webmonkey/backend/

DHCP Primer
by Michael Calore

So, you ate ramen noodles for six months so you could afford to pay for that high-speed DSL connection. Intoxicated by life in the fast lane, you bought a second computer, and now you're looking to network your investments together and connect your second computer to the DSL line? Great! Thanks to the diverse selection of operating systems, protocols, network types and software vendors out there in the world, you have many options.

You could always buy an additional IP address from your ISP -- the cost is sometimes only a few dollars per month (plus a set-up fee, in some areas). Many ISPs, however, charge through the teeth for multiple IPs in one location. Another drawback: You'll be forced to put the control of your network in your home in their hands.

Not to fear -- there is more than one way to skin that monkey. Sharing your cable modem or DSL connection on your own is a snap. If you're running Linux on one of your computers, you can use a network address translation, or NAT, application like IP Masquerade or IP NAT. If you're stuck in Windows or Mac land, you can investigate proxy server programs like WinGate. All of these choices accomplish the same basic goal: They allow you to share your Internet connection among several home computers while channeling all of your incoming and outgoing traffic through one IP address. These applications all do a fine job of liberating your additional computers from their non-Internet existence, and some are easier to use than others.

There are drawbacks to the sharing approach, however. Proxy servers and other software solutions require that one of your computers (most likely the computer with the Internet connection already configured) remain powered up and connected to the Net at all times. For most of us, this isn't that big of a deal. Because all of your network traffic flows through your proxy server or NAT server, however, running meaty applications like Web server software along side your Internet-sharing package can bog down your computer's resources, thus slowing your connection considerably.

Second, if your network comprises more than just two computers, a proxy server or NAT server can quickly become an administrative nightmare. Remember that you're relying on your software to filter your network's activity. Overload your proxy server with heavy traffic and your client computers can easily lose their connection to the server. This means rebooting. If you use the Net more than the average Joe, this means lots of rebooting.

Finally, the vast majority of these proxy server/NAT server applications just aren't secure enough for comfort. To avoid falling victim to a cracker, you need to run some flavor of firewall on your network, and firewalls are not always compatible with NAT or proxy servers. If you've taken night classes in network security and deep wizardry, then your firewall installation will be painless. The rest of us are left scratching our heads.

For the ultimate in security, control, ease of use and features, your best bet for sharing that broadband connection is DHCP, or the Dynamic Host Configuration Protocol. Why is DHCP better? First, its addressing scheme is fully dynamic: With a DHCP server running on your network, you can add PCs or move computers around on your network and not have to worry about re-configuring your IP settings. Also, DHCP applications usually come with extensive, built-in flexibility. Services such as NAT, security, port forwarding, and traffic logging are almost always included. Last but not least, most DHCP servers -- whether solely software or a combination router/DHCP server hardware unit -- are easy to install, configure, and maintain.

Before we dive into the amazing world of DHCP, let's run through a little refresher about IP addresses and where they fit in (pretty much everywhere).

Location, Location, Location

An IP address is like your telephone number or your home address -- each one is entirely unique. Every computer on the Internet has its very own IP address. The standard format is four groups of numbers separated by periods, and each number is an integer between 0 and 255. For example, a typical IP address would look like this: 181.255.107.4.

If you know a computer's IP address, you can reach out and touch it from anywhere on Earth. But since all those numbers are difficult for the human mind to keep at its neural fingertips, IP addresses are often assigned a human-friendly names, like www.webmonkey.com, which one of the Internet's battery of domain name servers translates into the proper IP number.

IP addresses can be divided into two groups: static and dynamic. Computers that run important tasks all day, every day, such as Web servers and mail servers, have static IP addresses -- their addresses never change. Since these computers are always at the same virtual "location," they are easy to find.

Most of the computers on the Internet, including the bedroom PC you use to surf the Internet, have dynamic IP addresses. Every time you hop on the Internet, your computer is assigned a different IP address by your service provider's DHCP server. You move to a new IP address every time you connect, but your DHCP server always knows exactly where to find you. Even if you say connected to the Internet all of the time, the DHCP server makes sure your computer gets a fresh new address every few days. Keeping IP addresses in constant flux is an excellent security measure -- just think about how hard it would be for the FBI to find you if YOU changed locations every three days.

DHCP operates like any other client-server relationship. When your PC connects to a DHCP server, the server leases your computer a private IP address. Your computer lives at that address until the lease expires, at which point you are given a new IP address. When you configure your DHCP server, you can set the leases to time out at different intervals. The most common lease duration among ISPs and other large networks is three days. After three days, just like an all-knowing landlord, your DHCP server leases out a new IP address to your computer and redirects all of your traffic. No credit check or post office forms required!

NAT, Ports, and Fooling the Outside World

While your DHCP server is messing around with your addresses inside your network, it holds on to a single IP address outside your network. Whenever you send a packet of information out to the Internet, your DHCP server translates the client's internal IP address to your external IP address.

To outside users, including your ISP, all of the traffic coming from and going in to your house originates from one IP address. Of course, with your fancy dynamic addressing, you can have as many computers as you desire humming away in your house, and your ISP will never know the difference.

Once your network is DHCP-equipped, you can use the protocol to make otherwise complicated tasks -- such as hosting your own website in your home -- a breeze. Suppose your dream is to become the next Raymond Carver, or at least the next big Internet writer hotshot. Of course you want to get your work out there for would-be readers to click through, so you decide to turn your old Pentium 166 machine into a simple Web server. But you're concerned about your readers not being able to find your awesome site safely stashed on your private network, and rightly so. If you've been paying close attention, you'll remember that DHCP will keep your Web server hidden away from eager eyes. Users on the outside of your private home network will only see one IP address (your DHCP server's) at your location and thus will not be able to access your Web server.

Luckily, that problem is easily fixed. Many of the DHCP-enabled software and hardware packages we'll be discussing on the next few pages allow you to set up ports (which are like "detours" for Internet traffic) on your server to allow certain kinds of traffic to reach specific applications on your network. Defining a port will link any incoming data to the desired application. For example, you can direct all incoming traffic intended for your Web server (such as HTTP requests) to port 80 on your network. The server will recognize the traffic as a request for the Web server and will direct the traffic to the appropriate internal IP address. Finally, your complex and broodingly intellectual masterpiece has found an audience!

Port numbers, such as 80 for HTTP, 21 for FTP, and 23 for telnet, are standardized across the Internet. If you're interested, the Information Sciences Institute has a massive list of all available port numbers.

Now you've got your homegrown website alive and kicking, but you're a jet-set kind of power writer, fond of taking your laptop with you to coffee house readings and lunches with David Foster Wallace. You may ask, "How will DHCP handle the mobility factor?"

In a world without dynamic addressing, you would have to configure your laptop to use a unique IP address for each of your various networks (home, work, library, etc.) every time you log in -- how confusing! With DHCP running on your network, all you need to do is plug in your network cable and boot up your machine. Your PC will request a temporary IP address from the DHCP server and your connection is established. This way, you can take your laptop with you and wherever you go, there's a connection waiting for you.

Now that all this talk about how easy it is to share your speedy Internet connection has you salivating all over your ergonomic keyboard, let's dig right in. We'll start with the easy solution (hardware) and then move on to the more challenging path (software), both of which arrive at the same results.

Taking the Hardware Road

To set up a DHCP server on your network, you need to make sure that you have a few things taken care of before you begin. First and most importantly, you need a basic TCP/IP network; no need to share your Internet connection if your computers can't talk to each other. You will also need a cable modem or DSL modem that translates your Internet connection into an ethernet connection (most cable or DSL hardware does this), which allows your broadband device to attach directly to your network rather than to a single computer.

Most of the time, when we talk about "servers," we refer to dedicated computers that perform tasks for the network clients. DHCP software can be added to your existing file server, or you can purchase a piece of network hardware with built-in DHCP services.

Few of us, however, run file server software in our homes, and I'm guessing that you'd rather not spend countless hours tweaking, compiling and recompiling applications on a command line interface. Thankfully, there is hope for us luddites. With the popularity of broadband technologies growing exponentially, many networking hardware vendors are selling all-in-one network hub/router/DHCP server units. These units usually have four ethernet ports (sometimes more) for your client PCs, one ethernet port for your cable or DSL modem and a built-in, hard-coded DHCP server that you can access through your Web browser. These boxes also kill two birds with one stone: The DHCP services are built into multi-port routers that eliminate the need for an extra piece of hardware (such as an ethernet hub) on your network.

Although they're not high-performance workhorses, these little boxes have pretty blinkenlights and can give you more speed than you'll probably need. They offer browser-based setup utilities which make their DHCP settings easy to customize. The broadband sharing products from NETGEAR, D-Link, Linksys, and Hawking Technology are feature-rich and relatively inexpensive at $150 to $250 each.

After you've set up your server and connected your broadband modem to your network, you next need to configure your client PCs. In Windows, just open your TCP/IP settings (located in the Network menu of your Windows control panel) and put a check next to "Obtain an IP address automatically" in the window that pops up. For other operating systems, just locate your network settings (in different places depending on your OS) and tell your computer to connect to a DHCP server when the machine boots up.

These hardware boxes are not too finicky about which operating systems are connecting to them -- many software packages are -- so they are especially helpful if you are running several different OSes on your network.

The browser interface included in these boxes make it simple to set up ports or to perform other network tasks (such as traffic logging) on specific ports. This can be helpful if you want to keep track of how many users are downloading your thoughtfully composed short stories, which of course scream brilliance and sincerity.

The Software Touch

If you are an above-average user willing to challenge yourself and your programming skills, or if you have experience with networking software, then you may wish to try your hand at running a software-based DHCP server.

Windows 2000 Server and Windows NT Server come with DHCP services built in, so if you happen to have a server lying around that's at your disposal, you're in luck. If the build you are using doesn't have the DHCP services, you can get them on the Web as an add-on or patch.

If you have a Linux box somewhere on your network, you can use the Internet Software Consortium's suite of DHCP tools. These tools are, of course, free. Check out the fully customizable applications both for the client and server sides available for Linux at Freshmeat.net. There are also a good number of DHCP server and client applications for BSD and different flavors of Unix out there. Keep in mind that these applications will only allow you to add dynamic addressing to your network. To share a cable or DSL connection, you still need a network router or some sort of Internet sharing software running along side your DHCP server. Luckily, the packages available commercially to home users have everything you need.

There are several stable all-in-one applications available for both the Windows and Mac OS. Many software companies sell complete home server packages, offering security features and performance enhancement tools along with DHCP services.

The Windows packages from 602 Software, Incognito and Puzzle Systems contain DHCP services along with other useful networking tools. These packages are reasonably priced between $50 and $150.

If you're running a Macintosh network, Vicomsoft's SoftRouter package is a great place to start. SoftRouter also has special features that make it easy to share your Internet connection with both Macs and PCs on the same network.

But remember, running a software-based DHCP server on a networked computer has its drawbacks: slower access times, more than your share of rebooting and that sinking feeling in your processor.

How Secure Are You?

Security seems to be on everyone's mind these days, and with good reason. There's a long list of ways for crackers to break into your network and vandalize your precious little files. Most vandals don't need to be motivated by financial gain -- they'll simply break into your system and wipe your hard drives for fun. Who knows, maybe they have an intense hatred for your brand of Web-based, post-modernist yarn. All the more reason for you to protect yourself.

Fortunately, most of the hardware and software solutions we've covered come with some sort of rudimentary network firewall. The security features on these little boxes and software packages are made with home users in mind, so they should be easy to set up and configure. Don't let yourself be a sitting duck. Turn on those firewalls!

If you're using a DHCP server that does not have any fancy security add-ons, you will need to use a third-party software security package. Not to fear as most are fairly cheap (under $100). ZDNet's Security Product Guide has a list of recommended packages to get you started.

Even with DHCP in effect and a firewall in place, it's still a good idea to know something about IP security before you put your Carveresque short stories out there for all to see. Anita Karve has written an excellent article about IP security over at Planet IT.

Of course, the dynamic host configuration protocol, by its very nature, has a built-in security measure -- dynamic addressing. A DHCP server keeps all of your internal network statistics private, so prying eyes will have a difficult time trying to figure out how many or what sorts of machines you are running on your network.

Before you trundle off into the world to use your newly-absorbed security know-how to set up a safeguarded Web server and become the Web's next word smith genius, let's briefly review the benefits and uses of the dynamic host configuration protocol.

A Review of the DHCP Bennies

We've learned a whole bushel of facts about DHCP today, including the most important benefits that DHCP can bring to your network. Namely:

Remember that there are several different paths you can follow when using DHCP. As we have seen, hardware is the easiest: no software to install, no extra hubs to buy, and no substantial drop in connection speed. Though not as easy to use as hardware, software packages have their advantages as well, mostly because of their additional features and low, sometimes non-existent, cost.

Now that you've got the skills, go forth and share that connection! Keep it secure, keep it dynamic, and keep eating those ramen noodles.



Michael Calore is Webmonkey's technical writer and editor. His career on the Net began as the editor-in-chief of the now-defunct webzine, the Drinkinbuddy, and he's also served time as a graphic designer, writer, HTML geek, musician, vegetarian, and know-it-all webmaster.





 

Feedback  |  Help  |  About Us  |  Jobs  |  Advertise  |  Privacy Statement  |  Terms of Service

Copyright © 1994-2000 Wired Digital Inc., a Lycos Network site. All rights reserved.