|
shambler
|
Any Tips on how to set up a router? I've never really done anything to mine. I just don't know how, and have been to lazy to look it up.  |
|
|
|
|
Logged
|
|
|
|
games keeper
Elite
Posts: 1375
|
1) always secure your router , always . 2) to be safe , log everething 3) get free routersoftware at www.ipcop.org ( only thing you need is an old computer , and 2 networkcards ) 4) if you hang multiply comps on a router , its best to let the router cash the site . this will keep your downloadlimit down a wee bit ( the more comps behind the router the more your gonna notice this , specially in schools ) 5) know what your doing . |
|
|
|
|
Logged
|
|
|
|
|
Phoenix
|
I don't know if he means using a linux box as a router, Games. Not everyone knows how to or is able to do that.
shambler: What kind of router do you have, or are you looking at? What kind you get dictates what you can and cannot do with them. If you're looking at a commercially available, home-use router, you'll need to determine what you want to do behind it first. For instance, if you want to host a game server or DCC transfers, etc, you'll need something with more end-user control than if you just want to surf the web and nothing else. In the US there's D-Link, Linksys, NetGear, and Hawking Technologies (no, not MC Hawking) that are the four most commonly available. I don't know what models are available where you're at. I do know from experience that the newer Linksys routers are problematic if you want to do any kind of incoming traffic, like game server hosting or DCC transfers in IRC. I have a D-Link router I've been using (replaced my old Linksys that burned out a while back) without trouble. Linksys is pretty "newbie friendly" but there are a lot of limitations. D-Link's routers you have a lot more control over, but that also means you have to know what you're doing a bit more. Netgear tends to be "user intensive", and you have to know exactly what you're doing on the way in from what I understand. I've not worked with either Netgear or Hawking myself.
The principles of operating a router are pretty much the same from one to the next, it's the interface and what it's programmed to allow that varies from one model to the next. Then there's also the question of wired vs wireless. Wired is more secure, wireless is more convenient (when it works right). If you go for a wireless router BE SURE you know how to secure it so nobody can hack into your network. Other than that, a router can do as much or as little as you like. Often times you can just hook them up and they go, but if you want to do more complex things you will probably need to set up the computers behind the router with static IP's so the router knows where to send the traffic, and open the proper ports. That's where it gets more involved. If you've had experience with firewalls (real firewalls that use rule sets, not programs like Zone Alarm) it makes that part a lot easier. The best part of most routers is they use NAT (Network Address Translation). This turns them into a nearly foolproof hardware firewall since the only public IP that's visible is assigned to the router - not your computer - so anyone trying to hack in will just be attacking the router, which is akin to punching a brick wall repeatedly. Even if you only have one computer I recommend using a router for that reason alone if for no other.
You might want to drop by #wirehead on IRC sometime. I've set up routers, so has Ward, Kenny, and Dr_Jones, just to name a few people. You should be able to catch at least one of us who can help you out.
|
|
|
|
|
Logged
|
  I fly into the night, on wings of fire burning bright...
|
|
|
|
Lordbane2110
|
If you are going to use a router, don't use programs such as Service pack 2 Firewall and Aol , as they arn't that effective.
also try using a wired router far more than a wireless, like pho said wireless maybe more convient, but it's laggy and a pain to sort out if it goes wrong. as for using more than one computer on a router it's not as tricky as most people say. i have 2 on mine, my games Pc and my work pc
As for Zone Alarm it is a good program, but it doesn't protect against hackers. A good hacker will still be able to break it .
|
|
|
|
|
Logged
|
|
|
|
|
shambler
|
<font color=#FFFF00>I don't know if he means using a linux box as a router, Games. Not everyone knows how to or is able to do that.
shambler: What kind of router do you have, or are you looking at? THis is a bit  for the thread but here are the details. I have a netgear non-wireless router. It seems to work well, and I managed to set it up in about 30 minutes, not bad for a dyslexic. I use BT as my ISP, and have 3 computers behind the router, all in the same room, so wireless is not needed, and I don't need the hassle. I do not have the comps networked for file shearing etc, as I don't need it. One comp belongs technically to my GF, and I use all three for Gen and UT and UT2004 when my sons (BAT and Luke_Nucum) come around. I also use norton firewall and antivirus. My real question: How do I open a port, to allow a mate the other side of the country to join my games? I've read the manual and checked the net, but don't understand how to 'make a rule' to open a port. I don't want to mess it up, so I've really done nothing yet. Heres a picture. If you could tell me what to enter, I'd do it. I think the port is 7780. |
|
|
|
|
Logged
|
|
|
|
|
Phoenix
|
shambler: All computers use two sets of numbers to communicate: An IP number, and a port number. The IP number tells what machine on the net the traffic goes to. The port number tells the machine which application should handle the traffic. The default firewall setup on the router is to allow all outbound traffic, while blocking all (unsolicited) inbound traffic. The router is smart enough to know you're surfing a web page and to allow incoming traffic if your machine requests it. What you need is an inbound rule to open port 7780.
Typically, inbound rules are either an all/nothing deal, or a specific machine/IP range deal. When dealing with a router, you have two sets of IP's to concern yourself with - the LAN IP, which is the IP address assigned by the router to your computers, and the WAN IP, which is the IP address assigned by your ISP to the router. The WAN IP is all anyone on the internet will ever see. If you open a port, the router needs to know what LAN IP to send the traffic to.
Here's a breakdown of what your screen means:
Outbound Services: You don't need to concern yourself with this because it's allowinw your computers to get out to the net. The only time you'd want to put a restriction on outbound services is if you were acting as a "nanny" and preventing people from surfing outside the LAN (think protective parents, or business not wanting people wasting time looking at pr0n).
Inbound Services: This is what you need to look at. Don't EVER delete that default rule! If you do that your network is wide open. Here's a breakdown of what is what.
# - Rule number. Rules set priority. Some firewalls use higher number = higher priority, some use lower number = lower priority. You'll have to check your manual on which yours is set for. The "Default" rule is set to "block everything", so any new rules should take priority over this. After creating rules you usually can change their priority by renumbering them, or shifting them up or down in the list somehow.
Enable - turns the rule on or off. Pretty straightforward, if "yes" the rule functions, if "no" the firewall skips the rule.
Service Name - This is the area the port number is determined. I can't tell much from your screen, but you should have some way of selecting either a pre-defined service, like Telnet, FTP, etc, or naming your own and defining a specific port or range of ports. You may have options for both local and remote ports. If that's the case, the local port is always YOUR port, the remote port is always THEIR port. Typically you shouldn't care what the remote port is, only the local port if you're hosting a game server. You can restrict the remote port if you are sure the traffic you want is only going to come from the same port number all the time, but a lot of services use dynamic port allocation within the range of 1000-4000, so be careful when restricting the remote or "send" port.
Action - Usually ALLOW, BLOCK, or some kind of scheduling option. If you want the traffic to come in, you need something with ALLOW in it since BLOCK ALWAYS is the default rule.
LAN Server IP address - IP address of which computer you want the traffic to go to. If your computers are using DHCP you should set this to "any". If you're using static IP behind the LAN then just program in what IP number you want the traffic to go to. If you don't know if you're static IP or DHCP then I guarantee you are DHCP. Static IP addresses MUST be programmed into the NIC on every computer on the LAN, so unless you've done that I guarantee you that you are DHCP. Just be aware that opening the port to multiple machines on the LAN will usually result in a "first-come, first-serve" scenario as far as forwarded traffic goes. If one computer gets on BattleNet (for example), and another one on the LAN tries while Computer #1 is still connected, the second one may not be able to connect, or it may conflict and knock both of them off, etc. The router might be smart enough to handle the traffic as well. Depends on your equipment really, try it and find out is the only way to know for sure.
WAN Users - I'm guessing this is to specify IP addresses on the internet that are not a part of the lan. The term "Users" seems a bit odd, but it's typically either an IP address or MAC address filter. If you're wanting incoming traffic from "anyone in the world" you'd leave this set to "any". If you want only specific machines to connect to you, this is where you would specify them.
Log - self-explanatory. Logs the activity that this rule applies to. Useful in debugging, and also if you want to know who's accessing your machine over a specific rule.
You'll need the following parameters for the port you've specified:
Enable: YES.
Service Name: (You'll need to edit this to get the right port number)
Action: ALLOW always.
LAN Server IP address: Any.
WAN Users: Any.
Log: Your discretion.
I hope that helps. If you have any screens pop up that require additional info that you're sketchy on, just post a screeny and we'll see what we can do.
|
|
|
|
|
Logged
|
I fly into the night, on wings of fire burning bright...
|
|
|
|
shambler
|
O.K. thanks so far.
I understand most of what you said there!
heres the box where you put in the details.
|
|
|
|
|
Logged
|
|
|
|
|
shambler
|
sorry about the double post. I could'nt figure out how to add 2 pics at once.
What the hell are these?? I'm lost now
|
|
|
|
|
Logged
|
|
|
|
|
Lordbane2110
|
there the tcp ports that have already been assigned to a particular program
|
|
|
|
|
Logged
|
|
|
|
|
Phoenix
|
The "services" are predefined ports and protocol. There's three types typically used (I knew I forgot to mention something): TCP, UDP, and ICMP. Games will use either TCP or UDP or both, depending on what you're running.
What I don't see here is an option to manually define a port number and protocol. If there's no provision to manually assign the port number anywhere in the router, and there's no predefined "service" that uses port 7780, you're pretty much screwed. There may be an option elsewhere in your router setup, again I don't know your equipment model's interface specifically, but check to see if you might have some kind of custom application section or anything else that remotely resembles the firewall rule area. I know with my DI-604 there's more than one way to do pretty much the same thing, so nose around a bit if you can't find anything in the "services" pull down. If you can get me the router model number I can see if I can find some kind of electronic manual or more helpful information, or at least a definitive "yes you can" or "no you can't".
The "last resort" option would be to set up a system as a DMZ (Demilitarized Zone) Host. This means the router will allow ALL traffic, ALL THE TIME to a specific IP on the LAN. I do not recommend doing this except as a last resort, because you lose the best part of the router's functionality - the hardware firewall - and make the system vulnerable to hack attempts. It's equivalent to plugging the machine directly into your DSL or cable modem. Remember that with most setups, traffic behind the router from one LAN machine to another is *always* allowed, so if the DMZ Host machine gets infected and/or compromised your entire network could be vulnerable.
|
|
|
|
« Last Edit: 2005-04-14, 22:45 by Phoenix »
|
Logged
|
I fly into the night, on wings of fire burning bright...
|
|
|
|
shambler
|
Thanks. I've got the model number, DG834G and have found an instructions page on the makers website. I'll have a go tomorrow now, and post how it goes. bed time over here. |
|
|
|
|
Logged
|
|
|
|
|
