Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
This explanation is courtesy of Ted Ede.
In active mode you talk to the FTP server, and ask for a file. Over
that connection, the server says to you, "Okay, I'm going to send you a file, and I'm
going to send it you over a new connection to Port X on your machine". X is
from 1024 to 65535. Your client replies, "go for it".
Now the FTP server tries to open that port, but speaking on a
port that the NAT gateway would not be expecting a request on. So, all of a
sudden your NAT gateway receives a request on Port X, and it does not know which machine
on the your net that the packet was intended for, so it denies the request, and you don't
get your file.
On linux, ip_masq_ftp, a kernel module, can be loaded to fix this.
Instead of blindly NATing away, it eavesdrops on the FTP protocol, and it knows in
active mode that the server will reply to the client over the control connection with a
port number which is contained in the *data* of the packet. When a reply comes in on
this port, the ip_masq_ftp module tells the NAT code to route it to the correct
client behind the gateway. You still need to open the firewall to all incoming
ports, but only if the source port is the FTP data port.
In PASV (passive) mode, port 21 is always initiated by the
client for control and port 20 is always initiated by the client to receive
data. This makes it NATable. Most FTP clients are set to Active mode by
default and must be told to switch to PASV mode.
It's kind of a misnomer to say the client is passive.
Basically, it instructs the server to be passive, telling it, "Hey FTP server,
don't get active on me! When I want the file, I'll open a connection to you and get
So, you may be saying, why did they bother with this active baloney
at all? Like everything invented in unix, there's more to it than meets the eye. Two
properly implemented FTP servers can be made to work together from a third
machine. Using the FTP control port from machine A, you can tell the FTP server on
machine B to download the contents of a directory on machine C. This is basically
how FTP mirror sites get updated.
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.