Home networking in Windows: an idiot's guide.
I have two small children, aged 8 and 5. I recently bought a new computer and have given them the old one to play games and things. I added some memory (£20) and a cheap video card (£25) to make it a bit more useful, but they still wanted access to some of their favourite sites on the internet. The machine was not networked to others in the house.
I have a fast internet connection on my main machine downstairs, and see no real problem giving them access to that, but I wanted to do it in a safe and limited way. Also, I will probably add more computers in the future, so I wanted to ensure the network has sufficient expansion capacity. And finally, I wanted to keep the system flexible in case the children change rooms, or we move house.
So this WU is designed to help someone with fairly basic technical knowledge set up their own home network using wireless technology and then to protect the children from the worst excesses of internet surfing. I will be using all standard programs in the expectation that anyone who has chosen to use non-standard systems probably knows more than me.
And yes, all you *ix users can point at me and laugh at my enslavement to Micro$oft. *shrug*
- Start from here
- What to buy
- Test the network
- Internet connection sharing
- Protecting the Innocent
- Trouble shooting
- Helpful links
I started from here
I started out with one machine (running windows XP for home) downstairs (call it 'Romeo'), which has a fast, reliable connection to the internet. Upstairs in the childrens' room the old computer ('Juliet') was running Windows 98 (not the second edition) with no printers or other peripherals. If you have a different setup, then things should still work, so long as the machine with the primary internet connection is running anything from Win98 second edition upwards, while the clients -- everything else -- can be running anything from Win 95 upwards.
Romeo has a pre-installed network card with a standard 100 Mb/sec Ethernet connection. This was not being used for anything else. The internet connection goes through a dongle and into a USB port. All the advice I received was that if you want to set up a network, it is best to use a router, which connects directly both to the broadband modem, and to the computers. Unfortunately this was not possible in my case. When I told people what I proposed to do, and admitted that I knew little about networking, they all looked doubtful, but said, "Yes, that should be possible."
If your ADSL modem has a functioning Ethernet connection, then you should try to use a router to share the connection. I couldn't. Here is what I did to get around it.
Before starting, I sought advice from all places, and mostly the advice was, 'don't use WiFi and don't use internet connection sharing'. Like any self-respecting man, I ignored that advice, and decided I could overcome all those difficulties. It was a struggle, but I got there eventually.
I was forced into Internet Connection Sharing by my internet provider, and I chose WiFi for the following reasons . There are alternatives to WiFi, but this seemed like the best idea at the time.
- Some of my friends already had WiFi home networks and portable devices, so I wanted to give them access when they visit
- I wanted something standard, rather than a proprietary system
- I don't use a lot of large files, so the actual transfer speeds of 5 Mb/s or so is ample for me. My internet connection is 1 Mb/sec, so the LAN can easily handle everything the internet connection can throw at it, and then some.
- I wanted to be able to expand the system easily to use my (workplace) laptop or add more computers in the future.
- I can't be bothered running cables under floors and through walls.
This is what I bought
I wanted to get all the hardware from the same manufacturer to minimise the risks of incompatibility, so I looked for hardware with recognisable brand names, relatively cheap and with good on-line support. I ended up with D-Link (www.dlink.com) because it offered a bit more bandwidth (up to a nominal 22 Mb/sec) and seemed to have good reviews in the online articles. And finally, the stuff seemed to be aimed more at home users than corporate networks.
I followed the advice on their 'configurator' pages and bought the following (all prices are UK-based and very approximate)
- an access point (DWL-900AP+) £100.
- a cross-over Ethernet cable. (to connect the computer to the access pont) Use cat 5 to get the best transmission speeds. £10.
- a PCI card DWL-520+ (for the upstairs machine and each other desktop machine you want to connect) £50.
- In addition a laptop will need a PCMCIA card, or USB card to connect to the network, but I have not bought one of these. £50.
- After it was all installed I upgraded my firewall to ZoneAlarm Plus ($30) £20.
The total cost to link two machines was therefore around £180,with a further cost of about £50 per additional machine.
Next was to install it all.
Before doing anything to the hardware, you should install the drivers and software from the disks provided. Do this one machine at a time, then switch everything off and install the hardware.
In all, the installing phase took me about an hour, but I'd recommend you allow two to three hours, just in case.
The only bit which was slightly daunting about the hardware was taking the computer case apart to put the PCI card in. You unplug all the wires (especially the power) and take the case apart, find the PCI slots, choose an empty one, and then just slot the card in, and screw it in place. Finally, remove the corresponding protective cover on the case, and put it all back together again. It is pretty straightforward, but if taking the case off a computer is not your game, then you can buy USB cards which do exactly the same thing as the PCI card. There is very little difference in price, and the USB cards simply plug into a spare USB slot. I chose the PCI because I didn't want to take up a USB slot for something which is permanently connected. I prefer to use the USB slots for devices which I plug in and out.
Romeo was much more straightforward. I simply plugged the cross-over cable into both the access point and the computer, and then plugged the power lead into the access point.
When all that was done, it was time to switch the power on once more. At this point, I got very stuck for a very long time. I have a firewall on my computer, called ZoneAlarm from Zonelabs. It is a wonderful piece of software, but I did not realise it was stopping all traffic on the newly-installed network. This caused me no end of problems, so I advise you very strongly at this point to switch off all firewalls. And, while you are at it, you might as well disable all the virus protection as well. It is probably best to stay disconnected from the internet while ensuring that your new network operates as you want. You can of course connect, but without a firewall you are vulnerable to external attack. It probably won't matter for a few hours, but better safe than sorry.
I also have to touch on a subject that affects many people. While I can't condone software piracy, I can say that the network will work, even if your copies of Windows are less than completely legitimate.
If you have not set up a network before, then there are a number of things you need to do to make it all work. Most of the equipment I mentioned above will work pretty much straight out of the box, but you do need to change some Windows settings to allow the various machines to talk to each other. Also, if any of the machines are working on Windows 98 or older, then you will need to install some additional software on those older machines.
Unfortunately, this set-up stage can take forever, but if all goes well, and assuming you remembered to switch off those firewalls, then a couple of hours should be plenty. The biggest time-waster is probably the client machines. If they are running Win 98 or anything earlier, every time you make a change to the network settings, you have to re-start the machine, and that seems to take too long.
I have to admit that when I connected the laptop to the system it took at least 12 hours of solid fiddling and I had to re-install Windows two or three times because the thing kept freezing during startup. See the troubleshooting section for some tips.
Here, finally, is what you need to do
Make sure all the hardware and drivers are installed first, or things will go wrong. If you can use the network setup wizard on the main machine (Romeo), that is a good starting place. Bear in mind that the wizard needs to connect to the internet. If it crashes halfway through, it may be a firewall problem. Once the wizard finishes, it will ask you to run a similar wizard on each of the client machines. You can either create a floppy disk to do that, or use the original Windows XP install disk, and run it on each client. I used the XP disk and it was straightforward on everything except the laptop. The wizard makes changes to your network settings, so expect one or two re-starts during installation.
You have to assign a name and description to each of the machines, but that is pretty straightforward. You also have to name your network , and it is vital that you use identical network names on each machine, or you will end up with each machine on a different network, with no hope of them ever finding each other.
Once the wizard is finished, you may also need to set up the DHCP and security. On my setup this was done through the Access Point. On Romeo I fired up my browser and typed in the address (192.168.0.50) of the AP. That gave me access to the internal settings of the AP. During the initial phase, I switched off DHCP and assigned specific addresses to each computer. Later, when things seemed to be working, I switched DHCP back on, and told each machine to get IP addresses automatically.
The initial setup (in the network--->TCP/IP--->properties dialog) had me assigning IP addresses as 192.168.0.x, where the main machine (Romeo) was 192.168.0.1. This is compulsory if using Windows Internet Connection Sharing. Juliet was 192.168.0.2 and the laptop was 192.168.0.3. Whenever it asked for a default gateway I used Romeo's address: 192.168.0.1. And when it asked for a DNS address, I gave the number supplied by my internet service provider.
In terms of security, I also left everything switched off until I knew things were working. Then I set it (on the wireless access point) to 'Only allow the specified MAC addresses to access the network" I left all encryption (WEP) off. It also makes sense to change the SSID for all devices and to ensure that you put a strong-ish password on the Access Point settings, to prevent unauthorised snoopers gaining access to your network.
The MAC (Media Access Control) address (sometimes called the 'Physical Address') is a unique identifier given to each networked device. With wireless devices, the MAC is unique to each wireless card or access point. So by only permitting specified MAC addresses, I was preventing strangers from logging onto the network from the street. I can add friendly MAC addresses, but strangers cannot see that an access point exists. If you allow strangers onto your network, then it makes sense to tighten the security of data passing across the network by using WEP. If you trust everyone who has access to your network, this just adds a layer of complexity for no real purpose. If, however, you are handling sensitive data or you're paranoid about government snoopers and mafia bosses, then it probably makes sense to use some form of encryption.
Test the network
If all has gone well, then you can click on 'My Network places' and then show workgroup computers (Win ME and up) or network neighborhood (Up to Win98) . if all the computers appear, and you can access the files you set up, then everything is working fine.
If not, then you may have to use the ipconfig and ping commands to check which parts of the network are operating and which are not. (see the troubleshooting section)
If all is working well, you can re-install the firewall, and check again that the computers can see each other. If they can't then you will have to fiddle with the firewall settings until it works, or very temporarily, simply connect to the internet without the firewall in place to make sure it all works as intended.
In the end, I upgraded my (free) ZoneAlarm program to (£20) ZoneAlarm Plus, which has support for home networks.
Once that was re-installed, I was able to transfer files between computers, share printers and use both machines to access the internet.
Protecting the innocents.
My children (or their savvy friends) will try to break any security I put on their machines, so I have used non-guessable passwords, and I make sure no-one is watching while I type them in. It's not that I don't trust the darlings , but I know what unbridled curiosity combined with formidable intelligence and a questioning attitude can do. And I want to protect them.
I have told them why I have installed all the protection, and stressed the importance of using the internet responsibly. I have also told them about viruses, spyware and other undesirable software, and how they are transmitted. I have also told them that people are not always what they seem on the internet and that they should never, ever give out their real names or address. I have suggested some made-up names which they can use if they want, but encouraged them to ask their parents if they ever want to fill in an on-line form.
When the children are ready I will show them how to clean undesirable software from the machine, and will gradually allow them more freedom. At this stage, however, the machine is locked down as tight as I can make it. They are still very young. Five and eight.
We have allowed the children to go on certain specific sites on our main machine, and they have 20 or so sites they like to visit logged into the main IE favorites folder. On their inherited machine, I deleted all the favourites, left over from when it was my main computer,transferred their favorites folder up and installed only that folder in favorites.
Next, I went to internet settings/content and enabled the settings there, to permit only the minimum levels of violence, nudity, profanity etc, and applied an unguessable password. I set it so that the system will ask for a password whenever an unrecognised page is requested.
Then I went through each of their favorites, tried to connect and when I was blocked, I checked the box saying always allow this site, and typed in the password.
This means they can use their own sites more or less unrestricted, but no other site will load without my password. I guess I'll have to change the password fairly frequently, but that is a low price to pay.
Also, I have removed alternative browsers and their installation programs and used the firewall to block access to all the IM and chat programs on the machine, so that they cannot use those. If they want to do that stuff, then they will have to do it on the main machine , with all other family members watching. Not in the privacy of their own room. Similarly, if they need to search the web, then they can do it under our supervision on the main machine, and we can transfer any useful sites onto their machine, and add them to the permitted list.
in the end, I ended up re-installing Windows. It was easier to do this, and put clean versions of all their favourite software on there, rather than trying to clean off all my old stuff. This way I know exactly what software is on there, and the thing runs a bit faster with more spare disk space. Obviously you have to back ewverything up first, and be prepared to restore the backups of their saved games, but it was worth it in the end.
This is perhaps the most difficult of all the areas to discover, as there are so many things which could go wrong.
I guess one needs to break down the questions as follows
- Are the operating systems on all machines up to date and do they support networking?
- Is the infrastructure (cables, wireless etc) connected properly and working
- Are the right network adaptors and protocols installed on all machines
- Are the LAN network addresses configured correctly
- Are the computers connecting to the same LAN
- Is any data getting through from computer 1 to computer 2
- Does computer 1 'know' it is connected to computer 2
- Are the access privileges set up correctly for sharing
- is the internet connection working properly
- Are internet requests passing smoothly over the network
Things will only work if all these steps are correct. For example, with my firewall problem, I was pretty confident I had steps 1 to 4 correct, yet no data was getting through from computer 1 to computer 2. maybe I shoud have thought that something must be blocking the data, but it took a lot of hassle and checking and re-checking the settings to get it right.
The big difficulty with networks is that unless it all works, there is no obvious way to check each individual step, except by following the instructions carefully and hoping that they all apply to your particular setup.
Nevertheless, there are some useful tools to help identify the source of the problem. You can try using the troubleshooters (Startbar--->help--->troubleshooting--->troubleshooters), but these are not a great deal of help. The most useful tools I found were ipconfig and ping. You use both of these in an MSDOS window, or at the command line. Ipconfig will tell you how our machine is set up. Ping allows you to see if any command will get through.
Once you have run IPConfig on each machine, you can compare that with what you told it. If IPConfig reports something different, then you will have to change the address in the network control panel. Be prepared for yet another re-start. Once all the IP addresses are as you want them to be, then you can try the ping command from each machine to each of the others, and then out to the outside world.
Start with the base machine (Romeo) and first ping the loopback address (127.0.0.1) to see how the result should look. Then ping the access point, and then each of the clients. Next try somewhere on the web, such as E2 (18.104.22.168) and finally, if all that works, try ping everything2.com.
Next go to each of the clients and follow the same pattern. First try the loopback, then the access point next the gateway and each of the other clients. If all that works, then you know your internal network is functioning, you can try something in the outside world, such as everything2, and finally, to make sure the name servers are working, try everything2.com.
If that fails, then try some of the sites below, and if that fails, well, you could try asking a friend to sort it out.