Home Pauline's Pages Howto Articles Uniquely NZ Small Firms Search
Click for larger image
A Guide to Painless Networks
Adding an ADSL Wi-Fi Router Firewall for Broadband and Wireless Access

A Guide to Painless Networks | Extra considerations when using Windows XP | ADSL Broadband | Microsoft Internet Connection Sharing Software | ADSL Wi-Fi Router Firewalls

Introduction

This is the latest and last part planned in the Painless Networking series. It covers both adding ADSL broadband Internet access directly into ones network and adding or converting to a wireless network. Recent developments in hardware which combine many network components which were needed for these additions into a single unit make this a very attractive ways forwards. Internet access is available from any of the machines connected by wired or wireless connection without a master machine having to be powered up, instead the unit is always powered up and connected to the telephone line. They can be set to log in when required and break the connection after a period of inactivity or continuously keep the connection alive.

Typical Hardware

Typical units include an ADSL modem, a hardware firewall protecting your network, a router proiding connections for 4 machines via a 10/100 Mbps wired network and an access point for up to 255 additional wireless channels using the IEEE 801.11g connection standard at 54 Mbps. In other words the only additional network hardware needed is wired or wireless Network Interface Cards (NICs) for each machine and UTP cables to additional wired machines (one UTP cable is often included to connect the unit to a computer to set it up and a cable for the ADSL connection to the telephone). You will also need ADSL splitters/filters for your telephones which often come with the package from major ADSL providers such as Tiscali. In practice most desktop machines now come with NICs built in and some laptops have wireless connections built in.

A number of manufacturers offer such combined units and I have installed a 3Com OfficeConnect ADSL Wireless 11g Firewall Router model 3CRWE754G72-A which came with a UTP and an ADSL cable and for a period is on offer with a free wireless network PC card for a laptop at under 80 pounds including VAT and carriage from Simply. I also have other wireless components from Belkin, 3Com and DLink which all work together with this unit using both the 11 Mbps 802.11b and 54 Mbps 802.11g standards.

My only caution is to make sure the machines are powerful enough to support wireless connection. My own remote machine is connected by a DLink wireless card which was also easy to install and set up but really needs a more powerful machine. A 200 Mhz pentium is not man enough to support the virus checking, firewall and monitoring so is prone to hang up if the control panel monitoring is enabled - I would not advise wireless on a machine with less than a 400 Mhz Pentium even with the less demanding Windows SE.

Basic set up

The upgrade to my installation up was incredibly quick and simple to get up and running - my wife went shopping in the local village shortly before it was delivered and by her return after just over an hour the existing network box had been replaced by the new unit, the existing USB ADSL modem unplugged and the new unit plugged in, the unit set up with passwords etc via its web interface for the broadband service, all the machines had the minor configuration changes to allow them to connect for browsing via the network rather than ICS and the laptop was connected by an existing wireless card. All that remained was to install the new fast free 3Com 801.11g wireless card, set up encryption on the wireless connection and to change email accounts to use the broadband account for sending email from the existing dial-up connections.

I can not promise that every installation will be as simple - mine was a change from an existing working Broadband configuration set up as per the previous articles in this series with a laptop which already had a wireless connection which I had used with other peoples broadband Wi-Fi networks. I was therefore very familiar with the system, aware of most of the pitfalls and knew how to configure the software for wireless and wired network access on other peoples systems. This article will endeavour to impart the information to enable you to make such an upgrade without pain. If you are starting from scratch you will need to use the earlier pages (other than the perhaps the one on ICS) and work through the various stages in a systematic and logical manner - above all you need the basic network set up to share files and printers and working reliably before proceeding towards shared Internet access via ADSL. I would also advise checking you ADSL connection using the modem and software provided by the provider on a single machine.

Background to Changes in Configuration

Firstly I will give a little background to the changes which will be made to the configurations used in the earlier articles. The main rational behind my earlier configurations was to separate the internal network from the Internet to avoid the risks of being hacked into. This was the reason for avoiding the use of the TCP/IP protocols for the local network. When you are using a hardware firewall the risks are dramatically reduced and TCP/IP becomes acceptable unless you plan to use your laptops on Dial-Up connections without any software firewall (Windows XP has a simple built in firewall and there are excellent free firewalls such as Zone Alarm to cover you). Again I used fixed IP addresses to increase security but it is much more convenient to use the IP addresses generated by the router, which also makes the addition of wireless connections much easier.

Step by Step Configuration Proceeedures for adding Broadband and Wi-Fi

The following is a step by step proceedure to implement the changes from my previously recommended set up as covered in the earlier parts of this series when a combined ADSL modem, firewall, router and wireless access point is added. The major stages are in bold. It should be easily adapted to the use of separate components.

  1. Pull out the plugs on your existing Internet connection and disable automatic start up of your firewall and virus checking which will interfere with the next stages. Reboot to ensure they have been deactivated.

  2. Replace the existing router by the new unit (ie remove the network cables from the old router and plug into the new one - the network should still work.

  3. Add and/or configure the TCP/IP protocol

    Loading protocols in Windows 9x is covered in Painless Networks Part I in the unlikely event TCP/IP is not already loaded for local network use - only Add TCP/IP rather than all the protocols refered to in the earlier article.

    TCP/IP is always loaded in Windows XP and can not be removed, only deactivated.

    Load/Activate TCP/IP and check/configure it to use obtain an IP address automatically as follows.

    • Windows XP

      • From the Windows Start menu, select Control Panel.
      • Click on Network and Internet Connections.
      • Click on the Network Connections icon.
      • Double click on LAN or High Speed Connection icon. A screen titled Local Area Connection Status will appear.
      • Select Internet Protocol TCP/IP and click on Properties.
      • Ensure that the options Obtain an IP Address automatically, and Obtain DNS servers automatically are both selected. Click OK.
      • Make sure the box is ticked to enable TCP/IP.
      • Restart your computer.

    • Windows 95/98/ME

      • From the Windows Start Menu, select Settings > Control Panel.
      • Double click on Network. Select the TCP/IP item for your network card and click on Properties.
      • In the TCP/IP dialog, select the IP Address tab, and ensure that Obtain IP address automatically is selected. Click OK.

  4. You may wish to check that each machine is obtaining a valid IP address when it is rebooted.

    • Windows XP

      -> Start -> My Network Places -> View Network Connections, Right Click the Connection Icon -> Status - the IP should be 192.168.1.x where x is between 2 and 5 for the first 4 machines.

  5. Check that each machine on the network is working for file and printer sharing.

  6. Set up the Firewall Router to disable the Wi-Fi or set it to be encrypted using 128 bit WEP via its web interface (Open 192.168.1.1 in your browser for the 3Com series) following the Router instructions and/or help files if it is not obvious on the menus. This is paranoia to prevent a wireless hack whilst you are setting the system up.

  7. Set up the Firewall Router to connect to your ADSL account and log in via its web interface (Open 192.168.1.1 in your browser for the 3Com series). This will be covered fully in the Router instructions and in the information from your ADSL provider.

    In the case of Tiscali and 3Com use PPPoA and use the defaults for everything else other than setting your username in form user@tiscali.co.uk and the password.

    With other routers you may need to know some or all of the following settings (provided by Tiscali and Freezone):

    • Protocol: PPPoAvcmux (usual shortened to PPPoA (Point to Point Protocol over ATM))
    • Virtual Circuit Identifier - VCI: 38
    • Virtual Path Identifier - VPI: 0
    • Authentication Type: CHAP or PAP
    • Encapsulation Mode: VCmux (If Dlink routers are prompting for Encapsulation from a choice of LLC/null- select NULL)
    • Modulation: Auto or G.DMT or ANSI T1.413 Note: In the UK the ADSL mode is G.DMT
    • DCHP Server: On
    • Firewall: On
    • NAT: Yes
    • DNS Server: Tick Automatic from ISP or obtain from your ISP (for example with Tiscali the Primary DNS Server is 212.74.112.66 and the Secondary DNS Server is 212.74.112.67)

    When you have it right the router will show you are connected by a light on the front panel and in the software screens.

  8. Configure the Software accessing the Internet for browsing on the client machines (Internet Explorer etc.) and for Email (Outlook, Outlook Express etc.). Programs which access the Internet to use the LAN - they currently expect to use a local Dial-Up connection and need to be told about the LAN.

    • To get the Browsers Set-up go Start -> Settings -> Control Panel -> Internet Settings -> Connections tab - just either tick the box Never Dial a Connection or the box marked LAN depending on the flavour of Windows and that is it.

    • Email packages are similar but one has to do it for every Account separately and they need to be set to use 'Any Active Connection' rather than a specific Dial-up.

    • The default email account (and any others used for sending email) will need to have the SMTP address set to that of your broadband provider if different from your dial-up default account ie smtp.tiscali.co.uk if you are using Tiscali.This is because most service providers only allow email to be sent when connected to their own network to prevent spam.

    • FTP programs may need to have the Passive Transfers box ticked

  9. Re-enable the automatic start up of your virus checking and check you can browse after a reboot.

  10. Re-enable the automatic start up of your firewall software and re-configure it to allow the new IP ranges (typically 192.168.1.1 to 192.168.1.255). Reboot to enable the firewall.

  11. Check the network still works and you can still browse the web.

  12. It is now safe to check you can access Email on the client machines (Outlook, Outlook Express etc.).

  13. Wi-Fi security. It is now time to set up Wi-Fi security. It should be setup to use at least 128 bit WEP (Wireless Equivalent Protection) encryption and it is wise to change the SSID (Service Set IDentifier) from the default before you enable Wifi access. Follow the Router/Access point instructions if it is not obvious on the menus. 3Com allow you to generate the encryption key using a pass phrase which is much quicker than entering a 13 long Hex string into the access point and every machine that connects to it. The SSID should be changed from the default to something meaningful - I use our postcode. When everything is set up you can improve security by preventing it being broadcast but that makes it more difficult when adding extra machines or allowing visitors access.

  14. Other Wi-fi settings: Many manufacturers have extensions to thge standard protocols for higher speeds etc. It is safer to turn these off in the router set up unless all the cards are from the same manufacturer.

  15. Install and configure any wireless network cards and connections. Follow the instructions provided with the card. You will need to know and enter the same encryption key and SSID as in the Router/Access point. Most manufacturers provide a control panel with a facility to search for Wi-Fi networks which are broadcasting an SSID and to connect to them - you then only need to enter the encryption key.

    • Windows XP provides its own simple detection and configuration for Wi-Fi access but it is better to disable it and use the control panel provided by the manufacturers unless you plan to use a new encryption called WPA (Wi-Fi Protected Access) which is available with an upgrade patch to Windows XP - I have not implemented as some of my machines do not run XP.

    • At the minimum - disconnect cables from any existing network connections to avoid risk of conflicts when you activate a Wi-Fi connection on the same machine.

    • If you have problems with W98 systems then disable the old network card and/or remove it and also check that there are no protocols left connected to 'shadows' after you have done so. I have had to do so to get reliable operation with a Belkin 54g PCI card mixed with an old ISA bus 10 Mbaud network card on a W98 SE system.

    • Many of the WiFi network cards demand quite well specified machines, probably to support the continuous monitoring. Typically a 300 Mhz Pentium is required, even for W98 systems, so check before purchase. Consider turning off the monitoring after you are happy everything is working well to save processor power for more important tasks.

  16. Set a password for access to the router set up for extra security as the encryption keys are visible in the router set up screens.

Conclusions

The use of a combined ADSL modem, firewall, router and wireless access point made my upgrade very simple, quick and economical. It has been in use for several months and the hardware firewall has not let anything through to be detected by my software firewall. I only retain the software firewall to monitor for outgoing traffic from rogue programs. The wireless connection to the laptop has been excellent and I never bother to connect via cable even for backups. I have been impressed with the ease of installation and configuration of the 3Com hardware and have carried out a similar upgrade for a friend using a USB WiFi interface for a remote desktop machine equally easily and quickly.

Feedback

The first part of this guide has been around a long time. The results have stood the test of time and I and others have set up many simple networks on Windows 95, Windows 98 and Windows XP machines very quickly and without hassle or problems. This part is, by definition, less mature and any feedback and comments by sending me a quick message would be appreciated.

A Guide to Painless Networks | Extra considerations when using Windows XP | ADSL Broadband | Microsoft Internet Connection Sharing Software | ADSL Wi-Fi Router Firewalls

Home page | Pauline's Pages | Howto Articles | Uniquely NZ | Small Firms | Search

Copyright © Peter and Pauline Curtis
28th September 2004
Click for larger image