3. Connection Sharing Router with a Broadband Connection
Your
router’s manufacturer will provide instructions for installing and
configuring it. If you’re using cable or DSL Internet service, you’ll
connect your broadband modem to the router using a short Ethernet patch
cable. Then you’ll connect the router to your LAN using one of the two
methods shown in Figure 5.
If
you connect your router to a separate switch (or hub), be sure that the
link indicators come on at both the switch and the router. If they
don’t, you might need to move the switch end of the cable from a
regular port to an uplink port or vice versa.
You
then configure the router, telling it how to contact your ISP and what
range of IP addresses to serve up to your LAN. Every device will use a
different procedure, so you will have to follow the manufacturer’s
instructions.
If your ISP uses PPPoE to
establish a connection, you need to enable PPPoE and store your logon
and password in the router. Most DSL service works this way. If your
DSL provider does use PPPoE, you should enable the router’s
auto-sign-on feature, and you can optionally set up a “keepalive” value
that will tell the modem to periodically send network traffic even if
you don’t, to keep your connection active all the time. (This might
violate your service agreement with the DSL provider—better check
before you do this.)
If you use cable
Internet service and your ISP didn’t provide you with a special
hostname that you had to give to your computer, your ISP probably
identifies you by your network adapter’s MAC (hardware) address. You might
find that your Internet connection won’t work when you set up the
router. One of your router’s setup pages should show you its MAC
address. You can either call your ISP’s customer service line and tell
them that this is your new adapter’s MAC address, or configure the
router to “clone” your computer’s MAC address—that is, copy the address
from the computer you originally used to set up your cable connection.
Your router’s setup manual should tell you how to do this.
Caution
Be
sure to change the factory-supplied password of your router after you
install it. (And write the password somewhere in the router’s manual,
or put it on a sticky label on the bottom of the router.) Also, be sure
to disable outside (Internet) access to the router’s management screens. |
You
might also opt for even better hacker protection by having your router
filter (block) Microsoft file and printer sharing data. This is usually
done on an advanced setup screen labeled
Using Universal Plug and Play
If
you use a hardware connection-sharing router, you might want to
consider enabling a feature called Universal Plug and Play (UPnP). UPnP
provides a way for software running on your computer to communicate
with the router. Specifically, UPnP provides a means for the following:
The
router to tell software on your computer that it is separated from the
Internet by NAT. This may let some software—the video and audio parts
of most instant messaging programs, in particular—have a better chance
of working.
Software running on the
network to tell the router to forward expected incoming connections to
the correct computer. Again, Windows Live Messenger is a good example.
When the computer on the other end of the connection starts sending
data, the router would not know to send it to your computer. UPnP lets
UPnP-aware application programs automatically set up forwarding in the
router.
Other types of
as-yet-undeveloped hardware devices to announce their presence on the
network so that Windows can automatically take advantage of the
services they provide.
To use
UPnP, you must enable the feature in your router. It’s usually disabled
by default. If your router doesn’t currently support UPnP, you might
have to download and install a firmware upgrade from the manufacturer.
Most routers now do support UPnP.
4. Cable Internet with Multiple Computers
In
this configuration, follow your ISP’s instructions for setting up each
computer separately. The only unusual thing here is that the computers
plug in to a switch or hub, and the switch or hub plugs in to the cable
modem—otherwise, each computer is set up exactly as if it was a
separate, standalone computer with cable Internet service.
Caution
On
each Windows 7 and Vista computer, you must set the network location
for the connection that goes to your switch and cable modem to Public
Network. On Windows XP, be sure that Windows Firewall is enabled, and
that file and printer sharing is disabled. |
To verify that the network location is set to Public Network on Windows 7, follow these steps:
1. | Click Start, Control Panel, View Network Status and Tasks (under Network and Internet).
|
2. | Check
that the label under your network connection is labeled Public Network.
If it’s not, click the network location label, and select Public
Network.
|
If you later decide that you want to use file and printer sharing, do not
simply set the network location to Home or Work and enable file and
printer sharing. Instead, set up a shared connection using scheme B or
C.
5. Routed Service Using a Router
Some
ISPs will sell you service that provides multiple, fixed IP addresses.
This is the case for Frame Relay service and, in some cases,
higher-priced business-class DSL service. You should really have a good
reason for going this way, beyond just wanting to connect multiple
computers—it’s not as secure as a single shared connection. Good
reasons might be that you want the reliability of Frame Relay service
or you need fixed IP addresses to host web, email, or other
Internet-based services on several different computers.
For
this type of service, if you are using a cable, DSL, satellite, or
Frame Relay modem with a built-in router, your ISP will help you
configure your network. In this setup, you will be provided with a
fixed list of IP addresses, which you’ll have to parcel out to your
computers. Your ISP should help you install all of this, but I can give
you some pointers.
First of all, it is absolutely essential that your router be set up to protect your network. You must ensure that at least these three items are taken care of:
1. | The
router must be set up with filters to prevent Microsoft file-sharing
service (NetBIOS and NetBT) packets from entering or leaving your LAN.
In technical terms, the router must be set up to block TCP and UDP on
port 137, UDP on port 138, and TCP on ports 139 and 445. It should
“drop” rather than “reject” packets, if possible. This helps prevent
hackers from discovering that these services are present but blocked.
Better to let them think they’re not there at all.
Tip I strongly urge you to ask your ISP to set up filtering in your router for you, to block all Windows networking services. |
|
2. | Be absolutely
sure to change your router’s administrative password from the factory
default value to something hard to guess, with uppercase letters,
lowercase letters, numbers, and punctuation. Don’t let your ISP talk
you out of this, but you should let them know what the new password is
so they can get into the router from their end, if needed.
|
3. | Disable
SNMP access, or change the SNMP read and read-write “community names”
to something other than the default. Again, use something with letters,
numbers, and punctuation.
|
Caution
If
your router is not properly configured to filter out NetBIOS traffic,
your network will be exposed to hackers. This is absolutely
unacceptable. If you’re in doubt, have your ISP help you configure the
router. Also, after setting things up, visit www.grc.com
and use the ShieldsUP pages there to be sure your computers are
properly protected.
|
Second,
either your ISP will set up your router to automatically assign network
addresses using DHCP, or you will have to manually set up a fixed IP
address for each computer, using the IP address, network mask, gateway
address, and DNS server addresses supplied by your ISP.
If
you will be making the settings manually, make a list of the names of
each of your computers and the IP addresses you want to assign. Follow
these steps on each computer that is to get manual settings:
1. | View the Network and Sharing Center.
Note If
your ISP supplies you with Internet Protocol Version 6 (TCP/IPv6)
settings, repeat the previous steps, except select Internet Protocol
Version 6 (TCP/IPv6) in step 3. |
|
2. | Under View Your Active Networks, right-click Local Area Connection and select Properties.
|
3. | Select the Networking tab, select Internet Protocol Version 4 (TCP/IPv4), and then click Properties.
|
4. | Enter
an IP address and the other information provided by your ISP. The
required settings are the IP address, subnet mask, default gateway, and
DNS server(s).
|
