ADSL share - no ICS?

cybrosh · Jul 27, 2003

Hello,

I have a SpeedTouch ADSL Modem(Home), a 16 port 3com switch(10/100), and 3 computers begging for me to connect them all. Up until now, I've connected the ADSL Modem directly to my own machine(NIC)by using 1 nic, and a second nic to the switch. This way I can use my computer as the gateway(firewall protection, virtual 'routing')but it forces me using ICS! And what if I want my computer to be shut down? others won't be able to use the ADSL modem.

So I took the modem, connected it to the switch(Cross cable), and all the rest of computers(I know it's the classic way except for router - ADSL Modem ->Router->switch->computers)so my lan is now exposed but all the computers can access the modem.

Trouble is.........I need to use a VPN connection in order to log onto the internet - > again, forced to use ICS? I don't have a server at the moment, but I do plan on one - so I'll be able to use NAT or proxy(and it would always be on). Would a router help? (Except for firewall features, some NAT, DNS and DHCP, I don't think I really need one). What if I'm connected and want others to 'join the ride'?

**Can my modem get 'connected' and stay online all the time like Enter' or corp'/companies using backbone???

*Trying to avoid ICS....

Houman · Jul 27, 2003

Hi Mate,

The extremely simplest way of doing it (..and my prefered) would be a VPN Passthough router. it provides DHCP and NATs your three PCs so all can connect to the net. VPN your way to work with no problem and if you choose the Netgear FVS318 router, you can have 6 (i think) friends coming in to your place via IPsec VPN. Mesage me if you need more Info.

We have a resident Networking professional (Netman) who may want to add more.

Reg,

Houman

cybrosh · Jul 28, 2003

Heya Reg,

THanks for the help. My main concern is to use a 1 user single connection to connect everyone. I want the connection to be 'live' at all times so if one computer goes down, the others won't be affected.

*Is it possible to connect a wi-fi access point to a hub/switch, thus making it accessible to wi fi?
**if I'm getting a router, should it be wi-fi as well? the router is the 'firewall' between the adsl modem and the switch, should the wi-fi users connect through the router??? is it safe, or through the switch?

Houman said:
Hi Mate,

The extremely simplest way of doing it (..and my prefered) would be a VPN Passthough router. it provides DHCP and NATs your three PCs so all can connect to the net. VPN your way to work with no problem and if you choose the Netgear FVS318 router, you can have 6 (i think) friends coming in to your place via IPsec VPN. Mesage me if you need more Info.

We have a resident Networking professional (Netman) who may want to add more.

Reg,

Houman

Houman · Jul 28, 2003

My main concern is to use a 1 user single connection to connect everyone.

That's what the router does. 1 connection for everyone.

I want the connection to be 'live' at all times so if one computer goes down, the others won't be affected.

The good thing is you can install files and reboot any or all PCs without affecting anybody else on the network

Is it possible to connect a wi-fi access point to a hub/switch, thus making it accessible to wi fi?

Sure. Netgear MR314 does just that with VPN passthrough.

if I'm getting a router, should it be wi-fi as well?

If your place is secure enough, why not?

should the wi-fi users connect through the router???

There is no other way. And it is not fully safe no. packets can be 'sniffed' and security can be compromised.

Hope this helps. BTW, name is Houman

cybrosh · Jul 28, 2003

Sorry Houma,

Didn't think : Reg-Regards.

ADSL Modem->Gateway/Router->Switch->Computers

If I could get the switch to become wireless by adding an access point such as client bridge, logic says it would be more safe for the computers instead of connecting through wi-fi to the router and being 'exposed'. An extra level on the way...

Again mate, thanks for all the help.

LTR12101B · Jul 28, 2003

Just make sure that any extras you go for don't end up costing more than a combined ADSL modem/router/switch/wireless - the "do everything" devices tend to be cheaper than equivalent separates.

Amazed you got anything to work properly with the modem connected to your switch - that layout usually results in only one PC (first one to make the DHCP request) being able to connect ... unless your ISP service allows you multiple IP addresses.

cybrosh · Jul 28, 2003

It doesn't work like that

So don't be amazed.

That's my main concern, the first computer to use the vpn connection is the first one to use the DHCP. I want others to join up, and I don't want ICS nor Multiple IP - But the more I learn, it seems like I'll have to ask my ISP for multiple IP's.

LTR12101B · Jul 28, 2003

Just a vpn-capable router - or put the PC you want VPN from in the DMZ - and use a GOOD software firewall!

cybrosh · Jul 29, 2003

I think I'll just get a PPTP VPN pass through Gateway/Router...wireless. But just for fun of it, how do I configure a computer to work with/as DMZ?

Houman · Jul 29, 2003

cybrosh said:
I think I'll just get a PPTP VPN pass through Gateway/Router...wireless. But just for fun of it, how do I configure a computer to work with/as DMZ?

DMZ is special area set aside by Router, where no routing/NAT will take place. Everything in the DMZ( Demilitarised Zone) will be accessabile from the internet and need to be very careful when using it.

LTR12101B · Jul 29, 2003

DMZ (DeMilitarized Zone) - the router does not police any traffic here, so anything not a response to an outgoing connnect by other PCs, or incoming and port-forwarded to them, ends up here.

Essentially, the PC assigned as DMZ (in router settings) is effectively directly connected - and the router gives it NO security.

The DMZ is useful to allow traffic that is unsupported by any other method, testing if you suspect that a problem is due to traffic not passing through the router, or for testing a software firewall on the PC - it's no less secure than having one PC connected directly to provide ICS ...

Think of it as one PC directly connected, and the others NAT-routed ... not strictly true, but that's about the size of it - the capabilities are similar to one PC as the ICS host, but without the need to leave that PC on for the others to access.

cybrosh · Jul 29, 2003

Thanks Houman, LTR,

I kept reading about DMZ and actually found out Gateways and Firewalls have DMZ ports on some of the more expansive models. I also read about a 3 NIC option....and virtual dmz on others.

I don't think I'll be using that option

Too much.

amfibia · Aug 3, 2003

when using a speedtouch home modem from alcatel, you'll normally only be able to use it on one PC at a time or use a router.

A better way is to tweak your alcatel ST home to a ST pro. Nat is used then and you can connect your modem to your switch using a crosscable.

the way to tweak your modem is described at http://www.bruring.com/nuke/

good luck

PS you might get some problems using MS messenger due to NAT rules.

read before you try the entire guide and it's advantages

cybrosh · Aug 3, 2003

Thanks Amfibia,

So now I have to search for a NAT capable ADSL modem? or can I use a Router(With NAT)instead with my Home version Alcatel?

amfibia · Aug 3, 2003

You just have to tweak your ST home. It will make it a ADSL modem/router with firewall and NAT features.
No more routers needed. And allwys onwith a ppp connection.

If you need the VPN for connection to connect to an external LAN, then don't try is because you can't make a VPN tunnel anymore.
If needed you can retweak your modem to it's original settings.

unfortunately the website is in dutch. If you don't understand than google for "alcatel tweak" and you'll probably find an English site with the same information.

Good Luck

LTR12101B · Aug 4, 2003

http://www.petri.co.il/alcatel_upgrade_home_to_pro.htm

In english - read VERY, VERY carefully, a nd note specifically where it tells you the versions that are or are NOT suitable for this procedure.

cybrosh · Aug 4, 2003

Got it :/ unfortunately, I need pptp vpn pass through.....but I'll experiment with the idea. Thanks for the tweaking info'!

Cheers.

LTR12101B · Aug 4, 2003

Not sure there's any way to make this beasty VPN capable - though the Pro to 510 (possibly MORE risky than home-Pro) adds UpnP capabilty - not sure if that VPN is Upnp-aware.

Looked around some more
http://www.petri.co.il/adsl_and_nat.htm
And at the bottom of that one...
http://www.mirdesign.nl/

The "Defserver" option sounds rather like a DMZ - all incoming not explicity portmapped to other PC's will hit the "Defserver" - so that one needs an adequate software firewall, but can probably run anything as if directly connected.

Manual defserver configuration is also possible
http://www.petri.co.il/disable_adsl_builtin_firewall.htm
Yes, it IS the DMZ, and as described, allows incoming traffic not amenable to organized port-forwarding to be hurled at ONE PC - along with all the other dross like attacks - USE A DECENT SOFTWARE FIREWALL!

PS. If you use any technique (Defserver or port forwaring) whivch refers to a fixed IP address for the target PC, you must assign the IP address from the PC - as this device does not appear to have any provision for making FIXED DHCP mappings

amfibia · Aug 4, 2003

cybrosh said:
Got it :/ unfortunately, I need pptp vpn pass through.....but I'll experiment with the idea. Thanks for the tweaking info'!

Cheers.

do you need PPTP VPN passthrough just to use internet, or do you need it for more reasons.

FYI Over here (Netherlands) the ST comes with PPTP / VPN to use with internet. after tweaking it switches to an PPP connection / allways on. So no more PPTP / VPN needed