# Help with internet setup



## reverze (Jun 24, 2009)

Basically I don't have a ton of knowledge yet on setting up different networking items.. But I do need some help trying to set up my network here at my home.

Basically I have three items:

- Linksys Router
- Linksys Switch
- Comcast Modem

In my house, here is what I have as far as PC's.

- HP Laptop
- Desktop PC in a bedroom w/ wireless card
- Desktop PC in my room w/ onboard (ethernet cable)
- HTPC that is going to go wireless here soon

So, All I basically want to do is set it up so that I have the wireless working and that I have my PC running directly through the switch. Nothing else. I do not want to go through the router as I hate them and they are a pain for me to deal with on my desktop.

Here is basically what it looks like:








All I want to do really is switch the orange and have it coming out of the switch to my PC. I thought that this wouldn't work and that I would need another IP address since Comcast only provides me with one. So I call them and ask for one and the lady tells me that it should work with one. Clearly it is not and I'm not quite sure what I am doing wrong.

If anyone could help me out with this.. I would appreciate it.

I definitely need a networking class ASAP and excuse my paint drawing.


----------



## mordant80 (Jun 24, 2009)

This set up will have to have two ip addresses from the ISP.  One for the router and one for your PC.  You will most likely need to have static ip addresses.  Never seen an isp hand out multiple ip's through the modem via dhcp.


----------



## Zebeon (Jun 24, 2009)

I am not sure that will work.... Comcast will only give you one public ip address correct?

If you plug you modem direct into the switch, then each pc will have to have a "real" external ip from concast.

as with your drawing, you router gets the "real external ip" and does NAT to hand out internal ip's via DHCP.....

The only way to go around the router is if your modem is doing NAT and will hand out internal ip's...

hope that helps.


----------



## reverze (Jun 24, 2009)

I used to have 2 IP addresses and I payed an extra $4.99 or something for one.. But then it was just gone one day or I forget what happened but I just have had the connection running through the router since then.


----------



## reverze (Jun 24, 2009)

Well here is what I tried..

Modem into the switch. Then one wire that is going from the switch to my desktop, and another wire which is going from switch to the router.

Why would this not work?


----------



## mordant80 (Jun 24, 2009)

reverze said:


> Well here is what I tried..
> 
> Modem into the switch. Then one wire that is going from the switch to my desktop, and another wire which is going from switch to the router.
> 
> Why would this not work?



It would if you had more than one ip from the isp.


----------



## Zebeon (Jun 24, 2009)

if your modem is not doing NAT (network address translation) then each device will have to have a comcast "real" ip addy


----------



## reverze (Jun 24, 2009)

mordant80 said:


> It would if you had more than one ip from the isp.



I guess I'm going to call them back again tomorrow and try to add another again.

They just gave me a huge hassle about this yesterday that I didn't need two IP's and that I could just run everything through the switch and then flood out and some other stuff..


----------



## reverze (Jun 24, 2009)

Zebeon said:


> if your modem is not doing NAT (network address translation) then each device will have to have a comcast "real" ip addy



Can I change that myself?


----------



## erocker (Jun 24, 2009)

Your router should be able to assign as many IP's as you have computers.


----------



## reverze (Jun 24, 2009)

But as I said.. I don't want this desktop running through the router.. I want it through the switch


----------



## Zebeon (Jun 24, 2009)

Can I ask why..... just curious I guess.....  
A router is usually a good thing..... LOL


----------



## mordant80 (Jun 24, 2009)

Honestly man...  I would just make everything go through the router.  The way you're wanting to do it,  it would be a major headache if you wanted to share anything on the network between the wired pc and the wireless clients.  

If you were to enable NAT on the modem (if it's capable) then that would defeat what you're trying to do...  you would have just turned the modem into a router.


----------



## reverze (Jun 24, 2009)

Zebeon said:


> Can I ask why..... just curious I guess.....
> A router is usually a good thing..... LOL



I just find it a huge pain in the ass for my desktop.. Having to constantly go in and unblock stuff like servers not showing up in games and all of that. Highly dislike it.


----------



## mordant80 (Jun 24, 2009)

reverze said:


> I just find it a huge pain in the ass for my desktop.. Having to constantly go in and unblock stuff like servers not showing up in games and all of that. Highly dislike it.



ah, in that case, just run everything through the router.. set up the wired pc with a static ip address and set it up for DMZ in the router.. all incoming traffic will go to the wired pc.


----------



## Easy Rhino (Jun 24, 2009)

in 2003 i bought a second IP from comcast for $4.99. when i moved in 2005 i called them up and they told me they stopped doing that :shadedshu


----------



## reverze (Jun 24, 2009)

mordant80 said:


> Honestly man...  I would just make everything go through the router.  The way you're wanting to do it,  it would be a major headache if you wanted to share anything on the network between the wired pc and the wireless clients.
> 
> If you were to enable NAT on the modem (if it's capable) then that would defeat what you're trying to do...  you would have just turned the modem into a router.



Not too wired about sharing on the network.. I have a 1TB external here I can just take care of it that way if needed.. Otherwise I just use RealVNC on my HTPC to download directly and take care of what I need..

Maybe I should call back and try for the 2nd IP address..


----------



## ZenZimZaliben (Jun 24, 2009)

yeah, why even use a switch?

place the pc you want in the DMZ with a static IP, and everything behind the router using dynamic.


----------



## reverze (Jun 24, 2009)

Easy Rhino said:


> in 2003 i bought a second IP from comcast for $4.99. when i moved in 2005 i called them up and they told me they stopped doing that :shadedshu



Serious?..

I had mine to literally like 6 months ago.. And I came home from college and someone had shut it off I suppose..

Maybe if you bug them enough..


----------



## reverze (Jun 24, 2009)

ZenZimZaliben said:


> yeah, why even use a switch?
> 
> place the pc you want in the DMZ, and everything behind the router.



Explain a little more please


----------



## Zebeon (Jun 24, 2009)

DMZ is a demiliterized zone..... it does not filter ports or anything.... it is like being in front of the router in a way..


----------



## Easy Rhino (Jun 24, 2009)

reverze said:


> Serious?..
> 
> I had mine to literally like 6 months ago.. And I came home from college and someone had shut it off I suppose..
> 
> Maybe if you bug them enough..



i really dont think you can buy a second IP unless you have a business account through them.


----------



## Easy Rhino (Jun 24, 2009)

putting your desktop you use everyday in the DMZ is playing with fire. you are better off learning all about your router and port forwarding.


----------



## reverze (Jun 24, 2009)

Zebeon said:


> DMZ is a demiliterized zone..... it does not filter ports or anything.... it is like being in front of the router in a way..



So I can set that on the router settings myself.. And set it by like IP address to do that?



Easy Rhino said:


> i really dont think you can buy a second IP unless you have a business account through them.



Total BS.. :shadedshu


----------



## mordant80 (Jun 24, 2009)

Zebeon said:


> DMZ is a demiliterized zone..... it does not filter ports or anything.... it is like being in front of the router in a way..



Right..  or you can look at it like it's forwarding ALL ports to the ip you specify instead of going in to port forwarding and forwarding individual ports.  (which sounds like the part you despise)  But you will only need to set it up the one time.


----------



## ZenZimZaliben (Jun 24, 2009)

Take switch, throw in closet.
Plug PC directly into router, most have at least 4 ports.
Log into router
Go into advanced settings, usually, assign the IP you want in the DMZ a static ip within the IP range.
Reboot router
Go into network settings on PC and assign that same IP address as a static IP.
Now that pc is in the DMZ.
Everything else will be on dynamic assigned IP's.


----------



## reverze (Jun 24, 2009)

mordant80 said:


> Right..  or you can look at it like it's forwarding ALL ports to the ip you specify instead of going in to port forwarding and forwarding individual ports.  (which sounds like the part you despise)  But you will only need to set it up the one time.



Sounds like an easier method to me. Hmm..


----------



## mordant80 (Jun 24, 2009)

Easy Rhino said:


> putting your desktop you use everyday in the DMZ is playing with fire. you are better off learning all about your router and port forwarding.



True, but it's no worse than the original thought of the PC having an actual ip address from the isp..  

He will want a firewall running on the pc for sure.


----------



## Zebeon (Jun 24, 2009)

ZenZimZaliben said:


> Take switch, throw in closet.
> Plug PC directly into router, most have at least 4 ports.
> Log into router
> Go into advanced settings, usually, assign the IP you want in the DMZ a static ip within the IP range.
> ...



Exactly.... but be aware.... you are open to the internet that way.. and could get hacked and all kinds of bad stuff.... don't keep any important on it be CAREFUL.


----------



## ZenZimZaliben (Jun 24, 2009)

Yeah, ok if you work for the NSA, NASA or hold massive trade secrets, then yeah, learn port forwarding. Other wise, who cares, especially if you power your pc off nightly.

Also, use an extra step. Use MAC Address filtering.


----------



## reverze (Jun 24, 2009)

Thanks ZenZimZaliben.


----------



## Easy Rhino (Jun 24, 2009)

i dont want to turn this into a flame war over PC security but if your desktop is open the the whole world someone will find it and attempt to hack it. it is that simple. your windows firewall wont do crap against any real attempt to hijack your box. before you know it they have all of your personal information and are running a botnet to hijack other computers. or even your computer could become a zombie attacking things like the NSA. and you dont want the NSA to trace your PC back to you when you more than likely have illegal things on it.


----------



## reverze (Jun 24, 2009)

I want to test something..

Does anyone have the Call of Duty 4 or 5 ports that need to be opened?


----------



## Zebeon (Jun 24, 2009)

Easy Rhino said:


> i dont want to turn this into a flame war over PC security but if your desktop is open the the whole world someone will find it and attempt to hack it. it is that simple. your windows firewall wont do crap against any real attempt to hijack your box. before you know it they have all of your personal information and are running a botnet to hijack other computers. or even your computer could become a zombie attacking things like the NSA. and you dont want the NSA to trace your PC back to you when you more than likely have illegal things on it.



Agreed-


----------



## ZenZimZaliben (Jun 24, 2009)

Easy Rhino said:


> i dont want to turn this into a flame war over PC security but if your desktop is open the the whole world someone will find it and attempt to hack it. it is that simple. your windows firewall wont do crap against any real attempt to hijack your box. before you know it they have all of your personal information and are running a botnet to hijack other computers. or even your computer could become a zombie attacking things like the NSA. and you dont want the NSA to trace your PC back to you when you more than likely have illegal things on it.



Sure it could\might\may happen. Chances are miniscule, especially for a PC that is powered off after use. I could be stuck by lightning. A meteor could hit me in the head. 

All security is a deterrent. IF someone wants in, they will get in. Regardless. People looking to run botnets/zombies are looking for PCs that are on all the time.

Not saying you will or wont get hacked, but the chances are very low.

One thing I want to say though. I use the DMZ a lot. I do not use the machine in the DMZ for anything other then games. No torrents, no warez, no Pron, nothing on the HD except the OS and the games I am playing\hosting. It's easy enough to toggle the DMZ active/inactive.


----------



## Easy Rhino (Jun 24, 2009)

ZenZimZaliben said:


> Sure it could\might\may happen. Chances are miniscule, especially for a PC that is powered off after use. I could be stuck by lightning. A meteor could hit me in the head.
> 
> All security is a deterrent. IF someone wants in, they will get in. Regardless. People looking to run botnets/zombies are looking for PCs that are on all the time.
> 
> Not saying you will or wont get hacked, but the chances are very low.



chances are not as low as you may think. criminals take the path of least resistance. if you dont use a router/firewall then you are making it MUCH easier for some script kiddie to get onto your system. that means he attacks your open box rather than my secure box. 



> One thing I want to say though. I use the DMZ a lot. I do not use the machine in the DMZ for anything other then games. No torrents, no warez, no Pron, nothing on the HD except the OS and the games I am playing\hosting. It's easy enough to toggle the DMZ active/inactive.



well that is one of the smart ways to use DMZ. it is highly controlled. reverze tho wants to put the desktop he uses for everything on dmz!


----------



## reverze (Jun 25, 2009)

So you guys use a router and just unblock the ports then?


----------



## CAPITAL LETTERS (Jun 25, 2009)

mordant80 said:


> Right..  or you can look at it like it's forwarding ALL ports to the ip you specify instead of going in to port forwarding and forwarding individual ports.  (which sounds like the part you despise)  But you will only need to set it up the one time.



forwarding all ports to the host PC is basically exactly the same as a DMZ really.

both ways, you are letting in every incoming connection


----------



## ZenZimZaliben (Jun 25, 2009)

No, that is not true. Sure if you foward EVERY port but there are 65535 ports. You only open the ones you need for gaming. The ports you need to worry about are much lower..


----------



## zithe (Jun 25, 2009)

If you connect in this order Modem > Router > Switch, the switch will be able to assign IP addresses.


----------



## Mussels (Jun 25, 2009)

routers with NAT are a heavy security device. Traffic can only come in through an open port - that means if you havent got port forwards, it requires an outbound connection before traffic is allowed back in (this is why people without forwards can join games online, but cannot host them)

Virus/worm attacks are the same way - if you have a router and you havent got DMZ, many worms and viruses will simply be unable to get into your network.


----------



## reverze (Jun 26, 2009)

zithe said:


> If you connect in this order Modem > Router > Switch, the switch will be able to assign IP addresses.



Yeah.. maybe this way would be worth a shot?


----------



## Mussels (Jun 26, 2009)

switches dont assign IP addresses.


----------



## reverze (Jun 26, 2009)

How about a good tutorial on opening up ports?

I found this site

and tryed it out.. but it seemed it didn't work when the COD5 server list still wasn't populated but a few servers showing up..


----------



## mrhuggles (Jun 26, 2009)

wish i could give you a test drive of my router, its nothing like the routers your probably used to its fast and it never fails, i have not had to reboot it 1 single time ever, it runs an embedded linux OpenWRT, oh and also it has a nice web interface X-Wrt i like to run whiterussian even tho its pretty dated, since the web interface is much better on it, or atleast it was last time i tried kamikaze


----------



## mordant80 (Jun 26, 2009)

Easy Rhino said:


> i dont want to turn this into a flame war over PC security but if your desktop is open the the whole world someone will find it and attempt to hack it. it is that simple. your windows firewall wont do crap against any real attempt to hijack your box. before you know it they have all of your personal information and are running a botnet to hijack other computers. or even your computer could become a zombie attacking things like the NSA. and you dont want the NSA to trace your PC back to you when you more than likely have illegal things on it.



I just don't understand the major aversion to the windows firewall...  sure it won't block outbound.  But is DOES block inbound connections, and it does it just fine.  It absolutely WILL do crap against a real attempt to hijack your box.  The problem is if you have something nasty on your PC already.. it will be able to get out.  But hey, the routers NAT firewall won't block the outgoing stuff either.

To sum it up, the windows firewall will do it's job just fine.


----------



## mrhuggles (Jun 26, 2009)

the reason people dont like windows firewall is very simple
a router is gonna block EVERYTHING except what you spesificly forward ports to [incoming anyways]
windows firewall is going to block EVERYTHING except what programs want... thats teh thing tho, if a person connects to you on a port you dont have anything open on, it wont do anything anyways since nothing is listening, it is good enough to block vulnerable ports, windows firewall can do this, but does it by default? that depends on your configureation but for the vast majority of people, no it does not, like say netbios, it will leave netbios open to LAN connections but will automaticly close it off to WAN connections except broadband connections are almost always going to register in windows as a LAN connection, because of how they connect, that exact same issue is a problem in internet explorer too since it treats LAN differently than WAN so it wont block almost anything

but yeah, windows firewall is good enough so long as you configure it.


----------



## zithe (Jun 26, 2009)

Mussels said:


> switches dont assign IP addresses.



With a router it will work. I've done it at countless LAN parties lol. I dunno which one is assigning the addresses (Probably the router since it only works when it's connected to one) 
but it's always what I do at LAN parties. I have half the group on the router and the other half on the switch.


----------



## mrhuggles (Jun 26, 2009)

router on a LAN with the main box, main box getting IP from DHCP or PPPOE [main box will have 2 ips on the same interface] might as well just use ICS and put the main box infront and hook the router up to a second LAN port on the main box instead of with a switch since you would have to use ICS to share internet with the router anyways [it will be LAN to the main box NOT WAN to the modem!]


----------



## Mussels (Jun 26, 2009)

zithe said:


> With a router it will work. I've done it at countless LAN parties lol. I dunno which one is assigning the addresses (Probably the router since it only works when it's connected to one)
> but it's always what I do at LAN parties. I have half the group on the router and the other half on the switch.



its the router. switches merely pass through the traffic, they're a 'dumb' transparent device.


----------



## mrhuggles (Jun 27, 2009)

you should have everyone on a router, but a good one that can handle a lot of traffic and not have any issues, router should be the best part of your network for sure


----------



## Mussels (Jun 27, 2009)

mrhuggles said:


> you should have everyone on a router, but a good one that can handle a lot of traffic and not have any issues, router should be the best part of your network for sure



thats half right.
you should have everyone on the one device to prevent bottlenecking, but there is no reason for it to be on the router.


----------



## mrhuggles (Jun 27, 2009)

i think normally we put the switch inside the network from the router for that exact purpose


----------

