A router is a device for connecting two networks. It acts as a gateway for packets, controlling their path from one network to another. The router is often combined with a switch. As a result, the configuration looks much like:
For connection purposes, it would look something like:
Now in reality, even that small router/switcher you purchase is probably going to have far more in it than a network interface and switch. Most of the small routers you purchase for a small business or home also have a firewall and another thing called a DHCP.
The Firewall
A firewall, in a general sense, controls what type of packets are allowed to pass between the networks. A firewall can be software at the entrance of the computer or hardware in the router. The best idea is to have both. The router firewall does its thing by acting as a server to the Internet host system, translating any incoming address to a new address. Someone trying to load a trojan program to your system gets to the router firewall, but no further. The rest of your network doesn't exist to the trojan.
Now let's see how the Firewall works. Your computers on the local network have IPs that can be anywhere from 192.168.0.0 - 192.168.255.255 (see Addressing). When my computer hooks to the Internet, it requests an address from my host Internet system (which is Comcast). Let's say this is 24.20.76.253 for discussion purposes (which is one of Comcast's IPs). That becomes the IP address of my router's server (DHCP) on the Internet. Each local system in the network has an IP that begins with 192.169.1.. If I request the home page of my business web site from the Internet, this would 208.56.131.130. The router converts my sending IP 192.169.1.100 to the 24.20.76.253 and sends the request to my Internet host, which is Comcast. The Internet fetches that page and sends it back where it is converted to my local system IP. Notice several things here:
- I can send anything into the Internet, but only requested pages can be returned.
- Several computers are sharing a single IP (Internet address). Actually, you are sharing different ports on this IP. This is good use of IP address resources.
- I am protected from any requests outside the local network.
There are two weak aspects of this firewall concept. One, I can launch a virus into the Internet network as nothing protects what goes out. Second, any local computer on my network can send a virus to another local computer, as there is nothing protecting the computers on the local network from each other. This is why it is a good idea to have a software firewall on each computer. A software firewall looks at the program trying to access your computer. Unless you have permitted that program to use your computer, the software firewall displays a dialog box that names the program trying to get in and asks if you wish to permit it.
The DHCP
When you computer connects to the Internet, one of the first things it does is request an IP address from the Internet. This request is sent to a DHCP (Dynamic Host Configuration Protocol) server on the Internet that returns an address - 24.20.76.253 in the above example. You now have a lease on this IP address. After a time the lease will expire. It is automatically renewed if you are still online. If you are not online, the address goes back to a pool for others to use. This conserves IP addresses, as there aren't enough for everybody using the Internet, but there are enough for everyone using the Internet at a given moment.
Your router also has a DHCP server in it. When you bring your computer up, the router should be on first and the computer will request an address from the DHCP server in the router. The router returns a 192.168.1. address, for example, to the computer that just came on line. Every network component (computer, printer, webcam) is assigned an IP by the local network DHCP. Each IP is different on for each addressable component on your local network. Another local network can use these same numbers, as they don't exist on the Internet side of the router.
The NAT
The NAT, or Network Address Translator, is the part of the router software that translates the local address from your computer (non-routable) to a routable Internet address. The router firewall in most small office routers is called a NAT firewall, as it does its protection by translating addresses. The different local IP addresses are assigned through an internal NAT table to different ports of the host's Internet address.
Overview
The small office or home router then contains the router to interface the Internet to the home computer, a switch, an NAT, and a DHCP. If you have a wireless network, all of this is put the with wireless access point for the wireless network.
For a wired network with Internet access, you need the cable or DSL modem, the router/switcher with a firewall, network adapter cards (NICs) for each computer, and CAT 5 cables. Maximum cable length from the router/switcher should be 300 feet. All equipment should be from the same company, as the IPs assigned by the DHCP to the local computers are not defined by the Ethernet standard and vary with the manufacturer. This also ensures that if you have a problem, different manufacturers cannot "past the buck" to another.
Let us help you with your network!
8/16/2004