HOME NETWORKING / INTERNET CONNECTION SHARING With computers getting cheaper and cheaper these days, it is not uncommon for a household to have more than one PC. If that describes you, then you have probably found yourself in the situation where you wished you could access the other PC to retrieve a file, use the printer attached to the other PC, play multi-player computer games, or most importantly share your broadband Internet access such as cable or DSL modem with the other PC. To accomplish this all you need is a home network where you connect two or more PCs. There are several ways of doing this with the main difference being cost, security, and reliability. Let's first look at the different scenarios. Your current setup Most likely, your current configuration looks like this: Your cable/DSL modem plugs straight into the computer. The computer is exposed to the public Internet (indicated by the color red). There is no connection for more than one computer. You only have one IP address from your ISP. Option #1: Multiple IP addresses An easy way of getting the second PC online is to install a network card in it, buy a hub, plug both PCs and the cable/DSL modem into the hub, call your ISP and get a second IP address and configure the second PC accordingly. It is what your ISP most likely will try to talk you into doing. Advantages: - the two PCs are independent from each other - relatively easy setup Disadvantages: - Both PCs are exposed to public Internet - Enabling file sharing adds security risk - Higher monthly ISP cost for additional IP addresses Option #2: Internet Connection Sharing via Software In this scenario, you install a second network card in the computer that is connected to the Internet, install a network card in the second PC, connect them via a CAT5 cable. You configure the connection between PC 1 and PC 2 as a private network, then install and configure Internet Connection Sharing software (ICS) on PC 1, lastly configure PC 2 to access the Internet via PC 1. Probably the cheapest solutions of them all, but also the least reliable one. Advantages: - cheap, only requires 2 network cards and Cat5 cable - ICS software is available for free with newer versions of Windows or online as freeware - No additional ISP cost Disadvantages: - One PC is exposed to public Internet - Can be difficult to configure - If PC 1 is shut down or broken, PC 2 cannot get online - Can be unreliable - Limited number of PCs Option #3: Using a hardware router/gateway/firewall device In this scenario, you install a hardware router/gateway/firewall device, connect the public side to your cable/DSL modem, connect the private side to a hub, connect all PCs to the hub, configure all PCs for your private network. While the costliest solution, by far the safest, most reliable, and most scalable one. Highly recommended. Advantages: - All PCs are protected by firewall (indicated by the color green) - File sharing between PCs is safe - No additional ISP cost - Connect many PCs to home network without additional cost - Easy PC configuration due to DHCP server in gateway device - Optional additional functionality with gateway-integrated wireless access point, print server, DMZ, content filtering, and more Disadvantages: - Can cost several hundred dollars depending on gateway device and features - Somewhat of a learning curve As you have probably figured out by now, option #3 is the most desirable solution because it gives you a protected private network, it is a very stable solution, it is easily and extremely expandable, and it gives you the most features. Note: This article assumes that your cable/DSL modem uses an Ethernet connection, NOT a USB connection because it will eliminate options #1 and #3. If your ISP gives you a choice, insist on getting the modem with an Ethernet connection. Note: There are other options available such as turning an old 486 or Pentium system into a gateway using a Linux-based configuration like Smoothwall - http://www.smoothwall.org, or Coyote Linux - http://www.dalantech.com/ubbthreads/showflat.php?Cat=&Board=unix&Number=32928 but this requires advanced knowledge and is outside the scope of this article, which is aimed at the typical Windows running home user. For the rest of this article, we will focus on setting up your home network as described in option #3. What you need Gateway device - There are a number of different devices available from several companies. Check out the following web sites for some popular possibilities: D-Link - http://www.dlink.com Netgear - http://www.netgear.com Linksys - http://www.linksys.com SMC - http://www.smc.com Gateways have a number of basic features in common, such as NAT (network address translation, translates your public IP to the private IP addresses on your network), built-in DHCP server (automatically hands out network configuration information to each PC), PPPoE (required by some ISP to log on, usually for DSL), and stateful packet inspection (inspects each network packet). Stay away from any gateway without one of these features. More advanced gateways offer additional integrated features, such as - wireless access point (allows wireless roaming from computers with a wireless network card) - print server (share a printer with all machines on the network) - VPN (connect to your company network via VPN) - multi-port switch (saves you the purchase of a hub provided the number of PCs is equal or less the number of ports) - DMZ (make one PC available to the Internet but still protect it through the firewall - Content filtering (monitor and regulate Internet content) Before making your purchase think about which features you need and which you don't care about. Compare models by features, check out reviews online, and finally compare prices online to find the best deal for you. Note: The web sites listed above carry affordable products for the home user. If you're looking for something more advanced and are willing to spend the money, then visit Symantec - http://enterprisesecurity.symantec.com, SonicWALL - http://www.sonicwall.com, Cisco - http://www.cisco.com, or Sun - http://www.sun.com Hub/Switch - Unless your gateway already comes with an integrated hub or switch, you'll need to purchase a hub or switch. If you're planning to set up a small home network with just a few PCs, a hub will work fine. The main things to look at when purchasing is to make sure you get a dual-speed hub or switch, meaning it supports both 10MB and 100MB network speed, as well as ensuring you get enough ports. Always get a few more ports than you think you need for possible future expansion. Check out the following web sites for some popular possibilities: D-Link - http://www.dlink.com Netgear - http://www.netgear.com Linksys - http://www.linksys.com SMC - http://www.smc.com Network Cards - Each PC on your network needs a network card. For under USD20 you can buy a decent 10/100MB PCI network card. Check out the following web sites for some popular possibilities: D-Link - http://www.dlink.com Netgear - http://www.netgear.com Linksys - http://www.linksys.com SMC - http://www.smc.com Follow the instructions that came with the card to install it. Tip: Instead of using the driver that came in the box, go to the manufacturer's web site and download the latest driver. Cat5 cable - You'll need several pieces of Cat5 cable. The example pictured above requires 5 cables: One from each of the three PCs to the hub, one from the hub to the gateway, one from the gateway to the cable modem. The cable most commonly used for networking is referred to as Cat 5 cable. Every decent computer store will sell you as much Cat 5 cable as you need by the foot. The cable should have a RJ-45 connector on each end, which looks like a phone jack just a little wider. Be sure to get plenty of cable, it is very easy to underestimate the length you need. Alternatively, you can make your own Cat5 cable by following our tutorial: http://www.pcnineoneone.com/howto/cat5diy1.html. Hardware Installation This is the desired network configuration: Once you have all the pieces, start the physical setup part. Install a network card in each PC following the included instructions. Make sure that each card shows up properly in the device manager without any conflicts. Use appropriate lengths of Cat5 cable to connect each PC to the hub or switch. When running the cable, be careful and place it where nobody can trip over it. Make sure it doesn't have any sharp bends or kinks, which could cause breakage. If you have to run cable through walls, avoid serious injury inflicted by your spouse or landlord - please do not break 5 inch holes at eye-height in the middle of the wall. Use Cat5 to connect the uplink port of your hub or switch to the LAN port of your gateway device. Pay attention to the link light on the hub/switch. If it doesn't light up, use the button to switch the uplink port or use a crossover-type cable instead as explained in the Cat5 tutorial. Lastly, connect the WAN port of the gateway to your cable/DSL modem. That should be all the physical work involved. Now you need to configure each PC. Gateway Configuration Please take the time to read the manual for your gateway carefully so you learn to configure it properly. Don't be overwhelmed at the beginning, it's not as bad as it may seem. The main thing to understand is that the gateway has two sides: The WAN side (Wide Area Network) connects to your cable/DSL modem and therefore to the Internet via your ISP. The LAN side (Local Area Network) connects to your private network via the hub or switch. The main task of the gateway is to route the proper traffic from PCs on the LAN to the Internet and back, but drop any unauthorized traffic. You first configure the public / WAN side of the gateway by entering the IP information your ISP gave you. This usually includes an IP address, subnet mask, DNS server(s), gateway IP, and possibly host name. Alternatively, if your ISP uses PPPoE, you simply enable PPPoE in your gateway, enter the user name and password your ISP gave you, and it will pick up these settings automatically. To configure the private / LAN side of the gateway, you should enable DHCP. This feature automatically serves each PC on your LAN the information it needs to configure itself to participate on the network. Read the instructions carefully so you understand better how it works, and you'll get the hang of it quickly. Software Configuration The last step is to configure each PC to see and be seen on the network. Go to the Control Panel and open the Network Connections dialog, then right-click on the Local Area Connection and select Properties (Windows 9x/ME users: Start / Settings / Control Panel / Network). Verify that you have these components installed. Use the Install / Uninstall buttons to add missing or remove superfluous components (Windows 9x/ME users: Add / Remove buttons). On a small home network, it can be helpful to install the NetBEUI protocol. In Windows 9x, ME, and 2000 you can install it as follows: Click the Add button, select Protocol, click Add, select Microsoft, highlight NetBEUI and click OK until you're back to the Network Properties dialog box. Don't close this box until after the very last step. In Windows XP, installing NetBEUI is a little bit more difficult. Insert your XP CD, then use Windows Explorer to browse to the directory X:\VALUEADD\MSFT\NET\NETBEUI where X is the drive letter for your CD-ROM drive. Open the file NetBEUI.txt in Notepad and follow the instructions to add NetBEUI support. While you're here, make sure that the TCP/IP protocol is configured properly. There are two ways to do so: You can manually configure each PC by entering an IP address, gateway, DNS, etc. which gets really old really quickly. Since your gateway device has a DHCP server which hands out all this information automatically to each PC, you can configure TCP/IP to use DHCP instead. Highlight the TCP/IP entry and click Properties. If you see multiple TCP/IP entries, be sure to select the one for the network card, not the one for your Dial-up adapter. Go to the General tab, and select Obtain an IP address automatically. Now you can close the TCP/IP and Local Area Connection Properties window since that's all we have to do here. Now you need to configure the computer name and workgroup. Open Windows Explorer, right-click on My Computer, select Properties, select the Computer Name tab, then click the Change button. Enter a unique name for each PC, the choice of name is up to you. Name them after the 3 stooges, the seven dwarfs, your favorite baseball players, whatever. Then enter a workgroup name. This one needs to be the same on each PC. If you can't think of one, use the word Network, or Workgroup, or Home. Windows 9x/ME users: Start / Settings / Control Panel / Network / Identification In order to see other PCs on the network and access the drives on the other PCs, you first need to enable File Sharing, which is simple. In Windows Explorer, right-click on the drive or folder you want to share on the network, select Sharing, and specify how you want to share the resource. To share printers, you need to enable sharing as well. Go to the Control Panel and open the Printers and Faxes dialog, then right- click the printer you want to share, and select Sharing, and specify how you want to share the printer (Windows 9x/ME users: Start / Settings / Printers). After configuring each PC and performing the necessary reboot, you should reboot each PC again after each one has been configured. Then launch the Windows Explorer on each PC and check out the Network Neighborhood icon at the bottom. If everything went right, you should now see underneath Network Neighborhood an icon for the Entire Network and then the name of each PC on your network. If you open the Entire Network, you should see the name of your workgroup which contains again all PCs on the network. That's it. You're done. Now you can share files and printers over your new home network, and surf the web from each PC on your local network. Testing the firewall You can now test your firewall to make sure your private network is protected from unauthorized outside access by using an online firewall test such as Steve Gibson's Shield's Up! - http://grc.com, Sygate Online Services - http://scan.sygatetech.com/, or Remote Security tester - http://www.mycgiserver.com/~kalish/. Ideally, all tests should report that your gateway is in stealth mode, meaning to the outside world there is no visible host. Outbound Traffic The gateway firewall will protect you from unauthorized access from the outside world, meaning it will stop anybody trying to gain unauthorized access to your home network from the outside. However, it will not prevent unauthorized traffic to the Internet, meaning it will not stop a trojan or spyware on your PC from making an outbound connection. To protect yourself from such unwanted network traffic, you should install a software firewall that monitors outbound traffic. The best ones in this category are also free for personal / home use. Check out Zone Alarm - http://www.zonelabs.com, and Kerio - http://www.kerio.com. You can test your software firewall against such "leakage" by running a leak test such as Steve Gibson's LeakTest - http://grc.com/lt/leaktest.htm or YALTA - http://www.soft4ever.com/security_test/En/. Additional Bonus Features As mentioned before, depending on what gateway you ended up purchasing you might have some bonus features. DMZ - Short for DeMilitarized Zone. It allows you to place a PC on the public Internet, but still protect it and control access to it through the firewall. This can be handy if you want to run any type of server, e.g. game server, FTP server, or web server (check with your ISP whether this is permitted). Print server - Instead of sharing your printer from the PC it is connected to, which requires that PC to be always on, you connect the printer to the gateway to share it on your LAN. Wireless access - If your gateway comes with a built-in wireless access point (WAP), you can equip a PC or a laptop with a wireless network card and roam around the house without a Cat5 cable. Content filtering - Content filtering allows you to monitor and control what Internet content can be accessed from your LAN, enabling you to blacklist certain keywords and/or websites. VPN - Virtual Private Networking allows you to establish a secure encrypted tunnel over the Internet to another network, e.g. your company's LAN, enabling you to access company resources remotely from home. Check with the company network administrator for details on setting up a VPN connection. Conclusion A secure home network with Internet Connection Sharing is not that difficult to set up. The benefits of greatly improved security, savings by sharing your Internet connection, and convenience of accessing resources across the LAN make it more than worth the effort and the relatively modest investment. Last but not least, you are bound to learn a bit about networking and security in the process. http://www.PCNineOneOne.com