M1XEP and FIOS

[wuench]

You can just attach the capture file to your post. If you are worried about privacy, you can e-mail it to me.

We do need to see more of the trace. But the connection should not be from the XEP to the router, the packets you are looking for should have SRC/DEST addresses of the XEP and the SMTP server that you configured in the XEP and should probably have a destination TCP port of 25. If you do post the trace make sure to blank out your username/password. It will be in the clear/readable.

 

[electron]

You need todo port mirroring on your switch, or plug the M1XEP and the computer running WireShark into a hub (not switch), or you won't be able to see the data.

 

[blmxm]

You need todo port mirroring on your switch, or plug the M1XEP and the computer running WireShark into a hub (not switch), or you won't be able to see the data.

Dan & wuench,

OK, we have now reached overload on my part. Both the M1XEP and the PC are plugged into LAN ports on the westell router. I apologize for my ignorance, but we have hit a wall on my understanding of networking. I probably will need major handholding from this point. (How’s THAT visual working for you). lol I have never run packet sniffers etc., and rely heavily on the internet for how to's. I suspect I will have to do some reading on port mirroring, hub vs. switch vs. router etc. to get up to speed. Also, if I included any info in the previously posted files I shouldn't have, Dan, could you please edit accordingly, and I will forward any future ones assuming I figure out what your looking for, to you first?
Thanks to everyone again! I think I'll crawl in the attic now as punishment for my lack o knowledge, and do my reading later... B)

Thanks,
Mark

 

[electron]

Only advanced switches support port mirroring. Since you are directly plugged in to the Westell router, this probably won't be an option. There are only 2 options here: A hub, which repeats the network data to each port (vs. a switch, which only broadcasts it to the ports it is destined for), or use a software TCP proxy on your PC, have the XEP point to the proxy, and the proxy forward the data to the SMTP server.

I look around for some useful proxy software and post again soon.

 

[electron]

I haven't tried this software, but I think it might do the job:

http://www.aboutmyip.com/AboutMyXApp/SmtpProxy.jsp

It supports displaying the server responses as well, but I would still run WireShark, unless you see a real obvious error in the status window.

 

[wuench]

Yeah, sorry it didn't even dawn on me that your PC will not be able to see communication between the XEP and the router. I should've known better. Dan's right on all counts you are going to have to do something to get the PC to intercept the traffic if you want to take a trace, because the switch will filter out everything except what is supposed to go to the PC. You're probably not going to find a hub at your local BBY, so the proxy is probably your best bet.

 

[blmxm]

Yeah, sorry it didn't even dawn on me that your PC will not be able to see communication between the XEP and the router. I should've known better. Dan's right on all counts you are going to have to do something to get the PC to intercept the traffic if you want to take a trace, because the switch will filter out everything except what is supposed to go to the PC. You're probably not going to find a hub at your local BBY, so the proxy is probably your best bet.

Thank you both. I will try to get to that tonight and see if I comprehend and can get any results.

 

[blmxm]

OK. Here's an update on where this issue stands.
First I would like to thank everyone here who has replied or provided suggestions. Special thanks to Dan who pointed me down the path to get the right info to Elk.

I just completed a conference call with Elk's M1XEP engineer, and he has a high level of confidence that what we are seeing is indeed the same problem that existed with the actiontec router. This is the first that Elk has heard of the westell router that is now being used in new fios installations. They will need to explore their options as to what the possible fixes / workarounds are and proceed from there. What, when, how fast, and whether they are able to provide a solution, is clearly at Elk's discretion. But at this time if you are looking at the combination of the M1XEP and FIOS with the westell, it is problematic. The only work around known at the moment is to run a SMTP proxy on a PC attached to the local LAN, or provide your own router, which can create problems with FIOS. I happen to have an actiontec, so I will probably try to go back to that while I wait to see if Elk comes up with anything.
Let me say that my decision to go with the Elk has only been bolstered by this event. The support and attitudes of the personnel at Elk has been exceptional. I thank them all.

 

[pete_c]

I just had FIOS installed in FL. On the internet side was supposed to a simple migration from DSL to FIOS. It wasn't. I installed a firewall inside of the Westell router. First thing I did was a probe of the router. That actually locked up the router to the point where Verizon couldn't see it to service it. Their only suggestion was to look at the indicator LED's.

I then manually configured the router after reading a bit about it and doing a manual cold boot reset. I had the similar issues passing data across the two "routers". There were two recommended fixes. One was to bridge the wan port to the lan port. It was a lengthy discussion kind of a PITA to do this. The other one was much easier. I just NAT'd one address to the inside and shut off DHCP. I created a DMZ to the NAT'd inside port and let it pass everything. It worked. I did not open the router though to external access. Its kind of a unique router with its connections to the cable boxes etc.

Best way though is still just to bridge the WAN link to one ethernet interface.

I can now get into my network there and if you would like send you snapshots of the configuration that I used.

The original DSL setup came with a combo Westell router/AP. I removed it and replaced it with my own firewall.

 

[blmxm]

I just had FIOS installed in FL. On the internet side was supposed to a simple migration from DSL to FIOS. It wasn't. I installed a firewall inside of the Westell router. First thing I did was a probe of the router. That actually locked up the router to the point where Verizon couldn't see it to service it. Their only suggestion was to look at the indicator LED's.

I then manually configured the router after reading a bit about it and doing a manual cold boot reset. I had the similar issues passing data across the two "routers". There were two recommended fixes. One was to bridge the wan port to the lan port. It was a lengthy discussion kind of a PITA to do this. The other one was much easier. I just NAT'd one address to the inside and shut off DHCP. I created a DMZ to the NAT'd inside port and let it pass everything. It worked. I did not open the router though to external access. Its kind of a unique router with its connections to the cable boxes etc.

Best way though is still just to bridge the WAN link to one ethernet interface.

I can now get into my network there and if you would like send you snapshots of the configuration that I used.

The original DSL setup came with a combo Westell router/AP. I removed it and replaced it with my own firewall.

Hi Pete,

Any insight into how others have worked around this is appreciated. The more options I can look at, the better the chance of finding one or a combination, that suits my setup. If you need an email address, just drop me a PM, and i'll get it to you.
Thank you,
Mark

 

[pete_c]

Here are some snapshots. I went into the router this morning. See if this is the same router as yours. I had mine installed around March this year. I think they are all the same now.

 

[pete_c]

Picture 2

 

[pete_c]

Picture 3 - BTW - Verizon is still using port 25 for email. The ICS-WLAN is my firewall access point. I am using DD-WRT on a Linksys WRT-54GL access point. I have about 3 static IP's setup on the AP and narrowed down the size of the subnet. IE:

FW Subnet:
192.168.244.248
255.255.255.248
FW Internal IP:
192.168.244.249
Static IP's
192.168.244.250-252
DHCP scope
192.168.244.253-254

As you can see I am using a very small subnet. Typcally by default DHCP is setup for 253 or so addresses. Most home networks will never have that many addresses.

Up north I do the same with a small subnet and static addressing. I use static addressing for the wirelessly connected laptops and only keep DHCP for a couple of addresses.

Up north Comcast decided to change it. Very interesting I learned if you own your own router Comcast cannot change the settings if they are in violation of their written agreement. They can change your configuration if they own the router. But when they changed my router to block port 25 I called their security stating that I used Verizon email for my email and to unblock it. They did. If you temporily allow me access / we can do a telephone call at the same time I can make the changes for your Elk box.

 

[blmxm]

Thank you for the offer Pete. I was headed in a different direction when I actually saw it. I dropped the lease on the westell, and set the actiontec up as the primary router again. The port forwarding is set up and working along with the ddns server updates, to provide outside access to the elk. And email is functional as well. I will try to get the westell working as a moca bridge for the living room PC, and if that is an issue, then I'll drop another CAT cable for now while I await to see what direction Elk chooses to take.
Hopefully I can get away from the actiontec in the future, but for now it will do. Thank you to everyone again for your input, and help!

 

[pete_c]

Not a problem. Up north I use a Linux firewall. My setup is from the
Broadband modem==>(red)Firewall==>(green) Switch ==> PC's (all wired networked devices)
----------------------==> (blue)AP ==> Wireless clients