Ethernet is today's choice in networks. If your PC doesn't come with an Ethernet card built in, a good, fast card is available for about $20. (Incidentally my first slow old card cost over $300, and can now be bought for $8.) The early cards operated at 10 Mbps (million bits per second), which is all that is supported by the older ISA bus from the AT generation PCs. The second generation Ethernet runs at either 10 or 100 Mbps, and require at least a PCI bus interface for the higher speed. These cards automatically detect the speed, sometimes are even full duplex (send and receive at the same time) and are normally set to automatically switch to the highest speed possible.
Theoretically an Ethernet is a bus technology - all the computers connected to the shared wire. However, adding or removing a computer disrupted the connections, so an alternative was developed. Each computer is plugged into a hub, a device that checks that the connected computer will not disturb the rest of the network, and adds them to the connection. Normally "Category 5" wiring with "RJ45" connectors (that look like fat telephone plugs) are used between the computer and the hub. However if you only have two computers, you can skip the hub and use a "crossover" cable to directly connect the computers. The crossover cable is the same, except the "out" connection on one end of the cable is "crossed over" to the "in" connection on the other end of the cable, and vice versa. Don't buy cheap cables - a good quality Cat 5 cable only costs about $5, a long cable about $10.
Normally hubs support 4, 8, or 16 computers. But if you need more, you can connect one hub to another. Since you need to connect in to out, a crossover cable can be used for the connection between hubs. Actually many hubs have an extra "expansion" port, where the connectors are crossed inside the hub, so a regular cable can be used. An inexpensive 8 port hub supporting 10/100 Mbps will cost about $40.
If you have 4 or more computers, when machine A is talking to machine B, the Ethernet itself is busy, so Machine C will have to wait to talk to machine D. Therefore a switching hub was invented. When the hub detects that A is talking to B on the same hub, the switching hub connects them directly, leaving the rest of the network free for other users. Machine C does not have to wait to talk to machine D. And if C and D start to talk, they are switched together for the instant, etc. When the switching hubs were first invented they cost many thousands of dollars, but the price of an 8 port switching hub is now only about $60-70 - little more than a plain hub, so a worthwhile investment.
Many high speed Internet connections use an Ethernet card to connect to the cable modem or DSL box. In theory you could just plug the cable modem into the hub (I have done it and it really does work). However, there are several reasons, that we will discuss later, why you shouldn't do that. Therefore if you need an Ethernet port for your high speed Internet connection, while you are buying and installing the hardware, you may want to spend the extra $20 and put a second Ethernet card in one of the computers. Further, if the second Ethernet card is a different brand than the first card in that machine, it will be easier to identify which hardware and cable goes with which software connection.
In the early days of networking personal computers, you had to buy special software for the network - Microsoft, Novell, Lantastic, Banyan, or others, then had to spend a substantial amount of time installing and setting up the software. Starting with Windows 95, Microsoft including networking as a standard part of the operating system - easy to set up, and free. So is there any question about what type of software to use?
What is TCP/IP?
Internet Protocol, IP, is a communications technique that just gets packets of information from one address to another. The messages may be broken into smaller packets, which can follow different paths to the destination. Those packets can be duplicated, lost, or delivered out of order.
TCP is the protocol that makes IP reliable. IP carries the data, but TCP gets rid of duplicate packets. It holds the packets at the source until the destination acknowledges (in a message going in the other direction) that each is received. TCP requests a retransmission of lost packets, if required. It arranges the packets in the right order at the receiving end, so that the user only has to be concerned about sending the "whole" message.
Another protocol, UDP/IP is similar. There is no acknowledgment of the receipt of each packet, so the UDP (User Datagram Protocol) is more efficient, but can occasionally lose a portion of the message. It is often used for audio and video, where delays would be worse than a lost instant of data. Messages can also be sent to several destinations at once (multicast). In contrast, TCP is optimized for reliability, but aggravates latency issues.
There are three common types of protocols - the way the messages are formatted and managed on the network.
As a beginner, which protocol(s) should you choose? Your dial-up Internet connection already uses TCP/IP, bound (connected) to the dial up adapter/modem. But you need to choose the protocol for the rest of the network. If you are going to jump in all at once, including a shared Internet connection, all you need is TCP/IP. Some of the software/hardware recommended below will provide DHCP (Dynamic Host Configuration Protocol) services, that handle the address assignment and other setup. If you want to get your network working, and add the shared Internet connection later, then start with either IPX or NetBEUI protocol, so you don't have to worry about configuration of TCP/IP.
At this point you are on your own for a moment - turn off each computer, install the network card (hope for plug and play), and connect each network card to the hub. If you do not have a Network Neighborhood icon, install "Client for Microsoft Network" through Windows. Then check "Properties" in the Network Neighborhood icon, or Networking on the Windows Control Panel. You should have (or need to add)
Client: Microsoft Networking
Adapter: Dial Up Adapter (assuming you have a modem)
Adapter: Your brand of Ethernet
Protocol: Your protocol (TCP/IP) -> Your Ethernet adapter
Protocol: TCP/IP -> Dial Up Adapter
File and Print Sharing
Each computer must have a unique name. Since machines sometimes change function or owner in our home, I learned not to name the computer "Charlie" or "Jenny". Since I normally get machines at different times, the machines are different, so I use a name like P450 for the Pentium 450. It is convenient, but not necessary, for all the machines in your home to be in the same workgroup - at our home the workgroup is named "Plesums". The Computer description can be anything - e.g. Charlie's P450 9/10/99.
Windows NT and Windows 2000 want to know who is accessing the data, as well as a password, while Windows 95/98 don't care who, if they have the right password. Therefore before Windows NT/2000 can share any data, the person who will share the data must be defined as a user of the NT/2000 system. Add the user, and establish a password, using the administration features. Then in Windows Explorer, right click on the drive or directory to be shared, click on Sharing, and select the "Share" radio button. You may choose a special share name (that will be used to identify this data on the network), or accept the default. Click on Permissions to see what each user is allowed to do. At this point, you can add users to the share list, and set different permissions for different users. When the share is established, a little hand will appear to be holding (sharing) the icon for the drive or folder.
To use the share on the Windows NT/2000 system, either map the network drive or look in the network neighborhood of Windows Explorer. To map the drive, use the path \\<machine name>\<share name>. Your user name is the one you are logged in as, (or from Windows NT/2000 you can specify a different user name authorized to use the machine with the data). You must also specify the required password. Then use the data as if it were on your own machine.
The process to share a drive or directory on Windows 95/98 is similar, but no user identification is required. A separate password can be specified for read only access, different than the password for full control.
Even if you are in a controlled environment and do not use a log-in password on your machine, you should establish a password for the shared files. When your network is connected to the Internet, you want the extra protection that passwords offer on the shares.
Printers are shared in a very similar manner. A share is established on the machine that "owns" the printer. Then other machines on the network can add a printer, specifying Network rather than Local printer. The name of the printer is \\<machine name>\<printer name>, just like sharing the drives or directories, or you can find the printer by browsing the network.
The printer drivers must be installed on each machine that will use the printer across the network. Often this is handled automatically when Windows connects to the printer. Sometimes you must specify the make and model, to help load the drivers, or provide the software disk that came with the printer. In extreme cases, you can temporarily install the printer as a local printer (so that the necessary software is loaded), then install it as a network printer, even if you never use the local printer connection. (I have used this technique to put printers on the network that the printer vendor said could not be used on a network.)
Each computer on a TCP/IP network has a 32 bit "IP address," traditionally written as 4 eight bit numbers, separated by periods. An 8 bit number has a value of 0 to 255, so theoretically the first IP address would be 0.0.0.0 and the last would be 255.255.255.255. (Actually 0 and 255 in the 4th number are reserved for special purposes.) There are several addresses, or sets of addresses, that are "special."
Your Internet Service Provider (ISP) will assign your IP address, either statically (you are given a unique IP address "permanently") or dynamically (the address is assigned for the duration of the session when you log on or for a period of time, such as 24 hours). This is your address to everyone else on the Internet. You could connect your DSL line or cable modem to all the machines on your network (through the hub), and ask your ISP to assign addresses to all of them - they will be glad to do so, for a fee. Each computer would then appear to be a separate user of the Internet.
A different approach is used to connect each corporate network to the Internet, and can be used in homes as well. One computer (called a Gateway or Router or Proxy Server) is the only real user of the Internet. Other computers on the network ask the gateway to make requests on their behalf (be their proxy), and return the results to the requesting machine. That gateway process can be done in Hardware or in Software installed on one of your local PCs.
The gateway will use the IP address provided by the ISP when connected to the "external" Internet. But it has a separate "internal" connection to the local network. We must assign that local connection an IP address, such as 192.168.0.1. You may also be asked to provide a subnet mask - you don't want that explained, just enter 255.255.255.0.
Theoretically an address and other information must be provided for each of the other computers using TCP/IP on your network. The router or program that provides gateway service normally also provides Dynamic Host Configuration Protocol (DHCP) services as well. The first machine that requests a connection will be assigned the address 192.168.0.2 (the next available address) and be told that 192.168.0.1 will be the gateway for external services. Other addresses will likewise be assigned to the other machines on your network. This is far easier than manually setting up the individual machines, especially since an error such as a duplicate IP address can kill the entire network.
How does the software on your network know that the computer named P450 (or whatever) is now at address 192.168.0.2 or that yahoo.com is at 220.127.116.11? Another service provided by most Gateways is the Domain Name Server, or DNS. It maintains a table matching names you use to the TCP/IP addresses on your network. If the name is not recognized, it asks the DNS provided by your ISP to translate other names. The IP address is then returned to the requester. (This lookup is performed every time you use an name such as yahoo.com to look up a web page or send an e-mail.)
Since the gateway has to look at each message received, and determine where to pass it (which computer and which program), it is easy to only pass on the expected types of messages, and reject the others. If someone were to connect to the gateway and try to read data from a computer on your network, or try to load a program (virus) on your computer, the messages would be rejected. Limiting the communications between your local network and the Internet is the job of a Firewall; most gateways also function as a Firewall.
There are several ways that each computer can connect to the Internet through the gateway
NAT technology has become reliable, stable, and fast, and is the easiest approach in most cases. Look for it in selecting software or hardware.
Most connections on the Internet involve downloading a web page, submitting a form, sending some mail, transferring a file, listening to some music, and so forth. Someone monitoring traffic on the Internet could see all your data. However, sometimes we want to connect a computer on our network to another network, and perhaps run programs on that network or transfer confidential data to/from that network. This has been done for years over private corporate networks. Now we want to use the very public and uncontrolled Internet to provide that secure connection. This is done through a "Virtual Private Network" (VPN). Basically, a temporary connection is established between one workstation and the remote network, with all data transfers, including the log on to the remote network, encrypted.
Special protocols are used to provide the VPN communications services. Point to Point Tunneling Protocol (PPTP) is used with Microsoft VPN clients. IPSec is used with Nortel VPN clients. There are probably others. These protocols create a problem for some of the gateways. For example, some can only tolerate one or the other protocols, but not both, or can handle either but not both at the same time. Some can tolerate a VPN client on the gateway computer, but not from other computers on the network. Your VPN requirements, if any, may have a major impact on your choice of solutions.
Linksys has a 4 port switched hub that is also a router and gateway, including DHCP and DNS services, for about $90. If you have 4 or fewer computers, this fills the role of a switching hub, and for only $20-30 more also provides the gateway, complete with DHCP and DNS services. The Cable Modem or DSL line plugs directly into a special port on this box, so you don't need dual network cards in any computer. If you have more than 4 computers, you can plug another hub into this device. It supports VPN clients (both IPSec and PPTP). Logging is provided but limited. Port mapping (to allow certain types of messages through the firewall) is available but awkward. Linksys can upgrade the device with new firmware, but it cannot run other gateway programs. Best of all, it does not use any existing computer on your network for gateway services. If your requirements are simple, it is a great way to go.
Routers like this have been used in businesses for many years - it is a well established concept. The "under $100" devices for home use are new - there are a few products now, but there will undoubtedly be more. The Linksys model was mentioned because that is the only one that I have personally tested.
Rather than buying a separate router, it is possible to provide a Gateway only through software, running on one of your PCs. If you do so
This is the third set of gateway software I have licensed over the years, and is my current software.
ComSocks supports both PPTP and IPSec VPN protocols at the same time (but not from the same computer). One computer can be using PPTP through the gateway and Cable Modem, and another computer can be using IPSec through the gateway and cable modem at the same time. Be sure to get the "plus" version (with the "a" suffix on the version number) for VPN and DHCP features.
Nominally there is logging and interactive display of current activity but it is not very good. ComSocks does not provide screening (who may access which site). Performance is excellent. Installation and operation is easy.
|5 users||Unlimited Users|
Wingate is my favorite, but has several flaws.
The new extended network support (ENS) not only provides NAT, but also allows mixed networks, such as when wireless LAN is added to an existing network.
It is hard to change features when you upgrade. Many of the features of the new system would not install after I had used their earlier system (even deinstalling it), until I got a temporary license from their sales group.
They have a separate client program. It no longer is required, since the current version supports NAT (as a free option?). However, once the WGIC client program is installed, it cannot be removed (it is on the control panel, rather than a conventional program, so the files are in use by the time the system boots up). The WGIC client program is easy to use and fast, but if it is "turned on" it will prevent other external use of TCP/IP on that machine.
There are three versions of the software. The home version doesn't have access controls, nor any VPN. The standard version supports access control (what web sites are blocked) for all users equally, and supports basic PPTP VPN. The Pro version also allows individual users to have different access privileges. None of the versions support IPSec, although a future version would allow IPSec to run on the gateway, outside of the firewall.
|3 User||6 User|
Winproxy is a great system. The installation is almost automatic. But if you need to do something unusual, the documentation is impossible. I used it very successfully for a long time, but switched when, after weeks of trying, I couldn't make it do something it claimed to be able to do. It was frustrating, even though I could see it was a stable, powerful system.
Back to the home page
Send e-mail comments to
©2002 by Charles A. Plesums, Austin, Texas USA. ALL RIGHTS RESERVED. You may license additional copies of this document through a nominal royalty payment as specified on www.plesums.com.