Cable Sharing Internet Connection Guide

8/3/2019 Cable Sharing Internet Connection Guide

1/84

Sharing a cable internet connection in

Australia

Welcome to the wonderful world of shared cable modem access! The aim of this

tutorial is to explain, in so much detail that somebody with virtually no knowledge ofcomputers can do it, how to share an Optus@Home or Bigpond Advance cableinternet connection over a home network. If anything is unclear, please email me([email protected]) and I will try to modify this tutorial to explain thingsmore clearly (but please read the FAQ first and check for the latest version of thisguide at http://www.wpool.com/cablesharing/cablesharing.htm)! I'm always happy toreceive comments or suggestions, alerts as to factual errors etc. If you're havingtrouble and would prefer to pay for someone experienced to set up your network foryou, check out http://www.ozcomputerguys.com

Other resources

Frequently Asked Questions

Some useful links

Acknowledgments

This guide is Copyright 2002 Philip ClaytonLast modified 26 October 2002

1


2/84

Frequently Asked Questions

Networking computers can be very frustrating, particularly when using Windows

95/98/ME. Take heart - it can be done! This FAQ covers most of the reasons thatyour network might not be working properly. It also answers some other, general

questions that may arise from this guide.

The computers in the network can't see each other!

Before trying anything else, make sure you're not using a firewall. The incorrect useof firewalls, especially ZoneAlarm, is nearly guaranteed to cause problems. I strongly

recommend that you do not run any firewall on any of the computers until yournetwork is up and running smoothly. In addition, if Windows asks for any passwordswhen you boot up the computer, make sure you enter them in correctly. It's tempting

to press "Enter" or "Escape" without typing in the password - which gets you intoWindows more quickly - but this can cause problems with file sharing later on.

"The computers in the network can't see each other" is a common problem, but notvery specific. Try to work out where the problem lies - can the computers ping eachother? Can they see one another in Network Neighborhood? Can the client computersaccess the internet at all?

If pinging doesn't work, and you aren't using any firewall software, then you eitherhave a problem with your hardware or, much more likely, your TCP/IP settings. Make

sure your TCP/IP settings are exactly the same as in my guide, and that the computers

have different names. You should also ensure that Windows is truly seeing yournetwork card (or network cards, for the server) - do this by running winipcfg(Windows 95/98/ME) or ipconfig (Windows 2000/XP), as described at the end ofsection 4.1, and checking that Windows displays information for the correct numberof network cards.

If pinging does work, but file sharing doesn't, then check that File and Printer Sharingis set up properly on each computer (see section 4). Also, make sure that thecomputers have different names but are in the same workgroup.

The client computers can't access the internet!

If pinging and file sharing work, but the internet doesn't, then try pinging an internetsite from one of the client computers. It doesn't matter which site you choose to ping,butkeep in mind that some sites don't respond to pings. Therefore it would be wise totry pinging your chosen site from the server computer first, just to make sure itresponds. For example, open up an MS-DOS prompt (or Command Prompt) on theserver computer and type "ping www.optushome.com.au". If it responds, do the sameon a client computer.

2


3/84

If pinging the internet site from the client computer doesn't work, check the DNSconfiguration of your client computer/s (section 4). If your DNS settings are right,then the software installed on the server computer to share the connection isn'tworking properly. Check that all of the internet sharing software's settings are correct,make sure you're not running a firewall, make sure that no other internet sharing

software is installed at the same time, and remember that Microsoft InternetConnection Sharing for Windows 98 doesn't like USB ethernet adaptors. If you stillcan't get it to work, try a different internet sharing program - but make sure youuninstall the other one first!

If pinging the internet site from the client computer works, but you still can't accessthe "internet", then you probably need to look at the connection settings of your clientcomputer's web browser. Typically this problem occurs because you have the wrongproxy settings in your browser. To test this, tell your browser to connect to the

internet directly (ie don't use a proxy), and then quit and restart your browser. If thatfixes the problem, then you can now enter the correct proxy settings in the browser, or

just leave it blank. If it doesn't fix the problem, then the software installed on theserver computer to share the connection isn't working properly - see the previousparagraph.

The client computer(s) can't access "www" (or e-mail, or "news" etc) but the

server can!

Your "intranet domain name" (see section 4) is not set up properly on the client

computer(s).

Since I installed the software to share my connection, my Telstra connection is

dropping out every few minutes. Why?

Telstra's computers send out a so-called "heartbeat" network signal every few minutesthat attempts to open a connection on your server computer; if the heartbeat can't openthis connection then Telstra assumes that you've disconnected from the internet andshuts down your connection. Some software can interfere with this heartbeat, causingdropouts. See section 7 for more information.

Do I need to install the Telstra (or Optus) software on the client computer(s)?

No. The Optus software doesn't even need to be installed on the server computer, letalone the client(s). The Telstra software only needs to be installed on the servercomputer. However, there's a 3rd-party Telstra login client called BPALogin that Irecommend to all users of Telstra cable - it's reputed to be faster, more reliable, use

less memory and so on, and works much better with internet sharing software.

3


4/84

Can computers running different operating systems share a connection?

Absolutely! TCP/IP networking (which is all that internet sharing needs) is supported

by every network-ready operating system, including all versions of Windows, Linux,Macintosh OS, BeOS, you name it.

What about Windows NT?

For the purposes of home networking, Windows NT is virtually identical to Windows95. Thus, to set it up as the server computer, follow the Windows 95 serverinstructions, and to set it up as a client computer, follow the Windows 95 clientinstructions.

When using Windows 2000/XP and Windows 95/98/ME in the same network,

I'm having trouble sharing files - when I click on the Windows 2000/XP's

computer name, it asks for a password.

Find out the user name of the Windows 95/98/ME computer. If you have multipleusers on the computer, you should already know this (it's the name you use to log in).Otherwise, right-click on "My Computer" and choose "Properties", look at where itsays "Licensed to:" - that's the user name for that computer. Now on the Windows2000/XP computer you need to create a user of that name, and give that user access tothe shared file(s). That user must have a password, which then needs to be enteredinto Windows 95/98/ME when accessing the shared folder.

If I don't take a tea break at section 6, will thatreally have an effect on my

network?

You'd better believe it!

This page was very helpful, how can I thank you?

or...

This page needs work, here's some constructive criticism

Email me! I always reply to my emails, so if I don't reply to yours, I either lost theemail or I'm away from my computer - it might be worth trying again.

4


5/84

Outline of what you'll be doing

There are 10 steps you will be taking:

1. Buying the hardware

2. Setting up the hardware

3. Configuring Windows to recognise the network cards

4. Configuring your home network

5. Testing your home network

6. Taking a break

7. Setting up software to share your internet connection

8. Securing your network

9. Patting yourself on the back

10. Advanced NAT configuration (optional)

5


6/84

Preface

There are a couple of things that you should know before using this guide...

Firstly, sharing your cable connection is not officially supported by Telstra or Optus.

This doesn't necessarily mean that you can't do it; but if you do, they won't help you.Furthermore, some of the Telstra plans even ban sharing your connection (which Ithink is a bit cheeky), so it's up to you to ensure that you're allowed to do this.

Secondly, this guide covers cable modem sharing in Windows only. Despite this, youshould realise that the internet is operating-system independent, so a Windows PCwill happily share a cable modem connection with a Mac and a Linux box - it's justthat I don't explain how to do it! Some time in the future I will add a section onconfiguring Macs as client computers, and may eventually add a section on using aMac as a server. I don't cover Linux, because if you've managed to get your Linuxcomputer to connect to the internet, you probably already know enough to share your

connection. But I'm happy to help via email if you need it.

OK, let's get to it!

6


7/84

1. Buying the hardware

Before you buy anything, let me explain a little about how sharing a cable internetconnection actually works. This will help you to buy the right equipment in the firstplace.

In essence, you always need a device to connect to the cable modem, and hence to theinternet. This device is usually a computer (eg the computer that you've alreadyhooked up to the cable modem), but can also be a specialised piece of hardware. Onceconnected to the internet, the device then shares its connection with the computers inthe home network. The device is said to "route" the internet information to thedifferent computers on the network, and is therefore labelled a "router".

Your task is to set up a router. There are 3 fundamental ways of doing this, as follows:

1. Use the computer that's already connected to the cable modem, and install specialsoftware on it to make it become a "router". The advantages of this approach are that

it's the cheapest and is not too difficult. The main disadvantage is that the computerwhich is the "router" must always be switched on in order for the other computers toaccess the internet.

2. Find an old 486 or Pentium, install software to make it into a "router", hide it in acorner somewhere and forget about it. You can install Windows, Linux, whatever youlike on this "router". This is basically the same as the first option, but costs a littlemore (for the old computer, and for the extra electricity). Its advantage over the firstoption is that each of the "real" computers can connect to the internet without needingany of the other "real" computers to be switched on. This avoids problems such as, eg,a child having to turn on his/her parent's computer in order to play internet games on

7


8/84

his/her own computer - at 3am! (not that I'm speaking from personal experience,ahem)

3. Buy a "hardware router". This is a special piece of hardware that can connect to thecable modem and then share that connection ("route") with the computers in the

house. It comes with a built-in hub (hubs are explained below), so all you need to buyis the hardware router and some cables. Its advantages are that it's easy to set up andthat each computer can connect independently of one another (see above). Its maindisadvantage is that it's expensive - around $350-$400 for a Netgear RT314, which is(deservedly) the most popular hardware router for home use.

So which is the best choice? It depends on your priorities! The first option is cheaperthan the second, which is in turn cheaper than the third. The third option is easier thanthe first or the second. The first option is hopeless if you need each computer to beable to connect independently (ie computer 2 needs to connect when computer 1 isswitched off, and vice versa).

For the majority of people, the first option is the best. It's far cheaper than buying ahardware router, and not much more difficult to set up. However, if you need thecomputers to be able to connect independently, then you should investigate one of theother options. Your choice between those will be guided by cost, and also by interest(it's fun, and very flexible, to set up a Linux computer to act as a router (option 2),whereas a hardware router is pretty boring, truth be told).

Since I believe that the first option is the best for most people, that's what this guidecovers. For the second option, you could simply follow this guide, although I suspectyou'd be using an illegal copy of Windows to do it - for that and other reasons

(stability, flexibility, cost etc) I'd encourage you to investigate using Linux on yourold 486/Pentium. This guide does not cover Linux, but if you're interested in thatsolution, feel free to email me for further advice. For the third option, the instructionsthat come with the hardware router should be sufficient to see you up and running. Ifnot, use section 4.2 of this guide to set up the computers in the network.

From this point on, the information in this guide describes how to set up the first

option above.

The hardware needed

You'll need to buy some network cards, some cabling, and perhaps a hub. Thespecifics will be determined by which type of network you set up...

What type of network should I set up? There are essentially 2 types of networks youneed to be aware of, distinguished by the types of cables they use.

The older, slower type of network uses coaxial cables to connect each computer. Thistype of network is perfectly adequate for internet sharing, and has the followingadvantages: (1) it is usually cheaper than UTP networks; (2) it doesn't require a hub

8


9/84

for more than 2 users; (3) it is easy to add computers to the network later. On theother hand, coaxial networks have these disadvantages: (1) they're slower than UTPnetworks (that doesn't matter for internet sharing but may be important if you want toshare big files across your home network); (2) if one computer "goes down" then thewhole network goes down (note that the computer can be off, and even unplugged

from the network, and the rest of the network will still function; so this problem isunlikely to be important in the home network setting); (3) the cables are a bit moreunsightly than UTP cables.

The modern type of network uses UTP cables (UTP stands for Unshielded TwistedPair). These look like big fat telephone cables. The advantages of a UTP network are(1) slightly easier to set up if there's only 2 computers; (2) faster than a coaxialnetwork; (3) more standard nowadays; (4) the cables look better and can be longer (upto a hundred metres - how big's your home?). The only real disadvantage of a UTP

network is that if you have more than 2 computers you need to buy a hub, which isexpensive.

9


10/84

Here's what the connectors look like on the netword card:

I personally use a coaxial network and it works fine, but these days I would

recommend getting a UTP network because it's far more common and therefore easierto buy cables, easier to connect to friend's computers etc.

There are 2 common speeds that home networks run at - 10Mbps and 100Mbps.10Mbps means 10 million bits per second, which is roughly 1.2 megabytes persecond. This is way more than a cable modem can sustain, and is therefore ample forsharing an internet connection. 100Mbps connections are, as you'd expect, 10 times asfast as this. These networks are much better for transferring large files (eg if one ofthe computers in the network has a CD burner and you want to burn a full CD ofbackup stuff, it takes 2 minutes instead of 20 to transfer the files across the network).The speed of your home network depends on the speed of your network cards -

10


11/84

basically the transfer rate between any 2 computers will be the speed of the slowestnetwork card out of those 2 computers. For example, 2 computers with 10/100Mbpscards will transfer data at 100Mbps, but if one of the computers has a 10Mbps card,the transfer rate will be 10Mbps. Most (all?) network cards that are capable of runningat 100Mbps can also run at 10Mbps - hence the designation "10/100Mbps".

Network cards: You'll need to buy 1 network card for each computer in the network.Optus or Telstra have already given you either a network card or a USB ethernetadaptor for the server (that is, the computer that is connected to the cable modem), butyou still need to buy another network card for it. So what type of cards should youget? The cable modem is not capable of running at even 10Mbps, so 100Mbps cardswill give you no more performance for internet use. So if you're really trying to savemoney you should get 10Mbps cards, which are 100% as good as 100Mbps cards forthe internet; but in just about any other circumstance you should get 10/100Mbpscards since the increase in speed for file transfers is dramatic. The only problem is, ifyou want to set up a coaxial network, most 10/100Mbps cards don't even have coaxial

connectors any more! The most flexible card you can buy is a 10/100Mbps card withboth coaxial and UTP connectors, but these cards are hard to find. I wouldrecommend getting 10/100Mbps cards, and if you can find ones with coaxialconnectors, get those, but don't worry if you can't. You're looking at about $20-$30for a standard, PCI, 10/100Mbps card. It's a good idea to use a different brand ofnetwork card from the one given to you by Optus/Telstra for your server, since thissimplifies network configuration (otherwise you're left with 2 network cards whichlook identical in Windows, trying to guess which one is which). For those who areinterested, the network cards provided by Optus/Telstra are 10/100Mbps cards withUTP ports...

Cabling: What type of cabling you need depends, of course, on what type of networkyou are setting up. There are 3 scenarios:

1. You're using a coaxial cable type network. In this case you need a coaxialcable between each computer, a T-piece for each computer, and 2 BNCterminators. All of these components can be found relatively easily in yourlocal computer shop. Each cable will cost around $15-$20; the T-pieces shouldonly cost 50c or so each, and the terminators should cost around $2 each.

11


12/84

2. You're using UTP cables and only have 2 computers. In this case the onlycabling you need is a "crossover" UTP cable. This is a special UTP cable thatconnects computers directly (ie there's no need for a hub). It's called acrossover cable because the "outgoing" wires of one end are "crossed over" tobecome the "incoming" wires at the other end, and vice versa. This is in

contrast to a standard UTP cable, in which the wires are NOT crossed. Thismeans that it's really important to get the right kind of cable, or your networkcards won't be able to see one another. Crossover cables are usually markedspecially, eg by being blue or by having coloured connectors at each end. Theyusually cost $20-$30.

3. You're using UTP cables and have more than 2 computers. In this case youhave to get a hub to connect all the computers. These cost anything from about$50 to $heaps. There are a few different options; basically you want one withenough ports to fit all of your computers (ie a 4-port hub if you have 4computers or less, otherwise an 8-port hub or higher). Also, some hubs can actas "switches", which means that they speed up network transfers by

automatically detecting which computer a network signal is intended for. Youshould get a hub with this feature (usually marked as "autoswitching";sometimes the whole thing will just be called a switch, eg "8-port ethernetswitch"). It's a good idea to get a hub with more ports than you currently need,for future expandability. Once you have your hub, you need a standard UTPcable to run from each computer to the hub; each one should cost around $10-15.

Note for those who are interested: a fourth possiblity involves connecting the cablemodem to the uplink port of your hub, but this is a little more complicated to set upand may potentially provide the client computers direct access to the internet (that is,

allow them to bypass the server's firewall - this is a bad thing!). It does have theadvantage of making internet connection sharing possible with only one network cardin the server, but this is certainly more complicated, only supported by Sygate and

NAT32 (as far as I know), and a speed penalty will probably occur. It is not possibleto connect the cable modem to the uplink port of your hub and have each computerconnect independently - there is always the need for one computer to act as a"router", as described earlier, and that computer must always be switched on inorder for the other computers to access the internet. I do not recommend such a setup

for anybody; however, very rarely it is necessary because the "server" computer isphysically unable to support a 2nd network card.

12


13/84

2. Setting up the the hardware

Installing the cards: This should be a straightforward affair - simply open yourcomputer case, stick the network card in anywhere it looks like it might fit, and closethe case again! :-) Seriously, if you've never installed a card before then you might

want an experienced friend over to help; but it's actually pretty basic and youshouldn't be afraid to try.

Connecting the cables: Depending on what kind of network you're setting up...

A coaxial cable network: Connect a T-piece to the BNC connector (the coaxial

connector) on each network card. Then, hook up a coaxial cable between eachcomputer, connecting each end of cable to a T-piece. You should now have allyour computers connected in a line (albeit a short line if there's only 2computers!) At each end of the "line" there should be a free connector on a T-piece - to these 2 free connectors you should connect the BNC terminators.

That's it - all the hardware is connected!Note: I read recently that one of theBNC terminators (not both) should be grounded by being connected to themetal casing of the computer it's near via a piece of wire or chain. Apparentlythis increases the speed and stability of the network. I had never heard of thisbefore, but I'm going to give it a try and see what happens!

UTP crossover cable with 2 computers: This one is simple - plug each end of

the cable into the computers' UTP ports, just like plugging in a telephonecable. Done!

13


14/84

UTP cables and a hub: Connect each UTP cable to a computer at one end and

one of the ports of the hub at the other end. Most hubs have an "uplink" port,separate from the others (usually at the right). Don't connect any of thecomputers to this port! The hub also needs to be connected to a power source.

14


15/84

3. Configuring Windows to recognise the network cards

(I'm sorry but I don't have any experience with Macintosh networking, and Linuxnetworking is completely dependent on your distribution; feel free to email me forgeneral tips, but for anything complex you'll need to ask someone with specific

experience)

Now that you've installed the hardware, you need to configure Windows to recogniseand use the network card properly. This means Windows needs a "device driver" forthe card, which is basically a piece of software that tells Windows how to control yourhardware (that is, how to "control" your "device", hence the name). With any modernnetwork card this should be simple - when you start up your computer, Windowsshould recognise that there's new hardware and look for drivers for it. Insert the driverdisk that came with your card (it didcome with one, right?!) and install the devicedrivers. If there's anything unusual about your card, eg the drivers are in an obscuredirectory on the disk, the card will (hopefully) have come with instructions on how to

install the drivers.

If your card didn't come with drivers, the chances are that it will be compatible withan older card that Windows has device drivers for. Let Windows "search for the bestdriver for this device", and it'll probably come up with something like "RealTek..." or

"3Com...". Whatever it says, just try it out - it will probably work!

If Windows didn't display any message about detecting new hardware, don't worry.You just need to go into the Windows Control Panel and choose "Add NewHardware" and follow the prompts. Let Windows search for new hardware.

With any luck it should now find your card and ask you for a driver disk - if you have

15


16/84

one, use it, otherwise let Windows use whatever driver it comes up with (as above). IfWindows still can't find your card, you're probably in trouble - the card may be faulty.Ask the vendor for help.

Checking that the card is there: Now go into Windows Control Panel and choose

"System". In Windows 95/98/ME, go to the "Device Manager" tab; in Windows2000/XP, go to the "Hardware" tab and click on "Device Manager...". Look for the"Network adaptors" section. In this section you should find the network card that you

just installed (and on the computer that's acting as the server you should also see thenetwork card that came with the cable modem). Make sure the card is workingproperly - click on the card and then click on the "properties" button. Windows shouldtell you "this device is working properly". If not, you'll need to work out why not -there may be a hardware conflict, or you may need to restart your computer, or youmay be using the wrong device driver, or the card may be faulty. In any case, you

need to have the card working properly (ie getting the message "this device isworking properly") before you proceed to the next step. The following pictures are

from the Windows 98 device manager; but it's very similar for all versions ofWindows.

16


17/84

4. Configuring your home network

OK, this is the nitty-gritty stuff. The configuration is a little different for the serverand the client/s, so we'll take them one at a time...

4.1 Configuring the server

Windows 95/98/ME

Windows 2000/XP

4.2 Configuring the client computer/s

Windows 95/98/ME

Windows 2000/XP

17


18/84

4.1 Configuring the server (Windows 95/98/ME)

Go into the Windows Control Panel and choose "Network". You'll see 3 tabs -Configuration, Identification and Access Control. This may be slightly different indifferent versions of Windows (I'm using Win98), but should be essentially the same.

Well do the Identification tab first. For computer name, enter anything you want (eg"Phil" if the owner of the computer is Phil). If you're using Optus@Home, the namemust be the name given to you by Optus (ie coXXXXXXX-a). For workgroup, putwhatever you like, but each computer should be the same. I use "WORKGROUP"!For computer description, put whatever you like.

18


19/84

Under "Access Control", make sure you've selected "Share-level access control".

19


20/84

Now for the configuration tab. The first thing to do is add Microsoft Family Logon.This isn't required for internet connection sharing, but if you don't install it, everytime Windows starts you'll get asked to enter your networking password even if youhaven't got one! Therefore I highly recommend it. Installation of Microsoft FamilyLogon is achieved by clicking "Add", choosing "Client" then clicking "Add",

choosing "Microsoft" on the left and "Microsoft Family Logon" on the right andclicking "OK". After this is completed (you'll need your Windows CD here) you'll beback to the basic network control panel screen. Now change your Primary NetworkLogon to "Microsoft Family Logon".

20


21/84

Next you'll want to enable file and printer sharing. This also isn't required for internetconnection sharing, but is really useful and it'd be a strange home network that didn'thave this set up. To do this, click on "File and Print Sharing", check the boxes toenable these services, then click "OK".

Now you need to add the TCP/IP network protocol - "the" internet protocol. It's

probably already there since you already have the cable modem connected to thiscomputer, but you'll need to add it again so that it works with the second network cardin the server. Click "Add", choose "Protocol" then click "Add", then choose"Microsoft" on the left and "TCP/IP" on the right and click "OK".

21


22/84

At this point you'll have lots of stuff in the little box that says "The following networkcomponents are installed:" The box will be a little cluttered and should look like this:Client for Microsoft Networks; Microsoft Family Login; [name of network card thatyou installed]; [name of network card from cable modem provider, probablysomething like "SMC EZ Card 10/100 (SMC1211TX"]; TCP/IP -> [name of networkcard]; TCP/IP -> [name of other network card]; File and printer sharing for MicrosoftNetworks.

22


23/84

If there are any other network components present, they can and generally should be

removed by clicking on each component and then clicking "Remove"; however if youhave any dial-up adapters installed (they'll say "Dial-Up Adaptor") then you may wantto keep "Dial-Up Adapter" and "TCP/IP -> Dial-Up Adapter" so that you can still useyour modem to dial in to the internet. If you just want to send faxes you only need"Dial-Up Adapter".

Now you should configure TCP/IP for your 2 network cards. For "TCP/IP -> [nameof netword card from cable modem provider]" you should leave most of it as is, sinceOptus/Telstra have already set it up for you. If you've accidentally removed this entry,

just add TCP/IP again (as described above) - that's nearly all you have to do! (easy fortheir technicians, eh?) But there is one thing you MUST do - click on "TCP/IP ->[name of netword card from cable modem provider]", click on "Properties", go to the"Bindings" tab and make sure that "File and printer sharing for Microsoft Networks"is NOT checked. If you don't do this, everyone on the internet can access your files!!!There's no need for "Client for Microsoft Networks" or "Microsoft Family Logon" tobe bound either, so you chould uncheck these boxes. When Windows asks if youwould like to select a protocol to bind, say "No".

23


24/84

24


25/84

You should also set this to be the "default protocol", that is, the default method for theserver to connect to the internet. This is done by clicking on the "Advanced" tab andmaking sure the "Set this protocol to be the default protocol" box is checked.

You're done configuring "TCP/IP -> [name of netword card from cable modemprovider]", so click "OK".

25


26/84

Now configure "TCP/IP -> [name of network card you bought]" for the server. Clickon it and then click "Properties". In the "IP Address" tab, select "Specify an IPaddress" and enter 192.168.0.1 as the IP address and 255.255.255.0 for the subnetmask. In "WINS Configuration" click "Disable WINS Resolution". Make sure"Gateway" is all blank. In "DNS Configuration", click "Disable DNS". In "Bindings",

make sure "Client for Microsoft Networks", "File and Printer Sharing for MicrosoftNetworks" and "Microsoft Family Login" are all checked. Don't change anything in"NetBIOS" unless you know what you're doing.

26


27/84

Lastly, click on the "Advanced" tab. You may want to enable full duplex mode on thenetwork card. This makes the card transfer data a little faster. You can do this if thecomputers are connected directly or via a switch (ie a hub with switching capabilities,as described in part 1), but not if the computers are connected to a non-switching hub,or via coaxial cables. To enable full duplex, change the appropriate setting in this

section - I know this sounds a bit vague, but the exact way to do it is different fordifferent cards. It's generally pretty self-explanatory, as you can see it is for my card:

You've now finished configuring the server computer! Click "OK" to exit the TCP/IPsection, "OK" again to exit the Network Control Panel, and restart your computerwhen Windows asks you to.

27


28/84

Before you move on to configuring the client computers, you should take note ofwhich Optus or Telstra "intranet domain" your server is connected to. To do this,select "Run" from the Start Menu and type "winipcfg" (without the quotes) and press"OK". Select the network card that's connected to the cable modem (the SMC networkcard may show up as "NDIS 4.0 driver" or something similar). Click on "More Info

>>". You should see something like this:

The very first item, "Host Name", is what you're interested in. The beginning and endwill probably be cut off, but it should be easy to guess the rest.

The "Host Name" displayed consists of two components: your server's computername (that you specified at the beginning of this section) and your intranet domain. In

the example above, my intranet domain is "randw1.nsw.optushome.com.au". Optusdomains always look something like this. Telstra domains are typically somethinglike "nsw.bigpond.net.au". Remember this intranet domain, because you'll need itwhen configuring your client computer/s.

28


29/84

4.1 Configuring the server (Windows 2000/XP)

Go into the Windows Control Panel and choose "System". Go to the "NetworkIdentification" tab and click on "Properties". For computer name, enter anything youwant (eg "Phil" if the owner of the computer is Phil). If you're using Optus@Home,

the name must be the name given to you by Optus (ie coXXXXXXX-a). Choose to bea member of a workgroup, and put whatever you like as your workgroup name. Notethat every computer in your home network should be in the same workgroup. I simplycall mine "WORKGROUP"!

Now we'll configure the network cards. Go back to the Control Panel and choose"Network and Dial-Up connections". You should see 3 icons - "Make newconnection", and an icon representing each of your 2 network cards. These latter iconscan be renamed for readability - you can see that I've named mine according to theirfunction.

29


30/84

Next we'll configure the network card that's connected to your cable modem. Right-click on this network card and choose "Properties". You should see a dialog boxsimilar to this one:

If you're missing "Client for Microsoft Networks", click on "Install...", choose"Client" and click "Add...", then choose "Client for Microsoft Networks" and click

"OK". Similarly, if you're missing "File and Printer Sharing for Microsoft Networks",do the same but choose "Service" instead of "Client"; and if you're missing "InternetProtocol (TCP/IP)" do the same but choose "Protocol".

Make sure that only "Internet Protocol (TCP/IP)" is ticked; in particular, make surethat "File and Printer Sharing for Microsoft Networks" is not ticked, as this would

share your files over the internet!

30


31/84

Now select "Internet Protocol (TCP/IP)" and click "Properties". Make sure that"Obtain an IP address automatically" and "Obtain DNS server address automatically"are chosen.

You've finished configuring the network card that connects to the cable modem. Click"OK" to exit the TCP/IP properties, and "OK" again to exit the network cardproperties.

31


32/84

Now we're going to configure the network card that's connected to the othercomputer/s. Right-click on this network card and choose "Properties". Make sure that"Client for Microsoft Networks", "File and Printer Sharing for Microsoft Networks"and "Internet Protocol (TCP/IP)" are all ticked.

32


33/84

Now select "Internet Protocol (TCP/IP)" and click "Properties". Choose "Use thefollowing IP address" and type in 192.168.0.1 for the IP address and 255.255.255.0for the subnet mask.

33


34/84

Click "OK" to exit the TCP/IP configuration and get back to network card properties.Now, click the "Configure" button and then the "Advanced" tab. You may want toenable full duplex mode on the network card. This makes the card transfer data a littlefaster. You can do this if the computers are connected directly or via a switch (ie ahub with switching capabilities, as described in part 1), but not if the computers are

connected to a non-switching hub, or via coaxial cable. To enable full duplex, changethe appropriate setting in this section - I know this sounds a bit vague, but the exactway to do it is different for different cards. It's generally pretty self-explanatory, asyou can see it is for my card:

You've now finished configuring the home network card! Click "OK" to exit thenetwork card advanced settings and "OK" again to exit the network card properties.

34


35/84

Before you move on to configuring the client computers, you should take note ofwhich Optus or Telstra "intranet domain" your server is connected to. To do this, openthe Windows 2000/XP Command Prompt (in the Start Menu under Accessories) andtype "ipconfig" (without the quotes). You should see something like this:

Look at the section for the network card that connects to your cable modem (in mycase, "Optus"). Your intranet domain is listed as the "Connection-specific DNSSuffix". In the example above, my intranet domain is"randw1.nsw.optushome.com.au". Optus domains always look something like this.Telstra domains are typically something like "nsw.bigpond.net.au". Remember thisintranet domain, because you'll need it when configuring your client computer/s.

35


36/84

4.2 Configuring the client computer/ (Windows 95/98/ME)

This is very similar to configuring the server, but easier!

Go into the Network control panel as you did on the server. Firstly, go into the

Identification tab. For computer name, enter anything you want - but note that eachcomputer in your network must have a unique name. For workgroup, put the sameworkgroup name that you used for the server. For computer description, put whateveryou like.

Now for the configuration tab. If you decided to add Microsoft Family Logon on theserver, you should do the same for each client computer. As with the server, you caninstall this by clicking "Add...", choosing "Client" then clicking "Add...", choosing"Microsoft" on the left and "Microsoft Family Logon" on the right and clicking "OK".Back in the basic network control panel screen, change your Primary Network Logonto "Microsoft Family Logon".

Next, you enabled file and printer sharing on the server you should do the same oneach client. As with the server, you do this by clicking on "File and Print Sharing...",checking the boxes to enable these services, then clicking "OK".

Now you need to add TCP/IP. Click "Add...", choose "Protocol" then click "Add?",then choose "Microsoft" on the left and "TCP/IP" on the right and click "OK".

36


37/84

At this point you'll once more have lots of stuff in the little box that says "Thefollowing network components are installed:" The box will be a little less clutteredthan for the server and should look like this: Client for Microsoft Networks; MicrosoftFamily Login; [name of network card]; TCP/IP; File and printer sharing for MicrosoftNetworks. It will be considerably more cluttered if you have any other network

components installed.

If there are any other network components present, they can and generally should beremoved by clicking on each component and then clicking "Remove"; however if youhave any dial-up adapters installed (they'll say "Dial-Up Adaptor") then you may wantto keep "Dial-Up Adapter" and "TCP/IP -> Dial-Up Adapter" so that you can still useyour modem to dial in to the internet. If you just want to send faxes you only need"Dial-Up Adapter".

Now configure TCP/IP for the network card. If there are no other networkcomponents (in which case your network control panel should look like mine above),click on "TCP/IP" and then click "Properties". Otherwise you'll need to click on"TCP/IP -> [name of network card you bought]" and then click "Properties".

37


38/84

In the "IP Address" tab, select "Specify an IP address" and enter 192.168.0.2 as the IPaddress for the first client, 192.168.0.3 for the second client and so on. It is importantthat every computer has a different IP address. Enter 255.255.255.0 for the subnetmask for each client.

In "WINS Configuration" click "Disable WINS Resolution".

38


39/84

In the "Gateway" tab, enter 192.168.0.1 as a "New gateway" and click "Add".

39


40/84

In "DNS Configuration", click on "Enable DNS". For Host, enter the computer's name(the name you specified in the "Identification" tab of the Network control panel). ForDomain, enter the intranet domain that you identified at the end ofsection 4.1. InDNS Server Search Order, type 192.168.0.1 and click "Add".

In "Bindings", make sure "Client for Microsoft Networks", "File and Printer Sharingfor Microsoft Networks" and "Microsoft Family Login" are all checked. Click on the"Advanced" tab and make sure the "Set this protocol to be the default protocol" box ischecked.

40


41/84

As with the server computer, you may want to enable full duplex mode on thenetwork card (but see the explanation of this in section 4.1 before you decide to dothis). The way to enable full duplex mode is slightly different for different cards, butis generally pretty self-explanatory. Don't change any other settings in the"Advanced" or "NetBIOS" tabs unless you know what you're doing.

You've now finished configuring the server computer/s. Click "OK" to exit theTCP/IP section, "OK" again to exit the Network Control Panel, and restart yourcomputer when Windows asks you to.

Congratulations, you've set up your home network!

41


42/84

4.2 Configuring the client computer/s (Windows 2000/XP)

This is very similar to configuring the server, but easier!

As before, go into the Windows Control Panel and choose "System". Go to the

"Network Identification" tab and click on "Properties". For computer name, enteranything you want - but note that each computer in your network must have a uniquename. Choose to be a member of a workgroup, and put the same workgroup name thatyou used for the server.

Now to configure the network card. Go back to the Control Panel and choose"Network and Dial-Up connections". Right-click on the network card and choose"Properties". You should see a dialog box similar to this one:

If you're missing "Client for Microsoft Networks", click on "Install...", choose

"Client" and click "Add...", then choose "Client for Microsoft Networks" and click"OK". Similarly, if you're missing "File and Printer Sharing for Microsoft Networks",do the same but choose "Service" instead of "Client"; and if you're missing "InternetProtocol (TCP/IP)" do the same but choose "Protocol".

42


43/84

Make sure that "Client for Microsoft Networks", "File and Printer Sharing forMicrosoft Networks" and "Internet Protocol (TCP/IP)" are all ticked.

43


44/84

Now select "Internet Protocol (TCP/IP)" and click "Properties". Choose "Use thefollowing IP address" and type 192.168.0.2 as the IP address for the first client,192.168.0.3 for the second client and so on. It is important that every computer has adifferent IP address. Type 255.255.255.0 for the subnet mask. Make sure that "Usethe following DNS server addresses" is checked and type in 192.168.0.1. You should

see something like this:

44


45/84

Now click "Advanced...". In the "Default gateways" section, click "Add..." and typein 192.168.0.1 and leave the Metric as 1. Click "Add". You should see this:

45


46/84

Click on the "DNS" tab, and in the "DNS suffix for this connection" section, type inthe intranet domain that you identified at the end ofsection 4.1.

46


47/84

Click "OK" to exit the advanced TCP/IP settings, and "OK" again to exit the TCP/IPconfiguration and get back to the main network card properties dialog box. Now, clickthe "Configure" button and then the "Advanced" tab. As with the server computer,you may want to enable full duplex mode on the network card (but see theexplanation of this in section 4.1 before you decide to do this). To enable full duplex,

change the appropriate setting in this section:

You've now finished configuring the client computer/s. Click "OK" to exit thenetwork card advanced settings and "OK" again to exit the network card properties.

Congratulations, you've set up your home network!

47


48/84

5. Testing your home network

There's no way you'll get internet sharing if your home network isn't configuredproperly. A good way of testing the network is to try and "ping" each computer fromanother one. A "ping" in computer terms is a little piece of information sent over a

network that basically says "hello? are you there?" If the target computer is there, itwill respond saying "yep, here I am".

To ping a computer, open up an MS-DOS prompt (in Windows 95/98/ME) or aCommand Prompt (in Windows 2000/XP) and simply type "ping (target computer'sIP address)". For example, if you wanted to ping your server computer (192.168.0.1)from your first client computer (192.168.0.2), you would open up an MS-DOSprompt (or Command Prompt) on the client computer and type "ping 192.168.0.1". Ifeverything's working, you should get something like this:

48


49/84

If your network is not configured properly, the ping will go unanswered. An exampleof an unsuccessful ping is this:

Another way of testing your home network is to share a folder on one computer andtry to access it from another. Note: the rest of this page refers to Windows 95/98/MEonly; Windows 2000/XP information will be added soon (it's very similar). Anexample of sharing folders: on the server, choose a folder that you'd like to share withother users. On my computer I simply have a folder "C:\Phil Share". Right-click on

this folder and choose "Sharing".

49


50/84

Click on "Shared As" and select the options you want. I have "C:\Phil Share" sharedas "PHIL SHARE" with full access and no password.

50


51/84

Now put something in this folder. Now go to another computer and go into NetworkNeighborhood. You should see the names of all the computers in your network (if youdon't, something is wrong - do all the computers have the same Workgroup? If theydo, you should see them there. Try pressing F5 to refresh the view. If they still don'tappear, and don't appear after 10 or so seconds and a new Refresh, then your network

is not configured properly. Go over all the steps in section 4 and see if you've made asimple mistake somewhere). Now you should be able to double click on the computerwith the shared directory, open that directory and copy the file.

Cool eh?! If this all worked, you're in business - it's time to set up your internetsharing. If it didn't work, you'll need to go over the steps above and make sure you dideverything right - it's very easy to make a simple mistake, and such mistakes caneasily prevent your network from functioning. See the FAQ for some specificproblem-solving suggestions. Please don't try to install any internet connection

sharing or firewall software until you can at least ping every computer from the others- keep it simple!

By the way you can easily share a printer using roughly the same technique - go intothe Printer Control Panel on the computer connected to the printer, right-click on theprinter name and choose "Sharing" and then click on "Shared As:" and then "OK".Then go into the Printer Control Panel on a client computer, double-click on "AddPrinter", click "Next", choose "Network Printer", click "Browse" to find the printeretc - it's not very hard and it's beyond the scope this tutorial so I won't explain it allhere.

51


52/84

6. Taking a break

At this point you should take a break - make a nice cup of English Breakfast Tea anddrink it outside in the fresh air. Please note that I won't answer any email queries fromreaders who don't take a break at this point... :-)

52


53/84

7. Setting up software to share your internet connection

7.1 Fixing your login client (Telstra users only)

If you're using Telstra you should change your login client software. This is becausethe current "official" login client is hopeless when it comes to internet sharing, andseems to be explicitly designed to conflict with some sharing software. BPALogin(http://bpalogin.sourceforge.net) is a 3rd-party Telstra login client that connects fasterthan the official client, is more stable, uses less memory and works fine with allsharing software. It's also available for more operating systems than the official client.

During installation, if you're running Windows 2000/XP it's a good idea to installBPALogin as a service. After installation, run BPALogin to connect to the internet (ofcourse, make sure that you've disconnected with the official client first). You'll need

to enter some basic settings - your username and password that Telstra gave you, thelocal port number (make this 5050, as recommended), and your "default domain".This is the "intranet domain name" that you determined at the end ofsection 4.1.

Once you've connected using BPALogin, uninstall the official Telstra software - youwon't need it again.

53


54/84

7.2 Choosing the internet sharing software

Again, it's time to make a choice. There are many different ways of doing this, and

they all have their pros and cons. Luckily every way can be tested (with freedownloadable demos and so on) so you can find a solution that's right for you.

The first thing to do is choose whether you want your server to be a proxy server or aNAT router. If you've ever configured your web browser to use a proxy you'll have anidea what a proxy server is - basically the server computer sets up a "pretend" webserver, email server etc which the client computers connect to, and thus theyindirectly connect to the internet. On the other hand a NAT (network addresstranslation) router forwards network packets to and from clients, creating the illusionthat each client is connected directly to the internet. This simplifies configuration forthe clients - as far as they're concerned they're connected directly to the net! To be

honest I can't think of any advantage of a proxy server over a NAT router, but I canthink of many disadvantages - it's harder to set up on the server, it's harder to set up on

the clients, less internet applications will work on the clients... Therefore Iunreservedly recommend you choose a NAT router over a proxy server.

There are 4 NAT routers that you should consider, each with their good and badpoints. The only free one is Microsoft's Internet Connection Sharing, which comeswith Windows 98 Second Edition and above. The most popular program is probablySygate, but other good ones are NAT32 (a little harder to set up but the cheapest Iknow of) and WinRoute (excellent because it has built-in firewall capabilities, butmore expensive). You should probably try each one to find what's right for you - they

can all be trialled for free, so there's not really any reason not to try them all beforedeciding what to stick with. Be sure you only have one installed at a time!

Setting up a NAT router has 2 components - (1) installing the NAT routing softwareon the server, and (2) configuring the internet applications on the client computer/s.

54


55/84

7.1 Installing the NAT routing software

Microsoft Internet Connection Sharing for Windows 98SE and Windows ME

This software is good because it is free and very easy to install. Its disadvantages arethat it's not very powerful (eg it doesn't allow port mapping, which all of the otherprograms do - port mapping is something that you'll probably want to do later onwhen you get the hang of networking) and that it's said to be technically inferior interms of speed, reliability and so on. A lot of people can't get Internet ConnectionSharing to work with a USB ethernet adaptor. Overall, it's great for beginners, but ifyou have a USB ethernet adaptor you might need to use another program - or buyyourself another PCI network card.

Microsoft Internet Connection Sharing is very simple to install. On the server, go into

the Windows Control Panel and open "Add/Remove Programs". Click on the"Windows Setup" tab, double click on "Internet Tools" and tick the box labelled"Internet Connection Sharing".

55


56/84

Click OK then OK again to exit out of the "Add/Remove Programs" control panel.You'll need your Windows CD. The Internet Connection Sharing Wizard will nowtake you through a couple of simple steps to set up sharing. Don't worry about thefloppy disk the Wizard asks you for - put one in just to keep it happy, but you won'tneed it. When the Wizard is finished you will be prompted to restart your computer.

If you're with Telstra there's one more thing you need to do. Telstra's computers sendout a so-called "heartbeat" network signal every few minutes that attempts to open aconnection on your server computer; if the heartbeat can't open this connection thenTelstra assumes that you've disconnected from the internet and shuts down yourconnection. Unfortunately, Microsoft's Internet Connection Sharing interferes withthis heartbeat signal, causing your internet connection to drop out every few minutes!Luckily there's a simple fix - download this registry patch and double-click on it tomodify your Internet Connection Sharing settings to allow the heartbeat through. You

only need to do this on the server computer.

Now all you need to do is configure the software on the client machines (see below)and you're done!

56


57/84

Microsoft Internet Connection Sharing for Windows 2000/XP

This is very easy to set up - even easier than Internet Connection Sharing forWindows 98! As with ICS for Windows 98, it is not very powerful, and is thus mostsuited to beginners or those with a tight budget.

To set up Internet Connection Sharing for Windows 2000/XP, open the Control Panelon the server computer and choose "Network and Dial-up connections". Right-clickon the network card that's connected to the cable modem and choose "Properties".Click on the "Sharing" tab and tick "Enable Internet Connection Sharing for thisconnection". Now click "OK" and - drumroll - that's it!!

The Telstra heartbeat issue (see above) does not affect Internet Connection Sharingfor Windows 2000/XP, so you don't need to worry about it. Therefore, all you need todo now is configure the software on the client machines (see below) and you're done!

57


58/84

Sygate Home Network

This software is very popular because it's easy to use, powerful and reasonably priced.

Installation is easy. Download the software from http://www.sygate.com. Install

Sygate on the server computer by running sygate.exe. When the installer aks youwhich mode to install as, choose server mode and click "OK". For now, just click "Iam a trial user" when prompted. The "trial key" was displayed at the Sygate websitewhen you downloaded the demo; if you can't remember it you can go back to the link(it doesn't change very often). You don't need to enter a user name; just enter then trialkey and click "OK". Restart the computer when prompted

That's it! Once your server's restarted, your client machines should be able to accessthe internet!

Tip: You'll probably want to go into the Sygate Manager (which loads at startup) and

tell it NOT to load at startup, since it's quite annoying. You do this by clicking on the"Tools" menu and unticking Load Manager at startup. Note that the Manager and theEngine are 2 different things - it is the Engine that actually does the NAT routing; theManager is only for configuring things. So you probably want the Engine to startwhen Windows does, but not the Manager...

58


59/84

NAT32

NAT32 is quite poweful, yet it's the cheapest of the commercial NAT routers. Itsmain advantage is its price; its disadvantages include that it's much harder to set upand that the client computer/s seem to get a slower connection than the server does.

To install, download the software from http://www.nat32.com. Unzip the file youdownloaded to C:\Nat32 on the server. Open your by-now familiar Network ControlPanel, and click on "Add...", choose "Protocol" then click "Have Disk...". Under"Copy manufacturer's files from:" type in "C:\Nat32" and then click "OK". Select thecorrect version of the NDIS3PKT driver depending on your operating system andclick "OK". Click "OK" to exit the Network Control Panel. You'll need yourWindows CD and then you'll need to restart your computer.

Run C:\Nat32\Setup.exe to install NAT32 proper. The installation program is ultra-fast and for once you won't have to re-start you computer.

Now run "Configure NAT32" from your start menu. When asked to select whichInterfaces you would like NAT32 to use, make sure that both your network cards areselected (if you have no other network devices you can just click "Select all"). Makesure "Create a shortcut" is ticked - this is useful for starting NAT32 later. Click

"Continue..."

59


60/84

Next you need to configure your Interfaces. In my installation of NAT32 everythingwas already correct and I didn't need to change any settings. The main thing to be sureof is that the network card connected to your home network has "Secondary" tickedand "Share" unticked, whereas the network card connected to your cable modem has"Primary" and "Share" ticked.

60


61/84

Click through the remaining dialog boxes until you get to the console window:

Now, unfortunately, you'll need to change a couple of the TCP/IP settings that I toldyou to put in earlier (sorry!). Basically, on each clientcomputer you need to open the

Network Control Panel, click on "TCP/IP" (or "TCP/IP -> [name of network card]" ifthat's what you used before) and click on "Properties". In the "Gateway" and "DNS"sections, you need to change the "192.168.0.1" entries to "192.168.0.100" - you dothis by clicking the old entry and then clicking "Remove", and then adding the newentry (ie 192.168.0.100) in the same way as you originally added 192.168.0.1. Click"OK" twice to exit the Network Control Panel and suffer yet another Windows restart.

Now you need to do configure the software on the client machines (see below) andyou're done!

61


62/84

WinRoute Lite

WinRoute is great because it is easy to install, has excellent NAT routing, and (thisfeature's awesome) it features a powerful built-in firewall. I would recommend it toeveryone - in fact, I guess I do - butit is by far the most expensive program of the

ones on this page!

To install WinRoute Lite, download the software from http://www.kerio.com. Installthe software on the server by simply running the installation program youdownloaded. You will be prompted to restart your computer.

Once back into Windows, double-click on the WinRoute icon in your system tray (atthe bottom right of your screen). Click on the "Settings" tab. Under "Select theadapter used for Internet connection", click on "2nd network adapter..." and choosethe network card that is connected to your cable modem.

If you're using Telstra, the firewall in WinRoute will interfere with the heartbeat fromTelstra's computers (see above, in the Internet Connection Sharing for Windows98SE/ME section). To get around this, you need to map some ports. In the "AdvancedSettings" section, click on "Settings..." and set up these port mappings: Protocol UDP,Listen port range 1024-5055, Destination port range 1024-5055, Destination IP192.168.0.1.

Now all you need to do is configure the software on the client machines (see below)

and you're done!

62


63/84

7.2 Configuring the software on the client computer/s

This is so easy that it hardly merits a place on this page! All you have to do is a littlebit of mucking around with the setup of each of your programs - and in fact, mostprograms don't need any changes at all, and therefore most of them should already

work! If they don't, they simply need to be told to access the internet through a LAN(local area network - your home network!) rather than a traditional modem. Forexample, in Internet Explorer, go to the Tools menu and select "Internet Options".Click on the "Connections" tab and select "Never dial a connection". Simple eh? :-)(For best performance you should also click on "LAN Settings..." and make all thesesettings the same as they are on your server computer.)

63


64/84

8. Securing your network

Unfortunately, a high-speed internet connection comes with a price - your system isexposed to the world. It is critical that you protect yourself from an attack by ahacker; this section will describe how.

Understanding internet connections

Before discussing the types of attacks and how to stop them, it is necessary tounderstand a little about how internet connections are made...

For 2 computers on the internet talk to one another, a TCP/IP connection must first beestablished. To establish a connection, one computer sends a message to the othercomputer, requesting a connection. It's like one computer is making a phone call tothe other. Also like a phone call, the initial request for a connection is one-way; but

once the connection is established, each computer can send and receive information.For a connection to be established, the computer that receives the connection requestmust have a program running that is "listening" for requests (waiting for a phone call)and is willing to make TCP/IP connections (pick up the phone and talk) - such aprogram is called a "server" (nb different from the "server PC" in a home network),and examples would be webservers and FTP servers.

An example of a TCP/IP connection request is when you request a webpage - yourcomputer sends a request to the webserver to establish a TCP/IP connection and shareinformation. Think of this as an "outgoing" connection request, since the request goesoutfrom your computer (inside your home network) to the internet (outside your

home network). Conversely, if you were running your own FTP server at home, thenwhen other computers on the internet tried to connect to it, they'd be sending"incoming" requests for TCP/IP connections. (For more detailed information aboutTCP/IP connections, see section 10)

Attacks against your network

Attacks against your network can be via a malicious TCP/IP connection or via a virus.There are therefore 3 major, discrete types of attacks that you need to protect against:

1. "Incoming" attacks2. "Outgoing" attacks3. Viruses

1. An "incoming" attack is when a computer somwehere on the internet tries to getinto your computer by compromising any "servers" that you may be running(webserver, FTP server, mail server etc). "Servers" listen for connection requests, andare thus potentially vulnerable to malicious connections initiated by an incomingconnection request. You might think "but I don't run a webserver, or a mail server, oranything like that!", but you'd be surprised how many "servers" you can accumulatewithout realising it - ICQ for example acts as a server when somebody sends you a

64


65/84

file. Also, some versions of Windows come with "Personal Web Server" pre-installed,a gross security risk that most users are unaware of. The only way to be sure that youhaven't accidentally got any servers open to the world, waiting to be compromised, is

to block all incoming connection requests with a firewall. A firewall is (essentially)something that selectively blocks TCP/IP communication. You can then specifically

tell the firewall to allow certain applications (eg ICQ) to act as "servers". (Side note:generally only the "server computer" in your home network is vulnerable to this kindof attack, because NAT routing works in such a way that the client computers areunable to run "servers")

2. An "outgoing" attack may occur if you've accidentally downloaded a trojan (aspecial type of virus) that wasn't picked up by your anti-virus software. The trojan can"dial home", ie send an outgoing connection request to a hacker's computer. Once

established, the connection could be used for pretty much anything - forcing yourcomputer to attack a web site, deleting all of your files, stealing your credit carddetails etc. Every computer in your home network is vulnerable to this type of attack.

Since the trojan runs on your computer and sends outconnection requests to hacker'scomputers, a firewall is necessary to block all outgoing connection requests.However, outgoing connection requests are necessary for the normal use of theinternet - if you did block them all, none of your normal internet programs, such asweb browsers and email clients, would be able to use the internet! Therefore you needa firewall capable of "allowing" certain, approved applications to send "outgoing"connection requests, while preventing all other applications from doing the same.

3. You need to have an up-to-date, properly configured anti-virus program.

How to protect yourself

There are various options for firewalling, ranging from free software firewalls (oftenworth every cent!) to dedicated, physically separate hardware firewalls for theparanoid. The problem with most firewalls, however, is that while they're all quitegood at blocking incoming attacks (number 1 above), most of them are completelyunable to deal with outgoing attacks (number 2 above). For example, the firewall inWinRoute Lite, whilst excellent at preventing incoming attacks, can not prevent

outgoing attacks without completely disrupting internet usage - this is because it'sunable to distinguish whether the outgoing connection requests come from an"approved" application or from something else.

65


66/84

Therefore I recommend to all Windows users that they use ZoneAlarm(http://www.zonelabs.com), which is free for personal use and has an excellentreputation for protecting against both incoming (1) and outgoing (2) attacks. It should

be installed on every computer in the network, because every computer is vulnerableto (2).

The old adage is that "it's impossible to make Windows secure", and that's probablytrue. However in my opinion, ZoneAlarm is as close as you can get to securing yournetwork without being silly. A reasonable alternative is Tiny Personal Firewall(http://www.tinysoftware.com). Sygate Personal Firewall (http://www.sygate.com) is

also quite good, but (at least until recently) it's been plagued by inadequateidentification of programs - for example, if you downloaded a trojan which renameditself to "iexplore.exe" then Sygate would let it send an outgoing connection request,thinking that it was Internet Explorer. I believe that's been fixed now, but ZoneAlarmwas never vulnerable in that way and is still the firewall of choice.

In terms of anti-virus software, you should already have an anti-virus programinstalled (!), but if not, I recommend Norton Anti-Virus (http://www.symantec.com) -it seems to catch more viruses than any other software, and its interface is quite good(eg automatic updating of virus definition files, which is a total breeze on broadband).

66


67/84

Installing ZoneAlarm

ZoneAlarm is FREE for personal use, but don't let that put you off - it's excellentsoftware. For the reasons outline above, I strongly recommend that you install it onevery computer in the home network, not just the server computer. Here's how:

1. Download the free personal edition of ZoneAlarm fromhttp://www.zonelabs.com

2. Run the zonalarm.exe installer. Installation is fairly straightforward - youshouldn't have any problems here

3. You'll need to play around with the settings to get everything workingsmoothly. I found that changing the security settings to Low for "Local" andMedium for "Internet" did the trick.

4. Repeat steps 2-3 for every computer in your home network.

67


68/84

Testing your firewall

There's no good having a firewall if it's not working properly! No matter what firewallprogram you're using, you should test it to make sure it's protecting you the way itought to. Probably the easiest way to do this is go to the Gibson Research Corporation

(http: //grc.com), follow the links to "ShieldsUp!" (you have to follow 2 links), andclick "Probe my Ports". You should aim to have all of your ports as "stealth".

If you're on Optus, don't worry about the results for ports 25, 39 and 80 - these portsare blocked by Optus, so whatever the results of the scan are, they're nothing to dowith your firewall. Similarly, Telstra blocks port 39.

Other precations

Use good anti-virus software, and keep it up to date! Similarly, be sensible when

using the internet - never open email attachments unless you know who sent them toyou and what they are; never run programs from the internet unless you trust thesource, and even then make sure you've scanned the program for viruses.

Windows users should think very seriously about abandoning Internet Explorer andOutlook/Outlook Express, which have been the greatest spreaders of viruses(including trojans) for years. There are better alternatives! For much safer webbrowsing, with more features than Internet Explorer, try Mozilla(http://www.mozilla.org) or Opera (http://www.opera.com). For a safe and powerfulalternative to Outlook/Outlook Express try Mozilla Mail (part of Mozilla) or Eudora(http://www.eudora.com).

68


69/84

9. Patting yourself on the back

Congratulations! You've just set up a home network that allows the secure sharing ofan internet connection, files and printers! Now you're an expert and can do it for afriend!

Now you may want to try your hand at advanced NAT configuration, read the FAQ,or check out the links at the end of the guide for further information relating to sharedcable modem access.

69


70/84

10. Advanced NAT configuration

The following pages contain instructions for advanced NAT configuration using portmapping. Port mapping is required for some specific things, such as client computersreceiving files via ICQ. It is not necessary to read any further unless you wish to

enhance your network with this kind of functionality.

Read below to find out more about port mapping; or you can just follow these quicklinks:

10.1 Mapping ports on the server

10.2 Configuring server programs on the client

What is a port, anyway?

For 2 computers on the internet talk to one another, a connection must first beestablished. To establish a connection, one computer (the client - NOT the samedefinition as was used for the local network you've already set up!!!) sends a messageto the other computer (the server), requesting a connection. It's like one computer ismaking a phone call to the other. Also like a phone call, the initial request for aconnection is one-way; but once the connection is established, each computer cansend and receive information.

Now extend the phone call analogy to imagine that instead of 2 people talking on the

phone, a person from one large company calls a person from another large company.Each company has heaps of phones, but the caller uses just one of their company'sphones to call out, and the person receiving the call uses just one of their company'sphones to answer. All of the phones in one company share the first few digits of their

phone number, but they each have a different extension.

In an internet connection, a similar process occurs. Each computer has many "ports",and when a computer sends a connection request, it sends it from a particular"outgoing" port on that computer (ie the client) to a particular "incoming" port on theserver. Thus the first part of the "phone number" is equivalent to the IP address of therelevant computer, and the "extension" is equivalent to the port number.

For example, let's say you surf to www.optushome.com.au, which has an IP addressof 203.164.1.237. Your computer (the client) sends a connection request from aparticular port on your computer (it doesn't matter which) to 203.164.1.237, port 80.Port 80 is the standard port number used for web browsing. The webserver accepts theconnection, and sends you the webpage. Now you have a connection established withthat computer (203.164.1.237) and you can request webpages, files etc and it can sendthem to you. Your computers can continue to talk until one of the computers closesthis connection. All of this is handled by your web browser, so you don't need toknow what's going on underneath the shiny surface.

70


71/84

Everything you do on the internet is based on this simple premise - communicationbetween 2 computers is established after one computer requests a connection from theother. Note that the outgoing port is generally unimportant, whereas the incoming port(which is specified by the computer requesting a connection) is very important, asdifferent services are assigned to different ports (eg port 80 for WWW). So the client

computer could request a connection on a weird port such as 8754, and the server mayaccept it; but more likely the server will think "8754? What on earth is that for?" andreject the request.

Some more examples of connections include:

- FTP - Your computer (the client) sends a request from any port to port 21 onthe server

- Sending email - Your computer (the client) sends a request from any port toport 25 on the server (the SMTP server)

- Receiving email - Your computer (the client) sends a request from any portto port 110 on the server (the POP server)

- Sharing files with Napster - (1) If you are downloading from another user,your computer is the client. Thus your computer sends a request from any port

to port 6699 on the computer with the song you're downloading. Thisincoming port doesn't need to be 6699; it can be anything, and is specified bythe Napster preferences on the other computer. However, 6699 is the default.(2) If, on the other hand, another user wants to download a song from you,their computer sends a request from any port to port 6699 (or whichever

you've specified in your Napster preferences) on your computer.

- Sharing files with ICQ - This is similar to Napster, but ICQ likes to usemultiple ports. So (1) If you are sending a file to another user, your computeris the client - it sends a request from any port to "a port" on the computer thatyou're sending the file to. I say "a port" because it depends on the ICQconfiguration of the person you're sending the file to; it generally has to bewithin a range, eg between 20000 and 20009. (2) If, on the other hand, anotheruser is sending a file to you, their computer sends a request from any port to "aport" (specified in your ICQ preferences) on your computer.

Did you get all that? :-) You may need to read over it a couple of times to understandexactly what I mean. Anyway, the important thing is this - any computer in your

network that is receiving its internet connection via NAT (basically your clientcomputers, and I'm going back to the definition of client that we were using in the rest

of the guide) can send connection requests, butcan not receive them.

The ramifications of this are easy to determine if you look at the above examples ofconnections. WWW, FTP, sending email and receiving email work fine; as do

downloading in Napster and sending files in ICQ. However, allowing others todownload from you in Napster, and receiving files in ICQ, require that your computercan receive a connection request. Thus, none of your client computers can upload in

71


72/84

Napster or receive files in ICQ.

Port mapping

Port mapping is a feature of a NAT program that gets around this problem. Normally,any incoming connection requests go straight to the server computer. The servercomputer has no way of knowing which computer on the home network theconnection request was intended for, so by default it takes all such requests. Portmapping is a process whereby you can tell the server computer "please forward anyrequests for a connection on port x to computer 192.168.0.y".

For example, let's say you had a client computer, 192.168.0.2, running Napster; andthat you wanted people to be able to download your shared songs. Let's say Napsterwas configured to accept connections on port 6699, the default. You could configure

your server to allow this by saying "please forward any requests for a connection onport 6699 to computer 192.168.0.2". If you had another computer, 192.168.0.3, alsorunning Napster, you could configure its version of Napster to accept connections onport 6700. Then you could configure the server to "please forward any requests for a

connection on port 6700 to computer 192.168.0.3".

Port mapping thus allows your client computers to accept connections from othercomputers on the internet, which they would have been otherwise unable to do. Themost common applications of this are Napster and ICQ, but it is equally applicable toany program that needs the computer to accept connections.

To learn how to set up port mapping on your home network, continue...

72


73/84

10.1 Mapping ports on the server

For each NAT routing program I'll show you how to set up port mapping by way of 2examples - Napster (a program that requires a single port) and ICQ (requiringmultiple ports).

Windows 2000/XP Internet Connection Sharing

To map ports in Windows 2000/XP ICS, open your "Network and Dial-upconnections" Control Panel. Right-click on the network card that's connected to theinternet and choose "Properties". Click on the "Sharing" tab. Click on "Settings".Click on the "Services" tab. Here you can add port mappings.

The first example is Napster - let's say you want the computer 192.168.0.2 to receive

connections on port 6699 so that it can share files. You would click "Add...". Call thisport map "Napster6699", choose service port number 6699, TCP, and enter192.168.0.2 as the IP address. Click "OK" to add this port mapping to Windows ICS.If you wanted 192.168.0.3 to receive Napster connections as well, you could do thesame thing but with port 7000, and so on.

73


74/84

Now for ICQ. Later you'll need to configure the ICQ program on the client computerand tell it exactly which ports it should use to accept connections. I recommend usingports 20000-20009 for the first computer running ICQ, 20010-20019 for the secondone and so on. Thus, to enable ICQ to receive files on the computer 192.168.0.2, addport maps for ports 20000-20009. Click "Add...". Call this port map "ICQ20000",

choose service port number 20000, TCP, and enter 192.168.0.2 as the IP address.

74


75/84

Now do the same for ports 20001 to 20009. You should see something like this:

You now know how to add port mappings for applications that need to acceptconnections on 1, or multiple, ports. You should now be able to add port mappings forany other applications that need to accept connections. Good luck!

However, these port mappings won't work unless the relevant applications on theclient computer/s are set up properly. To learn how to do this, continue...

Sygate Home Network

Coming soon!

NAT32

Coming soon!

75


76/84

WinRoute Lite

Coming soon!

76


77/84

10.2 Configuring server programs on the client

Napster

The default port for Napster to accept connections on is 6699. It's fine to leave it as

6699 for the first computer running Napster, but for each subsequent computer youshould add 1 to the port number. To tell Napster which port to accept connections on,open the File menu and choose "Preferences...". Click on the "Transfer" tab. The bityou're interested in is "Share files with Napster users on TCP port".

77


78/84

ICQ

Open ICQ on the client computer. Click on the "ICQ" button and choose"Preferences". Open the "Connections" section. Tell ICQ that you have a permanentconnection, and to determine your IP address automatically.

78


79/84

Now click on the "Server" tab and tell ICQ that you're using a firewall, but not using aproxy.

79


80/84

You shouldn't need to change anything in the "Firewall" tab; it should look like this:

80


81/84

Now, finally, you get to tell ICQ which port numbers to accept connections on. Clickon the "User" tab and choose "Not using Proxy", click "Use the following TCP listenport for incoming event", and enter a port range. ICQ needs to be able to acceptconnections on several ports to work properly; I recommend using ports 20000-20009for the first client, 20010-20019 for the second client and so on.

Other applications that need to accept connections

As you can see, the exact configuration of each program is different, but the generalprinciples are the same. For each program on each client computer, you need to (1)

configure the server computer to map a port or port range to that client computer, and(2) configure the program on the client computer to accept connections on that port orport range.

81


82/84

Some useful links

General

AusForum (http://www.ausforum.com) - This forum is a great starting-point forAussies who either have a cable modem or are considering getting one

Whirlpool (http://www.whirlpool.net.au) - Whirlpool is an Australian broadband newsand discussion portal, which also has some very useful information including anAustralian Broadband FAQ

AUSBUG (http://www.ausbug.org)- The Australian Broadband Users Group

whatis.com (http://www.whatis.com)- A useful glossary of technical terms

Cable modem providers

Optus@Home (http://www.optushome.com.au)- The better of the 2 cable modemproviders, because it's much faster, much more reliable and doesn't have a login client

Telstra Bigpond Broadband (http://www.bigpond.com/broadband) - The other cablemodem provider in Australia

Networking

Practically networked (http://www.practicallynetworked.com) - Lots of goodinformation on home networking, including information for Macintosh users

Internet connection sharing software

Sygate (http://www.sygate.com)- The most popular software

WinRoute (http://www.kerio.com)- The most powerful software that I've seen forhome use

NAT32 (http://www.nat32.com)- The che

Documents

Cable Sharing Internet Connection Guide