Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
Hello All. I have encountered a very strange issue.
the good news:
I've setup the DNS-323 on the local side of my Cisco Firewall. it works just fine. everyone is using there itunes from the 323... the mydocs and user profiles all reside on the 323. everything works as planed. I have also configured a secured VPN to the building from my cisco firewall. this is fully functional. from any internet connection i can fire up my Cisco Client and connect to the building and i can RDP into any computer in the building... i can file share with any computer print to anything.. i can manage the POE Network camara's that are in place.
How that all works:
My cisco firewall will Nat all traffic from 10.10.10.0 (my remote computer network) to the 192.168.1.0 (inside network) any request from 10.10.10.0 for a 192.168.1.0 is translated by the firewall and allowed to pass. and viseversa. its as if your sitting next to each other regardless of your location. so when i'm on a 10.10.10.0 address i can have full access to anything 192.168.1.0 as long as the vpn is up and connected. as well as 192.168.1.0 has full access to anything 10.10.10.0. all devices can ping and traceroute back and forth with no issues. all udp and tcp traffic is allow there are no restictions on this tunnel.
The bad news:
when i'm on the VPN i can not access the DNS-323 at all in anyway. there is no hint that it is there. here is what happens. From my notebook at a free WiFi site i can connect to my cisco client and access the network. i can ping to any device on the site. i can SSH to my firewall. i have a creditcard webserver inside the building and i can access that on the INTRAnet. however i can not ping the dnd-323 i can not browse to it. if i ssh into the firewall and then ask the firewall to ping the dns323 it will respond to the firewall. if i RDP to any computer in the building i can then access the DNS323 as a shared drive/ as a ping / from the INTRAnet.
Assumptions:
it would seem that the DNS-323 has an access list built into its box somewhere that will only allow traffic from the same network to talk to it. i have not been able to ssh to the box or telnet to it. inside or outside the building. i'm assuming this is not possible. how do i access the firewall of this box and add my 10.10.10.0 network to its access list.
anyone ever done anything like this?
my only guess was to perhaps setup a few Vlan's or to Subnet. i dont wish to complicate things because of this box. i just want to shut down any firewall this box has. my cisco is 10 times better and more customizeable.
Last edited by vector330ix (2008-07-10 21:42:50)
Offline
Hi,
I can't help with your main questions, but
vector330ix wrote:
it would seem that the DNS-323 has an access list built into its box somewhere that will only allow traffic from the same network to talk to it. i have not been able to ssh to the box or telnet to it. inside or outside the building. i'm assuming this is not possible. how do i access the firewall of this box and add my 10.10.10.0 network to its access list.
To get ssh or telnet access to the dns-323 you actually need to 'enable' them on it (the unit ships with a crippled root account). Both are easy to do thanks to this great forum and the wiki site. Go to the wiki under "How To" look for telnet or easier still look for "ffp" and you will see how to get telnet and ssh working. It takes about 5 minutes !
lu
Offline
Did you set the default gateway on the DNS-323?
Offline
gateway.... hmmmmmmm.... thats so obvious... that i might have forgot that. lol thanks i'll go log in and check it....
Offline
Thanks for the suggestion about the gateway. that sounded likely but i do infact have that setup. here is an added tip of the issue. i can setup autobackups on anything on the same IP network from the wizzard on the DNS-323 however i can not get the DNS-323 to even allow me to set a schedule for an ip that is not part of the local ip range. (ie. my remote notebook on the 10.10.10.0 network) i have watched my firewall logs on pings and ftp and no trace of it being traped at the firewall. i have even run a test on the firewall that allows me to simulate traffic and it will tell me if it will pass all the restictions i have set up. everything passes just fine.
again my guess is that the dns-323 being for home users as primary market are traped into a Nat for only the subnet listed in then range of the ip for the dns-323 box.
weird feature.
i'm still looking for the ssh and telnet options.. no luck yet.
steve
Offline
The DNS-323 doesn't care if it's being accessed locally or not - in fact, it is designed and marketed specifically to allow external access by ftp.
For what it's worth - I have had no problems accessing mine from outside of my network, either directly using ftp or using my ipsec VPN
Offline
vector330ix wrote:
i'm still looking for the ssh and telnet options.. no luck yet.
http://dns323.kood.org/howto:telnet
http://dns323.kood.org/howto:ffp#the_root_user
See an earlier part of this page on how to install the fonz fun plug v0.5 (ffp) which will give you telnet and then ssh (once you have logged in and changed 2 script permissions)
lu
Offline
vector330ix wrote:
again my guess is that the dns-323 being for home users as primary market are traped into a Nat for only the subnet listed in then range of the ip for the dns-323 box.
weird feature.
What is the subnet mask set on your other machines on the network local to the DNS? What is the subnet mask on the DNS? When you VPN in, what network does the VPN connect to? I connect remotely to via VPN to my network and have no problems at all accessing either of my DNS-323s. It sounds more like a routing issue.
Offline