More hardware fun.
Oct. 31st, 2006 10:24 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
kengrMore computer hassles will be discussed below. But I'll be giving a quick course in what a router is and why you want one first so you'll have the context.
Since someone pointed out that they couldn't understand my problems yesterday, and some of what follows relates to that I'm going to describe a bit about my setup first.
I've Comcast as my broadband provider. Couldn't get anything else but dialup in this area until recently. Well, if I'd wanted to pay $100/month for a 128k IDSL connection...
So, I have a cable modem. And note that if you connect a hub or a switch to a cable modem (or DSL modem) so that you can hook more than one computer to it at the same time, each computer gets an IP address from the ISP. Comcast (and many others) will charge you extra for the extra IP addresses. Also, doing this means that traffic between the computers will go out over the broadband connection and can be picked up by anybody else in your neighborhood if you are on cable or on part of the net if you have DSL.
You are also wide open to various sorts of attack if you use a hub or switch (I can explain the difference if anybody cares). Firewalls running on the computer *help* but it's still degrading the performance of the system because they have to intercept so many attacks (when I had my laptop hooked direct to the modem yesterday, I was getting 3 or 4 attacks a *minute* at times).
Oh what the heck. Lets define those as well.
A hub is a box with several network connections (ports). Any network traffic that comes in on one is sent out to all the other connections on the box.
A switch is a "smart" hub. When you plug a computer or other device into as port on it, it notes the address (or addresses if you've plugged in a hub or other multiple address device). And when a packet of data comes in, it reads the address info and sends it out *only* to the port that the device with that address is connected to.
This speeds up things a fair bit because if you've a lot of traffic going between different computers on the network, they aren't continually have to deal with packets not addressed to them (they have to read them at least partially to find out if they *are* addressed to them). Also, it means they don't have to wait for a gap in the "not to me" traffic to send out their own packets of data.
Switches are notably more expensive than hubs, because they have to work harder. But they are worth the extra.
There are also WAPs. That's Wireless Access Points. They are rather like a hub, except they only have one ethernet port (or on some one USB port). They are the simplest way of hooking a wifi device into a network. A true WAP just sets up the connections with the network for the wireless devices and passes thru the traffic both ways.
A router is a box that acts as an interface between a LAN (Local Area Network, ie your home computers) and a WAN (Wide Area Network, ie the rest of the internet).
Because of this, it will have a clearly labeled WAN port (for hooking to the modem) which is seperated from the LAN ports (most routers that you see for home use have 4 LAN ports)
It will assign addresses in the LAN (usually in the 192.168.x.x address range or one of the other "LAN only" address ranges). And to the WAN, it'll appear as whatever IP address the ISP assigned it. It'll translate addresses for packets going either way using NAT (Network Address Translation)
So all the traffic from your home network looks like one computer to the ISP unless they bother doing a lot of finicky data parsing.
More to the point, since it's acting as a gateway, it can do a lot of firewall functions. The default setup for a modern router hides your LAN from the Internet. People sending various sorts of packets to random addresses, hoping to get a poorly protected computer to respond (which will then trigger an attempt to break in to it via various possible security holes) won't even see the router or the computers behind it. This takes a lot of the load off the firewalls in your computers.
There are also wireless routers. They usually have several ethernet ports, a WAN port, as well as a built in WAP. A few companies make DSL modems that have a built-in wireless router. Those tend to just have a couple of phone jacks (one for connecting to the wall, and another for connecting to telephone), the typical wifi antenna(s) and an ethernet port. Actiontec makes one that is what Qwest gives to all new DSL subscribers. If you aren't using wifi, you can safely plugg a huib into it to support several computers.
Now, routers can assign addresses in several ways (all of them via something called DHCP). All ethernet cards and the like have a hardware ID called a MAC. It's a series of 8 hex digits. The first few identify the manufacturer. The rest may ID the device type and the last few are just a unique identifier. You can configure the better routers to always assign a given address to a given MAC. Or it can just assign the first "unused" address. Either way, when an address is assigned, you get a "lease" which says both what address you got and how long before you may get assigned a different one.
In the latter case, it will note the MAC address and if that unit goes away, if it comes back while the lease is still good it'll get the same address.
It's also possible to turn off DHCP in the router and assign addresses manually. But this requires you keeping track of which machine got what and remembering to assign a new address when you hook up a new system. I don't recommend it unless you are even geekier than me. :-)
Since there are a lot of things that can go one between computer or between them and things like networked printers where you have to address tjhings by IP address in setting stuff up, I prefer to assign fixed addresses to my systems. So that's part of what was programmed into the router that I hoped I had backed up. Adding a couple dozen MAC addresses and the associated IP addresses by hand would have been a royal pain.
Now, routers can do a lot of other useful things as well. at least the better ones can (low-end one like that Actiontec I mentioned above can barely assign addresses)
You can set them to block traffic from some URLs. You can even tell them to do that for only specific LAN ports on the router (so you could plug the kids computers into the ports that were blocked, and the grown-up's computers into ports that weren't blocked.
Now, for some of the other useful things they can do we have to get into something a bit confusing. Remember that I mentioned data packets way up above? All the data on a network is sent in packets. We can ignore most of the details, but what matters here is that the actual data has a wrapper around it. The wrapper contains the IP address of the sender (so it can be replied to), the IP address of the destination (so the systems it passes hru know where to forward it to), and a pair of 16 bit "port" numbers. One is the port used by the process that sent the packet, the other is the port on the destination system.
These "ports" are just convenient ways of assigning what you might think of as "sub-addresses" on a system. For example, by default the HTTP protocol uses port 80. So your browser will normally send stuff from port 80 and send it to port 80 on the system where the web page is. There are also default ports for sending mail (SMTP), getting mail (POP3), FTP and a host of other things. And ports above 1024 or so are "free". that is they aren't specifically assigned, so processes or programs that need a port for a while can grab a free one. Or various non-standard programs (like file sharing programs) grab specific ports from up there.
This gets important because the router will let you redirect traffic based on this.
As an example, I've got a file server on my LAN. Windows systems on the lan can just connect to it directly. But it can also use HTTP to allow access by folks on the internet. For various reasons, I have this using port 8085. But I had to tell the router that any traffic from the internet addressed to port 8085 should be routed to port 8085 at address 192.168.0.224 on my LAN. then, when some folks started hammering on that port, I told the router to route incoming traffic for port 9090 to port 8085 at 192.168.0.224. Didn't have to mess with the server, just the router.
Likewise, I have the router programmed for the ports used by eMule (a file sharing program) so they go to the system I run that on.
Oh yes, most home routers can only assign up to 253 IP addresses in the LAN. That's because all the addresses in the LAN will be something like X.Y.Z.?. The X.Y.Z part is called the "subnet". All address in the LAN will have that part the same. The .? part is from 0 to 255, which you'd think would give 256 possible addresses. Except the .0 address is reserved for something or other necessary to making things work, the .1 address is used by the router, and the .255 address is the "broadcast" address. Anything sent to it goes to all systems on the LAN. So that leaves 253 addresses.
So, I have my LAN using 192.168.0.? I could have used any other number from 1-255 instead of the zero, as that range of addresses is reserved for "private networks" of 256 nodes. There are a couple other ranges reserved for larger private networks. One is 10.?.?.? which is for *huge* networks (over 16 million addresses). And there's one that's X.Y.?.? which is *only* 65 thousand addresses.
So, any address not in my subnet gets passed on to the internet.
Alas, I have a wireless router plugged into my wired router. And I hadn't bothered changing the default LAN address for it (192.168.10.?). Besides, if I set it to 192.168.0.? weird things might happen.
I'd had things set up so wifi devices using that router could get thru to the rest of my LAN. Alas, apparently that part of the router setup wasn't backed up. So my Dana can't access the file server. And I don't recall what I did to make it work. This will take some futzing around.
Fun fun fun...
Since someone pointed out that they couldn't understand my problems yesterday, and some of what follows relates to that I'm going to describe a bit about my setup first.
I've Comcast as my broadband provider. Couldn't get anything else but dialup in this area until recently. Well, if I'd wanted to pay $100/month for a 128k IDSL connection...
So, I have a cable modem. And note that if you connect a hub or a switch to a cable modem (or DSL modem) so that you can hook more than one computer to it at the same time, each computer gets an IP address from the ISP. Comcast (and many others) will charge you extra for the extra IP addresses. Also, doing this means that traffic between the computers will go out over the broadband connection and can be picked up by anybody else in your neighborhood if you are on cable or on part of the net if you have DSL.
You are also wide open to various sorts of attack if you use a hub or switch (I can explain the difference if anybody cares). Firewalls running on the computer *help* but it's still degrading the performance of the system because they have to intercept so many attacks (when I had my laptop hooked direct to the modem yesterday, I was getting 3 or 4 attacks a *minute* at times).
Oh what the heck. Lets define those as well.
A hub is a box with several network connections (ports). Any network traffic that comes in on one is sent out to all the other connections on the box.
A switch is a "smart" hub. When you plug a computer or other device into as port on it, it notes the address (or addresses if you've plugged in a hub or other multiple address device). And when a packet of data comes in, it reads the address info and sends it out *only* to the port that the device with that address is connected to.
This speeds up things a fair bit because if you've a lot of traffic going between different computers on the network, they aren't continually have to deal with packets not addressed to them (they have to read them at least partially to find out if they *are* addressed to them). Also, it means they don't have to wait for a gap in the "not to me" traffic to send out their own packets of data.
Switches are notably more expensive than hubs, because they have to work harder. But they are worth the extra.
There are also WAPs. That's Wireless Access Points. They are rather like a hub, except they only have one ethernet port (or on some one USB port). They are the simplest way of hooking a wifi device into a network. A true WAP just sets up the connections with the network for the wireless devices and passes thru the traffic both ways.
A router is a box that acts as an interface between a LAN (Local Area Network, ie your home computers) and a WAN (Wide Area Network, ie the rest of the internet).
Because of this, it will have a clearly labeled WAN port (for hooking to the modem) which is seperated from the LAN ports (most routers that you see for home use have 4 LAN ports)
It will assign addresses in the LAN (usually in the 192.168.x.x address range or one of the other "LAN only" address ranges). And to the WAN, it'll appear as whatever IP address the ISP assigned it. It'll translate addresses for packets going either way using NAT (Network Address Translation)
So all the traffic from your home network looks like one computer to the ISP unless they bother doing a lot of finicky data parsing.
More to the point, since it's acting as a gateway, it can do a lot of firewall functions. The default setup for a modern router hides your LAN from the Internet. People sending various sorts of packets to random addresses, hoping to get a poorly protected computer to respond (which will then trigger an attempt to break in to it via various possible security holes) won't even see the router or the computers behind it. This takes a lot of the load off the firewalls in your computers.
There are also wireless routers. They usually have several ethernet ports, a WAN port, as well as a built in WAP. A few companies make DSL modems that have a built-in wireless router. Those tend to just have a couple of phone jacks (one for connecting to the wall, and another for connecting to telephone), the typical wifi antenna(s) and an ethernet port. Actiontec makes one that is what Qwest gives to all new DSL subscribers. If you aren't using wifi, you can safely plugg a huib into it to support several computers.
Now, routers can assign addresses in several ways (all of them via something called DHCP). All ethernet cards and the like have a hardware ID called a MAC. It's a series of 8 hex digits. The first few identify the manufacturer. The rest may ID the device type and the last few are just a unique identifier. You can configure the better routers to always assign a given address to a given MAC. Or it can just assign the first "unused" address. Either way, when an address is assigned, you get a "lease" which says both what address you got and how long before you may get assigned a different one.
In the latter case, it will note the MAC address and if that unit goes away, if it comes back while the lease is still good it'll get the same address.
It's also possible to turn off DHCP in the router and assign addresses manually. But this requires you keeping track of which machine got what and remembering to assign a new address when you hook up a new system. I don't recommend it unless you are even geekier than me. :-)
Since there are a lot of things that can go one between computer or between them and things like networked printers where you have to address tjhings by IP address in setting stuff up, I prefer to assign fixed addresses to my systems. So that's part of what was programmed into the router that I hoped I had backed up. Adding a couple dozen MAC addresses and the associated IP addresses by hand would have been a royal pain.
Now, routers can do a lot of other useful things as well. at least the better ones can (low-end one like that Actiontec I mentioned above can barely assign addresses)
You can set them to block traffic from some URLs. You can even tell them to do that for only specific LAN ports on the router (so you could plug the kids computers into the ports that were blocked, and the grown-up's computers into ports that weren't blocked.
Now, for some of the other useful things they can do we have to get into something a bit confusing. Remember that I mentioned data packets way up above? All the data on a network is sent in packets. We can ignore most of the details, but what matters here is that the actual data has a wrapper around it. The wrapper contains the IP address of the sender (so it can be replied to), the IP address of the destination (so the systems it passes hru know where to forward it to), and a pair of 16 bit "port" numbers. One is the port used by the process that sent the packet, the other is the port on the destination system.
These "ports" are just convenient ways of assigning what you might think of as "sub-addresses" on a system. For example, by default the HTTP protocol uses port 80. So your browser will normally send stuff from port 80 and send it to port 80 on the system where the web page is. There are also default ports for sending mail (SMTP), getting mail (POP3), FTP and a host of other things. And ports above 1024 or so are "free". that is they aren't specifically assigned, so processes or programs that need a port for a while can grab a free one. Or various non-standard programs (like file sharing programs) grab specific ports from up there.
This gets important because the router will let you redirect traffic based on this.
As an example, I've got a file server on my LAN. Windows systems on the lan can just connect to it directly. But it can also use HTTP to allow access by folks on the internet. For various reasons, I have this using port 8085. But I had to tell the router that any traffic from the internet addressed to port 8085 should be routed to port 8085 at address 192.168.0.224 on my LAN. then, when some folks started hammering on that port, I told the router to route incoming traffic for port 9090 to port 8085 at 192.168.0.224. Didn't have to mess with the server, just the router.
Likewise, I have the router programmed for the ports used by eMule (a file sharing program) so they go to the system I run that on.
Oh yes, most home routers can only assign up to 253 IP addresses in the LAN. That's because all the addresses in the LAN will be something like X.Y.Z.?. The X.Y.Z part is called the "subnet". All address in the LAN will have that part the same. The .? part is from 0 to 255, which you'd think would give 256 possible addresses. Except the .0 address is reserved for something or other necessary to making things work, the .1 address is used by the router, and the .255 address is the "broadcast" address. Anything sent to it goes to all systems on the LAN. So that leaves 253 addresses.
So, I have my LAN using 192.168.0.? I could have used any other number from 1-255 instead of the zero, as that range of addresses is reserved for "private networks" of 256 nodes. There are a couple other ranges reserved for larger private networks. One is 10.?.?.? which is for *huge* networks (over 16 million addresses). And there's one that's X.Y.?.? which is *only* 65 thousand addresses.
So, any address not in my subnet gets passed on to the internet.
Alas, I have a wireless router plugged into my wired router. And I hadn't bothered changing the default LAN address for it (192.168.10.?). Besides, if I set it to 192.168.0.? weird things might happen.
I'd had things set up so wifi devices using that router could get thru to the rest of my LAN. Alas, apparently that part of the router setup wasn't backed up. So my Dana can't access the file server. And I don't recall what I did to make it work. This will take some futzing around.
Fun fun fun...
