Hubs,Switches,Routers,Software Settings?

[jtravis]

I have 3 machines running XP Pro SP2 connected to the net
thru a hub so all 3 will have a separate IP. I use a hub
so we can play online games together, which a router will
interfere with as most game zones will not allow more than
one client per IP address. This works great for that
respect, but, when connected to the internet the machines
cannot see each other. Unplugging the modem solves this
problem, the machines can now see each other but alas!
no internet connection. How can I setup my network so all
machines can see each other and still have separate access
to the net?

 

[Ron Lowe]

I have 3 machines running XP Pro SP2 connected to the net
thru a hub so all 3 will have a separate IP. I use a hub
so we can play online games together, which a router will
interfere with as most game zones will not allow more than
one client per IP address. This works great for that
respect, but, when connected to the internet the machines
cannot see each other. Unplugging the modem solves this
problem, the machines can now see each other but alas!
no internet connection. How can I setup my network so all
machines can see each other and still have separate access
to the net?

There's not a simple answer to your question.
There are a couple of possibilities.

First, and simplest:
Use the hub, have each machine pick up an IP address of its own.
Install a second protocol ( IPX ) for local F+P sharing.
Un-bind F+P sharing from TCP/IP, and have it bound to only IPX.

Second, and more complex:
( This is what I use.. )

For all your machines to have both:
-public IP addresses ( no-NAT connections to the Internet );
AND
-be in the same local subnet...

Then you really need a routed subnet from your ISP.
Then you get a set of 16 or more public IP addresses in a continuous range.
Then the machines all have full no-NAT IP conectivity, but also have a loacl
subnet for F+P sharing etc.
You need to know how to set up a router to do this.
This is fairly unusual for domestic configurations.
Your ISP may not offer this option.
Be sure to have good firewalling!

 

[Guest]

-----Original Message-----



There's not a simple answer to your question.
There are a couple of possibilities.

First, and simplest:
Use the hub, have each machine pick up an IP address of its own.
Install a second protocol ( IPX ) for local F+P sharing.
Un-bind F+P sharing from TCP/IP, and have it bound to only IPX.

Second, and more complex:
( This is what I use.. )

For all your machines to have both:
-public IP addresses ( no-NAT connections to the Internet );
AND
-be in the same local subnet...

Then you really need a routed subnet from your ISP.
Then you get a set of 16 or more public IP addresses in a continuous range.
Then the machines all have full no-NAT IP conectivity, but also have a loacl
subnet for F+P sharing etc.
You need to know how to set up a router to do this.
This is fairly unusual for domestic configurations.
Your ISP may not offer this option.
Be sure to have good firewalling!

The first option I cant get to work and the second one is
unavailable.

Is there a hardware solution such as having 2 routers, one
on each of the gaming machines and all three going thru
the hub. The third machine I use as a server and wont
conflict anyway.

 

[Ron Lowe]

The first option I cant get to work and the second one is

unavailable.

Is there a hardware solution such as having 2 routers, one
on each of the gaming machines and all three going thru
the hub. The third machine I use as a server and wont
conflict anyway.

My advice would be to * make* the first option work
It *does* work, and can be *made* to work.

< this long pause intentional. >






There may be other ways, though.

What *might* work ( and I've not tried this )...
would be to multi-home the machines.
Is that what you suggested?

Put 2 LAN cards in each, one connected to the router, getting a public IP,
for internet access;
and one to the hub set with a static 192.168.0.x IP for LAN access.

I've never tried this.
You'd probably need to mess with the bindings to ensure F+P sharing uses
only the local LAN.
You might also want to use LMHOSTS and HOSTS to force name resolution of
local machines to use the local IP addresses.

It may also be possible to do the same with only one LAN card in each.
We're in seriously uncharted water here.
Be aware this is something I'm posting with severe reservations.
Only consider this if you feel competent enough to fix things if they get
broken.
If you're not happy with registry editing, then this is not for you.
Please don't try this if you don't understand what I'm talking about.

It's possible ( but un-supported ) to assign both a static and DHCP IP
address to a singleLAN adapter.
Google on how to do this, it requires a regedit.

Let the machines get one IP address by DHCP for Internet access.
Statically assign a 192.168.0.x address for LAN.
Force name resolution for local machines to the 192.168.0.x subnet using
hosts and lmhosts.

 

[Hans-Georg Michna]

It may also be possible to do the same with only one LAN card in each.
We're in seriously uncharted water here.

Ron,

interesting problem though. You'd want a switch, not a hub, to
prevent internal traffic reaching the cable network. And I'm not
sure whether broadcast packets would slip out. It may depend on
how well the cable modem filters, i.e. has router functions.

But I have very little experience with this. I once ran a PPPoE
connection over the same switch as the LAN, and it appeared to
work well, but it's again a different matter, and I still can't
be sure whether broadcasts got out.

The clean method is definitely to have two network adapters in
each computer and thus have a physically separate Local Area
Network (LAN).

With well-working firewalls and carefully set-up security (long
passwords, etc.) one could also contemplate letting the LAN
connections run through the Internet, but that's inherently
somewhat unsafe and may also be slow. The traffic would probably
not leave the ISP and even within the ISP would probably only go
through the first router (test that using tracert), so it may
not be as unsafe as one first thinks, but I definitely would
never recommend this to newcomers to networking.

Hans-Georg

 

[Ron Lowe]

With well-working firewalls and carefully set-up security (long
passwords, etc.) one could also contemplate letting the LAN
connections run through the Internet, but that's inherently
somewhat unsafe and may also be slow. The traffic would probably
not leave the ISP and even within the ISP would probably only go
through the first router (test that using tracert), so it may
not be as unsafe as one first thinks, but I definitely would
never recommend this to newcomers to networking.

Hans-Georg

An edgeless network has more than security problems.
You'll also loose some functionality.
All the machines may not be in the same subnet.

So NetBIOS broadcasts will go right out the window.
That will kill broadcast name resolution, so you'd need to use static name
resolution.
Also, the browser would not function properly, since it relies on NetBIOS
broadcasts.

No, I don't think I'd want to try to run an edgeless LAN other that by by
using a second protocol to handle LAN access.

The physical multi-homing I suggested provides for a local sunbet, over
which broadcasts would work.
I'd be reasonable happy with that.

Like you, I too have reservations about the logical multi-homing.
Yes, it's possible there might be some leakage of LAN traffic down to the
ISP.
But they should drop anything with a source of 192.168.0.x.
Or even if they don't, and it's routed further, there's still no return
route.

I'd certainly agree this is not for the beginner, and needs to be considered
very carefully.

 

[Kent W. England [MVP]]

Ron Lowe wrote on 04-Sep-2004 1:37 AM:

All the machines may not be in the same subnet [when getting DCHP
public Internet addresses].

This thread really puzzled me until I read this. If the OP is always or
nearly always getting the same IP addresses, he might be able to set up
static IP addresses with larger subnet masks to force all of his
computers onto the same subnet. Going from 255.255.255.0 to 255.255.0.0
might do it.

You can define a set of IP addresses as your local network scope in the
SP2 Windows firewall and still maintain your F&PS secure against
Internet access. I have a DSL service with a few static IP addresses
setup this way using SP2 Windows Firewall. This sort of setup would
provide similar security as the NAT router would and not interfere with
his gaming.

 

[Ron Lowe]

Ron Lowe wrote on 04-Sep-2004 1:37 AM:

All the machines may not be in the same subnet [when getting DCHP
public Internet addresses].

This thread really puzzled me until I read this. If the OP is always or
nearly always getting the same IP addresses, he might be able to set up
static IP addresses with larger subnet masks to force all of his
computers onto the same subnet. Going from 255.255.255.0 to 255.255.0.0
might do it.

You can define a set of IP addresses as your local network scope in the
SP2 Windows firewall and still maintain your F&PS secure against
Internet access. I have a DSL service with a few static IP addresses setup
this way using SP2 Windows Firewall. This sort of setup would provide
similar security as the NAT router would and not interfere with his
gaming.

Yes, that would work.

But as you say it depends on the ability to specify the wider subnet mask
manually, and that's only going to be possible if the OP has a static
assignment, or as least a sticky one.

Of course, you are including other customers of your ISP in your 'extended
subnet'.
And that means you are going to leak a certain amount of broadcast traffic
down the cable.
That may or may not be a problem.
I haven't really thought through the implications of that.

As you say, editing the scope of the F+P sharing exception would let you
specify your other machines, assuming they are sufficiently static.

There are an interesting number of possible solutions to this.

Using an edgeless network with public IP addresses and selective firewalling
is undoubtedly possible, but personally I'd rather have a routed subnet with
a contiguous block of say 16 addresses, rather than an assortment of random
IP addresses. That way, I have a well-defined local subnet, and can use a
border firewall at the edge of my subnet.

 

[Hans-Georg Michna]

... If the OP is always or
nearly always getting the same IP addresses, he might be able to set up
static IP addresses with larger subnet masks to force all of his
computers onto the same subnet. Going from 255.255.255.0 to 255.255.0.0
might do it.

You can define a set of IP addresses as your local network scope in the
SP2 Windows firewall and still maintain your F&PS secure against
Internet access. I have a DSL service with a few static IP addresses
setup this way using SP2 Windows Firewall. This sort of setup would
provide similar security as the NAT router would and not interfere with
his gaming.

Kent,

wouldn't this also work with dynamic IP addresses, as long as
you widened the subnet mask sufficiently?

Local switches would make sure that little internal traffic
leaves the LAN, except for broadcasts.

Of course, when the IP addresses change, you can't use the
firewall method and have to safeguard each computer
individually. You have to open File and Printer Sharing to the
rest of the world and make sure you have strong passwords set
everywhere.

As I already wrote, nothing to recommend to newbies, but still
worth a thought. I've tried to write it down in the last
proposal in http://www.michna.com/kb/WxCable.htm. If anybody
happens to look at this, I'm always grateful for corrections or
improvements.

Hans-Georg

 

[Ron Lowe]

--
Best Regards,
Ron Lowe
MS-MVP Windows Networking

wouldn't this also work with dynamic IP addresses, as long as
you widened the subnet mask sufficiently?

But how can you actually do that?

The UI does not permit you to enter a subnet mask if it's set to
'Obtain an IP address automatically'.

The DHCP-supplied subnet mask will be used, won't it?

 

[Hans-Georg Michna]

wouldn't this also work with dynamic IP addresses, as long as

But how can you actually do that?

The UI does not permit you to enter a subnet mask if it's set to
'Obtain an IP address automatically'.

The DHCP-supplied subnet mask will be used, won't it?

Ron,

oops, hadn't tried that. Short of a trick to force it, you are
right and we don't have that possibility. Yes, in Windows XP the
dynamic choice encompasses the subnet mask as well. The question
remains what subnet mask the ISP actually provides and whether
the ISP could be asked to provide a wider subnet mask.

Too bad! At least the method may work for fixed IP addresses.

I don't know enough about IP to judge whether it could still be
made to work by entering a different subnet mask on the router.
Switches don't care about subnet masks, right? The Internet
connection can probably be made to work that way, but not the
internal peer-to-peer connections.

Hans-Georg