Choosing a Gateway

A gateway is a device which is connected to both the internet and to your internal ethernet network (your LAN). This allows all the computers connected to the LAN to share one internet connection. The gateway passes traffic from one network to the other. For security reasons, the gateway act as a NAT router or a firewall (as explained in the Networking Basics section).

The gateway can be a computer or it can be a dedicated device - a free-standing piece of hardware which works out of the box (minimum cost about 80). In principle any computer with the right kind of interfaces can act as a gateway, just add some gateway software.

In reality, you may be constrained by circumstances to use a PC running a specified version of Windows. Any internet connection that uses the Universal Serial Bus (USB) interface will need driver software on the PC, and that is often only provided for certain versions of Windows. Some ADSL connections and cable modem connections work over USB. If you connect to your broadband device via an ethernet interface, you can choose what style of gateway to use.

Linux and Windows XP come with built-in gateway software. For some other versions of Windows you need add-on software such as the Personal Firewall from www.tinysoftware.com (free for non-commercial use), WinRoute from www.winroute.com or ZoneAlarm from www.zonelabs.com.

You can configure a conventional Linux PC to act as a firewall while providing other services. This is not a good policy. It's best to set aside a low-spec PC as a firewall and do nothing else with it. There are a number of complete systems ready packaged up that run Linux and a firewall, all off a single floppy, for example Freesco from www.freesco.org and SmoothWall from www.smoothwall.org. Both of these are free.

If you use a computer as your gateway, running Linux, Windows or whatever, configure the ethernet interface card that connect it to the LAN to use a fixed IP address. Configure the other PCs on the LAN to use that address as their default gateway. Traditionally, the gateway has the IP address 192.168.0.1

I describe the details of configuring ethernet interface cards in a separate section, so I will gloss over that here.

Netgear (www.netgear.com) make a range of dedicated gateways, and I use those as examples. There are many other choices.

I have built my own gateway using a Linux PC. It took a bit of time but it was very educational. It worked OK, but running it was a nuisance, so I switched to a dedicated gateway, a Netgear RT311. If you are building a network to a deadline, and it is going to hold sensitive data, I suggest you buy a dedicated gateway (internet connection permiting).

Connecting via a Telephone Modem

If you building a network at home and you already have a Windows PC connected to the internet, the easiest way forward is to use that as the gateway for the rest of your network. Just fit an ethernet card and run gateway software such as the Tiny Software Personal Firewall.

Using a Windows PC as a gateway is not the best solution, because a hacker may be able to exploit defficiencies in the underlying Windows software. However, your PC will be a lot more secure than it used to be: whenever you were connected to the internet before, it was vulnerable to attack by hackers. If you had an unmetered connection, you probably quite often connected for many hours, giving the hacker plenty of time to find it and do damage. Running gateway software at home is a good idea even if you only have one computer.)

The modem can be internal (a card that slots into the computer) or external (a separate device with its own power supply connecting via a serial port).

If you have an external modem, you can buy a number of dedicated gateways that will work with it. look for one with a serial interface and an ethernet interface. Connect the serial interface to the modem and connect the ethernet interface to your hub or switch.

If you don't have a modem, consider something like the Netgear RM356, a gateway with a telephone modem built in.

You can also build your own gateway using Linux.

Different ISPs support all sorts of methods for telephone connections, so there is a lot of margin for incompatibility between the gateway and the service. Before you buy a gateway, check with your chosen ISP that it has the necessary features.

Asymetric Digital Subscriber Line (ADSL)

As with a cable modem, the connection to the ADSL device can be via USB or ethernet. Some services offer dynamic IP addresses, others offer static addresses.

The USB style of connection demands that you use a Windows PC as a gateway, using a version of Windows that supports it.

Configure your gateway as explained below in the sections on gateways for USB and ethernet cable modems.

Universal Serial Bus (USB) Cable Modem

The business-class cable modem comes with a gateway provided, so if you are reading this part, I assume you are using one of the domestic connections. This matters because certain details are different. In particular, a domestic-class cable modem uses a dynamic IP address.

As explained, don't choose a USB modem if you want flexibility.

The cable modem comes with a device driver. It only works with certain specified versions of Windows. Make sure it is compatible with yours. The modem does not work with Linux. (One day that may change.)

USB is a hardware connection. Old PCs don't have it. You might be able to get round this by fitting a USB interface card to your PC, but they are finicky and may not work on an old PC. They are really meant for adding USB ports to a PC that already has one.

Connect the modem via the USB connection and install the driver. The modem expects the connecting PC to request an IP address via DHCP, so configure the PC to do that.

Fit the ethernet interface card to the gateway PC and configure that interface to use the fixed IP address 192.168.0.1.

Download and configure your gateway software. It will probably work sensibly out of the box, ie pass traffic coming on the ethernet interface to the USB interface and vice versa, applying security rules to ban unacceptable traffic. It probably also acts as a DHCP server for the rest of the PCs on your network. If so, configure them to use dynamic addresses and use the IP address 192.168.0.1 as the default gateway.

If your gateway does not act as a DHCP server (unlikely), read the instructions to find out what address range and subnet mask it supports and assign one address from that range to each PC.

Ethernet Cable Modem

The business-class cable modem comes with a gateway provided, so if you are reading this part, I assume you are using one of the domestic connections. This matters because certain details are different. In particular, a domestic-class cable modem uses a dynamic IP address.

The ethernet cable modem has a single RJ45 ethernet connection to connect to the gateway. The gateway should have two ethernet connections. The modem is connected to one, all the other computers are connected to the other, via a switch or hub. (If there is only one other computer, you can do without the switch.)

A dedicated gateways such as the Netgear RT311 provides all you need out of the box. It contains a built-in DHCP server, By default, it assigns the address 192.168.0.1 to its LAN ethernet interface, so you configure the rest of the PCs to get addresses via DHCP and to use that address as the default gateway.

Connect the RT311 to the modem and to the switch using straight ethernet cables (not cross-overs).

If you are building your own gateway using a Windows PC or a Linux gateway package (freesco, smoothwall or whatever), you will need two ethernet cards. Fit the first card and configure the IRQ and address range. Then fit the second. That way, you can tell which is which. Note which IRQ and address range each one uses.

Connect one ethernet interface to the modem and the other to the hub or switch, using straight cables. (If you only have one other PC, you can do without the switch and connect directly to it using a cross-over cable.)

If the gateway PC runs Windows, Reboot it and install the driver for the ethernet cards. Configure the interface that connects to the cable modem to get an address via DHCP. This is what the modem expects. Configure the other interface with the fixed address 192.168.0.1.

Test that you can access external sites from the gateway PC:

	 ping www.microsoft.com

If ping works, then your internet connection is working.

If the gateway PC runs a linux-based package, read the instructions on the supplier's web site. They will explain how to manufacture a suitable floppy disk using another computer.

Whichever gateway you use, configure the other PCs on the network to use it, for example, set them all to get a dynamic address via DHCP and use 192.168.0.1 as their gateway. Test that you can access the gateway and an external site from each of the PCs:

	 ping 192.168.0.1
	 
	 ping www.microsoft.com

If ping works, then your network is working.