Hey I’m trying to learn a bit more about how my router works and my IP address and all that fun networking stuff so I can be of some use to myself in the future!
I finally figured out the right password (had forgotten) to log into my router and I came across all the IP’s of people who use it. One of the first questions I have is the “client filtering” section of the router. It seems I can ban certain IP addresses from accessing certain ports (say 80 and 443 as I’m somewhat familiar with them). Doesn’t the address change though? So say for an experiment I want to ban myself from accessing 443 I add my IP address (or the one of my other computer so I can still use this one lol) the port range of 443-443 and select tcp? And then always. It seems using this I’ve successfully banned my laptop from accessing 443. I read/heard/thought though, that if I’m using a dynamic ip address (like most xp computers seem to be) that it changes every so often. (15 days? or after a restart?) Or something like that.
So how is the log effective? It’s not really effective if my IP changes after every start up.
Just a question. I’ve got more.
Well, I restarted my laptop and my ip address is still the same. So it doesn’t change after a restart. Does the router configure it then, whenever it feels like it? By the way, I’m talking about the one from my laptop itself, not the outside one. Clearly the outside one is different. 192.xxx for internal and 71.xxx for external. Oh the confusion. I need networking for dummies here.
DHCP (the bit that automatically assigns IP addresses) can be a curious and curly creature.
There are parameters that can affect how long an IP address is granted to a particular PC - this is known as the “lease” time. When the lease for machine A is up, if it is turned on at the time, it will request a renewal of the same address. If it isn’t on and another PC connects that doesn’t have a current lease, then the IP formerly assigned to machine A will be assigned to machine B (assuming this address is the lowest available address in the address pool). Machine A will get a different address next time it logs in.
If this is for your home LAN, I strongly recommend static IP addresses. This way you can at least determine the MAC address of the known network cards and add these to the MAC filter on the router. It also means you can definitively identify traffic by its IP address. This is not the case with DHCP’d addresses.
Most of these computers travel outside of my home network on a regular basis (or might if needed). If I give them all static IP’s will that affect how they connect to outside networks or ethernet connections?
Can’t I determine the Mac address just by looking at the list: For example, when I login I see this:
DHCP client list
The Dynamic Host Configuration Protocol (DHCP) client list displays the computers and other devices with an active DHCP lease on your network.
IP address Host name MAC address
192.168.2. dave-cb62gutgrx 00-09-5B-C6-
192.168.2. dave-4wgl82u27e 00-1F-3C-19-
192.168.2. dave_xp 00-A0-CC-75-
192.168.2. AMANDA 00-0E-35-A6-
192.168.2. dave-xum4aacury 00-90-4B-53-
Looking at this I can identify who is on my network. The IP addresses might change per computer but wouldn’t they always be the same numbers? Also, I know the MAC addresses right now. I can add those somehow (maybe). Am I missing something? Probably. I intend to read up on this, but talk about confusing! Can I adjust how long the lease takes to expire, or better yet. Set it to never, effectively giving myself a static ip?
I just edited the mac addresses and the ips, clearly, to give myself a false sense of security. Not even sure if it mattered.
Movable PCs - the static IP killer. Unless your NICs support alternate configurations, the only way around this is to stick to DHCP everywhere. Either that or manually change the config each time it changes location.
Also, I know the MAC addresses right now. I can add those somehow (maybe).
And you should add these known trusted MACs to your home routers MAC filter table (assuming it suppots MAC filtering.
Can I adjust how long the lease takes to expire, or better yet. Set it to never, effectively giving myself a static ip?
The DHCP server in some routers supports a perpetual lease. Others have a maximum lease time. Depends on what router you have.
All of you gurus will laugh at this. I accidentally locked all the laptops and PC’s in my house using wireless out of my own router! Doh!!! I had my sister with her paper, my father with his research, and my mother with her… whatever she’s doing all yelling at little old me. (:LGH) (:LGH)
You’re not kidding. I managed to plug me into the ethernet and fix it without having to reconfigure.
So if I’m getting this MAC filtering is a second defense to WPA encryption if you set the filter to only allow MAC numbers listed and deny everything else?
Well next question. One computer on my network seems to be listed twice. With two different MAC addresses and two different IP addresses. What did I miss? I thought a MAC address was unique to each computer.
iipconfig /all revealed that the first one is the real me. It’s the same IP and the same mac address listed in the command window as in the router interface. Where did this imposter me come from?
IDEA: When I locked myself out did I generate a new mac address and ip somehow? I had to plug myself into the ethernet to fix it. That might have generated a new ip (maybe) but did it also generate a new mac address? Or is that all just ■■■■ I made up??? lol
Why is it (I think it’s the one I’m on now) listed twice.
Indeed. That’s how I fixed it when I locked all the computers out of the router.
Would that give me a new mac address to? I thought it was computer specific? I connected to ethernet with the same computer I’m using to configure my router(and ■■■■■ up my router).
So a mac address is like a second line of defense if I’m reading this right? If someone made it through my wpa key they still couldn’t get in.
One more thing. Apparently, I locked myself out of the router using wireless on the laptop I’m on now. Other websites work so that’s not the problem. Using ethernet I can log into it. How? I didn’t change any settings and both the ethernet and wireless are in the mac address filters to allow onto the network. I broke something already… I don’t care. I reset the router, started from scratch, and fixed that problem.
Edit I also considered the ethernet to be something different. How/Why is it appearing in my router meant for wireless connections. Is it the way we have it set up? Phone line goes to the modem. Blue cable to router. Yellow cable from router to main computer. Green cable from router to wall. Then in my room I have another cable going from wall to my computer I use. Is that how it’s appearing?
I just took ethernet off my router allow list and I’m still accessing the internet. So either the allow list is set up wrong and it’s not working or it doesn’t actually matter, for ethernet at least.
Now I’m lost. I took myself of allowed macs for both ethernet and wireless and I can still browse the web, etc. I’m still connected. BUT with the wireless I still can’t access the management console.
What the heck is this mess??? I’m gonna give up for now. The internet is making me (:AGY)
