If you're hungry enough
for the Internet and busted out the big bucks to pay for high speed Internet
access, chances are that you have more than one computer at home and would
like to get all of them online. I know a bunch of people who have 8-10
computer at home sharing one DSL line. As long as everybody isn't downloading
huge files at the same time, sharing should not be a problem at all.
So how do you share your
newly begotten high-speed line? The official method that the service provider
would like you to follow is to pay for each additional computer. If you
have dynamic IP addresses, your provider would then provide you with additional
dynamic IP's. Same goes for the static IP addresses. However, depending
on your provider, each additional computer is going to cost quite a bit
of money. For example, my DSL provider charges an extra $8 bucks for each
additional static IP address. Too rich for my blood.
So we come down to two alternative
methods of sharing a high-speed line: the software NAT and the hardware
router (hardware NAT).
Note: For the following discussion
about IP numbers, we are talking about IP numbers within a LAN, NOT the
IP number that your DSL/Cable provider has given you which we called the
WAN or Wide Area Network. You cannot reach your computers in your LAN from
the Internet by using your internal network number, but must use the WAN
IP number. Still confused? Don't worry, keep reading and it'll make more
sense later on.
NAT stands for "network address
translator", which allows several computers to share one Internet connection.
Each computer in your local area network or LAN is given an internal IP
number. Each computer needs a LAN IP address so that the NAT can keep track
of where the web requests came from. It then takes all the web requests
and pretends to be the WAN IP number your provider assigned. Basically,
it translates your LAN IP number into your WAN IP so that all the LAN IP
numbers appear as your WAN IP number. That way all your LAN computers can
access the Internet.
For both software and hardware
NAT, the computers in your LAN must each have an IP address to connect
to the router. You can do this in several ways. You can manually assign
each computer an IP number or you can have the router assign IP numbers
to your LAN computers. The advantage of having dynamically assigned IP
numbers from your router is that you can add computer without the hassle
of seeing if certain IP numbers are available or not. The router will automatically
give out IP numbers that are open. Alternatively, you may have a separate
server that assigns IP numbers to your network.
In certain cases, you may
have a mixed network of assigned IP number and static IP numbers. For example,
all my computers at home get their IP number from the router dynamically
assigned because it really doesn't matter which IP number it has, nor does
it matter if that number changes or not. However, for my server, I want
to have the same IP number all the time so my router knows where to send
all web requests, so I have a static IP number assigned to the server computer.
The only precaution you want to have is to make sure the static IP number
you assign to your server is not within the range of dynamic IP numbers
that may be given out to other computers otherwise there may be a conflict.
My server has the IP number
192.168.1.20. The assigned range of dynamic IP numbers is from 192.168.1.100
to 192.168.1.200 so I can be sure that there will not be a conflict.
Software routers are NAT's
or Network Address Translators. These types of software take one the IP
addresses from your provider and then allow several computers in your LAN
to share that number. Typically, the host computer that runs the software
router programs will have two network cards. One network card connects
to the DSL/Cable line and the other network card connects to your LAN.
This computer running the NAT must be on when people on the network access
There are several software
routers out there such as Wingate and Sygate which both cost money. They
are good products, but since we at DSLwebserver.com like to do things as
inexpensively as possible, we use something that most of us already have
included with our operating systems, namely Internet Connection Sharing
or ICS. You'll find ICS in Windows 98 SE (not regular win98) and all of
the Windows 2000 family. For you Linux users, I believe you can simply
download a NAT from the vast Internet for free, but I could be wrong. ICS
works just like Sygate and Wingate and works for both regular dialup modems
and DSL/Cable. Don't laugh about sharing a modem, for about a year and
a half, I had 4 users sharing a 56k modem. For light web surfing, it was
very decent. However, if somebody on the network started to download something,
then everything slowed to a crawl. I've used ICS on DSL and that also works
well. ICS does have a few limitations. ICS requires that the host computer
be the DHCP server that dynamically assigns IP numbers across your network.
This may be problematic in a few cases. Also, ICS is limited to 10 simultaneous
connections (computers sharing a line)
Wingate and Sygate both have
their loyal following, but make check to see if their pricing plan fits
Routers - Price: $100+
Hardware routers have several
advantages that make them more practical than software routers. Hardware
routers are stand-alone devices that allow you to share a single connection
to the Internet. In most cases, the hardware router also acts as a firewall
for protection. Since DSL and Cable are "always on" connections, you become
much more vulnerable to attacks from malevolent hackers. This is especially
true if you have a static IP address since the hacker can "bookmark" your
IP address and take a look later when s/he acquires the proper tools to
hack into your system.
Hardware routers also allow
you to put your server BEHIND the firewall instead of BEING the firewall
(with software routers, the server computer would run a firewall program
and be directly accessible to the Internet). Some would argue that there
is little difference, but I like the fact that there is more distance between
the server and the Internet.
Hardware routers also do
not require your computer to be on all the time. The router stays on all
the time and should rarely go down. If you had a computer acting as a software
router, anytime that computer rebooted or crashed, the entire network would
lose connectivity to the Internet for a period of time.
Most hardware routers include
a DHCP server that assign IP numbers across your network. This is handy
if you are constantly adding or removing computers from your network. Remember
to have only one DHCP server on a network otherwise you'll get errors as
two DHCP servers fight with each other to assign IP numbers. It could get
Whether you get a software
router or hardware router, an important feature to look for is the ability
to run servers on the network with the router.
If your server IS the router
as with ICS, then don't worry about this because your server is directly
connected to the Internet. In the rest of these cases, the server is behind
the firewall and is not directly connected to the firewall. Hopefully I'll
be able to get some diagrams in here to illustrate what I mean in here
You need to punch holes
in your firewall or router to allow your sever to talk to the outside world.
The best way to do this would be to open "ports" in your firewall/router
to allow certain types of web traffic to enter your network. The not so
desirable way would be to put your server on the DMZ or demilitarized zone.
When you put any computer in the DMZ, it has ZERO protection from the firewall.
DMZ's allow certain programs to work that normally don't work behind a
firewall but remember, there is no protection from hackers.
Most hardware routers and
some software routers, allow you to forward ports to certain IP numbers
on the network. Two things must be done here.
As I mentioned before, each
computer on your network needs an IP number. How your computer gets those
IP numbers is up to you. If you manually assigned each computer a static
IP number then you don't have to worry about item 1. If you have a DHCP
server on your network which assigns IP numbers dynamically, then you do
need to worry about 1. Most routers (soft or hard) allow you to control
the range of the IP's that are dynamically assigned. The range should be
less than 50 unless you have more than 50 computers at home (then why the
heck are you even reading this!) Then simply assign a static IP address
to your server. Like I said before, my server is given the IP number 192.168.1.20.
The assigned range of dynamic IP numbers is from 192.168.1.100 to 192.168.1.200
so I can be sure that there will not be a conflict. So far, so good.
The server must have a static
internal (LAN) IP address.
You must decide which ports
Next you need to decide which
ports to forward through your router to your server. Ports are basically
doorways into your computer. Each type of web traffic has to go through
a certain port number. Ports are also holes that hackers can exploit to
hack into your computer network so the less ports open, the better.
Here is a list of common
I personally only have two ports
open, 80 for http and 25 for SMTP email. I don't need the rest.
162 (SNMP Trap)
In your router's control
panel, you can choose which ports are open and to which computer they will
be forwarded. I have my system setup so that ports 80 and 25 are forwarded
to the LAN IP number of my server.
A problem with port forwarding
is that some applications need a range of ports, not just individual ports
which can lead to problems. For these applications, you may have to temporarily
move that computer to the DMZ, but remember to move it back inside the
firewall when you're done!
and Software router?
Ever wonder what you're
going to do with that old 486/66 lying in the corner of your closet? Turn
it into a router! There are several companies that have created versions
of Linux that will fit on a floppy disk that act as routers and firewalls.
These programs are usually free. Take that old computer, pop in two network
cards configure the Linux router / firewall and you now have yourself reliable
router. Sure it takes up more space (and electricity) than a modern hardware
router, but at least that old 486 has new life!