useful CLI commands for BeBox

[kurai]

OK - roughly in order, as much as I can ... [img]/forum/emoticons/lol.gif[/img]

re NAT loopback:
In a nutshell it's because your LAN host sends a packet out to a WAN address. This gets forwarded back in to LAN server by router. LAN server replies - but because it's on the same subnet it replies directly to the host's LAN IP. Original host gets confused because it sent a request to one IP, but got a reply from another, so discards it as junk.
NAT loopback does a bit of double NAT'ing to get around this awkard little wrinkle of routing.

re firewall & NAT:
In basic usage mode, yes - NAT makes firewalling (mostly) redundant. A decent firewall can be extended however, to do a whole variety of extra packet inspection wizardry and have some extremely complex/conditional rulesets and can deal with lots of different subnetting stuff. On a small private LAN with a simple private address space (e.g. 192.168.x.x) most of this would be unneccesary.

re router lockups:
Consumer level routers like the SpeedTouch have pretty limited processing power and memory. It's not hard to overwhelm their capacity when you start making it sweat by throwing high volumes of address translation, packet inspection, large numbers of connections etc at them at high data rates. I can't speak to the specific issues you had with that hardware and those firmware versions - when you start running out of available memory and/or can't process packets fast enough all sorts of non-obvious things start responding oddly, if at all. You can also start getting physical issues like overheating occuring if the processor is run at high capacity for extended periods - exacerbated by poor ventilation and (relatively) high ambient temperatures.
No idea about the 'Premium Demo' thing - the firmware codebase can have many branches of development, and many sections will be shared amongst differently purposed builds. It's possible that Be asked Thomson for a specific feature that happened to be in a demo/development build ready to hand, so they just sent it without bothering to amend the graphics.

As far as coping with extremely intensive use - yeah, Torrents can cause a really heavy workload - loads of connections, loads of packet overhead, many different remote IPs and ports, high data rates etc (Slimserver/Slingbox not so much - tends to be fairly simple point to point traffic for the most part).
If you are running into problems the key is to reduce the workload on the router as much as possible.
Turn off any router services/tasks/features/processes that you don't really need and/or tweak your host OS/application settings to limit things a bit.

[rojertwose]

Hey Yes.
My name is Rojertwose I read your problem Main reason for it's existence in a domestic class device is to defend against a pretty specific type of DoS attack.One or two mangled TCP connect sessions aren't anything to care much about - some `background level` of packet loss/knackered session setups are just a fact of life on a multi hop route.

[Motu]

Hey Kurai,

All your answers are great. I love the feeling of clearing confusion!

I've disabled the firewall, intrusion detection, web browsing interception, and done the fix against TCP Timeouts. Will doings all this spare my router some stress and hopefully stop it from locking up?

I've disabled the firewall, is disabling the check for TCP Timeouts redundant? Also, you mentioned you'd want TCP Timeout detection for 'related problems'. What problems might these be?

If this forum was a bar I'd buy you a beer! [img]/forum/emoticons/smile.gif[/img]" />

Have a good one,

Motu

[Motu]

OH, one more thing... if I was to replace the Bebox with another ADSL Wireless Router, any recommendations as to what to replace it with?

Thanks!

[kurai]

Yeah - get rid of timeout checking. Main reason for it's existence in a domestic class device is to defend against a pretty specific type of DoS attack.
One or two mangled TCP connect sessions aren't anything to care much about - some `background level` of packet loss/knackered session setups are just a fact of life on a multihop route.
It only becomes an issue when you get a vast swarm of them paralysing your device's available sessions - this is going to be a result of someone deliberately being annoying and targetting you, or a rather serious network fault. Either way there's bugger all you are going to be able to do about it from your end, so there's little point wasting time/resources trying.
If you suspect such a thing happening it'd be worth turning detection back on for a bit to confirm, but all you'd be able to achieve is to be able to pass along the info to a support tech whose problem it will ultimately become.

As far as reducing load goes - it's a mix of good common sense and good diagnostic methodology - takes a lot of potential variables out of the equation and gives you a good chance to form a meaningful estimation as to whether it's a simple overload issue (these cheapo home devices just weren't designed to be run at near maximum capacity for extended periods), or a real hardware fault/firmware bug causing the lockups.

When it comes to recommending other routers I can't really be much help there. The stuff I work with is mostly big fat carrier/enterprise grade stuff - Cisco, Juniper, Foundry et al. I don't really have any broad experience of domestic class kit - I tend to just use whatever my home ISP provides (as long as it's not a *completely* brandead lump of junk).

I'm sure others here will happily chip in with their own preferences - there isn't, as yet, a vast variety of ADSL2+ kit around so there shouldn't be a totally overwhelming amount of choice.

[Motu]

Kurai, thanks for the responses. The BeBox keeps locking up so Be are sending me a new one and hopefully with the tips from this thread I'll be able to make the new one last longer.

All the best,

Motu

[Irksome]

I recommend the DG834N - as I've said before they are rock solid, supposedly 802.11N compliant and with the new TeamGT firmware can do everything bar VoIP.

Irksome
Forum Administrator
IT at Home

[Speedfellow]

Hi, I remember seeing in this thread, the command to disable PING, but cannot seem to find it or Im going blind.
Could somebody tell me what it is or point me to the right thread thnx.

[The Kings Raven]

anyone know useful options for adsl config? Changing SNR or switching between adsl2+ and annex m

[Cockroach]

Telnet only seems to work on 192.168.1.0/24 address. I use 192.168.0.0/24 on my network. How can I make telnet accept connections from these addresses?

TIA