Routers
From TWUUG
Contents |
Why use a Router?
You should use a router on any network connected to the Internet, whether you have just a single PC at home or hundreds of workstations at an office.
For your typical home network, a standard off-the-shelf consumer router will do just fine. Or, if you're more adventurous and want to build your own router using a spare or outdated computer, that can work too.
Routers give you the the benefit of Network Address Translation, which basically allows you to take one IP address and connect many computers to it.
One added benefit of having a router for your home network is that it probably provides some type of firewalling capability. This keeps hackers and script kiddies out of your network, and makes it very, very difficult to access your PC compared to as if it had been directly connected to your cable/DSL modem.
A benefit of building your own computer based router is your ability to add services and proxies to it.
- A private ftp server (see your ISP's Acceptable Use Policy), and a SSH server.
- Network intrusion prevention and detection.
- Parsing of your firewall logs to help secure the internet.
- myNetWatchman A near-realtime auto response system.
- Distributed Intrusion Detection System DShield.org.
- Scan/block web traffic.
- Scan/Parse email traffic, especially to help protect Windows computers.
- P3Scan Transparent proxy server for POP3, POP3S, and SMTP.
Types
- Wireless routers are very, very common nowadays and provide all the functionality you will need for a basic home network. It is a good idea to buy one, even if you don't use wireless and don't plan to in the future, since they provide all the functionality that wired "consumer" routers do, and the wireless features can be turned off from the administrative interface. Wireless Router Security is very, very important if setting up a wireless router, so be sure to take this into consideration!
- Wired Routers are available off-the-shelf from many of the same companies that make wireless networking gear (Belkin, D-link, Linksys, Netgear).
- If you have an outdated PC, you can turn that into a router for your network as well. All you need are 2 NIC's in the PC and you can use a basic linux installation (or a floppy/CD linux distro created specifically for this purpose!) and have it firewall and route traffic for your network. This can be done effectively even by an old 486 computer.
NAT
NAT, or Network Address Translation, is the integral function that consumer routers do. It basically takes one IP address and allows multiple computers on your network to access the Internet that would not be able to otherwise.
NAT provides a very effective first line of defense against hackers because if a computer is connected directly to the Internet, it is very easy to access ports on that machine, but if it is connected to a router it makes it more difficult to get to one specific computer on a network.
Firewall
Firewalling features are found on nearly all consumer routers sold these days. Firewalls keep traffic out that is not intended for the network, and lets traffic into the network if there is a server that needs it.
My recommendation is to configure your firewall to block all traffic coming into it, unless you have a specific server that you are running on your network.
Firewalling features can be accessed through the administrative interface on your router.
Router Reviews/Recommendations
- The Linksys WRT54G is the most popular consumer router on the market. For a long time this router ran linux and you could replace the firmware on it with custom firmware to increase signal strength and do other "fun things". In 2005 Linksys stopped shipping all their WRT54G's with Linux and split their product line into one running a lightweight proprietary OS and one running Linux.
- The D-Link DI-524/DI-624 is highly recommended by me (DaveHarris). The DI-624 offers enhanced range and speed to similarly equipped D-link network cards, but the DI-524 does not (both are G routers). They both have good range and configuration options for your typical home network. Even if you have more advanced features like running a few servers, it is easy to set up with these router's interface. The DI-524 is very reasonably priced since it always seems to have some rebate attached to it. Currently (3/7/06) the router is $15.99 + 1.99 shipping after a $25 mail in rebate ($40.99 before rebate) from Newegg. [1]
How to Set Up
For information on this topic, visit Wireless Home Network Basics on wikibooks
Routers as an access point
The difference between a router and an access point is that a router performs DHCP (IP address assignment) to your network but an access point merely provides a point of entry to an existing network.
If you already have a router but just want wireless access to the network (and you already have a DHCP server elsewhere on your network) it is very easy to turn a typical router into a access point. Using a router as an access point is also a good idea because wireless routers are much easier to obtain and much more reasonable priced than a piece of equipment specifically marketed as an access point.
Here's what you do:
1. Connect the router via a LAN port to a computer isolated from your network. DO NOT connect the router to your network immediately! The reason is that the router's DHCP server is on by default, and if you connect it to a network that already has a DHCP server that can create a lot of problems.
2. Go into your router's administrative interface and turn off the DHCP server. Also, you will want to configure your router's security settings at this time. For more information see Wireless Router Security
3. Connect the router to the rest of your network via the LAN port (NOT the WAN port)
That's it! If you want to connect one or more wired computers near your new AP to the network, you can do so using the other LAN ports.
Other Resources
Wireless Home Network Basics on Wikibooks - DaveHarris contributed a lot of content to this wikibooks article.
