XPost: alt.comp.software.firefox

When I get a new Netgear router or when I reset my Netgear router to the factory defaults, that sets the router to 192.168.1.1 on port 80 or 8080.

Then I set my Windows PC to the same subnet as that of the router.
I connect an Ethernet cable from my PC to one of the 4 router LAN ports.

This then establishes a connection from the PC to the router over Ethernet.

ipconfig
netsh interface ipv4 show config "Ethernet"
netsh interface ipv4 set address name="Ethernet" static 192.168.1.2 255.255.255.0 192.168.1.1
ping 192.168.1.1

At this point, Netgear instructions say to either open Firefox to https://192.168.1.1 (default to port 80) or to just point a Firefox web
browser to the URL http://www.routerlogin.net/start.htm

Both work.
How?

How are they the same when there is no Internet involved & hence no DNS?
How does Firefox on Windows know that routerlogin.net is 192.168.1.1?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

Larry Wolff wrote:

Netgear instructions say to either open Firefox to
https://192.168.1.1 (default to port 80) or to just point a Firefox web browser to the URLhttp://www.routerlogin.net/start.htm

Both work.
How?

The ip address works by dhcp, provided by the router.

The name works in potentially one of two methods, either the dhcp tells
your pc to use the router as DNS, and that resolves routerlogin.net to 192.168.1.1, and it continues same as using ip addr only,

or no traditional DNS is involved, but the router responds to mDNS, my
money's on the first method.

Nothing requires internet access, it's all LAN traffic.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

Andy Burns wrote:

The ip address works by dhcp, provided by the router.

actually dhcp isn't required because you statically configured your
network card, but it's likely to work using dhcp, even if you didn't do
that.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

Larry,

How are they the same when there is no Internet involved & hence no DNS?

Resolving a domain name to an IP normally *does* involve using the
internet - connecting to a DNS server and asking it to translate the name to its IP.

... Though there is a (good) chance that the router will intercept this particular DNS request and returns its own IP (which, for ease-of-use, makes sense).


So, you have a "Yes, but also No" answer: The first, "no internet" part is true, but the last, "no DNS" is untrue.

Just remember that routers are actually computers itself, but with a
specific purpose and hardware.

Regards,
Rudy Wieser

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On 10/21/2024 11:16 PM, Larry Wolff wrote:

When I get a new Netgear router or when I reset my Netgear router to the factory defaults, that sets the router to 192.168.1.1 on port 80 or 8080.

Then I set my Windows PC to the same subnet as that of the router.
I connect an Ethernet cable from my PC to one of the 4 router LAN ports.

This then establishes a connection from the PC to the router over Ethernet.

ipconfig
netsh interface ipv4 show config "Ethernet"
netsh interface ipv4 set address name="Ethernet" static 192.168.1.2 255.255.255.0 192.168.1.1
ping 192.168.1.1

At this point, Netgear instructions say to either open Firefox to https://192.168.1.1 (default to port 80) or to just point a Firefox web browser to the URL http://www.routerlogin.net/start.htm

Both work.
How?

How are they the same when there is no Internet involved & hence no DNS?
How does Firefox on Windows know that routerlogin.net is 192.168.1.1?

IP address 192.168.1.1 is internal. It is frequently used in intranets
and never in the Internet. Thus, my own Netgear router is also at
192.168.1.1.

Normally, a request for domain goes through my router, into my modem,
and out into the Internet to a domain-name server (DNS) to get an IP
address. I suspect that my router -- and yours -- is hard coded to
intercept and recognize <http://www.routerlogin.net/> as being internal
to itself as IP address 192.168.1.1.

Note that 192.168.100.1 is another internal IP address, differing in the
third term from 192.168.1.1. My modem is at 192.168.100.1. All IP
addresses in the range of 192.168.0.0 - 192.169.95.255 are internal
(intranet) addresses.

--
David E. Ross
<http://www.rossde.com>

Trump said that, if he loses the 2024 election for
President, it will be the fault of the Jews who voted
for Harris. I am scared that Trump is inciting a pogrom.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

Larry Wolff <[email protected]> wrote:

When I get a new Netgear router or when I reset my Netgear router to the factory defaults, that sets the router to 192.168.1.1 on port 80 or 8080.

Then I set my Windows PC to the same subnet as that of the router.
I connect an Ethernet cable from my PC to one of the 4 router LAN ports.

This then establishes a connection from the PC to the router over Ethernet.

ipconfig
netsh interface ipv4 show config "Ethernet"
netsh interface ipv4 set address name="Ethernet" static 192.168.1.2 255.255.255.0 192.168.1.1
ping 192.168.1.1

At this point, Netgear instructions say to either open Firefox to https://192.168.1.1 (default to port 80) or to just point a Firefox web browser to the URL http://www.routerlogin.net/start.htm

Both work.
How?

How are they the same when there is no Internet involved & hence no DNS?
How does Firefox on Windows know that routerlogin.net is 192.168.1.1?

The installer (if you use it, but is not required) will add an entry to
the 'hosts' file (no filename extension). In 'hosts', the installer
will add an entry of:

192.168.1.1 routerlogin.net

You'll already find an entry of:

127.0.0.1 localhost

for using the 'localhost' hostname for your own computer. The 'hosts'
file is at:

C:\Windows\System32\drivers\etc

and can be edited with, for example, Notepad. It is just a text file.
You need to have admin privileges to edit the file. If you don't run
their setup or installer program, there won't be an entry in 'hosts', so
just use the IP address for the gateway (router) as the URL in the
address bar of a web browser. Either method opens a web browser to
connect to the web server internal to the gateway.

Typically the gateway has a default login, like username = admin and
password = password. You'll want to immediately change the login to
prevent an outsider from hacking into your intranet. Often the username
cannot be changed, but you can change the password. Use a long strong
password that is not susceptible to dictionary attacks or hacking. That gateway with its login and firewall is your security against outsiders.

What IP address you get for your computer depends on what the DHCP
server inside the router assigns to you. Look in its config to see what
is the starting and ending IP address range when using its DHCP server.
You can change that range. Those are dynamic IP address assignments
meaning they could change. If you want a specific IP address for your computer, you can a rule in the router to assign a specific IP address
to your computer based on your computer's MAC address.

"ipconfig /all" will show you the MAC address of your computer (as
"physical address"). Or go into Control Panel (control.exe) under
"Network and Sharing Center", click on the active connection, and click
on Details. Or right-click on the Network systray icon, "Open Network & Internet Settings", and click on Properties.

If you don't care what IP address your computer(s) get from the DHCP
server, and which could change later, just leave the DHCP server to
assign whatever it wants to your computer(s). If you want static IP assignments from the DHCP server, use the MAC rule to assign a specific
IP address to your computer(s). For example, I want my computers in a different subnet than for those of my family, so I assign IPs to my
computers using a MAC rule. I also don't want them using my
computer(s), so I don't allow traffic across subnets: they have their
subnet, I have mine, and the twain shall not meet.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

Larry Wolff wrote:

...
How are they the same when there is no Internet involved & hence no DNS? How does Firefox on Windows know that routerlogin.net is 192.168.1.1?

Hi!

the router is running a small DNS server which is assigned with the
DHCP request from your (Windows) machine. You should see the router's
local IP address in the Windows "Network Settings / Adapter Settings /
Details" as your DNS server. The router's DNS server forwards/caches DNS requests to your ISPs DNS server(s). Except for some special domains like routerlogin.net, which it directly responds with the router's IP address.

HTH

ciao...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On Tue, 22 Oct 2024 10:38:57 +0200, R.Wieser wrote:

Resolving a domain name to an IP normally *does* involve using the
internet - connecting to a DNS server and asking it to translate the
name to its IP.

You have to know what DNS server to contact, though.

... Though there is a (good) chance that the router will intercept this particular DNS request ...

There is no “intercept” if the request was directed at the router in the first place.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On Tue, 22 Oct 2024 08:37:31 -0700, David E. Ross wrote:

IP address 192.168.1.1 is internal.

All listed here <https://www.rfc-editor.org/rfc/rfc1918.txt>.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On 22.10.24 04:38, R.Wieser wrote:

... Though there is a (good) chance that the router will intercept this particular DNS request and returns its own IP (which, for ease-of-use, makes sense).

Certainly not. How do you think FF can execute a DNS over HTTPS request?

--
"De gustibus non est disputandum."

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On Tue, 22 Oct 2024 12:10:19 -0500, VanguardLH <[email protected]> wrote:

If you don't care what IP address your computer(s) get from the DHCP
server, and which could change later, just leave the DHCP server to
assign whatever it wants to your computer(s). If you want static IP >assignments from the DHCP server, use the MAC rule to assign a specific
IP address to your computer(s).

Fine advice. Another way, which I use, is to configure static IPs that are outside of the DHCP scope. That applies to PCs, printers, and a few other odds and ends.

For example, I want my computers in a
different subnet than for those of my family, so I assign IPs to my
computers using a MAC rule. I also don't want them using my
computer(s), so I don't allow traffic across subnets: they have their
subnet, I have mine, and the twain shall not meet.

Does your router support multiple subnets, or are you using multiple routers, or
something else? I have multiple subnets on my physical LAN, but I only do that via stacked static IPs. Those extra subnets don't have Internet access. Meanwhile, in my VMware virtual environment, I have well over a hundred subnets and most of them have, or can have, Internet access via VMware's NAT function.

Just curious to hear how you do it. You already explained the why.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

Char Jackson <[email protected]d> wrote:

On Tue, 22 Oct 2024 12:10:19 -0500, VanguardLH <[email protected]> wrote:

For example, I want my computers in a different subnet than for those
of my family, so I assign IPs to my computers using a MAC rule. I
also don't want them using my computer(s), so I don't allow traffic
across subnets: they have their subnet, I have mine, and the twain
shall not meet.

Does your router support multiple subnets, or are you using multiple
routers, or something else? I have multiple subnets on my physical
LAN, but I only do that via stacked static IPs. Those extra subnets
don't have Internet access. Meanwhile, in my VMware virtual
environment, I have well over a hundred subnets and most of them
have, or can have, Internet access via VMware's NAT function.

Just curious to hear how you do it. You already explained the why.

Sorry, I meant port isolation. Some managed switches have an option to restrict taffic between ports. You can configure which LAN ports can
connect to each other with all them having access to an uplink. Easier
than having to use a tree of routers (acting as a switch) that restrict
traffic to only the hosts connected to it, and them going to a top
router that only connects ports to the WAN port to pass traffic out to
the Internet.

https://www.tp-link.com/us/support/faq/525/

It can also be called traffic segmentation, as in:

https://support.dlink.com/resource/PRODUCTS/DGS-1100-SERIES/DGS-1100-05_05PD_08_08P_REVB_MANUAL_v2.21_WW_EN.pdf
Security > Traffic Segmentation, page 36.

Some wifi routers can also let you isolate traffic between wifi hosts
and wired hosts.

https://support.denon.com/app/answers/detail/a_id/3746/~/wireless%2C-ap-or-client-isolation

VLAN (aka Private LAN) is another method to isolate hosts. A VLAN has
switched [private] ports that only connect to a single uplink.

A managed switch operates at layer 2 (data link) and a router at layer 3 (network). Almost all routers for a long time include a switch, but not
with many features for consumer-grade devices.

I haven't looks for a long time, so I don't know if there are routers
with inbuilt managed switches to let you use one device (and include
wifi access with wifi isolation from LAN ports). In a home setup, you
already have an uplink to the router built into the cable modem.
Instead of a router, use a managed switch before the cable modem. If
you already have a tree of routers, some may be only used as switches,
so those could be replaced with managed switches.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

Lawrence,

Resolving a domain name to an IP normally *does* involve using
the internet - connecting to a DNS server and asking it to translate
the name to its IP.

You have to know what DNS server to contact, though.

The OP said that he could use an URL to connect to his routers configuration page. That means that your "you have to know" isn't part of his problem.

... Though there is a (good) chance that the router will intercept
this particular DNS request ...

There is no "intercept" if the request was directed at the router in the first place.

*Every* internet connection "is directed at" the router. Most all of it
wil effectivily just pass thru.

But to be pedantic about it, *every* connection, in or out a router, is
being "intercepted". You know how a routers address translation,
firewalling and port-forwarding works, don't you ? Yep, every packet gets inspected, and than either rejected or modified before being send on.

Regards,
Rudy Wieser

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On Wed, 10/23/2024 2:29 AM, R.Wieser wrote:

Lawrence,

Resolving a domain name to an IP normally *does* involve using
the internet - connecting to a DNS server and asking it to translate
the name to its IP.

You have to know what DNS server to contact, though.

The OP said that he could use an URL to connect to his routers configuration page. That means that your "you have to know" isn't part of his problem.

... Though there is a (good) chance that the router will intercept
this particular DNS request ...

There is no "intercept" if the request was directed at the router in the
first place.

*Every* internet connection "is directed at" the router. Most all of it
wil effectivily just pass thru.

But to be pedantic about it, *every* connection, in or out a router, is
being "intercepted". You know how a routers address translation,
firewalling and port-forwarding works, don't you ? Yep, every packet gets inspected, and than either rejected or modified before being send on.

Regards,
Rudy Wieser

[Picture]

https://i.postimg.cc/6pT8NWrM/networking-control-panel.gif

Windows automation uses DHCP, but I don't know if Windows knows
immediately how to find the DHCP server. Maybe it's a broadcast protocol,
but I'd have to look that up. The only "address" Windows has, is it
can use the APIPA address if all other configuration attempts fail.

Char tells me, that if I set the gateway to zero, that will disconnect
me from the Internet. I guess that's a kind of hint as to how it works.
If I set the gateway to zero, the theory is I can still network
with the other devices in the room. (Operation is switched rather than routed).

Paul

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

"R.Wieser" <[email protected]d> wrote:

Lawrence,

Resolving a domain name to an IP normally *does* involve using
the internet - connecting to a DNS server and asking it to translate
the name to its IP.

You have to know what DNS server to contact, though.

The OP said that he could use an URL to connect to his routers configuration page. That means that your "you have to know" isn't part of his problem.

... Though there is a (good) chance that the router will intercept
this particular DNS request ...

There is no "intercept" if the request was directed at the router in the
first place.

*Every* internet connection "is directed at" the router. Most all of it
wil effectivily just pass thru.

But to be pedantic about it, *every* connection, in or out a router,
is being "intercepted". You know how a routers address translation, firewalling and port-forwarding works, don't you ? Yep, every packet
gets inspected, and than either rejected or modified before being
send on.

Very true. Even consumer-grade routers have firewalls. They're not
fantastic firewalls, but they afford some protection. The router may
have a QoS (Quality of Service) option to give priority of traffic over
one LAN port over the others, like you hook a VOIP adapter (e.g., Ooma, Obitalk, magicJack) to a LAN port on the router. Then there is the NAT (Network Address Translation) function, if enabled, in a router, like
the router just before the cable modem.

Not only does the router intercept all network traffic that passes
through it, it also has its own DHCP server. Unless you configure your
hosts to use a different DHCP server, typically they use whatever is the upstream DHCP server, and that's the one in the router. The router also
has its own DNS cache. Use GRC's DNS Benchmark to compare your router's
DNS cache to that of your ISP, Google, OpenDNS, Cloudflare, and others
(their tool comes pre-configured with lots of DNS providers that you
might want to remove from its config file since you won't be using them,
and don't need all the noise in the results). You may find the DNS
cache in the router assists your ISP's DNS server; i.e., the DNS cache
in the router will look faster. I configure my Windows DNS settings for
both IPv4 and IPv6 to use, in order, Cloudflare, OpenDNS, Google, and my
router (which defaults to getting its WAN-side IP address and DNS server
from my ISP's DHCP server, so the router, on a failed lookup, will pass
the DNS request to my ISP's DNS server). My ISP's regional DNS server
is not the fastest, plus it has occurred more outages or problems per
year than the others.

The router could intercept a DNS lookup, like to routerlogin.net, or its
setup program could add an entry into your 'hosts' file. The 'hosts'
file gets used before any lookup request sent to a DNS server. Of
course, if an IP address is used, DNS isn't involved at all: not with
'hosts', in your router's DNS cache, or at any DNS server. My shortcut
to get to the router's internal web server uses an IP address, not a
domain.

By the way, routerlogin.net is a registered domain for Netgear. Does
that not mean other routers for other brands would need to use a
different pseudo-domain? I don't have a Netgear router. When I enter routerlogin.net in a web browser, I don't go to my router. There is no
Netgear router with its DNS caching pass-through server intercepting the
DNS lookup nor an entry for Netgear in my 'hosts' file. Instead I hit Netgear's web site. The assumption with Netgear is that you are using a Netgear router, and its setup added a 'hosts' entry, or the Netgear
router intercepted the DNS lookup on the routerlogin.net.

DNS cache normally times out lookups: longer for successful lookups,
shorter for failed lookups. Flushing out old entries is required since
some resources may change their IP addresses. While Windows lets you
configure the success and fail expiration on DNS lookups (effective only
in the OS own DNS Client caching service) via registry settings (I
assume Linux has similar timeout settings for DNS), you're unlikely to
have similar settings in a router. Usually you have to reset, restart,
or power-cycle a router to flush its DNS cache, but that doesn't mean a
flushed DNS cache cannot have preset entries.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

Paul,

Windows automation uses DHCP, but I don't know if Windows knows
immediately how to find the DHCP server. Maybe it's a broadcast protocol,

Yep. Otherwise you would need to find-and-enter the IP address of the DHCP server yourself, and thats contrary what DHCP is ment to do. :-)

Char tells me, that if I set the gateway to zero, that will disconnect
me from the Internet.

Indeed. If the 'puter doesn't know where to send its packets to that are
ment to be put on the internet than, for all intents-and-purposes, your
'puter is cut off from the internet.

If I set the gateway to zero, the theory is I can still network
with the other devices in the room. (Operation is switched rather than routed).

Its not a theory. You can even talk to the router. Its just the
automatic redirection of non-LAN connections thats not happening.

Regards,
Rudy Wieser

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On 10/23/2024 2:26 AM, Mr. Man-wai Chang wrote:

BTW, most recent versions of Firefox don't process HTTP(no "S") URLs by default. You need to use private window or safe mode.

I think THIS might be my problem with the fact I can't connect to the
Netgear EAX80 after resetting it to factory defaults. http://www.downloads.netgear.com/files/GDC/EAX80/EAX80_UM_EN.pdf

That document specifies http (and not https) addresses only. But I can't
for the life of me get the "s" off the Windows Firefox browser's result.

I turned off the encryption in FF and I whitelisted all the addresses too,
but Firefox is stopping me from using http even on an internal IP address.

How do I fix this problem of Windows Firefox insisting everything is "s"?

The procedure for using a Windows web browser on page 16/17 of that
document & the troubleshooting on page 74 are not working - but maybe it's because Windows Firefox won't drop the "s" when I try to connect to the
mesh extender even after I changed to settings to not enforce https and I
even added the suggested mywifiext.net & mywifiext.local addresses into the whitelist (I'm just trying everything - it's that confusing to me).

How is this SUPPOSED to work with these crazy addresses (which are
mentioned 35 times (I'm not kidding!) in the Netgear User Manual. <www.mywifiext.net>
<http://mywifiext.local>
<http://mywifiext.local/>
<http://mywifiext>
<http://193.168.1.3> (you have to guess at the actual IP address though) <http://192.168.1.250> (this is only mentioned once in the pdf document!)

Is there a way to get Firefox to go to those addresses without the "s"?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On 10/22/2024 5:37 PM, David E. Ross wrote:

Normally, a request for domain goes through my router, into my modem,
and out into the Internet to a domain-name server (DNS) to get an IP
address. I suspect that my router -- and yours -- is hard coded to
intercept and recognize <http://www.routerlogin.net/> as being internal
to itself as IP address 192.168.1.1.

Thanks for explaining the hard coding is in the router, which, in this case
was for the main router which used <http://www.routerlogin.net/>.

When I tried to set up the Netgear mesh extenders, they have a DIFFERENT hard-coded address to use which is <http://www.mywifiext.net>.

I had trouble with the extender recognizing that address and when I looked
it up in the user guide, they said many people have that problem, so to try DIFFERENT hard-coded addresses depending on what OPERATING SYSTEM I was on. <http://mywifiext>
<http://mywifiext.local>
<http://192.168.1.250>

This is crazy if you ask me - and I wouldn't blame you if you didn't
believe me that this is what Netgear says to do - so I produce the document that says what appears to me to be one of the craziest ways to do things.

Here is the Netgear EAX80 landing page with the documentation links. https://www.netgear.com/support/product/eax80/

And here's the user manual for that EAX80 wireless mesh extender. http://www.downloads.netgear.com/files/GDC/EAX80/EAX80_UM_EN.pdf

On page 17, they tell you to use <http://mywifiext.net> but Firefox keeps switching that to https even though I added it into the whitelist but
Firefox still attempts to go to an encyrpted https URL even though I
eventually turned off the default settings to only use encrypted URLs.

Troubleshooting further why Firefox can't get to <http://mywifiext.net> on
page 18 they tell you not to use the http - but that changes nothing.

Since Firefox can't access "mywifiext.net" I read further and they suggest
if that address doesn't work, then on page 19 they suggest a few more. <www.mywifiext.net>
<http://mywifiext.local>
<http://mywifiext.local/>
<http://mywifiext>
<http://193.168.1.3> (you have to guess at the actual IP address though)

I have two extenders, one of which finally, after a half hour of trial and error, finally connected where I FORGOT which one of the above worked.

But the other extender doesn't recognize ANY of those hard-coded addresses,
so that's what prompted the question (which I simplified to the main
router).

On page 20 and again on 22 & again on 24 & 25 & 26 & 27 & 28 & 29 & 30 & 32
& 33 & 34, 35, 36, 37, 39, 42, 43, 44, 45, 46, 47, 49, 51, 52, 53, 54, 55,
61, 62, 63, 64, 67, 68-69...(I'm not kidding!) over and over they repeat
these strange addresses in that 78-page document until finally on page 70 there's a section listed for "Cannot Access mywifiext.net".

Since I'm not connecting with Firefox on Windows, I tried the
troubleshooting on page 73 which really just says to keep trying.

Strangely, on page 74 the tell you to use 192.168.1.250 (which also does
not work for me) - but why - all of a sudden - did THAT IP address show up?

They tell me to "log into my router" to find that IP address, but the whole point is that it's NOT CONNECTED to the router yet during setup - so how am
I supposed to do that (I looked at the router's connected devices anyway,
like a good boy doing what I'm told - but it's not connected yet so it's
not there).

Then it tells me to "clear your browser cache and try again".

WTF?

I'm still not connected to the extender even though Netgear repeats all the guesses you're supposed to try, which just sounds ridiculous to me that we
have to guess the address and to try different addresses on different
platforms where my Windows Firefox isn't allowing it to connect. <http://www.mywifiext.net/>
<http://mywifiext/>
<http://mywifiext.local/>
<http://mywifext.local/>
<http://192.168.1.3/> (you're supposed to magically know this address)

Can anyone help me make sense of why Netgear is telling us to basically
guess at the address that is hard coded into their product line?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On 10/22/2024 11:40 PM, Lawrence D'Oliveiro wrote:

IP address 192.168.1.1 is internal.

All listed here <https://www.rfc-editor.org/rfc/rfc1918.txt>.

I simplified the original problem where I wonder if you can look at this? https://kb.netgear.com/29746/I-can-t-access-www-mywifiext-net-what-do-I-do

I have set up the router already, and one of the Netgear EAX80 wifi
extenders but I can't set up the second exact same EAX80 extender (with the first one turned off so I'm sure I'm trying to connect to the second one).

Even the first extender took an hour or so of "guessing" where I changed operating systems and I changed browsers and addresses until finally, one
of the guesses finally worked.

But not with the second Netgear EAX80 which I am trying to troubleshoot why
I can't connect from a Windows Firefox to the EAX80 with all three devices
in the same room (router, computer & extender).

My problem is I can't troubleshoot well when I don't understand why Netgear gives us about a half dozen "guesses" to make which are DIFFERENT guesses depending on what operating system we're on (all using Firefox browsers).

I simply do not understand these strange Netgear-specific web addresses.
Why would the operating system determine which address Firefox uses?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On Wed, 10/23/2024 9:44 AM, Larry Wolff wrote:

<http://192.168.1.250> (this is only mentioned once in the pdf document!)

Is there a way to get Firefox to go to those addresses without the "s"?

Use wget or curl. A browser is not the only way to attack port 80.

https://alternativeto.net/software/wget/

Paul

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On Wed, 23 Oct 2024 06:52:16 -0400, Paul <[email protected]d> wrote:

Windows automation uses DHCP, but I don't know if Windows knows
immediately how to find the DHCP server. Maybe it's a broadcast protocol,
but I'd have to look that up. The only "address" Windows has, is it
can use the APIPA address if all other configuration attempts fail.

Char tells me, that if I set the gateway to zero, that will disconnect
me from the Internet. I guess that's a kind of hint as to how it works.
If I set the gateway to zero, the theory is I can still network
with the other devices in the room. (Operation is switched rather than routed).

When I want to remove a host or device from the Internet, I just remove its default gateway rather than setting it to an invalid value. Both ways work, though. (When you say zero, I assume you mean 0.0.0.0)

On a slightly more advanced topic, if you want to remove Internet access in general, while retaining Internet access to one or more specific destinations, you can do that by removing the default gateway and then adding a static route for each of those specific destinations.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On Tue, 22 Oct 2024 23:00:16 -0500, VanguardLH <[email protected]> wrote:

Char Jackson <[email protected]d> wrote:

On Tue, 22 Oct 2024 12:10:19 -0500, VanguardLH <[email protected]> wrote:

For example, I want my computers in a different subnet than for those
of my family, so I assign IPs to my computers using a MAC rule. I
also don't want them using my computer(s), so I don't allow traffic
across subnets: they have their subnet, I have mine, and the twain
shall not meet.

Does your router support multiple subnets, or are you using multiple
routers, or something else? I have multiple subnets on my physical
LAN, but I only do that via stacked static IPs. Those extra subnets
don't have Internet access. Meanwhile, in my VMware virtual
environment, I have well over a hundred subnets and most of them
have, or can have, Internet access via VMware's NAT function.

Just curious to hear how you do it. You already explained the why.

Sorry, I meant port isolation. Some managed switches have an option to >restrict taffic between ports.

OK, gotcha. At $DAYJOB 99.999% of the switches are managed, but I don't use managed switches at home. I believe some of the FOSS projects, like dd-wrt and OpenWrt and possibly pfSense, offer port isolation, but I've never needed the feature in that setting. Instead, I just use a different subnet to achieve isolation. Security through obscurity. Not good enough for the enterprise, but good enough for the home. If my primary LAN is at 192.168.11.0/24 and I want to have access to a super secret NAS that no one else will have access to, I just configure the NAS to be on a different subnet, say 192.168.32.0/24 (the mask could be much tighter), then I add a corresponding IP to my local NIC and Bob's your uncle. One of my most-used networking features on Windows is the capability
to add additional IP addresses to a specific NIC.

You can configure which LAN ports can
connect to each other with all them having access to an uplink. Easier
than having to use a tree of routers (acting as a switch) that restrict >traffic to only the hosts connected to it, and them going to a top
router that only connects ports to the WAN port to pass traffic out to
the Internet.

I've done the multiple router thing, probably in the late 1990s, and while it works, it doesn't seem like a clean solution. Back then, port forwarding was a big thing, so cascaded routers also complicated that. Nothing you can't work through, but not worth the hassle, IMHO.

https://www.tp-link.com/us/support/faq/525/

It can also be called traffic segmentation, as in:

https://support.dlink.com/resource/PRODUCTS/DGS-1100-SERIES/DGS-1100-05_05PD_08_08P_REVB_MANUAL_v2.21_WW_EN.pdf
Security > Traffic Segmentation, page 36.

Some wifi routers can also let you isolate traffic between wifi hosts
and wired hosts.

I've seen that. That's not a feature that I can make use of.

https://support.denon.com/app/answers/detail/a_id/3746/~/wireless%2C-ap-or-client-isolation

VLAN (aka Private LAN) is another method to isolate hosts. A VLAN has >switched [private] ports that only connect to a single uplink.

Yup, we use VLANs extensively at work. Remember the VLAN hopping vulnerability from 15-20 years ago, where a bad actor double stacks the VLAN tag? Traffic hits
the first switch, which strips off the (supposedly only) VLAN tag, exposing the next VLAN tag. That traffic then hits the next switch, which dutifully puts the traffic on the other VLAN, and now the traffic is where it should never be. I think a buddy from Juniper showed me that trick in the early 2000s. https://en.wikipedia.org/wiki/VLAN_hopping

A managed switch operates at layer 2 (data link) and a router at layer 3 >(network). Almost all routers for a long time include a switch, but not
with many features for consumer-grade devices.

I haven't looks for a long time, so I don't know if there are routers
with inbuilt managed switches to let you use one device (and include
wifi access with wifi isolation from LAN ports).

As mentioned above, I think dd-wrt and OpenWrt might offer all of that. It wouldn't surprise me if pfSense can, as well. That thing can do almost everything network-related.

In a home setup, you
already have an uplink to the router built into the cable modem.
Instead of a router, use a managed switch before the cable modem. If
you already have a tree of routers, some may be only used as switches,
so those could be replaced with managed switches.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On Wed, 10/23/2024 9:30 AM, Larry Wolff wrote:

On 10/22/2024 5:37 PM, David E. Ross wrote:

Normally, a request for domain goes through my router, into my modem,
and out into the Internet to a domain-name server (DNS) to get an IP
address. I suspect that my router -- and yours -- is hard coded to
intercept and recognize <http://www.routerlogin.net/> as being internal
to itself as IP address 192.168.1.1.

Thanks for explaining the hard coding is in the router, which, in this case was for the main router which used <http://www.routerlogin.net/>.

When I tried to set up the Netgear mesh extenders, they have a DIFFERENT hard-coded address to use which is <http://www.mywifiext.net>.

I had trouble with the extender recognizing that address and when I looked
it up in the user guide, they said many people have that problem, so to try DIFFERENT hard-coded addresses depending on what OPERATING SYSTEM I was on. <http://mywifiext>
<http://mywifiext.local>
<http://192.168.1.250>

This is crazy if you ask me - and I wouldn't blame you if you didn't
believe me that this is what Netgear says to do - so I produce the document that says what appears to me to be one of the craziest ways to do things.

Here is the Netgear EAX80 landing page with the documentation links. https://www.netgear.com/support/product/eax80/

And here's the user manual for that EAX80 wireless mesh extender. http://www.downloads.netgear.com/files/GDC/EAX80/EAX80_UM_EN.pdf

On page 17, they tell you to use <http://mywifiext.net> but Firefox keeps switching that to https even though I added it into the whitelist but
Firefox still attempts to go to an encyrpted https URL even though I eventually turned off the default settings to only use encrypted URLs.

Troubleshooting further why Firefox can't get to <http://mywifiext.net> on page 18 they tell you not to use the http - but that changes nothing.

Since Firefox can't access "mywifiext.net" I read further and they suggest
if that address doesn't work, then on page 19 they suggest a few more. <www.mywifiext.net>
<http://mywifiext.local>
<http://mywifiext.local/>
<http://mywifiext>
<http://193.168.1.3> (you have to guess at the actual IP address though)

I have two extenders, one of which finally, after a half hour of trial and error, finally connected where I FORGOT which one of the above worked.

But the other extender doesn't recognize ANY of those hard-coded addresses, so that's what prompted the question (which I simplified to the main
router).

On page 20 and again on 22 & again on 24 & 25 & 26 & 27 & 28 & 29 & 30 & 32
& 33 & 34, 35, 36, 37, 39, 42, 43, 44, 45, 46, 47, 49, 51, 52, 53, 54, 55, 61, 62, 63, 64, 67, 68-69...(I'm not kidding!) over and over they repeat these strange addresses in that 78-page document until finally on page 70 there's a section listed for "Cannot Access mywifiext.net".

Since I'm not connecting with Firefox on Windows, I tried the
troubleshooting on page 73 which really just says to keep trying.

Strangely, on page 74 the tell you to use 192.168.1.250 (which also does
not work for me) - but why - all of a sudden - did THAT IP address show up?

They tell me to "log into my router" to find that IP address, but the whole point is that it's NOT CONNECTED to the router yet during setup - so how am
I supposed to do that (I looked at the router's connected devices anyway, like a good boy doing what I'm told - but it's not connected yet so it's
not there).

Then it tells me to "clear your browser cache and try again".

WTF?

I'm still not connected to the extender even though Netgear repeats all the guesses you're supposed to try, which just sounds ridiculous to me that we have to guess the address and to try different addresses on different platforms where my Windows Firefox isn't allowing it to connect. <http://www.mywifiext.net/>
<http://mywifiext/>
<http://mywifiext.local/>
<http://mywifext.local/>
<http://192.168.1.3/> (you're supposed to magically know this address)

Can anyone help me make sense of why Netgear is telling us to basically
guess at the address that is hard coded into their product line?

Installation Assistant EAX80

https://community.netgear.com/t5/WiFi-Range-Extenders-Nighthawk/EAX80-Setup-problem-no-internet/td-p/2323268

Fuck me, Nighthawk *mobile* App. Only for the Head Down Tribe.

https://www.youtube.com/watch?v=bmnpGXXMPe4

Grab manual.

https://www.downloads.netgear.com/files/GDC/EAX80/EAX80_UM_EN.pdf

Windows-based computers. http://mywifiext.local/ or http://mywifiext/ # Just great

This is just to try something which is not a browser, and may have
different rules about what it does behind your back. Only occasionally
do I have to resort to this. I can find copies of this in my wsusoffline download
or in the Mozilla build kit for building a browser for yourself. It may also be available in bash shell (WSL2/WSLg) on your Windows box.

wget.exe --output-file=D:\some.txt http://mywifiext.local/

Your Windows computer relies upon an IP address and a netmask.
For example, if I am 192.168.1.50 and the Netgear happens
to be on 192.168.56.1 , then a netmask of 255.255.255.0 is
not going to work. On Windows, there is a powershell command
to change the netmask to make it wider, like 255.255.0.0,
and then 192.168.56.1 is reachable. Since you have already
reached the other pieces of junk, this likely isn't required.

# This sets a temporary netmask good for the remainder of the session (whatever that means).

Get-NetAdapter -physical # Obtain IfIndex for the PC interface needing the fix. "11" in this case.

Ethernet 3 RealTek Network Connec... 11 Up AA-BB-CC-DD-EE-FF 1 Gbps

Set-NetIPAddress -InterfaceIndex 11 -PrefixLength 16 # Prefix length 16 is 255.255.0.0
# Prefix length 24 is 255.255.255.0
# This is not a permanent change.

ipconfig # Verify the subnet mask is now wider (255.255.0.0)

It takes two commands, as the first command provides an identifier not otherwise available.
Normally, for the physical interface specification, there aren't too many of them,
whereas for virtual network interfaces there could be quite a few (as seen in Task Manager).

"extender’s default IP address, which is 192.168.1.250"

[but it can be set to other values - some previous customer could have set it, or device is dead]

While you can carry out a scan (like a scan of 65536 addresses while using fping and a wider netmask), I don't recommend doing that. My track record
with such desperation, is most likely the item is dead or doesn't have
power or something, and the scan hardly ever works. My bricked router
turned out that way. Scanned all three ranges, it just gave me the finger.

It would be encouraging, if the device had any sort of network
status lights, and you could see them blinking as if the device
was hunting for a partner. The question then is, whether you could
learn anything by using Wireshark. Again, track record not good, not
very likely that the device will show you what it thinks of you.

Summary: Situation is not impossible. But methodical ways of fixing it,
hardly ever reward the effort. Usually, it's something stupid,
something not plugged in, some misunderstanding about what step is
first and so on. If you haven't got the manual, there is a PDF, but
a quick scan sees a *lot* of repeated text, so it's not chock full
of goodness.

Paul

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On Wed, 23 Oct 2024 06:52:16 -0400, Paul wrote:

Windows automation uses DHCP, but I don't know if Windows knows
immediately how to find the DHCP server. Maybe it's a broadcast
protocol ...

Everybody knows how to use DHCP. You start by grabbing a temporary address
in the nonroutable 169.254/16 range, then do a subnet-local broadcast (to
the 255.255.255.255 address) to find a DHCP server. Once it replies “here
I am”, the protocol takes it from there.

<https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On Wed, 23 Oct 2024 07:56:19 -0500, VanguardLH wrote:

Even consumer-grade routers have firewalls.

They may be just packet filters, that block/allow traffic based on source/ destination address and port, nothing more.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On Wed, 23 Oct 2024 08:29:24 +0200, R.Wieser wrote:

*Every* internet connection "is directed at" the router.

No. That’s the difference between layer 3 (network) and layer 4
(transport) in the protocol stack.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

Lawrence,

*Every* internet connection "is directed at" the router.

No. That's the difference between layer 3 (network) and layer 4
(transport) in the protocol stack.

"The difference" ?

Do tell how those two have anything to do with my assertion that internet connections are (need to be) directed to go to the router.

Regards,
Rudy Wieser

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

Lawrence,

Everybody knows how to use DHCP.

"Everybody knows" ? Really ?

Most people already have a problem with finding their favorite app back when the icon isn't on the desktop/smartphone screen anymore. And those people should know anything about something which (normally) works without them
having to lift a finger ?

IOW, pull the other one.

Also, what is the chance that you have even spoken to a percentile of a percentile of even just your own countries (let alone the worlds)
inhabitants to confirm they know what DHCP is all about ? I'm quite
convinced that even the chance for that is Zero.

Bottom line: don't try to pump up the validity of your own thoughts with
(fully unsupported) absolutes like that.

You start by grabbing a temporary address in the nonroutable 169.254/16 range,

And do what with it ? Also, what about grabbing one thats already in use
?

then do a subnet-local broadcast (to the 255.255.255.255 address) to find
a DHCP server

Just finding ? Not really.

Once it replies "here I am", the protocol takes it from there.

"The protocol" ? Pray tell what, to you, thats supposed to be ? And why should it take over your DHCP conversation ? Have you told it it should ?

Also, there is no "here I am" response. If all goes well you receive a DHCPOFFER packet, containing everything you need to configure your 'puters
IP and mask, as well as some others. Don't forget to finish the
conversation though.

Regards,
Rudy Wieser

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On 24.10.24 00:56, Lawrence D'Oliveiro wrote:

On Wed, 23 Oct 2024 07:56:19 -0500, VanguardLH wrote:

Even consumer-grade routers have firewalls.

They may be just packet filters, that block/allow traffic based on source/ destination address and port, nothing more.

This is exactly the definition of a firewall. Usually even reduced to
incoming traffic.

--
"De gustibus non est disputandum."

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On Thu, 24 Oct 2024 09:36:01 +0200, R.Wieser wrote:

On Thu, 24 Oct 2024 04:55:58 -0000 (UTC), Lawrence D'Oliveiro wrote:

On Wed, 23 Oct 2024 06:52:16 -0400, Paul wrote:

Windows automation uses DHCP, but I don't know if Windows knows
immediately how to find the DHCP server. Maybe it's a broadcast
protocol ...

Everybody knows how to use DHCP.

"Everybody knows" ? Really ?

Hint: the person I was replying to said “Windows knows”. “Windows” is not
a person.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On Thu, 24 Oct 2024 07:37:21 -0400, Jörg Lorenz wrote:

On 24.10.24 00:56, Lawrence D'Oliveiro wrote:

On Wed, 23 Oct 2024 07:56:19 -0500, VanguardLH wrote:

Even consumer-grade routers have firewalls.

They may be just packet filters, that block/allow traffic based on
source/destination address and port, nothing more.

This is exactly the definition of a firewall.

No. Firewalls do smarter things, like monitor for suspicious activity.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On 24.10.24 17:08, Lawrence D'Oliveiro wrote:

On Thu, 24 Oct 2024 07:37:21 -0400, Jörg Lorenz wrote:

On 24.10.24 00:56, Lawrence D'Oliveiro wrote:

On Wed, 23 Oct 2024 07:56:19 -0500, VanguardLH wrote:

Even consumer-grade routers have firewalls.

They may be just packet filters, that block/allow traffic based on
source/destination address and port, nothing more.

This is exactly the definition of a firewall.

No. Firewalls do smarter things, like monitor for suspicious activity.

Nope.

--
"De gustibus non est disputandum."

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On 24.10.24 17:08, Lawrence D'Oliveiro wrote:

On Thu, 24 Oct 2024 07:37:21 -0400, Jörg Lorenz wrote:

On 24.10.24 00:56, Lawrence D'Oliveiro wrote:

On Wed, 23 Oct 2024 07:56:19 -0500, VanguardLH wrote:

Even consumer-grade routers have firewalls.

They may be just packet filters, that block/allow traffic based on
source/destination address and port, nothing more.

This is exactly the definition of a firewall.

No. Firewalls do smarter things, like monitor for suspicious activity.

LOL: You mean Norton Security?


--
"De gustibus non est disputandum."

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

J�rg Lorenz wrote:

On 24.10.24 17:08, Lawrence D'Oliveiro wrote:

On Thu, 24 Oct 2024 07:37:21 -0400, Jörg Lorenz wrote:

On 24.10.24 00:56, Lawrence D'Oliveiro wrote:

On Wed, 23 Oct 2024 07:56:19 -0500, VanguardLH wrote:

Even consumer-grade routers have firewalls.

They may be just packet filters, that block/allow traffic based on
source/destination address and port, nothing more.

This is exactly the definition of a firewall.

No. Firewalls do smarter things, like monitor for suspicious activity.

LOL: You mean Norton Security?

Maybe he means apple firewall?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

On Thu, 24 Oct 2024 19:56:29 -0400, Jörg Lorenz wrote:

On 24.10.24 17:08, Lawrence D'Oliveiro wrote:

No. Firewalls do smarter things, like monitor for suspicious activity.

LOL: You mean [Windows crap]?

Think of something like fail2ban. The Linux kernel implements a
sophisticated network stack, with the option for filtering packets based
on a variety of rules. But it only implements mechanism, not policy; it is
up to higher-level userland tools to use those mechanisms to implement particular user-chosen policies.

So fail2ban monitors various kinds of system activity, looking for
suspicious patterns according to user-configurable rules (e.g. repeated
failed logins to particular services); when it detects what looks like an attack attempt, it puts packet-filtering rules in place to block that
attack, for some configurable time interval.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

Lawrence.

Everybody knows how to use DHCP.

"Everybody knows" ? Really ?

Hint: the person I was replying to said "Windows knows". "Windows"
is not a person.

:-) And you have no clue what the OP ment there ? Really ?

But you than thought that after replacing "windows" with "everyone" it would still mean what the OP intended ? Really ?

Don't play stupid, kid.

And I see you didn't respond to any of the other ... mistakes you made.
Yeah, nobody notices that either. :-)

Regards,
Rudy Wieser

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

Jörg Lorenz wrote:

No. Firewalls do smarter things, like monitor for suspicious activity.

LOL: You mean Norton Security?

LOL, 20 years ago or so I worked as PC technician.
I did a TCP benchmark before and after installing Norton Security snake oil. The TCP throughput dropped from 100% to 60%.

ciao...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)