Bear with me here. Here’s an explanation which is going to have a lot of new information to learn, but I’ve attempted to avoid technobabble where possible. It’s a slight simplification, but it’s basically how things really work. Sorry it’s so long - I went a little nuts.
Think of a hub as a cable splitter for ethernet. When N computers are plugged into the hub, it’s as if they’re all plugged into the same cable. There’s no limit (that I know of) for how many computers you can plug into one network this way, but there are practical limits which are big enough that you’ll never have to worry about them. All the ports are equivalent, with the exception of the MDI-X/uplink ports, and they’re all logically hooked together. So plugging into port 2 is exactly the same as plugging into port 3, unless something’s broken.
Now, you can plug a computer into a hub, and you can plug another computer into a different port on the same hub, but you can’t just plug the computers directly together, unless you have a special ethernet cable with some of the wires crossed. This is called a “crossover” cable. For the same reason, you can’t plug a hub directly into another hub unless you use a crossover cable.
So in the old days if you had two 8-port hubs and you wanted to make a network with 12 computers on it, you got a crossover cable and used it to connect one hub to the other. Then you have 14 other ports to plug computers in, and it all acts like one big hub. You with me so far?
Crossover cables are a pain in the butt, since confusing one with a regular ethernet cable will cause you no end of headaches, so someone clever came up with the “uplink port”, which is an extra port that has the appropriate wires crossed so you can hook it to another hub without using a crossover cable (note that you only want the uplink port on one of the hubs, or you’ve reversed the wires twice, defeating the purpose). Nowadays it’s common for hubs to have a switch next to the last port which just toggles it between a regular port and an “uplink” port, so you can use it either way. MDI-X is just the technical name for an uplink port, with the X representing the crossed wires. You can get away with not paying attention to whether things need to be uplink or not by simply plugging it in and seeing if the port’s light turns on, and switching the uplink port if it doesn’t. No harm.
As an aside, an “ethernet switch” is the same thing as a hub, except that it’s a little bit smarter about where it sends the network traffic. With a regular hub, all network traffic is sent to all the ports, because the hub is just a repeater. A switch only sends the traffic to the ports it needs to go to, whenever possible, which cuts down on the noise so you can get better network performance.
So anyway, just plugging all that stuff together so the link lights light up is a good start, but it doesn’t get you actually networking in much of a useful way. You now need some kind of addressing scheme so these computers can talk to each other. Each computer needs an “IP address” (the IP is for Internet Protocol), and it has to be different from the other computers’ addresses. Your computer doesn’t know its address yet when you plug it into the network, and it will send out a message on the network basically saying, “hey, what should my address be?” On our hypothetical network consisting of a hub and two computers, there’s no answer, since the other computer doesn’t know either. After a while (90 seconds on windows XP for example), the two computers (both of whom are desperately trying to get someone to tell them their address) will give up and just pick a random address, doing a little extra checking to make sure that the address they picked is not already being used by someone. At this point, you have a working network, and the computers can talk to each other. But not the internet.
They can’t talk to the internet because the internet requires everyone to have an assigned address and that they should all be arranged in an orderly fashion. Just randomly picking your own address won’t cut it, because routing data from one place to another would be complete chaos. So what happens when you plug your computer into your cable modem is that the computer sends out the “hey, what should my address be?” message, and a nearby computer (your ISP’s “DHCP server”) responds with a definite answer like, “your address shall be 123.45.67.89, so says I and I’m the boss.” This is known as DHCP, which stands for Dynamic Host Configuration Protocol, in case you want to get all nerdy about it.
So. It is conceivable that you can plug your cable modem into your hub (may need the uplink port – depends on the cable modem), and then your N computers into the hub, and they all get DHCP love from the ISP’s server, and they’re all magically on the internet and things just work. Unfortunately, your ISP likes money, and because of this, they like you to pay extra to have extra computers connected. So their DHCP server may be configured such that it will only give one single address to you, which means only one of your computers will work. The other one will get no response from the server and will do it’s “pick a random IP address” trick (which is known as “AutoIP”, and is recognizable by having an IP address which starts with 169.254 – you can check your IP address by going to a command prompt and typing “ipconfig”), which means it cannot talk to the internet, and to top it off, it can’t really talk to your other computer either, since your other computer is using your ISP’s addressing scheme. Big sigh.
So what you do in this situation is you go buy a router. This will be called a “cable/dsl gateway” or a “residential gateway” or a “cable/dsl router” or a “firewall/router” or some combination of words that all mean the same thing for most purposes. Should run you 50 bucks or so, and many will have a built-in hub so you can even ditch the whole do-I-need-an-uplink-port conundrum and have one less AC adapter to plug into your power strip. Here’s what the router does. It’s got an “internet” port, and one or more “LAN” ports. When you plug the “internet” port into your cable modem, it pretends its a computer and asks the ISP “hey, what’s my address, yo?” The ISP gives the router your IP address, and now the router is set up to talk internet. Then, you go and plug your computers into the “LAN” ports on the router (or into the hub you’ve daisy-chained off of it using uplink ports and/or crossover cables), and they say “hey, what’s my address?” Now, this request never makes it to your ISP, because sitting between you and them is the router. The router takes the place of your ISP’s DHCP server from your computer’s point of view, and it starts passing out IP addresses like they’re going out of style. Plenty of addresses to go around, because your router does a clever thing called Network Address Translation, which we won’t get into. Suffice it to say that works.
Now, since you asked about firewalls, I will also point out that the other benefit of a router is that a router which does Network Address Translation acts as a firewall as a side effect of the way it works. Without you doing some advanced configuration of that router, people on the internet cannot connect to your computer unless you initiate it. Without some kind of firewall, you’re wide open, and to answer your question, no, a hub is no protection whatsoever. A router is a very good protective measure for this reason.
So to make a long story even longer, my recommendation is: get a router. I like a nice linksys or netgear. You can pick one with or without a built in hub, with or without a built in wireless access point, and with or without advanced features like internet content filtering for your kids. They can probably be as cheap as $30 or into the hundreds. If I was looking for a regular one without wireless, I’d probably aim at about $50. Once you get the router, plug the cable modem into the “Internet” (or “WAN”) port on the router, then plug your computer into the LAN port, then reboot the computer. Odds are pretty good that’s all you have to do. If not, come on back and we’ll try to help.
Oh, and to answer your question about the weird IN/OUT ports on that hub you’ve got, it’s probably some proprietary connector that let’s you attach a stack of N hubs together into one big hub without wasting 2*(N-1) ports on uplink cables. Mostly useless.
