Originally Posted by Sven

That statement might need some explaining to some, so I'll give it a shot.

The Router/AP normally is assigned the IP that your ISP gives you. It is what is seen from the internet. The addresses on your side of the router cannot be easily sen from the internet. When one of your machines wants something from the internet, it passes the request to the router which passes it on. When the answer comes back, the router magically knows which machine to forward it on to within your network. If something unrequested comes from the network, the router has no way of knowing where to send it and therefore throws it on the floor. That is in effect a firewall.

Unfortunately there may be some things you want to accept from the internet and respond to. web cam conferencing for one, or AciveSyncing from the network, or you may want to run a web server (small personal, family sort of thing). In that case you would use port forwarding on the router. For a web server for instance, you would set port 80 (the standard HTTP port) to forward to the IP address of the machine you have your web server on. Then http requests coming from the internet (on port 80) would be forwarded to your web server machine. Various other things you wish to do, might require different ports, or groups of ports to be forwarded. This of course puts 'holes' in your firewall, but it is the price you pay for getting back features.

One other security option I'd recommend is forwarding port 80 to an unused IP address on your network. In IEs Address block, type in your ISP assigned IP. You will find your router configuration screen pops up. It will pop up when I type in your IP as well. Yes it needs a password (username is blank), but that is probably admin, unless you changed it. If you forward port 80 to thin air, I can't even get the login screen. This isn't good if you want to administer your router AP from the Internet of course, but in that case use a good password.