User Guide

Contents

• Multi-NIC Gateways and Related Advanced Configuration Techniques
• IPNetRouter Guide to AirPort
• DHCP and Mac OS
• Internet Sharing Using A Cable/xDSL Modem and Only One Ethernet
• Connecting to the Internet Using a Cable/DSL/ADSL Modem and Dual Ethernet
• Internet Sharing Using Remote Access (OT/PPP) and Ethernet
• Building Your Own Low Cost Ethernet
• Building a Firewall Using IP Filtering
• Using LocalTalk (MacIP over AppleTalk)
• Connecting to the Internet Using a One Way Cable Modem
• Inbound Port Mapping
• PPPoE Internet Sharing with IPNetRouter
• Port Mapping for QuickTime 4 Streaming Video
• Using an Unnumbered Interface
• Using the IPNetRouter DHCP Server

These directions assume that you normally connect to the Internet using a cable/DSL/ADSL modem. To share your cable/DSL/ADSL modem with other machines on your ethernet LAN, your cable/DSL/ADSL modem and the machines on your LAN should be connected through an Ethernet hub. See the above diagram. In the single ethernet setup, the cable/DSL/ADSL modem is attached to the "UPLINK" port of the hub; the gateway and client machines are connected to regular ports of the hub.

Alternatively, if you have two ethernet ports in your gateway machine, you can connect the cable/DSL/ADSL modem to one Ethernet, and your LAN to the other (in this case, your private network interface will be on your 2nd ethernet). The dual Ethernet configuration has important security and other advantages you may wish to consider. Ethernet networking is covered in more detail in the Ethernet Basics section.

The basic steps to configure IPNetRouter to work with a cable/DSL/ADSL modem in the single ethernet port setup are as follows:

1. On the gateway machine, use the TCP/IP control panel to configure the Ethernet interface to use your cable/DSL/ADSL modem as instructed by your service provider (example: @Home). Make SURE that the "Load Only When Needed" option is UNCHECKED (you must be in Advanced User mode to get to the TCP/IP options. Choose User Mode under the Edit menu and select Advanced). If you can already access the Internet from this machine via your cable/DSL/ADSL modem and you are SURE that the "Load Only When Needed" option is UNCHECKED in the TCP/IP control panel, you're ready to proceed to the next step. (Note: If your ISP requires the use of a PPPoE client, you should use the instructions in the PPPoE section to configure your gateway.)
   
   
2. Startup IPNetRouter on the gateway machine. In the Interfaces window, click on the top row (with your public IP address on the ethernet port). With this interface selected, check the "IP masquerading" box and then press Add (if you receive your IP address via DHCP from your cable/DSL/ADSL modem or DSL modem provider, then also check the "DHCP Aware" box). You should see a little mask icon appear in the state column for the Ethernet interface (and a DHCP icon if you checked the DHCP checkbox and added this feature). Notice you need to enable IP Masquerading on the interface that communicates directly with your cable/DSL/ADSL modem. Your Interfaces window should now appear similar to the following (your IP address and mask values will vary depending upon those values assigned by your ISP):
   
   

   

3. Next you need to create a 2nd IP interface on your Ethernet port. Continue to work in the Interfaces window using the "Configure Interface" input area just below the main display grid. Select Ethernet from the popup menu under the Port Name column. Click the up arrow to the right of the Interface Name field once. You should see ':1' added to the interface name. Enter a private IP Address and Mask. We suggest an IP address like 192.168.X.1 (where X is a number between 1 and 254...in this example we choose 73, but you should choose your own subnet number) and a mask of 255.255.255.0. Only the "Bring Up" checkbox should be checked. Press Add. You should see all the values you just entered appear in a new row in the main Interfaces table. Your Interfaces window should now appear similar to the following:
   
   

   

   
   You might ask why we choose the 192.168.73.X subnet for this installation. The reason is that you do NOT want to have conflicting private IP addresses with other potential NAT router users out on the cable/DSL/ADSL/DSL modem network. (One reason we suggest dual ethernet might be preferable.) The most often used private IP subnet is 192.168.0.X, so you probably want to avoid using this subnet for your private network. This is why we went with the 192.168.73.1 IP address for the IPNetRouter machine. You can use any different subnet, such as 192.168.149.X, etc.. Just make sure to address your client machines accordingly.
   
   

4. Select Save As from the File menu to name and save your configuration. Then just double click on this config file anytime you want to startup IPNetRouter with this configuration. You can put an alias to this config file in your Startup Items folder so that it runs automatically at each startup. Your gateway should now be working!!! [If it doesn't work right away, try restarting once to give Open Transport a chance to rebuild your TCP/IP stack with the supplied Proxy module inserted.]

Now each slave machine on your LAN needs to be configured to take advantage of this new gateway. The general idea is as follows:

1. Each slave machine needs its own unique IP address from the same private sequence that the gateway is using. In the above example the gateway is at 192.168.73.1, so your slaves should each use a unique addresses like 192.168.73.2, or 192.168.73.X where X is anything from 2 up to 255.
   
   
2. All the slave machines need to be told to use the gateway machine (192.168.73.1) to access the Internet. So set the Default Gateway (router) parameter of all slaves to 192.168.73.1
   
   
3. You can use the IPNetRouter IP address as the Name Server address in each of the clients (e.g. 192.168.73.1). Just make sure that the DNS forwarding option is checked in the Gateway window of IPNetRouter. (You MUST be running IPNetRouter v1.4.8 or later for DNS forwarding). Otherwise you need to enter the true Name Server for your ISP in each of the client machines.
   
   
4. Important: You SHOULD NOT use the DHCP server within IPNetRouter to configure your client machines when using this single ethernet setup. If you do so, your IPNetRouter gateway becomes a DHCP server for the entire cable/DSL modem network and your Internet connection may be terminated by your service provider.
   
   

Other servers such as mail and news servers should all be set to the standard values specified by your provider (@Home). You may, however, have to use FULLY SPECIFIED DOMAIN NAMES for Mail servers when accessed from your client machines (e.g. instead of just using "mail" for the SMTP mail server, you might have to fully specify the name like "mail.srst1.fl.home.com"). Also make sure the slaves each have a unique IP address and will use the gateway (192.168.73.1) as their default gateway. On a Mac use the TCP/IP or MacTCP Control Panel, on Win95 use the Network Control Panel.

Additional Notes:

You may need to power cycle your cable/DSL modem if it was being used by something other than the gateway Mac previously. The safest thing to do is to turn on the cable/DSL/ADSL modem first, then the gateway Mac. Access the Internet from the gateway Mac to make sure the cable/DSL/ADSL modem learns the gateway's address before any other. After the cable/DSL/ADSL modem has seen the gateway Mac at least once, you can power up any of the devices in any order until you power cycle the cable/DSL/ADSL modem. Then you'll need to make sure it sees the gateway Mac first.

The 10Base-T Ethernet interface on cable/DSL/ADSL modems is usually designed to act like a hub port. This should attach to the uplink port on your 10Base-T hub, or you will need to use a "crossover" cable/DSL/ADSL. See Building Your Own Low Cost Ethernet for details.

If you need to determine the IP address of the default Name Server (DNS) which your ISP has you currently using, you can use the tools in IPNetMonitor to determine this IP address. From the gateway machine, launch IPNetMonitor and open the NSLookup Window (Name Server Lookup). From the NSLookup window, open the Ping window (Cmd-T), this will invoke a ping test to your default Name Server used by NSLookup. Your default Name Server address will be visible in the Ping window. You could then use this IP address in each of your client machines... but just using the IPNetRouter address with DNS masquerading is normally much easier.

If your gateway is configured using DHCP in the TCP/IP control panel, you should check the "DHCP aware" checkbox for the corresponding IP Interface in the IPNetRouter Interfaces window. This tells IPNetRouter to use your dynamically assigned DHCP address instead of the address saved with your configuration file when IPNetRouter restores your saved settings.

IP Addressing: I chose the example IP addresses from network 192.168.x.x because this network range is reserved for private LANs (see RFC 1918). In order to route IP datagrams between two networks, each network must normally have its own network number (the most significant part of the IP address logically ANDed with the network mask). If you wish to follow the suggested example, each machine on your ethernet LAN must have a unique address from network 192.168.73.x (192.168.73.1, 192.168.73.2, 192.168.73.3, etc.). The Macintosh running IPNetRouter (192.168.73.1 in this example) becomes the default router or gateway for the other machines on your ethernet LAN.

The Benefits of Dual Ethernet Internet Sharing

While IPNetRouter has been designed to handle single ethernet configuration, we often recommend a dual ethernet setup in conjunction with ethernet xDSL and cable modems because:

1. A dual ethernet configuration is much more secure since the private LAN is physically isolated from the internet and your ISPs cable modem or xDSL network. Physical isolation of your private LAN interface makes it much harder to use various hacking techniques to disrupt or "spoof" your network interfaces or steal files off of your computers. While you should not worry about this sort of security issue too much, its better safe then sorry, especially where money or reputation is of import. See the Firewall section for more on how to secure your gateway.
   
   
2. There is potential for IP and Appletalk conflicts between your local LAN and the rest of your ISP's network. Someone else on your ISP's cable modem or xDSL network (WAN) might be running a NAT router (Mac, Windows, LINUX, etc.) in a single ethernet configuration and choose the same IP subnet (addresses) for their own client machines/gateway. In that case, one of you will get bumped (your ethernet driver will likely shut down). There are other conflicts that might occur that are equally as unpleasant. The risk of Appletalk conflicts has declined sharply as ISPs learn the dangers of permitting unbridled packet transmissions on their WANs. The problem with private IP conflicts is likely to remain indefinitely. Using a dual ethernet setup will remove this from being a problem on your own private network.
   
   
3. The dual ethernet configuration offers much better performance in many instances. In the dual ethernet configuration, packets are routed over physically separate interfaces, drastically reducing potential packet collision and routing problems between your IPNetRouter gateway, the internet, and your private LAN.
   
   
4. You should not run IPNetRouter's DHCP server with the single ethernet setup since, as specified in the standards governing DHCP, a DHCP server is limited to the primary IP address on a physical interface. In the case of a single interface Internet sharing arrangement, the primary interface must be reserved for the cable modem/xDSL IP interface. (Note: This limitation does not apply if you are connecting to the internet solely from a phone dialup connection. It only applies if the DHCP server would serve IP addresses to the same physical ethernet interface as the Internet connection of the gateway.) This may or may not be important to you, depending on whether you wish to use IPNetRouter's DHCP server feature.

In order to benefit from dual ethernet, you will usually have to purchase an additional ethernet card for your Mac. When purchasing ethernet cards, check with the manufacturer to see if your OS, Mac hardware, and multihoming IP is supported. Also consult our nettalk user archives for more feedback from other users about a particular card's effectiveness. The Troubleshooting section describe some ethernet card/MacOS compatibility issues to be aware of. If your gateway computer does not have the ability to take two ethernet cards or you are interested in using other types of interfaces, see the relevant sections elsewhere in this guide. The IPNetRouter FAQ is a good starting point.