Page: Previous  1, 2

MatthewHSE
Status: Contributor
Joined: 20 Jul 2004
Posts: 122
Location: Central Illinois, typically glued to a computer screen
Reply Quote
Thanks for the detailed instructions Andy. I bought a router yesterday, tried to set it up, and failed miserably. I don't know why; I followed the instructions in the box to the letter. Of course they were written for the guy who has no idea what he's doing, so maybe if I'd read your post yesterday I'd have been able to get it working!

Basically, I got things set up so that the router would connect the computers with one another. So our internal network was working as it should. But I couldn't get the thing to connect to the Internet! I tried all kinds of things, checked the troubleshooting in the instruction manual which was worthless, and called tech support twice (which also didn't help).

In the end, I called my ISP just to make sure they weren't having connectivity problems (it's happened before). To my surprise, the tech there told me that our DSL box already had the capability to act as a router/firewall/network switch. I didn't set that part up myself so I didn't know this, but the DSL box has four network slots in the back. We only have the four computers, so I plugged one wire into each slot; the DSL works, and our network is running. Problem solved in under a minute . . .

For the time being, I've assigned each computer its own IP address, because I understood from the error I was having that this was required to achieve network stability. So far today, we've had absolutely zero problems.

But I don't know TCP/IP stuff very well. Sure, I've done some work with it, but about all I recognize is "do this to get that result." I don't really understand any of it. If you think I should, I may try a router again and go through your instructions with it. What's your opinion on the solution I found? Is it "permanent," secure, or should I try something else?

Thanks again for your help. This one definitely gets bookmarked for future reference!

Matthew
Back to top
andy
Status: Interested
Joined: 15 Oct 2004
Posts: 13
Reply Quote
Whether or not this is a permanent or secure enough method of connecting to the net is entirely up to you.

Are you going to be getting in more computers anytime soon? If so, you may want to consider deploying something that has more than 4 ports on your network now and testing it, so you don't have to try and get that all set up while trying to configure your shiny new server or workstation. If you know that you're not going to be doing that, then it's really no big deal.

As far as security is concerned, your DSL router is most likely no more or less secure than the router you bought. If you have one real world IP address, and 4 internal addresses without any sort of port forwarding put in place, then it is pretty much impossible for anyone from the outside world to initiate any sort of attack against your internal machines. Your biggest security risk in your case is your own users, and the possibility that they may inadvertently download some sort of backdoor program disguised as "TWELVETEEN MILLION SUPER CUTE SMILEYS RIGHT IN YOUR EMAIL DAILY!!!.exe" or something equally enticing to the non savvy user. To see how secure your router is, go on over to your favorite search engine and do a search for:
"(your router name)" security vulnerabilities
and browse the results. The ones that you really want to look for are attacks that would allow a remote attacker to gain access to your administrative interface.

If you plan on having an outside world accessible mail server or something like that would require your router to have port forwarding capabilities. If the one that your ISP has provided does not, and you need to run servers off of your internal network, you should use another one.

One thing to remember if you are going to be using an external router... most ISP provided DSL modem/router combos have the ability to turn off routing and just act as a modem. This is what you are going to want to do before you hook up the other router.
Back to top
MatthewHSE
Status: Contributor
Joined: 20 Jul 2004
Posts: 122
Location: Central Illinois, typically glued to a computer screen
Reply Quote
Hey Andy, thought I'd bug you a bit with another related question! ;)

I've gone ahead and bought another router; the DSL modem that doubled as a network hub just doesn't have a high enough transfer rate for our network purposes.

Anyway, in your instructions earlier in this thread, you said I'd have to set each computer on the network to obtain an IP address automatically, except the servers, which were to be given an IP address outside the IP range of the router. I assume this is so that the computers on the network maintain reliable access to the servers?

Unfortunately, in this case, each computer needs reliable access to all the others. We don't really have a server at all; we just have different workstations with different data on them and they all need to be able to "see" one another predicably. My understanding (and experience) is that, under these circumstances, each computer needs to have its own IP assigned to it in order to maintain network stability. But, this seems to conflict with your instructions for sharing the DSL connection through a router.

I know this is a "wordy" post, but I hope I'm getting across what I mean to communicate. How do I use a router to share our Internet connection, and network our PC's, all while giving each PC it's own IP?

Thanks for any help and/or advice,

Matthew
Back to top
jeffd
Status: Assistant
Joined: 04 Oct 2003
Posts: 594
Reply Quote
I was hoping Andy would show up, but I think he's busy.
:: Quote ::
My understanding (and experience) is that, under these circumstances, each computer needs to have its own IP assigned to it in order to maintain network stability.

Assign each one an IP address. Andy is talking more about larger networks where doing that isn't practical. You're right about the systems working better with assigned IP addresses, that's been my experience with windows networks too.

DHCP is a lot easier, nothing to keep track of except the server IP addresses, but there's nothing wrong with manually assigning each machine an IP.
Back to top
Dynamic IPs vs. Static IPs... FIGHT.
andy
Status: Interested
Joined: 15 Oct 2004
Posts: 13
Reply Quote
Sorry about the hiatus! It's been a very busy month or so for me... but if I pass the background check for what will hopefully be my new employer, I will have a new job that will allow me to quit my 3 current jobs. That will be a nice injection of free time into my schedule, and more money in my bank account.

As was previously stated, there is in fact nothing at all wrong with using static IPs for all of your machines especially if:

a) There are a small number of machines (which there is)
and
b) You won't be quickly adding/removing machines from your network (for example, bringing your laptop from home)

We'll say right now, that the only difference between a workstation and a server in my current definition is that a workstation is not running any services that require other machines to be able to access them. If everyone needs to get to everyone else on your network, it's probably a good idea to have everyone have a static IP address because they are all essentially servers.

The only time that it isn't completely necessary for a server to have a static IP address is if you are only using windows File and Print sharing (I'll call it smb from now on). The reason why you don't need a static IP address for smb services is because the "Microsoft network" side of your network automatically resolves the "computer name" of these machines on the network. On the plus side, this is the reason that you are able to hop onto your network neighborhood or my network places and see all the smb machines in there regardless of their IP address just as long as they are on the same subnet and/or same workgroup/domain. On the other hand, that’s also the reason why even with a static IP address it can often take a few seconds for a newly booted machine to show up on the network, for other machines to be visible to you once you boot up, or for files to show up when you are first connecting to a machine. Basically smb enabled workstations (once again, simply meaning a windows machine with file and print sharing enabled) just blab out their machine name to the whole network periodically just so everyone knows that they are there... and THAT is the reason why network administrators often hate large networks of windows machines... very very chatty. Useful, but inefficient.

If you are running services internally on these workstations that need to be reached by either IP address directly, or DNS then you MUST MUST MUST have a static IP address assigned for that machine.

Generally, I like to have my workstations have dynamically allocated IP addresses simply because it makes adding new machines, temporarily bringing in other machines, and making larger network changes (such as changing your addressing scheme, default gateway, DNS servers, etc) very easy. All you have to do is make one change on the router side, have everyone either release/renew or reboot their machine and the changes take effect on all of the workstations. One of the key things to remember when using static addressing is that not only do you have to assign that machine an IP address, you need to set the DNS servers and search domain as well as the default gateway. So let’s say you have a modest number of machines on your network, we'll say six, and your ISP switches the DNS servers that it wants you to use... suddenly that becomes a 30 minute task when I could have easily been a 1 minute task. The one problem with mixed static/dynamic networks is simply the fact that when you statically assign a machine an IP address, there is no way for the DHCP server to know that the address is in use, so it may assign it. The best way to get around this is to put your static IP addresses at the opposite end of the range at which your dynamic IP addresses are allocated from. Note that you are not using a different subnet, but since the dynamic addressing scheme tends to be predictable, and the chance of your network having 200 DHCP hosts connected at one time is minimal, they can generally live happily within the same range. One router manufacturer that I have seen that makes it very easy to mix dynamically assigned addresses with statically assigned addresses, linksys. By default on a linksys router, it uses 192.168.1.* for its pool of IP addresses. The addresses that it gives out for any computer asking the router to assign it a dynamic IP address is at or above 192.168.1.100. So if 5 computers connect to it asking to be assigned IP addresses they will receive 192.168.1.100, 192.168.1.101, 192.168.1.102, 192.168.1.103, and 192.168.1.104. This leaves available 192.168.1.2 through 192.168.1.99 for any machines that you want to assign a static IP address. So if you had 2 servers on your network that needed static IPs and 5 workstations, you could set up the servers to statically use 192.168.1.10 and 192.168.1.20 without worrying about your dynamic machines being allocated the same addresses as your statically allocated servers.

You could also set up your DHCP server to assign your workstations the same IP address every time they log on but depending on your hardware that generally requires configuration that is a bit beyond the scope of this post.

So this is my recommendation... If you are using smb services on your machines exclusively, save yourself a serious amount of time and risk of accidental misconfiguration and set them up to use DHCP... your routing hardware probably uses it by default.
If you don't need change your network configuration often, you may just want to go with static, it could be the best way to go.
Back to top
techAdmin
Status: Site Admin
Joined: 26 Sep 2003
Posts: 4127
Location: East Coast, West Coast? I know it's one of them.
Reply Quote
Awesome posts Andy, great information. Some of which I wish I had had last week when I was working on a Windows network and couldn't figure out one thing. I'll post that question separately however.
Back to top
andy
Status: Interested
Joined: 15 Oct 2004
Posts: 13
Reply Quote
Thanks! And do feel free to ask away, i love this stuff. I certainly may not be able to answer myself, but if I don't, I will probably know someone who does.
Back to top
Display posts from previous:   
Page: Previous  1, 2
All times are GMT - 8 Hours