|
The Broadband Router
Features Guide
Port Forwarding /
Virtual Servers
Port forwarding
allows people on the Internet to get to a server on your lan in a
very restricted way - like a single port or range of ports. A typical web
server needs only single port to function so why expose the whole machine
to the internet? Using port forwarding, one machine on your lan can run a
web server, another could run a game server, and another an FTP server.
From the internet, it would appear that all these services are on the same
IP address.
If you plan to run game servers or any other kind of
server, port forwarding is important. Other programs like ICQ and other
file transfer or conferencing software require good control over port
forwarding to function correctly. This is also where multi-NAT
functionality comes into play.
DMZ / Exposed Host
Almost all routers support this. It exposes
your entire computer to the Internet - unrestricted. It is sometimes necessary
to do this for some complex applications like NetMeeting.
Common Port
Forwarding
Again, almost all routers support forwarding the
standard Internet application ports like web, email, ftp, etc.
Custom Ports
If you plan to host more than the common Internet
applications, be sure your router can be configured for custom ports.
Port Ranges
Some routers allow you to type in port ranges
instead of individual ports. This can be important for getting some
applications like ICQ to work. ICQ needs about 10 contiguous ports
forwarded. It is much easier to specify a range than each one. Occasionally
100 or more ports need to be opened and 'ranges' become the only real
option.
Maximum Number of ports
Sometimes routers allow you control over custom
ports, but limit the total number. Often, this is just a function of the
interface and not a function of the router itself. Higher is always better
because of the flexibility it allows.
Advanced Control
Triggered applications
Advanced port forwarding
control. If you are a very advanced user, some routers allow you to
configure what is called 'triggered applications'. The router
will open up specified port ranges when a trigger event happens -
like data over another port.
Access Filters
Access filters come in many different varieties. In
theory, they are supposed to let you restrict the kind of traffic that
travels from your network to the Internet. Some work with access control
lists, some have block strings of text in URL's, some don't seem to do
much of anything. My experience, this is always the weakest,
underdeveloped part of any home based broadband router. I understand that
IP filtering security is a difficult task to present to a home user, but
everything I have seen is nearly worthless. My suggestion is to get a
software solution like SurfNanny if you need to restrict access on your
kids computers.
Oh, and don't expect these firewalls to
block outgoing traffic from rogue computer programs on your system - that is
part of what software based personal firewalls are for. String based URL
filtering
This allows you to type in a string, any string, and
the router will block any url that contains that string. I found it handy
for blocking certain annoying ad servers that insist on serving me
pop-under ads. That’s about it… mostly worthless.
Block by port number or
service
Some routers will let you block specified Internet
services or port numbers. Sure, you can block usenet news from your kids
computers, but you end up turning it off for the whole network! Again, an
almost worthless feature.
ACL Lists
Some routers actually do have advanced ACL or access
control lists. They allow you to set up security levels for individual
computers or groups of computers on your network. Many of these figure out
who to block by looking at the computer name (host name) of the requesting
computer. This is useless because your kids can just change the name of
their computer! Make sure that ACL lists are defined by MAC ADDRESS.
Problem is, even MAC address on your NIC can be altered right in your
network settings.
In summary, don't buy a router thinking you will be
able to control your kids surfing habits. Broadband routers are just not
set up for that kind of control. The implementations are almost always
hack jobs.
Routing
It is a rare situation indeed where routing
would need to be manually configured. If you disable NAT functionality
routing might become and issue, but that is not a configuration we at
HomeNetHelp get into. A focus on the home user and the home users issues almost
never involves broadband router based 'routing' issues that would be solved
with modifying your router routing tables. - don’t worry about it…
True configurable packet
filtering
A few routers will allow you to do some pretty heavy
packet filtering. This is one of those things that's beyond the scope of
what this site covers because we aim toward beginner and intermediate
users. I've never used it, you probably never will either. In case you are
wondering, Compex had the best packet filtering capabilities I have seen
so far.
IDENT Port 113 Enable/Disable
Disabling this port makes your LAN more invisible to
the rest of the world, but may make it impossible to use certain e-mail or
MIRC servers. Only open this port if you are having trouble reaching a
certain server. Some routers just leave this port open and do not give you
the option. Honestly, there is nothing a hacker can do if you have this
port open. It just allows people to figure out if there is 'something' at
your IP address or not.
| 
Menu:
