 |
Connecting your LAN to the Internet
By: Walter Metcalf
Date: 3 May 2000
In a previous article in this series, Building Your Network, Part 1,
we examined how to configure workstations on a LAN, and promised that we would deal with the Gateway in a future
article. That time has now come. First, however, we should briefly define a few basic terms.
Terminology
- LAN/WAN
The LAN (local area network) or WAN (wide area network) is a closed system. Communication within the
LAN (or WAN) is often handled by NETBIOS because of its greater power. By closed, I mean it is controlled
entirely by the Network Administrator and normally there is no access to computers outside the LAN.
1 In particular workstations on a LAN have no access to the world at large.
- Gateway
The Gateway is the name given to the workstation on a LAN that is also connected to the Internet. (A Gateway computer
is also commonly called a router, but technically "Gateway" is the more accurate, and less confusing, term.)
2 The Gateway computer also contains the firewall and filtering software. The
Gateway, then, serves two vital functions: it provides workstations on the LAN with access to the Internet and
thereby the world at large, AND if properly configured it protects the workstations from illegal accesses by
hackers and other unauthorized software and/or personnel.
- Firewall
Here's the definition of "Firewall" according to the InJoy Firewall
Reference Manual:
In fact, a firewall is a conceptual object rather than a specific software or hardware product. It is the
concept of rejecting all traffic except that which is specifically allowed. It should allow the
administrator of the firewall to control all traffic into and out of a network.
In other words the firewall is the armed guard at the Gateway to the LAN.
Firewall Components
- Rule Based Access Control
Here a set of Rules defined by the Network Administrator is recorded in a file. Every time a
connection is attempted (incoming or outgoing), the firewall software checks the Rules file to
see if the connection is allowed. If it is not, the firewall closes the connection.
- Network Address Translation (NAT)
Simply stated, the firewall uses NAT to hide the internal workstation addresses, and to re-address
all outgoing messages from workstations on the LAN by replacing internal IP addresses with the
external IP address of the Gateway.
- Packet Filtering
Packet Filtering operates closest to the hardware, and allows individual packets to be
selectively discarded based on predetermined criteria. In InJoy Firewall, Packet Filtering operates
on raw packets.
The Injoy Firewall package used for the purposes of this series contains other specialized
security protocols relating to tunneling and virtual private networks that I will not discuss here.
- Router
As used here, router is simply the device (hardware and/or software) that performs the switching
between networks, in particular, as in our case, between a LAN and the Internet. (See the
Lucent Communication Glossary for more information.)
- Hostname
Hostname is the alphanumeric (e.g. os2.about.com) name of the server to which a computer is connected
by means of an Internet dial-up, ethernet LAN connection, ISDN connection, etc.
- IP Address
The numeric address (e.g. 206.41.16.82) that identifies a computer on the Internet.
- Nameserver
A server containing a database of IP addresses and their alphanumeric equivalents and lookup
software that remote computers can use to convert the latter into the former.
TCP/IP Notebook
The next major step to is configure the TCP/IP Configuration notebook, located in the System Setup folder,
which in turn is located in the OS/2 System folder.
TCP/IP Configuration (LAN) - 1
|
Network Tab
|
|
Lan Interface 0
|
|
|
Enable Interface
|
Checked
|
|
Automatic DHCP
|
Unchecked
|
|
Manually, using
|
Checked
|
|
IP Address
|
24.114.210.158
|
|
Subnet Mask
|
255.255.255.128
|
|
Lan Interface 1
|
|
|
Enable Interface
|
Checked
|
|
Automatic DHCP
|
Unchecked
|
|
Manually, using
|
Checked
|
|
IP Address
|
192.168.1.1
|
|
Subnet Mask
|
255.255.255.0
|
|
Loopback Interface
|
|
|
Enable Interface
|
Unchecked
|
|
IP Address
|
127.0.0.1
|
|
Subnet Mask
|
|
Notes
- The interface number corresponds with the slot number of the adapter card (NIC). From my
experience it appears that the Internet "automagically" grabs interface 0 when you are
installing the drivers and corresponding network software.
- The LAN interface 0 IP Address and Subnet Address are examples only. You must use the
data you are given by your Internet Provider.
- This is the Gateway, and is configured with two LAN cards.3
Therefore it must have two LAN interface pages configured, one for each LAN card.
- The second interface is on the LAN side of the Gateway and is configured exactly like a workstation
with a Class B local address, in this case, 192.168.1.1. Note: This address must be the same
as the address specified as the Router in each of the other Workstations on your LAN.
(See the Building Your Network, Part 1
in this series.)
Next page
> Routing
> Page
1, 2
—Walter Metcalf
Next week: Installing and setting up the Firewall
Notes
1 Exceptions to this general statements are provided by specialized technologies such as Virtual Private Networks (VPN) and Tunneling. For more information see Tunnel/2.
2 For definitions of each see the Lucent Glossary.
3 In the 'Getting Started' manual for InJoy Firewall, Jensen describes both a 1 LAN adapter and multiple LAN adapter installations. He describes the scenarios under which a 1 LAN adapter setup would be acceptable, and those under which a multiple adapter setup is advised. Since the extra cost of a multiple adapter setup is minimal--little more than the cost of an adapter--and provides substantially better protection, I have chosen to present only that setup. If you wish more information on the single-adapter setup, you can download the demo version of InJoy Firewall and examine the aforementioned documentation.
Unless otherwise noted, all content on this site is Copyright © 2004, VOICE
|
|
