|
BASIC
NETWORK SHARING
 1.
The non-shared connection
2.
How to add a firewall
3.
DSL Modem in Bridge config, ISP provides multiple IPs
4.
Combination Modem/Router/Hub
5.
PPPoE Sharing via a simple hub
6.
Sharing via NAT software
7.
A note about Internal and USB Modems
8.
Sharing via a Switch/Router/NAT box
9.
Sharing via a NAT capable modem
10.
A Residential Gateway
11.
Intel Video Phone / NetMeeting 3 / Sygate - a real example
We encourage you to search some of the setups described by users of
DSLreports. The search box below comes from the Share
Tool page: search on ISP name and/or equipment name and/or operating system.
You'll find some real-life examples of these and far more complex and
interesting setups.. plus you can contact the owner to ask questions or compare
notes.
1. The non-shared connection
| Advantage |
Disadvantage |
| Simple to
setup |
Software
security required |
| supported by
every ISP |
Connection is
not shared |
A single external DSL modem, and a single computer. The DSL modem is setup such
that is bridges your PC to your Internet Provider. Your PC has a public
IP address, and you must run some kind of software firewall to
increase security.
You must use CAT5 cable (patch cable) from modem to NIC. CAT5 cable has RJ-45
connectors on both ends.
2. How to add a firewall
| Advantage |
Disadvantage |
| Easy to setup |
Connection is
not shared |
| Full Security |
Dedicated
firewalls are expensive |
Wherever you have an ethernet to ethernet connection, you may insert a
firewall device. These are normally configured using your web browser, or
via telnet. A hardware firewall provides excellent security since it is
unaffected by any reconfigurations you may do on your PC.
Normally, a firewall will allocate a private IP address to your PC.
If you intend to allow outside connections in, your firewall must be configured
correctly.
Use the WAN port, if available, on firewall. Check manuals for firewall to check
whether CAT5 or cross-over cable is required.
3. DSL Modem in Bridge config, ISP provides
multiple IPs
| Advantage |
Disadvantage |
| Full access
to Internet |
extra IPs
cost money |
| Easy to setup |
software
security required |
ISPs generally offer additional public IP addresses at an extra charge. Whether
you are opted to use IP, DHCP, or PPPoE, you can take advantage of this to setup
more than one PC by use of an inexpensive hub
Please note that the connection from the modem to the hub requires either a cross-over
cable, or the hub must identify one port as being an uplink if you wish
to use a regular ethernet patch cable.
4. Combination Modem/Router/Hub
| Advantage |
Disadvantage |
| One box
solution |
Expensive |
| |
Hub is
usually only 10mbit |
Products from Netopia or Flowpoint act as a combined DSL modem, hub and firewall
all in one. This is an ideal solution, with the following caveats: the unit may
only offer a 10mbit hub (somewhat slow for even home use now), and is usually
expensive (several hundred dollars) when compared to the "free" more
basic DSL modems provided with other residential products.
Often this is recommended for a small office solution, however the included hub should
not be relied on for inter-office traffic, instead, a dedicated 10/100
switch should be provided, and the all-in-one unit is connected to this switch,
to just gateway internet traffic.
All cables are CAT5.
5. PPPoE Sharing via a simple hub
| Advantage |
Disadvantage |
| Simple to
setup |
ISP may not
support this |
Your PPPoE software talks to your ISP to allocate you an IP address for your
login name and password. Many ISPs do not yet limit the number of times this can
be done, allowing you to login on more than one PC, and thus get internet
access on all with no extra configuration.
6. Sharing via NAT software
| Advantage |
Disadvantage |
| Unlimited
sharing |
Breaks some
applications |
| Basic
security |
Gateway PC is
not protected |
| |
Two NICs
required |
This diagram is split on the left to indicate clearly that a hub is not
absolutely required when using Windows ICS or similar NAT software -- you can
easily connect a 2nd PC to the first "daisy chain like" (you must use
CAT-5 cross-over cable for this, and a second network card), and the hub
is then not required. A hub is required to hang off more than one PC from the
gateway machine.
The gateway PC: Windows 98SE and future versions of windows come with ICS, which
allows easy sharing of your single connection to other PCs on a local network.
Unfortunately, the gateway PC is somewhat exposed, and may require a
software firewall. It also be always on to provide access to the other
PCs. Interaction between Windows ICS (or similar NAT software such as Sygate),
and any software firewalls, may also be unpredictable.
7. A note about Internal and USB Modems
| Advantage |
Disadvantage |
| cheap |
Loss of
flexibility |
| NIC only
needed for sharing |
Possible
performance problems |
A PCI (or even USB) modem is essentially internal to one PC. This has the
advantage that it is a one-card or one-box upgrade to DSL for a PC that was
previously used for dial-up.. the disadvantage is a loss of flexibility since
your PC must now act as a master or gateway to anything else in
your home network. You also cannot place any hardware firewall, or residential
gateway device beyond your PC. PCI or USB modems are rarely supported well
outside mainstream versions of windows.
In any of these diagrams showing an external modem, you may substitute that with
the combination of equipment shown above: the PC with internal/USB modem, and
NIC..
8. Sharing via a Switch/Router/NAT box
| Advantage |
Disadvantage |
| Works with
many providers |
Ext. DSL
modem reqd |
| Economical |
Buggy
Firmware |
| Secure |
|
This category of home network equipment is very popular, combining a 100mbit
switch, NAT capability, PPPoE (avoiding any requirement to install PPPoE drivers
on PCs), perhaps also a print server, and configurable over the web. These boxes
are getting towards the $100 point, and solve a lot of problems in one unit.
Unfortunately, the difficulty of providing all these features in one unit means
subtle bugs in firmware can provide frustrations for some customers. In addition,
they lack the full features of firewalls or more mature router products so
configuration to allow video conferencing and some multiplayer games, can become
difficult or even impossible.
Some of these units also provide the ability to nominate one port as
"open" to the net, usually known as the DMZ port (de-militarized zone).
This port can be used as a last-ditch effort to get some NAT unfriendly software
working.
9. Sharing via a NAT capable modem
| Advantage |
Disadvantage |
| Easy to setup |
|
| Flexible |
|
Many DSL modems are capable of operating in more than just bridge mode..
they can be configured to support multiple private IPs via NAT, which both adds
flexibility and also some degree of security.
Please not that the connection from the modem to the hub requires either a
cross-over cable to the port, or the hub must identify one port as being an
uplink port if you wish to use regular ethernet patch cable.
10. A Residential Gateway
| Advantage |
Disadvantage |
| Total solution? |
Expense |
| |
Unproven
product category |
A residential gateway, is really just the combination of all of the
previously discussed functions rolled into one, with more bundled in as well.
They might support a local wireless net for laptops or wireless card equipped
PCs, they may also handle voice over DSL in a seamless way. A residential
gateway would also have a packet inspecting firewall, and in future might be
able to handle video streams as well. The ultimate residential gateway is the
ship computer on Star Trek: "computer, call the klingons, and tell them we're
going to be late for that meeting".
(thanks to hfb1217 for corrections).
11. Intel Video Phone / NetMeeting 3 / Sygate -
a real example
This was kindly written up by John C. Smith
johnzonie(at)earthlink.net
OK, so I now have high-speed Internet access, courtesy of Sprint Broadband. Now
on to sharing! My small network consists of my Micron Desktop names Max, an IBM
Thinkpad, 770, for my wife and a spare Thinkpad, 365. We share printing via an
Axis 1440 thin client connected to an Epson 870. All are connected to an Intel
8-port hub. All PC's run Win98SE and are configured for TCP/IP and Netbeui
protocols. Max has a second HDD for all laptops to back-up to.
My wife has little patience for my continuing experimentation with PC
software and the attendant rebooting so I thought the best thing to do was get a
hardware router. My first try was the Linksys BEFSR41, a 4-port router. After
running up the learning curve, I got it working satisfactorily. Of course I
suffered a loss in download speed, from 4.4 Mbps to 2.6 Mbps but I figured that
the independence of connection was worth it. We both had independent connections,
I could reboot until the cows came home and my wife's connection was always
there. We use ICQ for round-robin family chats and it was shaky with Linky, so
we just used one PC connection at a time.
Then came the "troubles". I picked up an Intel Video Phone, with
the long-term goal of keeping tabs on my granddaughter on the east coast.
Shouldn't be too tough, say I. After installing the video phone software on Max,
no go. Would get a video connection but no audio connection with my neighbor,
who was also on Sprint Broadband. All worked fine if the router was out of the
picture and Max was directly connected to the Sprint broadband modem. First
thing tried was to put Max on the DMZ. I experimented with DHCP, manually set IP's,
and upgraded firmware to 1.33.1 and a host of other settings without success.
After a while, I found out that there is some belief that the Linky doesn't
handle UDP transparency through the DMZ. This is consistent with no audio
channel, as it is sent on a UDP port. This was particularly frustrating, since
the Linksys manual recommended using the DMZ port for applications such as
"gaming and video conferencing".
This now became a quest! I read everything I could about video conferencing.
I learned that the protocol is called H.323 and it is *very* demanding on
routers and almost impossible to get through a NAT (Network Address Translation)
router. It turns out that it is a streaming protocol and any packet filtering
can cause problems. It was obvious that Linky was not up to the task. The search
for an economical alternative was on!
There were a lot of favorable comments about the Netgear RT314 so I asked
Netgear technical support if the RT314 supported video conferencing and was
assured it did. When I received the RT314, I installed it with high hopes. The
Download speeds were a bit better than Linky, up to 3 Mbps. Still below the raw
4.4 Mbps but pretty good. Unfortunately video conferencing was still no go.
Email conversations with Netgear technical support were next to useless. There
seemed to be little understanding of video conferencing requirements. After
trying the RT314 equivalent of DMZ, setting Max's IP address as the default IP
in menu 15, there was still no success. Everything else seemed to work well,
browsing, email, etc. Also, unlike Linky, both Max and 770 could simultaneously
access and file transfer via ICQ2000a. There seemed to be better application
tunneling in the RT314. So, aside from the video conferencing and lack of
responsive technical support, the RT314 was pretty good. But still no video
conferencing. Since the RT314 has a lot of filtering options, I suspected this
might have been the problem.
As a last resort, I decided to try Sygate, a software Internet connection
sharing solution (www.sybergen.com). It is like Windows 98 SE Internet
Connection Sharing on steroids. It looked like it had a lot of capability and
the fact that there was a 30-day trial encouraged me to give it a try. I removed
the router, went back to my pokey 10bastT hub and added a second NIC to Max, who
was about to take on Sygate server duties.
Probably the trickiest part of the installation was installing two network
cards in one machine, Max. Since both were 3Com 3C905's, I expected a problem,
at least according to some reports on www.practicallynetworked.com. I followed
the 3Com manual to the letter and both cards installed cleanly. I insured both
cards had their own IRQ. I removed Netbeui binding from the Internet card. Did a
renew/release on winipcfg and voila, we were on-line!
The first card was connected to the Internet; the second card was connected
to the LAN with a fixed IP of 192.168.0.1. The other laptops were manually
configured to their own 192.168 addresses. Sygate 4.0 build 693 was installed on
Max as server. Client software was installed on the laptops. Additionally,
Sygate Secure Desktop 2.1 build 464 replaced ZoneAlarm on Max. ZoneAlarm was
removed from the clients.
It works, it all works! With SSD in medium security, we score 0 on dslreports
security scan. All ports are reported as stealth on www.grc.com. This is both
from client and server. Probably makes sense, since SSD binds to the Internet
NIC. Additionally, SSD does a good job of logging unauthorized attempts to
connect to Max. My download speed is back to 4.4 Mbps! ICQ2000a works from Max (server)
and 770 (client). VIDEO CONFERENCING WORKS FROM MAX!! Video and audio works
completely satisfactorily. With the latest Intel software, I can take advantage
of the high-speed connection for true streaming video that is very sharp and
very smooth. The fact that Max is the server and has a direct connection to the
Internet is key to having a working Video Phone. In essence, it doesn't have to
go through any NAT! The firewall software, SSD, seems to allow the necessary
dynamic port assignments to work and doesn't block any needed ports or perform
any filtering.
For my needs, a software solution works better than a hardware one! (This
kinda hurts, after a 30 plus year in hardware engineering!) But, the solution is
the thing. I'm happy with the Sygate offering. It lists at around $40, compared
to $150 or so for hardware routers. (The second NIC came with the Sprint
installation.) Of course, my wife still has to deal with my ongoing reboots, and
the attendant loss of her Internet connection. So my workaround for that is to
do my tinkering when she isn't on. Not a complete solution, but...
Hope this helps in your search for your home networking solution!
John
PS In case you're interested, here are some links that I found helpful in
understanding video conferencing:
http://support.intel.com/support/proshare/h323doc1.htm
Video Conferencing across Firewalls
http://developer.intel.com/support/videophone/trial21/h323_wpr.htm Getting H.323
through firewalls
http://www.meetingbywire.com/Firewalls.htm NetMeeting and Firewalls
|
