routers

[pickles]

An explanation if any one has the time.

I have been told that a router used as the access point to the internet for a network acts as a hardware internet firewall and if you have one there is no need for a software firewall, eg, Norton or whatever

Is this true, if so can anyone explain this in a bit more detail

 

[Igorian]

A router will act as a firewall in the true sense of the word and it has been covered here before.

To compare, let's look at the standard PC>MODEM>Internet setup first. In this configuration, the modem is simply an interface between the PC and the Internet, and it's only purpose is to convert the data from the PC into a format that can be transmitted across the phone network and vice versa. It is effectively invisible. Your PC (generally) will adopt a public ip address leased from your ISP and actually becomes part of the internet. This also means that anyone else connected to the internet could, in theory, access your PC if it knew it's ip address.

By using a router, you actually separate your PC (or PCs) from the internet, which now form part of a private network (even in the case of a single PC). The router adopts the public ip address and will lease private ip addresses to the PC(s). The router becomes what is known as the default gateway and when a PC trys to access an ip address outside the private network, it will send it to the default gateway (router). The router stores details of the request (ie, where it came from and other identifying information) and sends it to the next router in the chain (your ISP). Eventually, a response comes back to the router, which looks up a table of stored requests and routes the information to the requesting PC. This technology is known as Network Address Translation (NAT). Now, if the router receives a response for which it has no request, it will drop the packets, effectively acting as a firewall.

So, in summary, it will only prevent incoming requests where there is no outgoing request.

If however, you have allowed a trojen to enter your machine (via email or download), it can generate outgoing requests, so NAT will not prevent this type of intrusion, which is why anti virus/spyware software is important. You could use a software firewall, such as zone alarm (or a more advanced dedicated hardware firewall, which can be expensive), which will alert you if an application is trying to access the internet. These have their uses, but need to be configured to be effective. Software firewalls can also mask the effects rather than remove them, so should be used with caution. If you use one, read the instructions and make yourself fully aware of how it works and then it will be useful.

I personally don't use software firewalls, but then i'm aware of the dangers and am well protected in other ways.

Routers can have other technology built in to perform more advanced functions and I suggest you do a google on SPI for more details. It's always worth checking the internet for reviews before you buy. I generally recommend Draytek routers for home use, but there are plenty to choose from.

This is a very simplistic view, but I hope it helps.

 

[Mantamad]

Interesting description there - always wondered how a router worked, thanks for that

 

[pickles]

Thanks for that Igorian, very helpfull

 

[ChrisR]

Iggy, I don't suppose you can help with getting a Draytek 2900G to work on Telewest? I can get 1 laptop + 1 desktop connected to the net together through it, but they can't see each other.

I have had it working a bit (ie I know I printed something on the "other" computer's printer) but to try to get it all working I go through it (ie the wizards, & manual entry) all again and again and keep getting slightly different sets of non-function, but the basic problem is that I'm missing something about they way they interact.

I've been told it's because of the way Telewest use MAC addresses. You used to be able to tell Telewest what you wanted to "have" but you can't any more - they say just switch the modem off and onn. I've done that, and left it for hours, found the MAC address from the TW support page, entered it, no success.

Is there a site which explains the layers, numbers etc?

The laptop is plugged in for now, I'll worry about its rf link later!

 

[Igorian]

From what you have described, I would suggest that the MAC address is not the problem. A MAC is used to uniquely identify an network device. Sometimes it is necessary to for a router to clone the address of a cable modem, but as both of your PCs can access the internet, there would appear to be no conflict.

I would think that the problem lies within the private network and there are a number of things that could be causing the problem.

1) Turn off any software firewalls on the laptop and desktop. You can turn them on again later, but they will possible hamper the initial setup. If you had to turn the firewalls off. Wait 15 minutes for the browsers to refresh themselves and then see if you can see each machine.

If not, continue

2) On each PC, open a command prompt and type IPCONFIG. Note down the ipaddress of each PC. The ip address is the PCs unique address on your private network and will probably take the form 192.168.0.?, where ? is unique to each machine.

3) Now, from the command prompt again, try pinging each machine from the other. Type PING Ipaddress, where Ipaddress is the address of the other machine. If they are communicating, you will see a series of responses listing response times. If they are not, you will get timeout messages.

If you get good responses, then it means that the network is running and the problem lies with the workgroup. To be honest, this is the most common case. Let me know the results of the above before we continue.

Are we talking Windows XP?

 

[paulh53]

When I "ping" the other computers on my network, all I get is "Timed Out" What is the reason for this?

 

[Igorian]

It means that there is a TCP communication problem.