The Nuts and Bolts of the Connection


You're probably familiar with using a modem to connect your own PC to an Internet service provider and thence to the Internet. When you're connecting an entire network of computers, the process is a little more involved. We'll address five main issues, starting with the physical connection itself. We'll discuss the pros and cons of each of the most common and reasonable alternatives.

The Need for Speed

Of the several connection technologies, each has advantages and disadvantages in reliability, speed, and cost.

Speed is everything on the Internet now, and the need for raw speed will become even more important in the future. Remember that everyone on your LAN will be sharing a single connection, so you have to consider the speed requirements for the applications you'll be using over the network and multiply that requirement by the number of simultaneous users you'll want to support at that speed. If you have eight users checking email and occasionally browsing the Web, your speed requirements might be met by a single modem, but if you have just two users who want to use voice and videoconferencing at the same time, you might need a very high-speed connection indeed.

If you can get it, high-speed DSL, cable, or satellite service will provide a much better experience than a dial-up setup. It costs a bit more per month, but if you take into the account that one shared broadband connection can replace several dial-up accounts and free up several phone lines, it might turn out to be the least expensive alternative as well as the most fun.

Ways to Make the Connection

When you're using a single computer, you use its analog modem or a broadband cable, DSL, or satellite modem to connect to your ISP as needed. When you share your Internet connection on a network, you'll either designate one computer running Windows XP to make the connection, or you'll use an inexpensive hardware device called a connection sharing router or residential gateway to serve as a bridge between your network and a dial-up, cable, or DSL modem. Whichever method you choose, the designated computer or router will automatically set up the connection any time it's needed by anybody on your network.

As an overview, Figure 19.1 shows six ways you can hook up your LAN to an Internet service provider. They are

  1. Microsoft Internet Connection Sharing (ICS) with an analog or ISDN dial-up connection. In this scenario, the built-in software in Windows automatically dials your ISP from one computer whenever anyone on the LAN wants to connect to the Internet. This is called demand-dialing. (By the way, the modem doesn't have to be an external one; it could be an internal modem. I just wanted it to show up in the figure.)

  2. ICS with a broadband DSL or cable modem. The computer that hosts the shared connection uses a second LAN adapter to connect to a broadband modem. This type of connection might be always-on, or, if your ISP uses a connection-based setup called PPPoE, Windows will establish the link whenever anyone wants to use the Internet.

    To learn more about PPPoE, p. 298.


  3. Connection sharing router with a broadband, analog, or IDSN modem. You can use a small hardware device that costs somewhere in the range of $20$100 to do the same job as Internet Connection Sharing. The advantage of this is that you don't have to leave a particular Windows XP computer turned on for other users to reach the Internet. It is also more secure because a separate device is shielding Windows from the Internet.

  4. Cable service with multiple, directly connected computers. This is the setup that most cable Internet providers recommend for a home with more than one computer, but it is a bad idea! You can't use this method and also use file and printer sharing. Use schemes B, C, or E instead. See "Special Notes for Cable Service" later in this chapter for more information.

  5. Cable service with multiple, directly connected computers, and a separate LAN for file and printer sharing. If you don't use connection sharing (schemes B or C), this is the only safe way to share files and printers and also have an "unfiltered" broadband Internet connection.

  6. Routed service with a router. Some ISPs provide routed Internet service through DSL, cable, Frame Relay, or other technologies. There's usually an extra charge for this type of service, as it provides a separate public IP address to each computer on the LAN. This has some advantages that I'll discuss later, but it also incurs a risk of exposing your network to hackers, unless you're vigilant in setting it up.

Figure 19.1. Six ways to connect your LAN to the Internet.


I discussed the pros and cons of dial-up, ISDN, and broadband connections themselves in Chapter 8, "Internet and TCP/IP Connection Options," so I won't repeat that discussion. Here, I'll discuss the costs and benefits of these six connection-sharing strategies.

NOTE

Although I really prefer using the shared connection strategiesthe first three schemes in Figure 19.1they have a drawback: It's more difficult to enable incoming access to your computer. In particular, it makes it hard to reach your computer with Remote Desktop, and can be difficult for someone to work with you using Remote Assistance. I'll show you how to make them work at the end of the chapter, under "Making Services Available."


Now, let's look at the issues involved in having a single ISP connection serve multiple computers.

Managing IP Addresses

Connecting a LAN to the Internet requires you to delve into some issues about how computers are identified on your LAN and on the Internet. You'll find some background on this topic in Chapter 15 under "IP Name Services and Routing." In this chapter, we'll focus on how your LAN relates to the Internet as a whole.

As I discussed in Chapter 15 each computer on your LAN uses a unique network identification number called an IP address that is used to route data to the correct computer. As long as the data stays on your LAN, it doesn't matter what numbers are used; your LAN is essentially a private affair. On LANs with no shared Internet connection, in fact, Windows just makes up random IP address numbers for each computer and that's good enough.

When you connect to the Internet, though, those random numbers can't be used to direct data to you; public IP addresses have to be assigned to you by your ISP so that other computers on the Internet can properly route data to your ISP and then to you.

Now, when you establish a solo dial-up connection from your computer to the Internet, this isn't a big problem. When you dial up, your ISP assigns your connection a temporary public IP address. Any computer on the entire Internet can send data to you using this number. When you want to connect a LAN, though, it's not quite as easy. There are two approaches:

  • You can get a valid public IP address for each of your computers, so they can each participate in the Internet at large

  • You can use one public IP address and share it among all the users of your LAN

The first approach is called routed Internet service, because your ISP assigns a fixed block of IP addresses for your LANone for each of your computersand routes all data for these addresses to your site. The second approach uses a technique called Network Address Translation or NAT, in which all of the computers on your LAN share one IP address and connection.

NAT and Internet Connection Sharing

Microsoft's Internet Connection Sharing system and the popular devices called residential gateways or connection sharing routers use Network Address Translation to carry out all Internet connections using one public IP address. The computer or device running the NAT service mediates all connections between computers on your LAN and the Internet (see Figure 19.2).

Figure 19.2. A NAT device or program carries on all Internet communications using one IP address. NAT keeps track of outgoing data from your LAN to determine where to send responses from the outside.


To explain NAT, it's helpful to make an analogy to postal mail service. Normally, mail is delivered to each house according to its address, and the mail delivery person stops at each separate house on a given block. This is analogous to routed Internet service where each of your computers has its own public IP address. Data is routed to your LAN, and then delivered to each computer independently.

NAT works more like a large commercial office building, where there's one address for many people. Mail is delivered to the mail room, which sorts it out and delivers it internally to the correct recipient. With NAT, you are assigned one public IP address, and all communication between your LAN and the Internet uses this address. The NAT service takes care of changing or translating the IP addresses in data packets from the private, internal IP addresses used on your LAN to the one public address used on the Internet.

Using NAT has several significant consequences:

  • You can hook up as many computers on your LAN as you wish. Your ISP won't care, or even know, that more than one computer is using the connection. You will save money because you only need to pay for a single-user connection.

  • You can assign IP addresses inside your LAN however you wish. In fact, all of the NAT setups I've seen provide DHCP, an automatic IP address service, so that there's virtually no manual configuration needed on the computers you add to your LAN.

  • If you want to host a Web site, VPN, or other service on your LAN and make it available from the Internet, you'll have some additional setup work to do. When you contact a remote Web site, NAT knows to send the returned data back to you, but when an unsolicited request comes from outside, NAT has to be told where to send the incoming connection. I'll discuss this later in the chapter.

  • NAT serves as an additional firewall to protect your LAN from probing by Internet hackers. Incoming requests, to read your shared folders for example, are simply ignored if you haven't specifically set up your connection sharing service to forward requests to a particular computer.

  • Some network services can't be made to work with NAT. For example, you might not be able to use audio and video chat with Windows Messenger and NetMeeting. These programs expect that the IP address of the computer on which they're running is a public address. Windows Internet Connection Sharing and some hardware sharing routers can work around this problem using the Universal Plug and Play protocol, which I'll discuss later in the chapter.

  • A hardware connection sharing router may provide you with better security than Windows Internet Connection Sharing, because as special purpose devices, their software is simpler and less likely to be buggy than Windows. Also, when used with Windows Firewall, you have two separate lines of defense against hackers rather than just one.

Starting with Windows 98, Microsoft has provided a NAT service through its Internet Connection Sharing feature. In addition, Windows XP Service Pack 2 introduced Windows Firewall, an additional security feature that prevents outside people from accessing your LAN. I'll talk more about Windows Firewall in Chapter 21.

Given the choice between Microsoft's Internet Connection Sharing (ICS) service and an external hardware router, I recommend that you use a router, for two reasons:

  • First, to use ICS, you have to leave one of your Windows computers turned on so that other computers can reach the Internet. Connection sharing routers have to be left on too, but they consume very little power compared to what a PC sucks up.

  • More importantly, connection sharing routers provide better security than Windows. These little boxes have very little going on inside them, so it's more likely that any security flaws have been noticed and fixed. Windows, on the other hand, is hugely complex, and Microsoft finds security flaws at the rate of one or two a week. If you use ICS and host a Web site on the connection-sharing computer, you're inviting outside people to run complex software on the same computer that's protecting your network. If they find a way to circumvent NAT or the Windows Firewall, they're already inside your computer. With the hardware router, they have to break through the router, and then break into Windows.

I won't go so far as to say that you shouldn't trust ICS, and I will show you how to hook up your LAN using all of the methods I described earlier. I'll just put in as my final word on this issue that I use DSL/cable sharing routers at my own home and office.

If you decide to use a router, look at the products made by Linksys, D-Link, SMC, and Netgear. You can find them at computer stores, office supply stores, and online (check www.buy.com), and on sale you can pick one up for $20 or less. Wireless versions that include an 802.11g Wireless networking base station as well as a hub for wired Ethernet connections don't cost that much moreI'm looking at the ads in my Sunday paper right now and see prices ranging from $40 to $60.

There are also more advanced (and expensive) versions that include additional features like a built-in print server or VPN (virtual private networking) service. For example, the D-Link DI-713P Wireless Broadband Router provides NAT (connection sharing), a 3-port switching Ethernet hub, a print server, and a wireless access point all in one box. But, while combination devices may be less expensive when you look at the total cost of getting separate devices, separate units give you more flexibility in where you locate the devices, and if one device fails, you don't lose all of the functions at once.

NOTE

By the way, while most connection sharing routers on the market are designed for use with cable or DSL Internet service, some can connect with an analog or IDSN modem. If you use dial-up service, you're not left out. Netgear and SMC make devices that can be hooked up to a modem.


Running Your Own Web Servers

If you want to host your own public Web or email servers on your LAN, or if you want to reach your LAN through Remote Desktop or a VPN connection, you need to have an always-on connection so that the network can always be reached from the outside. A demand-dialing modem connection is not a good choice for this use because the connection is established only when you try to reach out. Many years ago it was cost effective to use a permanently connected dial-up service, but it's no longer cost-effective. Broadband is really the only way to go. Routed Internet service is a big advantage here because each computer gets a fixed, public, always-on IP address, but you can get by with a shared connection too.

You'll probably also want to be able to reach your Web site or computers by typing in a standard domain name like www.mysitename.com. For this, you need to register a domain name, and you need Domain Name Service (DNS) to give the Internet the means of finding your computer's public IP address. You can have your ISP provide domain name service, but it will probably cost you an extra $5 to $20 a month. You also might check out the free public DNS services hosted by www.dyndns.org and others (do a Google search for "free DNS service" and check out the sponsored links).

Whether you use NAT or a routed Internet service, it's best if you can get your ISP to assign you a permanent, or static, IP address so that your computers' IP addresses don't change from day to day as a dial-up connection's does. This way your DNS information can be set up once, and it will work as long as you keep your ISP. Static IP addressing is not available with every connection technology or ISP, though, so you have to ask when shopping for your service provider.

If you have dial-up, cable, or non-static DSL service, you'll have to get "dynamic DNS" service, since your network's public IP address will change every time your connection is reestablished. Check out www.dyndns.org for more information about dynamic DNS, or do a Google search for "free dns service" and check the sponsored links.

Inverse DNS

If you go for dedicated Internet access, and your ISP assigns you a block of IP fixed addresses, you might want to ask your ISP to enter Inverse DNS information for you as well as register your domain name.

The domain name service (DNS) is called into play whenever you use an Internet address like www.microsoft.com. DNS looks up this name in a directory and returns some computer's IP addressfor example, 207.46.131.137. The DNS system can also work in reverse and return the name of a computer given its IP address. For example, the name 4.3.2.1 turns out to be durham2-001.dsl.gtei.net.

When you get routed Internet access, the "inverse" lookup names for the IP addresses assigned to you either are left undefined or are set to some generic names like cust137.dsl131.someISP.com. If you ask, your ISP can set up names that identify your computers and domain so that anyone on the Internet to whom you connect can find out the name of your computer.

Using inverse DNS has some pros and cons. One pro is that some email servers on the Internet don't accept email from systems without a valid inverse DNS entry. If you run an email server on your network, at least that computer should have an inverse DNS entry. One con is that Web site managers can tell the name of your computer and domain when you visit Web sites, so you give up some privacy.

The choice is up to you. If you want to register your computers, talk to your ISP.


The next two sections discuss issues important to business users. If you're setting up an Internet for your home, you can skip ahead to "Getting Your Service Installed," later in the chapter.

A Warning for Business Users

My enthusiasm notwithstanding, cable and DSL Internet service are based on new technologies, and the businesses delivering them are new and growing extremely rapidly. I can tell you from direct experience that they can give you a painful, bumpy ride. Some DSL ISPs (two of mine, for example) have already gone bankrupt and stranded their customers.

Customer support ranges from okay to incredibly bad, installation appointments are routinely missed, and even billing can be a terrible mess. Ask a provider for a service level agreement (a guaranteed percentage of uptime and throughput), and the likely reply will be hysterical laughter. If your business truly depends on your Internet connection for survival, DSL and cable are probably not for you.

It will cost lots more in the short term to set up Frame Relay or dedicated ISDN service, but if you lose business when your connection fails, you probably can't afford the risks that come with consumer-class DSL and cable Internet access. If you do want to use cable or DSL, it's worth paying extra for "business class" service. For instance, I've used XO Communications Business DSL for several years, and have been very happy with the service.

Frame Relay

I talked about dial-up, DSL, cable, ISDN, wireless, and satellite Internet connectivity in Chapter 8. For serious business use, Frame Relay is one more option to consider. Frame Relay is an older technology that was primarily designed for private, dedicated, long-distance connections for the corporate world. It's connected using hardware very similar to DSL, but it requires its own dedicated telephone line from your office to the phone company and some expensive equipment.

Although installing and setting up frame relay Internet hardware is tough, after the equipment is in, it just plugs into your LAN and virtually no setup is involved with Windows itself. (In Figure 19.1 it falls into the last category, Routed Service.)

Frame relay connections are extremely reliable and run at data rates similar to DSL, but have a severe disadvantage in price. Table 19.1 compares the costs for 128Kbps Frame Relay to DSL service.

Table 19.1. 128Kbps Frame Relay Versus 128Kbps DSL
 

128Kbps Frame Relay

128Kbps DSL

Installation by telephone company

$1,000

$0100

Setup by ISP

$400

0

Required hardware (modem and so on)

$1,2001,800

$0400

Monthly data line fee

$325

$40

Monthly Internet service provider fee

$400

$10


It's pricey, but frame relay users might expect service interruptions of no more than three minutes per month versus perhaps three hours per month with DSL service. If this sounds worthwhile to you, you should contact a telecommunications consultant or a networking pro for more information.

Special Notes for Wireless Networking

If you're setting up a wireless network, you must enable WEP or WPA encryption to protect your network from unexpected use by random strangers. People connecting to your wireless network appear to Windows to be part of your own LAN, and are trusted accordingly.

If you really want to provide free access to your broadband connection as a public service, provide it using a second, unsecured wireless router plugged into your network, as shown in Figure 19.3. Use a different channel number and SSID from the ones set up for your own wireless LAN. Set up filtering in this router to prevent Windows file sharing queries from penetrating into your own network. See "Scheme FRouted Service Using a Router" later in this chapter for the list of ports that you must block.

Figure 19.3. If you want to provide unsecured, free wireless Internet access to strangers, use a second wireless router in order to protect your own LAN.


(And remember that someone might use your connection to send spam or attack other networks. If the FBI knocks on your door some day, don't say I didn't warn you.)

Special Notes for Cable Service

Although some cable Internet providers can provide you with multiple IP addresses so you can connect multiple computers directly to your cable modem. I strongly urge you not to use this type of service. There are two reasons for this.

First, when you order more than one IP address on cable service, some providers assign IP addresses that have different IP subnet addresses. This is like giving you telephone extensions with different area codes, and it makes it very difficult to use Microsoft Networking (file sharing) on your LAN.

More importantly, this type of setup requires you to connect your cable modem directly to your LAN, without any firewall protection between the Internet and your computers. You would have to disable file and printer sharing on each computer. If you didn't, you would expose all of your computers to a severe security risk.

CAUTION

Do not connect a cable modem directly to your LAN. Anyone on the Internet would be able to read and change your shared files and folders, and could possibly infect your computer with viruses and other nasty software.


Now, if you don't care about file and printer sharing, this isn't a big loss. But, if you do want the full advantage of having a LAN in your home or office, there are three ways to solve this dilemma.

  • You could set up two separate networks, one to connect each computer to the cable modem, and the other to connect the computers for file sharing (see Figure 19.1-E). With Ethernet network adapters costing as little as $5 each, this isn't a bad solution. You would have to take great care to configure the two networks correctly. I'll discuss this shortly.

  • You could install two network adapters in one computer, one going to the cable modem and the other to your LAN, and use Windows Internet Connection Sharing, as shown in Figure 19.1-B.

  • You could install an inexpensive cable/DSL sharing router to provide the connection, as in Figure 19.1-C.

Some cable ISPs don't want you to use a router, but I think it provides superior protection against hacking, and that needs to be your first priority. You can always pay your ISP for the extra computers and use just the one, safe connection to provide service to your other computers.

Special Notes for ISDN Service

If you are ordering ISDN service, you should know what kind of ISDN modem or router you will be using before you order an ISDN line from the phone company. ISDN provisioning is complex, and most telephone companies can determine the options you need if you tell them the brand of equipment you're using. Also, your ISDN equipment manual may list a special "quick order" code to give your telephone company. You will probably order "2B+D, Data and voice, 64K data" service with no special call functions.

When your ISDN line is installed, be sure to ask the installer for the following information:

  • Switch type

  • SPID (Service Profile Identifiers) numbers

  • Directory numbers

You'll need these when you install your ISDN modem.



Special Edition Using Microsoft Windows XP Professional
Special Edition Using Microsoft Windows XP Professional (3rd Edition)
ISBN: 0789732807
EAN: 2147483647
Year: 2003
Pages: 450

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net