Copyright © 2001-2008
Hardware and Software Specifications, Examples, Links, and other info. are valid at the publishing time. In case it become invalid use the Internet Search.
1st Published, Dec. 2004
Over 9,000,000 Hits Site Wide in 2007
Cable/DSL Routers - NAT, Open Ports, DMZ, SPI.
If your are familiar with sharing Internet connection, and the use of a Cable/DSL Router you can skip the following three links, otherwise please read first the content of the following three links.
There are few ways to share Internet (The three pages bellow were written by me ages ago. You might ignore the prices, and the Brand recommendations, but the principles are still the same).
I would suggest to every one with Broadband Internet Connection (Cable or DSL) to use a Cable/DSL Router even if you do not have a Network and you are using only one computer connected to the Internet.
You can find Wired Entry Level Cable/DSL Router (2005) on sale for less than $15. This small expense gets you a Hardware firewall that would be the foundation of Protecting your computer system.
Cable/DSL Routers main function is to provide Network Address Translation (NAT). It is necessary to provide NAT when you share one Internet connection between few computers so that each computer will send, and receive the Internet information that belongs to it.
A by product of this NAT is simple but effective Firewall.
NAT is implemented in a way that each computer can get only the info that was requested from inside of the LAN. As a result "rouge" info. from the Internet can not get in (since it was not requested). The NAT Firewall just blocks en-mass every thing that tries to come in none requested.
In these days many people use the Internet for variety of applications like: Home Web/Mail Server, Remote Control of other computers over the Internet, Online Games, etc.
Many of these applications work through ports that are closed by the Routers, and software Firewall. If you are using such applications you need to set the Router to work correctly with the Ports rules. The general terms used for this is Port Opening or Port Forwarding.
So what do you do if you want a system that can answer request coming independently in from the Internet?
DMZ , or the "Shut Gun" approach. Each Cable/DSL Router allows you to put one computer on the DMZ (De Militarized Zone), i.e. no military no one is protecting you. Under this setting one of your Network computers is out in front of the Firewall, thus all the ports are Opened. Be careful while being on the DMZ the computer and its content is exposed to the Internet
Port Opening - A more common and secure approach is to open Individual Ports that are used by your Internet capable applications.
The way to open a port depends on the Router, and or Firewall program. Each manufacture has his own "Shticks" to go about it. Each one has his way of organizing the Menus. You have to read the Manual in order to know how to do it
The term that it is referred to could be Port Mapping, Port Opening, etc. In a Virtual Server.
Link to: PortForward.com
More Recent Cable/DSL Router are also capable to Inspect the Internet traffic, it call Statefull
Packets Inspection (SPI). SPI actually examinations the Network Outbound/Inbound Packets, thus can make a content decision.
Many of the old Routers actually interfere with the VPN.
More recent Routers are VPN through. I.e. they allow the VPN traffic to go through but do not participate in the process of the VPN.
Few Routers (D-Link & Linksys has few models) are actually VPN End Point. I.e. they do in Hardware the Server part of the VPN. If you are a serious VPN user you look into one of the VPN End Point Routers.
About UPnP you can read here: Universal Plug n' Play.
More about protection here:
© 2001-2008 EZLAN.NET. All Rights Reserved.