Connecting your LAN to the Internet

By: Walter Metcalf
Date: 3 May 2000

In a previous article in this series, Building Your Network, Part 1, we examined how to configure workstations on a LAN, and promised that we would deal with the Gateway in a future article. That time has now come. First, however, we should briefly define a few basic terms.


  1. LAN/WAN

    The LAN (local area network) or WAN (wide area network) is a closed system. Communication within the LAN (or WAN) is often handled by NETBIOS because of its greater power. By closed, I mean it is controlled entirely by the Network Administrator and normally there is no access to computers outside the LAN. 1 In particular workstations on a LAN have no access to the world at large.

  2. Gateway

    The Gateway is the name given to the workstation on a LAN that is also connected to the Internet. (A Gateway computer is also commonly called a router, but technically "Gateway" is the more accurate, and less confusing, term.) 2 The Gateway computer also contains the firewall and filtering software. The Gateway, then, serves two vital functions: it provides workstations on the LAN with access to the Internet and thereby the world at large, AND if properly configured it protects the workstations from illegal accesses by hackers and other unauthorized software and/or personnel.

  3. Firewall

    Here's the definition of "Firewall" according to the InJoy Firewall Reference Manual:

    In fact, a firewall is a conceptual object rather than a specific software or hardware product. It is the concept of rejecting all traffic except that which is specifically allowed. It should allow the administrator of the firewall to control all traffic into and out of a network.
    In other words the firewall is the armed guard at the Gateway to the LAN.

    Firewall Components

    1. Rule Based Access Control

      Here a set of Rules defined by the Network Administrator is recorded in a file. Every time a connection is attempted (incoming or outgoing), the firewall software checks the Rules file to see if the connection is allowed. If it is not, the firewall closes the connection.

    2. Network Address Translation (NAT)

      Simply stated, the firewall uses NAT to hide the internal workstation addresses, and to re-address all outgoing messages from workstations on the LAN by replacing internal IP addresses with the external IP address of the Gateway.

    3. Packet Filtering

      Packet Filtering operates closest to the hardware, and allows individual packets to be selectively discarded based on predetermined criteria. In InJoy Firewall, Packet Filtering operates on raw packets.

    The Injoy Firewall package used for the purposes of this series contains other specialized security protocols relating to tunneling and virtual private networks that I will not discuss here.

  4. Router

    As used here, router is simply the device (hardware and/or software) that performs the switching between networks, in particular, as in our case, between a LAN and the Internet. (See the Lucent Communication Glossary for more information.)

  5. Hostname

    Hostname is the alphanumeric (e.g. name of the server to which a computer is connected by means of an Internet dial-up, ethernet LAN connection, ISDN connection, etc.

  6. IP Address

    The numeric address (e.g. that identifies a computer on the Internet.

  7. Nameserver

    A server containing a database of IP addresses and their alphanumeric equivalents and lookup software that remote computers can use to convert the latter into the former.

TCP/IP Notebook

The next major step to is configure the TCP/IP Configuration notebook, located in the System Setup folder, which in turn is located in the OS/2 System folder.

TCP/IP Configuration (LAN) - 1
Network Tab
Lan Interface 0
    Enable Interface Checked
Automatic DHCP Unchecked
Manually, using Checked
IP Address
Subnet Mask
Lan Interface 1
    Enable Interface Checked
Automatic DHCP Unchecked
Manually, using Checked
IP Address
Subnet Mask
Loopback Interface
    Enable Interface Unchecked
IP Address
Subnet Mask

  1. The interface number corresponds with the slot number of the adapter card (NIC). From my experience it appears that the Internet "automagically" grabs interface 0 when you are installing the drivers and corresponding network software.

  2. The LAN interface 0 IP Address and Subnet Address are examples only. You must use the data you are given by your Internet Provider.

  3. This is the Gateway, and is configured with two LAN cards.3 Therefore it must have two LAN interface pages configured, one for each LAN card.

  4. The second interface is on the LAN side of the Gateway and is configured exactly like a workstation with a Class B local address, in this case, Note: This address must be the same as the address specified as the Router in each of the other Workstations on your LAN. (See the Building Your Network, Part 1 in this series.)

Next page > Routing  > Page 1, 2

Walter Metcalf

Next week: Installing and setting up the Firewall


1 Exceptions to this general statements are provided by specialized technologies such as Virtual Private Networks (VPN) and Tunneling. For more information see Tunnel/2.

2 For definitions of each see the Lucent Glossary.

3 In the 'Getting Started' manual for InJoy Firewall, Jensen describes both a 1 LAN adapter and multiple LAN adapter installations. He describes the scenarios under which a 1 LAN adapter setup would be acceptable, and those under which a multiple adapter setup is advised. Since the extra cost of a multiple adapter setup is minimal--little more than the cost of an adapter--and provides substantially better protection, I have chosen to present only that setup. If you wish more information on the single-adapter setup, you can download the demo version of InJoy Firewall and examine the aforementioned documentation.

Unless otherwise noted, all content on this site is Copyright © 2004, VOICE