Hack 50. Optimize Your Home Router
Home routers let you share broadband Internet access and build a home network. Here's how to get the most out of your router.
It's quite easy to set up an inexpensive router for a home network. But the default settings aren't always optimal because no network is one-size-fits-all. And frequently, the documentation for the routers is so poor that it's hard to tell what the settings are and what options you have.
Home router options differ somewhat from model to model. Here's advice for how to customize the most common and most important settings:
5.3.1. Special Hub/Router Settings for DSL Access
If you have DSL access, you might need to customize your router's settings to provide your network with Internet access; sometimes the router's settings block Internet access. Here are the settings you'll need to change so that you can get onto the Internet:
5.3.2. Settings for Using a VPN
If you use a Virtual Private Network (VPN) [Hack #82] to connect to your corporate network from home and you use a router, you might run into difficulties and not be able to connect to the VPN. Some routers, such as those from Linksys, are specifically designed to work with VPNs and have specific setup screens for them; if you have one of those, you shouldn't have any problems. Make sure to get the proper encryption, authentication, and similar information about the VPN from your network administrator, and then use those settings for the VPN setup screen in your router.
However, you might run into problems running a VPN with a router that doesn't have specific VPN settings, even if the device claims it will work with VPNs. In particular, one default setting, hidden fairly deeply in most router setup screens, can disable VPN access; some routers, such as those made by Linksys, include an option called Block WAN Request. By default, this option is enabled and blocks requests into the network from the Internet; for example, it stops ping requests into the network. However, enabling this option also blocks VPN access. VPN access requires that requests get into the network from the Internet, so if you block those requests the VPN won't work. If you have a Linksys router, disable this setting by logging into your administrator's screen, choosing Advanced Filters, selecting Disable Block WAN Request, and clicking Apply. For other routers, check the documentation.
VPNs use a variety of protocols for tunneling through the Internet, such as IPSec and the Point-to-Point Tunneling Protocol (PPTP). Make sure these settings are enabled on your router if you want to use it in concert with a VPN.
5.3.3. Enable Specific Internet Services: Port Forwarding
Residential routers often use Network Address Translation (NAT), in which the router's single, external IP address is shared among all the computers on the network, but each computer has its own internal IP address, invisible to the Internet. For example, to the Internet each computer looks as if it has the address of 18.104.22.168, but internally they have different addresses, such as 192.168.1.100, 192.168.1.101, and so on. The routers have built-in Dynamic Host Configuration Protocol (DHCP) servers that assign the internal IP address. These internal IP addresses allow the PCs to communicate with each other and to connect to the Internet, and they also offer protection to PCs on the network. To the rest of the Internet, each PC has the IP address of the router, so each PC's resources can't be attacked or hijackedthey're invisible. The router itself doesn't have resources that can be used to attack your PCs, so you're safe.
But if you have servers on your network that need to provide Internet-related services (perhaps you have an FTP or web server), or if you need to allow certain PCs to be connected to the Internet for specific purposes (such as for playing multiplayer games), you'll run into trouble because they don't have IP addresses that can be seen by the rest of the Internet.
However, with this trick, you can use your router to forward incoming requests to the right device on your network. For example, if you have a web server, FTP server, or mail server and you want people to be able to connect to them, you'll be able to route incoming requests directly to those servers. PCs on the Internet will use your router's IP address, and your router will then route the requests to the proper device on your network. Normally, the devices would not be able to be connected to because the IP addresses they are assigned by the router are internal LAN addresses, unreachable from the Internet.
Not all routers include this capability.To use this feature in a Linksys router, log into your administrator's screen and choose Advanced Forwarding to get to the screen shown in Figure 5-1.
Figure 5-1. Forwarding incoming requests to the proper server or device
When this feature is enabled, the router examines incoming requests, sees what port they're directed to (for example, port 80 for HTTP), and then routes the request to the proper device.
Fill in each device's IP address, the protocol used to connect to it, and the port or port range you want forwarded to it. It's also a good idea to disable DHCP on each device to which you want to forward requests and instead give them static internal IP addresses. If you continue to use DHCP instead of assigning them a static IP address, the IP addresses of the servers or devices might change and would therefore become unreachable. Check your router's documentation on how to force it to assign static IP addresses to specific devices.
Table 5-1 lists port addresses for common Internet services. For a complete list of ports, go to http://www.iana.org/assignments/port-numbers.
5.3.4. Cloning a MAC Address for Your Router
There once was a time when cable companies banned home networks, or when they charged extra when you ran one at home. The theory was that because you were using so much extra bandwidth for multiple computers, you should be charged extra.
Thankfully, those days are goneor at least they should be. If you're one of the unlucky few who has a cable or DSL company that charges extra for a home network, there's something you can do to get around the problem.
This hack will help with that, and it will help if you have a cable or DSL provider that requires that you provide the Media Access Control (MAC) address of your network adapter for your connection to work. If you had a single PC when you began your broadband service, but you've since installed a router at home to set up a network and share Internet access among several PCs, you'll have to provide the ISP with your new router's MAC address.
There is a way to use your existing MAC address with your new router by cloning the address. To your ISP, it looks as if your MAC address hasn't changed. You might want to do this even if your cable provider doesn't charge extra for several PCs because it will save you from having to call up the cable company's tech-support line to provide a new MAC address.
Note that not all routers have this capability, so yours might not be able to do it. Most Linksys routers let you do this, so if you have a Linksys, do the following to clone your MAC address. Depending on your model, the exact steps might vary:
5.3.5. Manage Your Network's Bandwidth
There's one problem with home networks that share a single Internet connection: one PC can hog all the bandwidth. For example, if someone in your house uses file-sharing software, that can suck up just about all of a network's spare bandwidth, and everyone else who's connected might see their connections slow to a crawl.
There's a simple answer for the problem. Use software that will limit the bandwidth that any single PC on your network can use. So, if you have a 3-megabit-per-second connection, you could limit any PCs to .5 megabits per second, for example. That way, anyone can still share files with others at a reasonable rate, but still let others get high-speed connections.
NetLimiter (http://www.netlimiter.com), shown in action in Figure 5-3, is a great program for doing this.
Figure 5-3. Setting bandwidth limits on a PC-by-PC basis on your network with NetLimiter
Not only will you be able to set bandwidth limits per PC, but you'll also be able set upload and download transfer rates for individual programs on a PC. So, you could give more of an individual PC's bandwidth to file sharing, for example, and less to email. NetLimiter is shareware; you can try it out for free, but after 28 days, you're expected to pay $29.95 to the developer.