APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Web Site: http://www.bcstechnology.net/

A friend of my wife wanted to know what the router I provided her, but have not yet installed, actually does. What follows is my reply.

She asked:

just curious...what would this router do? what will this be different? Will I be able to use my computer in the family room and be connect to the internet? :-) I need router for dummy book lol - but I'll use you :-)

Well, I don't intend to publish a "routers for dummies" tome anytime soon, but I'll try to explain enough so it makes some sense to you.

In any computer network, "routing" is the process whereby data is transported from one location to another. The Internet is, in reality, nothing more than a whole bunch of smaller networks linked together. For example, my office network is one of those smaller (very small, in this case) networks. The linkage is created by attaching networks to each other by means of special purpose computer hardware designed to move data from one place to another. The general term for such hardware is "router."

Data flows on any network in chunks called packets. Think of a packet as an envelope, inside which has been placed a piece of paper with some data, E-mail for example. On the outside of the envelope are two addresses: one assigned to the machine sending the data (the source address) and the other assigned to the machine receiving the data (the destination address). These addresses are called IP addresses and are actually strange looking numbers (such as that are designed to be easily understood by computers. On any given network, like the one in my office, each machine (computer, printer, etc.) will have a unique IP address, making it possible for any one machine to send data to any other.

A router examines the destination IP address of each packet that passes through, and using information stored in internal data structures called routing tables, determines where to send the packet. The most basic routing would be between two computers on the same network, such as what often occurs in the average office. Once a network gets larger than a single location like an office, some routing is required. On a large network, like the Internet, the path from the source machine to the destination may be very circuitous, and the first router in the path might have to hand off the packet to a second router, which might have to send it to yet another router, and so on, in order to get to the destination machine. In some cases, getting a packet from source to destination may involve passing through as many as 20 to 30 routers. Each router in the data path is referred to as a hop, since the packet's progress through the Internet resembles that of a rabbit or kangaroo bounding across the ground.

As a packet passes from router to router, information is altered in the packet to indicate how many hops have been taken. Once the packet has reached the destination machine, that machine will use the source machine's IP address to send back an acknowledgment that says that the packet arrived safe and sound. On the other hand, if a router cannot pass the packet onward or the destination machine cannot receive the packet (because, for example, the machine is not running) or too many hops have occurred (usually the result of a routing screwup of some sort) an error will be reported to the source machine. Incidentally, any resemblance between packet routing and the way the postal service handles the U.S. mail was purely intentional.

As complicated as this may all sound, it happens pretty fast. In most cases, a packet can make it from one end of the USA to the other in a fraction of a second. Even packets from international sources arrive in a matter of a few seconds on average.

With routing basics out of the way, let's talk about your specific situation. With your PC directly connected to the Internet as it is now, it has been assigned by your Internet service provider (ISP) a public, routable, and globally-unique IP address. Public means that the IP address is generally known on the Internet, just as your home phone number is generally known if it is published in a phone book. Routable means that you can send packets to anywhere in the world, and that any machine in the world can send packets to you. Globally unique means what it says: only your PC of all the computers attached to the Internet will have that particular IP address. My UNIX server's IP address,, is globally-unique and any machine in the world can contact it.

The problem with such an arrangement should be fairly obvious at this point: if any machine in the world can contact your PC via its globally-unique IP address then your PC can be infiltrated by virtually anyone anywhere in the world, potentially without you even knowing it. The design of Windows, unfortunately, makes infiltration relatively easy. Such infiltration often involves the surreptitious installation of spybots and adware, programs that can monitor what you are doing (e.g., what you are typing) or read your files. As a general rule, such software is designed to relay information back to the remote computer from which the spybot or adware was delivered.


Even worse, this type of infiltration can turn your PC into a robot and make it do things that can annoy the daylights out of other unsuspecting users. The most common type of this action is to turn your PC into an E-mail zombie, spewing out spam as fast as it can get data onto the Internet. My mail server stops this sort of stuff every day, and new sources keep turning up every day.

Infiltration can be hindered by using a router between your PC and the Internet. As I explained above, a router's function is to transmit packets from one place to another, using the destination IP address to determine where each packet should go. A router of the type you have performs this function but does so with a twist. The public IP address assigned by the ISP is given to your router, not to your PC. Your router will assign a private, non-routable IP address to your PC. This makes your PC invisible to the Internet, thus preventing other machines on the Internet from directly communicating with it. This happens because when your PC sends a packet out to the Internet, your router removes the packet's source IP address (that is, the IP address assigned to your PC), substitutes the router's public IP address and internally stores information about the changes that were made. When a reply comes back from the machine that you contacted, the process will be reversed. Since your PC's IP address is non-routable and is not actually the source IP address in the packet when it arrives at the remote machine, that machine cannot "talk" directly to your PC. Put another way, it's like looking through a one-way piece of glass: your PC can see the Internet but the Internet cannot see your PC.

In addition to this "firewall" service that the router provides, it will possible for you to connect several computers together into a small network, through which you can move files, share a printer, and share the Internet connection. The router would assign a private IP address to each machine to keep everything working smoothly.

It is important to understand that the protection provided by the router doesn't prevent malicious E-mail attachments or files from causing trouble. Nor will it protect your from lapses in common sense. The usual precautions about not opening mail attachments from strangers still apply. Also, you need to be cautious about Microsoft Office documents, which can harbor viruses that can be potentially fatal to your system.

Hope this explanation helps.

Got something to add? Send me email.


Increase ad revenue 50-250% with Ezoic

More Articles by © BigDumbDinosaur

Mon Sep 19 13:53:32 2005: 1096   infinity

The information on routers with the tail piece covering firewall was really good.

Wed Sep 21 17:58:05 2005: 1106   KimPetersen

Well enough for "lies-to-children"(*) style education.

But there is one inaccuracy - the ISP may actually assign you a private IP address and NAT it all through their own routers/firewalls - not really used that much with ISP's - but quite often used in larger corporate networks.

(*) See: The Science of Discworld (link)

Thu Sep 22 15:06:52 2005: 1111   BigDumbDinosaur

But there is one inaccuracy - the ISP may actually assign you a private IP address and NAT it all through their own routers/firewalls - not really used that much with ISP's - but quite often used in larger corporate networks.

No inaccurracy. The individual to whom I address the above is a non-technical user who is tied to SBC ADSL, which assigns a public IP address. Her situation is exactly as I described. I was trying to achieve a balance between a reasonably concise answer and TMI. To bring up the matter of NAT would have resulted in TMI.

As for an ISP assigning a non-routable address and using NAT as one might on a corporate network, none of the ISP's I've ever dealt with do that.

Sun Sep 25 01:23:43 2005: 1121   KimPetersen

Just to elaborate - a lie-to-children is a not quite correct explanation, that will educate the person, without actually telling the truth - just enough so that it may be possible for that person to get to a state, where the real truth may be comprehended. So it wasn't really critique... I actually liked the way you told it.

I don't know how US ISP's do things - but here we have had at least one major ISP doing exactly that.

Tue Oct 13 23:37:37 2009: 7228   FrereD

Thank you very much for your detailled explanation of the way router functions. Good job. I enjoyed it. May the Lord help you to continue doing such marvellous work. Thanks.
Wilson D.

Wed Oct 14 01:41:16 2009: 7229   TonyLawrence

I don't know why you have to bring your religion into it, but I'm happy you found help and I'm sure BDD is also.

Thu Oct 15 00:36:03 2009: 7233   BigDumbDinosaur

Praise the Lord (or Allah) and pass the packets! <Grin>

Kerio Samepage

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

In fact, my main conclusion after spending ten years of my life working on the TEX project is that software is hard. It’s harder than anything else I’ve ever had to do. (Donald Knuth)

This post tagged: