Some clients, who live far, far away, have a tangled home LAN that I believe I will be drafted to fix in late summer.

AFAIK, the topology is like this:

[cable modem] –> [non-apple wireless router + 5 port hub] –> Apple OS X PowerBook, Wintel Latop B, Wintel Box C, Wintel Box D

I believe A(pple) and B are wirelessly on the LAN, while C and D are wired to the hub. I believe they have a shared printer, but don’t know if it’s running off a computer, a print server, or has an ethernet connection. I suspect it’s a locally-shared printer running off of one of the wired Wintels. Roadrunner is the cable provider.

I believe they just plugged in the router and the AP and turned them on. They got the wireless hub a few years after the cable router modem. They’ve complained to me of a mysterious, troubleshooting-resistant inability to establish a VPN to his employer, something that ‘just happened.’

I have been unable to traceroute back to their machines; the trace stops at the cable modem. The net effect of this is that I can’t set up VNC to look directly at their computers’ settings.

I strongly suspect that both the router modem and the AP are acting as DHCP servers; I believe this would account for the network problems they’ve mentioned. They said “Huh?” when I asked if their cable provider had given them docs on configuring the cable modem (to do things like setting up port forwarding, for example).

A series of questions, then:

Given a stable, if reerky, IP topology like this:

192.x.x.x -> 172.x.x.x ->,, …


  • the 172-class number is a DHCP-assigned address from the 192-class modem
  • and the 10-class addresses are assigned from the AP

[UPDATE: it’s unclear if the cable modem is a router itself or if DHCP was provisioned to the home via the ISP’s DHCP on the other side of the modem.]

1. is it going to be possible to set up a dynDNS solution that allows me to use VNC?

2. Do non-VNC remote screen viewers (Apple Remote Desktop and Timbuktu) provide an iChat-like way to route the data through spaghetti LANs so that I can see the local settings and work the problem without going there?

3. What will my options be regarding the cable modem? Can I just replace it with the router, if the hardware connections work? Alternatively, to what extent are Roadrunner cable modems user-configurable?

I am not planning on setting up any outward-facing servers, so I do not believe there’s even a potential violation of the cable provider’s TOS (WiFi notwithstanding).

Finally, in order to do this, I must brush up on my Wintel networking skillz. I’d love to hear some book recommendations.

8 thoughts on “LAN ho!

  1. Some thoughts…

    First, I’ve experienced problems when I’ve had multiple NAT hops between me and my VPN host (which is probably what the AP is doing in this case In some cases this is as simple as forcing the AP to allow IPSec routing (I’ve had problems with older airports in this regard, but so far none with my Linksys).

    Secondly, depending on the class of Windows machine, one of them -might- be trying to function as a DHCP server; this is unlikely, but possible.

    There are combo cable modem/wireless routers available from a few providers – I think Netgear and Linksys both have them. No experience here in using them, but I can ask around.

    Finally, many cable ISPs offer combined router/modem solutions as a package – I note that RR claims (but doesn’t make very available in documentation on their site) to have a “Home Networking” option for people with multiple computers. Alternately, colleagues have just opted for business class service from their cable provider to get around some of these restrictions (in that they get multiple fixed IPs, etc). YMMV, but that may remove some of the baling wire.

  2. It’s for moments of clarity and wisdom like that that you are so highly valued in the workplace, Goldie.

    (Congrats, btw)

  3. Hm, that’s interesting. It implies that the failing VPN is due to the service being blocked by RR, in the interest of forcing an upgrade to the Home Networking option.

    $14.95 additional for the privilege of running a wireless access point! The nerve of these pirates!

    (Unless I misinterpret.)

  4. –Too many NATs! To route Timbuktu through you have to set up port forwarding on all the devices–they have a FAQ about it at I believe it is the same with VNC: port forwarding, no slick iChat-type solution. So, yes, theoretically, you should be able to use your_dynDNS_name:port# to do VNC.

    Where does the 192.x.x.x come from? You don’t mean it’s the WAN IP do you? The 4 or 5 cable modems I’ve seen here were not routers.

    If you want, you can maybe put the AP/router in bridging mode and let the ISP assign a unique IP to each computer. But then you lose the benefits of a NAT table, and OS X/Windows file sharing will probably break (Comcast’s cable modems won’t support it on the hub level).

    No answers, just a bunch of random information.

  5. Most home routers such as the one mentioned allow you to turn on remote administration. Might be of some assistance. Also, couldn’t you ssh into one of the Macs? If you can turn on port forwarding from the router piece (trivial to do), then you can run VNC over ssh.

  6. I work for the help desk of a global company. I just started here recently and have noticed that many users from Rochester, NY that use Roadrunner are not able to get past the IPSEC initializing. Our Network techs do not help these users and refer them right back to Roadrunner. The users having the problems connecting to our VPN I have noticed are the ones that have their PC directly connected to the RR cable modem.

    I want to be able to relay some helpful information back to them. Is it safe to say that if they use a Linksys router that they will be able to connect? OR do they need to replace the RR modem with a Linksys, Netgear, etc?

    I know its RR because I have had users dial-up and then connect to the VPN successfully. Any info or reply would be greatly appreciated.



Comments are now closed.