Ok, some very basic notions: For starters, can we assume that your house has 'wifi'? If the answer is 'yes', then somewhere you have a 'router', which is probably the kind with 4 hard-wired ethernet ports, as well as a 'wireless/wifi' side. So, that type of equipment-box allows you to have 1 to 4 hard-wired ethernet connections to a computer, as well as up to at least 16 wireless 'wifi' connected computers/devices.
To disable the secondary, non-password-protected XFINITY 'Home Hotspot' signal (which allows a neighbor to piggy-back on your wifi network):
(1) Go login to your account at: customer.comcast.com
(2) Click "Users & Preferences"
(3) Go to "Service Address"
(4) Click "Manage XFINITY WiFi
(5) And set the "Disable...hotspot" radio button.
As of 2021, there is a new charge from Comcast/XFinity for some "data charges" for Wifi/TV packages. i.e. They're now adding extra 'metered' data charges, based on how many Giga-bytes of TV "streamed-content" that you're watching or downloading each month.
I just heard about these new 'data charges', a few weeks ago. There's other new hardware stuff too, like add-on boxes to make a wifi "mesh network", to gain better wifi-signal coverage in all rooms. And there is a "speedtest" app that you can install on a mobile-phone or tablet, so you can measure the existing wifi-speeds in all your various rooms. (You should do tests and record the results BEFORE you make hardware changes/additions, etc.) to your wifi setup.
[ A good choice for a speedtest app, that is available in the "app play" stores" for Apple and Google, is offered by a vender named "Ookla" ]
I did all this a while ago, just before I traded in my 2.4 / 5.0 gig BLACK gateway/router model for their latest WHITE one (which I believe is compatible with and easier to configure for "mesh" boxes, (You can either use Comcast's gateway/router or buy after-market ones, rather than rent from Comcast.)
So, I tried all this testing, to solve some Chromecast-wifi connection-droppages, which I was experiencing ONLY on my living room TV. I now seem to have solved the droppages. I noticed that I got higher speeds and no more "packet losses", (which get displayed in Speedtest), when the wifi-signal straight-line path from the router to a given TV was perpendicular to the intervening walls, (rather than at a 45-degree angle, as it is to my living-room TV). Also note that our clothes-washer/dryer are on that same direct-path to the living-room TV.
Rather than pay money for 'mesh boxes", I've found a workaround. Rather than sit in the recliner (that's on a 45-degree line to the router), I'm placing my chromecast source (my laptop or my Android table) about 10 feet behind my recliner...over on the dining-room table. Anytime I need to pause/resume a chromecasted movie, I now have to get up and walk to the dining room. But, it's preferable, in my view, to spending money for mesh-boxes, as we don't use Chromecast more than once or twice a month.
Btw.. now that I'm writing this whole "white-paper" on TV-wifi-connectivity, I'll go ahead and mention one other thing I learned about. If you need to have "mesh" anyway, (e.g. on a two-story house), consider constructing what is called a "wifi-only" TV-connection setup to each room with a TV. Bottom-line, you will no longer need to use any ot the coax-cable wall connectors, to get TV-content to each TV, and thus no longer need to rent any X1- or whatever boxes from Comcast. And, rather than rely on any smart-TV built-ins, you can buy a "Roku" for each room with a TV. (And, the Roku(s) provide Chromecast-equivalent functionality to all TVs)
The basic idea/concept is to NOT use a wireless-router-GENERATED wifi-password for your configuration (because most humans could ever remember such a 'generated' password and they're often way TOO LONG)! Instead, decide on a simple password about 8 characters long, containing letters (and maybe a couple of digits), but one that is EASY for you to remember. If you're forgetful, write this password on notepaper, cut it out, and tape it to the physical unit. [e.g. wifi-password: 'whatever00' (Robert Parish's jersey # was 00)] Because, these days, many friends and acquaintenances will be coming into your house with their tablets, laptops or other mobile devices, and you want it to be fairly simple for you to give them your wifi-password, so that they can use your home wifi network while they're there!
Ok, go to one of those working computers, bring up a 'cmd-line' window, and type this cmd (but without the double-quotes around it):
It you get back multiple REPLYs, then yes, you have found the address for your home router. So, to communicate with it, i.e. 'manage' it, you will need to learn how to 'log-in' to its so-called local 'management-interface', where you'll be able to change it's wifi's SSID, wifi-password, and possibly some other stuff, if you ever need/want to. So to do that management, go now to a web-browser and type in that numeric IP-address that just worked for the 'ping' command, e.g.: "192.168.0.1" (again, tho, without the double-quotes).
When you get a response back from that, the browser conversation with your router will be now be displaying the vendor's name for your router, and probably it's model#, etc, and then will be asking for the so-called administrative 'username' and 'password'. Note that each and every vendor of home 'routers' has certain DEFAULT values for both of those. We'll assume you've walked around and found that physical router-box, so now you could do a Google-search and specify keyword phrase like "default account and password for Linksys (or whatever) router" and even include the model# of the Linksys router you have, or whatever. The idea here, is to possibly guess-our-way to logging into your local equipment, on the assumption the whoever installed it originally just left the DEFAULT admin username and password in place. (e.g. some such defaults are 'admin' for the username and 'admin' for the password, or some such similar variation.) Or, call your ISP (Internet Svc Provider)...their tech-support folks will know the admin access names.
But, if that doesn't work, another quick thing to try is to look on the physical bottom of your router, and see if the installer left you any 'info' there. e.g. the wifi-password and/or the admin name and admin password, etc.
Concept: It's ALL about those LIGHTS on the front panel!
I just suffered thru true (intermittent) loss-of-connectivity between a DSL-modem and
my ISP, and I re-remembered how to distinguish this issue, from the (more-common!) problems
of Windows itself being screwed up or something in the router being the log-jam. For a DSL-modem
(and similarly for a 'cable-modem'), the KEY thing to look at are the last of the lights that
represent the OUTGOING-side of the box containing the broadband modem. For
DSL, just look at the light labeled 'Internet'...if it's ON (steady), the problem is NOT with your
ISP! For a cable-modem, look at the light labeled 'Online'...if it's on, the problem is NOT
with your ISP! And, conversely, if those lights are NOT on, do NOT waste your time rebooting
or tinkering with your PC or router...the problem IS at your ISP, so call them!
Ok, if the problem was NOT with your ISP, then don't call them. (Sure, they get calls all
the time when the problem is not really THEIR problem, which is why they ask you all the other
seemingly goofy questions. But, who wants to talk to India if they don't have to?)
Instead, we now know that the problem is either in the OS (e.g. Windows) or in the user-side
of the router (which includes the wireless-subsystem, if the computer's connection is wireless,
rather than directly-wired with an ethernet-cable).
The quickest way determine which of those two is the cause, if you have ANOTHER separate computer
available, is to attach that separate computer, preferably using a direct ethernet wire/cable, into the
back of the home router, and see whether you NOW have a working connection.
(Hint: Do this WITHOUT shutting off either the router or modem box(es)...that's safe, and
makes trouble-shooting, without disturbing the problem, easier.)
Ok, if the problem was in the router, re-check any 'setup' info and also check whether your 'router-FIRMWARE' is up-to-date, by going to manufacturer's website and comparing the version# AVAILABLE for your EXACT model with the version# shown when you 'login' to the INSIDE of that box and examine the value shown. (To understand how to do THAT, read futher down, below the 'yellow' table in the advanced-case-study section of this webpage, where it discusses how to determine your 'gateway' IP-address and login to see inside.)
Lastly, if the problem was somewhere in your 'Windows' computer itself, my first GUESS would be 'spyware' or a 'virus'.
By default, your home-router is going to use whatever 'DNS' server that your ISP (e.g. Comcast, Verizon, who-ever) auto-configures. That would be ok, about 98% of the time. But, with this simple change so that you then have multiple DNS-servers you will improve the reliability of any/all computers in your household.
However, it caused me to realize that I've negected my home duties as "Home-networking Infrastructure Manager". The problem was because I no longer had the two 'OpenDNS' servers (208.67.222.222 and 208.67.220.220) defined (as I had in years past). I had gotten lazy or in-attentive.
One can verify what DNS-servers are in use, via the cmd-line cmd:
"ipconfig /all"
and one should then see those 2 servers before
of any DNS-server that might already be defined by your ISP.
I also recalled that, instead of (or in addition to) specifying this at the OS-level (in each bootable OS on each computer in my household), that a preferred approach is to go into the configuration of the household router and specify these DNS servers there! The theory is that whatever DNS-servers setup in that router-box for will get picked up by each OS.
I own a Linksys WRT54GL router. One big confusion I ran into on it, is that to configure static values for the two OpenDNS, the place to do that is under this router's "Basic Setup" section. There is also another section for DNS named "DDNS Service", but that section is for other newer 'dynamic' DNS setups, and not the 'static' method that I was seeking. (Sigh...live and learn.)
Let's assume TWO home computers exist, behind a standard 4-port wired/wireless router/firewall. Let's further assume that only ONE of the computers is going to play the role of 'server' (e.g. a desktop machine) and that it has a hard-wired ethernet port attached to one of the 4-ports on the router. The other computer is a client (non-server) and is a laptop. [The laptop would probably be wireless, but we won't go into much detail on that characteristic.] Lastly, note that we do NOT care what OS these two computers run...any of Windows, Linux, MAC OS X, or whatever is fine.
So, for starters, we of course need to install and configure the server-software. Typically, there are free open-source products available, such as Apache (for a web-server). Let's say we configured our Apache webserver to listen on (non-standard) port 8080. Once those are setup, you can first test them from the laptop (which is INSIDE the firewall with the server), so you'll probably have to address the webserver via http://192.168.0.99:8080/ (rather than http://WaterHawk.dyndns.org:8080/, because that usually will NOT work from INSIDE the router/firewall...that will probably ONLY work from OUTSIDE the router/firewall.)
Note that all the configuration changes needed inside the router/firewall are necessitated solely because we want to allow this first computer, i.e. the server, to be able to be communicated with from OTHER computers which are OUTSIDE the house. For example, maybe one of your friends, or you while you are at work elsewhere, want to connect INTO the household through the router/firewall and use the services of the server. The purpose of THIS whole writeup is mostly to explain what changes to make, and how and why to make them.
Your ISP (Internet Service Provider) doesn't really know or care how many computers are inside your home...it just assigns a SINGLE, EXTERNAL IP-addr, which your router/firewall box uses as its EXTERNAL IP-addr. When viewed from a computer INSIDE, the router/firewall has an INTERNAL IP-addr, which is a private value referred to as the 'gateway' IP-addr, and is typically 192.168.0.1. [It is a totally different EXTERNAL IP-addr that gets registered and associated with whatever your external IP-NAME is going to be. In my case, that IP-NAME is 'WaterHawk.DynDNS.org'. Like me, you can go to 'DynDNS.org' (their website) and register and get such a free domain-name assigned for your (home) use. In this case, the name (e.g. WaterHawk) does NOT even need to get formally registered, because it sits in front of their registered domain-name 'DynDNS.org', and thus your is a 'private' name, unique only within DynDNS.org's infrastructure.
Normally, all computers on the local(home) network get assigned their (private) IP-addr DYNAMICALLY by the router. However, some/most routers don't give out true 'leases' on the assigned value, and thus the values given to each computer when it comes online aren't constant, but rather vary based on order of arrival, which is not good. For the SERVER-machine, we need its assigned IP-addr to be guaranteed to be the SAME every time. So, we give it what is termed a 'static' IP-addr. Check the manual for your router for exact details. Most routers give out DYNAMIC IP-addrs starting at '100' in the 4th position (e.g. 192.168.0.100), so it's normally fine to use the numbers just BELOW that value for 'static' IP-addresses (e.g. 192.168.0.99). Usually, you can do that without even telling your router that you'll be doing that, since it won't be assigning those values dynamically. So, let's assume we've statically configured our server-machine's IP-addr to be: 192.168.0.99 (The laptop will dynamically get its assigned IP-addr, so it would probably get 192.168.0.101, based on the [default] setup inside your router, for what the first value it gives out.)
Like router/firewalls, each computer can ALSO have its own (internal, software) firewall. For our client (laptop) computer it is a GOOD (safe) idea to leave its internal firewall enabled. (Thus, we won't have to worry about remembering to re-enable its internal firewall when we take the laptop outside the house, thus losing the protection of our surrounding router/firewall!)
But, for our server-machine, rather than keep and then configure its internal firewall to match identically to the way we will configure the surrounding router/firewall, we instead just totally DISABLE the server's internal software firewall. This is safe to do (in my opinion). And, it dramatically simplifies our configuration work, as we specify our firewall-rules in just ONE place...inside the router/firewall.
By far, the most COMMON type of service (protocol-type) is a web-server (protocol-type 'http'). The STANDARD port# for 'http' is port# 80. Most Internet Service Providers purposely BLOCK 'http' requests for port 80, so to side-step that problem, we will use a so-called NON-STANDARD port# of, say, 8080. Thus, anyone who wants to use your webserver service will NOW need to explicitly specify the port# on the URL...so, normally, it would have been "http://WaterHawk.dyndns.org/" but now it will have to be "http://WaterHawk.dyndns.org:8080/" For all OTHER protocol-type services that you may wish to setup, you can use the DEFAULT port# assigned for that protocol type (since Internet Service Providers don't normally block any of the other default port requests).
For each type of service we want to define, we need to know the things
shown in first five columns.
Note: Port values for most conceivable services will be listed on any
Win-XP system, in
file:\[windows-dir]\system32\drivers\etc\services
[I show here ONLY those that I have played with.]
Name | Protocol | Begin port# | End port# | Server IP-Addr | [Comments] |
---|---|---|---|---|---|
http | TCP | 8080 | 8080 | 192.168.0.99 | (Normally, port=80) |
ftp | TCP | 20 | 21 | 192.168.0.99 | (Linux-server's pkg-name=proftpd, but there are others. Note: For FTP, we must enable TWO ports, hence start/end are different. ) |
ssh | TCP | 22 | 22 | 192.168.0.99 | (More-secure, but NOT shown in M$'s 'services' file. Linux-server's pkg-name='openssh-server') |
telnet | TCP | 23 | 23 | 192.168.0.99 | (Older, less-secure than 'ssh') |
rlogin/login | TCP | 513 | 513 | 192.168.0.99 | (Older, less-secure than 'ssh') |
cvs | TCP | 2401 | 2401 | 192.168.0.99 | (CVS is for 'source-code' control) |
MySQL | TCP | 3306 | 3306 | 192.168.0.99 | (A database-server. But, I've had trouble accessing it thru my firewall!?) |
vnc | TCP | 5900 | 5900 | 192.168.0.99 | (VNC/TightVNC is 'PC-Anywhere/GoToMyPC'-like. Port=5800 supports using the simpler client-browser UI, and port=5900 supports the standard viewer) |
For the 3 interactive-login-style protocols, 'ssh' is recommended over the lolder 'rlogin' and ', for security reasons. [To access any of these from the user's client-PC, there is a nice cross-platform program named 'PuTTY' that can speak any of these three protocols (the user-selects which protocol to use at connection-time). So, if you securely allow only 'ssh',as you probably should, make sure you inform your users that they MUST choose 'ssh' within 'PuTTY' when they connect.]
I happen to have SEPARATE front-end boxes. Since I use 'DSL', I have a one box, the DSL-modem, with builtin IP-addr: 192.168.1.1 and behind that, is a separate box, a Linksys router/firewall (with the BUILTIN/FACTORY Gateway IP-addr: 192.168.15.1, but I change this to the more standard: 192.168.0.1). This two-box-frontend exactly parallels the setup that cable-ISP users (e.g. Comcast) would have...i.e. they will have a cable-modem, whose builtin IP-addr is probably 192.168.100.1, and then have the separate router/firewall box, similar to my Linksys router/firewall. [These 'builtin' gateway IP-addrs CAN be over-ridden as needed, as I do, with the same setup technique that we will use to adjust the 'firewall-related' values.]
Thus, all the computers BEHIND the router/firewall have a gateway address of 192.168.0.1 and their 'broadcast' address is 192.168.0.255 and their 'mask' address is 255.255.255.0 (you may need these values to configure your server's static IP-address)
To summarize, for each firewall entry, we will (typically) need to place five values into each entry: (1)App-name(e.g. http)(2)Protocol:'TCP' or 'UDP'(normally, 'TCP')(3)Begin-port#(4)End-port#(5)IP-addr of server-to-redirect-to. These values will now be saying: When a request for any of these protocol-types comes in, on any of the defined port#s, don't block it as you normally would, but ALLOW IT, and just re-direct the request to the machine whose IP-addr is given.
To determine your router/firewall's 'gateway' address, go to a command-line window and enter the cmd 'ipconfig' (on Windows) or 'ifconfig' (root-login on Linux). Then, to actually 'login' to see inside your router/firewall (i.e. to either TROUBLESHOOT or to ADD/CHANGE values), you simply use your web-browser and specify a URL containing your router/firewall's 'gateway' address, which should look similar to http://192.168.0.1/ You should then see a logo from your router, and a login-screen, where you enter the (factory-default) values for 'user' and 'password'. Once you get inside, you can then find the place to enter the values from the table into the 'firewall' section. Don't forget to 'save' the configured values, so that, even after a powerfail, your router/firewall will come back up with these changed/entered values still intact. (Most all routers have a 'factory-defaults-RESET-switch' on the back, which, if you hold it pressed-in for at least 10 seconds, any/all values that YOU setup inside will now be gone, and the router returns to the 'factory-default' values.)
Here's some normally-found FACTORY-DEFAULT login-values for
router/firewall boxes:
Linksys: user=admin pwd=admin
D-Link: user=admin pwd=[blank]
Netgear: user=admin pwd=password
Microsoft: user=[blank] pwd=admin
but, if in doubt, RTFM.
One last thing...each manufacturer's products differ a bit as to what they call these "firewall" entries. For example, in my Linksys, they do NOT call them 'firewall' settings at all. Instead, they are listed under 'Applications', and refer to it as 'Port Range Forwarding'. Whatever...call it what you like.
Ok, that's it...go setup your router! (Consult its manual for help, if you get stuck.)