Sharing Resources on Your Network

In the previous article, you saw how to create a basic network configuration for sharing resources, including folders, printers, and an Internet connection. This article discusses how to share and unshare resources manually. So if you set up your network and connected it to the Internet in the previous article, and everything is fine, you can probably ignore this article for now. But if you need or want to perform some manual configuration, here’s what this article contains: First, it shows you how to share your Internet connection and how to use an Internet connection that another computer is sharing. Next, it moves on to sharing printers connected to your computer and using printers shared by other computers, mapping a drive by using the net use command, and configuring network components manually. It ends by discussing how to bridge two networks together or merge them into a single network.

Connecting Your Network to the Internet

If you have a home network that you haven’t yet connected to the Internet, you’ll probably want to connect it to the Internet through a shared Internet connection so that each of the computers can send e-mail, browse the Web, and enjoy instant messaging and the other delights of the wired. This section discusses the pros and cons of connecting your network to the Internet, ways of doing so, and considerations to keep in mind. As you’ll see, you need to answer several questions, and the answers to the questions are related. The next section discusses how to implement Windows’s Internet Connection Sharing ICS feature, should you choose that as your way of connecting your network to the Internet.

Should You Connect Your Network to the Internet?

Instead of connecting the whole network through a single Internet connection, you can let individual computers connect through their own Internet connections. Doing so has the following advantages:

• If you can access the Internet only via dial-up, and you have multiple phone lines, you may prefer to have each computer connect separately so that each computer can enjoy as fast a connection speed as possible. Sharing, say, a 29.6Kbps connection among three or four computers will be no fun for anyone. Alternatively, you can establish a multilink connection and share that connection- if your Internet service provider, or ISP, supports multilink.

• Each computer that connects directly to the Internet can run programs that have difficulty running via a shared connection protected with a firewall- for example, some games.

• You can restrict use of the Internet to those computers that have a direct connection. Having computers connect to the Internet individually has the following disadvantages:

• If the computers are trying to connect to the Internet by using the same phone line, only one will be able to connect at a time. If the computers are using separate phone lines, you’ll need to pay for those phone lines. You’ll probably also have to pay for multiple ISP accounts rather than just one account.

• Having more computers connect to the Internet increases the number of points at which your network can be attacked. Article 29 discusses how to secure your network, but reducing the number of attack points is a good start.

Should You Use Multiple IP Addresses or NAT?

If you do decide to connect your network to the Internet, your next decision is whether to use multiple public IP addresses- one for each computer on your network that connects to the Internet- or a single IP address with Network Address Translation NAT.

the differences between public and private IP addresses.

Multiple IP Addresses

Whether you can use multiple IP addresses depends on your connection. Typically, in order to use multiple IP addresses, you’ll need an always-on connection such as a DSL or a cable connection that can be assigned a fixed IP address. You’ll need to request routed Internet service from your ISP, who will assign you the appropriate number of fixed IP addresses. Some ISPs will provide a handful of IP addresses for the same price as your regular connection, whereas others consider supplying multiple IP addresses to be “business” service rather than “residential service” which gets a single IP address and charge accordingly. Routed Internet service has a couple of advantages over NAT. First, because with routed Internet service each computer has a public IP address, all features in all Internet programs should work on each computer, because the computer is directly accessible from the Internet. Second, you can publish the IP address or the name of any given computer so that people can connect directly to it. If you get your ISP to implement what’s called inverse DNS for your domain name, you can also allow people on the Internet to look up the name of your computer. DNS is the abbreviation for Domain Name Service, the service that translates URLs, such as http://www.wiley.com, into IP addresses, such as 208.215.179.146. The disadvantages to routed Internet service are that it’ll almost invariably cost you more than sharing an Internet connection using NAT and that it increases your exposure to security threats, because you’ll need to protect each of the computers on the network against direct attack via the Internet. If you use inverse DNS, any website you access will be able to tell the name of the computer that accessed it, whereas when you access a website via NAT, the website can tell only the IP address of the computer or device running NAT. Over software NAT devices as opposed to hardware NAT devices, routed Internet service has another advantage: Because the service is implemented via a hardware device, you don’t need to leave a host computer running the whole time you want any computer on the network to be able to access the Internet.

Network Address Translation

In most cases, you’ll do better to use Network Address Translation NAT for a network based on computers running Windows Vista Home. Network Address Translation, which is also known as IP masquerading particularly in the Linux world, lets multiple computers connect through a single Internet connection using a single public IP address. So if you have an Internet connection on one of your PCs, you can easily share it with the other computers on the network. This sharing is more appealing for a high-speed connection than for a modest dial-up connection, but it works just as well for either. But there are a couple of catches, as you’ll see later in this section. The NAT host acts as an intermediary between the client the PC connected to the network and the server the Internet server that is supplying information. Basically, NAT receives any packets sent by the client to destinations not on the local network, changes the source IP address on the packets so that they appear to come from the NAT host rather than from the client, assigns a source port to them that lets itself track reply packets, and sends the packets on to the destination. When the replies come back, NAT matches them to the original packets and forwards them to the client. In NAT, the identity of the client submitting a request is hidden: Instead, the request appears to come from the host. This can be good and bad. NAT gives you more freedom in the IP addresses you assign within the network. Typically, you’ll want to use nonroutable internal IP addresses within the network so that incoming packets can reach a computer only through the router, which gives you some protection against attacks. On the bad side, if someone on your network takes some illegal or offensive action for example, posting libelous comments or downloading unsuitable material, the culprit will appear to be the host rather than the individual concerned. If you had multiple IP addresses, only the specific IP address involved would appear to be guilty. As mentioned earlier, you need only one ISP account and one IP address either static or dynamic to connect your network to the Internet via NAT. This usually makes NAT the most economical option for connecting a network to the Internet.

If you regularly have a half-dozen users using a broadband connection that’s supposedly limited to a single user, your ISP will probably suspect that you have multiple users connected, but all the traffic will be coming from the single IP address they’ve assigned to you. Unless you’re actually violating any terms of service you’ve subscribed to, the chances that they’ll pull the plug on your connection are low. Most ISPs now expect a residential account to have multiple PCs connected, so this is less of a problem than it used to be. The main disadvantage of NAT is that not every program works across NAT, depending on the NAT device used and on the needs of the program. Problems are most likely to arise when a computer connected to the Internet through your NAT device is trying to connect to a computer that itself connects to the Internet through another NAT device. What usually happens with NAT is one of the computers inside the network originates the conversation with a computer on the Internet. This shows two simple home networks, named West Network and East Network. Each network contains a computer that’s connected to the Internet West 1 and East 1 and running NAT so that it can provide Internet connectivity to the two other computers in its network West 2, West 3, East 2, and East 3. So far, so good. Now, here’s the problem that used to occur with NAT. The computers that connect through the NAT devices have only internal IP addresses. That means they can originate a conversation with a computer on the Internet, but they can’t take part in a conversation originated from beyond their NAT devices. For example, West 2 can access the Sybex web server with no problem. It sends its request to the NAT router on West 1, which recognizes that the address is on the Internet, and forwards the request out through its external connection. The Sybex web server responds to the request and sends back a response to West 1. The NAT router receives this response, matches it to the outgoing request, and passes the data on to West 2. And so it continues: West 2 and the other internal computers can access Internet sites provided that it starts the conversation. But if West 3 wants to start a conversation with East 2, it can’t, because it can’t see East 2 through the NAT router on East 1. It can get as far as East 1, because that computer has an external IP address. But the computers beyond the NAT router are hidden from view. So other computers can’t access those computers directly. There are various workarounds for this problem, including the following:

• Both computers can sign into an online service that enables them to connect with each other. For example, if each computer establishes a connection to a chat service, neither computer needs to contact the other through the NAT device.

• The computer behind the NAT device can start the conversation. This workaround works when only one of the computers is behind a NAT device, and you’re able to start the conversation from that computer rather than from the other computer.

• ICS lets you communicate across two NAT routers. This workaround is handy if you’re using ICS as your NAT device, but if you’re using a hardware NAT device, it doesn’t help.

• You can configure your NAT device to forward all packets directed to a specified port to a particular internal IP address on the LAN. For example, you tell the NAT device to pass all incoming Half-Life packets along to your games PC and all incoming web-page requests to your web server.

Should the Connection Connect Automatically to the Internet?

If you do decide to connect your network to the Internet, and your means of connection is a dial-up connection rather than an always-on connection, your next decision is whether to have the connection be established automatically whenever one of the computers on the network tries to access the Internet or whether to require the connection to be established manually. Because having the connection established automatically is by far the most convenient arrangement for most networks, you’ll probably want to connect automatically unless you have a good rea son not to. Such reasons include the following:

• You want to restrict Internet usage to certain times of day for whatever reason for example, to avoid per-minute charges in the daytime, or to make sure that your children do their homework and don’t spend the night online.

• Your dial-up connection shares your voice line, and you want to prevent the Internet connection from interrupting your voice calls.

• You want to make sure that no program is able to “call home” by establishing an Internet connection of its own accord. Many Trojan-horse programs and viruses do this, but many other programs may be configured to automatically establish a connection. For example, Windows Messenger and other instant-messaging programs are often set by default to sign you in as soon as you log on to Windows. If your network isn’t connected to the Internet at the time, these programs establish the connection. A dial-up modem connection tends to be the least satisfactory way of connecting a network to the Internet, because the time needed to establish a connection makes for a poor user experience on one of the networked computers. Because the user probably won’t be able to hear the modem dialing as the computer sharing the modem tries to set up the connection at their demand, the connection will seem not to be working. So if you have a flat-rate dial-up connection, you may want to set it to redial automatically when the connection is dropped so as to keep the connection open as much of the time as possible. To do so, display the Options page of the Properties dialog box for the connection, select the Redial if Line Is Dropped check box, choose Never in the Idle Time Before Hanging Up drop-down list, and reduce the time specified in the Time Between Redial Attempts drop-down list to a sensibly small value.