Microsoft Vista Home Networking Setup and Options
The most daunting part of upgrading to Windows Vista may be trying to figure out where in the layers of menus the networking and file-sharing options are hidden.
Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
Iomega StorCenter Network Hard Drive
Iomega's fourth generation StorCenter Network Hard Drive brings many of the features found in higher-end storage devices down to an attractive price.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
You have a Linksys Etherfast Cable
/ DSL router and are having problems with:
You can also try the Linksys
Support page and Tech
Helper for the router, or contact Linksys support via one of
the following methods:
Customer Support Phone:
800-326-7114
949-261-1288
Fax:
949-261-8868
Email:
support@linksys.com
Getting
certain applications and games to work.
NOTE:
The new 1.39 release
is reported to help many gaming problems.
NOTE:
Even though a game is listed as "supported" by the Linksys,
you still might not be able to get it to work for you. See the
Gaming Help section for an explanation.
Tip: If you are using newer Linksys firmware that supports
port range forwarding and want to map a single port, enter
the same port number in both port number boxes.
Tip: Reader Jamie Tyson says that enabling the MTU function
on the Filters page helped the packet-drop problems he
was having with FTP serving and WinVNC. He says it helped fix some
gaming problems he was having, too. Start with an MTU value
of 1000 or so and experiment.
In general, assume that you will not be able to use the Linksys to allow
multiple users to access on-line games, Internet communication
applications like Dialpad or Netmeeting, or any application that uses
port ranges or dynamically assigned ports. The best you'll be able
to do is to allow access from one computer connected to the LAN
side of the router. There are exceptions to this rule of thumb,
but I'd rather set your expectations lower, rather than higher.
The following popular applications work from Client computers without
using the Port Forwarding or DMZ Computer features (I guess this
is the "Application Sensing Tunnel" at work!):
AIM (NOTE: "Talk" and "IM Images" need port 4443
forwarded)
Unreal (see note below on
Unreal Tournament server)
Starsiege:Tribes
Diablo 2
Note
that we continue to receive reports of players getting kicked
off Quake2 and 3 servers that are behind the Linksys.
No solution has been found for this problem.
There's a Quake3world.com
Forum that's discussing this subject, so check it
out, too.
How
to set up Quake III for multiple users behind a NAT firewall (Thanks
to Russell Haupert!)
Typically, many Quake III users have been reporting that Quake III is
unable to support multiple player connections from behind a NAT. While
the first player behind the NAT joins fine, adding additional players is
problematic in the default configuration. Symptoms include rejected
challenges, dropped delta packets, and severe "connection
interrupted" messages.
By default, Quake III clients send and
receive data over the same port, causing the server to treat multiple
clients as a single data connection. Quake III does have the ability to
specify individual client ports for communication by adding a command
line switch. Follow the procedure below to add this switch.
1. Right click on the QIII icon
2. Choose
"Properties"
3. In the Target field you'll see a line like
"C:\Program Files\Quake III Arena\quake3.exe"
4. Add the Quake
III net_port command to specify a unique communication port for each
system. The complete field should look like this: "C:\Program
Files\Quake III Arena\quake3.exe" +set net_port 27660
5. Click OK.
6. Repeat for each system behind the NAT, adding one to the net_port
selected (27660,27661,27662)
The following games will work, but require port forwarding.
If you don't know which ports to use, check this
page, the Support section of your game's Web site, or your game's
Help files.
Half-Life Note
that we continue to receive reports of players getting kicked off
Half-live servers that are behind the Linksys. No solution has
been found for this problem.
How
to set up HalfLife for multiple users behind a NAT firewall
(The following info was contributed by Gene
Montgomery)
I figured out a fix for multiple
computers connecting to the same server. The default client
port for Half-Life is 27005, so for the extra computers on your
LAN, add "+clientport 2700x" to the HL shortcut command
line; the x would be 6, 7, 8, and on up. This lets multiple
computers connect to the same server. NOTE:
Reader Chris Norehad says that the above is unnecessary with
version 1.30 and higher firmware. This has not been confirmed.
One problem: version 1.0.1.6 won't let multiple computers with the
same CD key connect at the same time, even if on the same LAN (not
a problem with 1.0.1.3).
As far as hosting games, the HL
server does not need to be in the DMZ. Just forward port 27015 to
the local IP of the server computer. I still have the problem of
people getting booted after a few minutes with "illegible
server message."
Kingpin (and other Quake2-based games)
How
to set up Kingpin for multiple users behind a NAT firewall
(The following info was contributed by Jeff Swiatowy)
I have found that adding the line "set
clientport xxxxxx" in the autoexec.cfg file in the game
directory will allow multiple players.
In Kingpin the default port is 31501. So for every machine on your
LAN you need to add "set clientport 3150x";
"x" being 1 for the first machine, then "x"
being 2 for the second machine, etc.
Unreal Tournament Server
(contributed by David Wong and Ray Evans)
I have a dedicated Unreal tourney server running, and after many tweaks
on the router it works perfectly (other than what I can attribute
to the cable co).
Create a static IP for each of the LAN computers (completely bypassing
the chance of the DHCP hiccup every five mins or so in windows), and
forward ports 7777, 7778, 7779, 7780, 7781, and 27900 to the IP address
of the server. If you want to use the UT Server Admin, forward another
port (8080 usually works well), then in the [UWeb.WebServer]
section of the server.ini file, set the ListenPort
to 8080 (to match the mapped port above) and ServerName
to the IP assigned to the router from your ISP.
Age of Empires, Age of Kings
(The following info was contributed by Bryan Backer)
Now that you have port range forwarding as of version 1.33beta, it
would appear that Age of Kings (and other DirestX games with similar
setup like Age of Empires) work. If you set port forwarding for ports
47624 - 47624
and
2300 - 2400
to a host, it would appear you can play AOK or AOE over the net. I've
only tested this a bit, but others might find it interesting as well.
The following games require mapped port ranges
and you must have firmware 1.33 or higher and forward
the appropriate ranges.
(You can find port information on this
page. See also this Microsoft
KB article).
Any DirectPlay, Game Zone, Mplayer, Boneyards game
Delta Force
The following popular applications work from Client computers but require
the computer to be set as the DMZ computer:
CU-SeeMe
MS NetMeeting
Accessing
mapped LAN-side servers.
Update 8/3/00
FIXED by the V1.30.5 upgrade!
If you are using 1.30.5 or higher firmware and still having problems
with loopback, try making a HOSTS file entry for the address of
the server that you're having problems with. You should also be
using a static IP address for any port forwarded machines.
If you use DHCP for any port forwarded machines, they could lease a different
IP when they renew their lease and break your forwarding.
(Broken in all other revs
since V1.22) (The following information is for reference only.)
If you have Web, FTP, or other servers on your LAN that you have mapped
or forwarded so that they are accessible from the Internet, you would
expect to be able to get to them by using the IP address assigned to you
by your ISP. If you use a dynamic IP service, you'd also probably
expect to be able to access the server by your domain name.
Unfortunately, the router doesn't presently support this capability,
sometimes referred to as "loopback". You'll need to
use the private IP address, i.e. 192.168.1.X of the desired server
when you are trying to use it from a computer on your LAN.
The ISP-assigned address will work only from computers connecting from
the Internet.
8/3/00 Updating Dyndns.org
when your IP address changes.
Problem: You're using Dyndns' service and it's not detecting when your
ISP assigns you a new IP address. This is because the router
is receiving the new IP from your ISP and the client software that is
supposed to detect the changing IP address can't see it change.
Bobby Griggs has authored
a client that extracts the IP info from the LinkSys router and updates
a user's DynDNS
record. The client is very simple, written in Python and free. Go
here to download it.
Helpful reader Chris Holt also points out that you can use the DynSite
program found on DYNDNS' site.
7/14/00 Using TZO DNS service.
TZO's Beta client will support any hardware router and properly
update TZO's DNS servers when your WAN IP address changes. You can also
control how often you are polled for your IP address.
You can download the Beta client from here
(tzosetup.exe 1.125MB).
NOTES:
- You MUST shutdown the TZO software before installing the new version.
- Send comments to BETATEST@TZO.COM
Updated
11/30/00 Remotely obtaining
your WAN IP address. (Thanks to Randy More for writing this program!)
The IP Poster will automatically check the IP address that your ISP's
DHCP server has assigned to your Linksys Router and post the results to
the site of your choice using FTP. It runs on Win95/98/NT/2000.
You can download the program from here
(IP_Poster_For_LinkSys.exe 248KB). You can also download the
source code, too!
You can also use TZO's MyWanIP,
which will work with any Internet connected device!
11/28/00
mIRC Help
1) Forward port 113 to allow IdentD to work.
2) Setting up mIRC DCC
(Thanks to Patrick Fortin-Ducharme for providing this info!)
This is how to setup an IRC Client (Mirc 5.71) and the
router (BEFSR41) to send/receive Files by DCC through the Cable/DSL router
without using DMZ Host.
In Mirc :
1. Go to DCC, Options, DCC Ports (Assuming that you'll never send more
than 10 files at times. If so, set "First" to a lower number.
a ) set "First" to 4990
b) set "Last" to 5000
c) Click OK, and Quit.
On the Router: (I suggest to use 1.33 BETA Firmware or a Firmware
that support "Range of Port" in Forwarding)
Set port range to same ports as set above, and IP to the computer that
you want to use mIRC DCC on.
3) Other mIRC port information & help can be found here.
Updated
2/15/01 Using the Logging features (Thanks to Craig Goranson for providing some of this info!)
The logging mechanism added in V1.35 is performed via a standard SNMP
Trap message that is sent to the configured machine on UDP port
162. If you're not happy with the Windows logviewer.exe application
that you can get from Linksys (see
this page), you can use any SNMP Trap application to view and
archive logs. Go here for a list.
Also see the Tools page
for alternative logging applications, written specifically for Linky.
Linksys
has made a newer version of logviewer.exe available on their FTP
site [Filename: logviewer.exe 1.26Mb Windows executable].
Doesn't come with any documentation or help, but you just run the .exe
file to install, then enter the IP address of the LAN client that is running
logviewer into the box on the LOG tab of the router admin screens.
The new version lets you Empty (clear) and Save logs as well as display
them.
[Editor's Note:] I had an install error involving the msvcrt.dll
file on one of my machines (Win98SE). Could be due to having an
older/newer version of the file in
C:\windows\system. Reader Pete Jacoby got around this by booting
into Safe Mode (without network support) and installing logviewer.
Updated
4/26/01 Using the SPI (Stateful Packet Inspection) &
Triggered Port features
The SPI feature is located on the Filters page of some BETA versions
of Linksys firmware (1.38.5 for example). The information below was supplied
by Linksys:
The SPI (Stateful Packet Inspection) option is
currently an experimental feature. If you enable this feature, it will
DISABLE THE FORWARDING FEATURES. The reason forwarding is disabled
is to test the SPI and make sure forwarding is not a factor. In the
released version, forwarding will not be disabled when SPI is enabled.
The SPI feature can be tested by using applications
like Netmeeting and other applications that use many ports dynamically.
SPI will open the ports as needed as long as the data transfer session
originates from a LAN side computer. When the initial data transfer
comes from the WAN side of the router, the normal port Forwarding feature
must be used (however, remember that Forwarding is disabled in the BETA).
The Triggered Port button on the Forwarding page brings up a screen
where you enter a trigger port range and incoming port range for up to
10 applications. This is basically a manual version of SPI.
The trigger port ranges are monitored and the incoming port range enabled
when a data transfer using those ports is detected from a LAN client.
The ports are opened only for the transfer, then closed again.
If you can't connect to your PCAnywhere machine behind the Linksys, even
trying DMZ, the problem may be your firmware. Here is an article
from Symantec's Knowledge Base that describes the problem:
In order to connect to pcAnywhere hosts that are behind routers using Network Address Translation (NAT), there are two things that you need:
A routable IP address for the Host. Refer to the document How to determine the IP address of a pcAnywhere host for additional information
Port forwarding to forward ports 5631 (TCP) and 5632 (UDP)
If port forwarding does not resolve the problem, you may need to update your router's firmware. Refer to the router manufacturer's Web site for information about possible firmware updates.
Product(s): pcAnywhere 10.0, pcAnywhere 9.0, pcANYWHERE32 version 8.0
- Win95/NT
Operating System(s): Windows 95, Windows 98, Windows 98SE, Windows NT
4.0, Windows 2000, Windows Me
Document ID:
2001050711552112
Date Created: 05/07/2001
Last Modified: 04/06/2003
9/3/01Citrix client setup info
[Thanks to John Edgecombe for this info!]
Filters page under the Advanced tab:
SPI (Stateful Packet Inspection) = enable
Block WAN Request = enable
Multicast Pass Through = enable
IPSec Pass Through = enable
PPTP Pass Through = disable
Remote Management = disable
Remote Upgrade = disable
MTU = enable Size = 1408 (Note: this is for a PacBell
ADSL connection with PPPoE)
Port Triggering page under the Forwarding page under the
Advanced tab:
Application Name: pn.exe (This is the Citrix Win32 client)
Trigger Ports: 1494~1494
Incoming Port Range:1025 - 5000 (see the previous discussion
for how this can change!)
Notes:
- Using older firmware or other routers that don't pass UDP ports. The
new Citrix Win32 client has a network protocol option of TCP/IP + HTTP
which works for routers that do not pass UDP packets, provided that the
server has been configured for this. This is also an option with the Linksys
if you want to disable Multicast PassThrough.
- TCP 1494 is a registered port for ICA. Some ISPs may filter this port
for residential service. You can test this by using Telnet to contact
the host (Citrix Server) using port 1494. You should receive a sounder
that consists of two block characters and the letters ICA repeating.
- If the Citrix Server is hosted on an NT Server, the following applies:
The NT TCP port allocation algorithm is to index the ports used from the
minimum user port (1025) upwards. A counter is maintained of the last
one allocated, and is incremented for each allocation. A check is then
made to make sure no other connection is using this port, and if so, the
algorithm iterates until it finds a free port. The NT TCP/IP ports are
a function of how many other connections have been made, and are not random.
The maximum user port used by default is 5000, but a registry key "Max
UserPort" can set this up to the TCP/IP maximum of 65534.