Keywords: IPRoute, ISPA, ISDN, proxy server, sharing a connection to the Internet, modem sharing, IP Masquerading, Network Address Translation, software router, DOS
This page contains information on how you can connect a LAN (running Ethernet, for instance) to the Internet, using a standard (personal) account. The connection to the Internet can be an analog modem, ISDN, or even a cable or ADSL modem. I've done it with all of these...
IPRoute is a DOS software router for the TCP/IP protocol used by the Internet, and ISPA is an emulator which lets an ISDN card appear like an Ethernet card. The focus will be mainly on using IPRoute with ISDN plug-in cards through the ISPA driver. However, the software is also known to work with analog modems, ISDN modems and cable modems (in that case, just skip the parts where ISPA is mentioned because ISPA is only needed when you use an ISDN plug-in card).
Configuration Assistant generates the IPRoute v1.18+ configuration file for you, based on your requirements
and other input. 30-aug-1998.
An official IPRoute demo is now available for download! 28-jun-1998.
Added some more proxy servers / NAT to specific products. 17-apr-1998.
Added IPRoute tricks. 6-jan-1998.
Added/updated some links to Linux IP Masquerading pages, e.g. the Linux Masq Apps page. 4-dec-1997.
The latest version for registered users of IPRoute is now V1.10. The unregistered shareware version is still V0.973. Updated 1-oct-1997.
Here's the IPRoute script I am using with modems.
Updated 22-aug-1997.
Some modems handle carrier detect differently. Needs investigation.
This script might work with ISDN modems as well but then you need to add
AT init strings. E.g. for some ISDN model (Elsa?) you need to use
AT&FB40 for initialisation and ATDI (instead of ATDT) for the dial command.
Jae Kim uses these settings
for his Motorola Bitsurfr Pro at 128 Kbps:
send "AT&F1&C1&D2@B0=2\r" ; for initialisation send "ATDxxxxxxx&yyyyyyy\r" ; for dialing out (2 B-channels, ; 2 phone numbers xxxxxxx and yyyyyy)
Back to my ISDN page
Back to my homepage
A (personal) Internet account isn't that expensive anymore. Let's say you have a whole (Ethernet) network of computers at home. One for yourself, one for the kids, one on the toilet, you get the idea... Preferably, you want to access the Internet from each of those machines. One machine, which has the modem, will be the "middle-man" for the other machines. You want all connected machines to share the link to the Internet. If you have a couple of those "workstations", a 28K8 modem will probably not be enough. ISDN may be a good option in that case. If you use a "proxy" or a feature called "IP Masquerading", you will be able use a standard (i.e. cheap!) personal account to connect the LAN to your Internet Service Provider (ISP). All this is explained in the following.
Here are some examples of connecting a LAN to the Internet. I already mentioned the "homebrew" LAN. In most cases people use a coax Ethernet cable so they can do without a "hub" (central interconnection device). Another application is a school which has a couple of computers and wants to connect to the Internet at low cost. Or you can think of a small office. I myself used IPRoute + ISPA (described later on) to connect the LAN of a user group to the Internet during meetings (de HCC Amsterdam).
But first, a little bit of theory. Every computer connected to the Electronic Superhighway (the Internet) must have a unique "licence plate", called an IP address. But because of the growth of the Internet, it is running out of IP addresses. As with any scarce goods, if you need more IP addresses you will have to pay!
Internet developers have devised schemes which help to limit the number of
needed IP addresses. For instance, an ISP has a certain number of customers
but they can't possibly be all logged in at exactly the same moment. So
the ISP buys a smaller block of IP addresses. When you call in to your ISP,
you receive one of the IP addresses out of this block from your ISP during the
connection setup negotiation process. So you don't know your IP address in
advance. This is called a dynamic IP address.
However, some ISPs also offer fixed addresses, i.e. every time you
dial-in you get the same IP address. This is of course advantageous
if you are connected to the net for long periods (e.g. if you have
an ADSL or cable modem) or if you want to run servers.
The problem is that most ISPs charge you extra for such these
static IP address. A notable exception is Demon.
Different approaches to sharing a
connection
So you want to connect your LAN to the Internet. This means that there is one machine which has the link to the Internet (modem, ISDN card). Let's call that one the gateway computer, for simplicity. The gateway computer receives packets from the other machines (let's call those the workstation computers) and then passes them to your ISP. And vice versa.
I can think of four different strategies how a LAN can be connected to the Internet. Invariably, all four work with one machine forwarding the packets it receives from the other machines to the Internet.
I will discuss each of them in the next paragraphs. Tony Rall of IBM Almaden has also written an excellent article on this, with special attention to OS/2.
As you probably know, you can share disk drives and printers under Windows for Workgroups, Windows 95, Warp 4, Warp Connect, Windows NT etc. But it is even possible to share a serial port in a similar way. A modem can then be attached to this shared serial port. However, only Warp Connect and Warp 4 support serial port sharing out of the box. OS/2 2.x and Warp non-Connect support it if you install the free OS/2 LAN Manager client by Microsoft. A special version of Windows NT, called Small Business Server (SBS), also contains a modem server. Special client software is included with SBS for Windows 95 and Windows for Workgroups. Rumors say that NT version 5 might contain similar modem sharing support. I wonder whether Windows 98 comes with a suitable modem client for this...
Client software which is readily available for your Windows machine(s) is offered by (in alphabetical order):
Are SBS and NT5 compatible with these clients? You tell me... Knowing Microsoft's track record with this kind of things I would not be surprised if theirs is completely different...
In most business setups, a special modem server is used. This is a hardware device which has multiple serial ports equipped with modems. Workstation computers which connect to this server then get a virtual serial port, say COM6. The disadvantage is that only one user can gain access to a modem at the same time, if he uses it or not. He has to release the remote modem out of the goodness of his heart, once he's finished. The advantage is that the user has the full bandwidth of the modem at his disposal. Plus, it is not limited to IP or IPX traffic but you can also use it with fax software, connect to BBSes etc.
This is what most businesses use. They get a block of static IP addresses from their ISP and give each of their machines an IP address. In most cases, what I call the "gateway computer" is in fact a router, a special hardware device which forwards the packets. Some operatings systems (e.g. Unix, NT, OS/2) can route IP packets too. *) The disadvantage of routing that it is more expensive because you will have to 'buy' static IP addresses from your ISP. Not only that, the ISP will have to define a "route" to your own little subnet on their systems. That means they'll have to do some work and thus they want to be paid for it. It also means that intervention by your ISP is required, i.e. you can't do it all on your own. This is in contrast with the next two strategies.
*) Nathan Goyette pointed out to me that Windows 95 can be tweaked to support routing, although this is an undocumented feature.
Routing works great for businesses which are connected to the Internet 24 hours a day. But what if you're not, and you still want to hook up a whole LAN to the Internet once in a while? One solution would be if somehow a workstation computer could ask the gateway computer to send and receive data on it's behalf. The software which does the trick is called a proxy server. A well known example is WinGate. As far as the operating system is concerned, the proxy server is a normal TCP/IP application. A workstation computer sends a request to the gateway asking it to send data to the Internet. The data is sent using the gateway's IP address, and any response comes back the same way. Any number of computers on your LAN can use the connection in this way at the same time, as long as the data for separate requests is kept separate. The gateway computer can be a 'normal' PC with a standard Internet connection. There are several different way to do proxying: using the SOCKS protocol, socket relays and application proxies.
The SOCKS protocol is defined by an official standard. TCP/IP applications have got to support SOCKS (in other words: must be SOCKSified) in order to connect to a SOCKS proxy server. Some do, but many of them do not. Some operatings systems, such as Warp 4, have special support in their TCP/IP stack so that non-SOCKS aware programs can be used with SOCKS servers.
With socket relay (also known as "port mapping"), the proxy server mirrors ports from the remote machine on the Internet and makes them available as though it was providing the services. In this case, when a workstation on the internal network connects to for instance the SMTP port on the proxy server, the proxy server opens a matching socket on the connection to the Internet and then just ferries data between the two connections. Unlike SOCKS, a socket relay does not require any special support on behalf of the client program, so it can be used with most applications. The disadvantage of socket relays is that not all protocols can be handled. For instance, using the FTP protocol in non-passive mode is very problematical, and is not normally possible with a socket relay system.
An application proxy is a special TCP/IP program that knows about a particular application protocol, and will accept requests using this protocol. A common example of this is the HTTP proxy provided by many internet server providers. This program accepts HTTP requests from clients using the HTTP protocol and converts them to requests to other HTTP servers. The resultant data is then copied back to the client computer. This approach has the advantage of allowing the proxy server to make use of its special knowledge about the application protocol in order to make the request more efficient. For example, most HTTP proxies will cache requests and can respond without requiring any further network access if the requested page is already in the cache.
Some operating systems, most notably Linux, have the capability to perform IP routing with the addition of changing the IP address in the packets on the fly, i.e. as the data is passed through from the LAN to the Internet. In IPRoute this feature is called Network Address Translation (NAT). Strictly spoken, NAT is a superset of IP Masquerading and is often used in firewalls for security reasons. I decided to use Linux' notion "IP Masquerading" in the following because it is better known and confusingly, ISPA also has a feature called NAT (used for a different purpose).
IP Masquerading is a feature of the TCP/IP stack. The TCP/IP stacks in most commercial operating systems (Warp, Windows etc.) don't support IP Masquerading. At the moment only "independent" TCP/IP programmers feature IP Masquerading. Linux comes with full source code, so that made it a bit easier to implement IP Masquerading. The shareware DOS application IPRoute is another example. It comes with its own custom TCP/IP stack supporting IP Masquerading.
Let's say in the following example that you use IPRoute for IP Masquerading. IPRoute changes the addresses in the packets it receives from the workstation machines into the address it is using itself. For example, 2 workstation machines can each run a webbrowser. IPRoute changes the addresses so the ISP thinks both webbrowsers are running on one and the same machine! There's nothing strange with that, it has always been possible to run multiple webbrowsers on one machine.
Running servers (say, webservers) on multiple workstation machines is a bit less
transparent. Most servers listen to a "well-known" port number. For a
webserver this is port 80. But only 1 server can listen to a port at the
same time. That means that the gateway machine can remap a port to only one
workstation machine. So, if you want to run more than one webserver on your internal
network which must all be reachable from the outside, there is a problem.
Fortunately, there is also a solution.
Let's say you have webservers on each port 80 of the workstation machines
192.168.0.2, 192.168.0.3 and 192.168.0.4. You can remap port 80 on the
gateway machine to port 80 on 192.168.0.2, port 81 to port 80 on 192.168.0.3
and port 82 to port 80 on 192.168.0.4. People on the outside will have to
specify URLs with "non-standard" ports for the last two workstation machines, say
http://www.wins.uva.nl:81/ and http://www.wins.uva.nl:82/
It works but it isn't very elegant...
Routing vs proxy servers vs IP
Masquerading
One of the major problems with using the SOCKS protocol is that it requires that clients be able to perform name lookups for external addresses, usually via DNS. This means that as well as implementing a SOCKs server, the proxy server must also provide a full DNS service to it's clients. Additionally, some protocols do not lend themselves to transport via SOCKs. The FTP protocol, in non-passive mode, can be particularly difficult. It is also possible to use a socket relay server without access to a DNS server, but this is not always the case.
If you have several workstation machines who all hit the same webpage at the same time, a caching proxy server may be provide better performance than a system with IP Masquerading. That is because the webpages can be served from the cache (local harddisk) instead of getting each of them over the modem/ ISDN link. On the other hand, a caching proxy may require a more powerful machine with a big harddisk, i.e. you will probably not get away with a lowly 286, as you can with IPRoute...
For a much more elaborate exposition, see .
This list is in no particular order.
Most Webservers as Apache, Netscape,
Microsoft IIS or IBM ICS also provide (caching) proxy services.
Advantages of IPRoute over WinGate:
Advantages of WinGate over IPRoute:
Both IPRoute and ISPA use the word 'NAT' (Network Address Translation) for
more or less different purposes. I will try to explain the differences.
In ISPA, NAT is used for handling the dynamic IP address you get from your
ISP. And it works like this. When ISPA gets the dynamic IP address from the
ISP, there is no mechanism which allows the application running on top of
ISPA (IPRoute, NCSA Telnet, etc.) to get that IP address! So ISPA uses a
trick. In both the application and ISPA you specify the same dummy IP
address (I use 145.220.128.13, but anything is allowed). In advance! This
allows both to communicate with each other. Now, when ISPA dials out and
receives the real dynamic IP address, it changes the address in that packet
on the fly to the dummy IP address. This way, ISPA uses a dynamic
IP address it gets from the ISP, but the application (IPRoute) thinks it
has a static IP address!
IPRoute also has a NAT, but it's used for a different purpose. It allows
multiple machines connected to a LAN access the Internet through only
1 IP address. This is what I earlier called IP
Masquerading.
Here is a typical setup for IPRoute and ISPA, acting as an Internet router for
the workstations.
As you can see, I use the "dummy" Class C subnet 192.168.0.x
for the local network with the workstations. This is a "private" block of
addresses, especially reserved for exactly these kind of setups.
These addresses are not intended to be used on the Internet (the IP
Masquerading of IPRoute makes sure of that). See also
RFC1597.
Here are the configuration scripts I am using for such a setup. Hopefully they are a good
enough example. Of course you have to remove the comments at the right hand
side of ISP.BAT. By the way, ISP stands for Internet Service Provider in the
following.
ISP.BAT (located in root directory)
You can get packet drivers for Ethernet cards from
this site.
If your Ethernet card does not have a DOS packet driver, but only an ODI
driver, you can download a shim ("interface") from
Dan Lanciani's site.
Please don't be alarmed if the software router stops running after about
15 minutes. That's ISPA's shareware limitation if you haven't registered
it yet.
In ISP.IPR, you find several nat isdn0 lines. With this
I tell IPRoute to route incoming sessions of port types 80 (WWW),
1376 (OS/2 Person-2-Person), 2213 (Kali games), and 20/21 (FTP)
etc. to one particular machine (mine :-). However, Dave Mischler
told me that you can route all incoming sessions (any port)
to one machine (in my case 192.168.0.2) if you use the following line
instead of the 5 tcp/udp NAT lines:
When you start the ISP.BAT batch file, make sure that both IPRoute and ISPA
start with no warning messages. The first test is to ping a workstation machine on
the Ethernet network using the PING command at the console prompt of IPRoute,
for instance: PING 192.168.0.2 If the ping test fails, verify that
the packet driver installed correctly (IRQ, DMA, I/O port) and that IPRoute
could access the packet driver for your Ethernet card.
Now ping a machine which is not located on your Ethernet LAN, a machine on
the Internet, for instance PING 165.113.58.253 or use the IP
address of the Domain Name Server your ISP told you to use. The modem/ISDN
card will dial and establish a connection with your ISP.
On every workstation machine, you will have to specify the IP number of the
Domain Name Server (DNS) of your ISP. If you have multiple IPSs, you can
specify more DNSes. I'd love to have IPRoute perform some kind of DNS proxy
service (so you can specify 192.168.0.1 as the DNS, which makes the workstation
machines almost completely independent of the ISP used) but Dave says it's
difficult to do. There might be a way to get around this and that is by
installing your own DNS or DHCP server. I guess Warp Server, NT, Linux or
perhaps even Warp with extra stuff could do the trick.
I haven't quite figured out how to use both ISDN B-channels at the same time,
to get a bandwidth of 128 Kbps. However, I found the
ADC Kentrox Pacesetter FAQ to be very informative on this subject.
See also the IPRoute script I use with modems.
This has the disadvantage that you cannot do name lookups of SMB/CIFS servers
located on the Internet. There are actually few of these, so that may not
be much of a problem. Probably the best solution would be to run your own
(caching) DNS on your LAN. Only genuine DNS requests will cause IPRoute to
dial out then.
A problem with Warp Connect and Warp 4 is that Sendmail also causes IPRoute
to dial out once in a while. You can fix this by killing the Sendmail process
and use another mailer (Netscape Mail, Postroad etc.), or remove Sendmail
completely from the startup .CMD file (I forgot its name, mail me if you
want to know). I don't know if installing your own DNS helps in this case.
At the same time, you could install a DNS and/or DHCP server on that
Windows 95 machine running IPRoute, although I don't know of any
freeware implementations like Unix has.
145.220.128.13 is the "dummy" IP address mentioned above. If your
ISP has given you a static IP address, use that one instead. The ports
2021 and 2023 are the "secret" ports you FTP and Telnet
into. You may alter these of course. Most telnet and ftp clients allow you to
specify these non-standard (custom) ports. But be warned, use logon scripts
with usernames and passwords or else anyone can have access. Also note that
FTP and Telnet transmit passwords in clear text. That does not mean that any
bozo can read them, but sysadmins of your ISP and Internet long distance
carriers might...
PLIP + PDETHER + ODIHLP does not seem to work!
PIPX + ODIHLP might work, but it has a time limit and a nag screen and
you'll have to pay to get rid of these.
You can choose only one option of these, they are mutually exclusive. For
each of the options you can/must use -n to specify the PPP options such
as login ID and password, and also -c if you need CHAP instead of PAP
(the default) for PPP authorization. Sync PPP over HDLC seems to be
the most popular protocol nowadays. It's the default for most Windows95
ISDN packages, so try -p first.
There is a freeware "CAPI-to-packet driver" available, called PAPI. But this
one has much less functionality (has not been updated for a couple of years),
for instance it doesn't support PPP so it will probably not be much use to
you if you want to dial up to an ISP. It may work if you want to hook up two
LANs of your own through ISDN, because what I understand from it PAPI's main
use is to send whole Ethernet packets. I haven't quite figured out how they
implement security (you don't want everyone to dial in to your Ethernet, do
you? :-), perhaps with ISDN's Caller Identification...
cFos
(older verions also here) is a piece of software that emulates a serial
modem (with AT commands and all) using the CAPI driver of your ISDN
card. It might be possible to use cFos and IPRoute together, but I have
no idea if it works. In that case, you will be using IPRoute's PPP
implementation. With the ISPA + IPRoute combination I described earlier,
ISPA's PPP implementation is used. A disadvantage of cFos might be that it
is less efficient than ISPA (cFos emulates a modem, and modems work
with one character at a time, while ISPA emulates a network card, and
network cards work with packets), but I'm not sure. The advantage of cFos
over ISPA is that cFos can be used for other communication programs too.
Most apps will work fine with IPRoute, without having to configure proxies.
However, the workstation machines will have to have dummy addresses
(e.g. 192.168.0.x) with WinGate, IPRoute and the other products I mentioned.
The problem is that if an application asks the machine it is running on what
its IP address is, it gets the dummy address. When this address is sent to a
remote side (say, for Internet telephony), that machine gets confused because
the packets it sends may not get back to you because of the fake address.
Certain applications transfer IP addresses or port numbers as part of their
data. This requires special treatment for address translation (packets must
be examined and addresses changed on the fly). So, if an apps doesn't work,
this could be the problem.
Most of the applications and their settings mentioned on the
Linux Masq Apps page
will work for IPRoute as well. You'll need to "translate" the ipfwadm
and/or ipautofw lines into corresponding IPRoute NAT lines, of course.
If you switch over from WinGate to IPRoute, make sure that you turn off the
proxy settings in your apps! :-) (For instance in Netscape, in
Network Preferences / Proxies, click on "No Proxies").
Here's a list of TCP/IP applications which are known to work with IPRoute or
WinGate, or not, or I just don't know because I haven't tried.
More recent information on which apps are supported by WinGate can be found
on the WinGate homepage.
If you have any additions/updates to this list, please mail me!
Of course, if you have the money you can always buy hardware such as an
3COM OfficeConnect
ISDN LAN Modem,
Ascend Pipeline or an ADC Kentrox Pacesetter. For instance, Bill Lutton writes:
The advantages of special hardware over IPRoute + ISPA are:
The disadvantages of special hardware over IPRoute + ISPA are:
If you are running OS/2, there's also
InJoy. It is a replacement
for the "Dial Other Internet Providers" program supplied with Warp.
InJoy supports IP
Masquerading, at the moment for 4 users but more than 4 are also
possible (at a higher price). In combination with cFos (see
paragraph above),
you can also run InJoy over an ISDN line. Click
here for information
on that, including examples. InJoy also does Dial on Demand.
The advantage of InJoy + cFos over IPRoute + ISPA is that you don't need
to sacrifice a dedicated machine. It is probably easier to configure too.
The disadvantage is that it is higher in price. Also don't forget that
the unregistered cFos doesn't support sync PPP over HDLC, which makes
it impossible to test InJoy + cFos with most Internet providers.
First read the part on how to set up IPRoute + ISPA and use the sample
configuration files included there. Now,
let's say your login ID is aladdin and your password is
sesame. And you're calling your ISP's Point Of Presence
(inbelpunt) in Amsterdam. (If you live in another part of the
country, just click on the name of the provider below, and you'll jump
to that provider's list op POPs). Change this according to your own account
info and location. I assume you want autodial and automatic disconnect after
240 idle seconds. Change ISP.BAT so that the correct settings for the Ethernet
card and the ISDN card (CAPI drivers) are used. You should then only have to
change one line in ISP.INI:
NLnet / UUNET: use synchronous
PPP over HDLC with PAP. NLnet also wants the login ID to be specified in a
rather strange way. NLnet claims they are the only ones in the Netherlands
who have no restrictions at all on the type of traffic.
Configure your workstation machines to use the Domain Name
Server (DNS) 193.67.237.6
Planet Internet:
use synchronous PPP over HDLC with CHAP. Planet Internet says they do not support VDOLive
and Cuseeme. I don't know if that means they will block such traffic.
Also, in most cases I could not reach servers running on my local network from
the outside (Internet), perhaps this inbound traffic is blocked because
of security reasons.
Configure your workstation machines to use the Domain Name
Server (DNS) 145.220.1.7
XS4ALL: use synchronous
PPP over HDLC with PAP. Seems to support B-channel bundling
so you get 128Kbps? Configure your workstation machines to use the Domain Name
Server (DNS) 194.109.6.66
Euronet: use synchronous
PPP over HDLC with PAP. Configure your workstation machines to use the Domain Name
Server (DNS) 194.134.5.5
Most of the information in this document comes from discussions with Dave
Mischler and Herbert Hanewinkel. Some parts on routing and proxy servers
were shamelessly stolen from the
FireDoor FAQ.
It seems to be copyrighted and I haven't asked permission to use it so don't
tell them anything :-). On the other hand, if you do, ask them to correct the
crap about security holes with IP Masquerading at the same time...
I would like to thank Herbert Hanewinkel for generously providing me
an ISPA registration key when the CIPA key turned out to be almost useless
because of a buggy driver. In return, this document was
written...
I'm a Computer Science student at the University of Amsterdam. If you want to
contact me:
If you email me and you get an "Unknown User" email message back, it could be
that my account has been cancelled because I graduaded (especially if you
are reading this months after the creation date of this document).
Use Alta Vista to find
my new email address. A couple of times I received
email from people who hadn't entered their return email address correctly,
so I couldn't email them back with help. Please check your return address
(especially if you're using a PC email client) or better yet, include
it in the body of your email message.
Specific products (IPRoute, WinGate etc.)
Due to licencing restrictions, the shareware version of IPRoute cannot be
distributed from www.mischler.com
anymore. You can still download it from
this location
though.
your gateway your workstations
+----------------------------+
| IPRoute (192.168.0.1) |
| $50 shareware |
| running DOS, 286+, 1 Mb+ |
+----------------------------+
| |
+-------------+ +-----------------+ +-------------+
| ISPA shim | | packet driver | | OS/2 Warp |
| shareware | | e.g. for NE2000 | |(192.168.0.3)|
| $30 | | (freeware) | +-------------+
+-------------+ +-----------------+ ||
| | || and others
+----------------+ +-----------------+ +-------------+ || running Linux,
| CAPI driver | | network card | | Windows 95 | || NT, Mac, etc.:
| (supplied with | | (e.g. NE2000) | |(192.168.0.2)| || 192.168.0.4,
| ISDN card) | +-----------------+ +-------------+ || 192.168.0.5,
+----------------+ || || || etc.
| #===============================================#
+-------------+ coax Ethernet cable
| ISDN card | Terminator Terminator
+-------------+
|
NT1 connector |
| | The workstations think they
*********************************** | are connected directly to
* The Internet (through your ISP) * <---+ the Internet...
***********************************
@echo off
\network\ne2000 0x61 10 0x300 <- Load packet driver for Ethernet card (in
cd \online-i this case an NE2000 on IRQ 10, port 300)
call starts0.bat <- Load the CAPI driver for your ISDN card
cd \network\ispa (in this case a Teles S0/16.3)
ispap ? 0x60 isp.ini <- If/when you have registered ISPA,
cd \network\iproute replace '?' with your registration key!
ipr isp.ipr (with '?' it will only work for 15 minutes).
ISP.INI (located in \NETWORK\ISPA)
# call with ISPAP.EXE
#
# global options:
#-u # Uncomment if you want only one active channel
-w # DOS activity display: on
-d # Disconnect on release: on
-m 145.220.128.13 # Dummy IP address for comm. with IPRoute
#
# because no IP-address is specified all packets (unicast and
# broadcast) are forwarded to the peer.
#
# for all other options the defaults are used
#
# REPLACE isphonenumber, myloginid, mypassword WITH YOUR INTERNET ACCOUNT INFO!
# -c is used here for CHAP authorization. Delete the -c if you need PAP.
# -p means: synchronous PPP over HDLC (which seems to be the
# most used protocol)
0.0.0.0 ispphonenumber -c -p -n myloginid,mypassword -o -r -t 240
ISP.IPR (located in \NETWORK\IPROUTE)
set log file out.txt
set log raw on
set log monitor on
; ISPA packet driver on 0x60. Use the dummy IP address for comm. with ISPA.
packet isdn0 0x60 145.220.128.13/24
; Route all packets to remote side of ISDN line (your ISP). The IP address
; used here doesn't seem to matter. You might just as well leave it this way.
route * isdn0 145.220.128.1
; Allow the following incoming connections
nat isdn0 tcp 192.168.0.2:80 145.220.128.13:80
nat isdn0 tcp 192.168.0.2:1376 145.220.128.13:1376
nat isdn0 tcp 192.168.0.2:21 145.220.128.13:21
nat isdn0 tcp 192.168.0.2:20 145.220.128.13:20
nat isdn0 udp 192.168.0.2:2213 145.220.128.13:2213
; Allow all outgoing connections
nat isdn0 * * 145.220.128.13
; Configure ethernet interface on network 192.168.0.0/2
packet en0 0x61 192.168.0.1/24
; Broadcast RIP routes on the ethernet
; Start a command interpreter on the console
command
exit
nat isdn0 * 192.168.0.2 145.220.128.13
So what I am doing is a bit of a hassle.
To register, send a check or money order for $50 US by postal mail to:
David F. Mischler
245 McNair Road
Buffalo, NY 14221
USA
For electronic fund transfers please use the following information:
Bank Name: Marine Midland Bank
Branch: Williamsville Office
Address: 5556 Main Street
Williamsville, NY 14221
USA
ABA Number: 021 001 088
Account Name: David F. Mischler
Account Number: 716-69843-9
Please ask that all fees associated with the transfer are paid in
advance. I have received several partial payments due to deducted fees.
The video and keyboard are really only required to get the router working.
Once the system is running cleanly, if your bios permits, you can remove the
keyboard and video to run the system in an embedded system mode. Shopping
in the used/surplus equipment market should give you one of these systems for
well under $300. Most companies using computers probably have one of these
machines lying in a closet somewhere. A hard drive is actually a detriment
to a router system because it increases the chances of the router failing
because of heat or a hardware problem. The only time to use a hard drive in
a router is when logging data locally is important and you expect a lot of
data.
filter sl0 drop out udp *:137 *:53
filter sl0 permit out * * *
filter en0 permit in * * *
The only pitfall we've come across so far is that the dos
box must have focus in order to dial out again after the
connection has been dropped due to idleness. I wrote
a small Visual C++ program to periodically
give the IPRoute dos box focus. This avoids the dial out problem altogether.
nat sl0 tcp 192.168.0.1:21 145.220.128.13:2021
nat sl0 tcp 192.168.0.1:23 145.220.128.13:2023
Other (faster) cables can also be used but these require faster parallel ports,
EPP or ECP. Download
PARA14.ZIP for an excellent tool which allows you to determine what
parallel port you have (believe me, this one is better than CheckIt or MSD).
The docs also discuss the standards which exist for parallel ports.
It should be possible to hook up a DOS machine via the parallel port to
a Windows 95 machine which has a connection to the Internet or whatever.
Run PLIP.COM and WINPKT.COM from the AUTOEXEC.BAT, use NDIS3PKT so that
IPRoute has access to the network card, run IPRoute in a Windows 95 DOS box.
Create config file for IPRoute with entries for both packet drivers and
let it route from the parallel port to the network card.
> - What's the minimum machine needed for routing from 5-10 machines
> to an ISDN line?
I don't know. A 16 MHz 286 might be enough. A 33 MHz 386 is almost
certainly enough (unless the card and driver combincation is very bad).
I haven't used it (I guess I'm biased :-). I hear that it works OK,
but that you can't pass connections inward to machines on the
privately numbered network.
Which applications will/won't work?
Alternatives for IPRoute + ISPA
I have a setup that I just put together for evaluation that seems
to work pretty well for me, here is the recipe:
- old 486/66 w/8MB & 130MB (overkill) ($0 personal surplus)
- a TC200-S6 460K serial card ($29 from www.byterunner.com)
- an NE2000 LAN card ($30 from datacomm warehouse)
- a Zyxel 2864iu external TA ($?)
- IPRoute router software ($50 from this site)
This system does "dial on demand" and call dropping after a configuable
amount of time for my 3 PC network. The Zyxel TA does utilization sensitive
adding/dropping of the 2nd B channel. Total time to bring up the link (call
establishment & ppp negotiation) is ~2.5 sec. FTP downloads run at 15200+
KBytes/sec. Ping times are about 40ms. I've only been running it for a few
days but it already compares very favorably to my ~$1000 Ascend P75. The P75
connects in ~2.0 sec and is configuable over the LAN, but doesn't do NAT.
0.0.0.0 0206638251 -p -naladdin@inter.nl.net,sesame -o -r -t 240
0.0.0.0 0206933004 -c -p -naladdin,sesame -o -r -t 240
0.0.0.0 0204229700 -p -naladdin,sesame -o -r -t 240
0.0.0.0 0204274330 -p -naladdin,sesame -o -r -t 240
Jacco de Leeuw
J.C. van Wessemstraat 54
1501 VM Zaandam
The Netherlands
Internet: leeuw@wins.uva.nl
WWW homepage: http://jacco.home.ml.org
Fidonet: