All the Graphics
Internet Sharing Solutions (Part 3)|
By Thiravudh Khoman
I hadn't planned on writing a Part 3 on this subject after covering the WebRamp in Part 1 and the AnalogX proxy server in Part 2. Purely by accident, I came across a program which offered an attractive halfway solution between the WebRamp and the AnalogX proxy. Consider it an accidental conception, which gave birth to Part 3 (and Part 4 too, actually).
While browsing Winfiles.Com's (https://www.winfiles.com) 1999 Shareware Awards, I happened to come across a program called "WinRoute Pro" (hereafter "WRP") from a company called Tiny Software (https://www.tinysoftware.com). Like both the WebRamp and the AnalogX proxy, WRP's primary function is to provide internet access to multiple users on a local area network. But unlike the two, it comes bundled with a host of server apps (proxy server, DNS forwarding, POP3/SMTP mail servers, DHCP server, firewall, etc.). Furthermore, it can function in non-proxy mode as a software router using something called "Network Address Translation" (NAT).
As was noted in Part 2, numerous "proxy"-type programs exist out there. Most of these are shareware and contain much more functionality than AnalogX (and of course, cost more). WinRoute is representative of these programs, although its support for NAT puts it into a slightly more "interesting" category.
WinRoute Pro (the current version being 4.1) runs under Windows 9x and NT. It's a fairly small 700k download from Tiny Software's website. You're allowed to try it out for 30 days before the fully functional evaluation expires. While you're there, I suggest you download the user's guide as well which is another 1.8mb.
As in the case of AnalogX, the "host" computer running WRP should have a fixed IP address, which is 192.168.1.6 in my case. The client computers can have IP addresses automatically assigned if you run WinRoute's DHCP server (a DHCP server distributes IP addresses on a network), although they will also work fine with fixed IP's. Also, make sure you have Dial-Up Networking (DUN) installed, configured and tested. WinRoute will need to use a DUN to dial out later.
Program installation takes less than 30 seconds. After rebooting, run the WinRoute Engine Monitor from the "WinRoute Pro" entry under the start menu and a blue icon with 4 white arrows (the usual symbol for a router) will then appear in the system tray. Right-click this, select "Startup Preferences", then make sure both "Auto run WinRoute Engine at startup" and "Launch WinRoute Engine Monitor on startup" are both checked (figure 1).
Right-click the router icon again and this time select "WinRoute Administration". A logon screen will appear asking you to enter a username and password. Simply accept the "admin" username and press enter since there is no default password at this time.
The first thing you have to do is to set up the telephone to dial out. Although WRP works with a variety of connection types - telephone line, cable modem, xDSL, satellite, leased line, etc. - presumably, most people will probably use a telephone line to connect with the internet. Click "Settings" and then "Interface Table". You should see two "interfaces" here: a network card and a RAS device ("RAS" is Windows NT's equivalent of Win 9x's "DUN"). Choose the RAS device, click on "Properties", and then choose the "RAS" tab. In the "RAS Entry" field, choose the name of a DUN which you have already created, and then enter the username and password for that DUN (WRP doesn't automatically read the name/password saved in the DUN) (figure 2).
Next, choose how you want WRP to connect. Normally, you will either have it dial "on demand" (i.e. whenever there is a request from any client PC to access the internet) or dial it "manually". I've set it to dial on demand. Next, choose how long the line can be inactive before WRP disconnects the line. The default is 10 minutes but I'd set this a bit higher - after all, local calls aren't free in Thailand. I set mine to 30 minutes. I've left the "Redial if busy" and "Redial on failure" at their default values.
At this stage, if your client PC is hard-coded with: a) a fixed IP address, b) a gateway address (the IP address of the WRP host in our case), and c) the addresses of the DNS servers of the ISP that WRP will dial into, you can start using internet applications such as web browsers or email clients with little configuration. From any client PC, load Netscape for example, and ask to see Yahoo!'s home page. The modem in the WRP host PC will start dialing and take you to Yahoo! after it connects.
Information a), b), c) are needed partly because we're running in NAT mode (i.e. WRP is acting as a software "router" as opposed to a proxy server) and partly because we don't have a DHCP server up and running yet. We'll do that next.
As mentioned above, the role of a DHCP server is to automatically distribute IP addresses to client PC's. Actually, it does more. But first let's look at the case of a regular DUN connection. Whenever you dial into your ISP, what happens is that your ISP provides you with 3 pieces of information: a) a real but temporary IP address, b) a gateway address which is the same as your temporary IP address, and c) the addresses of its DNS servers.
To see what these numbers look like, go to DOS and type: ipconfig (note: Windows 95 may not have ipconfig; if so, run winipcfg from Windows instead). On my WRP PC after I've dialed a DUN, this is what I get:
Subnet Mask . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . : 220.127.116.11
Subnet Mask . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . :
The "0 Ethernet adapter" is actually my dial-up adapter and all the information you see here was provided by the ISP. "1 Ethernet adapter" is my LAN card and I entered all this information myself.
Now, we're going to make the WRP PC a DHCP server and have it distribute similar information to the client PC's on our LAN. Go to "WinRoute Administration" again, click "Settings" and then choose "DHCP server". Place a check mark in front of "DHCP server enabled" and then click the "New Scope" button at the bottom. You are now being asked to provide a range of IP addresses to be distributed by WRP's DHCP server.
Each computer which operates on the internet must have a unique IP address. Unless you've registered for real IP addresses of your own, you'll have to get real IP address from your ISP. On dial-up connections, ISP's automatically provide these on a temporary basis. In the case of a local area network, it is traditional to assign "non-routable" IP addresses to the client PC's - only a gateway device would have a real IP address. Such is the case with WRP. WRP will be given a "real" but temporary IP address assigned to its dial-up adapter and will have a '"private" IP address assigned to its LAN card, as will all the other client PC's.
There are 3 ranges of IP addresses which have been reserved for internal or "private" use. These are:
172.16.0.0. thru 172.16.255.255 A "Class B" address
192.168.0.0 thru 192.168.255.255 A "Class C" address
Data packets which originate from any of these IP addresses will never be forwarded by any router on the internet. This makes them "safe" IP addresses as they will never exist on the real internet, and therefore, never bump into another computer with the same address.
My network at home already has a number of hard-coded IP addresses. Therefore, in WRP's DHCP server administration, I chose to use an IP range of 192.168.1.10 through 192.168.1.254 and accept the netmask of 255.255.255.0. (Note: Avoid using any address that ends in 0 or 255). This gives me 9 addresses from 192.168.1.1 through 192.168.1.9 for "hard-coding" (figure 3).
Next, in the "Options" section, check "Default Gateway" and give it the address 192.168.1.6 (the WRP host), and then check "DNS server" and also set it to 192.168.1.6. All of this information will now be provided to any client PC that attempts to "obtain an IP address automatically" from WRP's DHCP server.
Knowledgeable people will no doubt ask why I'm using 192.168.1.6 as my DNS server. Before I answer this, let's do one more thing. Under "Settings", go to "DNS Forwarder", and put a check mark in front of "Enable DNS forwarding" and accept all the other defaults (figure 4).
So, what's a DNS server? A DNS server translates a name like yahoo.com to a numerical IP address like 18.104.22.168 (I got this by going to DOS and typing: ping yahoo.com). Whenever you dial into an ISP, the ISP will inform your PC what DNS servers to use (they always come in pairs).
To answer the previous question, the reason why I set the DNS server to the IP address of the WRP host is because WRP has a feature which allows a DNS request to be forwarded from a client to the WRP host to the DNS servers of the ISP. This saves us from having to enter in fixed DNS server addresses at WRP or at the client PC's. But additionally, by forcing client PC's to go through WRP, "DNS resolutions" may now take place at the WRP PC instead of at the ISP if DNS caching is enabled and the requested name already exists in WRP's cache. This can speed things up. We'll discuss WRP's proxy server and caching in the next section.
In light of all the changes we've made so far, it's a good idea to stop the WinRoute Engine and restart it. While you're at it, reboot a client PC and then run ipconfig from DOS (or winipcfg from Windows). You should see that the WRP DHCP has done its job and the client's IP address and gateway are set to the range/values we had defined in WinRoute administration. Next, load up Netscape and try browsing again. The difference here is that you didn't have to manually set any TCP/IP values before you could starting browsing. By the way, we're still running in NAT mode - but not for long.
Caching Proxy Server
In my opinion, WRP's caching proxy server is its best feature. To configure this, log into WinRoute Administration, click "Settings" and then "Proxy Server". Then do the following:
That's it - click "Apply" and you're done. Although more finetuning can be done, we'll leave that to the experts. Hint: Read the user's guide carefully before making additional changes.
Having done all that work, what does the proxy server provide? At its most basic level, the proxy server sits between the WRP's RAS device and the rest of the network, handling requests between the client PC's and the internet. In short, it allows multiple clients on the network to access the internet. This is similar to running in NAT mode, except that the proxy adds a few more features.
First, it "caches" or saves web pages requested by clients in a cache file which it manages. If a client PC were to ask for www.yahoo.com, WRP's proxy server would retrieve that page for the client, and also save it on the hard disk and in RAM on the WRP host. If someone else were to visit Yahoo! soon after, WRP could retrieve the Yahoo! page from its cache rather than from Yahoo! proper. Clearly, retrieving a web page from memory or from a hard disk on a LAN is much, much faster than getting it from the internet (or even from an ISP's own proxy server). This allows a WRP host with a single modem to service many users efficiently.
Of course, most browsers come with their own memory and disk caches. The advantage of WRP's cache is that it can be shared among multiple users and different browsers. Also, it's managed more intelligently than the built-in browser caches.
There are limitations to WRP's caching which should be understood. Not everything lives in the cache forever. Some web pages have "expiry" dates and if an expired web page were requested, the proxy server has to retrieve the page from the internet again even if it exists in the cache. With a bit of finetuning, WRP allows you to ignore such "expiry" tags, thus giving you perhaps an older page very fast, but also forcing clients to do a manual "refresh" or "reload" from their browsers (doing a refresh always forces retrieval from the internet). The other limitation of a caching proxy is that it does not cache everything. For example, web pages which result from CGI or Perl scripts won't cache nor will large files downloaded from ftp. The latter, however, can be tweaked as can many other cache settings.
The second benefit of the proxy server, at least from an administrative standpoint, is that you can control access to the internet; in short, you could prevent clients from going to specifc web sites. For example, to spare your users from self-serving propaganda, one could prevent access to https://www.whitehouse.gov, or even https://www.*.gov (i.e. all WWW sites ending in .gov). WRP provides a back door though, and can allow access to such sites to select persons or groups of people. I'll go into further detail on how to limit internet access in Part 4 of this series.
Time to test drive the real thing. But first we need a benchmark. go to a client PC and load Netscape. Now let's clear everything out of the memory and disk caches in order to get a nice clean Netscape. Click "Edit", "Preferences", "Advanced", "Cache" and press the "Clear memory cache" and "Clear disk cache" buttons. Now, grab a watch/clock and start timing this. Load https://www.sanook.com and while it's loading feel free to curse sanook.com's proprietors for building a home page with 70-80 objects on it. When you're finished, see how much time it took. It took me 90 seconds.
Now, let's see how well the WRP cache works. But first we need to make a small change to force Netscape to use the proxy server. Click "Edit", "Preferences", "Advanced", "Proxies", "Manual Proxy Configuration" and "View". In the fields next to "HTTP:", "Security:" and "FTP:" enter "192.168.1.6" as the address and "3128" as the port #. What we've done here is to inform Netscape where the regular and secure http (web browsing) and ftp (file transfer) proxies are located (being the WRP host PC).
Now, let's load sanook.com again - twice in fact. The last time we accessed sanook.com, we ran in NAT mode and thereore, the pages didn't get loaded into the cache. So load https://www.sanook.com again and let's ignore how long it takes. As the page is being transferred to you, the proxy server is busy saving parts of the page into its cache (not everything on sanook.com can be cached, however). When you're finished, go to Netscape's settings and clear the memory and disk caches again. Now, load https://www.sanook.com a third time. This time the pages should be retrieved from the cache. Did you notice how much quicker it took to load? My time was 5 seconds. Need I say more?
Observations and Comparisons
Here's what I've found based on a few tests:
I should emphasize that my testing of WRP was done with fast host and client PC's as detailed in Configuration #1 above. It was also done late at night when ISP congestion was minimal. This perhaps explains why my benchmarks are so good. During this write-up, I also tried WRP in a less ideal environment, with Configurations #2 and #3 and the tests performed during the peak mid-afternoon internet rush hour. If you recall, it took me 90 and 5 seconds to load sanook.com uncached and cached. This was at home (Configuration #1). In the less ideal environment (Configuration #2), these figures were 7 mins and 30 seconds respectively. Quite a difference.
The differences in modem speeds and ISP congestion of course had a major effect, but then so did the relative capabilities of the WRP host. AnalogX is probably better suited to running on less powerful computers because it does so much less work and perhaps even outperforms WRP when accessing first-time sites. WRP, especially with the cache enabled, does a lot of work and probably suffers with older hardware. I wonder if people already accustomed to AnalogX feel the slower first-time accesses are offset by the speedier subsequent accesses. We'll see.
WRP has a lot more features that I won't be getting into, partly because I'm not very familar with them yet and partly because it's not my intention to write a book on WRP. I've planned a Part 4 which focuses on limiting access to WRP, something possibly necessary in large organizations.
The above caveats notwithstanding, I'm quite impressed with WRP. Its caching feature is great and its control and administrative features are very useful. Look deeper and you can see real power hiding underneath. What's NOT so terrific is its price. WRP sells for US$200 for 5 users, US$389 for 10 users, US$529 for 25 users, and US$699 for unlimited users. This is fairly expensive and its unlimited version costs almost as much as a WebRamp, a piece of hardware. While cheaper Home/Lite versions of WinRoute exist, they're lacking some key features and I'm loathe to recommend them when you can use something like AnalogX for free.