Residential gateways let you share broadband Internet access and build a home network. Here's how to get the most out of your residential gateway .
Encrypting File SystemIt's quite easy to set up inexpensive hubs/routers, usually called residential gateways , for setting up a network at home and sharing Internet access. But the default settings aren't always optimal, because no network is one-size-fits-all. And, frequently, the documentation for the gateways is so poor that it's hard to tell even what the settings are and what options you have.
Residential gateway options differ somewhat from model to model. Here's advice for how to customize the most common and most important settings:
5.9.1 Special Hub/Router Settings for DSL Access
If you have DSL access, you may need to customize your gateway's settings in order to provide your network with Internet access; sometimes the gateway's settings block Internet access. Here are the settings you'll need to change so you can get onto the Internet:
5.9.2 Settings for Using a VPN
If you use a Virtual Private Network (VPN) [Hack #62] to connect to your corporate network from home and you use a residential gateway, you may run into difficulties and not be able to connect to the VPN. Some gateways, such as those from Linksys, are specifically designed to work with VPNs and have specific setup screens for them; if you have one of those, you shouldn't have any problems. Make sure to get the proper encryption, authentication, and similar information about the VPN from your network administrator, and then use those settings for the VPN setup screen in your gateway.
However, you may run into problems running a VPN with a gateway that doesn't have specific VPN settings, even if the device claims that it will work with VPNs. In particular, one default setting, hidden fairly deeply in most gateway setup screens, may disable VPN access; some gateways, such as those made by Linksys, include an option called Block WAN Request . By default, this option is enabled and blocks requests into the network from the Internet; for example, it stops ping requests into the network. However, enabling this option also blocks VPN access. VPN access requires that requests get into the network from the Internet, so if you block those requests the VPN won't work. If you have a Linksys router, disable this setting by logging into your administrator's screen, choosing Advanced Filters, selecting Disable Block WAN Request, and clicking Apply. For other routers, check the documentation.
VPNs use a variety of protocols for tunneling through the Internet, such as IPSec and the Point-to-Point Tunneling Protocol (PPTP). Make sure that these settings are enabled on your gateway if you want to use it in concert with a VPN.
5.9.3 Enable Specific Internet Services: Port Forwarding
Residential gateways often use Network Address Translation (NAT), in which the gateway's single, external IP address is shared among all the computers on the network, but each computer has its own internal IP address, invisible to the Internet. For example, to the Internet each computer looks as if it has the address of 220.127.116.11, but internally they have different addresses, such as 192.168.1.100, 192.168.1.101, and so on. The gateways have built-in DHCP servers that assign the internal IP address. These internal IP addresses allow each PC to communicate with each other and to connect to the Internet, and they also offer protection to PCs on the network. To the rest of the Internet, each PC has the IP address of the gateway, so each PC's resources can't be attacked or hijackedthey're invisible. The gateway itself doesn't have resources that can be used to attack you PCs, so you're safe.
But if you have servers on your network that need to provide Internet- related services (perhaps you have an FTP or web server), or if you need to allow certain PCs to be connected to from the Internet for specific purposes (such as for playing multiplayer games ), you'll run into trouble because they don't have IP addresses that can be seen by the rest of the Internet.
However, with this trick, you can use your router to forward incoming requests to the right device on your network. For example, if you have a web server, FTP server, or mail server and want people to be able to connect to them, you'll be able to route incoming requests directly to those servers. PCs on the Internet will use your gateway's IP address, and your gateway will then route the requests to the proper device on your network. Normally, the devices would not be able to be connected to, because the IP addresses they are assigned by the gateway are internal LAN addresses, unreachable from the Internet.
Not all gateways include this capability. To use this feature in a Linksys gateway, log into to your administrator's screen and choose Advanced Forwarding to get to the screen shown in Figure 5-17.
Figure 5-17. Forwarding incoming requests to the proper server or device
When this feature is enabled, the gateway examines incoming requests, sees what port they're directed to (for example, port 80 for HTTP), and then routes the request to the proper device.
Fill in each device's IP address, the protocol used to connect to it, and the port or port range that you want forwarded to it. It's also a good idea to disable DHCP (Dynamic Host Configuration Protocol) on each device to which you want to forward requests, and instead give them static internal IP addresses. If you continue to use DHCP instead of assigning them a static IP address, the IP addresses of the servers or devices may change and would therefore become unreachable. Check your gateway's documentation on how to force it to assign static IP addresses to specific devices.
Table 5-2 lists port addresses for common Internet services. For a complete list of ports, go to http://www.iana.org/assignments/port- numbers .
Table 5-2. Common Internet TCP ports
5.9.4 Cloning a MAC Address for Your Gateway
This hack can help you avoid an extra charge from the cable company for your broadband service, or at least avoid having to call them with new information. Many broadband ISPscable modem ISPs in particularrequire that you provide them with the MAC (Media Access Control) address of your network adapter in order for your connection to work. If when you began your broadband service you had a single PC, but you've since installed a gateway at home in order to set up a network and share Internet access among several PCs, you'll have to provide the ISP with your new gateway's MAC address.
Some ISPs might charge you a higher rate for cable access if you're sharing several PCs in this way. (Because of increasing competition among broadband providers, though, this has become far less common than it was previously.) There is a way, however, to use your existing MAC address with your new gateway by cloning the address. To your ISP, it looks as if your MAC address hasn't changed. You might want to do this even if your cable provider doesn't charge extra for several PCs, because it will save you having to call up the cable company's tech support line to provide a new MAC address.
Note that not all gateways have this capability, so yours may not be able to do it. Most Linksys gateways let you do this, so if you have a Linksys, do the following to clone your MAC address. Depending on your model, the exact steps may vary: