In some cases, a home network will consists of more than one network (or subnet) due to the existence of another router. Most home routers are configured to act as a simple gateway by default (processing requests to and from the Internet from a single network), but can be configured to act as a true router as well.
On a Linksys router you can use the Dynamic Routing and Static Routing tabs to configure how the router will forward requests to other networks. For example, if you have another router running a routing protocol like RIP, you could configure your Linksys router to use RIP as well and both could then exchange routing table information. Ultimately, this would allow the second (or third, or forth) network to access the Internet through the Linksys router as well. Static routing does the same job, but requires you to specify the IP address of the next router on your internal network.
While this “true routing” functionality is useful to those who truly need it, it is seldom necessary on simpler home networks where using the router as a gateway meets all other needs.
The most common reason that users want to get at their router’s administrative interface is to allow others to gain access to a PC on their internal network. Sometimes this is to engage in an online multi-player game, and in others to allow the world access to a configured web or FTP server. By default, all requests to your router from the outside world will be blocked unless you explicitly configure forwarding.
The Forwarding tab on a Linksys router allows you to selectively forward requests sent to a certain ports on your public IP address to another port and IP address on your internal network. The main Forwarding tab is great for customized forwarding needs (as with many games), but the UPnP (Universal Plug-and-Play) screen makes it easier to configure access to your own common server services like Web or FTP.
On neat feature recently introduced to many hardware routers is known as Port Triggering. Effectively, port triggering is a feature whereby your router can be configured to open a certain inbound port when an outbound request is made from your network to a specified port. For example, if you need a certain port opened for a game to function, you could specify a port trigger that tells the router to open an inbound port when it receives a request to connect to a certain outbound port. Then, the router will only open the inbound port when it has been triggered by the outbound program’s request.
The Advanced settings in your router’s administrative interface are where many of the most powerful features are found. On a Linksys router, the Filtering tab provides access to options that allow you to control which system can connect to the Internet, whether remote management of your router from the Internet is possible, and whether your router is “visible” to other systems on the Internet.
Filtering.bmp: Use your router’s filtering features to control who can access the Internet, or what services users on your network have access to.
If you want to stop certain PCs on your network from accessing the Internet, simply add their IP address to the filtered range to deny them access. On many routers you can also filter by MAC address, which stop users from changing their IP address to gain access. If you only want to block access to certain applications, then use the router’s port filtering feature. For example, to stop users from using a file-sharing program like Kazaa you could filter port 1214. Of course, you’ll need to know the destination port of the program or service that you’re trying to block – check out www.iana.org/assignments/port-numbers for a comprehensive list of port numbers.
On a Linksys router the filtering tab also allows you to enable or disable a number of key features. Enabling “Block WAN Request” will effectively make your router invisible to the outside world – it won’t even respond to pings. Be careful about enabling the Remote Management and Remote Upgrade features, as these allow your router to be managed or upgraded (firmware) from the Internet. Both are useful options if you need to perform these tasks from a remote location, but neither should ever be enabled if you haven’t at least changed the default password. As a rule, enable these features only when necessary, and immediately disable them until they are needed again.
If your home network includes a VPN server for the purpose of remote access, enable PPTP or IPSec pass-through to allow these requests to be forwarded to your server.
Although most hardware routers include a wide range of advanced features, chances are good that your own router currently supports fewer features than it is capable of. The features that a router supports are directly related to the firmware version installed when the router was shipped from the factory. In most (but not all) cases, home routers support firmware upgrades that add newer features and address any problems or issues found in previous releases. To take full advantage of your router, you should upgrade its firmware as new releases are issued.
On Linksys routers, a link to the website offering firmware upgrades for download is typically found on the Help tab of the administrative interface. In some cases you may need to install a special utility to upload the new firmware to the router, while in others the administrative interface will allow you to upload the new file in a manner similar to adding an attachment to an email message. Regardless, check the vendor’s website for firmware updates at least monthly, since these also typically resolve any security issues that may have been discovered for your model.
One of the most underused features of all hardware routers is their logging function. Typically not enabled by default, logging can keep records of all incoming connection attempts from the Internet (both successful and not), as well as a list of all outgoing connections from your network. If you need or want to keep track of where users on your small network are ending up on the Internet, logging outgoing connections is very useful.
One downside of logging is that it presents you with source and destination IP addresses rather than names associated with incoming or outgoing connection attempts. If you want to find the name associated with the address, use the ping –a command followed by the IP address in question. To save log files you may need to install a utility from the CD provided with your router, and then specify the IP address of the system to which the logs should be saved.
Almost all home routers will have their built-in DHCP server feature turned on by default. When enabled, the DHCP component will allocate IP addresses and related options (subnet mask, default gateway) to client systems configured to obtain their IP addresses automatically.
Although the DHCP component simplifies the allocation of IP addresses, you should disable the feature if you plan on configuring client TCP/IP settings manually. In fact, some advanced router features cannot function with DHCP enabled. Furthermore, most routers are configured to allocate up to 50 or more IP addresses to clients as necessary. If you plan to continue using the DHCP feature, consider changing the range of available addresses to a number that matches the number of client systems on your network for security purposes.
As its name suggests, the Status tab will display information about your device. Among the more important pieces of information on this tab are the firmware version installed, whether the device is currently connected, and if so the IP addressing parameters in use.
If your providers allocates your IP address dynamically, you can use the Release Now and Renew Now buttons to release your current IP address or obtain a new one. On a Linksys router, the Status tab also allows you to review which IP addresses have been allocated to your PCs via the DHCP Clients Table button.
Even if you choose to ignore every other option in your router’s administrative interface, take the time to change its default password. The Password tab will allow you to enter your new password twice and be done with it. Remember that the default password for any router can be found easily on the Internet, and you probably don’t want other users on your network to change your settings. If you’re afraid of forgetting your password, remember that you can always reset the router to its factory default settings by pressing the reset button on the back or underside of the device.
The Setup or main tab of a router’s administrative interface is typically when the most basic configuration elements appear. For example, if your ISP has allocated you a static IP address it would be entered here. In cases where your provider uses an authentication scheme like PPPoE (with DSL), it if from this tab that you would select that option and then enter your username and password.
If your ISP disconnects PPPoE sessions after a period of inactivity, set the Keepalive value to an appropriate value. If you want your connection closed when inactive (for security purposes), use the Connect on demand option and specify a period of inactivity, after which the session will be terminated automatically.
In the most typical setup, your hardware router will be located somewhere between your PC and your broadband modem. Most users now opt for router models that include an integrated 4-port switch, but others may have devices (the router and their PCs) connected to a separate hub or switch. By default, most hardware routers will ship with a preconfigured IP address like 192.168.1.1 (check the guide that came with yours) and will be set up to allocate IP addresses to client systems automatically via DHCP.
Because of the default setup, you’ll need your PC’s network card configured correctly in order to connect to the router’s administrative interface. In most cases, accessing your network card’s TCP/IP properties and setting it to obtain an IP address automatically will suffice. You can check and see what IP address you were allocated by issuing the ipconfig /all command. If you’re address comes up as starting with “169.254”, your system isn’t receiving an address from the router, so try the ipconfig /renew command. If you’re still out of luck, press the reset button on your router to restore it to its factory default settings, and then try again.
If your system can ping the router’s address, you’re in luck. To access its administrative interface, fire up your browser and enter the device’s IP address, for example http://192.168.1.1. You will generally be prompted to log on, so you’ll need to check your user manual for the appropriate username and password for your model. If you can’t find your manual, visit www.phenoelit.de/dpl/dpl.html. This site lists the default username and password combinations for virtually all home networking routers.