Router

Coax

Ethernet is broadcasting, each device puts it signal on the cable.
In the beginning all devices where daisy chained with a coax cable.

Hub

This is Ethernet in a box. All devices are still broadcasting to all other devices but now they are individually connected with UTP cable to the hub (star topology).

Switch

An intelligent hub, it knows the address of the connected devices, if A talks to B on the same switch, they are connected directly instead of broadcasting their info to all devices connected to the switch. All traffic between devices not on the switch is broadcasted on the network.

Router

An intelligent switch. Most routers support more functionality than routing only.

Routing

A router is the man of the (internet) world. He knows where other routers are located. Routers see to it that all packages arrive at their destination using the most efficient route.

In a home network, the router most of all separates the LAN from WAN (internet) otherwise your entire local traffic would be broadcasted on the internet.

NAT (Network Address Translation)

You have one IP address on the internet but different devices with different IP addresses in your local network. NAT sees to it that any response from the internet is send to the device in the LAN who has asked for it.

DHCP (Dynamic Host Configuration Protocol)

Automates the assignment of IP addresses, subnet masks, default gateway, and other IP parameters. This saves you the problem of configuring it manually.

Fixed IP

Today a lot of audio gear (music servers, headless PCs, Squeezebox, Sonos) are remote controlled.
No, not by a IR remote (the ones you have to point) but a iPhone, iPad, smartphone, etc. in other words over the (W)LAN ( (wireless) home network ).

As you can understand, each device in a network most have a unique IP address pretty much like each telephone number must be unique.
This is in general done by the router using DHCP (Dynamic Host Configuration Protocol)
Next time you power up a device it in general gets the same address.
This is because the router memorizes it. But is does so for a limited time.
This period is called the lease. If this period is expired a new IP address is generated.

 

Most of the time you can refer to a device in the network by name.
But not all of the time. Often you are forced to use an IP number.

Al of a sudden your remote won't find your music server anymore.
This is because the lease has expired.
In this case a fixed IP address is very convenient.

If you use port forwarding (assessing a device in the LAN over internet), it is a must.

 

Most devices allow you to set a fixed IP address on the device it self.
If this device is off for a prolonged period, it might happen that DHCP assigns this IP address to another device. On power on, you have two devices with the same IP address in your network. As usual, it takes a whole weekend only to find out that an IP conflict is the cause of your network problems.

 

If you set the fixed IP on the router, DHCP knows this address is reserved for a specific device so it won't be assigned to any other device.
This is done by coupling the IP address to the MAC (Media Access Control ) address of the network card of the device. Each network card has a unique hardware address.
If a device has  wired and a wireless network connection, it will also have 2 different MAC's. DHCP will assign 2 different IP addresses to them.

 

Best practice is to use a fixed IP only when needed.
If needed set it on the router.
If you do have to set in on the device, use a number outside the range normally used by DHCP.

Firewall

Modern firewall's use SPI, stateful packet inspection.
If you browse to http://thewelltemperedcomputer.com/, you send a package to this address and the server sends back a package containing the opening page. The firewall accept this because the request has been generated from inside. If some hacker makes a spoof and send a package to you as if it was send  by http://thewelltemperedcomputer.com/ de firewall will drop this package because there is no matching request from inside the firewall.

It prevents you from unsolicited access over the internet.

It won't prevent you against malicious content of the package, that’s the job of anti virus software.

Switching

See switch

Port forwarding.

You want to listen to the music on your NAS over the internet.
The NAS is in your LAN therefore its IP address is a local one, unknown on the internet.
The music server on the NAS listens to request on a certain port.
The only way to reach your LAN is over the internet.
This request arrives at your router.
The router must map this incoming request from the internet to the local IP address of your NAS and to the port your music server on the NAS is listening to.

  1. Open a port on your router.
    In principle this can be any port number but in practice a lot of numbers are assigned to specific applications: http://www.iana.org/assignments/port-numbers.
    You can route any incoming request on My_Internet_IP:80 to your NAS, but you can't browse the internet anymore because 80 is reserved for HTTP.
    8060-8073 is unassigned, this is a free range you can use.
    Make sure you are not using a number already in use by another application.
    Observe that opening a port, drills a hole in your firewall.

  2. Tell the router to send any traffic on this port to your NAS.
    This means your NAS should have a fixed IP address.

  3. Tell the router which port on the NAS should be used.
    If you surf the internet, the response is displayed in your browser. If you receive an email, it is displayed in your email application. This is because each application listens to the network on a different port. The IP address is like the address of your house, the port is like the addressee.
    If the music server on the NAS listens at a certain port, say 9000, you have to tell your router to forward the incoming request to this port.

Conceptually it is as simple as mapping any incoming request on My_Internet_IP:8061 to NasLocalIP:9000.

Some providers do change your IP-address with regularly intervals (DHCP lease).
A Dynamic DNS service enables you to use the same hostname.

Port forwarding is drilling a hole in your firewall.
In principle this lowers the security of your LAN.

Protecting this connection with a username/password is an absolute minimum.