1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. RP614v3
    5. /
  5. 18
Page 86 / 121 Scroll up to view Page 81 - 85
Reference Manual for the Model RP614 v2 Web Safe Router
B-8
Networks, Routing, and Firewall Basics
NETGEAR recommends that you choose your private network number from this range. The
DHCP server of the RP614 v2 router is preconfigured to automatically assign private addresses.
Regardless of your particular situation, do not create an arbitrary IP address; always follow the
guidelines explained here. For more information about address assignment, refer to RFC 1597,
Address Allocation for Private Internets,
and RFC 1466,
Guidelines for Management of IP
Address Space
. The Internet Engineering Task Force (IETF) publishes RFCs on its Web site at
www.ietf.org
.
Single IP Address Operation Using NAT
In the past, if multiple PCs on a LAN needed to access the Internet simultaneously, you had to
obtain a range of IP addresses from the ISP. This type of Internet account is more costly than a
single-address account typically used by a single user with a modem, rather than a router. The
RP614 v2 router employs an address-sharing method called Network Address Translation (NAT).
This method allows several networked PCs to share an Internet account using only a single IP
address, which may be statically or dynamically assigned by your ISP.
The router accomplishes this address sharing by translating the internal LAN IP addresses to a
single address that is globally unique on the Internet. The internal LAN IP addresses can be either
private addresses or registered addresses. For more information about IP address translation, refer
to RFC 1631,
The IP Network Address Translator (NAT)
.
The following figure illustrates a single IP address operation.
Page 87 / 121
Reference Manual for the Model RP614 v2 Web Safe Router
Networks, Routing, and Firewall Basics
B-9
Figure 6-3: Single IP Address Operation Using NAT
This scheme offers the additional benefit of firewall-like protection because the internal LAN
addresses are
not
available to the Internet through the translated connection. All incoming
inquiries are filtered out by the router. This filtering can prevent intruders from probing your
system. However, using port forwarding, you can allow one PC (for example, a Web server) on
your local network to be accessible to outside users.
MAC Addresses and Address Resolution Protocol
An IP address alone cannot be used to deliver data from one LAN device to another. To send data
between LAN devices, you must convert the IP address of the destination device to its media
access control
(MAC) address. Each device on an Ethernet network has a unique MAC address,
which is a 48-bit number assigned to each device by the manufacturer. The technique that
associates the IP address with a MAC address is known as address resolution. Internet Protocol
uses the Address Resolution Protocol
(ARP) to resolve MAC addresses.
192.168.0.2
192.168.0.3
192.168.0.4
192.168.0.5
192.168.0.1
172.21.15.105
Private IP addresses
assigned by user
Internet
IP addresses
assigned by ISP
Page 88 / 121
Reference Manual for the Model RP614 v2 Web Safe Router
B-10
Networks, Routing, and Firewall Basics
If a device sends data to another station on the network and the destination MAC address is not yet
recorded, ARP is used. An ARP request is broadcast onto the network. All stations on the network
receive and read the request. The destination IP address for the chosen station is included as part of
the message so that only the station with this IP address responds to the ARP request. All other
stations discard the request.
Related Documents
The station with the correct IP address responds with its own MAC address directly to the sending
device. The receiving station provides the transmitting station with the required destination MAC
address. The IP address data and MAC address data for each station are held in an ARP table. The
next time data is sent, the address can be obtained from the address information in the table.
For more information about address assignment, refer to the IETF documents RFC 1597,
Address
Allocation for Private Internets,
and RFC 1466,
Guidelines for Management of IP Address Space
.
For more information about IP address translation, refer to RFC 1631,
The IP Network Address
Translator (NAT)
.
Domain Name Server
Many of the resources on the Internet can be addressed by simple descriptive names such as
www.NETGEAR.com
. This addressing is very helpful at the application level, but the descriptive
name must be translated to an IP address in order for a user to actually contact the resource. Just as
a telephone directory maps names to phone numbers, or as an ARP table maps IP addresses to
MAC addresses, a domain name system
(DNS) server maps descriptive names of network
resources to IP addresses.
When a PC accesses a resource by its descriptive name, it first contacts a DNS server to obtain the
IP address of the resource. The PC sends the desired message using the IP address. Many large
organizations, such as ISPs, maintain their own DNS servers and allow their customers to use the
servers to look up addresses.
Page 89 / 121
Reference Manual for the Model RP614 v2 Web Safe Router
Networks, Routing, and Firewall Basics
B-11
IP Configuration by DHCP
When an IP-based local area network is installed, each PC must be configured with an IP address.
If the PCs need to access the Internet, they should also be configured with a gateway address and
one or more DNS server addresses. As an alternative to manual configuration, there is a method by
which each PC on the network can automatically obtain this configuration information. A device
on the network may act as a Dynamic Host Configuration Protocol
(DHCP) server. The DHCP
server stores a list or pool of IP addresses, along with other information (such as gateway and DNS
addresses) that it may assign to the other devices on the network. The RP614 v2 router has the
capacity to act as a DHCP server.
The RP614 v2 router also functions as a DHCP client when connecting to the ISP. The firewall can
automatically obtain an IP address, subnet mask, DNS server addresses, and a gateway address if
the ISP provides this information by DHCP.
Internet Security and Firewalls
When your LAN connects to the Internet through a router, an opportunity is created for outsiders
to access or disrupt your network. A NAT router provides some protection because by the very
nature of the Network Address Translation
(NAT) process, the network behind the NAT router is
shielded from access by outsiders on the Internet. However, there are methods by which a
determined hacker can possibly obtain information about your network or at the least can disrupt
your Internet access. A greater degree of protection is provided by a firewall router.
What is a Firewall?
A firewall is a device that protects one network from another, while allowing communication
between the two. A firewall incorporates the functions of the NAT router, while adding features for
dealing with a hacker intrusion or attack. Several known types of intrusion or attack can be
recognized when they occur. When an incident is detected, the firewall can log details of the
attempt, and can optionally send e-mail to an administrator notifying them of the incident. Using
information from the log, the administrator can take action with the ISP of the hacker. In some
types of intrusions, the firewall can fend off the hacker by discarding all further packets from the
hacker’s IP address for a period of time.
Page 90 / 121
Reference Manual for the Model RP614 v2 Web Safe Router
B-12
Networks, Routing, and Firewall Basics
Stateful Packet Inspection
Unlike simple Internet sharing routers, a firewall uses a process called stateful packet inspection
to
ensure secure firewall filtering to protect your network from attacks and intrusions. Since
user-level applications such as FTP and Web browsers can create complex patterns of network
traffic, it is necessary for the firewall to analyze groups of network connection states. Using
stateful packet inspection, an incoming packet is intercepted at the network layer and then
analyzed for state-related information associated with all network connections. A central cache
within the firewall keeps track of the state information associated with all network connections.
All traffic passing through the firewall is analyzed against the state of these connections in order to
determine whether or not it will be allowed to pass through or be rejected.
Denial of Service Attack
A hacker may be able to prevent your network from operating or communicating by launching a
Denial of Service (DoS) attack. The method used for such an attack can be as simple as merely
flooding your site with more requests than it can handle. A more sophisticated attack may attempt
to exploit some weakness in the operating system used by your router or gateway. Some operating
systems can be disrupted by simply sending a packet with incorrect length information.

Rate

4.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top