Ottawa PC Users' Group, Inc.
I have written several articles over the past year or two on sharing an Internet connection using software-based NAT (Network Address Translation) products, such as SyGate and WinRoute Pro (see webref 1 below) As well, I have written about how these products, as well as some others, such as BlackICE Defender help prevent intruders from attaching to your computer and doing horrible things (see webref 2 below).
If you have a high-speed connection to the Internet through cable modem or DSL (such as Sympatico's High Speed Edition), there is another solution you can go with - a hardware-based router.
There is a relatively new category of routers that have come onto the market recently that are designed and priced for the home user. There are two main benefits to using a hardware-based solution. First, if you are trying to connect multiple machines to the Internet, a software-based NAT solution requires that one machine always remain on to provide the Internet connection. With a hardware-based solution, only the router needs to remain turned on. Second, from a security perspective, it is generally more reliable to have a piece of hardware as a buffer between your computers and the Internet, rather than just software.
I recently helped a relative configure one of these routers and am very impressed with it. The router is the Linksys EtherFast Cable/DSL Router. There are three models to choose from. Model BEFSR81 has an 8-port 10/100Mb/sec switch built in for connecting up to eight computers together on a LAN. Model BEFSR41 has a 4-port switch. Model BEFSR11 has a single port and may be used if you have only a single computer or if you already have a hub or switch. Other than the different number of ports, the three models are functionally equivalent.
The 45-page manual is quite clear and steps you through the process of installation and configuration. It assumes you already have the network cards installed in each of your computers. It then walks you though the physical connections.
The router has a built-in web server and it is through it that you configure the router. The manual assumes you have configured the TCP/IP protocol on your computer to use DHCP. If you have not, you must ensure that your computers are using IP addresses in the range 192.168.1.2 through 192.168.1.254 and your subnet mask is set to 255.255.255.0. Other-wise, you will not be able to access the router. This information is detailed in the Trouble-shooting section of the manual. I wonder how many people struggle with this step before figuring out how it has to be configured.
Once you connect with your browser, you are prompted to log into the router with a default password, which can be changed later. There are a number of screens you can access for various configuration options.
On the main Setup screen you can change the LAN IP address of the router from the default 192.168.1.1. Normally there is no need to do so. For the WAN side of the router, you specify the IP address assigned to you by your ISP. If your ISP uses DHCP, you make the selection Obtain an IP Address Automatically. Enter the IP Addresses for the DNS servers, as provided by you ISP. If you are using Sympatico's High Speed Edition, enable the option for PPPoE and enter the username and password assigned by Sympatico. Do not install the software that Sympatico provides for connecting. It is not required and will actually cause you problems if you try to use it.
On the DHCP tab, you can tell the router if you want it to assign IP addresses for all the machines on your network. If you have manually configured TPC/IP on your machines, you can skip this step. Make sure that if you use DHCP for any machine on your network, you use it for all machines to prevent IP address conflicts.
Once these two configuration screens have been set, any computer on your network should be able to access the Internet The router takes care of the details of connecting, as well as the address translation between your private IP addresses and the single public IP address provided by your ISP.
After you have verified that things are working right, it is a good idea to connect to the router again and continue with some additional configuration options.
You can use the Filters page to block certain machines on your network from accessing the Internet. You an either block complete access by entering an IP address of a machine on your local LAN or just a port number. For example, by entering port 80, you would effectively block anyone from accessing the Web. Also on this page is an option Block WAN Request. By toggling this on, you are telling the router not to respond to pings or connection requests from the Internet. This effectively makes your router disappear from the Internet - a great security feature.
There are times when you want someone on the Internet to be able to access one of the computers on your LAN. Normally, when using NAT, this is not possible because your computers are assigned what is known as private IP addresses and the Internet routers simply refuse to route packets to such addresses. However, the router permits this functionality through what it terms Forwarding. What this does is instruct the router that incoming packets to a particular port should be forwarded on to a specific IP address on your LAN. You can configure up to ten ports in this manner.
For example, if you're running a web server on your machine that is configured as 192.168.1.30, you configure the router to forward connection requests on port 80 to that address. For another example, some Internet-based games require that your computer listen on a particular port. If running such a game, you have to configure the router to forward requests on that port to the computer on your LAN running the game.
A DMZ configuration option in the router allows you to configure a single computer on your LAN to accept all inbound connection requests. As such, it is totally exposed to the Internet. While this is useful in a few circumstances, unless you know why you are doing it, you should normally avoid doing this. There are additional configuration screens for dynamic and static routing. Most people will not have to worry about these.
All in all, I am very impressed with the Linksys EtherFast Cable/DSL Router. It is quite simple to set up and has pretty much all the configuration options most people will need. After several weeks of use, the only problem that cropped up was one time when the router went haywire and refused to route any packets. Powering the router off and back on again fixed the problem.
After 10 minutes on the web and 5 minutes on the phone, the best local prices I found were $180 for the 1-port version, $270 for the 4-port version, and $365 for the 8-port version.
EtherFast Cable/DSL Router
Proprietary Software (1-port: $180; 4-port: $270; 8-port: $365)
Web site: http://www.linksys.com/
Copyright and Usage
Ottawa Personal Computer Users' Group (OPCUG), Inc.
3 Thatcher Street, Ottawa, ON K2G 1S6
The opinions expressed
in these reviews may not necessarily
represent the views of the OPCUG or its members.