Windows XP: The Complete Reference: Connecting Your LAN to the Internet

Site hosted by Angelfire.com: Build your free website today!

Chapter 30: Connecting Your LAN to the Internet

How Can You Connect a LAN to the Internet?

When a computer communicates with other computers on the Internet, it sends messages in the TCP/IP protocol addressed to the other computers using their numeric IP (Internet Protocol) addresses. To share an Internet connection, the computers on your LAN must be able to communicate with TCP/IP. The computers can also communicate on the LAN with another protocol (for example, a LAN might use NetBEUI for file and printer sharing on the LAN and TCP/IP for Internet Connection Sharing).
The device or program that connects your LAN to the Internet acts as a gateway, passing messages between the computers on the LAN and computers on the Internet, and possibly controlling what types of information can pass.

What Does a Gateway Do?

An Internet gateway can perform the following tasks:

Translating between the IP address on the LAN and the IP addresses on the Internet Computers on a LAN usually use private, LAN-only IP addresses, frequently assigned by a DHCP server on the LAN. Computers on the Internet use publicly visible IP addresses that are usually assigned by your ISP. A gateway accepts packets (messages) from the LAN, strips off the private IP address, substitutes its own ISP-supplied IP address, and passes the packet along to the Internet. When replies return, the gateway passes the replies back to the computer that made the request. To the rest of the Internet, all packets from the LAN appear to be from the gateway, so no information leaks out about the individual systems on your LAN. This service is called Network Address Translation (NAT). All gateways to networks that use private addresses must perform this task.
Controlling the types of information that can flow between the Internet and your LAN The gateway, for example, can prevent telnet sessions (remote terminal sessions, described in the section "Logging in to Other Computers Using Telnet" in Chapter 28) from coming in from the Internet or prevent chat sessions from going in either direction between the LAN and the Internet.
Caching The gateway can store information that has been requested from the Internet so that if a user requests the same information, the gateway can provide it without having to get it from the Internet again.
Logging usage of the Internet The gateway can log all packets that pass between the LAN and the Internet so you can have a record of who has access to your LAN from the Internet and what Internet services your LAN users have used.

Some gateway software (like ICS) provides only address translation. Other gateway programs, called proxy servers, provide address translation, caching, and logging. If the proxy server also provides security, controlling what information can pass between the LAN and the Internet, it's called a firewall.

Devices That Can Act as Gateways

Three kinds of devices are commonly used as gateways, connecting LANs to the Internet:

Routers A "black box" that connects to your LAN hub or switch and to a phone line (dial-up, ISDN line, DSL line, or cable modem connection). Firewall software is built into the router. All you have to do is cable it to your LAN, connect your phone line or cable modem, plug it into power, and your LAN is on the Internet. Routers can be the simplest and most effective way to connect your LAN to the Internet. You connect your Internet connection (phone line or cable Internet cable) to the router, and run a LAN cable from the router to the LAN's hub or switch.
UNIX or Linux systems Because the Internet was built on UNIX systems, lots of excellent TCP/IP communication software comes with most UNIX and Linux systems. Many "black box" routers are actually computers running UNIX or Linux, but you can set up your own for less money. You can run a wide variety of firewall software, as well as Web server, POP (e-mail) server, or other Internet server software on the UNIX or Linux system. The UNIX or Linux system needs two connections: an Internet connection (phone line or cable Internet cable) and a LAN connection (cable to the LAN's hub or switch).
Windows systems running proxy server software A Windows XP, Me, 98, 2000, or NT 4 system can act as a router, running a gateway program. The Windows system connects to the Internet over a phone line or cable connection, and the gateway program provides the IP address translation. If you run proxy server or firewall programs, the Windows system also provides security: Windows XP comes with a built-in firewall.

Software and Hardware for a Windows-Based Gateway

If you use a Windows system running NAT (Network Address Translation), proxy server, or firewall software, the system has two connections: one to the LAN (using a network interface card) and the other to the Internet (using a modem for dial-up or another network interface card or USB port for DSL or cable Internet connection).

Even though DSL and cable Internet connections use the same cabling as a LAN (RJ45 Category-5 cable), don't plug the DSL or cable Internet cable into your LAN's hub or switch. The DSL or cable Internet must connect to a PC or router so that you have a gateway between the Internet and the LAN. (Connecting the modem to the hub is possible, but tricky and prone to error.)

Windows XP comes with Internet Connection Sharing, which is easy to install and set up. Several Windows-based proxy server programs have been available for years, including SyGate (at http://www.sygate.com), WinGate (at http://wingate.deerfield.com), and WinProxy (at http://www.winproxy.com). All three of these programs have downloadable versions that you can try before buying. You install the proxy server program on the computer that is connected to the Internet and a matching client program on each of the other computers on the LAN. When the user of any computer on the LAN wants to check e-mail or browse the Web, the computer running the proxy server program connects to the Internet (if it's not already connected) and passes data from the user's computer to and from the Internet.

Test the security of your LAN's Internet connection by going to the Gibson Research Corporation's Web site at http://grc.com. Follow the links to their Shields UP! service, which can check how vulnerable your computer is to attack or data theft from the Internet.