This is only a preview of the October 1999 issue of Silicon Chip. You can view 37 of the 96 pages in the full issue, including the advertisments. For full access, purchase the issue for $10.00 or subscribe for access to the latest issues. Items relevant to "Backup Battery For Cordless Phones":
Items relevant to "Build The Railpower; Pt.1":
Items relevant to "Semiconductor Curve Tracer":
Items relevant to "Autonomouse The Robot; Pt.2":
Items relevant to "An XYZ Table With Stepper Motor Control; Pt.6":
Purchase a printed copy of this issue for $10.00. |
How to share a modem between PCs & give
users simultaneous Internet access
Want to share one modem and a
single telephone line between
multiple PCs for simultaneous email
or Internet access? A proxy server
such as WinGate is the answer. It
also functions as a DHCP server and
as a firewall into the bargain.
A
By GREG SWAIN
COMMON PROBLEM
facing many small businesses is how to provide
email access for all computers on a network. Unless there are only two or three users,
it’s just not practical to fit a modem to
all PCs and add additional telephone
lines or even have them share a single
line. The cost of additional lines often
cannot be justified, while a single line
means that only one person can have
Internet access at any one time.
The answer to this problem is to
have all PCs on the network share the
same modem. This involves installing extra software on the computer
with the modem, so that it functions
4 Silicon Chip
as a “proxy server”. The server then
routes Internet requests from the client
computers through the single Internet
connection, to give all machines simultaneous access.
In effect, the proxy server acts as a
“gateway” to the Internet (or to local
web/email servers) for the client machines on the network.
As far as each user is concerned,
the clients all behave as if they had
their own modem. In computer jargon,
the proxy server behaves as though it
were “transparent”. There’s just one
important difference – if the server is
already on-line, the client has immediate access to the Internet. Conversely,
if there is no existing connection, a
request for Internet access from a client computer automatically initiates
a dial-up session.
The cost benefits of this are obvious. First, you don’t need to provide
additional modems and Internet
connections. Second, only one telephone call is required for all users to
access their email. And third, users
can access their email when ever they
want, instead of waiting for the line
to become available.
Proxy software
Unfortunately, unless you have the
very latest version of Windows 98
(second edition), you need third party
software to provide modem sharing.
That’s the bad news. The good news is
that there are plenty of software proxies about and they don’t cost the earth.
Of these, the best known are WinGate (www.wingate.com.au) and Sy
Gate (www.sygate.com).
In this article, we’ll take a close look
at WinGate and describe how it’s set
to provide modem sharing. But that’s
not all WinGate can do. As well as
functioning as a proxy server, it can
also function as a DHCP server and as
a firewall. DHCP stands for Dynamic
Host Configuration Protocol and allows a server to automatically hand
out IP addresses to client computers
on a network as they boot up.
A DHCP server makes it really easy
to set up a TCP/IP net
work, since
you don’t have to manually assign IP
addresses to the client computers and
maintain lmhosts files. It does have
one disadvantage though; if the DHCP
server goes down or is switched off,
the rest of the network also goes down
(unless there’s a backup DHCP server).
WinGate runs on both Windows
95/98 and Windows NT and works
with most Internet applications.
These include web browsers, FTP,
news and email programs, Telnet,
IRC, RealAudio/Video and many other
Internet tools and applica
tions. It’s
not restricted for use with a dial-up
modem either; WinGate will function
just as well with ISDN, cable modem,
satellite connection and other dedicated circuits, and can act as a proxy for
local web and email servers.
Downloading WinGate
If you haven’t already done so, the
first step is to set up a working Internet
connection on the PC that’s going to
be the proxy server. Having done that,
you can download the latest version
of the WinGate software (Ver. 3.0.4).
In Australia, you can go to the local
WinGate distributor which is Jantek
nology Distribution. Their website
address is www.janteknology.com.
au or www.wingate.com.au
There are three versions of WinGate
to choose from: WinGate Home, WinGate Standard and WinGate Pro. You
also have to choose the correct software to suit your operating system,
either Windows 9x or NT.
The differences between the three
versions and the pricing details are
all listed on the website. For example,
both WinGate Standard and WinGate
Pro include a caching utility that
stores previously visited pages on the
Win–Gate server, for faster access if
sites are subsequently revisited. They
also include a “ban” utility that can
restrict access to certain websites.
WinGate Pro adds user management
utilities. It allows the Administrator
to add individual users and groups, to
remotely administer the program and
to carry out auditing and scheduling.
Among other things, these facilities
also allow the administrator to restrict
individual or group access to Internet
services according to custom settings.
The Home version provides a simplified user interface and has minimal
configuration options. It’s the one
to use for shared Internet access at
home or in a small office with only
a few users.
Fig.1: before installing WinGate, you
must have TCP/IP installed for your
network adapter (not just for a
Dial-Up Adapter as shown here).
Fig.2: to add TCP/IP to your network
adapter, click the Add button and
follow the prompts. This shows the
entry for an SMC network adapter.
Fig.3: the WinGate server must be
assigned a static IP address
(192.168.0.1) and a subnet mask
(255.255.255.0).
Fig.4: on the clients, select the “Obtain
an IP address automatically” option
so that they obtain their IP addresses
from WinGate’s DHCP service.
The cost of the software depends
on the features that you want and the
maximum number of simultaneous
users required. At the time of writing, WinGate Home 3-User costs $67,
WinGate Standard 3-User $134 and
WinGate Pro 6-User $500. However,
you can also choose 6-user, 12-user,
25-user, 50-user and unlimited user
licences.
You don’t have to pay for WinGate
upfront, however. In
stead, you can
download a trial “key” which will
allow you to evaluate the software for
30 days. There’s also a handy order
form on the Janteknology site that you
can download and send in for your
full licence keys.
While you’re there, you should also
download the installa
tion instructions and the WinGate User manual.
Windows 95 users will also have to
download the Winsock 2 upgrade
but note that this is not needed for
Windows 98. This upgrade must be
installed on the Windows 95 client
computers in order for WinGate to
function correctly.
Server setup
WinGate requires a network that’s
running the TCP/IP protocol, otherOctober 1999 5
Fig.5: Internet applications on client
machines are set up to connect via a
LAN instead of via a modem. This is
the setting for Outlook Express.
Fig.6: this is the connection setup for
Internet Explorer 4. Provided you’re
using WinGate 3.0 or later, any proxy
settings should be as specified by your
ISP.
wise it won’t work. That means that
you have to set up TCP/IP on each
individual PC before actually installing WinGate. For the purposes of this
article, we will assume that you are
using Windows 95/98, although the
procedure is similar for NT. Let’s deal
with the server first.
Because the server already has an
Internet connection, TCP/IP will already be bound to the Dial-Up Adapter. What you have to do now is add
the protocol to the network interface
card (NIC) – if it doesn’t already exist
that is.
To do this, double click the Network
icon in Control Panel to bring up the
dialog box shown in Fig.1. If you don’t
6 Silicon Chip
see a TCP/IP entry for your network
card, click “Add”, double-click “Protocol” from the list, select “Microsoft”,
select TCP/IP and click OK. After
that, it’s just a matter of following the
on-screen prompts to complete the
installation.
When you subsequently recheck the
network configuration dialog box, you
should see that TCP/IP is now bound
to your network card. Fig.2 shows
the entry for an SMC EZ Card PCI 10
Adapter.
The WinGate Server now has to be
configured with a “static” (ie, manually assigned) IP address. To do this,
first double-click the TCP/IP entry
for the network card to bring up the
TCP/IP Properties dialog box. Select
“Specify an IP Address” (under the IP
Address tab) and enter in an IP address
of 192.168.0.1. The Subnet Mask to
use here is 255.255.255.0 – see Fig.3.
Of course, there’s nothing to stop
you from using a different IP address
but don’t do this unless you have a
valid reason (and you know what you
are doing).
The WINS Configuration, Gateway,
Bindings and Advanced settings
should all be left as they are. Similarly,
the DNS Configuration should be left
as is but note whether DNS has been
enabled or disabled – you’ll need to
know this when it comes to setting up
the WinGate clients.
Having set up the TCP/IP properties, you’re now ready to install Win
Gate on the server. WinGate 3.0 and
later combines both server and client
software components, so it’s important
to install the correct component on
each machine.
Because this is the first machine
that WinGate is being installed on, the
setup procedure automatically selects
the server component for installation
(you can change this if you wish, however). In most cases, you can choose
the “Typical” setup option but if you
choose “Custom”, it brings up a dialog
box that lets you select which proxy
services to install for yourself.
When the installation is complete,
the WinGate Engine starts automatically. This is indicated by the WinGate
Engine Monitor icon which is added to
the System tray (on the righthand side
of the Taskbar). This icon has a little
computer screen that is blue when the
engine is running but turns red if the
engine is stopped.
Note that the WinGate Engine may
take a few minutes to initialise the first
time it’s started.
Client configuration
Unlike the server, you don’t have
to manually assign IP addresses to
the client computers. Why? – because
we can now use the DHCP service
on the WinGate server to hand out
IP addresses to the clients each time
they start up.
By default, the DHCP service
starts automatically when WinGate
is installed on the server, so no user
configuration is necessary. However,
we’re getting ahead of ourselves.
The first step, if you are running
Windows 95, is to install the Winsock2
upgrade. Once this has been done, you
add TCP/IP to the network cards in the
clients in exactly the same manner as
before and then install WinGate on the
client machines.
It’s quite easy to configure the clients to use the DHCP service. All you
have to do is launch the IP Properties
dialog box, click the IP Address tab
and select the “Obtain an IP address
automatically” option (Fig.4).
The only other setting that you
have to worry about here is the DNS
configuration. If DNS is enabled on the
WinGate server, select “Disable DNS”.
Conversely, if DNS is disabled on the
WinGate Server, select “Enable DNS”
on the client and enter the client’s
name in the Host field. This done,
you have to enter the IP address(es)
of your Internet Service Provider’s
DNS server(s) in the “DNS server
search order” field. The other fields
are left blank.
Once all this has been done, you
should have a fully working TCP/IP
network, with the server now automatically handing out IP addresses to the
clients. You can, of course, manually
assign IP addresses to the client machines if you wish. You might want
to do this in a small office network
where you don’t want to rely on a
DHCP server, for example.
Typically, you could assign an IP
address of 192.168.0.2 to the first
WinGate client, 192.168.0.3 to the
second client, 192.168.0.4 to the third
and so on. Note, however, that the
subnet mask must be the same for all
machines (ie, 255.255.255.0).
If you do wish to assign static IP
addresses, then it’s simply a matter
of following the instructions in the
user manual. Be sure to follow the
Fig.7: WinGate is administered using the GateKeeper
program which is installed on the server. The opening
screen lists the System Services that are available.
instructions for the Gateway and DNS
settings carefully.
Once the TCP/IP network is up and
running, WinGate can be installed
on the clients. This time, the setup
program automati
cally detects the
Win-Gate server on the network and
selects the client component for installation. This adds an extra icon
labelled “WinGate Internet Client” to
the Control Panel – see Fig.18.
Normally, the WinGate Internet Client software runs in the background
and is completely unobtrusive. Its
job is to eliminate complicated application setups and it does this by
automat
ically intercepting winsock
calls made by the applications and
redirecting them to the server.
So what does all that jargon mean
in practice? It simply means that you
set up your email, browser and other applications in exactly the same
manner as for a direct (modem) connection to the Internet (just follow the
instructions given to you by your ISP).
There’s just one exception – you must
configure the applications to connect
via the LAN instead of via a modem.
Fig.5 shows the setting for Outlook
Express, while Fig.6 shows the setting
for Internet Explorer 5.
By contrast, earlier versions of
WinGate (ie, before Ver. 3.0) only installed software on the server and this
required special setup procedures for
any Internet applications.
The keeper of the gate
At this stage, you will have a working TCP/IP network with WinGate
installed on the server and client
machines. You now need to configure
WinGate to give the clients Internet
Fig.8: clicking the Services tab brings up the available
User Services. You configure each service by doubleclicking its entry to bring up a Properties dialog box.
access and that’s where “GateKeeper”
comes in. This program can also be
used to restrict the rights that users
have or to manually configure the various services (eg, the DHCP service).
Basically, GateKeeper is the administration program for WinGate.
It’s started by double-clicking the
WinGate Engine Monitor icon in the
Fig.9: the DHCP service can operate
in fully automatic mode or can be
manually configured if required.
system tray of the server, or you can
do it the hard way and go through the
Start Menu.
The first time you launch Gate-Keeper, leave the password field in the
logon box blank and click OK. You
will then be warned that you have no
rights to the system until you enter a
password. Click OK and then follow
Fig.10: the DHCP Settings tab shows
the IP scope – ie, the IP addresses that
can be handed out to the clients.
Fig.11: doubleclicking the scope
address range in
Fig.10 bring up the
Scope Properties
dialog. This lets
you manually
specify the scope,
exclude addresses
that you don’t
want handed out
and set the lease
duration.
October 1999 7
Fig.12: the Dialer service must be
configured before clients can access
the Internet. This involves selecting
the “Connect as required” option,
choosing the dialer profile from the
drop-down list and filling in the
username and password information.
The disconnect options should also be
checked as required.
the on-screen prompts to enter a new
password, so that you have full access
to GateKeeper.
Don’t forget this password; you will
need it to logon to GateKeeper in the
future.
When you launch GateKeeper, the
dialog box shown in Fig.7 appears.
This lists the “System Services” that
are available (DHCP, DNS, Winsock
Redirector, Dialer, etc). Similarly,
clicking the “Services” tab shows the
available “User Services” (Fig.8); eg,
FTP, WWW and POP3 (ie, email) proxy
servers, etc.
Configuring DHCP
You configure each of the services
by double-clicking its entry. For example, double-clicking the “DHCP
Fig.13: the System Policies dialog is used to set global options. By default, the
recipient specified is “Everyone, Unrestricted Rights” but you can add or
remove recipients to suit your particular network, if required. Unlike WinGate
Standard, WinGate Pro lets you add new users and groups.
8 Silicon Chip
Service” entry and selecting the DHCP
Mode tab displays the properties
dialog box shown in Fig.9. This lets
you choose between three operating
modes: fully automatic, semi-automatic and manual.
If you leave it in the default fully
automatic mode, no further configuration is required. When this mode is
used, a default gateway is automati
cally assigned, the DNS is set to WinGate and the “Scope Properties” are
automatically specified. A “scope”
defines the range of IP addresses that
can be handed out to clients.
If you select the semi-automatic
mode, you can specify which components you want to manually configure.
This includes assigning the gateway
and DNS servers and creating scopes.
If you select the manual mode, you
have to specify all settings yourself.
The DHCP Settings tab brings up
the dialog box shown in Fig.10. This
shows the address of the gateway
(192.168.0.1) and the IP scope, in
this case 192.168.0.1-192.168.0.254.
Double clicking the scope entry brings
up the Scope Properties dialog box
– see Fig.11. This lets you alter the
scope range and add to the excluded
address list.
Note that, in Fig.11, the address
192.168.0.1 has been excluded since
that is the IP address of the gateway
itself.
Configuring the dialer
This step is vital if you use a modem
to access the Internet and you want to
also give the clients access via WinGate. As before, you set up the service
by double-clicking its entry.
In this case, you double-click the
Dialer entry in Fig.12 to bring up the
Dialer Properties dialog (also shown
in Fig.12). You then check the “Connect as required using” option and
select the desired profile from the
drop-down list. The dialog shown at
the front of Fig.12 will appear and
it’s now only a matter of filling in the
Username and Password information
for your ISP account.
Leave the Domain field blank unless
your ISP requires you to logon to an
NT domain in order to connect to
their services.
By the way, it’s a good idea to
increase the disconnect period from
the default value to prevent WinGate
from hanging up at a moment’s notice
(something which can quickly become
Fig.14: WinGate lets you restrict access for the recipients according to location
(ie, the IP address) and the time of day. There’s also a ban list feature that
allows you to ban clients from accessing web pages that match selected criteria.
very annoying).
In order for clients to access a service, they must be granted the right
to do so. This is determined by the
“policies” settings in GateKeeper. Basically, there are two levels of rights:
(1) system policies; and (2) service
policies.
What’s the difference between
them? Well, system policies allow you
to define global access rights, while
service policies allow you to set the
rights for individual services (eg, for
DHCP and POP3).
The system policies dialog is access
ed by clicking the “Users” tab in
GateKeeper and then double-clicking
the “Systems Policies” icon in the
lefthand pane – see Fig.13. By default,
the Everyone group with unrestricted
rights is installed but you can delete
this and add recipients of your own if
you wish to restrict access to certain
users (just click the “Add” button and
follow the bouncing ball).
As stated previously, WinGate Pro
allows you to add new users and
groups, whereas WinGate Standard
only identifies two user accounts
named “Administrator” and “Guest”
Once a recipient has been added,
you can double-click its entry to bring
up the properties dialog box shown at
the front of Fig.13. This allows you
to restrict access according to the
location of the user (eg, for a single
IP address or a range of IP addresses)
and even to restrict access times to
certain hours and certain days of the
week – see Fig.14.
One of the most useful tools here is
the “Ban List” feature. It allows you
Fig.15: the Policies tab lets you choose
the default rights for the services, as
specified in System Policies.
Fig.16: you can also add individual
recipients for each service and ignore
or include the default rights.
Granting access
to ban the clients from accessing any
web site that matches the criteria you
select and this may be based on server
name, the server IP address, the website name (URL) and URLs containing
certain words.
On the other hand, if you want to
set unique policies for a particular
service, click on the Services tab in
GateKeeper, then double-click the
icon for the service you wish to modify
and select the “Policies” tab from the
resulting dialog box. Fig.15 shows a
typical setup for a POP3 proxy server.
In this case, the “Default rights (System policies)” setting will be used.
Note that the option “may be used
instead” has been selected here, so if
the systems policies setting is “Everyone, Unrestricted Rights”, then that is
the policy that will apply.
Alternatively, by clicking the add
button, you can add one or more recipients to suit that particular service
– see Fig.16.
If you can’t get the DHCP service
working, check its Policies setting. Unlike other services, you cannot choose
a default systems policies setting (it’s
greyed out). By default, “Everyone,
Unrestricted rights” should be listed
in the pane but if it isn’t, you will have
to add a recipient yourself.
Other tabs on the service properties
dialogs let you check the Bindings
and Interfaces (ie, the interfaces that
connections will be accepted on) and
set logging options.
Security
That brings us to a very important
function of WinGate – its ability to act
as a firewall. During setup, WinGate’s
installa
t ion wizard automatically
configures the system for maximum
security. It does this by binding the
individual proxy services to the IP
address of the internal network card
(192.168.0.1) and to a local “loopback” address (127.0.0.1).
In operation, WinGate will only
accept requests coming from this internal interface. Any requests coming
from the Internet appear to be coming
from an external interface and are
rejected.
In addition, the administrator can
set up the system policies so that WinGate only accepts connections coming
from specific address ranges.
History logging
One feature that will be of interest
October 1999 9
Fig.17: the History logging option allows the administrator
to monitor Internet activity on the clients. This could be
useful for checking that business computers are only used
in an authorised manner, for example.
Fig.18: the WinGate Internet Client (WGIC) is launched from the Control Panel.
You can use it to disable WGIC or the dialup monitor and to select which
WinGate server to use if there is more than one server on the network.
to administrators is the ability to
log Internet activity. This could be
particularly useful for monitoring
user patterns and making sure that
business computers are only used in
an authorised manner, for example.
This logged file is displayed by
clicking the “History” button on
the GateKeeper toolbar – see Fig.17.
Naturally, the logging feature can be
disabled if it isn’t required.
WinGate Internet Client
Normally, you don’t have to con
figure the WinGate Internet Client
(WGIC) but there are a few options
for advanced users.
The WGIC is opened by dou-
Sharing An Internet Connection
Using Hardware
An alternative to using proxy server software for shared Internet access is to use a hardware proxy instead. This interesting device is called a Dual Speed IP Gateway Hub but
don’t let the plain-vanilla exterior fool you – it rolls an 8-port 10/100Mb hub, an Internet
access server, a DHCP server and a firewall all into one. It provides simultaneous Internet
access for all users on the network and supports either one or two modems, the second
modem automatically dialing in according to traffic requirements. We’ll take a closer
look at this unit next month, along with its little brother Dual Port IP Gateway. In the
meantime, you can obtain further information on these products (Cat. 10108 & 10112
respectively) from MicroGram Computers: www.mgram.com.au; phone (02) 4389 8444.
10 Silicon Chip
ble-clicking its icon in the Control
Panel. This bring up the dialog box
shown in Fig.19, after which there are
four tabs to choose from. The General
tab allows you to enable or disable
WGIC and to launch the WinGate
Dialup Monitor at startup. Normally,
you would want to enable the Dialup
Monitor so that the client displays the
dialing status during dialing and also
to allow the client to send a disconnect
request to the server.
The WinGate Servers tab lists all the
WinGate servers that are connected
to the LAN. You can choose which
server to use, or you can have one
automatically selected for you. On
most networks, there will only be one
WinGate server so you can just leave
the automatic setting enabled.
The other two tabs allow you to
select Internet applications that you
don’t want redirected through the
server and to reset the WGIC protocols
to their default settings.
Using WinGate
Once set up, WinGate is easy to use.
When you attempt to connect to the
Internet from a client machine, the
dialup monitor appears and is subsequently minimised to the System
Tray (assuming that the connection is
successful). After that, you can send
email or use other Internet applications in the normal manner.
If the connection is already open,
the dial-up process is bypassed and
new clients have immediate access
to the Internet.
At the end of the session, you
disconnect by double-click
ing the
dial-up monitor icon in the System
Tray and then clicking the disconnect
button. Note, however, that the server
will reject any disconnect requests if
other clients are still using the connection.
In short, it’s all pretty much transparent to the user. And that’s the basic
idea behind WinGate – to give several
users simultaneous access just as if
they all had their own modems.
Finally, there are lots of other features that we haven’t covered here.
For example, you can run an internal
mail (SMTP) server behind WinGate
on your LAN and you can provide
external access to your network by
bypassing the proxy service. You will
find all the information you need at
www.wingate.com, in the Wingate
SC
manual and in the help files.
|