Fullscreen HTML5Med Res (??MB)HTML4

How to share a modem between PCs & give users simultaneous Internet access Want to share one modem and a single telephone line between multiple PCs for simultaneous email or Internet access? A proxy server such as WinGate is the answer. It also functions as a DHCP server and as a firewall into the bargain. A By GREG SWAIN COMMON PROBLEM facing many small businesses is how to provide email access for all computers on a network. Unless there are only two or three users, it’s just not practical to fit a modem to all PCs and add additional telephone lines or even have them share a single line. The cost of additional lines often cannot be justified, while a single line means that only one person can have Internet access at any one time. The answer to this problem is to have all PCs on the net­work share the same modem. This involves installing extra soft­ware on the computer with the modem, so that it functions 4  Silicon Chip as a “proxy server”. The server then routes Internet requests from the client computers through the single Internet connection, to give all machines simultaneous access. In effect, the proxy server acts as a “gateway” to the Internet (or to local web/email servers) for the client machines on the network. As far as each user is concerned, the clients all behave as if they had their own modem. In computer jargon, the proxy server behaves as though it were “transparent”. There’s just one import­ant difference – if the server is already on-line, the client has immediate access to the Internet. Conversely, if there is no existing connection, a request for Internet access from a client computer automatically initiates a dial-up session. The cost benefits of this are obvious. First, you don’t need to provide additional modems and Internet connections. Second, only one telephone call is required for all users to access their email. And third, users can access their email when ever they want, instead of waiting for the line to become avail­able. Proxy software Unfortunately, unless you have the very latest version of Windows 98 (second edition), you need third party software to provide modem sharing. That’s the bad news. The good news is that there are plenty of software proxies about and they don’t cost the earth. Of these, the best known are WinGate (www.wingate.com.au) and Sy­ Gate (www.sygate.com). In this article, we’ll take a close look at WinGate and describe how it’s set to provide modem sharing. But that’s not all WinGate can do. As well as functioning as a proxy server, it can also function as a DHCP server and as a firewall. DHCP stands for Dynamic Host Configuration Protocol and allows a server to automatically hand out IP addresses to client computers on a network as they boot up. A DHCP server makes it really easy to set up a TCP/IP net­ work, since you don’t have to manually assign IP addresses to the client computers and maintain lmhosts files. It does have one disadvantage though; if the DHCP server goes down or is switched off, the rest of the network also goes down (unless there’s a backup DHCP server). WinGate runs on both Windows 95/98 and Windows NT and works with most Internet applications. These include web browsers, FTP, news and email programs, Telnet, IRC, Real­Audio/Video and many other Internet tools and applica­ tions. It’s not restricted for use with a dial-up modem either; WinGate will function just as well with ISDN, cable modem, satel­lite connection and other dedicated circuits, and can act as a proxy for local web and email servers. Downloading WinGate If you haven’t already done so, the first step is to set up a working Internet connection on the PC that’s going to be the proxy server. Having done that, you can download the latest version of the WinGate software (Ver. 3.0.4). In Australia, you can go to the local WinGate distributor which is Jantek­ nology Distribution. Their website address is www.janteknology.com. au or www.wingate.com.au There are three versions of WinGate to choose from: Win­Gate Home, WinGate Standard and WinGate Pro. You also have to choose the correct software to suit your operating system, either Windows 9x or NT. The differences between the three versions and the pricing details are all listed on the website. For example, both WinGate Standard and WinGate Pro include a caching utility that stores previously visited pages on the Win–Gate server, for faster access if sites are subsequently revisited. They also include a “ban” utility that can restrict access to certain websites. WinGate Pro adds user management utilities. It allows the Administrator to add individual users and groups, to remotely administer the program and to carry out auditing and sched­uling. Among other things, these facilities also allow the admin­istrator to restrict individual or group access to Internet services according to custom settings. The Home version provides a simplified user interface and has minimal configuration options. It’s the one to use for shared Internet access at home or in a small office with only a few users. Fig.1: before installing WinGate, you must have TCP/IP installed for your network adapter (not just for a Dial-Up Adapter as shown here). Fig.2: to add TCP/IP to your network adapter, click the Add button and follow the prompts. This shows the entry for an SMC network adapter. Fig.3: the WinGate server must be assigned a static IP address (192.168.0.1) and a subnet mask (255.255.255.0). Fig.4: on the clients, select the “Obtain an IP address automatically” option so that they obtain their IP addresses from WinGate’s DHCP service. The cost of the software depends on the features that you want and the maximum number of simultaneous users required. At the time of writing, WinGate Home 3-User costs $67, WinGate Standard 3-User $134 and WinGate Pro 6-User $500. However, you can also choose 6-user, 12-user, 25-user, 50-user and unlimited user licences. You don’t have to pay for WinGate upfront, however. In­ stead, you can download a trial “key” which will allow you to evaluate the software for 30 days. There’s also a handy order form on the Janteknology site that you can download and send in for your full licence keys. While you’re there, you should also download the installa­ tion instructions and the WinGate User manual. Windows 95 users will also have to download the Winsock 2 upgrade but note that this is not needed for Windows 98. This upgrade must be installed on the Windows 95 client computers in order for WinGate to func­tion correctly. Server setup WinGate requires a network that’s running the TCP/IP proto­col, otherOctober 1999  5 Fig.5: Internet applications on client machines are set up to connect via a LAN instead of via a modem. This is the setting for Outlook Express. Fig.6: this is the connection setup for Internet Explorer 4. Provided you’re using WinGate 3.0 or later, any proxy settings should be as specified by your ISP. wise it won’t work. That means that you have to set up TCP/IP on each individual PC before actually installing WinGate. For the purposes of this article, we will assume that you are using Windows 95/98, although the procedure is similar for NT. Let’s deal with the server first. Because the server already has an Internet connection, TCP/IP will already be bound to the Dial-Up Adapter. What you have to do now is add the protocol to the network interface card (NIC) – if it doesn’t already exist that is. To do this, double click the Network icon in Control Panel to bring up the dialog box shown in Fig.1. If you don’t 6  Silicon Chip see a TCP/IP entry for your network card, click “Add”, double-click “Protocol” from the list, select “Microsoft”, select TCP/IP and click OK. After that, it’s just a matter of following the on-screen prompts to complete the installation. When you subsequently recheck the network configuration dialog box, you should see that TCP/IP is now bound to your network card. Fig.2 shows the entry for an SMC EZ Card PCI 10 Adapter. The WinGate Server now has to be configured with a “static” (ie, manually assigned) IP address. To do this, first double-click the TCP/IP entry for the network card to bring up the TCP/IP Properties dialog box. Select “Specify an IP Address” (under the IP Address tab) and enter in an IP address of 192.168.0.1. The Subnet Mask to use here is 255.255.255.0 – see Fig.3. Of course, there’s nothing to stop you from using a differ­ent IP address but don’t do this unless you have a valid reason (and you know what you are doing). The WINS Configuration, Gateway, Bindings and Advanced settings should all be left as they are. Similarly, the DNS Configuration should be left as is but note whether DNS has been enabled or disabled – you’ll need to know this when it comes to setting up the WinGate clients. Having set up the TCP/IP properties, you’re now ready to install Win­ Gate on the server. WinGate 3.0 and later combines both server and client software components, so it’s important to install the correct component on each machine. Because this is the first machine that WinGate is being installed on, the setup procedure automatically selects the server component for installation (you can change this if you wish, however). In most cases, you can choose the “Typical” setup option but if you choose “Custom”, it brings up a dialog box that lets you select which proxy services to install for yourself. When the installation is complete, the WinGate Engine starts automatically. This is indicated by the WinGate Engine Monitor icon which is added to the System tray (on the righthand side of the Taskbar). This icon has a little computer screen that is blue when the engine is running but turns red if the engine is stopped. Note that the WinGate Engine may take a few minutes to initialise the first time it’s started. Client configuration Unlike the server, you don’t have to manually assign IP addresses to the client computers. Why? – because we can now use the DHCP service on the WinGate server to hand out IP addresses to the clients each time they start up. By default, the DHCP service starts automatically when WinGate is installed on the server, so no user configuration is necessary. However, we’re getting ahead of ourselves. The first step, if you are running Windows 95, is to in­stall the Winsock2 upgrade. Once this has been done, you add TCP/IP to the network cards in the clients in exactly the same manner as before and then install WinGate on the client ma­chines. It’s quite easy to configure the clients to use the DHCP service. All you have to do is launch the IP Properties dialog box, click the IP Address tab and select the “Obtain an IP ad­dress automatically” option (Fig.4). The only other setting that you have to worry about here is the DNS configuration. If DNS is enabled on the WinGate server, select “Disable DNS”. Conversely, if DNS is disabled on the WinGate Server, select “Enable DNS” on the client and enter the client’s name in the Host field. This done, you have to enter the IP address(es) of your Internet Service Provider’s DNS server(s) in the “DNS server search order” field. The other fields are left blank. Once all this has been done, you should have a fully work­ing TCP/IP network, with the server now automatically handing out IP addresses to the clients. You can, of course, manually assign IP addresses to the client machines if you wish. You might want to do this in a small office network where you don’t want to rely on a DHCP server, for example. Typically, you could assign an IP address of 192.168.0.2 to the first WinGate client, 192.168.0.3 to the second client, 192.168.0.4 to the third and so on. Note, however, that the subnet mask must be the same for all machines (ie, 255.255.255.0). If you do wish to assign static IP addresses, then it’s simply a matter of following the instructions in the user manual. Be sure to follow the Fig.7: WinGate is administered using the GateKeeper program which is installed on the server. The opening screen lists the System Services that are available. instructions for the Gateway and DNS set­tings carefully. Once the TCP/IP network is up and running, WinGate can be installed on the clients. This time, the setup program automati­ cally detects the Win-Gate server on the network and selects the client component for installation. This adds an extra icon la­belled “WinGate Internet Client” to the Control Panel – see Fig.18. Normally, the WinGate Internet Client software runs in the background and is completely unobtrusive. Its job is to elim­inate complicated application setups and it does this by automat­ ically intercepting winsock calls made by the applications and redirecting them to the server. So what does all that jargon mean in practice? It simply means that you set up your email, browser and other applications in exactly the same manner as for a direct (modem) connection to the Internet (just follow the instructions given to you by your ISP). There’s just one exception – you must configure the appli­cations to connect via the LAN instead of via a modem. Fig.5 shows the setting for Outlook Express, while Fig.6 shows the setting for Internet Explorer 5. By contrast, earlier versions of WinGate (ie, before Ver. 3.0) only installed software on the server and this required special setup procedures for any Internet applications. The keeper of the gate At this stage, you will have a working TCP/IP network with WinGate installed on the server and client machines. You now need to configure WinGate to give the clients Internet Fig.8: clicking the Services tab brings up the available User Services. You configure each service by doubleclicking its entry to bring up a Properties dialog box. access and that’s where “GateKeeper” comes in. This program can also be used to restrict the rights that users have or to manually configure the various services (eg, the DHCP service). Basically, GateKeeper is the administration program for WinGate. It’s started by double-clicking the WinGate Engine Monitor icon in the Fig.9: the DHCP service can operate in fully automatic mode or can be manually configured if required. system tray of the server, or you can do it the hard way and go through the Start Menu. The first time you launch Gate-Keeper, leave the password field in the logon box blank and click OK. You will then be warned that you have no rights to the system until you enter a password. Click OK and then follow Fig.10: the DHCP Settings tab shows the IP scope – ie, the IP addresses that can be handed out to the clients. Fig.11: doubleclicking the scope address range in Fig.10 bring up the Scope Properties dialog. This lets you manually specify the scope, exclude addresses that you don’t want handed out and set the lease duration. October 1999  7 Fig.12: the Dialer service must be configured before clients can access the Internet. This involves selecting the “Connect as required” option, choosing the dialer profile from the drop-down list and filling in the username and password information. The disconnect options should also be checked as required. the on-screen prompts to enter a new password, so that you have full access to GateKeeper. Don’t forget this password; you will need it to logon to GateKeeper in the future. When you launch GateKeeper, the dialog box shown in Fig.7 appears. This lists the “System Services” that are available (DHCP, DNS, Winsock Redirector, Dialer, etc). Similarly, clicking the “Services” tab shows the available “User Services” (Fig.8); eg, FTP, WWW and POP3 (ie, email) proxy servers, etc. Configuring DHCP You configure each of the services by double-clicking its entry. For example, double-clicking the “DHCP Fig.13: the System Policies dialog is used to set global options. By default, the recipient specified is “Everyone, Unrestricted Rights” but you can add or remove recipients to suit your particular network, if required. Unlike WinGate Standard, WinGate Pro lets you add new users and groups. 8  Silicon Chip Service” entry and selecting the DHCP Mode tab displays the properties dialog box shown in Fig.9. This lets you choose between three operating modes: fully automatic, semi-automatic and manual. If you leave it in the default fully automatic mode, no further configuration is required. When this mode is used, a default gateway is automati­ cally assigned, the DNS is set to WinGate and the “Scope Proper­ties” are automatically specified. A “scope” defines the range of IP addresses that can be handed out to clients. If you select the semi-automatic mode, you can specify which components you want to manually configure. This includes assigning the gateway and DNS servers and creating scopes. If you select the manual mode, you have to specify all settings yourself. The DHCP Settings tab brings up the dialog box shown in Fig.10. This shows the address of the gateway (192.168.0.1) and the IP scope, in this case 192.168.0.1-192.168.0.254. Double clicking the scope entry brings up the Scope Properties dialog box – see Fig.11. This lets you alter the scope range and add to the excluded address list. Note that, in Fig.11, the address 192.168.0.1 has been excluded since that is the IP address of the gateway itself. Configuring the dialer This step is vital if you use a modem to access the Inter­net and you want to also give the clients access via WinGate. As before, you set up the service by double-clicking its entry. In this case, you double-click the Dialer entry in Fig.12 to bring up the Dialer Properties dialog (also shown in Fig.12). You then check the “Connect as required using” option and select the desired profile from the drop-down list. The dialog shown at the front of Fig.12 will appear and it’s now only a matter of filling in the Username and Password information for your ISP account. Leave the Domain field blank unless your ISP requires you to logon to an NT domain in order to connect to their services. By the way, it’s a good idea to increase the disconnect period from the default value to prevent WinGate from hanging up at a moment’s notice (something which can quickly become Fig.14: WinGate lets you restrict access for the recipients according to location (ie, the IP address) and the time of day. There’s also a ban list feature that allows you to ban clients from accessing web pages that match selected criteria. very annoying). In order for clients to access a service, they must be granted the right to do so. This is determined by the “policies” settings in GateKeeper. Basically, there are two levels of rights: (1) system policies; and (2) service policies. What’s the difference between them? Well, system policies allow you to define global access rights, while service policies allow you to set the rights for individual services (eg, for DHCP and POP3). The system policies dialog is access­ ed by clicking the “Users” tab in GateKeeper and then double-clicking the “Systems Policies” icon in the lefthand pane – see Fig.13. By default, the Everyone group with unrestricted rights is installed but you can delete this and add recipients of your own if you wish to re­strict access to certain users (just click the “Add” button and follow the bouncing ball). As stated previously, WinGate Pro allows you to add new users and groups, whereas WinGate Standard only identifies two user accounts named “Administrator” and “Guest” Once a recipient has been added, you can double-click its entry to bring up the properties dialog box shown at the front of Fig.13. This allows you to restrict access according to the location of the user (eg, for a single IP address or a range of IP addresses) and even to restrict access times to certain hours and certain days of the week – see Fig.14. One of the most useful tools here is the “Ban List” feature. It allows you Fig.15: the Policies tab lets you choose the default rights for the services, as specified in System Policies. Fig.16: you can also add individual recipients for each service and ignore or include the default rights. Granting access to ban the clients from accessing any web site that matches the criteria you select and this may be based on server name, the server IP address, the website name (URL) and URLs containing certain words. On the other hand, if you want to set unique policies for a particular service, click on the Services tab in GateKeeper, then double-click the icon for the service you wish to modify and select the “Policies” tab from the resulting dialog box. Fig.15 shows a typical setup for a POP3 proxy server. In this case, the “Default rights (System policies)” setting will be used. Note that the option “may be used instead” has been select­ed here, so if the systems policies setting is “Everyone, Unre­stricted Rights”, then that is the policy that will apply. Alternatively, by clicking the add button, you can add one or more recipients to suit that particular service – see Fig.16. If you can’t get the DHCP service working, check its Policies setting. Unlike other services, you cannot choose a default systems policies setting (it’s greyed out). By default, “Everyone, Unrestricted rights” should be listed in the pane but if it isn’t, you will have to add a recipient your­self. Other tabs on the service properties dialogs let you check the Bindings and Interfaces (ie, the interfaces that connections will be accepted on) and set logging options. Security That brings us to a very important function of WinGate – its ability to act as a firewall. During setup, WinGate’s installa­ t ion wizard automatically configures the system for maximum security. It does this by binding the individual proxy services to the IP address of the internal network card (192.168.0.1) and to a local “loopback” address (127.0.0.1). In operation, WinGate will only accept requests coming from this internal interface. Any requests coming from the Internet appear to be coming from an external interface and are rejected. In addition, the administrator can set up the system po­licies so that WinGate only accepts connections coming from specific address ranges. History logging One feature that will be of interest October 1999  9 Fig.17: the History logging option allows the administrator to monitor Internet activity on the clients. This could be useful for checking that business computers are only used in an authorised manner, for example. Fig.18: the WinGate Internet Client (WGIC) is launched from the Control Panel. You can use it to disable WGIC or the dialup monitor and to select which WinGate server to use if there is more than one server on the network. to administrators is the ability to log Internet activity. This could be particularly useful for monitoring user patterns and making sure that business computers are only used in an authorised manner, for example. This logged file is displayed by clicking the “History” button on the GateKeeper toolbar – see Fig.17. Naturally, the logging feature can be disabled if it isn’t required. WinGate Internet Client Normally, you don’t have to con­ figure the WinGate Internet Client (WGIC) but there are a few options for advanced users. The WGIC is opened by dou- Sharing An Internet Connection Using Hardware An alternative to using proxy server software for shared Internet access is to use a hardware proxy instead. This interesting device is called a Dual Speed IP Gateway Hub but don’t let the plain-vanilla exterior fool you – it rolls an 8-port 10/100Mb hub, an Internet access server, a DHCP server and a firewall all into one. It provides simultaneous Internet access for all users on the network and supports either one or two modems, the second modem automatically dialing in according to traffic requirements. We’ll take a closer look at this unit next month, along with its little brother Dual Port IP Gateway. In the meantime, you can obtain further information on these products (Cat. 10108 & 10112 respectively) from MicroGram Computers: www.mgram.com.au; phone (02) 4389 8444. 10  Silicon Chip ble-clicking its icon in the Control Panel. This bring up the dialog box shown in Fig.19, after which there are four tabs to choose from. The General tab allows you to enable or disable WGIC and to launch the WinGate Dialup Monitor at startup. Normally, you would want to enable the Dialup Monitor so that the client displays the dialing status during dialing and also to allow the client to send a discon­nect request to the server. The WinGate Servers tab lists all the WinGate servers that are connected to the LAN. You can choose which server to use, or you can have one automatically selected for you. On most networks, there will only be one WinGate server so you can just leave the automatic setting enabled. The other two tabs allow you to select Internet applications that you don’t want redirected through the server and to reset the WGIC protocols to their default settings. Using WinGate Once set up, WinGate is easy to use. When you attempt to connect to the Internet from a client machine, the dialup monitor appears and is subsequently minimised to the System Tray (assuming that the connection is successful). After that, you can send email or use other Internet applications in the normal manner. If the connection is already open, the dial-up process is bypassed and new clients have immediate access to the Internet. At the end of the session, you disconnect by double-click­ ing the dial-up monitor icon in the System Tray and then clicking the disconnect button. Note, however, that the server will reject any dis­connect requests if other clients are still using the connection. In short, it’s all pretty much transparent to the user. And that’s the basic idea behind WinGate – to give several users simultaneous access just as if they all had their own modems. Finally, there are lots of other features that we haven’t covered here. For example, you can run an internal mail (SMTP) server behind WinGate on your LAN and you can provide external access to your network by bypassing the proxy service. You will find all the information you need at www.wingate.com, in the Wingate SC manual and in the help files.