The router acts as a firewall by taking this real IP address for itself, and then acting as a Network Address Translation (NAT) device, by assigning any local computers connecting to it a non-routable IP address (e.g. 192.168.1.1). These non-routable IP addresses are a small set of reserved addresses - if an internet router sees this address in a packet, it drops it.
So, if you have two computers behind the cable modem, with IP address 192.168.1.1 and 192.168.1.2, when either talks to another computer over the internet, the router "remaps" that packet with the router's real IP address. The recipient sees the packet as if it came from the router, not the computer. When the recipient replies, the packet is addressed to the router. When the router receives it, it does a lookup to see who on the local network is talking to the remote sender, and then passes the packet on to the internal computer. The firewall aspect comes from the NAT system - machines on the outside can't get packets through to machines on the inside without the machine on the inside having started communication with it in the first place.
It's not the most sophisticated protection in the world, but it does offer excellent protection.
The only problem of course is that certain applications that used to work will not work so well, e.g. video conferencing, peer-to-peer software, etc.
Marcus
On Friday, May 14, 2004, at 03:17 PM, Andrew Rodger wrote:
On 14 May 2004, at 16:07, Marcus Roberts wrote:
Make sure you get a cable/ADSL router rather than a simple wifi access point. Because the cable modem only gives out a single IP address, you need a router rather than an access point. The router will act as a firewall between the internet and machines on the local network, and will act as a DHCP server giving out IP addresses to the machines too.
Something I am having trouble with understanding is: How can the router act as a Firewall if you cannot configure individual ports? I have a Linksys router and in the set up it seems only to offer an On/Off switch for the "firewall". I think I must be missing the point and would be grateful if someone could elaborate.
Thanks.
Drew
It basically 'routes' packets between the local network and the cable modem. If you only have an access point, then the cable modem assigns the IP address to the access point's ethernet port, leaving you with no IP addresses for your computers. A 'broadband router' base station only costs a couple of pounds more than a simple access point anyway.
-- Mac UK is sponsored by <http://lowendmac.com/> and...
123Inkjets.com <http://lowendmac.com/ad/123inkjets.html>
Support Low End Mac <http://lowendmac.com/lists/support.html>
Mac UK list info: <http://lowendmac.com/lists/mac-uk.shtml> --> AOL users, remove "mailto:"; Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/mac-uk%40mail.maclaunch.com/>
Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
-- Mac UK is sponsored by <http://lowendmac.com/> and...
123Inkjets.com <http://lowendmac.com/ad/123inkjets.html>
Support Low End Mac <http://lowendmac.com/lists/support.html>
Mac UK list info: <http://lowendmac.com/lists/mac-uk.shtml> --> AOL users, remove "mailto:"; Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/mac-uk%40mail.maclaunch.com/>
Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
