How do routers work?

To put it simply, a router assigns the IP to your computer, instead of your ISP.
Your computer is identified on the internet, by it's IP, Internet Presence, a unique number, assigned ONLY to you.
With a router, it's the router that gets assigned the IP, then assigns a different IP to your computer, and routes traffic between the two.
The router get's the IP from your ISP, and using "NAT ", routes the traffic to the computer.
This makes the computer invisible to the internet, because it's IP is now in the "Private" range (probably something like 192.168.1.100).
This is only part of what some routers do.
There are models of Linksys, and the SMC Barricade 7004VBR (among others) that also have "Stateful Packet Inspection ", and a built in firewall, that completely hides the connection from everything outside the LAN, even if the LAN is only one computer.
My SMC is so secure, that if I turn on it's firewall, I can't post here, because one of the popup ads is trying to access a port it's not allowed to. I also cannot chat on IRC, unless I specifically open certain ports to allow traffic, and even then, cannot DCC, unless I specify other ports to allow it. Forget about using Netmeeting, because of it's random port selection.
With a router that has a firewall, and SPI, you will no longer need a software firewall, UNLESS!!!, ,you also want to determine outgoing connections. If you KNOW that your computer is NOT connecting to anything it's not supposed to, then a router will work perfectly. If you suspect a trojan is sending data OUT of the computer, then the router will not identify that, but it will definitely stop all incoming nasties.
To answer the question, a router takes ALL the load off a software firewall, by looking after all the incoming traffic. A software firewall would still be used to scan outgoing, thus the load is lighter.
With a good router, set up properly, and user diligence (keeping one's system free of trojans and other broadcasting nasties) there's no need for any software firewall.

 

Thanks reboot

I like a software Firewall also because it also gives me control of who can connect to this machine via the LAN. ( which will still work even if the Internet doesn't. )

And that is another thing a Router does . It keeps the WAN & LAN separated.

So actually the Router can do more than just protect the machine from the Internet but from the Local Area Network also.

MY Wife can give a game on her machine FW permmission to access the Network but I also have to grant her permission to connect to me.

I made the WRONG ( or shall I say a BAD ) choice one night and somebody was NOT happy when she could not connect to me to play Cribbage.

BillyBob

 

OOPS !!!! Forgot and important part.

A Router will also allow more than one machine to access the Internet with only one ISP account. And all at the same time.

MUCH better than Windows Internet Connection Sharing Where if the main machine goes down the others go too.

BB

 

Looks like what may be an error on my part.

I believe it is the Software Firewall that protects the LAN and not really the Router.

BillyBob

 

Christer:
Most routers generally follow the private IP numbering scheme, starting at 192.168.1.1 and going up from there. The router (by default) will assign an IP to your computer using DHCP. You can change this easily, and assign any private IP to your computer, and tell the router what it is, and to only connect using that IP.

"software" as you're using the term is not correct. It's hardware, and is accessed through the browser, thus using software to modify hardware, similar to a bios flash (in this case an EEPROM). In any browser, you just type the IP of the router into the address bar, and you're connected. Once the settings are made, you can unplug the router, and plug it back in, and the settings are retained, not so with software, unless the specifics are saved to hardware. eg. Kerio firewall only keeps it's settings because they're saved to your hard drive. Clear as mud?

A router only allows traffic on ports that you designate. Generally, forwarded to the computer(s), on the same port. Thus a browser using port 80, will get and send, it's data on port 80, although you can "route" this to any port between 1 and 65535, in the router configuration (usually, depending on brand).
eg. If I set up my browser to look on port 62000 for it's incoming data, and 61000 for outgoing, I can then tell the router to forward port 80 incoming, to port 62000 on IP 192.168.x.x (whatever my computer's IP is).
You can do the same to outgoing, although that can crash out, because the server (web page) you're trying to access, is looking for mouse clicks and such on port 80, not somewhere else.
This is (one reason) why a router can protect you from incoming, but not outgoing.
SPI adds more confusion to the works. It inspects each packet for source, destination, and content, before allowing it to pass the router and get to your computer. Being hardware though, there is no slowdown of any sort (well, maybe a few hundredths of a millisecond). It's fast, and it works.

BillyBob, a router is designed to allow LAN traffic unimpeded. It's your software firewall that's preventing LAN traffic, and/or sharing rules in Windows.

I firmly believe that nobody needs both a router with firewall, and a software firewall. If you KNOW what you're sending, and have no trojans, or phone home junk on your computer, then a router is all you need.
If you look hard enough on the web, you can (usually) find 3rd party apps that do not contain any phone home components, and using adaware and spybot surely help.
If you insist on using RealPlayer and RealJukebox at default settings, then you are broadcasting far more than you should.
Note: SPI can, and will, block RETURN data from those programs, attempting to mine data from you, which can cause the programs to not work.
Heck, as I mentioned before, if I turn on SPI, I can't even post here, because one of the popups is attempting to access data on a port that I have open, (port 80), but contains some code that SPI has determined is unsafe (probably activeX scripting). I have IE's security settings at minimum as well , with this site in Accepted zone.

 

Christer, keep in mind there are alot of thick skulls out there when it comes to networking. I work as a Sr. Programmer/Analyst and have been in IT since '86 and I still have very little clue about how networking works. Reading Reboot's explanation was to me, like reading the instructions for making a gourmet souffle or changing the headers on a '67 GTO (whatever that means).

In my years in IT, I've seen two very different types of people: programmers and network people. Very often, people fall into one category or the other with almost no crossover skills. People are often amazed at what I do but I too am equally befuddled by what they do. Actually, I can't remember meeting anyone who was really an expert in both.

It makes no sense that there isn't more skill crossover. I actually think the two types of people are wired differently. So many network people tell me they'd hate to do what I do while I try to go to networking classes and end up falling asleep.

I do have a wireless router set up in my house but thankfully it doesn't require any "intelligence" on my part.

Gary

 

Yes. It is a good thing that it does not need much thinking. I just plugged it in. Powered it up and away I went to the Internet.

Now the Network side was not quite so easy. Two machines worked fine. The 3rd decided to be a PAIN. But it turned out the the OPERATOR was really the cause of the pain. MhSome is NOT the same workgroup as MsHome. ( Grrrrrr. Stupid keyboard LOL ).

I had the Router with Win98FE. I now have three machines with either 98SE or XP. I HAVE NOT done a thing with the Router.

BillyBob

 

'Scuse me for butting in here, but while you guys are into educating the masses (including me) I wonder if somebody would explain which is what. I have a D-link "wireless broadband router" that seems to mysteriously work ok.

Although I have no need for this information, for some reason, I would like to know:

What is the differences between a "router" "switch" and "access point" as they are used in networking? It seems to me that these terms are describing the same thing, which goes to show you how much I know.

Martin

 

Good to know I'm not the only who approaches routers as a "black box ". Actually, I did have to upgrade the firmware on the router (constant dropouts) and I did enable MAC Address Filtering to prevent hackers from "joining" my wireless network. WOOT! Guess that makes me a guru! The key for me is finding resources (people, web pages) who can provide me with the expertise I don't have.

I'm still working on Port Forwarding. My SMC GUI interface doesn't have a simple option for it.

Access Point - I think you plug your cable modem into its WAN socket which enables you to have wireless clients but you have no hard-wired sockets for plugging in wired clients. A wireless router is an Access Point and more, right guys?

 

Hey chiles, well, Idunno. My wireless (access point?) router has four ports to plug in wired computers, my main machine is wired to the (access point?) router from the on board 10/100 network adapter. Like a hub?? **** mysterious!

The other thing that is mysterious to me is, when I was wired directly to the DSL modem, my machine said it was connected at 100Mbps, now through the router it reports 10Mbps. Which would be upsetting except that there is no apparent difference in download speeds. Reason I haven't tried to figure it out or try to change it.

Also, the computers on the network (when wireless is working, sometimes kind of iffy) say they are connected at 22Mbps, other times at 10Mbps, but there is a definite difference in download speeds that the wired machine gets as compared to the wiress regardles of which speed the wireless machine reported. The wired machine is consistantly higher. Sometimes a download on one of the remotes will stop completely then pick up in a few seconds. And occasionally up comes a balloon saying it is unavailable, then in a few seconds, another saying connected. One of these days, when my other computer problems are resolved, (this means maybe never) I'll try to figure out if this network is broken or tweaked to the max.

Martin

 

I'll try and explain some of this stuff in the simplest terms, realizing that not everyone is right up on acronyms and such.

Christer:
Most manufacturer's do provide updates every now and then, but they're nowhere near as frequent as BIOS flashes seem to be.
Most routers EEPROM's (reprogrammable chips) are simply updated by hitting an "OK" button via the interface.
The interface is almost ALWAYS a web browser, IE, Mozilla, Netscape, Opera, et al.
It is NOT near as complicated as a BIOS flash. You simply go into the router via the browser, change what settings you will, and save them. The router will (should) restart itself with the new settings. This only takes a few seconds.
Caveat: If you change the wrong setting (in security options) you can lock yourself out of the router controls, and may need to flash the router via software to get back in. This is EXTREMELY rare, and every router's instructions I have seen, explain in detail how to recover from this. (Been there, done that!)

martinr121:
A router routes it's incoming traffic to one or more computers on a LAN. It's a fairly smart piece of hardware, sending and recieving data and routing it to and from each computer on the LAN based on a priority scheme.
That all means, that it determines which computer needs it's attention next, and routes packets as needed. One or two to one computer, then a couple to or from another, etc.

A switch does about the same thing, but with no firewall, or port forwarding, or IP addressing. It's a simple switching device that routes traffic as needed. To use a switch, with multiple computers, one would also need a host computer (server), handling IP addressing.

Access point is simply that, a base station with an antenna that other remote antenna's send and recieve signals from.

Note: All SOHO routers are also switches (that is, they contain a switch). The switch part takes care of routing traffic, the router part takes care of IP addressing (telling the switch where to send data to and from) and the firewall part takes care of added security.

Chiles4:
In the SMC interface, go to NAT, Virtual server.
There are 4 options.
The first is your computer's IP.
The second is the port that YOU want to use.
The third is TCP or UDP (I'll not get into explaining this at this point)
The fourth is the public port, aka the internet port commonly used for that specific traffic.
eg. A web browser uses port 80, FTP uses port 21.
If you wish to route traffic to different ports on YOUR computer, enter it's IP, the port YOU want to send/get traffic on, the type of traffic (TCP or UDP) and the port the server (your ISP) uses.
If you want FTP on port 6000, you need to change a couple of things.
First, set private port to 6000, set traffic to TCP, set public port to 21, then open YOUR FTP program and set it's default to 6000.
Although this is overkill, and complicated, it's much easier to route private and public to the same ports. Then enable the firewall and SPI if you have it.

A wireless router is an access point, because it has an antenna, and routes traffic via built in switch. Some access points (wireless) do also have wired ports, as do some wireless routers (not a modem).

 

My Linksys is a 4 port RouterSwitch. I believe that makes the Router/Switch the DHCP server. And therefore keeping all 3 or 4 machine completely indepentant of one another.

BillyBob

 

Reboot, thanks a ton for the port forwarding directions! I don't really understand the underlying concepts but my gaming buddy is a SysAdmin and can tell me in "baby-words" exactly what it is your directions mean conceptually.

All I know that if I want to set up a multi-player gaming server, I have to have port-forwarding on my router.

Gary

 

I wish I had stumbled onto this thread earlier this week! As a self-described "shadetree mechanic" (one who knows just enough to get himself into all sorts of trouble), I probably spent spent a lot more time than necessary the past couple of days upgrading my LAN.

I have been running an ethernet LAN, using a D-Link DI-704P router, for about a year and a half to connect my XP Pro desktop, my XP Pro laptop, and my Win98 desktop, with few, if any, problems. Because I recently turned my beloved IBM T23 Thinkpad over to my son and bought a new T40, which has built-in wireless (802.11b) capabilities, I decided it was time to go wireless with the laptop, while retaining the ethernet LAN ... that way I could sit on the couch and use the laptop to play solitaire or surf the net while watching football.

My first inclination, after some study, was to buy a wireless access point to connect to the existing router, but the least expensive one I could find was about $50, and it was going to mean another box on my desk, with another cable and another DC converter to add to the rat's nest of cables/wires/converters already there.

As luck would have it, last Sunday's papers contained a BestBuy flyer with an ad for a D-Link DI-514 "Wireless Access Point with 4-Port Router" for only $29.99 (after $50 worth of rebates) so, after some more study on D-Link's website, I concluded that it might be just what I needed. It's only about 2/3 the size of the DI-704P (I had one of the dark gray originals), so I reclaimed about 12 square inches of desk space, and I wasn't using the printer port on the 704P, anyway. Its firewall features include: NAT with VPN passthrough; MAC, IP, and URL filtering; domain blocking; scheduling (?); and 64/128 bit encryption.

Setup was flawless (D-Link makes it really easy), and I had the wired LAN up and running within minutes. My only problems have been involved with moving the laptop back and forth between the ethernet LAN and wireless use (something I would guess that most laptop users don't do), but I'm beginning to get a handle on it.

Anyway, a very interesting thread. Thanks for all the input.

 

router for maximizing network performance

Just want to add my 2 cents worth...

I was having problems with my internet connection using an old Dlink DI-701 router. The main problem was because my son is doing a lot of file sharing and his computer was using all of the outbound bandwidth of the internet connection. It was so bad that my wife and I could barely use the internet and got a lot of timeouts when trying to visit web pages or get our email. The search was on for a sollution.

What I finally decided upon was to upgrade the router to a Linksys BEFSR81 8 port router. It uses what they call QOS (quality of service). This allowed me to set what lan ports on the router had priority and which software ports would have priority. Simply put, I could finally tell the router that I wanted HTTP traffic (web pages) and SMTP/POP3 (email) to have high priority, and the software ports that my son's file sharing software uses to have LOW priority. The end result is that the web and email work MUCH better now without any timeouts, and the file sharing uses any bandwidth that's left over instead of hogging it all.

If anyone else out there is in the same situation I'm in, I highly recommend a Linksys router with QOS.

Scanjo