VOICE Home Page: http://www.os2voice.org
[Newsletter Index]
[Previous Page] [Next Page]
[Feature Index]
|
VOICE Home Page: http://www.os2voice.org |
October 2002
[Newsletter Index]
|
| By Michael W. Cocke © October 2002 |
Part 1: In which we attempt to prove that 2 tin cans and a string was a good idea.
This is NOT a technical step-by-step instruction manual - this is an overview, with assorted advice and some tips and pointers. You are assumed to be familiar with MPTS and TCP/IP.
First, you'll need a broadband, static address, connection to the internet. I use an aDSL line (384K up/768K down). WARNING: Allow me to relate my own experiences in getting this line, as a warning to those who follow.
First, find a company that will sell you a static IP xDSL line. That was good for a 2 week search, all by itself. A static IP line is typically a business service, and what the vendors are usually set up to provide you with is a wire with an IP address. That's it.Ok - Now you should have a static IP address, broadband internet connection. Whoopee.After you manage to find a vendor, you will have to endure the installation process. Mine went like this. (Real company names are used - this really happened, and if you work for one of the mentioned companies, you don't have any legal recourse.)
WebmasterUSA sold me the service and gave me an installation date. A few weeks later, they gave me a different installation date. A week later, they gave me a different installation date. I told them, in no uncertain terms, that they had better install the thing when they said they were going to, or I would find a new vendor. Ok. The installation date came... and went. I called WebmasterUSA. They gave me a phone number at Bell Atlantic (now Verizon) and wished me luck. Thanks folks.
I called Bell Atlantic. They said the work order had been completed. I pointed out that, no, it had not. Three days of phone tag with people at Bell Atlantic passed.... and I got someone at Bell to admit that, no, the work had not been completed. They sent out a technician (a week later) who was actually quite good.
Next, I had to get Covad out there to finish the thing. I want to say this quite clearly - Covad was the only company that showed up when they said they would, and did what they were supposed to do, without my having to beat them up. Bell Atlantic got a little confused, but after I straightened that out, they also performed well. WebmasterUSA, who I paid, and who was supposed to handle this whole process for me, was completely useless. All they managed to do was collect my money (they were VERY efficient about that).
What you'll need next is a computer. I recommend a Pentium II 400 Mhz or better, with 256Mb of RAM and at least 8 Gb of hard drive space. More of everything is a good idea. Here's where it gets tricky. You're also going to need two separate network cards (NICs). I recommend using two different models for reasons which will become apparent below. Personally, I use a 3Com 3C509 and a 3Com 3C900.
This machine is running Warp Server for e-Business (WSeB) here, although it is technically possible to do it on Warp 4 or eCS. The reason I use WSeB is for the 386HPFS file system. Speed is going to be important.
Get TCP/IP bound to the network card that has your connection to the internet. This is where it's a good idea to have used two different NICs. If you used two of the same NIC, you're going to have some fun working out which NIC is on which network. You'll probably need to contact tech support at your ISP (again) to get the DNS addresses and gateway address. Don't take "Just install windows" for an answer, keep working until you get a senior tech who knows something. The information is out there. In fact, remember that statement - it will become your mantra.
Ok - assuming that you can now ping yahoo.com (or anything, really) AND GET A CONNECT, it's time for more fun. If you cannot manage this, do NOT proceed - it is infinitely easier to troubleshoot one thing at a time, rather than set everything up and then try to figure out which part is busted.
The other NIC is going to connect your gateway machine to the rest of your intranet. Back to MPTS, and this time you'll need to bind TCP/IP and NETBIOS (if you're using Warp Peer to communicate on your intranet) to the other NIC. I'll mention something now that took me a day to figure out - use the 192.168.xxx.xxx address range for your intranet. The gateway system (here) is 192.168.0.1, the file server is 192.168.0.2, and so on. Again, get two machines working first, then expand. Remember, ping is your friend. If you can get a return from ping, you're doing well - other things will follow. I should also mention that netmask should be 255.255.255.0 everywhere on your intranet.
Let me mention one thing that may be an issue; I have heard (but not personally tested) that the first network adapter listed in MPTS will have NETBEUI bound to it, whether you want it to or not. My suggestion is to play it safe - make your first NIC the one for your intranet - you do NOT want a NETBEUI connection exposed to the internet!
Now, assuming that you've got two TCP/IP networks going, internet and intranet, it's time to get them connected. Run, do not walk, to F/X Communications and purchase the Injoy Firewall. Think carefully about the available options - I recommend the SOHO Professional package, with IPSEC and NAT. Yes, it's not cheap, but it works VERY well, and it does things that the hardware firewalls cannot do.
Now, print the WHOLE manual for the firewall and read it. I'll wait.
Ok - set the firewall up as you want it. At this point, don't get cute with filters and port redirections. Do that stuff later, after you've got something that works to test with.
Now, let me mention one MORE thing to watch out for. The firewall manual warns against running MPTS if the firewall device driver is installed. They don't warn nearly loudly enough. DO NOT DO THIS. If you do, you will mess up protocol.ini and a few other things up, and you will wish that you had listened. No one in their right mind wants to manually edit the protocol.ini file. If you don't believe me, go look at it. Understand it? No, neither does anyone else.
Ok - if you read the manual for the firewall, you should have everything working
to this point. A ping from one system will return from another, and all systems
should be able to ping yahoo.com (or whatever).
References:
|
Mike's Notebook - http://www.catherders.com/mwcexp.shtml web site contains an assortment of frequently updated articles and tips for OS/2 users.
[Feature Index]
editor@os2voice.org
[Previous Page] [Newsletter Index] [Next Page]
VOICE Home Page: http://www.os2voice.org