Fullscreen HTML5Med Res (??MB)HTML4

Sharing an Internet connection using an IP Gateway Want to share a single modem between several users for Internet access? You can either use a software proxy server to do the job or you can take the hardware route and use an IP gateway. Here’s a look at what IP gateways are, what they do and how they’re set up. By GREG SWAIN M ANY SMALL OFFICE networks use a single dedicated line to connect to the Internet for email and web browsing. This works fine as long as only one person (ie, the person with the modem) requires access but how do you share a single modem between all users on a network, so that they can connect individually (or simultane­ ously) as required? Perhaps the easiest answer for Windows 98 users is to obtain the latest version of this popular operating system, known as Windows 98 SE (second edition). Another approach is to use a software proxy server such as WinGate, as described in the Octob­ er 1999 issue. Basically, WinGate is installed on the PC with the modem 64  Silicon Chip which then acts as a “proxy” for the client machines on the network. With WinGate installed, each client machine behaves as if it had its own modem. When a user wants access, the proxy automatically initiates a dial-up session. As a bonus, WinGate also functions as a DHCP server and acts as basic firewall for the clients. DHCP stands for “Dynamic Host Configuration Protocol” and allows the WinGate server to automatically hand out unique addresses to client computers on a TCP/ IP network as they boot up. OK, let’s just back up a little bit and explain the jargon. TCP/IP is an acronym for “Transmission Control Protocol/Internet Protocol” and is the language of the Internet. It’s also used on many local area networks (LANs), both large and small. Each machine on a TCP/IP network is given a unique IP address consisting of four groups of numbers (between 1 and 255) separated by full points (eg, 192.168.1.10). A DHCP server saves the network administrator from having to manually assign an IP address to each machine on the network – something that can quickly become unwieldy when there are more than about 10 machines involved. IP gateway An alternative to proxy server software is the “IP gateway” (also called an “Internet access server”). This device can be thought of as a box that provides Internet access to multiple users on a network. Basically, all users connect via a common access point or “gate”. An IP gateway offers similar functions to a proxy server and has a few extra features of its own. It’s also a snack to set up and get going – you just plug it in, tweak a few software settings to configure it and it works. The two devices featured here are from MicroGram Computers and are fairly typical of the IP gateways that are now available. The larger of the two is called a “Dual Speed Gateway Hub” while the smaller unit is called a “Dual Port IP Gateway”. Despite their size disparity, the two units are really quite similar. Both function as IP gateways, as DHCP servers and as firewalls (to prevent “hackers” on the Internet from accessing your private LAN). They simply plug into the network and provide users with simultaneous Internet access via one or (optionally) two modem ports. In addition, the larger of the two units rolls an 8-port 10/100Mb dual-speed hub into the package. This means that if you are setting up an office network from scratch, you don’t have to purchase a separate hub. By contrast, the Dual Port IP Gateway plugs into an exist­ing ethernet network, either via a BNC connector or via an RJ-45 (UTP) connector. Indicator LEDs on the front panels of the two units indicate modem and network connections and port activity. In operation, the IP gateway runs in the background and is completely unobtrusive. When a client computer requires Internet access, the gateway automatically dials out and makes the connec­tion. Alternatively, if the connection is already open, the dial-up process is bypassed and new clients have immediate access (the IP gateways also works with ISDN and leased line connections, by the way). Note that, unlike a software proxy server, no dial-up monitor appears on the screen when you initiate a dial-up ses­sion. This means that there is no way for the user to force a disconnection at the end of a session, even if no other users on the network are using Internet resources. Instead, the IP gateway automatically disconnects at the end of the idle period, as specified during the setup procedure. Fig.3: the TCP/IP networking protocol must be installed for the IP gateway to work. This shows the entry for an SMC network adapter. Fig.4: select the “Obtain an IP address automatically” option here if you intend using DHCP. Alternatively, you can assign static IP addresses Fig.5: if you don’t intend using DHCP, you should enter a static IP address for the IP gateway as shown here. Just type in the address and click “Add”. Phone Line Dual-Speed Gateway Hub Phone Line Client PC Modem 1 Modem 2 Client PC Client PC Fig.1: the Dual Speed Gateway Hub combines an IP gateway, a DHCP server and an 8-port fast network hub into one unit. Two modems can be connected, the second dialling out automatically as traffic requirements dictate. Dual Port IP Gateway Existing Hub Phone Line Phone Line Client PC Modem 1 Modem 2 Client PC Client PC Fig.2: the Dual Port IP Gateway can also handle two modems but doesn’t include a hub. It is connected to an existing network as shown here. DHCP server As with software proxies, these IP gateways can also function as DHCP servers. And although they might not be as versatile as a software-based DECEMBER 1999  65 Fig.6: you load the Web Management utility by entering 192.168.1.1 in your web browser and typing “admin” in the password dialog box. Fig.7: this is the OnePage Setup screen. You have to enter in the details for your ISP plus your user ID and password. Fig.8: the Intranet Setting (IP Setting tab) lets you enable/disable the DHCP service, specify a starting address and specify the number of users. Fig.9: this dialog lets you block Internet access for up to five clients and/or block access to certain Internet services. Fig.10: the Virtual Servers dialog lets you redirect external Internet users to internal network functions (eg, to FTP and SMTP servers, as shown here). Fig.11: the basic Modem setup lets you choose the line type (dial-up, ISDN or leased line) and ISP authentication setting. A login script can also be used. DHCP server, they do have two advantages: (1) they are simple to setup; and (2) you only have to leave the IP gate­way itself powered up to keep the DHCP service operating. By contrast, a PC that’s running a DHCP service must be kept on all the time, otherwise the network goes down (unless there’s a backup DHCP server running). That said, there’s probably no good reason to run a DHCP service on a small network – unless you really don’t want to manually assign IP addresses. A common approach is to use both manually-assigned IP addresses and DHCP. The administrator assigns fixed IP ad­dresses to those computers that are permanently connected but uses DHCP to hand out addresses to any new machines that subsequently join the network or are often moved from one location to another. To do this, the administrator has to assign fixed IP addresses within a certain range and then exclude these addresses from the DHCP “scope”; ie, the range of addresses that can be handed out by the DHCP service. For example, the administrator could hand out IP addresses in the range from 192.168.1.2 to 192.168.1.99 and con­ figure the DHCP service to hand out addresses starting at 192.168.1.100. Note that addresses ranging from 192.168.0.0 to 192.168.255.255 are for use on private LANs and cannot normally be accessed via the Internet. and have the second modem automatically dial out to provide extra bandwidth during high traffic periods. The second modem then automatically disconnects when the traffic congestion eases. Alternatively, the second modem can be configured to pro­vide dial-in access only. This allows a user at a remote location to dial in and access network resources without affecting Inter­net access via modem 1. Two modem ports Fig.12: the Advanced modem tab lets you adjust the modem settings and set the disconnect “idle” period. 66  Silicon Chip One interesting feature of these two units is that they both have two modem ports. Why two? The answer is that you can connect two modems Connecting the hardware If you’re setting up a network from scratch, the Dual Speed Gateway Hub is probably the way to go. Fig.1 shows a typical installation. Each PC is fitted with a network interface card (NIC) and is connected to a port on the hub via a Cat.5 cable. The eight ports on the hub are auto-negotiating which means that they run at either 10Mb/s or 100Mb/s, depending on your network cards. The eighth port can also be switched to uplink mode (via an adjacent switch), so that additional hubs can be cascaded as the network grows. By the way, hubs are cascaded by connecting the uplink port on one hub to a normal port on the second hub and so on. Hubs that don’t have uplink ports are cascaded by connecting two of their regular ports together via a crossover cable. Installing TCP/IP After connecting the hardware, the next step is to install the TCP/ IP networking protocol on the client machines. If you’re using Windows 95/98, double-click the Network icon in Control Panel to bring up the dialog box shown in Fig.3. If you don’t see a TCP/IP entry for the network adapter, click “Add” double-click “Protocol”, click “Microsoft”, select “TCP/IP” from the list of network protocols and click OK. Follow the on-screen prompts to complete the installation, then go back to the Network dialog box. You should now see a TCP/IP entry for your network adapter (Fig.3 shows the entry for an SMC EZ Card). Double-click this entry to bring up the TCP/IP Properties dialog box, click the IP Address tab and, assuming that you wish to use the DHCP service provided by the IP gateway, select “Obtain an IP address automatically” (Fig.4). And that’s all you have to do to get a working TCP/IP net­work, since the DHCP service on the IP gateway is enabled by default. You can ignore the Gateway and DNS settings, since the system configures these automatically. Alternatively, if you are using another DHCP service, you will have to specify the IP address for the gateway yourself. You do that by clicking the Gateway tab, entering the address 192.168.1.1 in the space provided and clicking “Add” – see Fig.5. This is the default address for the IP gateway and must not conflict with any other assigned IP address on the network. You will also have to manually assign the gateway address if you don’t intend to run a DHCP service. In addition, you will have to assign a unique IP address to each machine on the network but note that they must all use a Subnet Mask of 255.255.255.0. Configuring the gateway There are four ways to configure the IP gateway: (1) via a web browser (Web Management); (2) via the bundled GateKeeper software; (3) via a terminal program (eg, HyperTerminal); and (4) via Telnet. Most people will use Web Management since you don’t have to This view shows the rear panel of the Dual Speed Gateway Hub. The switch next to UTP port 8 allows this port to be switched to uplink mode, while the switch next to the modem 2 port can be used to select configuration mode. This last setting is used only for configuring the gateway via a terminal program. install any software, although you do get a cleaner interface and a couple of extra options using Gate­Keeper. Basically, you need to configure the gateway with all the information it requires to connect and log in to your ISP. Howev­er, there are lots of other options that can be configured, including restricting access to certain services and restricting all access by certain users. The Web Management utility is started by launching your web browser and typing 192.168.1.1 (ie, the gateway IP address) in the address window. When you press “Enter”, the Network Password dialog window will open (see Fig.6). By default, you can leave the User Name field blank and fill in the password “admin” before clicking OK to enter Web Management. Fig.7 shows the opening “OnePage Setup” dialog box. This page has all the settings that most users will need. The Modem 1 dial-out setting is enabled by default and you have to choose the ISP Name (in most cases, “Standard PPP”) and enter the ISP’s phone number, the DNS IP address, and your user ID and password. This information is all provided by your ISP. The Gateway IP Address and Subnet Mask are set to 192.168.1.1 and 255.255.255.0 by default but you can change these if necessary. You can also open and configure a number of other dialog boxes under the Advanced menu. For example, the Intra­net Setting dialog box has three tabs labelled “IP Setting”, “Filter” and “Virtual Server”. The first tab lets you enable or disable the DHCP service. You can also specify the starting IP address for the DHCP service (192.168.1.100 is the default) and the maximum number of users. However, there’s no way of specifying the “lease” period (ie the period for which an individual PC is assigned an IP address), which is apparently preset to six days. Assuming that you stick to the defaults, this means that the first address handed out by the DHCP service will be 192.168.1.100, the second 191.168.1.101, the third 192.168.1.102 and so on up to 192.168.1.149. Clicking the Filter tab brings up the dialog box shown in Fig.9. Here, you can prevent certain users from accessing the Internet via the gateway and/ or prevent access to certain servic­es. Up to five users can be locked out but in Fig.9, only the machine on 192.168.1.10 has been blocked from Internet access. Note that the machines to be excluded should be assigned static IP addresses for this to work correctly. They should not be part of the DHCP The Dual Port IP Gateway has both RJ-45 and BNC sockets for connecting to a network. DECEMBER 1999  67 Using The Alternative GateKeeper Software Fig.13: to use an IP gateway, all Internet applications must be set to connect via a LAN instead of via a modem. This is the setting for IE4. Fig.14: this is the connection setup for Outlook Express. service, since individual machines can be assigned a different IP address if their “lease” period on a previous address expires. The Filtered Private Ports entry lets you disable up to five Internet services by specifying their port numbers. As an example, entering 80 and 21 in the Port 1 and Port 2 windows will disable web browsing and FTP access, respectively. You might do this if you want to restrict users on the network to email access only and prevent them from web browsing or tying up the system while they download large files from FTP sites. Note that the port numbers given above are default values. The port number for your web service in particular will be dif­ferent if you use a proxy server at your ISP. 68  Silicon Chip The alternative Gate­ Keeper software supplied with these units duplicates the functions of the Web Management utility but has a cleaner interface and includes a couple of additional options (eg, there’s a firmware upgrade option, for updating the IP gateways with the latest code). The software is supplied on floppy disk and is installed by double-clicking the setup.exe file. The GateKeeper utility is then launched via the Windows Start menu in Fig.15: the OnePage setup dialog from GateKeeper. the usual manner. Fig.10 shows the dialog box that pops up when you click the Virtual Server tab. Normally, external Internet users cannot access your network because the IP gateway functions as a fire­wall. The Virtual Server dialog box lets you bypass this firewall to give external users access to selected services on your net­work; eg, an FTP server, a web server or a mail server. Note that, for this to work, you must have a fixed IP address which is allocated by your ISP (yes, it costs money). The Modem 1 and Modem 2 dialog boxes are pretty much self-explanatory. When you click on these, you will find that the settings are already there since these are part of the OnePage Setup – see Fig.11. You can also set up a logon script if that is required by your ISP. The Advanced tab lets you choose the modem type and the idle disconnect period (Fig.12). It also lets you specify whether to enable or disable a second modem and the traffic level at which the second modem automatically dials out. There’s also a dial-in dialog for Modem 2 that lets you specify a user ID and password for up to three users and enable or disable the call­back function. The last two buttons in the Advanced menu are labelled “Device Admin.” and “Status Monitor”. The “Device Admin.” dialog box lets you reset the device, revert to the factory defaults and change the password, while the “Status Monitor” shows a list of client computers on the network that have been given IP addresses by the DHCP service. Configuring your browser There’s no great magic involved in configuring your web browser or any other Internet application to work with an IP gateway. Basically, you set up your web browser in exactly the same manner as for a direct dial-up connection but with one important difference – you must configure it to connect via the LAN instead of via a modem. Fig.13 shows the setting for Internet Explorer 4 while Fig.14 shows the setting for Outlook Express. Apart from that, everything works as normal as far as each user is concerned. In short, these devices are fast to set up and provide a hassle-free way to configure a network and share an Internet connection. Where to buy them The Dual Speed IP Gateway Hub (Cat. 10108) and the Dual Port IP Gateway (Cat. 10112) are available from MicroGram Comput­ers and retail for $699 and $449 respectively (including sales tax). You can contact Micro­Gram Computers at Unit 1, 14 Bon Mace Close, Berkeley Vale, NSW 2261. Phone (02) 4389 8444; fax (02) 4389 8388; web site www.mgram.com.au; SC email sales<at>mgram.com.au