PCCITIZEN.com - SAFE COMPUTING/HOME NETWORKING/COMPUTING TIPS/CLEANUP-FIXUP-ADDUP
HOME NETWORK CONDOMs (sorry.....)
Installing a NAT/router for ADSL/Cable Modem.
This is the only way you should access a high speed connection to the Internet, and just about the only way if you want to have a good home network [You can run a firewall AND an Interconnection Connection Sharing program on your PC, but by the time you get all done, it's less hassle to add a separate NAT/router].
If this all sounds like Greek to you, maybe you should visit the "basic networking course" I have instituted here at PCCitizen to help you make the transition to networking expert. After you have received your degree in basic networking, you can return here...... Or you can just read on. If you are like me, you have to read something a hundred times to learn it. Gotta purge some of those old memory cells full of useless garbage like Basic Programming and Discrete logic design.
There have historically been very simple options ISPs provide to connect to the Internet. In the era of dial-up, it was a dialup modem that connected to your phone line, and was only active when you actually went thru the dial-up procedures. Since chances were pretty great that it was your main phone line, you were only on-line for the time that you actually dialed-in. Now this has changed in the modern era somewhat, since people bought second lines in droves some years back in order to get on-line more and not interfere with their phone lines. Now this has started to change again, with the preponderance of cellular phones and ADSL. ADSL uses the same phone line as your telephone, and if you have a cell phone, you don't need a second line - your copper phone line may be used mostly for your PC now. So now PCs are on-line seemingly all the time now. This goes double if you have a cable modem of course!
The initial CPE provided for ADSL was typically either an internal "dial-up" -like ADSL modem, or an external "dial-up" -like modem. In either case however, it was relatively easy to keep the modem on-line ALL THE TIME, and customers even complained when their logon software, or their ISP had algorithms in place to disconnect after a period of inactivity. Customers quickly found ways around this, in order to be "always on-line." This was in spite of the fact that the "dial-up" time was in seconds instead of minutes with the traditional analog dialup. Increasingly in the modern era of computer terrorists (crackers), this can present a problem, both for you and for the Internet! The problem lies in the fact that you have an address on the Internet (the IP address), which can be readily discovered and probed for weaknesses, primarily through open ports you may have, especially if it is ALWAYS AVAILABLE, and HIGH SPEED, unlike dial-up connections.
See this page for a diagram of the ADSL/Cable Modem Installation options.
Cable modems have exactly the same problem, and maybe even worse, because they typically use no "dial-up" like software at all! And they tend to be on a bridged network, unlike ADSL, which is on a ppp link. Be careful with cable modem providers, particularly ATT broadband Internet. They tend to sell "home networking services," which are really bridges to connect all your PCs together. They just sell you extra IP addresses (for which they can charge of course), and you get to worry about the fact that each one of the PCs is still hanging out there on the Internet. In other words, they would rather sell you something than think about selling you a safe and secure connection using a NAT/router!
The other major change within the last few years is the number of PCs within the home environment. In the dial-up era, there was most likely only a single PC. Now there tend to be many more than that!
A major intent of this website is to convince you that, having an ALWAYS AVAILABLE, HIGH SPEED connection to the Internet is a very IRRESPONSIBLE thing to do without the proper PROTECTION. The proper "protection" is at the very minimum a NAT/router used as an interface to your ADSL/cable modem connection. The use of some sort of a firewall is a MUST if you are using a simple internal modem, or external modem.
The general procedure for installing a NAT/router is as follows. This link discusses some more details about the differences of a firewall over a NAT/router. But start with the NAT/router. This site at DSLreports is a terrific resource written by some of the BellSouth techs about the specifics of installing their particular router, the Westell with the BellSouth ADSL service. A lot of this discussion is generic as well!
First and foremost, you must install an ethernet NIC in your PC. Unless you want to investigate a USB router - but there are many more options for ethernet routers, and the technology is much more stable. Almost all new PCs come with an ethernet NIC, in addition, and they come ready to connect to the router, i.e. set in DHCP mode.
In the early months of 2003, it seems that the wireless technologies are really coming into widespread use. A wireless NAT/router will perform exactly like a wired NAT/router in all respects, as long as you use the wired connections behind it - most of them come with a small hub and the ability to connect Ethernet cables. The additional complexity that wireless introduces is the significant security problems of open-air communications. This is still evolving in 2003. This page addresses some of these considerations - check it out after you finish this page!!
As 2004 rolls around, and comes around into 2005, wireless is certainly carrying the day. Nobody seems to install wired networks anymore - wireless is just too easy. That is too bad, because a wired network is still quite superior to a wireless one, once it is built and in place. Increasingly we will see wireless/wireline integration. Your cellular phone will be combined with your wireless PC (wifi) in a small handheld format, and take the place of your wireless pager. It is all converging very rapidly. Let us hope they don't forget the security considerations on the way....
The advantages of using an external router, instead of connecting the PC directly to the Internet through the ADSL/Cable modem, is that the PC, and any PCs connected on the network behind the router, are on a private network, largely invisible to the Internet. For this reason, this simple router is often called a NAT (Network Address Translation)/router. This can be considered a very low level of a firewall. The NAT/router in its default configuration, will prevent any external clients from connecting TO any server on any open ports running on your PC. The router will not prevent any clients on your PC from connecting OUT to servers on the Internet. For those situations which necessitate a Client on the Internet connecting to your PC, which should be very few, you need to "open up a port" in the NAT router to allow the unknown party to initiate communication to a party inside your NAT router. This note explains the three-way TCP connection handshake.
Once you receive the router, just connect it via the supplied RJ45 cable to the PC, and following the instructions, browse to the router configuration page. Typically, all you need to do is set your username/password in the router. Once the router logs into the ISP, you can browse and run email and do all the normal things. If you have a cable modem service, the setup will likely NOT include inputting a username/password - you may need to clone your MAC address. Cable modem service typically does not use a username/password to authenticate a customer, they simply use DHCP - i.e. "automatically obtain IP from the ISP.".
One thing you should AVOID doing is installing any other software on your PC at all! Historically, there have been a lot of problems with vendor/ISP drivers/additional bloat-ware added to try to "simplify" and "enhance" the user's experience. Many times, it has been VERY difficult to separate problems between the ADSL service and the individual user's PC. This was especially true with all the USB internal ADSL NICS sold. By using a separate NAT router, and connecting via ethernet, there is almost total separation between the two, and troubleshooting is a "breeze." Going the separate NAT router also opens up all the possibilities of home networking of course.
For additional security, you still must have an antivirus checker running on your PC. It is an additional plus if the NAT/router is running a stateful firewall. Many of them are capable of this. Increasingly you will need to run anti spyware software as well!
Here is a list of NAT routers that I have dealt with, and a few comments about each, as of Dec 2003. The NAT router market is getting VERY crowded, so it is very buyer beware out there. All you have to do is walk into a Comp USA or a Best Buy store and see the whole aisle of these kinds of boxes now. It will be very difficult to differentiate among them pretty soon. You should check out a few of the sites that follow these types of devices: www.practicallynetworked.com attempts to do this.
Combined ADSL modem plus NAT router:
1) Cayman (Now Netopia) 3220H. This is a very old NAT router, which includes the ADSL modem, in Internet years, having been around for about 4 years, and has a very good reputation. It is currently manufacture end of life, I believe, and is replaced by the Netopia 3246 (?). It has a web interface for management as well as a telnet interface. As far as I know, there is a universal firmware for this router (currently 6.2.3), independent of any ISP. This is a very big advantage in the grand scheme of things. Many times an ISP will ask the vendor to "redo" the Interface to "brand it" or make it "simpler" for their users. This may be all very well and good for the ISP and its community of users. But when there are world wide discussions on a NAT router, it becomes very confusing to talk about them if they have ISP-specific firmware. www.dslreports.com/forum/cayman contains good info on the cayman routers.
2) Efficient 5660. This is also a very old router, which also includes the ADSL modem. Only one universal firmware AFAIK. Very good reputation. 2.3.0(7) is the latest firmware I believe. 2.3.0(2) is still very widely used however. I personally have been unsuccessful, for whatever reason, in upgrading my two 5660's I have to the 7 release. This site contains good info on the efficient modems and routers.
3) Westell A90-210010 or 30. This is a very old router. The 2100 is currently BellSouth's CPE of choice for all new ADSL customers - they have a very specific version A90-210010 or 30-04. You will need to check some FAQs to verify which one you need/have. It has also been used by many other ISPs. BellSouth has customized the firmware for this NAT router to put its own front end on it. Makes it very confusing. BellSouth's current firmware version is 1.5.4. Actually there is a .20 now, but a more complete version is supposed to be on the way [march 15 2003]. This doesn't mean that a generic version of the Westell will not work on BellSouth, just that BellSouth may get very confused if you call their help desk and you don't have "their" particular version of the Westell. Calling Westell directly can also be very disconcerting, since they may tell you to call the ISP - they don't support the ISP specific versions of their router. This is all very confusing and nasty stuff. Which is why I prefer a universal CPE like the Cayman 3220. Be careful out there! See the dlsreports site for good info again! Make sure you see the BellSouth specific FAQ if you are on BellSouth ADSL.
BellSouth has recently started delivering the Westell 2200. This is pretty much identical to the previous 2100, except it has some improved ADSL line protocol improvements! And as usual, the firmware continues to be upgraded and "improved." The latest version as of mid-March is 1.6.33. Be very careful with these later firmware versions. BellSouth is trying to put too much intelligence into these upgrades, in my humble opinion! Besides being customized for BellSouth, with their special splash pages, if you attempt to change the username/password in the router, it will actually send you to the BellSouth web site in order to make the same change. Now this is a nice idea, but the chances of things going wrong can multiply!
Summer 2004 - BellSouth is now starting to distribute the Westell 6100, with even more improved ADSL capabilities. Pretty soon we won't be able to keep up with the variants of ADSL, ADSL2+.
4) 2wire Home Portal 1000. This product is offered by many of the ISPs as a "home networking" NAT router. It also has a HomePNA capability. It has a very complete stateful firewall included. The user GUI is very convoluted, in my opinion, and 2wire tries to convince you to install software on your PC in addition to the router. You NEVER need to install additional software on the PC when you are using a NAT/router capable of pppoA/pppoE. Nevertheless, 2wire is the box I use for my home network, and it has been very reliable [well, I use the 100 - see below]. See this site for info.
Standalone NAT routers that I have used (you will need a separate ADSL modem): These are the ones you use if you have a cable modem, because the actual cable modem tends to be a separate device.
1) Linksys BEFSR41 Router.
There are many people who use these routers with their ADSL or cable modems. Check this site again.
2) 2 wire Home portal 100 series
3) Netgear MR814 wireless NAT/router
4) SMC Barricade NAT/router
5) Cayman 2E300. This is a simple NAT/router pretty much identical to the Cayman 3220, except it has no ADSL modem - it has Ethernet on both the WAN and LAN sides. Other than that it seems to run the same software.
6) Netopia 3347 and variants. Netopia owns Cayman now. I am switching tot he 3347W in summer 05.
6) Linksys BEFW11S4 and WRT54G. These are NAT/routers with wireless capability. They have an Ethernet WAN port, and 4 port hub on the Ethernet LAN side. Seems to work OK. I use them with a WPC11 Linksys wireless PCI card in a PC, and a WPC11 and WMP54G PC Card in a laptop. I had initial problems with DHCP. I configure a PC, and the wireless utility is able to discover the wireless network via the SSID, but is unable to acquire an IP address via DHCP. The minute I assign a static IP to the WMP11 wireless card, the network works just fine. The router was running 1.44.2 and the WMP cards were v2.7. I later discovered that the IP range for DHCP was set at zero! I certainly don't remember this, so I suspect some subtle bug? I discuss some more aspects of these routers in the wireless section.
Here is a great link which attempts to catalog all the DSL modems. Many of these also qualify as simple NAT/routers, which just so happen to contain the DSL modem.
Copyright John D Loop Wednesday October 26, 2005