Richard Walker - Part 7 - More about home routers
Last time, we looked at setting up a low-cost software router device. In this article, I"d like to examine a couple of extra features of such a setup. However, I"ll start with something slightly different!
A word of warning...
Now, I must admit, that this warning only occurred to me after I"d seen the previous article "in print", and I wish I"d realised earlier. Anyway, my point is simple: my low-cost router project is supposed to be just that - low-cost. I really wouldn"t want anyone to have gone out and spent lots of money on a PC and network cards. The most sensible way is to acquire the goods from a friend or a skip! Paying £10 to add an Ethernet card is OK, but I wouldn"t advocate spending anything like £50 on such a system. The main reason for not throwing such money at an old PC, is that you can buy brand-new dedicated routers for that kind of money!
A dedicated router is, as it"s name suggests, a small box that includes a couple of network cards and a simple computer. They are usually configured from a web browser on another computer (just like SmoothWall and Freesco). The advantages of buying something like this are essentially size (they are often smaller than a CD ROM drive), noise (no fan!) and the fact that they usually include a small (4-port) hub and/or switch. On the minus-side, they are less flexible, as you can"t, for example, fit a hard disk and give yourself an instant web server.
As a router isn"t typically viewed as a piece of consumer computer equipment, it may be an odd thing to visualise. I would suggest popping into your nearest PC World (or similar) and having a look in their networking area. Although many items are over-priced (in my opinion), there are deals to be had on routers. It is wise to do some research, and check out the particular model before buying (look at the manufacturer"s web site). Names to look out for include 3Com, D-Link and Belkin.
These routers will often be Ethernet-to-Ethernet, so the device you use to connect to the Internet (e.g. cable modem) will need an Ethernet port. A normal 56k dial-up modem, therefore, won"t work (but this would be viable if you used a PC-based low-cost router). If you have ADSL, there are router products available that include the ADSL modem - so you connect the router straight to the wall-socket. To the best of my knowledge, no similar products exist for cable modems.
If you want to get really fancy, there are wireless routers about, so you can share your Internet connection without using extra cabling! You can get a wireless router, or use a standard router and a wireless converter. Indeed, RISC OS wireless hardware and software has recently become available. Have a look at Stuart Tyrrell Developments for more information.
Apart from basic Internet access, what else can we do with our routers? Most of them have a number of extra options, so I"ll explain a couple of key ones below.
Although we usually like our firewall/router boxes to ignore all incoming data (to help prevent attacks), it can be handy to relax the rules slightly. For example, we could allow all traffic on port 80 (the default port for HTTP) to be forwarded to another computer on the network.
First of all, what is a port? The simplest way to think of a port is to imagine that your incoming Internet connection is actually a thick pipe, with a number of different (labelled) wires inside it. See figure 1.
Please note that figure 1 is a logical view - the reality is nothing like this, but the diagram helps with understanding. You can imagine a port as a labelled part of your network connection. Normally, particular protocols (e.g. HTTP, FTP, telnet, secure shell etc.) have their own port assignments, and these are used to carry that protocol"s traffic.
Obviously, there are more than seven ports, and they are not labelled 1 to 7! You can see a typical list of port numbers, along with their purpose, by looking at the TCP/IP "Services" database. On RISC OS, you can see this by running Configure (double-click Boot) then choose Network -> Internet, click "Open Internet", and then open the "Services" text file. Have a browse. You may have heard of some of the protocols listed (e.g. FTP, telnet, SMTP, HTTP and POP3), and you can see which port numbers they use.
The purpose of a port number is visible at the server-end. If you were running a web server, you would configure it to "listen" for requests (from browsers) on the usual HTTP port (80). A web browser (usually from another computer) will send out HTTP requests on port 80, which the server will pick-up and process. The same computer could run an FTP server (on ports 20 and 21), and the two would not get confused - the web server program listens on port 80, and the FTP server program listens on port 20 and 21.
It is possible to use "non-standard" port numbers - you can basically run any type of server on any port number you like. However, any client computer connecting to the server would need to know the port number to use, which is why we like to stick to accepted defaults. In fact, a typical URL, such as:
is usually understood (by a web browser) to mean:
The colon indicates that a port number is being specified, and that is 80 (the default). You may have come across web site URLs which use a different number (e.g. 8080), so they have to be explicitly specified.
Getting back to port forwarding, and our web server example, the desire is to enable any incoming traffic on port 80 to be allowed in. The exact way to do this depends on your router, but it will be in the "port forwarding" or "virtual server" configuration area. Figure 2 shows how to achieve this on my router (a dedicated device, the D-Link DI-604).
What we are instructing the router to do is to accept any incoming connections on port 80 (which will usually be a browser requesting a page) and forward them onto the specified computer (192.168.0.6, in my case). On that computer, we simply run a web server (e.g. WebServe, WebJames, Navaho, Apache, IIS) and set it to listen in port 80. If the server gets requests that it doesn"t understand (e.g. non-HTTP), it will pass errors back to the computer that is trying to connect.
Once this is set up, it should be possible to enter "http://<ip-address>" into a web browser anywhere on the Internet, and see your "self-served" web site. Note that "ip-address" is the IP address of your router, which will be assigned by your ISP when you connect.
Obviously, with a dial-up connection, running your own web server makes little sense, as it won"t be available at any time, and there isn"t really enough bandwidth. However, with broadband (ADSL or a cable modem), running your own servers could be useful. I"m currently setting one up which allows me to FTP files between home and work, and allows me to program my video recorder!
Although our example was all about forwarding HTTP requests, any other protocol could have been forwarded. In addition, if you use a PC-based router, you could run the web server program on that - i.e. the router and the web server would be the same computer. I would recommend being careful with such mixings, though, as it"s not sensible to ask an old 486 or Pentium to be a router, and run a database-driven e-commerce site! Of course, it would easily cope with running a small web site (e.g. a few photos and your CV).
Running a server on your own computer is all very well and good, but having to remember an IP address when you want to access it isn"t very friendly! In addition, that IP address may change from time to time. Thankfully, there is a free solution to this problem (the costly alternative is to pay your ISP for a static IP address and a DNS record) in the form of "dynamic DNS".
There are a number of web sites that will provide you with a DNS record for your IP address, free of charge. I use DynDNS. You need to create an account on their web site, and then choose yourself a hostname and domain name. I have "vdr" as my hostname, and "homeunix.net" as my domain name, so my computer can be addressed on the Internet with vdr.homeunix.net, instead of the impossible-to-remember IP address of 22.214.171.124. If you use one of your own computers to sign up, their web site recognises your IP address automatically, and it"s very simple to set up.
As your IP address may be "dynamic", and change every now and again (e.g. if you disconnect and re-connect), then you need to inform the dynamic DNS service (otherwise your hostname might not point to your computer!). With DynDNS, I can simply login to their web site, and click a couple of buttons to update their IP address record. In fact, there are utilities that will automatically perform the update for you (this could be configured to happen every time you re-connect to your ISP, or every 24 hours, for example). Even RISC OS has such a utility - see www.the.nerd.btinternet.co.uk/software.html for details.
Some (dedicated or PC-based) routers will have a range of dynamic DNS clients built-in. My D-Link dedicated router has a DynDNS client built-in, so I simply supply it with my DynDNS user and host details, and it will automatically update for me. I don"t need to worry about running any client software, or visiting the DynDNS web site to renew my details.
In conclusion, I can access a web server running on one of my computers from anywhere on the Internet using the URL: http://vdr.homeunix.net And all by the magic of port forwarding and dynamic DNS!
As an aside, if I tried something like ftp://vdr.homeunix.net, my FTP client would have it"s connection rejected by my router. Why? Because it"s only set up to forward requests on port 80 - everything else will be denied. That"s a firewall and router in action!
I have not yet set any plans for the next article, so please get in touch with The Editor or myself if you want to make suggestions or raise queries regarding this series. If there are no particular requests, I"ll see about covering something completely different for a change, such as serial networking.