View: 3678|Reply: 8
|
Network Tutorial: Sharing with a Broadband router
[Copy link]
|
|
Broadband Router Guide for the home and small office
The basic idea behind a broadband router is to allow two or more computers to share In internet connection using a technology called NAT - network address translation . With only a single IP address on the Internet, all of the computers in your home can be on the Internet at the same time. Additionally, NAT naturally acts as a rudimentary firewall by masking the true IP address of our computer - thus helping to keep your systems safe from hackers.
Broadband routers can be as easy or as complex as you want them to be. Available for less than $75 now , a basic model can extend your Internet to all the computers in your home. If all you do is surf and write e-mail, a simple broadband router is both easy to install and ZERO maintenance. For the more adventurous, manufacturers have added a myriad of options and features that can delight, confuse and confound us.
Broabdand Router Areas
Router Features Guide
Sharing Files once your Router is running
Routers are not Perfect
Not all applications work well with broadband routers. If hosting internet games is an integral part of your computing experience, a broadband router may sometimes get in your way. Most broadband routers support the big games like HalfLife and Quake, but support for more esoteric games can vary from manufacturer to manufacturer. In general you get what you pay for in broadband routers.
Other special network applications may also have problems across a broadband router. Applications like NetMeeting may not work at all! This should not keep you from purchasing a broadband router, just realize that applications other than web, ftp and other standards may need some work to get going.
Other Areas of Interest
NAT, Network address translation explained
Port Forwarding / DMZ Explained
Hub with multiple-IP address
Sharing AOL
[ Last edited by Remy_3D on 21-2-2004 at 10:37 PM ] |
|
|
|
|
|
|
|
The Broadband Router Features Guide
WAN Connectivity
The first thing you should consider is WAN connectivity, AKA your Internet connection type. Make sure that the broadband router selected supports the type of Internet connection you have. Ethernet connections for cable and DSL modems are the most popular.
Internet WAN Connection Types
RJ-45 Ethernet (cable, dsl, fiber, starband two-way sattelite, etc)
Serial: Dial-up analog modem
Serial: ISDN
USB cable DSL modems are generally not supported (with a couple of exsceptions)
One-way cable modems are not supported
One way satellite is not supported
Cable Modems (two way)
Cable modems can require special configurations if you have @Home or RoadRunner. @Home requires a 'host name' setting to be configured in your router. Roadrunner can require that you type in your original MAC address of your network card into the router itself (sometimes called spoofing). All modern broadband routers support these settings.
DSL Modems
Some DSL modems use PPPoE, a special kind of data transfer protocol to communicate. Most modems support PPPoE very well. If your DSL provider mentioned anything about 'multi-session' PPPoE then you may want to look for a multi-session broadband router for added functionality (this is very rare).
Satellite Two-Way internet service
This service should work just fine with any broadband router as long as you have an ETHERNET version of the satellite modem. Some 2-way sattelite services are USB and therefore will NOT work with a typical broadband router. Note: Using a router with a sattelite service may dramatically decrease your broadband performance. (see http://www.starbandusers.com/ )
Fiber to the home
Some new communities are offering fiber to the home. This is often a 2-10Mbps connection to the Internet. Your connection point will be a standard RJ45 ethernet connection. Any broadband router should work fine. If you are lucky enough to have a connection over 2Mbps or so, be sure to look into a fast broadband router. Many routers will peak around 3Mbps or less.
Serial 56K Dial-up modem
(POTS or Plain Old Telephone Service) Some routers have serial ports that support analog dial-up modems (56k modems). Most often, the use of a dial-up modem on a router is for Internet connection backup purposes.
Serial ISDN modem support
Many routers that have serial ports support ISDN connections. The ISDN connection might be used as a primary or backup internet connection.
USB Modems
There are a few rare broadband routers that support specific USB DSL modems. Be very careful when purchasing a router for your USB modem - it must specifically support your modem and service.
Connection Bonding or Teaming
A few rare routers support more than one broadband connection at once. For some networking applications the bandwidth of both Internet connections can be utilized. This is an uncommon practice but it does exist. NexLand supports a connection teaming technology and Compex supports a parallel broadband technology.
NAT
All broadband routers support NAT , or network address translation. This is what allows all your computers to share a single IP address on the Internet.
If you plan to host many servers through your router and expose them on the internet, you may want to look into a router with Multi-NAT functionality. Multi-NAT provides the ability to utilize more than one IP address on the internet for INCOMMING communications. It does nothing for outgoing communications. In short, you could run two web servers on port 80, one on each IP address.
Standard NAT - all outbound and inbound traffic happens on a single IP address
Multi-NAT - all outbound traffic is on a single ip address, support for traffic on multiple ip address is supported |
|
|
|
|
|
|
|
LAN Selection
LAN Connectivity
The next decision you need to make is for LAN connectivity. How will the computers on your LAN connect to your router? If all the computers are in the same room, 10/100 Ethernet is fine. If your computers are spread out over the house, the choice becomes more difficult.
If you purchase a router that only has wired Ethernet and want to add wireless or HPNA connectivity later, devices are available that allow the 'bridging' of networks together.
A new bread of broadband routers from a couple manufacturers feature empty PCCard slots that allow you to add wireless or HPNA networking later. There may also be bluetooth cards available in the future.
Ethernet
NEARLY all routers have one or more Ethernet ports for your LAN. 10/100 Ethernet is the most standard networking type. If the router does not have enough ports, you can always connect an Ethernet hub or switch to your router for more ports. Some routers only come with one port (no switch built in) and expect you to add a hub/switch or connect your existing one.
HPNA 2.0
HPNA, or Phoneline networking , runs at 10Mbps. It uses your existing telephone line infrastructure in your home for computer networking. The networking in no way interferes with your voice telephone or DSL service. Many home networking 'gadgets' like stereo component MP3 players have phoneline networking built in.
Wireless Ethernet - 11Mbps
The most popular wireless standard is 11Mbps 802.11b. Every router manufacturer has 802.11b equipment available. A router that supports 802.11b is referred to as an 慳ccess point |
|
|
|
|
|
|
|
Admin Feature
Router Administration
Most broadband routers have web interfaces these days. Just point your browser at the router and away you go. Sometimes these admin interfaces to not encompass the full range of router features and must be supplemented by occasional telnet sessions. Additionally, a few routers require Windows applications to administer them making them unsuitable for Mac and Linux only networks.
Web Administration
Administration through a web interface is almost a must these days. Not every administration interface is perfect though. For instance, some routers require you to telnet to the router to alter some built in filters - no web interface is available for these functions.
Telnet interface administration
Telnet is an old communication method built into most operating systems. From a command prompt, type 'TELNET 192.168.0.1' or whatever your router IP address is to bring up the text interface. Sometimes telnet interfaces expose much more functionality in a router than what is available in the web interface - occasionally to the router operating system itself.
Windows Application
Some routers require a Windows application to configure them. If you only have Mac or Linux computers, this kind of router is not suitable for your network. Routers that require windows applications often have advanced features unavailable in web interfaces like detailed logging.
SNMP
Some routers also expose SNMP interfaces. SNMP (simple network management protocol) is a standardized interface for networking products. There are many programs available that allow you to manage SNMP devices. SNMP management would be considered 慹xpert |
|
|
|
|
|
|
|
Configuration Features
Basic Router Configuration
All broadband routers have DHCP servers built in. This allows for automatic IP configuration of your computers. Some routers do not give you much control over how the automatic configuration of your lan works. Here are some things to look for
The Install
To make the install go easier, a few manufacturers have started including setup videos, either VHS or CDROM抯 with Windows Media. Other routers include setup wizards in the HTML interface itself. This is great for first time users.
IP Schema
Can you modify the default ip schema? Most routers come configured to set your lan up in the 192.168.0.x range. Routers that let you change at least the last two octets (192.168.x.x) are much more useful as your network becomes more complex. There is also a security benefit to changing your IP schema away from the default.
IP Range
Some routers allow you to specify a 憆ange |
|
|
|
|
|
|
|
Port Forwarding Features
Port Forwarding / Virtual Servers
Port forwarding allows people on the Internet to get to a server on your lan in a very restricted way - like a single port or range of ports. A typical web server needs only single port to function so why expose the whole machine to the internet? Using port forwarding, one machine on your lan can run a web server, another could run a game server, and another an FTP server. From the internet, it would appear that all these services are on the same IP address.
If you plan to run game servers or any other kind of server, port forwarding is important. Other programs like ICQ and other file transfer or conferencing software require good control over port forwarding to function correctly. This is also where multi-NAT functionality comes into play.
DMZ / Exposed Host
Almost all routers support this. It exposes your entire computer to the Internet - unrestricted. It is sometimes necessary to do this for some complex applications like NetMeeting.
Common Port Forwarding
Again, almost all routers support forwarding the standard Internet application ports like web, email, ftp, etc.
Custom Ports
If you plan to host more than the common Internet applications, be sure your router can be configured for custom ports.
Port Ranges
Some routers allow you to type in port ranges instead of individual ports. This can be important for getting some applications like ICQ to work. ICQ needs about 10 contiguous ports forwarded. It is much easier to specify a range than each one. Occasionally 100 or more ports need to be opened and 'ranges' become the only real option.
Maximum Number of ports
Sometimes routers allow you control over custom ports, but limit the total number. Often, this is just a function of the interface and not a function of the router itself. Higher is always better because of the flexibility it allows.
Advanced Control
Triggered applications
Advanced port forwarding control. If you are a very advanced user, some routers allow you to configure what is called 'triggered applications'. The router will open up specified port ranges when a trigger event happens - like data over another port.
Access Filters
Access filters come in many different varieties. In theory, they are supposed to let you restrict the kind of traffic that travels from your network to the Internet. Some work with access control lists, some have block strings of text in URL's, some don't seem to do much of anything. My experience, this is always the weakest, underdeveloped part of any home based broadband router. I understand that IP filtering security is a difficult task to present to a home user, but everything I have seen is nearly worthless. My suggestion is to get a software solution like SurfNanny if you need to restrict access on your kids computers.
Oh, and don't expect these firewalls to block outgoing traffic from rogue computer programs on your system - that is part of what software based personal firewalls are for.
String based URL filtering
This allows you to type in a string, any string, and the router will block any url that contains that string. I found it handy for blocking certain annoying ad servers that insist on serving me pop-under ads. That抯 about it |
|
|
|
|
|
|
|
Firewall Features/Function
The Firewall & SPI
All NAT based routers act as a 'natural' firewall between the Internet and your LAN by masking the true IP address' of the computers on your LAN. The very nature of NAT makes it nearly impossible for someone to directly connect to a computer behind a NAT router using the computer抯 IP address. This does not however stop hackers from successfully launching things like DoS (Denial of Service) attacks on you.
Packet Inspection
To accomplish its connection sharing task, NAT routers do something called Packet Inspection. Part of this inspection process involves blocking unwanted and unrequested packets trying to reach your LAN computers. It can also involve forwarding 憌anted |
|
|
|
|
|
|
|
VPN Functions
VPN Functions
V.P.N. = Virtual Private Network
If you connect to your office from home over the Internet, you are probably using a VPN. A VPN allows secure communication between computers or networks over a public network like the Internet. Loads of routers claim VPN support, but the support varies.
VPN PASSTHROUGH
Most routers will support some kind of VPN pass through. That means that you can make VPN connections through your network, out the router, and to a VPN endpoint like your workplace. Almost all the routers support the two primary VPN protocols, PPTP and IPSec to varying degrees.
Some questions you need to keep in mind if you use VPN software are:
How many VPN connections can the router handle at one? Some routers handle only 1 VPN connection, others 4, others 32.
Does your computer need to be in the DMZ to use your VPN software or does the router support true VPN passthrough? Forcing your computer into your DMZ to engage a VPN is a bad situation that you do not want to get into. It leaves your computer exposed to the Internet.
VPN ENDPOINT
A VPN endpoint is a device or program that people running VPN Client software can connect to. A VPN endpoint is also called a VPN Server. Windows 2000 Server and the Server versions of XP have VPN servers that use the PPTP built in. Running a VPN endpoint would allow you to connect to your LAN from anywhere in the world securely.
VPN Endpoint Software If you plan to run VPN software, find out if your computer needs to be placed in the DMZ to run a VPN server. Most often, the answer is YES. Some routers don't support running a VPN endpoint at all.
VPN Endpoint in the router? A few routers exist that contain VPN endpoints right in the router itself. This is a VERY cool feature and will become more prevalent in 2002. In 2001, it is only present in some business class routers.
Why is having a VPN endpoint in your router cool? First off, none of your computers need to be exposed to the internet NOR do they have to run expensive VPN server software. If you and your friend want to connect your networks together across the internet, you would simply point your router VPN software at one another and BANG - you are connected to the same VIRTUAL PRIVATE NETWORK. Perfect for sharing files, playing games, etc etc...
Warranty and tech support
What kind of warranty does the router have? If it breaks, how long will you be without one? What if you don't like it?
Sometimes it is hard to tell the difference between routers and router companies. A few of them try to differentiate themselves by offering 30day money back guarantees and I have even seen a 48 hour turnaround for broken equipment. These options of course come at a premium but it is nice to have the option sometimes. |
|
|
|
|
|
|
|
802.11b WLAN selection
Choosing a Wireless Ethernet Solution
Not all 802.11b solutions are built alike! As a matter-a-fact they are many things that need to be taken into consideration before purchasing a router that has 11Mbps wireless Ethernet.
First off, don't expect more than about 5Mbps or so from an unencrypted 802.11b connection on your lan. With WEP (encryption) turned on, expect speeds between 2.25 and 3.8 Mbps. This is still much faster than your broadband connection but can be very slow for transferring gigs of data between LAN computers.
When a router supports 802.11b, it is considered a wireless access point.
Encryption level
Routers support one or two different encryption levels 64bit and 128bit. BTW, 40Bit is the same thing as 64bit, just different ways of looking at it. All the devices on your network need to be the same encryption level for you to turn on WEP. Most 128bit cards can be set to 64bit, but 64bit cards can not be set higher.
64bit keys
Most access points allow you to set up to 4 different encryption keys, some only allow one. This is not that critical for home use.
Key type, ascii or hex
Some manufacturers make you type in your keys in ascii, some in hexidecimal. Try and get an access point and cards from the same manufacturer to ensure easy setup. Ascii and hex can be converted back and forth, but it is a pain.
Mac address based access lists
To further enhance wireless security, access points can sometimes be configured to only react to certain specific network adapters (certain computers). The computers are recognized by the MAC address of the network adapter, kind of like a hard coded globally unique serial number built into each network adapter.
Supports roaming?
802.11b often only reaches 150 feet or so indoors. If you have a huge home or want to extend your wireless LAN completely into your yard, look for a wireless setup that supports roaming. Roaming allows multiple access points to talk to each other to extend the wireless network range. Few access points support this right now |
|
|
|
|
|
|
| |
|