Version 0.1.4
0.0 Contents
2.2 Assumptions
2.3 Copyleft
2.4 Disclaimer
1.0 Version History
2.0 Introduction
As a repayment for all the fabulous help I've gotten from the Nettalk/Sustworks people getting my LAN online with Sympatico's ADSL service, I've decided to write a How-To for other Mac users who wish to share their Sympatico ADSL connection across a LAN. While this How-To is specifically targetted at Mac users of Sympatico's HSE service, I hope that it will provide a grounding for users with mixed LANs that include Win/Un*x machines, and for users of other ADSL services that implement PPPoE authentication.
2.1 Intent
This How-To is intended to provide all the information that a technically sophisticated user requires to set up and maintain a network that shares a single Sympatico HSE ADSL Internet connection to multiple Macintoshes.
2.2 Assumptions
This How-To assumes that you have already set up a Macintosh Ethernet LAN that is running satisfactorily. Section 4.0 provides links to further resources on Mac Ethernet LAN construction.
2.3 Copyleft
This document is literary freeware. It may be reproduced and extended without license for any non-commercial purpose, provided that this notice and the credits in section 12.0 remain intact. The author requests that you forward any revision, corrections or extensions to this document to doctorow@craphound.com.
2.4 Disclaimer
I'm a pretty smart guy, and I know a bunch about this stuff. I don't know everything. I probably got bits of this wrong. Please feel free to correct me. If your computers suffer as a result of trying the advice offered herein, I apologise, but there's nothing I can or will do about it. Try this out at your own risk.
3.0 What is Sympatico HSE?
Sympatico HSE (High Speed Edition) is an ADSL Internet service offered by a Canadian ISP, Sympatico. This service is offered in Ontario and Quebec, and possibly elsewhere. The URL for Sympatico HSE is http://hse.sympatico.ca.
3.1 ADSL
ADSL (Asymmetrical Digital Subscriber Line) is a means of providing high-speed Internet connectivity over regular analog phone lines. The service is asymmetrical in that it provides faster downloads than uploads. In other words, ADSL subscribers can receive information from the Internet faster than they can send it. This is suited to home use, in which most of the information flows towards the computer. It is less suited to commercial use, where servers are employed to send large amounts of information to the Internet. A related technology, HDSL (High-Speed Digital Subscriber Line) provides symmetrical connectivity and is better suited to commercial use.
ADSL is significant for being a low-cost means of delivering high-speed consumer Internet connections. It is also important to note that while ADSL employs regular phone lines, it does not prevent connected users from making and receiving voice/fax-calls on that line, which eliminates the need for a second "Internet" phone line that heavy-use households often employ.
One important limitation on ADSL service is that it can only be provided to users whose houses are within a few thousand metres of the nearest Central Office (CO -- basically, a switching station).
For more information on ADSL, see http://www.adsl.com/adsl_forum.html.
3.2 PPPoE
HSE implements an authentication scheme called PPPoE (PPP Over Ethernet). This is employed to track which subscriber is connected to which line. PPPoE is a frankly awful technology, one that is largely responsible for the complexity of configuring and maintaining a LAN with HSE. A group of irate Sympatico subscribers have undertaken an earnest protest to Sympatico management over the decision to implement PPPoE, which you can take part in at http://www.sympaticousers.org.
PPPoE requires that you run a piece of software on the machine that is connected to the HSE service ("the gateway machine," see section 6.0). The Sympatico version of the PPPoE software is called Access Manager. They license this technology from Network Telesystems (http://www.nts.com/). Network Telesystems sells their own version of Access Manager, which they call Enternet.
3.3 Transparent Proxy
HSE also implements a "Transparent Proxy" scheme. A proxy is a machine that fetches "local" copies of frequently requested Web pages. Since the proxy has a faster connection to its users than they have to the Web servers they're connecting to, a proxy provides high-speed access to low-speed servers.
But it's not all sweetness and light in the proxy world. Since proxies serve cached versions of documents, it's possible that the page you're viewing has changed since the proxy last fetched it. You have no recourse but to wait for the proxy to fetch a new version of the document. The schedule for refreshing the proxy is set by the administrator, and takes into account a number of factors, including the frequency with which the site has changed in the past.
The HSE proxy is transparent. That means that the user doesn't need to configure their browsers to use it. The Internet gateway at Sympatico's end auto-senses requests for Web documents (HTTP requests) and seamlessly redirects them to the proxy server. To the user, it appears as though they were directly connected to the Web server they've requested the documents from.
Some requests are passed directly through the proxy. These are typically requests to dynamically generated sites, such as eBay, Amazon, and Slashdot.
For more information on proxying, see http://a4proxy.hypermart.net/.
3.4 DHCP
HSE uses DHCP (Dynamic Host Control Protocol) to assign IP addresses to machines that connect to its network. IP addresses are the numerical addresses that are used to locate and route to machines connected to the Internet. Every time you connect to Sympatico, a DHCP server picks an available IP address at random and assigns it to you for the duration of your connection.
4.0 Mac LAN Basics
This document assumes that you've already set up and configured a LAN of two or more Macintoshes, using a hub and straight-through Ethernet cables or a crossed-over cable in the case of a two-machine LAN.
For more information on Mac LAN configuration, see:
5.0 Connection Sharing Basics
When you connect to HSE with Access Manager, it assigns a single IP to you. In order for your network to connect to the Internet, every machine must have its own IP address. A scheme called NAT (Network Address Translation, also called IP Masquerading) allows you to create a "virtual subnet" of IP addresses that you can freely assign to your network.
Note that even though your LAN can handle ten megabits/second of traffic, Sympatico HSE provides less than one megabit/second of Internet connectivity. So even though computers on your LAN are making use of HSE, the traffic they generate shouldn't significantly affect the speed of your LAN.
5.1 The 192.168.*.* Subnet
IP addresses take the form of four numbers from 0-255, separated by periods (i.e. 255.255.255.255). IP addresses are assigned to ISPs by IANA (the Internet Assigned Numbers Authority) in blocks, called subnets.
The 65,536 addresses present in the range of 192.168.0.0 - 192.168.255.255 are reserved from assignment. These addresses are used for private, virtual subnets, primarily by entities that wish to share a single IP address among multiple machines. This is the block from which you will draw the IP addresses for the machines on your network.
5.2 IPNetRouter
The software that you will use to accomplish the NAT for your LAN is IPNetRouter, available from Sustainable Softworks at http://www.sustworks.com.
5.3 Firewall
A firewall is a computer or specialised "black box" that sits between the Internet and your internal network. Firewalls mediate all connections between your LAN and the Internet, so that only the machines that you "bless" are visible to the rest of the 'Net, and only to whichever types of connections that you approve.
Firewalling your LAN from Sympatico HSE can be very important. An unfirewalled network is potentially vulnerable to attacks ranging from "denial of service" (flooding a machine with packets until it shuts down) to actual intrusions via applications that permit network file-transfers like Timbuktu, Retrospect, Web Sharing, NetPresenz, and AppleShareIP.
One benefit of connection-sharing is that it gives you an instant, low-cost firewall for your network. A network built on the principles enumerated in this How-To is invisible to the Internet -- only the gateway machine can be accessed from outside your LAN.
For further reading on firewalling, see the Firewall FAQ at:
http://www.interhack.net/pubs/fwfaq
A Mac-centric article on firewalling was published in TidBits, at:
http://www.tidbits.com/tb-issues/TidBITS-468.html#lnk3
For stronger firewall protection, follow the Sustainable Softworks instructions at:
http://www.sustworks.com/products/ipnr/gettingstarted/firewall.html
6.0 The Gateway Machine
In order to connect your LAN to HSE, you will need to designate one Macintosh as the gateway. This machine doesn't need to be particularily fast or modern -- an old Quadra will do.
6.1 Criteria for a Gateway Machine
The ideal gateway machine:
It is highly recommended that you do not attempt to run OS9 on the gateway machine at this time.
6.2 Addition Purchases
You will need to purchase addition hardware and software for your gateway machine:
6.3 Hardware Configuration
Begin by installing the Ethernet card according to the manufacturer's instructions. Install any software drivers accompanying the card. You may want to check the manufacturer's site for the most recent versions of the driver.
Attach the Sympatico ADSL Modem (actually a terminal adapter) to the Gateway Machine's built-in Ethernet port with a normal (straight-through) Ethernet (Cat-5/RJ45) cable.
Attach the additional Ethernet card to your an regular port (not crossed-over/uplink) on your hub with a normal (straight-through) Ethernet (Cat-5/RJ45) cable.
If you are building a two-machine network without a hub, connect the additional Ethernet card to your client machine with a crossed-over Ethernet (Cat-5/RJ45) cable.
6.4 Software Configuration
This section assumes that you've downloaded, registered, installed and serialised IPNR, OTAT and Access Manager.
6.4.1 TCP/IP
6.4.2 Access Manager
The current version of Access Manager is 1.09b1. It is downloadable from http://hse.sympatico.ca/en/community/AccessManager.hqx.
6.4.3 IPNR Configuration
6.5 Maximising Stability
Your gateway machine is now set up and running. Ideally, this is a low- or no-use machine. I use a PowerCenter 150 that I bought used for less than CDN$100. Stability is important for your gateway machine: when it crashes, all of your client machines' Internet connections will go down.
To maximise your gateway's stability:
7.0 The Client Machines
The client machines are the machines that employ the virtual subnet that IPNR and your gateway machine creates. Because these machines use virtual IP addresses, they are in large part insulated from malicious hacker intrusions and attacks (in general, the MacOS is safe from Internet-based hacks regardless of addressing scheme).
7.1 Criteria for a Client Machine
7.2 Additional Purchases
You will need to purchase software for each of your client machines:
7.3 Hardware Configuration
Each of your client machines must have an Ethernet-based network connection to your gateway, either via hub, crossd-over cable, or wireless Airport connection (use a crossover cable to connect your AirPort access point to your hub).
7.4 Software Configuration
This section assumes that you have downloaded, installed and serialised OTAT, and that you have Open Transport installed.
***If someone wants to write a tutorial for client machines running MacTCP networking, I'd be happy to include it. Note that such a configuration would preclude using DHCP on the gateway machine, and would require manual IP address assignments for the client machines.
7.4.1 TCP/IP
7.4.2 OTAT
7.4.3 Mail
In your mail software, set the SMTP address to smtp1.sympatico.ca.
7.5 OS9
OS9 is not particularily stable in this configuration. See section 9.0 for a list of known bugs.
8.0 Useful Network Utilities
If you choose to run your gateway machine without a monitor, Timbuktu Pro (http://www.netopia.com/software/tb2/mac/5x/) will allow you to view and interact with the "headless" machine's desktop over AppleTalk. A 2-Pack of Timbuktu licenses costs US$139.95, and can be purchased at http://www.netopia.com/buy/download_orders.html.
WhatRoute (http://crash.ihug.co.nz/~bryanc) is a free utility for Traceroute, Ping and NSLookup.
9.0 Known Bugs
Following is a list of known bugs in the HSE/Mac LAN configuration described above. Wherever possible, workarounds are presented.
9.1 Access Manager
9.2 All OSes
New: Alexandre Simard has written a terrific how-to describing a number of fixes for this bug. It can be found at http://www3.sympatico.ca/alxs/hotmail/
9.3 OS9
10.0 Troubleshooting
TBD
*** If someone wants to write a troubleshooting FAQ, I'd be happy to include it.
11.0 Contact Info
To contact Cory Doctorow, the author of this How-To, email doctorow@craphound.com.
204.101.251.1
204.101.251.2
204.101.251.1
204.101.251.2