Firewall Problems

If you have installed a router/switch device between your network and a broadband Internet connection, be sure to read the manual thoroughly and understand how the device should be configured. Many come with default settings, but you need to fill in some information, such as the address of the broadband link, if your service provider gives you a static address. In most cases, the provider will be using DHCP also, so you won't have to make any changes. If you do have to make changes, write them down and keep the information handy for later troubleshooting efforts.

Tip

Most routers are configured through a web browser. They contain a web server that displays information and configuration data in your web browser. Print the screens or capture them using Save As Web Archive (with Internet Explorer) for easy reference to current settings. Be sure to write down changes you make to the default password used to guard against unauthorized tinkering.

Earlier in this chapter, you read that it's not a good idea to mix computers you use for play with those you use for business on the same network. If you do, you are just asking for trouble. If you play Internet gamesthose that allow you to interact with other users playing the same game on the Internetyou might be instructed to change the port settings on a small switch/router that also functions as a firewall. If you start playing around with opening, disabling, or forwarding ports, keep track of the changes you make. If something stops working after you've made a change, undo the modification and see whether the changes you've made have caused the problem.

Some users prefer to use the demilitarized zone (DMZ) option as an alternative to fiddling around with router settings to make online gaming possible (see Figure 50.7).

Figure 50.7. Using the DMZ Host setting in a router is an easy but dangerous way to enable online games to play on a particular IP address on the network.

Caution

The easiest, but most dangerous way, to prevent your router from interfering with an online game is to use its DMZ feature. When you enable DMZ, you specify the IP address of the computer that will be fully exposed to the Internet. Make sure you use the IP address of the correct computer. That computer should also be equipped with up-to-date antivirus definitions and a software firewall because the router is no longer going to protect it from online hazards.

If possible, use the port forwarding or other features in your router that are designed to support online gaming as an alternative to using DMZ. You need to know the settings required for a particular game, but avoiding the use of DMZ is safer.

Remember that the firewall capabilities of a small switch/router are minimal and are designed to protect you from simple attacks from the Internet. It might be that the default settings are very stringent, and if you end up making changes that relax the firewall settings, you might also be opening a door that can allow bad things into your small LAN.