homecomputeraid Posted October 17, 2004 Report Share Posted October 17, 2004 Ok, my fingers have healed from all that typing for Part 1 yesterday. I'm back for another round.There are VOLUMES of information about TCP/IP available on the Internet. My goal here is to give you what you'll need to setup a home network.There's an introduction to TCP/IP, then I explain some of the hardware and software you'll need to do what you want safely on the Web. I'll also cover DHCP, and why I recommend using it.In Part 3 (not yet written), I'll cover Sharing Resources on a Microsoft Network.Networking behind the scenesWhen you browse to a web site like http://www.windowsforum.org, what really happens? First, your computer resolves the name using the Domain Name System (DNS) and finds out the IP Address is [209.67.217.28]. Once it finds the IP Address, it will know whether the server is local, or on a remote network. After it knows the address, and knows it's on an external network, it sends a message to Windowsforum's Server asking for the home page. The Server sends a reply, and poof! The page appears in your browser! :)Since your computer is exposed to the entire Internet, especially if you have DSL or Broadband, you should protect yourself with Hardware and Software Firewalls. I'll cover all of that below, but I'll begin with an explanation of TCP/IP and IP Addressing.Transmission Control Protocol/Internet Protocol (TCP/IP)TCP/IP is a suite of protocols that allow communication between computers, and between networks. A Protocol is nothing more than a set of standards. You can think of it like a language. If your native language is Japanese (Nihongo), you might have a hard time reading this site! (A lot of Japanese people read English well) :). To communicate effectively, we need a common language or Protocol.The primary part of TCP/IP I'll be focusing on is IP Addressing. What's an IP Address?I like to use an analogy I've seen used many other places. An IP Address is like a person's mailing address. The name, www.windowsforum.com is like the person or business name. The IP Address associated with that is like the Country/State/City/Street and House Number. The post office doesn't deliver mail to Ted LeRoy, it delivers it to 123xyz Oak Lane, Yourcity, NY 14612. Take a look at your IP Address.Windows 98/Me: Go to Start, Run, and type winipcfg. This brings up the IP Configuration window. You can see your IP Address, the Subnet Mask, and the Default Gateway.2000/XP: Go to Start, Run, and type cmd. This brings up a Command window. In the Command window, type ipconfig. You'll see the same information in text format.Parts of an IP AddressYou'll notice that your IP Address is broken into 4 parts separated by periods, for example, 192.168.1.50. The parts are called Octets, and their values can range from 0 to 255 in each part.How does the computer know which part is the Network (City/State, etc.) part, and which is the Host (house number) part? It uses the Subnet Mask to figure it out.I'll keep the discussion very simple. There are different ways to divide the network and host portions up (Subnetting), but I'll stick to the scheme you should use on your home network (assuming you have your own router) here. Here's the breakdown for your home network:192.168. 1. 50: IP Address255.255.255. 0: Subnet Mask192.168. 1. 50192.168.1 Network .50 HostIn this example, you're using a Class C Address Scheme.I strongly suggest you stick to the 192.168.1.x network unless you have a reason to change, and unless you know about Private Addressing. If you use Virtual Private Networking (VPN) to get into your business network, and your company uses a 192.168.1.x scheme, you may have to change your IP. I know of no other major reason to change it.If you need VPN help, please post a message and we'll get you working!Dynamic Host Configuration Protocol (DHCP)How do you know what IP Addresses are assigned, what ones are legal for your network, and how to configure your DNS information? You don't have to if you let your Router handle it by enabling DHCP on the Router and on your Computers. DHCP on the RouterMost home Routers have a web browser interface. Open your browser (Firefox? :) ) and in the Address dialogue, type 192.168.1.1. (If this doesn't work, check your Default Gateway Address in your IP Configuration. That's the address to put into your browser). Some kind of Router interface should open up. Look for a setting or tab that says DHCP. Make sure DHCP is enabled. You'll want to write down your DHCP Scope (that's the range of addresses that will be used for your PC's), and the DNS Servers. DHCP on the PC'sImportant! If you have configured your IP settings manually, you should write down all of these settings as they are, before making any changes. You may want to put them back temporarily if DHCP doesn't work.Windows 98/Me: Right click on Network Neighborhood on your desktop, and select Properties from the menu that comes up. Under the Configuration tab, scroll down to TCP/IP -> Your Network Adapter (your adapter name will be here). Highlight TCP/IP for your Network Adapter and click on Properties. In the TCP/IP Properties window, click on the IP Address tab and make sure Obtain IP Address Automatically is selected. Under the Wins Configuration tab, make sure Use DHCP for Wins Resolution is selected.Under the Gateway tab, there should be no installed Gateways. If there are, highlight and remove them.Under the DNS tab, remove any configured servers. You can leave your hostname, but all other fields should be blank.2000/XP: Click on Start, Control Panel. In Control Panel, click on Network & Internet Connections, then on Network Connections. (2000, just right click My Network Places on your desktop, then select Properties).Right Click on Local Area Connection and choose Properties. Make sure Obtain IP Address Automatically, and Obtain DNS Server Address Automatically are selected. Click Advanced and make sure there are no Gateways.That's it!Routing and FirewallsOk, you know your IP Address, you know what it means (kind of?), now what?A Router is like a local post office. If you're sending a letter to someone in your own town, the letter does not have to be sent to another town's post office, so it stays local. If it bears an outside address, it has to be "routed" to a different post office, and it is sent out.If you have only one computer and you connect directly to a Cable Modem, or DSL connection, your Internet Service Provider (ISP) has the Router.If you have a LAN, you'll need a Router (it should be a Firewall/Router, but more on that later). RoutersA Router has at least an Internal and External Port or Interface. Its only purpose is to take traffic from the Inside Port, and send it to the Outside Port if needed, and do the reverse for inbound traffic.To illustrate, your computer's browser request goes to the Router (Default Gateway). The Router sends the request to Routers across the Internet until they get to windowsforum's Server. Then the reverse happens to get the traffic back to you! Out: 192.168.1.50 --> 192.168.1.1 --> Internet Routers --> 209.67.217.28Back: 209.67.217.28 --> Internet Routers --> 192.168.1.1 --> 192.168.1.50Everything's wonderful, right? Not really. There's a little problem with connecting to the Internet. There are many people scanning your computer for vulnerabilities and trying to attack you every day! How do you stop them? A Firewall, of course!FirewallsFirewalls basically permit traffic from Inside to Outside, but block traffic from Outside to Inside, unless it's been requested from Inside. Kind of like a flapper valve, or backflow preventer in a pipe. Except that some traffic (that requested from inside) is permitted back in.For a Hardware Firewall, Inside means on your LAN, and Outside means on the Internet. For your PC, Inside means on your PC, and Outside means everything else. On both Hardware and Software Firewalls you should be able to permit traffic inbound when needed.Hardware FirewallsA Hardware Firewall, like this Linksys Firewall for $62.39, or this Netgear VPN Passthrough Firewall for $128.95 will be all you need. (Get a VPN Passthrough capable Firewall if you VPN into work).NAT vs. SPI?Let's say you're shopping for a Firewall, and you see that the box says "Built-in NAT technology acts as a firewall to protect your internal network." WRONG! It makes me angry when manufacturers take advantage of the public's lack of knowledge like that. Notice the tricky wording "acts as a firewall". To the average person, they'll think they're well protected. It doesn't say it is a firewall!Network Address Translation (NAT) (more accurately, Port Address Translation) is a normal procedure when you're using an internal network address scheme like the 192.168.1.0 Network so many home networks use. It is NOT designed to be a firewall. It can be overcome by sending fragmented packets, and may be spoofable. Stateful Packet Inspection (SPI) on the other hand, was a technology developed for use in Firewalls. It keeps track of the "state" of communications between your PC and the outside world. It is much more difficult to break through an SPI Firewall than a NAT Router. Bottom line, make sure you get a Firewall that does SPI!Software FirewallsGood news! There are some excellent Software Firewalls available for free! I'm listing two here, but there are more out there.Windows XP Service Pack 2 Firewall - Microsoft has made some progress with the built in XP Firewall. This one's configurable, in that you can let some traffic through from the outside for home networking. It still doesn't warn you about unknown outbound traffic though! That means you won't know if a Trojan, Virus, or Spyware is trying to get out, nor will you be able to block it.Zone Alarm - This version is free! They have pay versions, but the free one performs all the basic firewall functions you should need.Sygate Personal Firewall - Another free version by a company that makes more powerful pay versions too.Testing FirewallsTo test your Hardware Firewall, scan it from outside with Steve Gibson's Shield’s Up! scanner. It's fast and will tell you exactly what ports are insecure on your Firewall.To test your Software Firewall, download and run Steve Gibson's Leak Test. It simply simulates an application you haven't authorized trying to get to the Internet. You should get a warning that an application is trying to get to the Internet. You say no, and make sure the test program is blocked.Other Networking GearSwitches & HubsIf you buy any of the most popular home Firewalls, they have 4 to 8 Switch Ports built in. An in depth discussion of the difference isn't needed here. Just know that a Switch is a little better in some ways than a Hub, although the performance difference will be negligible for the home.If you need a Switch, you can find one like this Belkin 8-Port Switch for $59.99. CablingEthernet NIC's, Router's, Switches, and Hubs use Category 5 (or 5e) cabling. Just get some Cat 5e patch cables and you're all set! Cat 5e will allow you to go to Gigabit Ethernet if you want.Oh yeah, straight through, or crossover cables? It depends. For this discussion, we'll classify PC's and Routers as "smart" devices, and Switches and Hubs as "dumb" devices. Smart to Smart, or Dumb to Dumb, you need a crossover cable. Dumb to Smart or Smart to Dumb, you need a straight through. PC to Switch Port on your Router/Firewall (Your Router's doing triple duty here, it's a Router, a Firewall, and a Switch, all in one!), you'll use a straight through cable. You usually only have to worry about finding a crossover cable if you want to go straight from PC to PC, or if you want to plug a Switch into another Switch (and even Switch to Switch, many have an Uplink Port or a Crossover Button alleviating the need for a crossover cable). That concludes Part 2! I bet you thought it would never end! :)Please let me know what you thought!Sincerely, Quote Link to comment Share on other sites More sharing options...
nellie2 Posted October 18, 2004 Report Share Posted October 18, 2004 Thanks, excellent!! Quote Link to comment Share on other sites More sharing options...
-pops- Posted October 18, 2004 Report Share Posted October 18, 2004 That's really good.A lot of people (me included) are confused by anything to do with networking. This explains things clearly and in a way that I, at least, can follow easily. Yes, I have a wireless network but it operates more by luck and was set up by blind instruction following rather than me having the knowledge to get it working.Thanks :) :) Quote Link to comment Share on other sites More sharing options...
andsome Posted October 18, 2004 Report Share Posted October 18, 2004 As I don't have a network, this information will not help me. You have obviously worked extremely hard, and I have NO DOUBT that this information will be invaluable to those who do. WELL DONE. Quote Link to comment Share on other sites More sharing options...
homecomputeraid Posted October 22, 2004 Author Report Share Posted October 22, 2004 Thanks for all the wonderful compliments! :)I'm working on Part 3 this weekend.Sincerely,Ted LeRoyMCSE(NT/2000), CCNA, A+http://www.homecomputeraid.com Quote Link to comment Share on other sites More sharing options...
homecomputeraid Posted November 17, 2004 Author Report Share Posted November 17, 2004 Sorry for the delay in getting Part 3 out. I've had several busy weekends. :)Sincerely, Quote Link to comment Share on other sites More sharing options...
nellie2 Posted November 17, 2004 Report Share Posted November 17, 2004 No rush... but I'm looking forward to it! :) Quote Link to comment Share on other sites More sharing options...
homecomputeraid Posted December 12, 2004 Author Report Share Posted December 12, 2004 Still planning on a part 3. Any suggestions about what OS's? I was planning on demonstrating how to network a Windows 98 machine with a Windows XP machine over a small network with a Firewall/Router. Someone (RedHat?) sidetracked me with Ubuntu Linux. Now I'm trying to learn some Linux and find a free HTML Editor so I can update my web site. :) Quote Link to comment Share on other sites More sharing options...
scuzzman Posted December 20, 2004 Report Share Posted December 20, 2004 HCA: you may wanna look here for your HTML Editorhttp://www.it.iitb.ac.in/~sudhir/Linux/rul...in-soft-en.htmlThe ones listed here are:1) Netscape / Mozilla Composer.2) Openoffice HTML editor.3) Amaya.4) GINF (Ginf is not Frontpage) 5) IBM WebSphere Homepage Builder. [Prop]6) JXHTMLEDIT (Java).BTW: the networking tutorials are great! Keep'em coming (although there really isnt much more I could think to add, unless you wanna help me study for CCNA/CCNP :)) Quote Link to comment Share on other sites More sharing options...
scuzzman Posted December 20, 2004 Report Share Posted December 20, 2004 After thought: may wanna include some about Internet connection sharing (Windows) or IP Forwarding (Linux) Quote Link to comment Share on other sites More sharing options...
prctr Posted December 29, 2004 Report Share Posted December 29, 2004 Dear homecomputeraid, Thanks very much for all the valuable info. I am looking forward to Part III, and I'll toss out a specific request, the subject of which, no doubt, you'll examine at some point:Assume a wired network behind a router, connecting 4-5 PCs. Obviously, the router will assign IP addresses as needed. Now..............If, at one of the PCs, I were to attach a network switch (which will do something - I'm not sure what, to the IP address of anything plugged into that switch) how will I reassign or set-up the IP addresses for any component/peripheral that I want to share on the network? It seems that adding that switch "changes" the IP configuration so that devices connected to the switch are not "seen" by other parts of the network (those that are "before" the switch was added.Hope this makes sense. Everyone have a safe and pleasant New Year holiday. :D Quote Link to comment Share on other sites More sharing options...
homecomputeraid Posted December 29, 2004 Author Report Share Posted December 29, 2004 prctr,The switch should be transparent to the PC's that go through it to get to the Router. You'll want to make sure you use an "uplink" or "crossover" port on one of the switches, or a crossover Ethernet cable going between the switches though. For example, port 8 on the second switch may have a crossover button. This should be plugged into a switchport on the router. If you don't get a green link light when you plug in the cable, hit that crossover button and see if it comes up. Switches do not give out IP Addresses. I understand that you're plugging into a "switchport" on your router, but the router part is giving you your DHCP address. In corporate networks, that functionality is distinct for the most part. There would be a separate and distinct firewall, router, and switches. On a home network, you often have a router/switch/firewall all in one box. (As a side note, there's usually a separate DHCP Server too).So, if you plug your second switch into a switchport on your router/switch, the computers on the second switch should get their IP addresses just fine.Hope all this makes sense! If you need clarification, please post. :) Quote Link to comment Share on other sites More sharing options...
DdOs Posted October 29, 2007 Report Share Posted October 29, 2007 Hi I am really new to Widows Wireless networking... My desktop pc is having a bluetooth device and my laptop is having WI-FI.. can i connect these tow in any way?? or do I need to buy any other hardware (Such as Router) to make a W-LAN?? Please let me know!!!Thank You Very Much.. DdOs Quote Link to comment Share on other sites More sharing options...
lara Posted October 3, 2008 Report Share Posted October 3, 2008 HEy...on that the tcp/ip configuration using static ip is some thing usefull to on the part on before ..............Since your computer is exposed to the entire Internet, especially if you have DSL or Broadband, you should protect yourself with Hardware and Software Firewalls. -------------------------------------------Larasreevysh Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.