|
BASIC NETWORK SHARING
 1. The non-shared connection
2. How to add a firewall
3. DSL Modem in Bridge config, ISP provides multiple IPs
4. Combination Modem/Router/Hub
5. PPPoE Sharing via a simple hub
6. Sharing via NAT software
7. A note about Internal and USB Modems
8. Sharing via a Switch/Router/NAT box
9. Sharing via a NAT capable modem
10. A Residential Gateway
11. Intel Video Phone / NetMeeting 3 / Sygate - a real example
We encourage you to search some of the setups described by users of DSLreports. The search box below comes from the Share Tool page: search on ISP name and/or equipment name and/or operating system. You'll find some real-life examples of these and far more complex and interesting setups.. plus you can contact the owner to ask questions or compare notes.
1. The non-shared connection
| Advantage |
Disadvantage |
| Simple to setup |
Software security required |
| supported by every ISP |
Connection is not shared |
A single external DSL modem, and a single computer. The DSL modem is setup such that is bridges your PC to your Internet Provider. Your PC has a public IP address, and you must run some kind of software firewall to increase security.
You must use CAT5 cable (patch cable) from modem to NIC. CAT5 cable has RJ-45 connectors on both ends.
2. How to add a firewall
| Advantage |
Disadvantage |
| Easy to setup |
Connection is not shared |
| Full Security |
Dedicated firewalls are expensive |
Wherever you have an ethernet to ethernet connection, you may insert a firewall device. These are normally configured using your web browser, or via telnet. A hardware firewall provides excellent security since it is unaffected by any reconfigurations you may do on your PC.
Normally, a firewall will allocate a private IP address to your PC.
If you intend to allow outside connections in, your firewall must be configured correctly.
Use the WAN port, if available, on firewall. Check manuals for firewall to check whether CAT5 or cross-over cable is required.
3. DSL Modem in Bridge config, ISP provides multiple IPs
| Advantage |
Disadvantage |
| Full access to Internet |
extra IPs cost money |
| Easy to setup |
software security required |
ISPs generally offer additional public IP addresses at an extra charge. Whether you are opted to use IP, DHCP, or PPPoE, you can take advantage of this to setup more than one PC by use of an inexpensive hub
Please note that the connection from the modem to the hub requires either a cross-over cable, or the hub must identify one port as being an uplink if you wish to use a regular ethernet patch cable.
4. Combination Modem/Router/Hub
| Advantage |
Disadvantage |
| One box solution |
Expensive |
| |
Hub is usually only 10mbit |
Products from Netopia or Flowpoint act as a combined DSL modem, hub and firewall all in one. This is an ideal solution, with the following caveats: the unit may only offer a 10mbit hub (somewhat slow for even home use now), and is usually expensive (several hundred dollars) when compared to the "free" more basic DSL modems provided with other residential products.
Often this is recommended for a small office solution, however the included hub should not be relied on for inter-office traffic, instead, a dedicated 10/100 switch should be provided, and the all-in-one unit is connected to this switch, to just gateway internet traffic.
All cables are CAT5.
5. PPPoE Sharing via a simple hub
| Advantage |
Disadvantage |
| Simple to setup |
ISP may not support this |
Your PPPoE software talks to your ISP to allocate you an IP address for your login name and password. Many ISPs do not yet limit the number of times this can be done, allowing you to login on more than one PC, and thus get internet access on all with no extra configuration.
6. Sharing via NAT software
| Advantage |
Disadvantage |
| Unlimited sharing |
Breaks some applications |
| Basic security |
Gateway PC is not protected |
| |
Two NICs required |
This diagram is split on the left to indicate clearly that a hub is not absolutely required when using Windows ICS or similar NAT software -- you can easily connect a 2nd PC to the first "daisy chain like" (you must use CAT-5 cross-over cable for this, and a second network card), and the hub is then not required. A hub is required to hang off more than one PC from the gateway machine.
The gateway PC: Windows 98SE and future versions of windows come with ICS, which allows easy sharing of your single connection to other PCs on a local network. Unfortunately, the gateway PC is somewhat exposed, and may require a software firewall. It also be always on to provide access to the other PCs. Interaction between Windows ICS (or similar NAT software such as Sygate), and any software firewalls, may also be unpredictable.
7. A note about Internal and USB Modems
| Advantage |
Disadvantage |
| cheap |
Loss of flexibility |
| NIC only needed for sharing |
Possible performance problems |
A PCI (or even USB) modem is essentially internal to one PC. This has the advantage that it is a one-card or one-box upgrade to DSL for a PC that was previously used for dial-up.. the disadvantage is a loss of flexibility since your PC must now act as a master or gateway to anything else in your home network. You also cannot place any hardware firewall, or residential gateway device beyond your PC. PCI or USB modems are rarely supported well outside mainstream versions of windows.
In any of these diagrams showing an external modem, you may substitute that with the combination of equipment shown above: the PC with internal/USB modem, and NIC..
8. Sharing via a Switch/Router/NAT box
| Advantage |
Disadvantage |
| Works with many providers |
Ext. DSL modem reqd |
| Economical |
Buggy Firmware |
| Secure |
|
This category of home network equipment is very popular, combining a 100mbit switch, NAT capability, PPPoE (avoiding any requirement to install PPPoE drivers on PCs), perhaps also a print server, and configurable over the web. These boxes are getting towards the $100 point, and solve a lot of problems in one unit.
Unfortunately, the difficulty of providing all these features in one unit means subtle bugs in firmware can provide frustrations for some customers. In addition, they lack the full features of firewalls or more mature router products so configuration to allow video conferencing and some multiplayer games, can become difficult or even impossible.
Some of these units also provide the ability to nominate one port as "open" to the net, usually known as the DMZ port (de-militarized zone). This port can be used as a last-ditch effort to get some NAT unfriendly software working.
9. Sharing via a NAT capable modem
| Advantage |
Disadvantage |
| Easy to setup |
|
| Flexible |
|
Many DSL modems are capable of operating in more than just bridge mode.. they can be configured to support multiple private IPs via NAT, which both adds flexibility and also some degree of security.
Please not that the connection from the modem to the hub requires either a cross-over cable to the port, or the hub must identify one port as being an uplink port if you wish to use regular ethernet patch cable.
10. A Residential Gateway
| Advantage |
Disadvantage |
| Total solution? |
Expense |
| |
Unproven product category |
A residential gateway, is really just the combination of all of the previously discussed functions rolled into one, with more bundled in as well. They might support a local wireless net for laptops or wireless card equipped PCs, they may also handle voice over DSL in a seamless way. A residential gateway would also have a packet inspecting firewall, and in future might be able to handle video streams as well. The ultimate residential gateway is the ship computer on Star Trek: "computer, call the klingons, and tell them we're going to be late for that meeting".
(thanks to hfb1217 for corrections).
11. Intel Video Phone / NetMeeting 3 / Sygate - a real example
This was kindly written up by John C. Smith
johnzonie(at)earthlink.net
OK, so I now have high-speed Internet access, courtesy of Sprint Broadband. Now on to sharing! My small network consists of my Micron Desktop names Max, an IBM Thinkpad, 770, for my wife and a spare Thinkpad, 365. We share printing via an Axis 1440 thin client connected to an Epson 870. All are connected to an Intel 8-port hub. All PC's run Win98SE and are configured for TCP/IP and Netbeui protocols. Max has a second HDD for all laptops to back-up to.
My wife has little patience for my continuing experimentation with PC software and the attendant rebooting so I thought the best thing to do was get a hardware router. My first try was the Linksys BEFSR41, a 4-port router. After running up the learning curve, I got it working satisfactorily. Of course I suffered a loss in download speed, from 4.4 Mbps to 2.6 Mbps but I figured that the independence of connection was worth it. We both had independent connections, I could reboot until the cows came home and my wife's connection was always there. We use ICQ for round-robin family chats and it was shaky with Linky, so we just used one PC connection at a time.
Then came the "troubles". I picked up an Intel Video Phone, with the long-term goal of keeping tabs on my granddaughter on the east coast. Shouldn't be too tough, say I. After installing the video phone software on Max, no go. Would get a video connection but no audio connection with my neighbor, who was also on Sprint Broadband. All worked fine if the router was out of the picture and Max was directly connected to the Sprint broadband modem. First thing tried was to put Max on the DMZ. I experimented with DHCP, manually set IP's, and upgraded firmware to 1.33.1 and a host of other settings without success. After a while, I found out that there is some belief that the Linky doesn't handle UDP transparency through the DMZ. This is consistent with no audio channel, as it is sent on a UDP port. This was particularly frustrating, since the Linksys manual recommended using the DMZ port for applications such as "gaming and video conferencing".
This now became a quest! I read everything I could about video conferencing. I learned that the protocol is called H.323 and it is *very* demanding on routers and almost impossible to get through a NAT (Network Address Translation) router. It turns out that it is a streaming protocol and any packet filtering can cause problems. It was obvious that Linky was not up to the task. The search for an economical alternative was on!
There were a lot of favorable comments about the Netgear RT314 so I asked Netgear technical support if the RT314 supported video conferencing and was assured it did. When I received the RT314, I installed it with high hopes. The Download speeds were a bit better than Linky, up to 3 Mbps. Still below the raw 4.4 Mbps but pretty good. Unfortunately video conferencing was still no go. Email conversations with Netgear technical support were next to useless. There seemed to be little understanding of video conferencing requirements. After trying the RT314 equivalent of DMZ, setting Max's IP address as the default IP in menu 15, there was still no success. Everything else seemed to work well, browsing, email, etc. Also, unlike Linky, both Max and 770 could simultaneously access and file transfer via ICQ2000a. There seemed to be better application tunneling in the RT314. So, aside from the video conferencing and lack of responsive technical support, the RT314 was pretty good. But still no video conferencing. Since the RT314 has a lot of filtering options, I suspected this might have been the problem.
As a last resort, I decided to try Sygate, a software Internet connection sharing solution (www.sybergen.com). It is like Windows 98 SE Internet Connection Sharing on steroids. It looked like it had a lot of capability and the fact that there was a 30-day trial encouraged me to give it a try. I removed the router, went back to my pokey 10bastT hub and added a second NIC to Max, who was about to take on Sygate server duties.
Probably the trickiest part of the installation was installing two network cards in one machine, Max. Since both were 3Com 3C905's, I expected a problem, at least according to some reports on www.practicallynetworked.com. I followed the 3Com manual to the letter and both cards installed cleanly. I insured both cards had their own IRQ. I removed Netbeui binding from the Internet card. Did a renew/release on winipcfg and voila, we were on-line!
The first card was connected to the Internet; the second card was connected to the LAN with a fixed IP of 192.168.0.1. The other laptops were manually configured to their own 192.168 addresses. Sygate 4.0 build 693 was installed on Max as server. Client software was installed on the laptops. Additionally, Sygate Secure Desktop 2.1 build 464 replaced ZoneAlarm on Max. ZoneAlarm was removed from the clients.
It works, it all works! With SSD in medium security, we score 0 on dslreports security scan. All ports are reported as stealth on www.grc.com. This is both from client and server. Probably makes sense, since SSD binds to the Internet NIC. Additionally, SSD does a good job of logging unauthorized attempts to connect to Max. My download speed is back to 4.4 Mbps! ICQ2000a works from Max (server) and 770 (client). VIDEO CONFERENCING WORKS FROM MAX!! Video and audio works completely satisfactorily. With the latest Intel software, I can take advantage of the high-speed connection for true streaming video that is very sharp and very smooth. The fact that Max is the server and has a direct connection to the Internet is key to having a working Video Phone. In essence, it doesn't have to go through any NAT! The firewall software, SSD, seems to allow the necessary dynamic port assignments to work and doesn't block any needed ports or perform any filtering.
For my needs, a software solution works better than a hardware one! (This kinda hurts, after a 30 plus year in hardware engineering!) But, the solution is the thing. I'm happy with the Sygate offering. It lists at around $40, compared to $150 or so for hardware routers. (The second NIC came with the Sprint installation.) Of course, my wife still has to deal with my ongoing reboots, and the attendant loss of her Internet connection. So my workaround for that is to do my tinkering when she isn't on. Not a complete solution, but...
Hope this helps in your search for your home networking solution!
John
PS In case you're interested, here are some links that I found helpful in understanding video conferencing:
http://support.intel.com/support/proshare/h323doc1.htm Video Conferencing across Firewalls
http://developer.intel.com/support/videophone/trial21/h323_wpr.htm Getting H.323 through firewalls
http://www.meetingbywire.com/Firewalls.htm NetMeeting and Firewalls
|
