using a switch rather than router

I have used a router with my computers from day one. Will a switch allow me to use more than one computer at a time with a broadband cable modem. I understand about the NAT firewall with router.

TIA

Reply to
BigJim
Loading thread data ...

Sure. But put the switch after the router. I.E. modem -> router -> switch -> computers

I'm assuming you have an older router with only 1 LAN port?

And you know how to set up the Router to handle multiple devices on the LAN side via NAT.

Reply to
DLR

A router delineates the border between two networks. A switch is a device within the same network. DHCP arp traffic doesn't travel past a router. So when you have a router, the ISP doesn't assign IP addresses to devices on the other side of the router. The typical home "broadband" router also has a DHCP server built in to do that, and then uses Network Address Translation to allow private range IP addresses to be used. NAT is not a firewall, but a side-effect of NAT is that packets coming from outside the network have to negotiate something extra. The effect is what is commonly being called a firewall, but it really isn't a firewall. (Some home "broadband" routers really do have additional firewall capabilities, but NAT, in and of itself, is not a firewall.)

But the basic purpose of a router isn't protection. The basic purpose of a router is to allow you to delineate your network from the cable company's network. That delineation results in protection, but it also means that the ISP does not have to assign IP addresses to all the devices in your house, as all those devices are now on your network, not the cable company's network. You're just connecting your network to the cable company's network.

If you use a switch, every device connected to the switch is connected to the same network that the switch is connected to. If you connect a switch directly to your cablemodem, then every device you connect to the switch is on the cable company's network. The cable company needs to assign each device an IP address, and they will charge you extra for that. And since those devices are directly on the cable network, they're essentially on the same network as every device connected to the network. If your neighbor isn't using a router, but has also connected directly to his cablemodem, the devices behind your switch are on the same network as his computer(s).

Also, with a switch, since the ISP needs to assign all the devices an IP address from their pool, it's possible that you could get IP addresses in different subnets. If that's the case, traffic between the two computers physically located in your house will need to travel out onto the cable network to the cable company's router before being sent back to your house to the computer on the other subnet. That also means the speed between the two computers will be limited by the upstream cap of the cablemodem instead of the maximum speed of the switch and network interface cards.

So with a switch, you are no longer the network admin. Your neighbors are on the same local network as you. You give up both NAT and firewall capabilities. And you have to pay for multiple IP addresses.

With a router, you are setting up your own LAN that you get to administer. Your neighbors aren't on your LAN. Your router will have NAT and some basic firewall capabilities to protect yourself. And you only have to pay for one IP address.

Most home "broadband" routers have switches already built in to allow you to connect multiple devices to the router. If your router doesn't, then you can place a switch on *your* side of the router. You don't want to use a switch instead of a router, and you don't want to put the switch on *their* side of the router.

Reply to
Warren

Bzzzt. Doesn't 'rather than' mean _instead of_???

cheers,

Henry

Reply to
Henry

It does, but then it would be a dumb question. ;) Or aren't there any dumb questions ? Add the switch after the router if you need more ports.

Reply to
$Bill

It is not particularly difficult to connect more than one computer to an internet source -- be it dialup, xdsl or cablemodem -- without a router. You put two NICs in one machine, which becomes the host. You connect one NIC to the modem and the other to your LAN switch. On the host you run IP-sharing software. Bob's your uncle.

cheers,

Henry

Reply to
Henry

It's not clear if you have a one port router ... in which case you just hook up a switch or hub and share the connection. Or if you are using a software router / firewall to share your connection....or even if you are sharing your connection. Here is a standard reply for how to share your connection.

==== You have three basic options for sharing one TCP/IP address:

1) You can buy a router/firewall with a built in switch such as the Linksys BEFSR41 Etherfast Cable/DSL Router...for around $50. This will connect all your PC's together as well as connect to the internet and share the one internet connection. This is a small device, quiet, cheap, and can be left on all the time. Each PC is independent of each other so either can be on or off without affecting the other. You can also get a router that has both wired switched ports and wireless capabilities such as the Linksys BEFSW411 Wireless-B Broadband Router. You will also need a wireless NIC / Adaptor for your PC/Laptop. This will free you from being physically connected to the router via Ethernet cables.

2) Add a second Ethernet Card to the PC connected to the Cable Modem, and run proxy software...i.e. MS-ICS, Sysgate, WinGate, WinRoute, AnalogX, and some firewall software...i.e. ZoneAlarm or BlackICE. You can use a "cross over cable" to connect two PC's together...but a hub or switch would be better. A hub or a switch is a must for more than two PC's. This is option is cheap and easy but requires that the main "router PC" be on all the time, or at least on while you want internet access from the second PC.

3) If you are up for the challenge, you can setup a dedicated Linux system or a Windows system to share your connection and provide proxy and firewall services. This requires a third PC and some Linux expertise. You will still need a hub or a switch to connect everything together.

I would check out the following links for more info on options, products and reviews.

formatting link
formatting link
formatting link
formatting link
formatting link
formatting link
formatting link
formatting link
formatting link
formatting link

Reply to
riggor99999

Sure you can. But then your computer is the router. That's what IP-sharing software is. A software package to allow your computer to be a router.

As to if this is a good idea. With the monthly flaws showing up with MS operating systems I personally feel it's a good idea to have the router as a separate box. Then all unsolicited probes can be tossed and your computer will never see them. In fact it's a good idea for all networks. You will eliminate an entire class of problems.

Reply to
DLR

Bzzzt. Only if the OP wants to buy more ip addresses from ISP.

Example:

4 computers connected to router connected to cable modem, user pays for one ip address because of Network Address Translation (NAT).

4 computers connected to switch connected to cable modem, user pays for 4 ip addresses because switch is not NATing computers.

Reply to
Bit Twister

Not at all. The software that is doing the IP 'routing' takes care of the NAT too. Works a treat, too. See, for example

formatting link
cheers,

Henry

Reply to
Henry

Using a switch to tie together a broad band modem and 4 computers with one computers doing network NAT is a bad idea. Yes it can work but it's bad in so many ways it's hard to know where to start. And Yes I even did it a few time back when we were all new to broad band and there weren't nasty folks scanning the entire netspace looking for ways to break into computers. But it wasn't a great idea then, and certainly isn't now.

Reply to
DLR
[and why did DLR snip out all the attributions, by the way? Bad form, mate.]

Everyone keeps bringing extraneous baggage to this discussion. The OP asked

and the simple answer is 'YES'.

cheers,

Henry

Reply to
Henry

There are some great disadvantages to this method compared to using a home broadband router.

For example, if you use a router, most crap coming from the outside never reaches your computer. Your OS can be swiss-cheese, security-wise, and it doesn't matter too much because the OS is not exposed when you have an external router.

When you're using IP sharing on a computer, whether it's the utility included with your OS, or software from another vendor, it's still software on top of your OS. Not only is your OS exposed, you're depending on software running on that OS to protect you as well.

Essentially, using Internet connection sharing instead of a router is like locking an interior door to protect your house, but leaving the front door unlocked. That interior door barely slows down anyone intent on invading your machine because you've already let them in. An external router using NAT keeps most threats out of the house all together.

Also, Internet connection sharing software running on a computer uses some of that computer's resources. How well your computer works can be dependant on what's going on with your network, and how well your network works can be dependant on what's going on with that one computer.

Also, with Internet connection sharing software that one computer always has to be running, or no other machine has access to the Internet. Time to reboot? Better let everyone else know the Internet connection is going down!

So between the inconvenience, and the security holes, it's a bad choice. You still have to buy a second NIC, and you'll need a hub or a switch, and if you're using third-party software instead of the swiss-cheese version included with your OS, you have to buy the software. So you have an inferior solution that costs as much, if not more, than the better solution of just going out and getting a home broadband router that uses NAT.

Internet connection sharing software is simply a bad idea. It had it's place for a short time back in the late '90s when broadband connections first became available to home users, and a NAT router would cost an arm and a leg, but once the Linksys BESFR41 broke the $100 mark in early 2000, there really is no good reason for anyone to continue using Internet connection sharing software instead of a router.

If you're using Internet connection sharing software you might as well just hang-up a sign that says, "I expose my OS to the world: Attack me. I'm an easy target."

Reply to
Warren

But I have always understood that the computer with the two NICs is unprotected. If all you're using it for is as a router, I suppose that's OK, but I'd rather just get a $50 (or less) "black box" router switch that takes up less room and uses less power.

Perce

Reply to
Percival P. Cassidy

Not so! See

formatting link
for how it can be done with firewall protection!

cheers,

Henry

Reply to
Henry

Yes it CAN be done. But that doesn't mean it SHOULD. I've used Peter's software for years. I even setup 8 different sites using IPNetRouter. Some time back before 2000. But these days not having a dedicated box between your main computer and the outside internet is a BAD idea.

Reply to
DLR

Why would you pay $100 for software that sucks up your CPU and forces you to keep that PC on all the time to service your other PCs (not that that's that big a deal in a lot of cases) when you can get a dedicated router for half the price or less to do the job that uses minuscule power and offloads your CPU and can even handle wireless for you and eliminate the need for another switch ?

Reply to
$Bill

Can I shoot myself in the foot?

The simple answer is "YES". But is that really all there is to the question? No. You're ignoring the context of the question. You've ignored the subject line. And you've ignored the subtext. I doubt the original poster simply wants to know if it can be done without hearing how it's a bad idea.

If you take things too literally, only answering the direct question without any regard to why the question was asked, you're doing no one any favors. A simple "Yes" response is not good enough.

Reply to
Warren

The very idea that software running at the application level can protect the same box it's running on is hogwash. In order to get to the application level, you've left the OS exposed.

It's like locking an interior door in a house to protect the contents of the whole house. Rooms in that house are still exposed before getting to the interior door. To protect those rooms, you must prevent someone from even being able to enter the house.

What some software company will say about their product in order to sell it is not convincing. The underlying theory is flawed.

And it makes little sense to even risk it when the cost of this flawed method is greater than a more secure, and simpler method. It's just dumb to use this as a solution when good, external NAT routers are available that will keep intruders from even getting to the box in question in the first place.

Reply to
Warren

Just some context. Peter of Sustainable Softworks has had these product going back for years. And they are a great suite of products. Back in the early days of the mass Internet he gave us a way to share our dial up or broadband connection across multiple computers. It was a great solution and it worked great. I did it for myself and for others. And yes you could put a switch on a broadband modem and have a computer with a single Ethernet port act as a router. But even Peter would tell you that this is not the best way to go these days. I'm guessing he'd tell you it is the last choice these days all other things being equal. And yet there are times when this can be a good thing to be able to do inside a fire walled office. But his "toolkit" has more to it that just Internet sharing. I've used his stuff for years but no longer have anyone setup with his router. But I still know of some folks who did as of a few months ago. They had Mac OS 9 boxes with DUAL Ethernet ports that had been running as routers for years and only changed to a "router in a box" when something new came up.

Plus these examples of Sustainable Softworks are not broadly applicable. These are Mac products. And Mac OS 9 especially, and OS X in general are a just a wee bit less likely to suffer a successful attack from the outside than any windows variant out there.

But Henry (I think he's the one arguing against us) wants us to tell the original fellow he can do it and not mention why it's a very bad idea these days. Sorry. I'll not do that.

Reply to
DLR

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.