[Cerowrt-devel] Routed LANs vs WOL & Windows troubles

Kevin Darbyshire-Bryant kevin at darbyshire-bryant.me.uk
Tue Apr 14 15:48:28 EDT 2015 

Ooops forgot to include my reply to Alan on the list, forwarded for the
'benefit' of everyone.  You'll be pleased to know I've concluded my
experiments with routed home networks :-)


-------- Forwarded Message --------
Subject: 	Re: Routed LANs vs WOL & Windows troubles
Date: 	Tue, 14 Apr 2015 10:28:25 +0100
From: 	Kevin Darbyshire-Bryant <kevin at darbyshire-bryant.me.uk>
To: 	Alan Jenkins <alan.christopher.jenkins at gmail.com>



On 13/04/2015 23:25, Alan Jenkins wrote:
> O
<snip>
> Discovered that a couple of iphone based apps for my Sky set top box,
>
>     Yamaha AV Receiver & TV won't do device discovery either.
>
>
> Sounds about right :-).
>  
>
>
>     Battling on,
>
>     Kevin
>
>  
> In case I'm being stupidly ambiguous: I hear pain without a specific
> gain here.
>
> We haven't given you a number to say it makes your life better.  Also
> we know wifi needs a bunch more work.
You're absolutely right which is why later today things are going back
to firmware defaults and I shall be retreating to 192.168.230/24 with
the default bridging across LAN & WAN ports.
>
> If you _can_ see a subjective difference from the blocking of
> multicast in a home network, or something?  I think everyone would
> love to hear it.
No, of course I can't.  It was just theoretically the 'right thing to
do' and I suppose some idiot has to try it....I don't mind being an
idiot, comes naturally :-)
>
> Thanks for the firewall explanation in particular, personally I found
> that interesting.
Something useful has come out of this experience/experiment then :-) 
I'm probably a little more aware of windows firewall behaviour than the
average home user after my experiences with IPv6.  Windows may acquire
IPv6 addresses via DHCPv6 but since this protocol doesn't propagate a
'netmask' it has to treat each address as a /128.  It then
solicits/looks out for RA broadcasts that tell it which IPv6 prefixes
are 'on-link' (ie prefix length/local subnet)  There was an early bug in
dnsmasq's RA broadcasts which didn't have the relevant bit set (and I
was experimenting using dnsmasq for all my dns/dhcp4/6 needs and
ditching radvd) the net result was that I couldn't ping local IPv6
Windows boxes because they weren't considered 'on-link alias
local-subnet'.  Windows limits a number of services to local subnet only
including file sharing.

At present, without an obvious automatic mechanism for servers to expand
the 'local subnet' pool, Windows file sharing is going to be very
problematic in the home across subnets.
>
> Ah.  I meant server in the technical sense: the PC providing the file
> service.
>
> So I believe there is no automatic solution for this case in Windows.
>
> I'm sure sysadmins could script or gpo it, deploying to managed pcs. 
> But not the kind of scripts pcs will run automatically on a given IP
> network :).  Even if the network is marked as trusted ("home" / "work"
> / "private network").
>
> Also if anyone tries to use "Homegroup" - the wizard stuff in win 7+ -
> AFAICT it specifically only works on a single subnet.
Agreed.
>
>     I've both Samba & avahi running on the router, in theory configured to
>     do the required SMB/WINS name collecting/forwarding.  Similar with
>     Avahi
>     for mDNS stuff.
>
>
>     The Samba WINS server is almost working, seems to be advertising every
>     other box...except the server.  So close!
>
>
> Annoying!
>
> Obviously, like I mentioned about dnsmasq, if WHS isn't configured
> through DHCP & you set it with a purely static IP instead - it's not
> going to pick up WINS from DHCP.  It can be configured statically. 
> https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ClientConfig.html#id2575612
I've a static mapping within dnsmasq, so all servers get everything they
need via DHCP4/6/RA but they do all stay at the same address....I have
to nail *something* down (well in IPv4 at least.  Don't get me started
on IPv6 SLAAC/Privacy addresses/DUID...and name resolution, oh yes and
IPv6 firewall 'pin hole' solutions)
>
> `ipconfig /all` will show name resolution config somewhere, which
> includes the WINS server.
>
> If WHS 2011 denies the existence of your WINS, there is a hack to
> create static entries in samba[1].  There is also a deprecated
> config[2] to forward wins queries to dns (I do not endorse this, but
> it means you could use a dns entry).
>
> [1]
> https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html#id2584250
> [2]
> https://www.samba.org/samba/docs/using_samba/ch07.html#samba2-CHP-7-SECT-1.4.1
Thanks for that - it may yet come in handy.
>
>     >
>     >> 4) (A bonus Monty Python question)  I've a second wireless
>     access point
>     >> at the other end of the garden, attached by a suitable length
>     of Cat 6.
>     >> Devices at mid travel point ideally roam from House wifi to Shed
>     >> wifi...but now they change IP address as well.  To be honest
>     I'm not
>     >> sure how this actually works in a bridged environment either
>     since the
>     >> MAC now migrates from local wireless bridge interface to local
>     wired
>     >> interface and potentially back again as I wander around the
>     garden...how
>     >> does it really know where to send frames to this magically roaming
>     >> device?
>     >
>     > Yes they can't keep the same IP address on a different subnet :).
>     > There are common cases where you don't notice and it wouldn't
>     matter.
>     >
>     > There are references for bridging.  Basically it's an optimization
>     > over flooding packets to every single port (old-style dumb hub).  As
>     > soon as you send a frame from your MAC, all the bridges/switches in
>     > between "learn" where you are now.  If the target isn't known
>     yet, the
>     > frame is just flooded.
>     >
>     > Maybe this helps: http://computer.howstuffworks.com/ethernet12.htm
>     >
>     Toke has given some instruction on this.  After some sleep I may even
>     understand it :-)
>
>
> Toke's setup sounds like a commercial "wireless controller".  Each
> wifi AP is trunked back to the main router, which bridges all the wifi
> together (but doesn't bridge to wired access).  Wifi is a single
> subnet again.  IPs don't change when roaming between APs anymore.

I get what you're saying.  The 'gain' is that 5Ghz(1 AP) & 2.5Ghz (2 AP)
& Wired (2 'AP') are still different subnets.  I sort of got this
working by messing with vlans (effectively partitioning a LAN port out
of the LAN group and placing in it in a bridge with local 2.5Ghz &
remote AP 2.5Ghz)  Unfortunately due to some Archer C7 strangeness with
the vlan process it started dropping packets, no matter which wireless
or wired port, so I gave up on that idea.  There have been many hurdles
on this journey and I've pretty much smashed into every one.  So in
short, I shall now stop trying to be so darn clever (ha!) and hit the
factory reset button :-)   Single subnet, bridged WLANs/LANs here I
come.........phuuut!

Kevin

-- 
Thanks,

Kevin at Darbyshire-Bryant.me.uk



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20150414/c33c0076/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4791 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20150414/c33c0076/attachment-0002.bin>

More information about the Cerowrt-devel mailing list