Hack50.Optimize Your Home Router

Hack 50. Optimize Your Home Router

Home routers let you share broadband Internet access and build a home network. Here's how to get the most out of your router.

It's quite easy to set up an inexpensive router for a home network. But the default settings aren't always optimal because no network is one-size-fits-all. And frequently, the documentation for the routers is so poor that it's hard to tell what the settings are and what options you have.

Home router options differ somewhat from model to model. Here's advice for how to customize the most common and most important settings:

Connect on Demand and Maximum Idle Time settings: Depending on your ISP, you might become disconnected from the Net after you haven't used the Internet for a certain amount of time. To solve the problem, if your router has a Connect on Demand setting, enable it; that will automatically reestablish your Internet connection when you use an Internet service, even if your ISP has cut you off. If there is a Maximum Idle Time setting, set it to 0 so that your router will always maintain an Internet connection, no matter how long you haven't used the Internet. As a practical matter, you should need to use only one of these two settings; either one will maintain a constant Internet connection for you.
Keep Alive setting: Use this setting to maintain a constant Internet connection, even if your PC is idle. It's similar to the Connect on Demand and Maximum Idle Time settings, except that it doesn't let your connection disconnect, so it is an even better setting to enable, if your router has it.
Router Password: Your router requires a password for you to use its administrator account. It comes with a default password. For example, Linksys routers come with a default password of admin. Change the password for maximum security.
Enable Logging: For security reasons, it's a good idea to enable logging so that you can view logs of all outgoing and incoming traffic. Depending on your router, it might save permanent logs to your hard disk or allow only the viewing of temporary logs. You might also be able to download extra software from the manufacturer to help keep logs. For example, Linksys routers use temporary logs, but if you want to save permanent logs, you can download the Linksys Logviewer software from http://www.linksys.com. You can view logs using a text editor, like Notepad, or a log analysis program, such as the free AWStats (http://awstats.sourceforge.net).

5.3.1. Special Hub/Router Settings for DSL Access

If you have DSL access, you might need to customize your router's settings to provide your network with Internet access; sometimes the router's settings block Internet access. Here are the settings you'll need to change so that you can get onto the Internet:

PPPoE (Point to Point Protocol over Ethernet): Some DSL ISPs use this protocol when offering Internet access. By default, this protocol is disabled on routers because it's normally not required for Internet access. However, if you have DSL access, you might need to enable it in your router.
Keep Alive setting: Some DSL ISPs will automatically disconnect your connection if you haven't used it for a certain amount of time. If your router has a Keep Alive setting, enable it by clicking the radio button next to it; this will ensure that you are never disconnected.
MTU (Maximum Transmission Unit): As a general rule, DSL users should use a value of 1492 for their MTU. The MTU sets the maximum size of packets a network can transmit. Any packets larger than the MTU setting will be broken into smaller packets. DSL ISPs often set the MTU to 1492, so if you set a packet size larger or smaller than that, you might slow down Internet access.

You should also check with your DSL provider, as these settings can vary somewhat from provider to provider.

5.3.2. Settings for Using a VPN

If you use a Virtual Private Network (VPN) [Hack #82] to connect to your corporate network from home and you use a router, you might run into difficulties and not be able to connect to the VPN. Some routers, such as those from Linksys, are specifically designed to work with VPNs and have specific setup screens for them; if you have one of those, you shouldn't have any problems. Make sure to get the proper encryption, authentication, and similar information about the VPN from your network administrator, and then use those settings for the VPN setup screen in your router.

However, you might run into problems running a VPN with a router that doesn't have specific VPN settings, even if the device claims it will work with VPNs. In particular, one default setting, hidden fairly deeply in most router setup screens, can disable VPN access; some routers, such as those made by Linksys, include an option called Block WAN Request. By default, this option is enabled and blocks requests into the network from the Internet; for example, it stops ping requests into the network. However, enabling this option also blocks VPN access. VPN access requires that requests get into the network from the Internet, so if you block those requests the VPN won't work. If you have a Linksys router, disable this setting by logging into your administrator's screen, choosing Advanced Filters, selecting Disable Block WAN Request, and clicking Apply. For other routers, check the documentation.

VPNs use a variety of protocols for tunneling through the Internet, such as IPSec and the Point-to-Point Tunneling Protocol (PPTP). Make sure these settings are enabled on your router if you want to use it in concert with a VPN.

5.3.3. Enable Specific Internet Services: Port Forwarding

Residential routers often use Network Address Translation (NAT), in which the router's single, external IP address is shared among all the computers on the network, but each computer has its own internal IP address, invisible to the Internet. For example, to the Internet each computer looks as if it has the address of 66.32.43.98, but internally they have different addresses, such as 192.168.1.100, 192.168.1.101, and so on. The routers have built-in Dynamic Host Configuration Protocol (DHCP) servers that assign the internal IP address. These internal IP addresses allow the PCs to communicate with each other and to connect to the Internet, and they also offer protection to PCs on the network. To the rest of the Internet, each PC has the IP address of the router, so each PC's resources can't be attacked or hijackedthey're invisible. The router itself doesn't have resources that can be used to attack your PCs, so you're safe.

But if you have servers on your network that need to provide Internet-related services (perhaps you have an FTP or web server), or if you need to allow certain PCs to be connected to the Internet for specific purposes (such as for playing multiplayer games), you'll run into trouble because they don't have IP addresses that can be seen by the rest of the Internet.

However, with this trick, you can use your router to forward incoming requests to the right device on your network. For example, if you have a web server, FTP server, or mail server and you want people to be able to connect to them, you'll be able to route incoming requests directly to those servers. PCs on the Internet will use your router's IP address, and your router will then route the requests to the proper device on your network. Normally, the devices would not be able to be connected to because the IP addresses they are assigned by the router are internal LAN addresses, unreachable from the Internet.

Not all routers include this capability.To use this feature in a Linksys router, log into your administrator's screen and choose Advanced Forwarding to get to the screen shown in Figure 5-1.

Figure 5-1. Forwarding incoming requests to the proper server or device

When this feature is enabled, the router examines incoming requests, sees what port they're directed to (for example, port 80 for HTTP), and then routes the request to the proper device.

Fill in each device's IP address, the protocol used to connect to it, and the port or port range you want forwarded to it. It's also a good idea to disable DHCP on each device to which you want to forward requests and instead give them static internal IP addresses. If you continue to use DHCP instead of assigning them a static IP address, the IP addresses of the servers or devices might change and would therefore become unreachable. Check your router's documentation on how to force it to assign static IP addresses to specific devices.

Table 5-1 lists port addresses for common Internet services. For a complete list of ports, go to http://www.iana.org/assignments/port-numbers.

Table 5-1. Common Internet TCP ports
Port number	Service
7	Echo
21	FTP
22	PCAnywhere
23	Telnet
25	SMTP
42	Nameserv, WINS
43	Whois, nickname
53	DNS
70	Gopher
79	Finger
80	HTTP
81	Kerberos
101	HOSTNAME
110	POP3
119	NNTP
143	IMAP
161	SNMP
162	SNMP trap
1352	Lotus Notes
3389	XP's Remote Desktop
5010	Yahoo! Messenger
5190	America Online Instant Messenger (AIM)
5631	PCAnywhere data
5632	PCAnywhere
7648	CU-SeeMe
7649	CU-SeeMe

5.3.4. Cloning a MAC Address for Your Router

There once was a time when cable companies banned home networks, or when they charged extra when you ran one at home. The theory was that because you were using so much extra bandwidth for multiple computers, you should be charged extra.

Thankfully, those days are goneor at least they should be. If you're one of the unlucky few who has a cable or DSL company that charges extra for a home network, there's something you can do to get around the problem.

This hack will help with that, and it will help if you have a cable or DSL provider that requires that you provide the Media Access Control (MAC) address of your network adapter for your connection to work. If you had a single PC when you began your broadband service, but you've since installed a router at home to set up a network and share Internet access among several PCs, you'll have to provide the ISP with your new router's MAC address.

There is a way to use your existing MAC address with your new router by cloning the address. To your ISP, it looks as if your MAC address hasn't changed. You might want to do this even if your cable provider doesn't charge extra for several PCs because it will save you from having to call up the cable company's tech-support line to provide a new MAC address.

Note that not all routers have this capability, so yours might not be able to do it. Most Linksys routers let you do this, so if you have a Linksys, do the following to clone your MAC address. Depending on your model, the exact steps might vary:

Find out your current network adapter's MAC address (the MAC address your broadband provider already has) by opening a command prompt, typing ipconfig /all, and looking under the entry for "Ethernet adapter Local Area Connection." You'll see an entry like this:
```
Physical Address. . . . . . . . . : 00-08-A1-00-9F-32
```
That's your MAC address.
Log into your administrator's screen for the Linksys router and choose Advanced MAC Addr. Clone. A screen similar to Figure 5-2 appears.

Figure 5-2. Cloning an existing MAC address
Type in the name of the MAC address you've obtained from your network adapter and click Apply. Your router will now be recognized by your ISP. Note that you might have to power down your cable modem and then power it back up for the router to be recognized.

If your ISP requires a MAC address and you don't clone an existing one, you'll have to provide your ISP with your router's address. Make sure you give them the right one. Your router typically has two MAC addresses, a LAN MAC address and a WAN MAC address. The LAN address is used only for the internal network, so make sure to provide your ISP with the device's WAN MAC address. If you give the LAN address, you won't be able to access the Internet.

5.3.5. Manage Your Network's Bandwidth

There's one problem with home networks that share a single Internet connection: one PC can hog all the bandwidth. For example, if someone in your house uses file-sharing software, that can suck up just about all of a network's spare bandwidth, and everyone else who's connected might see their connections slow to a crawl.

There's a simple answer for the problem. Use software that will limit the bandwidth that any single PC on your network can use. So, if you have a 3-megabit-per-second connection, you could limit any PCs to .5 megabits per second, for example. That way, anyone can still share files with others at a reasonable rate, but still let others get high-speed connections.

NetLimiter (http://www.netlimiter.com), shown in action in Figure 5-3, is a great program for doing this.

Figure 5-3. Setting bandwidth limits on a PC-by-PC basis on your network with NetLimiter

Not only will you be able to set bandwidth limits per PC, but you'll also be able set upload and download transfer rates for individual programs on a PC. So, you could give more of an individual PC's bandwidth to file sharing, for example, and less to email. NetLimiter is shareware; you can try it out for free, but after 28 days, you're expected to pay $29.95 to the developer.