• Microsoft Vista Home Networking Setup and Options
The most daunting part of upgrading to Windows Vista may be trying to figure out where in the layers of menus the networking and file-sharing options are hidden.
• Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
• Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
• Iomega StorCenter Network Hard Drive
Iomega's fourth generation StorCenter Network Hard Drive brings many of the features found in higher-end storage devices down to an attractive price.
• MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
There are many ways to share a connection and consequently just about
as many ways to open holes in a NAT-based firewall. Because of this,
this section is not an exact how-to guide, but instead is
a reference
that is intended to save time when you are trying to get your special
application to work.
Let's start with a look at the features and limitations of some popular
sharing products.
Sygate will handle
many applications that are "special" to other sharing methods,
right "out-of-the-box". It also handles triggered maps, port ranges, and allows you to specify
TCP or UDP protocols. Although a 3 user license costs $40, it's
cheap compared to the time you can spend tearing your hair out getting
some other programs to work. You can download a free demo by clicking
here.
If ICS is your chosen instrument of
torture, you can make mapping ports easier by using Harley Acheson's
ICS Configuration, which you can get here.
Also check out the ICS Configuration
port map page for ready-to-use map files. ICS can handle port
ranges and multiple protocols, but does not support triggered maps.
If
you're using Linux "Masq" or "Masquerade" to
share your connection, this
site has lots of helpful info.
Note that some of the very inexpensive routers do not support
port range mapping or triggered maps. They also tend to
have a limited number (10-12) of single port mappings and you can't specify
TCP or UDP. So if your favorite application needs mapped port ranges,
you'll have to choose another router or use the router's "DMZ"
or "Exposed Computer" option for one computer. Go
back to this section for
a list of routers that support triggered maps.
If all this just sounds like too much of a hassle, you might want to
skip trying to find out what holes to open and just place one computer
outside the firewall. Most NAT routers will allow you to do
this through a feature usually called "Exposed Computer"
or "DMZ Computer". Of course, that computer is
completely exposed to the Internet, so you'd better lock it down real
tight!
How to Do it
Before we get going, here's the warning, one more time. Opening
holes in your firewall, can compromise your LAN's security if done
incorrectly. Please read this information
on Security before proceeding.
The Special Application Ports section below
contains a list of applications with information on the ports that they
use. This list is mostly an edited version of Sygate's
Apprule.cfg file, with the Sygate specific terminology removed.
In the list, you'll see OUT, IN, TCP, UDP
and numbers. Here's what they mean:
OUT This is useful for programs and routers that support triggered maps, such as Sygate.
-
Triggered maps are not active until a Client computer sends a packet
that matches the protocol and port that are specified in the trigger.
-
Triggered maps allow you to have more than one machine use a port
mapping, although only one machine at a time can use the mapping.
Triggered maps do not include an IP address of the "Target"
client (the machine that uses the mapping).
IN This is the "hole" that the application needs in the firewall.
You always need to enter this information.
TCP
Means Transmission Control Protocol, and is one way that applications
communicate on the Internet.
UDP
Means User Datagram Protocol, and is another way that applications
communicate on the Internet.
Number Is the number of the special
ports(s)
used by the application. There's a reference list of port definitions
here
if you're curious (WARNING: it's ONE looonng
page).
Tips to create your mapped
ports
Use a fixed IP address for the computers that are the targets
of your port mappings.
If you use a DHCP server to assign your Client computer IP addresses,
your Port maps will stop working when your Clients obtain different
IP addresses from the DHCP server.
(Of course, if you assign a fixed IP address, make sure you enter
the proper Gateway and DNS information into the Client's TCP/IP properties.)
(NOTE: If you are using a NAT router that supports triggered
maps, you can ignore this step.)
Set up the mapping using the IN
port and protocol information.
If you see a single number, like this:
IN
TCP 113
that's a single port.
If you see two numbers like this: IN
TCP 113 120 it means you need to map a port range from port
113 to 120.
Make sure you enter both the TCP
and UDP information in
separate mapping entries if your router allows you to specify
the protocol used.
If it doesn't allow you to specify TCP or UDP, then enter separate
mappings for both the TCP and UDP table entries, but only if they
are different port numbers.
Example 1
The application port information looks like this:
IN
UDP 1140 1234
IN TCP 1140
1234
Your router doesn't let you specify TCP or UDP, so you make
one mapping for port range 1140 to 1234.
Example 2
The application port information looks like this:
IN
UDP 51200 51201
IN TCP 51210
Your router doesn't let you specify TCP or UDP, but the port
ranges are different, so you make two mappings: one for port range
51200 to 51201; the other for port 51210.
If your router doesn't support triggered maps
(most don't) first don't enter the
OUT
information. However, if the application doesn't
work, try adding the OUT
information to your mapping.
If you don't find your application's information in the list below,
consult the application's Help files or Web site FAQ. The information
is usually in a section about Firewalls, or Proxies.
To access your mapped application, remember to use the IP address
assigned by your ISP. Don't use the private, non-routable address that your router assigns
(example: 192.168.0.X). The ISP-assigned address might be assigned
dynamically and could change from time to time, which can make it
difficult to connect to your special application. You can use
a Dynamic DNS service
to prevent this.
That's it! Have fun and be sure to let
us know if you have any tips to share!
If
you're using Linux "Masq" or "Masquerade" to
share your connection, 
Opening
holes in your firewall, can compromise your LAN's security if done
incorrectly. Please