNS servers on port 53.
  • They are running squid-http on port 3128
  • They are running mysql on port 3306
  • They are running http-alt on port 8000
I also appear to be able to get on to any router I want, but it seems like the network loosely prefers you to get onto a router that's IP order mirrors your building number; though gaging from the pings to each router, they are still likely in the same place.

---

I also had the notion to try OpenDNS and 1.1.1.1 since you guys wanted to see what public DNSs are returning.

OpenDNS (208.67.222.222) times out.
1.1.1.1 times out as well.

I don't have screen shots of this.

I tried going back to static with 10.201.10.1 (as well as 10.201.4.1) as the Gateway and DNS with no success.

---

Something else to add on to the dog pile of information:

At this point, my laptop I am testing this stuff on did not get any internet even with the latest reset (going back to the oddity I noted that before the router was configured it let the same computer on).

However, at this stage, whenever the router reboots or the computer reboots, the network icon in windows thinks it has internet then goes away quickly. It also seems as though Sync and Dropbox get a ping for a second before they complain about the internet connection.

I wonder if there's a Windows Service fighting me.

Also, someone mentioned it might be because HTTP ports aren't 80 or 110 for TCP. The service I noted above running on the servers (Bluesquid) might be the culprit too.

For the record, this laptop has very little running on it at startup. I use this laptop specifically for network troubleshooting on sites or helping with computer issues at clients --- as such, it truly is running bare minimal programs needed so that's easy to flush if needed.
 
Last edited:
The router is confused as to what time it is.....did you set the the timezone correctly?
 
The router is confused as to what time it is.....did you set the the timezone correctly?

It sets itself after being online for some time. The timezone is correct on the router.

If you notice, the times correct themselves later in the log.
 
I have no evidence this will help, but have you tried enabling “Spoof LAN TTL value” on the WAN page as a test?

Edit: After reviewing everything again and seeing Comcast Business in your traceroute, I’m fairly confident this will help.
 
Last edited:
@LighthammerX OK I think I might have an idea what's going on. Can you verify a couple of things for me.

On the laptop plugged into the router:

ping www.google.com (we know this works from the router itself)

Then plug the laptop into the apartments' equipment so that it now has internet connectivity and:

ipconfig /all
netsh winhttp show proxy
 
I have no evidence this will help, but have you tried enabling “Spoof LAN TTL value” on the WAN page as a test?

Yes I have tried that. I'll do a sanity check and try it again with the current configuration.


Then plug the laptop into the apartments' equipment so that it now has internet connectivity and:

ipconfig /all
netsh winhttp show proxy

Here's the screen shots from that:
https://ln.sync.com/dl/d95b08dd0/ejemr9zm-b7mgsy6n-rppyjpv6-9g44bfea

  • Pinging www.google.com from the laptop while its plugged into the router times out.
  • Netsh returns "Net Access (No Proxy)"
  • IPConfig while plugged directly in returned some interesting information. See the image link.
 
Last edited:
I was reading up on squid since you mentioned it runs on all the apartment routers. Would you try to set your browser proxy to point to your default gateway at port 3128? http://10.201.x.1:3128/ changing x to be whatever your subnet is this time.

This environment seems utterly inhospitable. Time to move!
 
@LighthammerX You appear to be behind a transparent proxy that is interfering with the TTL. You can see this in the output of the ping executed on your router where the TTL has been changed to 1.

So as @dave14305 eluded to earlier the way you can try and get around this is by using the "Extend the TTL value" option on the router. There is another option called "Spoof LAN TTL value" but I'm not sure what that does. Try both of them and see which works, hopefully one of them will.

EDIT: You can also see the same thing happening when you ping your local gateway. When you ping 192.168.1.1 the TTL is 64 like it should be. But when you ping any of the 10.201.x.1 devices the TTL has "magically" been shortened to 15 (which explains why some sites are pingable and some aren't).
 
Last edited:
I got some time to mess around with it for a while.

I can use the "Spoof LAN TTL Value" --- but there seems to be no options to set the TTL value. This option does not work.

The only setting remotely in that area related-ish is the MNU settings, which I don't think would do anything. Nevertheless I tried a few different values with no success.

My laptop is thinks it can see the internet on boot. I decided to look through the syslog for the laptop and discovered its complaint is it can't see a DNS. Manually setting a DNS does not give me any results.

Also, navigating to websites by IP does nothing either.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Top