Open source software security

Intro to Cable/DSL Routers

30 November -0001
Sept 26, 2002

With the rise of broad band connectivity at home, more and more people are looking for ways to put their home LAN (Local Area Network) online. Most broadband connection providers (Comcast, Verisign, RoadRunner, etc.) are loathe to support networking options since it would bog down their support and opens them to helping with an almost infinite slew of home networking configurations. Fortunately due to high demand, hardware manufacturers have begun to provide low cost routers to home users. Once the preview of ISP's and large businesses, routers are now available to almost everyone. The accessibility of this hardware should not, however, belie their complexity. Routing TCP/IP is a complex affair, and often configuring a home router can seem a little daunting. Routers are machines that act as switching stations for packets traveling to and from the internet. Routers keep an internal 'routing table' in order to keep track of where they should send packets upstream to the ISP and where to distribute responses on your home network. This is essential because most home networks use reserved IP addressing. An IP address is composed of four series of three digit numbers from 0 to 255. Thus an IP address can be anything from 0.0.0.0 to 255.255.255.255 although there are some caveats. IP addresses are mapped to domains (and web addresses) and are controlled by ICANN, then Internet Corporation for Assigned Names and Numbers. ICANN is the organization that controls who can use what IP addresses. Now, before you get worried that you will have to deal with this organization you should know that there are certain 'reserved' IP addresses that anyone can use. These IP addresses are restricted and will only be routed within an internal LAN (*not* across the internet). One reserved address is 127.0.0.1, which is always used to refer to local loopback. 127.0.0.1 is the IP equivalent of 'me', so that any computer that makes a request to 127.0.0.1 will always route the request to itself. Thus if you open a web browser and type in 'http://127.0.0.1' your web browser will attempt to open your own machine's web page (if you have a web server installed, otherwise you'll get an error). In this same way there are reserved addresses that refer only to 'my LAN.' This is where the router comes into play.

Normally when a home user connects to the internet they connect through an ISP. The first connection to the ISP is usually to a machine that allows incoming connections. This machine then connects to a router, which will send requests from the home users machine out to the internet and send responses back to the home user.

Home router

A home router sits in the middle of this equation. It allows you to set up multiple computers that all connect directly to your home router. The home router connects to the ISP and controls connections from the home machines. In this manner the home machine sends a request to the internet by sending it to the home router, which sends the request to the ISP and on to the ISP router, and when the response arrives it is sent from the ISP to the home router, and back to the machine which initiated the request. The tricky part in all of this is the IP address.

Home LAN

Normally when a home user dials into the internet it is assigned an IP address by the ISP, say 138.87.87.44, for example. This address is used to track requests and responses. Thus if the home machine makes a request, as it is passed through the ISP router to its destination the ISP router keeps track of the request and sends responses from the internet back to 138.87.87.44. When you use a home router, the home router connects directly to the ISP and is assigned an IP address (say 138.87.87.44) from the ISP. Home computers then send requests to the router, the router sends the requests on as if they came from the router itself (and not the home computer) packaged with the IP address 138.87.87.44 and then when it gets the response from the ISP router it sends that response back to the home computer. This gets even more complex when there are many home computers connected to the router. In order to keep track of the home computers the router basically develops two connections, one to the home LAN (comprised of the home computers) and one to the ISP. The router will assign to itself its own reserved IP address (say 192.168.0.1) for use with the LAN connection, and it will get an IP address from the ISP for its 'upstream' connection.

Router

The router keeps these two connections separate and distinct. Now, when new computers connect to the LAN the router uses DHCP (dynamic host control protocol) to assign reserved IP addresses to the computers on the home LAN (usually 192.168.0.2 to 192.168.255.255). Thus, a LAN with two home computers could have a computer with the IP 192.168.0.2 and one with 192.168.0.3. Now, these computers are configured to send all their request to 192.168.0.1 (the router) for transmission to the internet. The router then takes these requests and repackages them so they appear to come from 138.87.87.44 and sends them to the ISP. When the ISP sends back response the home router (which has kept track of which computer requested them) sends the response to the appropriate reserved IP (192.168.0.2 in this case).

Now, in order to configure your home router correctly you will have to know a few things. Usually your home router is configured through a web interface, refer to your documentation for how to connect. You will usually have to open a web browser and type in the router IP (say 192.168.0.1), but since this is a reserved IP and isn't routed across the internet you won't be able to reach your router's interface from anywhere but within your LAN. If someone else on another network types in 192.168.0.1, their own router (whether it be their ISP's or their own LAN router) will attempt to route that request only within the LAN and won't send the request upstream or out to the internet.

Home LAN

Some terminology that you should be familiar with follows:

IP Address:

this is the machine address of a computer on a network (and the internet). IP addresses are restricted, and only reserved IP addresses can be used freely. Normally machine IP addresses on a home LAN with a router are assigned by the router. In order to configure your machine to get its IP from a home router, you must configure your machine to use DHCP. IP addresses won't be duplicated with DHCP (since the DHCP server keeps track of what IP addresses are in use) so confusion is minimized.

Subnet Mask:

The subnet mask is a number that lets your computer know how big your home LAN is or can be. Usually it looks like an IP address with lots of 255's and 0's. Most subnet masks are 255.255.255.0. The 255 basically means none, and the zero means that all 255 addresses are available. So, for instance, if your computer has the IP 192.168.0.4 and its subnet mask is 255.255.255.0, that means that your LAN is restricted to 192.168.0.1 to 192.168.0.255. To find out what your computer's current subnet mask is type 'ipconfig' at a command prompt (in windows) or 'ifconfig' (on Linux).

Broadcast:

The explanation of use and purpose for a broadcast address is a little too technical for this discussion. I am including it to simply raise familiarity with the term. Usually the broadcast address is the last IP on the subnet.

Gateway:

The gateway IP is used by local machines to specify where they should sent requests for distribution. It is a bit like the location of the post office. The local machine will use the gateway as its starting point for any communication upstream and will expect responses to all requests to come down through the gateway machine. The gateway for machines on a home LAN should be set to the IP address of the router (192.168.0.1 for example).