I’ve been very busy. Some of what’s kept me so are incidents like the following. I release this information, orginally part of an email to one of my clients, so that others may share my pain.
«All,
This message is about the Linksys router that has been setup for demos. You may want to stop reading now.
It appears that Windows boxes cannot connect to the services hosted on the linux box behind the firewall. After sending a few KB of data, the connection hangs.
I confirmed this behavior on my Win2K and WinXP boxes at home as well as on an offsite win2K3 box. Ssh, scp and http
all hung after more than 2-3 KB of data was exchanged.Now for the kicker.
This consistently repeatable behavior on Windows does NOT appear on clients running on MacOS X nor Linux. Several MTU settings were tried on Linksys (1500 - 700). I don’t even want to think this is related to Windows translating “\x012” bytes into “\012\015” or the Linksys doing the same. That would be insane. Then again, NASA lost a Mars probe due to poor metric/imperial measure conversion.
A quick check of the Linksys site informs us that the current version of the BEFSX41 firmware is 1.45.3. Through some miracle, our router has version 1.45.6. Did it escape from the lab prematurely?
Without a firmware update readily available, it’s time to rethink topology of the demo system.
Here’s what I propose:
- We stick the linux box on directly into the switch.
- We stick another NIC in the linux box.
- We stick a cable into the new NIC and into the Linksys router or another simple switch or hub that may be lying around.
All incoming traffic will go to the linux box. It can forward whatever traffic it needs to the the windows box. This setup should be straight forward and no less secure that what we have now.
Here’s a diagram:
{ internet } -> [ s ] -> ( linux ) -> [ l ] -> ( WinXP ) w i i n t k c s h y s »