Do I need a Hardware router?
 

I'm just about to upgrade from dial-up to ADSL Broadband with Tiscali,our internal modem having been zapped by lightning.I'm in the UK using one G4,just for home use with my family.Do I need to get a hardware router to keep unwanted elements from using my computer? If so,any recommendations? I've been told DSL D-Link is good,but they have lots of models...

Do you "need" a router?

That's a debatable question, but in general I'd answer "yes." A hardware router running NAT provides impenetrable protection from the world, while the software firewall on your computer is good but not fool-proof. It also allows you to have multiple computers, if you ever want to.

(A few academics will point out that NAT is not truly impenetrable, however, it's only been broken in the lab under controlled conditions and not in real use.)

Plus, they're not expensive, most include a 4-port hub, and wireless is available for a very reasonable extra.

Note that badly-administered wireless will completely negate the advantages of a hardware router :D

You don't NEED a router, but it will give you the above advantages. Plus, if you have a network capable printer like many laser printers, you'll be able to connect to it and the internet at the same time.

As for lightning, you probably want a UPS powerful enough to put the computer, router, and DSL modem on it.

With one wired computer, you could easily find a used wired-only router for cheap. After monitoring my router's traffic and seeing all of the port scans from infected machines out there, I feel much safer behind a router with anonymous request blocking turned on.

Thanks folks.OK maybe I'll see if I can find one on eBay.Now can someone recommend some names/models/makes suitable for Mac? I'm only going for wired with NAT.

Netgear DG834
 

try the above.

They're all Mac compatible. Linksys, Microsoft, Buffalo, Netgear, and SMC make good hardware. Belkin and D-Link are garbage and I will no longer support them; just toss them in the trash and replace them.

Compatible yes, but support is another story. Linksys refuses to provide tech support for Macs.

As much as I like my Linksys router, I have never been able to upgrade the firmware from the Mac. I've always had to resort to using my PC to get it to work. Of course this isn't a huge deal, since I don't have to upgrade the firmware often. But still, it's something to consider. I have no experience with other router brands, so don't know if they're more Mac-friendly.

Does anyone have experience with tech support other than Linksys? I wouldn't be too surprised if all tech support is Mac hostile...

I understand that being able to plug a printer, and other devices is an advantage for a router (I do have a router for only one computer and ocasionally a wireless laptop) But I don't understand the NAT business, You can still put yourself behind a NAT without the router and the mac os firewall is quite good and versatile for that, as any other UNIX system.

R.

I'm surprised this company doesn't get more support here:
http://www.macsense.com/

I've heard this before from others, but I've never had an issue with it. I only use the WRV54G and WRT54G, don't know if the others are different.

The support thing is interesting. Next time my Linksys rep I'll have to ask her about it. If they truly refuse to support Mac users, there's a likelihood I'll switch vendors just on principle.

You can have your Mac create a NAT/firewall router on itself, but the machine is still exposed to the internet. The OTHER machines behind it are protected, but not the one doing the routing/NAT.

Just call their support number and pretend you don't know how to set up your Mac to work with their router. They'll practically hang up on you.

Then there's their web site. You can't download a firmware update from them (at least for the BEFSR41, but probably the rest) unless you're running Windoze.

I've downloaded and installed their firmware using a Mac.

If I have some time to blow I'll call my reseller support line and the retail line and see what they say.

Sorry, gotta call "pfooey" on this one.

Go to http://www1.linksys.com/download/ (found by clicking support on the home page, then downloads) and select your router, select 'Other' for the OS. The firmware button allows you to download the bin file for the update.

You can then do the update a few ways, described here. At least, that's the theory -- I couldn't get it to work, personally. But I don't know if I was doing something wrong.

My point is that you can download the firmware updates from Linksys no matter what OS you're using.

Interesting. It seems they've updated their web site recently. I tried to download it last week but couldn't and tonight it works. Of course, as you've pointed out, installing the update requires a work-around.

My point wasn't that you can't get the downloads. My point is that they don't support Mac users in getting them and installing them. They could have the best and cheapest routers in the world and I still wouldn't buy another because of that.

Thanks,all
More questions-what's a UPS,cwtnospam?
Can someone explain in laymans terms the difference between a wirless and a wired router,and the advantages?
If I start using Broadband BEFORE I get the router,and someone manages to invade my system,will getting the router get rid of them?

UPS is Uninterruptable Power Supply, unless you're waiting for a package - then it's United|Useless Parcel Service

A wireless router is just a wired router with wireless built in. Usually it's cheaper than a wired router and a separate wireless device. May be easier to adminsiter than 2 separate devices depending on the services you want.

Getting the router keeps invaders out. If they've already got your system, there's no option other than reformat and reinstall. Turn services OFF and the firewall ON, and do it today.

To expand a bit on acme.mail.order's good info, a wireless router means you can connect to it using a wireless card, like an Airport card from a Powerbook or iBook (really, any wireless card should work, those are just two examples). A wired router is one where you can only connect to the router through a network cable.

Most wireless routers can also use regular network cable (in fact I've never seen one that you can't connect through a network cable, but I'm hardly an expert on all possible routers). A wired connection will be faster than a wireless connection, but of course has the disadvantage of having physical cables.

Another thing to note is that if you have a wireless router, by default it will most likely be set up so that anyone can connect to your network and use your internet connection. This is referred to as an "open network" and probably isn't what you want. There are multitudes of threads on the forum talking about setting up some passwords for your network, and the manual that comes with the router often gives step by step instructions.

Linksys apparently does support Mac users... When they introduced the WRT54GX (pre 802.11n standard), it was not Mac-compatible. I discussed the problem a few times with them, and well, now there's a fix for the problem. I hadn't even noticed until now, but they made it publicly available on 7/1. I was under NDA until release, so I couldn't say much until then. They did care when the problem was reported, apparently enough to fix it.

This is still no reflection on what might happen when a consumer calls the retail support line, but apparently Linksys does at least make an effort to ensure compatibility.

Thanks,all.OK where do I turn the services off and the firewall on?

You'd probably better off to read a complete overview on Mac security to fully understand what to do.

Although it may come as a surprise to some, the NSA has done something really useful in publishing a pretty good guide on Mac security:

http://www.nsa.gov/snac/downloads_macX.cfm

What you want to watch out for is the Modem you are going to get from Tiscali: most UK providers will supply you a USB Modem, if you want to use a router with your broadband, you'll need an Ethernet Modem.
There is also one more thing to consider if you are going to use a router: you will only have limited access from the outside world to your mac. I use a firewall (which is more or less a router) which can look at the TCP/UDP packet coming from the outside and if matches pattern xy then sends it to the machine with the IP xy.xy.xy.xy. Some routers can do this, the feature is called "port forwading" or "virtual servers", the marketing geeks will have probably 1000 more words for this.

ron

Ooops you're absolutely right, I apologize for such a terrible comment!

R.

Thanks.
Photon beam-Tiscali have indeed sent me a USB modem,but it's supposed to work with OSX.Alas,I'm not getting Broadband because it seems my line can't take 1Mb.But it can apparently take 514k,so they're just switching to that,so I'm keeping my fingers crossed.
But will the USB modem work with a Mac anyway? and can I protect myself using it somehow? Tiscali don't yet offer Mac technical support...
Your firewall-is that something external?

You can't convince them to send you an ethernet modem?

The USB should work if it has OS X drivers, but it's a poor choice for many reasons. For one, the fact that it requires drivers rather than using a standard, ubiquitous interface like ethernet. Also you won't be able to use a hardware router/firewall.

If you do end up using this, make sure you understand the Mac's built-in firewall and enable it. All in all, Mac OS X is very secure, so your risk is small, but non-zero.

Carlos is absolutley right, the USB Modem will work, but your naked ar** will be visible to whole the Internet. This is not a major problem for os x, just make sure you are not "sharing" (Settings->sharing) anything and enable firewalling.
I i were you, just have a look on ebay, mabe even ebay.de(germany) you should pick up a standard ethernet modem (they all run on a standard called "annex b" in europe) for less than 30quid.
My firewall is an "external box" made by sonic wall, these boxes are fairly expensive, mine was approx 600quid, but I need it for several reason ;-))
A standard router like the Siemens or SMC boxes are very good and will cost you less than 70quid, some of the Siemens already have the Ethernet modem integrated.
If you are interested, I can get my girlfriend to check which model the Siemens router is which I set up in their office.

take care
ron

Getting an ethernet modem is certainly a good idea, however, DSL, although there are standards, has lots of obscure parameters which may vary. Before getting another modem, make sure it works or you get to adjust the settings as needed.

You must also have a very long line to get such crappy bandwidth.

Hi Carlos,

nope, they won't go for that. My sister has a mini and because the box is "instant on/off" the modem supplied by Tesco (a BT reseller in the UK) doesn't sync the dsl line fast enougth. This wouldn't be a problem for a pc (can you believe that "Apple->sleep" doesn't work on a pc :D ?) because the beige boxes take a few minutes to boot and thus giving the modem a chance to sync.
The mini is on within 2 secs, the modem gets power->try's to sync and fails to get an internet connection. This apparently freaks the modem in such a way that you can only reset the modem, stick it back onto the mac and then give it approx 30-40 secs to sync the dsl line..........
After I worked this out, I called the "engineers" at Tesco helpdesk, they still wouldn't supply an ethernet modem. I just got her one from ebay.de for 17uk-pounds (30$us)

sheesh, that's customer service. Well at least now Tesco Helpdesk knows how and why Mac & USB modems don't always work ;)

take care
ron

unfortunatley it's nothing to do with the length of the copper lines, most dsl-lines in the uk are 512kbit. I'm from the uk, but work in germany, my "local provider's" smallest line is 2Mbits /192kbits, but will be upgraded to 4mbits/192kbits free of charge. I would have rather have had 2mbits/2mbits, but who's complaining ;-))


take care
ron

Thanks all.
An update.I went to cancel my Tiscali a/c,having received no signal in 10 days,and spending most of that time on the phone to them/BT/various Mac specialists,only to be told that they have ANOTHER kind of Modem which works with Macs (maybe..).Why didn't they tell me that in the first place? So I'll try that before going through the whole cancellation/reconfiguring with another ISP which takes upwards of 20 days.The other modem should arrive in 3 -5 days so I'll keep you posted.If that doesn't work I'll try Telewest BB who at least offer Mac support and actually send a human being out to help install.
Re my distance.Our exchange is Broadband enabled,but I live in the woods 6.5 kilometers from the exchange,and apparently all the wiring in my village is ancient and has a lot of aluminium.(I'm told).But my neighbour 50 yards away gets Broadband on his PC through a router no problem...
The whole process-I've made about 50 phone calls,half of which are to callcentres in India-has made me want to put an axe into something. :mad:

6,5 km are really the outer limits of todays DSL-technology.
They'll have a really hard time to get any modem to sync at that distance at all and there will be lots of errors (frames will be resent tranparently resent, but it'll show in bandwidth and latency).

You're not out of the woods yet ;) ...

Extraordinarily,this USB Modem-which has just arrived-works! I'm now on 514k.Everything seems fine re windows,signal etc.
But...help please!
It's called a SpeedTouch USB from wanadoo and it goes straight into the USB port.I'm guessing that it must have installed some drivers.There are lots of Files put into OS9.
So back to my original question-how can I protect myself? Do I need a router,will it work with this Modem? How do I make sure Firewall is on and Sharing is off?

Go into the system prefs, Sharing, and click the Firewall tab. Turn on the FW, and make sure all of the ports (services) are either off or properly secured. IE, if you want to turn on file sharing, just make sure all of the accounts have good passwords (do a search for "good passwords" if you don't fully understand what that means). SSH is a particular risk, and if you don't plan to remotely use the command line interface, there is no use for it.

Thanks,Carlos.

ssh is a particular risk? Please back up this statement. I personally can't think of any service as secure or as safe to leave on as OpenSSH is. Any minor bugs that are found in OpenSSH are very promptly fixed. There have been a grand total of zero vulnerabilities found (at least publicly) in OpenSSH in 2005 (source: Secunia), and those from 2004 were fairly trivial and quickly fixed.

Trevor

A while back, I bought a Linksys WRT54G router that 's also a Wireless Access Point. I bought it so I could use my Mac in a home that already had 2 PCs. I wanted them all to share the same broadband connection.

Using info I found by searching forums here, I was able to track down the specific settings I must use to make the Linksys play nice with my Mac, which accesses it wirelessly. I seem to recall some shenanigans about OS X's Network prefs pane not allowing me to use the same security key that worked with PCs -- I had to use a numeric one, not an ASCII one. I forget the details, but you could search them out here if you decide to go with the Linksys.

I love it. Haven't had a speck of trouble with it.

LinkSys firmware upgrade and the Mac
 

A less technical way to upgrade the firmware in a LinkSys router, as of summer of 2004, and Panther, was to use Firefox to administer the router.

Piece of cake.

Sorry not to have defined.
 

Firefox information is here.

As I hit "send" on that post, I had a premonition that someone would challenge that. The point is that SSH is a major vulnerability if you don't have proper passwords. There have been several examples of that posted here. It's the easiest way to get owned if your password is "password."

Hi Carlos,
you are right, however "Password" is far to komplex, most mac users I know use "ibook" or "apple" :D
My sisters use "macmini" and "ibook" on their boxes.

so much for security, hehe :)

ron

do I really need to update the firmware in my router?
 

I'm new to this wireless router stuff, so pardon me if this is a dumb question: do I really need to update the firmware in my router?

I'm unwilling to mess with something that Just Works, as long as it's working and, of course, safe to use. If it's risky to go without the firmware upgrade, I guess I'll have to do it -- but must I really?

If your router is working, then no. The only time you need to upgrade a router is if it's not doing what you want.

OK my firewall is on and all the SSHs etc off.But what if I want to do a little file-sharing?-I do occasionally download some music from filesharing places like Limewire.
Also my connection is running pretty well-except there were two or three times last night when it went down for 5-10 minutes.Is this because my ISP has capped the bandwidth/because I'm so far from the exchange/or what?
Thanks for all help.

Filesharing can be enabled, but it does increase your vulnerability to attack. Not nearly as much as a PC, but still an increase.
If you've got DSL and you're at or beyond the limit as far as distance, I'm afraid you're always going to have spotty service. That was why I switched to cable a couple of years ago.

How about if I got the wireless router? Would it make a difference to my signal from the exchange? There's no likelihood of cable hereabouts,I think;this is deepest rural England,which of course has plenty of compensations.
Last night I only got a 10 second signal in two and a half hours waiting.I've told the ISP;let's see what they respond with.

deepest rural England.... sounds like LakeDistricts.... baaaahhh *sheepsounds* ;-))

As to you getting a wireless router:
This will probably not change anything concerning the quality of your dsl-connection, the problem is signal quality between your modem and the phone exchange. You could ask your provider to reduce the transmission speed a bit, this will improve dsl-stability at a slight bandwidth loss.
There are quite a few dsl modem out and about which you can programm yourself, but this is very difficult as you need to know quite a few settings which your provider will probably not give you.
Best thing is to get on their nerves, as soon something doesn't work, call the callcentre people and tell them to find a solution.
Also, you should ask for a cae number, this is just a tag so somebody can identify your problem history. If the line goes down again, call them and quote the previous problems with the case numbers already given to you on previous occasions. Sooner or later someone is going to say "ok then, give these people the good modem and card on the phoneline....."


Good luck

ron