The hardware firewall I'll briefly review and explain here is the Linksys 10/100 4-port hub, or similar type. There are many different security devices, but most will not be seen on local home computers networks. The most popular devices for those happen to be the small 2-8 port hub/router/firewalls. My configuration is outside cable line running to a DSL modem, then to the hub/firewall, which branches out to take care of 2 Win32 boxes. I set it up to use the default for IP addresses, which is that the Linksys picks up the IP address from the cable ISP, and then gives out IP addresses to the internal computers. The type of IP addresses that it gives to them are for use only in internal networks, so you cannot connect directly to these computers from the outside...they firewall/hub must be the only thing that outsiders connect to. Here's a possible 2nd option for setting up a network...you are running through a firewall to a computer which has a permanent IP address, which is then connected to other computers on the inside. 3rd Option...outside line running to a computer acting as a firewall, which then goes to a hub (or another computer) for the rest of the network...but we'll discuss computer firewalls later. At any rate, any hub/router/firewall device should be the FIRST thing that the outside world connects to, otherwise you are just using it as a hub, not a firewall. See the example

ISP ---> modem ---> firewall ---> interior network

DHCP A hardware firewall/hub/router works very simply...it accepts connection from your ISP via the modem, then distributes it to your interior network. If you have the firewall set up to do DHCP (Dynamic Host Configuration Protocol), the computer automatically gives out IP addresses to your local computers. It starts with the first network card that requests an IP address, then it continues on down the line. The Linksys device works on MAC addresses (the permanent 'serial' number that network cards come with) so that once a card has connected to the firewall and requested an address, it gets that address each and every time. You CAN request get it to change the addresses, by running winipcfg.exe and clicking on the 'release all' button. If 2 or more computers do that, whichever one connects back to the firewall first will get the first IP address. One other thing to note about the Linksys (not sure about other ones), but that it distributes only addresses that have been reserved for interior networks...therefore if an outside hacker attempted to connect to your IP (interior) address, he would never get to it, because outside internet firewalls do not distribute packets to internal IP addresses.

One other thing to note is that if you already have an interior computer that is providing a DHCP service to the other computers on your network, you will have to disable DHCP on the firewall, and give the firewall the DHCP server's IP address. The other computers will use the DHCP server as a gateway to the firewall and the outside world. As well, the DHCP server needs to know the IP address of the firewall, to provide that connection.

If your local computer seems to not be getting an IP address, you can check your network settings in the control panel, and insure 'obtain IP address automatically' is checked. Also insure that the 'detect connection to network media' checkbox is checked. As well, with most devices, you do not have to run DNS or WINS to resolve computer names. However, if you have your interior computers networked together, you may have to do that depending on how you have your network set up...but we won't go into that here.

On your hardware device, you will need to also insure that the 'obtain IP address automatically' box is checked on the firewall, so it can grab the IP address served by your ISP (unless, of course, you have been given a permanent IP address from them). My personal configuration worked the first time with no problems, and I did not have to provide a router name or domain name to the firewall.

Now, if your local computers are in need of permanent IP addresses (due to your interior network configuration) you only need to put the IP addresses in your firewall (static routing) so that it knows who to distribute to.

Forwarding Two other things to talk about, then we're ready for computer firewalls. The first is forwarding. This is what you'll need to look at if you want to permanently open ports up for game playing. First off, you have to know what ports to open to allow the game to work over the internet. Many software companies provide those to you in your manual or a readme, if not, then contact their technical department to see what the ports are...or check out our final page (troubleshooting) and we list some of the common sims and their ports. Then, on your firewall, tell it the IP address of your local computer that needs the ports opened, and then the port number(s). That's it! Be aware, many games need a string of port opened to work, so you may have to open more than one. As well, it says in the Linksys manual that you cannot use DHCP with forwarding. This is incorrect, mine is set that way. However, be aware, if you release and then renew your local computer's IP address, you may have just changed who is getting the port forwarding.

DMZ The next thing is DMZ. DMZ usually stands for 'de-militarized zone', which in this case means that your computer is now not going to be blocked by the firewall. This is if A) you don't know the ports to open to get to the outside world with your computer, or B) for troubleshooting firewall problems. What this option does is basically tell the firewall to allow ALL traffic to your local computer, both in and out. It still passes the information through the firewall, so you do not have the same IP address that the firewall has...you are still talking THROUGH the firewall.

Last but not least...let me re-state my earlier comment...these small hardware firewall/router/hubs do NOT block interior traffic...so you may STILL want to run ZoneAlarm to insure that if you get a Trojan, it cannot make contact with the outside world.