Router


If you're hungry enough for the Internet and busted out the big bucks to pay for high speed Internet access, chances are that you have more than one computer at home and would like to get all of them online. I know a bunch of people who have 8-10 computer at home sharing one DSL line. As long as everybody isn't downloading huge files at the same time, sharing should not be a problem at all.

So how do you share your newly begotten high-speed line? The official method that the service provider would like you to follow is to pay for each additional computer. If you have dynamic IP addresses, your provider would then provide you with additional dynamic IP's. Same goes for the static IP addresses. However, depending on your provider, each additional computer is going to cost quite a bit of money. For example, my DSL provider charges an extra $8 bucks for each additional static IP address. Too rich for my blood.

So we come down to two alternative methods of sharing a high-speed line: the software NAT and the hardware router (hardware NAT). 

Note: For the following discussion about IP numbers, we are talking about IP numbers within a LAN, NOT the IP number that your DSL/Cable provider has given you which we called the WAN or Wide Area Network. You cannot reach your computers in your LAN from the Internet by using your internal network number, but must use the WAN IP number. Still confused? Don't worry, keep reading and it'll make more sense later on.

NAT stands for "network address translator", which allows several computers to share one Internet connection. Each computer in your local area network or LAN is given an internal IP number. Each computer needs a LAN IP address so that the NAT can keep track of where the web requests came from. It then takes all the web requests and pretends to be the WAN IP number your provider assigned. Basically, it translates your LAN IP number into your WAN IP so that all the LAN IP numbers appear as your WAN IP number. That way all your LAN computers can access the Internet. 

For both software and hardware NAT, the computers in your LAN must each have an IP address to connect to the router. You can do this in several ways. You can manually assign each computer an IP number or you can have the router assign IP numbers to your LAN computers. The advantage of having dynamically assigned IP numbers from your router is that you can add computer without the hassle of seeing if certain IP numbers are available or not. The router will automatically give out IP numbers that are open. Alternatively, you may have a separate server that assigns IP numbers to your network.

In certain cases, you may have a mixed network of assigned IP number and static IP numbers. For example, all my computers at home get their IP number from the router dynamically assigned because it really doesn't matter which IP number it has, nor does it matter if that number changes or not. However, for my server, I want to have the same IP number all the time so my router knows where to send all web requests, so I have a static IP number assigned to the server computer. The only precaution you want to have is to make sure the static IP number you assign to your server is not within the range of dynamic IP numbers that may be given out to other computers otherwise there may be a conflict.

My server has the IP number 192.168.1.20. The assigned range of dynamic IP numbers is from 192.168.1.100 to 192.168.1.200 so I can be sure that there will not be a conflict.

Software Routers
Software routers are NAT's or Network Address Translators. These types of software take one the IP addresses from your provider and then allow several computers in your LAN to share that number. Typically, the host computer that runs the software router programs will have two network cards. One network card connects to the DSL/Cable line and the other network card connects to your LAN. This computer running the NAT must be on when people on the network access the Internet.

There are several software routers out there such as Wingate and Sygate which both cost money. They are good products, but since we at DSLwebserver.com like to do things as inexpensively as possible, we use something that most of us already have included with our operating systems, namely Internet Connection Sharing or ICS. You'll find ICS in Windows 98 SE (not regular win98) and all of the Windows 2000 family. For you Linux users, I believe you can simply download a NAT from the vast Internet for free, but I could be wrong. ICS works just like Sygate and Wingate and works for both regular dialup modems and DSL/Cable. Don't laugh about sharing a modem, for about a year and a half, I had 4 users sharing a 56k modem. For light web surfing, it was very decent. However, if somebody on the network started to download something, then everything slowed to a crawl. I've used ICS on DSL and that also works well. ICS does have a few limitations. ICS requires that the host computer be the DHCP server that dynamically assigns IP numbers across your network. This may be problematic in a few cases. Also, ICS is limited to 10 simultaneous connections (computers sharing a line)

Wingate and Sygate both have their loyal following, but make check to see if their pricing plan fits your needs.

Hardware Routers - Price: $100+
Hardware routers have several advantages that make them more practical than software routers. Hardware routers are stand-alone devices that allow you to share a single connection to the Internet. In most cases, the hardware router also acts as a firewall for protection. Since DSL and Cable are "always on" connections, you become much more vulnerable to attacks from malevolent hackers. This is especially true if you have a static IP address since the hacker can "bookmark" your IP address and take a look later when s/he acquires the proper tools to hack into your system. 

Hardware routers also allow you to put your server BEHIND the firewall instead of BEING the firewall (with software routers, the server computer would run a firewall program and be directly accessible to the Internet). Some would argue that there is little difference, but I like the fact that there is more distance between the server and the Internet.

Hardware routers also do not require your computer to be on all the time. The router stays on all the time and should rarely go down. If you had a computer acting as a software router, anytime that computer rebooted or crashed, the entire network would lose connectivity to the Internet for a period of time.

Most hardware routers include a DHCP server that assign IP numbers across your network. This is handy if you are constantly adding or removing computers from your network. Remember to have only one DHCP server on a network otherwise you'll get errors as two DHCP servers fight with each other to assign IP numbers. It could get very ugly.

Whether you get a software router or hardware router, an important feature to look for is the ability to run servers on the network with the router.

If your server IS the router as with ICS, then don't worry about this because your server is directly connected to the Internet. In the rest of these cases, the server is behind the firewall and is not directly connected to the firewall. Hopefully I'll be able to get some diagrams in here to illustrate what I mean in here soon.

Port Forwarding
You need to punch holes in your firewall or router to allow your sever to talk to the outside world. The best way to do this would be to open "ports" in your firewall/router to allow certain types of web traffic to enter your network. The not so desirable way would be to put your server on the DMZ or demilitarized zone. When you put any computer in the DMZ, it has ZERO protection from the firewall. DMZ's allow certain programs to work that normally don't work behind a firewall but remember, there is no protection from hackers.

Most hardware routers and some software routers, allow you to forward ports to certain IP numbers on the network. Two things must be done here. 

  1. The server must have a static internal (LAN) IP address.
  2. You must decide which ports to forward.
As I mentioned before, each computer on your network needs an IP number. How your computer gets those IP numbers is up to you. If you manually assigned each computer a static IP number then you don't have to worry about item 1. If you have a DHCP server on your network which assigns IP numbers dynamically, then you do need to worry about 1. Most routers (soft or hard) allow you to control the range of the IP's that are dynamically assigned. The range should be less than 50 unless you have more than 50 computers at home (then why the heck are you even reading this!) Then simply assign a static IP address to your server. Like I said before, my server is given the IP number 192.168.1.20. The assigned range of dynamic IP numbers is from 192.168.1.100 to 192.168.1.200 so I can be sure that there will not be a conflict. So far, so good.

Next you need to decide which ports to forward through your router to your server. Ports are basically doorways into your computer. Each type of web traffic has to go through a certain port number. Ports are also holes that hackers can exploit to hack into your computer network so the less ports open, the better.

Here is a list of common port numbers:

7 (Echo)
21 (FTP)
23 (TELNET)
25 (SMTP)
53 (DNS)
79 (Finger)
80 (HTTP)
110 (POP3)
119 (NNTP)
161 (SNMP)
162 (SNMP Trap)
I personally only have two ports open, 80 for http and 25 for SMTP email. I don't need the rest.

In your router's control panel, you can choose which ports are open and to which computer they will be forwarded. I have my system setup so that ports 80 and 25 are forwarded to the LAN IP number of my server.

A problem with port forwarding is that some applications need a range of ports, not just individual ports which can lead to problems. For these applications, you may have to temporarily move that computer to the DMZ, but remember to move it back inside the firewall when you're done!

Hardware and Software router?
Ever wonder what you're going to do with that old 486/66 lying in the corner of your closet? Turn it into a router! There are several companies that have created versions of Linux that will fit on a floppy disk that act as routers and firewalls. These programs are usually free. Take that old computer, pop in two network cards configure the Linux router / firewall and you now have yourself reliable router. Sure it takes up more space (and electricity) than a modern hardware router, but at least that old 486 has new life!



Connection

Additional Information
Step-by-Step Resources: Hardware Routers: Software Routers (NAT): Build Your Own Linux Based Hardware Router: