Somebody else posted this tip on when setting either netgear or a syslink router. Here is his exact quote:


" Since I do network and security designs for a living I thought I would post a little help file for those just getting into or even those that do not have the time to research home networking and some of the pitfalls.

I hope some of you find this helpfull...

1. If you use a Linksys or Netgear or any of the small in home ethernet routers do not use the default IP address/mask. There are so many available "Private IP" addresses out there to use that helps to protect your internal network, stay away from 192.168.1.x

2. If you are using a wireless network in your house, do not use the default WEP key, make your own up (0-f), I like to spell things out to make it easy to remember, i.e. f100d or 1d1o7, just examples. Also, do not use DHCP, this allows someone who does sniff out your encryption key to gain access once they get it, wihtout it, they have to guess your scope (look at tip 1).

3. Ensure you turn off external admin access to your ethernet router, should be no reason to have this running on the OUTSIDE.

4. CHANGE THE ADMIN PASSWORD on your ethernet router :p

5. If you are running a win32 box, change the "Administrator" login name to something else, prefferably not "admin" or "god".

6. Make sure your passwords include both letters AND numbers, makes cracking it that much harder.

7. If you are allowing services inbound (ftp, www, termservices) change the access port to a non-standard range, hopefully something better than 8080 for web tho...

8. As much as it is easy for you, having a common password for many things/sites is not a good idea, if one is cracked, they have access to everything.


Private IP Ranges:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

You can use any of these with a 255.255.255.0 mask.

Any feedback / additional help is always appreciated, good luck and happy/safe surfing...

pF.TK "


I found it very helpful. Because i don't know anything about ips so i thought about using the defaults.

But as the kind samaritan pointed out, nearly everyone leave it at these defaults.


This is what the stream should look like:

Internet -> ISP -> Adsl/Cable Modem -> Router -> Home Network Computers


Anyway have fun. ( Ps: I recommend the LinkSys )

well, I'm using the defaults... to be exact, I'm using the 192.168.1.10-20 range for my home network. i don't care if it's default and often used... most routers have firewalls built in, so it shouldn't make a difference, should it?

Well i'm a newbie to be honest but i've lately just read up on networking because i'm planning on getting a router.

Just using a different ip between the ranges ( i forgot what they were ) are obscurities

mask should be 255.255.255.0 like normaly

I read that using non standard ports for hosting an ftp server for example might not be good.

Example people using ftp to connect to your server will likely use something else instead of pasv to connect to the ftp server.

I think they mentioned the problem with that was some people can use the other thingy.

using non standard ports will make you seem invisible online thats all that it does.

So perhaps using standards is ok if your not fussy about it

I don't think i'm bothered =^-^= a router is better security than not using one. So i guess using standards ports e.g. 21 for ftp and etc is ok ^^

I'd share the web site i read this from but i lost it. I did too many bookmarking lately >.<;

Well if we are talking about home network without DHCP,RRAS ,DNS,WINS servers then securing it and speeding it up should not be such a big deal,you dont even need router to be "secure",becouse many software firewalls are tought nuts to crack
If you want secure home network i would suggest that you take one machine and set it up as firewall,all you need is some machine(dont need to be new one) with 2 net cards in ,and hour or two to configure it:)

Standard ports that you have mentioned can be opened without big securitry risk if you have made rules in firewall what can come in and what can come out.
To speed network up I would suggest that you install netBEUI protocol and set it as highest in protocol bindings,so that machines will first try to communicate on that protocol and afterwards on tcp/ip,you can also do some regedit tweaks so that you speed up litlle browsing services on your network

You write :

mask should be 255.255.255.0 like normaly

thats not case,subnet mask can be strange sometimes,belive me

I don't agree with either.
A home router will surely simplify an internet-sharing. Given a specielized computer , it is better using it as a firewall or proxy before a router.
as such
internet -> firewall/proxy-> router ->LAN computers

With more security factors considered, NAT should be used to impove security on this firewall to share IP(s) given by ISP. If there is some servers in your lan. you can specify Port-mapping at your firewall (or router without firewalls).

Anyway, such ( firewall and router) works can be achieved by only 1 hub and 1 computer running proper softwares ,eg Kerio winroute route 5 (soft-router). Money limited, it is a simple and effective way.


BTW , i recommand such server-client constructure. More safe and effective

I don't what family router you will choose. I experienced professional routers only.But with DHCP broadcast allowed @ router, your DHCP request by Lan computers can reach the firewall.

further more, your firewall may act as a Dhcp,Dns forwarder, http cached proxy(with antivirus plugins),Nat server(with port-mapping) as well ------ all by winroute-firewall ,the one i am using.

windows 2000/2003/xp (better with spx files slipstreamed) can also take all those busyness,even socks proxy. But I will not recommand.
1. as a router/nat/firewall server , workstation server services must be set ,in order to make [ the remote access and routing services] (corel services)working,. Over 30M memory is wasted by these useless ruts.
2. as a proxy, IIS needed . oh` god. you must have always heard about its dangers.
3. not friendly , hard to set detail traffic rules.

Well yeah,but surely it can be like this WEB--->Firewall/NAT/Proxy---->Hub/switch---->LAN computers
If you want real security(i mean not just home) but litlle enterprise or just some company,then the best thing to do is to set DMZ zone and make third "leg" in firewall(if you have web,ftp or some other servers runing for wan users)
That Kerio software i didnt used but looks good(from screenshot tho )
NAT is very usefull as it can also be DHCP server,and of course static mapping in nat routing table are cool also,but just piece of advice,dont complicate 2 much,use resources that already exist in windows,only thing i use is symantec firewall and w2k server resources(NAT,RRAS,DNS),as from experience if u set up 2much "security"messures you risk thast suddanly you lose control over things(like "is my router acting as dhcp or is it my nat or is it some other software i instelled " ) it happend

I like all-in-one solutions of course(as that Kerio) i used also SyGate and other software,sure if you can do it on easier way,why not

p.s i think tho cached web sites in proxy sucks big time,as you cant cache php or any active site:)