PDA

View Full Version : Blocking my HR10-250 from mother ship

Butch
01-10-2008, 07:51 PM
I have an hr10-250 all modded out.

Router is 192.168.0.10

Tivo ip is
IP Address 192.168.0.180
Netmask 255.255.255.0
Default Gateway 192.168.0.10
DNS Server 192.168.0.10

In my rc.sysinit.author file I have

route add -host 204.176.49.2 gw 127.0.0.1
route add -net 204.176.49.0 gw 127.0.0.1 netmask 255.255.255.0
fakecall.tcl

On my router I have all the tivos blocked from the INTERNET. But I see from the routers logs

Drop UDP packet from LAN 192.168.0.180:1025 24.226.10.193:53 Rule: deny
Drop UDP packet from LAN 192.168.0.180:1025 24.226.10.194:53 Rule: deny
Drop UDP packet from LAN 192.168.0.180:1025 24.226.1.93:53 Rule: deny

Lots of these all from my tivos. Good thing I have there ips blocked.
I believe this might be slowing down my network with all these dropped packets every so often especially when having more then 7 TiVos

In telnet I type :route
route_info, afname=inet, options=33
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
204.176.49.2 localhost.local 255.255.255.255 UGH 0 0 0 lo
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
204.176.49.0 localhost.local 255.255.255.0 UG 0 0 0 lo
default 192.168.0.10 0.0.0.0 UG 2 0 0 eth0


My question is.. Am I missing something else that should be done because obviously it is trying to connect vie network.
Jamie
01-10-2008, 10:20 PM
Drop UDP packet from LAN 192.168.0.180:1025 24.226.10.193:53 Rule: deny
Drop UDP packet from LAN 192.168.0.180:1025 24.226.10.194:53 Rule: deny
Drop UDP packet from LAN 192.168.0.180:1025 24.226.1.93:53 Rule: deny

Port 53 is DNS. It looks to me like your tivo's are simply trying to resolve host names to ip addresses. This is normal. Blocking that traffic could cause delays on your tivo (for example, the old slow NowPlaying list problems with a misconfigured DNS server). If you have a local DNS server, you could point the tivos there instead.
dave7101
01-10-2008, 10:47 PM
the question is, why are you blocking it? Mine have all been hacked for years, and they dial up via network as they please... never ever had an issue.
Butch
01-10-2008, 11:07 PM
On my Router I Disabled
DNS Relay

Nothong more in the logs know even though I have every checked for log settings.
System Activity
Debug Information
Attacks
Dropped Packets
Notice

Does this sound correct.. or is it that the tivos are still trying to do the DNS stuff but the router is not logging it?

UPDATE
XXXseems turning off DNS RELAY has stoped computer to connect to internet properly. I had to turn it back on
ENDS up I had to reset ip on computer end (repair)

Found this web site
http://www.dslreports.com/forum/remark,12648061

UPDATE>>>>>>>>>>>>
STILL GETTING LOGS even with DNS RELAY DISABLED
UDP packet from LAN 192.168.0.203:1024 192.168.0.10:53 Rule: deny
but as you see know its blocking it to the router ip 192.168.0.10
jt1134
01-10-2008, 11:31 PM
the question is, why are you blocking it? Mine have all been hacked for years, and they dial up via network as they please... never ever had an issue.

There's several reasons. It just depends on your situation. For example, if you're running 6.2x on a directivo and let the box call home, your box will grab certs that will kill MRV. There's also showcase tokens that will reappear if you had previously gotten rid of them. I only let mine phone home if I'm trying to grab slices.
Butch
01-10-2008, 11:36 PM
So
if I turn OFF DNS RELAY then the tivos hound the router for a DNS # on port 53

if I turn ON DNS RELAY then the tivos hound the INTERNET for DNS # on Port 53 because I have the Router blocking the TiVos from the INTERNET.
Should I just allow port 53 from the tivo goto the INTERNET?

Also with the DNS RELAY off my computer web surfing is awesomely fast compared to it turn on.

I have the DNS set on each tivo to the routers ip. SHould this be set to something else.. I will look into a dns server.

NOTE all the tivos are HR10-250 and one stand alone tivo.
http://www.dealdatabase.com/forum/showthread.php?p=289613&highlight=dns+server#post289613
reading around they talk about this problem with MRV but we are not using MRV but are using HME
jt1134
01-11-2008, 12:06 AM
There's probably no easy way to keep your boxes from trying to call out, and what you're doing should be sufficient to actually keep them from connecting to tivo.
Butch
01-11-2008, 12:17 AM
Should I set the TiVos DNS Server to 127.0.0.1 or 0.0.0.0
This making the tivo not bother with the network traffic with DNS?

Testing know .. setting to 0.0.0.0

Seems to work good.
Bringing up the Now Playing List is nice and fast know.
Seems to be no more network 53 DNS traffic know but will have to wait a little longer to be exact.