Internet access has become an all but ubiquitous element of personal computing, and providing access through a single routed connection is one of the best reasons for building a home or small business network. Both of the scenarios in Chapter 1 describe environments in which shared Internet access can save money and provide added convenience to the network's users.

You may be familiar with the term router as describing an expensive, standalone device that large organizations use to connect their networks. In fact, a router can be any system that connects two networks and enables traffic to pass between them. You can use a standard PC running Windows 98 as a router, as long as you add a routing software program. You can also use Windows NT as a router, right out of the box, or you can purchase a separate router device.

A router can connect any two networks together, but when you're connecting to the Internet the other network is run by an Internet Service Provider (ISP) that provides you with Internet access for a fee. The connection to your ISP can take many forms, from a basic dial-up telephone connection to any one of several high-speed technologies. The type of connection that you choose to install will influence the ISP you select, the type of router you will need, and ultimately your Internet performance (not to mention the size of your monthly bills).

Once you have your network configured with a shared Internet connection, a user on any system will be able to access a web site or any other Internet resource at any time without the need to dial up and establish a separate connection. You will be able to leave your e-mail application open all day and receive new messages as soon as they arrive at the mail server. You may even choose to host your own web site on one of your computers.

This arrangement is not without its own drawbacks, however. Chief among these is security. Unless you configure your router and your other systems correctly, it may be possible for users on the Internet to access your network systems just as easily as you can access Internet servers. There is an entire computing subculture that delights in acts of high-tech vandalism, and the Internet is their playground. Protecting a small network against the intrusions of these miscreants is not difficult, but it is very important for you to keep network security in mind all through the process of planning your Internet access strategy.

The basic steps for installing a shared Internet connection are as follows:

These processes are inter-related in many ways. For example, the connection type you choose will largely dictate the ISP you select. You must understand what's involved with all of the processes and plan your strategy before you commit yourself to any one technology or vendor. The following sections examine each of these elements.

The type of Internet connection that you select for your network will dictate the speed of your access, the difficulty of installation, and the overall cost, including initial expenditures as well as monthly bills. You should carefully consider your present and future bandwidth needs as well as those of your users before you commit to a particular connection type.

Switching to a different type of connection later in the game may cost you dearly, both in terms of hardware that you no longer need and in non-refundable setup fees for the various technologies. In general, the costs of a connection can be levied in four ways:

Dial-up connections are easy to implement, quite inexpensive, and they are probably what you are using now. When you decide to share a dial-up Internet connection, you eliminate the need to provide a modem, phone line, and ISP account for each of your users. A single modem connection on one PC provides access for all of the users on your network. However, this is also the slowest option available to you. The modem bandwidth is effectively split between all of the users accessing the Internet at the same time.

In the Windows 98 networking architecture, a dial-up connection functions just like any other network connection, except that the modem functions as the network interface, instead of a network interface card. The Networking Control Panel contains a Dial-up Adapter module as well as protocol modules, bound to that adapter, for all of the protocols installed on the system, as shown in Figure 10-2.

When you set up the system to use a Dial-up Networking connection, there is no need to configure the TCP/IP properties for the interface because they are assigned by the server you connect to on your ISP's network. When your computer is connected both to the ISP and to your LAN, it has two IP addresses, one for your local network and one for your ISP's network. Dial-up Networking also configures your system to use the ISP connection as your default gateway. This means that all traffic that is not destined for your local network is transmitted out over the modem interface to the ISP's network and eventually to the Internet.

Sharing a single dial-up connection is an effective, economical solution for networks that do not require a large amount of bandwidth or that do not have many users accessing the Internet simultaneously. For a home network that is primarily recreational and that requires only basic e-mail and web browsing, a shared dial-up connection is adequate because Internet access is not time-sensitive. The delays that will occur when two people are browsing the web simultaneously can be solved by one person waiting until later. A shared dial-up connection is particularly well-suited to a home office environment in which one user has two or more networked computers. The single connection makes it possible to access the Internet from any system, without the need to break the connection on one computer in order to connect with another.

For a small office that requires only e-mail, a dial-up connection can serve approximately six to ten users with performance that is adequate. However, large attachments to e-mail messages can slow the service down for everybody on the network. For web browsing by multiple users in a business environment, a dial-up connection is usually inadequate, as you can be sure that your employees will be doing some recreational browsing as well as business-related activities.

There are literally thousands of ISPs today, local and national, that provide dial-up Internet access for fees that are usually around $20 per month. As long as you have unlimited local phone service to one of the ISP's access nodes, the telephone charges are minimal. However, one of the most important questions involved in sharing a dial-up connection is whether or not the modem will be continuously connected to the ISP.

Most of the ISPs that advertise an unlimited connection to the Internet actually have some sort of limiting policy in place. In most cases, you cannot pay $20 per month and remain connected around the clock, seven days a week. Unfortunately, when you are sharing a dial-up connection with your network, this is likely to be what you want to do. One of the great benefits of Internet access through the network is the ability to open a web page or receive an e-mail at any time, without the delays involved in dialing the ISP, connecting to the server, and logging on to the network.

Some ISPs impose a limit on the number of consecutive hours you can remain connected while others allow a certain number of hours per month. For a 9-to-5 office connection, you may be able to find an ISP that allows you to remain connected for eight consecutive hours. The best way to determine the connection time limits is by discovering them yourself. Asking an ISP if you can remain connected around the clock will almost certainly get you a "no" answer, even if they don't have an official policy in place, because the equipment and bandwidth that you'd be utilizing is worth more than $20 per month.

Like many other types of businesses, ISP's earn a profit by charging people for services that they do not actually use. No ISP has sufficient equipment to support all of its subscribers simultaneously. They count on the fact that only a fraction of their subscriber base is connected at any one time. By permanently connecting to a port, you're essentially occupying the resources allocated to several subscribers, while paying only a single fee.

As a result, you will have to either pay the fee for a dedicated dial-up connection, or connect to the ISP only when someone on the network requires Internet access. A dedicated dial-up is simply an ISP account in which you pay a fee for 24-hour a day use of one of their ports. Many ISPs do not offer this option, and those that do tend to charge about $80 to $100 per month for this type of connection. Some ISPs may offer a trade-off between the setup fee and the monthly fee for this service. If a larger setup fee lowers your monthly payment by a significant amount, it is probably worth the investment.

When you share a dial-up connection with your network using a standard ISP account, you can choose to manage the modem connection either manually or automatically. In a business environment, a user who is working at the PC that will function as the router can periodically terminate the connection and dial in again. Some ISPs will maintain a timeout interval on their server and will cut off a client system when it has been connected too long or idle too long. As long as there is someone there to deal with the situation, this may be an inconvenience, but not a major problem.

Most of the connection-sharing products on the market today, including the Internet Connection Sharing (ICS) feature in Windows 98, Second Edition, support dial-on-demand. This feature makes it possible to practically use a low-cost ISP account for your shared connection, but there are delays and expenses incurred by the need to repeatedly connect to the ISP.

When the router is not connected, a user at another workstation on the network that is trying to open a web page (for example) must wait for the dial-up, modem connection, and network logon processes to complete before the URL is sent to the web server. This can be disconcerting when the user is not in the same room as the router, because there is no way of knowing if the delay in connecting to the site is the result of the normal connection process, or if there is a problem. In addition, depending on your phone service, repeated calls to the ISP may cost you more than one continuous call. Another drawback to the dial-on-demand method is that if your users access the Internet frequently, your connection might still reach the ISP's timeout interval (probably during a large download or other important activity).

Naturally, when you decide to use a dial-up connection, you should try to achieve the highest data transfer rate possible. Virtually all ISPs today support 56k connections, although you will probably not be able to realize the full potential of this technology, due to hardware compatibility problems or the condition of your phone lines. If you are buying a new modem, you might want to ask your ISP who manufactures the equipment at their end and, if it's a well-known name, buy a modem by the same manufacturer.

Shared dial-up connections are only suitable for small networks with light Internet access requirements. For a basic two-node home network it can be sufficient, but for a business that requires anything more than Internet e-mail access, a faster connection is strongly recommended. The following sections examine some of the practical alternatives to standard dial-up telephone lines.

There are two standard types of ISDN service, called Basic Rate Interface (BRI) and Primary Rate Interface (PRI). The ISDN bandwidth is broken down into segments called B channels, which usually run at 64 Kbps and D channels, which run at 16 or 64 Kbps. BRI service consists of two B channels and one 16 Kbps D channel, for a total bandwidth of 144 Kbps. This is sometimes called 2B+D service. PRI service consists of 23 B channels and one 64 Kbps D channel, for a total of 1,536 Kbps. For a home or small business network, BRI service is the most common solution.

In an ISDN connection, it is the B channels that carry the voice or data signals, while the D channel is used for control traffic. Each B channel has a number, just like a normal telephone line, that you can use to dial up your ISP or any other ISDN service. It is also possible to combine the two B channels into a single 128 Kbps pipe, to provide maximum data throughput. Because ISDN is essentially a digital dial-up service, you can change your Internet access account to another ISP without involving the telephone company.

In order to have BRI service, a site must be within 18,000 feet (3.4 miles) of a telephone company central office. Otherwise, it is necessary to add repeaters that greatly increase the cost. The hardware at the user site consists of a device called an NT1 (or network terminator) and an ISDN terminal adapter, often referred to as an ISDN modem. The NT1 provides the interface between the phone company's BRI network and your terminal devices. The terminal adapter is the device that connects to a serial port in your computer and provides access to the service. In Windows 98, the terminal adapter appears as a modem driver that you use to create a Dial-up Networking connection to your ISP.

The reason for having a separate NT1 is that it can support a number of different devices, such as ISDN phones and fax machines, as well as computers. Some ISDN hardware products that are intended only for PC networking incorporate the NT1 into the terminal adapter, which may take the form of an external device or an expansion card that you install in a PC.

While very popular in both homes and businesses in Europe (where a leased T1 line can cost upwards of $30,000 per month), the acceptance of ISDN is relatively marginal in the US, and for good reason. There are endless horror stories about the difficulties involved in ordering, installing, and maintaining ISDN connections. The cost can also be excessive. The telephone company charges differ depending on where you live, but may include both a monthly fee and a per minute charge. A per minute charge of one cent (which is typical) would yield a daily cost of $14.40 for a 24-hour connection, plus the monthly fee. Other phone companies compute their total charges based on the number of connection hours used per month. Obviously, at these rates the average user is not likely to remain connected around the clock, and even normal use can run up a serious monthly telephone bill.

However, one additional advantage to ISDN (apart from the speed increase) is that the process of connecting to your ISP does not require 30 seconds of hissing and squawking as an analog modem does. You can use dial-on-demand to connect to your ISP as needed, and gain virtually instantaneous access.

On top of the telephone company's charges for ISDN service, there is also the monthly fee for the ISP, which can also vary widely. An ISP providing basic ISDN service that is intended for home use may charge something in the area of $60 per month. Others classify ISDN as a business connection and feel justified in charging several hundred dollars per month.

ISDN has been around for many years, but it has only recently become readily available to the average user. In the past, calls to a phone company asking about ISDN service would more than likely be greeted with puzzlement. Today, the phone companies are generally more responsive, but the process of determining whether ISDN service to your location is possible, placing the order, and installing the hardware is still complex. For this reason, quite a few ISPs are offering a turnkey ISDN service in which they supply all of the necessary hardware and make all of the arrangements with the phone company for a single fee. For the consumer that is not interested in learning more than they ever wanted to know about digital telecommunications, services like these are a great idea.

When you read the following sections about cable modems and xDSL, you will see that while ISDN is a functional high-speed Internet access solution, its expense and installation difficulties relegate it to the status of a last resort, when no other adequate solution is available.

Cable modems are the most exciting development in Internet access in years. Many cable television providers are utilizing their fiber optic networks to deliver high speed Internet access over the same cable as your TV service, for a fraction of the price of ISDN. The typical price for unlimited, 24-hour access to the Internet is approximately $40 per month (in addition to your TV charges) and the practical speed can run as high as 512 Kbps, which is four times that of ISDN and more than ten times that of analog modems. When browsing the web or downloading files, the difference between a standard dial-up and ISDN is remarkable, but the difference between a standard dial-up and a cable modem is extraordinary.

One difference between cable modem Internet access and the dial-up and ISDN services, however, is that upstream and downstream access to the network typically run at different speeds. Cable television (CATV) networks are designed to carry signals primarily in one direction, downstream from the central access point to the residence. There is nearly always some bandwidth allocated for traffic running in the other direction, that is used for diagnostic functions and features like remote pay-per-view ordering, but the upstream bandwidth is usually very limited. As a result, the lightning fast speed at which you can download data from the Internet will not be duplicated when you upload, although the upstream speed will probably be far faster than a dial-up connection. Some cable companies place a cap on upstream traffic, limiting it to a maximum speed, while other systems provide no upstream service at all, requiring you to maintain a dial-up modem connection at the same time.

This difference in speeds between downloads and uploads will not affect the majority of users, who are consumers of Internet services rather than providers. However, running web servers or other Internet services on your network may not be practical, because of the limited upstream bandwidth. In fact, it may not even be possible to run Internet servers, as many cable networks use unregistered IP addresses, that make the systems unreachable from the Internet.

Unlike dial-ups and ISDN, a cable modem connection does not use Windows 98's Dial-up Networking to connect to the ISP. Instead, your cable service provides an interface to a true Ethernet network using a standard NIC installed in one of your PCs. The (so-called) modem contains an RJ45 jack that connects to the NIC with a standard UTP cable as well as a jack for the coaxial cable used to provide your cable TV service. In a home or other location that already has cable TV service, installation is simply a matter of putting a splitter on the existing coaxial cable and connecting it to the modem. The NIC installation is no different than the process you performed when setting up your LAN.

In most cases, the cable company supplies all of the hardware needed as part of a lease agreement included in the monthly fee and installs it for you as well. However, you may be able to reduce the monthly costs by purchasing the hardware outright. Be aware, however, that cable modems are not as well standardized as analog modems. If you move to a new location and have to change cable providers, you may not be able to use the same modem.

Once your PC is connected, you may have to use security software provided by the cable company to log on to the network. After doing this, you can access all of the standard Internet functions using your existing web browser and other programs. Like other ISPs, cable companies usually provide all of the standard services, such as e-mail, news, and DNS servers.

A single cable modem connection can provide Internet access to an entire small network, even when there are several users working at once. However, there are several issues that you will have to deal with in order to share the connection.

The first problem that may arise is the cable company's policy regarding networking. In most cases, the service is intended for home users and the fee covers access to the cable network by a single machine. Depending on the amount of experience the company has in supplying Internet access (which may not be much – for many cable companies it is a very new enterprise) they may or may not have a policy in place regarding networking with their service. Those companies that have experience with clients using their service on small networks, particularly the large providers like @Home and RoadRunner, will probably charge an additional fee, but they may also supply you with everything you need to provide routed access to your LAN and install it for you as well.

One of the most important considerations when sharing a cable modem connection is security. Because the cable provider is running an Ethernet network like any other, you'll be able to see the computers of other local subscribers in Windows 98's Network Neighborhood, and they will be able to see yours. When the cable company's installers connect a standalone Windows 98 system to the network, they routinely remove the File and Printer Sharing for Microsoft Networks service, so that there is no way for other users on the CATV network to access your drives. When you are running an internal LAN, however, you will want to share your drives, and the potential exists for outside users to access not only the shares on the system connected to the cable network, but the other shares on your LAN as well. You must be careful to protect your shared drives using passwords and whatever other means are at your disposal. Later in this chapter, you'll read about some routing products that can help you to protect your network from outside intrusion.

Finally, because the cable network (like any Ethernet network) shares its bandwidth among its users, there is a possibility that performance will degrade as more and more users are added to the same network. As with an Ethernet LAN, the Internet access speed may suffer during periods of heavy traffic at peak use hours. It is up to the cable company to see to it that their networks are not overloaded, but with its high speed, simplicity, and low cost, it is quite possible that cable modem Internet connections will become as ubiquitous as cable TV currently is in the American home.

xDSL, or Digital Subscriber Line services, are newly emerging technologies that provide dedicated, point-to-point digital communications to a home or business using standard copper telephone cables. Like ISDN, the service is provided by a phone company and provides all of the same advantages of a digital link over an analog one. Unlike ISDN, however, xDSL is able to support voice traffic at the same time that it is transferring data at full speed. There are several varieties of xDSL, all characterized by a different first initial. ADSL, for example, stands for Asynchronous Digital Subscriber Line, and is so named because it runs at different speeds upstream and downstream (like a cable modem connection). The primary differences between the variations are:

Most of the xDSL services run at speeds that far exceed ISDN and even cable modems for practical throughput, because an xDSL link is not shared with other subscribers; it is a dedicated connection. Depending on the technology, speeds can run from 640 Kbps to 8 Mbps or more. xDSL also provides a continuous connection, unlike ISDN which must dial a number and connect to its destination.

The hardware needed at an xDSL installation site consists only of the communications device (again called a modem) and a POTS (Plain Old Telephone Service) splitter that separates the voice from the data traffic. As long as Windows 98 treats the xDSL device as a modem, then it is possible to share the connection using any one of the techniques described later in this chapter.

Various flavors of xDSL (and particularly ADSL) are currently being deployed in limited markets, and the potential for this technology, once it matures, is great. At this time, though, it must still be considered an emerging technology, suitable for the home perhaps, but not something to rely on for mission critical business applications.

Once you have decided on the type of connection you will use to access the Internet and have installed it (or had it installed), it is time to set up the machine to route IP traffic to the systems on your LAN. TCP/IP is the lingua franca of the Internet, and all of the systems on your network that will access the Internet must have the Windows 98 TCP/IP protocol module installed.

When you configure a system to function as a router, it acts as a conduit between two networks: your home or office LAN and your ISP's network. The ISP is in turn connected to the Internet, so by sending their access requests to your router, the other systems on your network gain access to the Internet.

The original Windows 98 release, by itself, cannot route IP traffic between the two networks to which it is connected. You must use a third party product to make this possible. Windows 98 Second Edition (Win98SE) includes a feature called Internet Connection Sharing (ICS) that is designed specifically for connecting small networks to an ISP in order to share an Internet connection. Other products provide additional features that ICS doesn't, and provide Internet access in different ways. The following sections discuss the various methods of routing IP on a small network, using some of the more popular products as examples.

Windows NT 4.0 and Windows 2000, in both Server and Workstation versions, are designed to function as all-purpose IP routers, while Windows 98 is not. However, it is not necessary for you to add a Windows NT system to your network in order to share an Internet connection. In fact, the purpose of including this section is to demonstrate why you probably don't want to route IP traffic in this manner.

When you install two network interfaces on a Windows NT system, using either two NICs or one NIC and a Dial-up Networking connection, you must configure the OS to route IP if you want it to do so. You do this by filling the Enable IP Routing checkbox on the IP Routing page of the TCP/IP Properties dialog box and adding a REG_DWORD registry entry called DisableOtherSrcPackets with a value of 0 to the following key:

These changes enable the NT system to route IP traffic from one network to the other. When the NT machine is connected to an ISP and you configure the other systems on your network to use that NT machine as their Default Gateway, all of their Internet access requests will go through the NT system to the ISP's network and from there to the Internet.

This is the routing model used by large enterprise networks to connect their various segments. A router like this can connect networks that use different protocols, such as Ethernet and Token Ring, or different cable types, such as UTP and fiber optic. In most cases, large networks will use dedicated router hardware instead of Windows NT, but the principle is the same.

The problem with this method in the current scenario is that for Windows NT to route between a local network and the Internet, the local network must use IP addresses that are registered with the Internet Assigned Numbers Authority (IANA). In Chapter 6, Installing Network Hardware, you learned how a LAN running TCP/IP can use either registered or unregistered IP addresses. If a system is to be accessed from the Internet, it must use a registered IP address. The IANA maintains blocks of addresses that are designated for use on unregistered networks and are therefore not assigned to any particular organization. Internet routers do not forward these addresses, making it impossible for outside users on the Internet to access the systems on private networks that use them.

Generally speaking, for a home or small business network that will be connected to the Internet, you do not want to use registered IP addresses. This is because these addresses are visible to the Internet and will enable outside users to readily access your machines. Large enterprise networks use specialized products called firewalls to protect their local networks from outside intrusion. For your purposes, a separate firewall product is too complicated and too expensive. You can protect your systems more easily by using unregistered IP addresses and a different means of routing traffic to your ISP, such as NAT (Network Address Translation) or a proxy server.

Registered IP addresses for your network workstations are something that you have to obtain from your ISP, usually for an additional fee. A typical Internet access account includes one address for the connected system, which is dynamically assigned, meaning that you will receive a different address each time you connect. There may be an extra charge for a static address (one that doesn’t change), as well as charges of $5 to $10 per month or more for each additional address.

If you do have a specific reason to use registered addresses, such as when you want to run an Internet web server, you must take as many precautions as you can to protect your systems. Implementing strong passwords is a start, but this does not prevent all forms of intrusion. The best course of action is to not use registered addresses in the first place. If you want to run a web or other Internet server, you are better off using your ISP or an outside web hosting service that has the appropriate security in place.

Network Address Translation (NAT) is a technique that enables multiple computers on an unregistered IP network to access another network (such as the Internet) using only a single IP address. For the purposes of sharing an Internet connection the system that will function as the router runs a NAT program that performs the address translations and enables the computer to route IP traffic. The computer has one unregistered address for the NIC that connects it to the local network, and another address provided by the ISP's server for the dial-up (or other) connection.

When you run a web browser or other Internet client program on the router and request a URL, the server at the ISP sees the request as coming from the IP address assigned to the dial-up connection, which is normal. If, under these conditions, another system on the network generates an Internet access request and sends it to the router, the ISP's server will see the request as coming from an unknown, unregistered IP address, and will not process it properly. When NAT software is running on the router system, each request generated by an unregistered network system is modified to appear as though it came from the IP address assigned to the dial-up connection. The ISP's server passes the request along in the normal fashion and returns the results to the router, which forwards it to the original requestor. A typical traffic exchange using NAT proceeds as follows:

A big advantage of using NAT to share an Internet connection is that no modification is required to applications on the network workstations. With a proxy server, you must configure each web browser (and other Internet client applications) with the IP address of the proxy server. NAT requires only that you use the IP address of the NAT router as the default gateway for each system on the network; most applications function properly without modification.

One of the popular NAT products of this type is ACT Software's NAT32, a shareware product that supports the sharing of both dial-up and cable modem connections with an entire network. You can download a trial version of NAT32 free of charge from http://www.nat32.com. Registration of the fully functional product is currently $47.

Windows 98, Second Edition (SE), includes an Internet Connection Sharing (ICS) feature that uses NAT also. Installing ICS adds additional adapter and protocol modules to the network configuration of a Windows 98 machine, making it into an IP router. The router connects to the Internet using a standard Dial-up Networking profile and relays traffic to and from the Internet for the whole network.

The program also creates a floppy disk that you use to configure the other workstations on your network to use the router for their Internet access. ICS includes a DHCP server that assigns unregistered IP addresses to your workstations, eliminating the need for manual TCP/IP client configuration.

A proxy server is a piece of software that, like a NAT product, provides network users with access to the Internet by relaying requests and responses between the internal network and the Internet. The difference between a proxy server and NAT is that the proxy server operates at the upper layer in the protocol stack while NAT operates at the network transport layer.

Because it operates at a lower level, NAT functions as a true router that forwards any and all IP traffic destined for other networks (such as the Internet) out the dial-up connection. Proxy servers work only with specific applications on client systems that have been configured to use them. However, for the purposes of connecting a small network to the Internet, the end result is the same.

To use a proxy server, each client application that requires Internet access must be configured with the IP address of the proxy server. When an application requests Internet access, in the form of a web browser's URL for example, the request is sent to the proxy server instead of being routed directly to the Internet. The server then transmits the same request using its own client and IP address as though it was the system originating it. On receiving the reply from the Internet server, the proxy transmits it to the client on the network.

Some proxy servers cache the data they receive from the Internet servers, so that they can supply it to any local client very rapidly in the case of a duplicate request. Proxy server products can also make it possible for administrators to monitor and filter the traffic as it passes through the server, in order to prevent users from accessing certain sites, track internet usage, and limit the times during which users can access the Internet.

Because a proxy server acts as an interface between the local network and the Internet, it is the ideal place to implement a firewall. Many of the products intended for use on small networks contain features that protect the internal systems from Internet intruders. By examining the incoming traffic from the Internet, the server can determine if the system that originated the traffic should be permitted access to the network. For example, a packet sent to a network workstation by an Internet web server in response to a request made by that workstation will be admitted, while unsolicited packets from outside sources will not.

It is important to note that many of the proxy server products on the market, such as Microsoft Proxy Server, for example, are intended for use on large networks that primarily want to exercise some control over their users' access to the Internet and/or improve performance by caching commonly accessed web sites. You can usually tell these products by their prices, which can easily reach $1000 or more. There are, however, some proxy servers that are specifically designed to be small network Internet access solutions, such as Deerfield Communications' WinGate.

WinGate is a shareware proxy server product with a large array of features that is available in three versions, called Home, Standard, and Pro, that are intended for the needs of various types of networks. The Home version provides basic Internet access for up to six workstations, while the Standard version adds proxy caching, and the Pro version has auditing features designed for use on larger business networks. WinGate pricing is determined by the number of users; a six-user license is $69.95 for the Home version, $139.95 for Standard, and $299.95 for Pro, with larger numbers of users priced accordingly. You can download a trial version of WinGate at http://www.wingate.com.

Although, using one of your PCs as an Internet router does not appreciably diminish its usefulness as a workstation, it is possible to connect your network to the Internet using a standalone device that hosts a dial-up connection and functions as a router. Several manufacturers, such as Intel, are now marketing low-cost devices of this type that are intended for use on home and small business networks.

The Intel InBusiness Internet Station, for example, is a small device that you connect to your Ethernet hub and a standard analog or ISDN modem. When you run the included software from a workstation, the program contacts the device (which has its own IP address) and launches the web browser installed on the workstation. The Internet Station contains an embedded web server that displays the device's configuration and status screens. After auto-detecting the modem, the web pages prompt you for the phone number, user name, and password of your ISP account. Once it's configured, the device connects to your ISP and is ready to route data to the Internet.

One big advantage of the Intel Internet Station is that it automatically configures your network workstations with the IP addresses and other TCP/IP configuration settings needed to communicate with the Internet, using an embedded DHCP server. The device also includes a DNS server, that enables your workstations to resolve DNS names into IP addresses without sending client traffic over the dial-up connection.

The Internet station uses NAT to protect your network from intruders by assigning unregistered IP addresses to your local systems and modifying the outgoing packets to appear as though they came from the IP address assigned by your ISP. Since the device is not connected to any one system, you won't ever have to interrupt your network's Internet access by rebooting the computer that functions as a router. You can configure the device and check its status from any workstation on the network, using its web interface.

Also, the Internet Station includes dial-on-demand, in the form of an adjustable timeout feature that disconnects from the ISP after a designated period of inactivity and automatically redials when the next Internet access request comes in. This enables you to use a standard, low-cost dial-up account for your whole network's Internet access, if you wish.

The Intel Internet Station is an excellent solution to the connection-sharing problem, but is the most expensive of the products described here. The device is essentially a self-contained computer in a single box, and as such it has the price of a small computer: $400 to $500. This may be a bit steep for a home network, but for a business that relies on its Internet access it's a worthwhile investment.

Any one of the products examined here will provide an adequate Internet connection-sharing solution for a small network. All three provide many of the same features, including dial-on-demand, support for unregistered IP addresses, and automatic assignment of IP addresses using DHCP. In addition, all three have installation programs that enable you to set up a shared Internet connection quickly and easily, even without any knowledge of routing and networking.

Generally speaking, however, NAT provides a more efficient solution than a proxy server, because it operates at a lower layer of the protocol stack and requires less processing from the server. NAT also requires no reconfiguration of the client applications on the network systems. Most proxy servers require that you configure each application individually, although the latest version of WinGate includes a client program that enables all of the applications on the system to automatically locate the proxy server.

When you evaluate connection sharing solutions, be sure that the product you choose supports your connection type. NAT32 and WinGate, for example, support any type of connection that uses Windows 98 Dial-up Networking, including standard telephone, ISDN, and xDSL connections, as well as cable modems. The Intel Internet Station supports only standard asynchronous and ISDN modem connections, since it does not include an interface for the NIC that is required to use a cable modem.

Once you have a connection to the Internet and have installed a router on your network, either in the form of a software program on a PC or a standalone device, you must configure your client workstations to access the Internet using the router. In the case of conventional routers and NAT servers, basic access to the Internet is provided by specifying the correct address on the Gateway page of the TCP/IP Properties dialog box in the Windows 98 Networking Control Panel (see Figure 10-3).

The Default Gateway field specifies the address of the router that the system will use to access all destinations other than those on the local network. Depending on the product you use to share your Internet connection, the default gateway address may just be the IP address of the computer functioning as the router or it may be a special address created by the router software for that specific purpose. For example, NAT32, by default, creates an address on your network with a host identifier of 100 for use as the default gateway address. Thus, if your network address is 192.168.2 0, the default gateway address for all of your workstations should be 192.168.2.100.

The Intel Internet Station works differently in that it assumes that the systems on your network do not yet have IP addresses. By default, the router device is assigned the IP address 192.168. 42.254 and its DHCP server is configured to assign addresses ranging from 192.168.42.1 to 192.168.42.127. When you run the setup program on each of your workstations, it configures Windows 98's TCP/IP client to automatically receive an IP address from the DHCP server along with other parameters, including the appropriate default gateway address.

To resolve a URL into an IP address, your computer sends a message containing the URL to the DNS server address you have specified in the DNS Configuration page of the TCP/IP Properties dialog box (see Figure 10-4). The Domain Name System is essentially a database of computer names and IP addresses that is distributed on servers all over the Internet. When your designated DNS server receives a request from your machine, it checks its internal database for the name and, if it doesn't find it, forwards the request to another database server. Ultimately, the request may end up at the DNS server for the owner of the name, which responds with the equivalent IP address that is eventually relayed back to your computer. All of this (usually) takes place in the course of a few seconds before your computer even generates the request message that will be sent to the web server identified by the URL.

Your ISP supplies the DNS server your computer needs to access the Internet. When you use Dial-up Networking to connect to the ISP's server, it assigns configuration parameters to your machine, including the IP address for the dial-up interface and the addresses of one or two DNS servers (the second of which is used as an alternate should the first server fail).

Thus, if you use a computer as a router, the DNS addresses on that machine will be configured automatically when it connects to your ISP. The same is not necessarily true for the other systems sharing its connection, however. These systems have no direct communication with your ISP, so you usually must configure them with the appropriate DNS server addresses yourself.

In some cases, manual configuration of the DNS server addresses on each machine individually may not be necessary. When the router uses DHCP to assign IP addresses to the network's workstations, it can configure the DNS server addresses as well. The setup software for the Intel Internet Station, for example, prompts you for the DNS server addresses while configuring the device, and then assigns those addresses to the workstations using its own DHCP server. In the case of the Internet Station, however, you do not have to use your ISP's DNS servers. The device itself contains an embedded DNS server that it will use when you don't supply addresses for others.

When you use a proxy server to provide your network users with Internet access, the applications on each workstation that will access the Internet must be configured to use that proxy server. Most web browsers, FTP clients, and other Internet applications support the use of a proxy server, and proxy server products usually support a wide range of applications.

For a web browser, the process usually consists only of specifying the IP address of the proxy server in a configuration dialog box. In Internet Explorer 4, for example, the Connection page in the Internet Options dialog box (accessed by selecting Options from the View menu) enables you to specify a single proxy server address and port number for all of the browser's functions (see Figure 10-6). If you have an Intranet server on your local network, you must fill the Bypass Proxy Server for Local (Intranet) Addresses checkbox so that requests to that server are not passed to the router, but are delivered directly to your network's web server instead.

Clicking the Advanced button produces the Proxy Settings dialog box shown in Figure 10-7. Here, you can configure different addresses and/or ports for each of the functions commonly performed by a web browser. However, most of the proxy server products designed to provide Internet access to small networks function as proxies for all of the standard applications, including web browsers, FTP, and e-mail clients, and do not require individual protocol configuration.

Netscape Navigator has the same type of proxy configuration capability as Internet Explorer, but other types of Internet applications might treat things differently. FTP clients may refer to the proxy server as a firewall, or may not support proxies at all. E-mail clients typically do not have configuration settings specifically for proxy servers, but since you have to configure the client with the IP addresses of your SMTP and POP3 servers anyway, you can use the IP address of the proxy server for these settings.

The process of configuring applications to use a proxy server is not difficult, but performing the operation for several applications on every computer on your network is time-consuming and tedious. WinGate's client program eliminates the need for this manual configuration by enabling the systems to locate the proxy server on the network using a Gateway Discovery Protocol. Once it has discovered the server's address, the client uses the Winsock Redirector Protocol to reroute te transmissions destined for the Internet to the proxy server. Implementing these protocols still requires that you execute an installation program on every system, but the procedure is easier than configuring several different applications per machine.