Ethernet network questions

I don’t know much about LANs but I was at a friend’s office and she asked me to have a look at their situation and I am trying to learn a bit and maybe help her.

The office has about 6 computers networked to a central hub which is also connected to an ADSL modem. The computers have IP addresses in the range 193.0.3.XXX but these appear only internally and to the outside the apparent IP address is totally different (I forget what it was).

So I am quite confused. This is a mere hub so it would do no address translation. Can the ISP be doing it farther down the line? So all the computers would appear to the outside world as a single IP address?

193.0.3.XXX is a public Internet address and registered to someone in the Netherlands so it seems it should not be used as a private address range. Yes? I figure the correct thing would be to use Class C from 192.168.0.0 to 192.168.255.255

So what am I missing here? How is all this working? How are these computers communicating among themselves and with the internet?

She was asking me about installing a firewall but I am not sure if you would install one in each computer or just one at the internet connection. . .

I am quite lost with all this and not even sure of what I should be asking so any explanations welcome.

What makes you so sure the hardware in the center of all this is a hub? It most likely is a router.

As bcullman suggests, the thing that you think is a hub could really be a router, or the ADSL modem could be a router, or the ADSL modem could be a router.

Possible scenarios:

  1. the hub really is a hub, but the ADSL modem is a router and is doing NAT (Network Address Translation).
  2. the hub is really a router, which is itself doing NAT.
  3. the hub is just a hub and the ADSL modem is a bridge, but NAT is happening somewhere on the other end of the DSL connection (i.e. the ISP is being stingy and saving IP addresses).
    …or any number of infinitely less likely scenarios

Either way, you’re correct to wonder about the 193.0.3.x addresses. The NAT is technically set up incorrectly if it’s using public IP addresses for its private network. This setup prevents anyone on that network from opening connections to the real 193.0.3.x network. It’s extremely unlikely they’ll ever run into a problem because of this, but it’s technically wrong (and completely avoidable by using private addresses).

…or the ADSL modem could be a router, or the ADSL modem could be a router, or the ADSL modem could be a router…

This post brought to you by the Department of Redundancy Department.

Could you confirm a few things before we figure out your situation?

  1. What OSes are the 6 computers running?

  2. What command have you used to determine the IP addresses of the 6 computers ?

  3. Are the IP addresses assigned automatically using DHCP or are they manually assigned to each PC ?

  4. What method have you used to determine the external “apparent” IP address ? What is that IP address (you may .XXX the last bit to retain privacy) ?

  5. What is the complete Name/Manufacturer/Model of the “hub”?

  6. How is the network connected ? Does the Internet connection from the DSL modem go directly into the “hub” and each computer is connected to the “hub”, or is it that the Internet connection from the DSL modem is connected directly to one of the PCs and another cable from this computer is connected to the “hub”, and the other computers are connected to the hub?

The hub, by definition, would have no way to route incoming packets to the computers. It is most probably a router. If it is a router, it’s probably using NAT (Network Address Translation) to handle the IP addresses of the different computers.

If the IP address of just one of the 6 computers is 193.0.3.XXX, while the other computers are using private IP addresses, it is entirely likely that the Internet connection from the DSL modem is connected directly to this computer, and this computer handles the address translation.

If the IP address of all 6 computers is of the order 193.0.3.XXX it is possible that the network is configured with what are known as “illegal” or ovelapping IP addresses. Try a ping command to 193.0.3.XXX, what response do you receive ?

For a firewall, the easiest option would be to download and configure ZoneAlarm on each of the machines. But we need to figure out your network before we tackle that bit.

Oh, and regarding the firewall, if all devices are set up to obtain their IP addresses automatically (via DHCP), it’s extremely easy to insert a firewall which will only allow outgoing connections. If the path is

pc’s --> hub --> router/modem --> ISP

and all the PC’s are getting their IP addresses from the router/modem, then all you really need to do is plug it in like this:

pc’s --> hub --> firewall --> router/modem --> ISP

(making sure the “WAN” (or “outside”) interface on the firewall is the one plugged into the router, and the “LAN” (or “inside”) interface is the one the hub’s plugged into), and reboot everything (including the router), and you’ll be set. Rebooting everything isn’t necessarily required, but it’s the easiest thing to do if you aren’t good at troubleshooting this stuff.

These are dynamically allocated IPs? (When things like this go wrong, you can’t assume anymore…) Static or dynamic, there is something wrong with the person who set it up. If at least one of the boxes is an XP or 2k or whatever box, run “ipconfig /all” at a prompt, and see what comes up. (If nothing, try “winipcfg”) If it’s dynamic, it’ll likely say something like:
DHCP Server . . . . . . . . . . . : 10.0.0.1
(Which is what my network sez), which then leads you to the likely culprit. This is my server, gateway, etc, so everything here is copacetic. :smiley: Note also I have 2^24 internal addresses, as opposed to your teeny 2^16. :wink:

The hub is definitely a hub because it says “hub” on it. I did not look closely at the ADSL modem but it had a single ethernet connection and I assumed it was just a modem and not a router but I’ll look at it more closely.

If I change the local addresses to class C range does that affect anything else from the Internet point of view?

>> 1. What OSes are the 6 computers running?

WIN98SE

>> 2. What command have you used to determine the IP addresses of the 6 computers ?

I went to the network icon, properties, and looked at the TCP/IP configuration where is specifies the address (not “obtain address automatically”)

>> 3. Are the IP addresses assigned automatically using DHCP or are they manually assigned to each PC ?

From the above it seems they are manually assigned in the configuration of each computer. How would it work if I were to check “obtain automatically”? Who assigns them? This question is a bit academic as I think I’ll leave it as it is unless I have a good reason to change it.

>> 4. What method have you used to determine the external “apparent” IP address ? What is that IP address (you may .XXX the last bit to retain privacy) ?

I went to http://grc.com/x/ne.dll?rh1ck2l2 and I do not remember the address but I remember the other guy said it made sense.

>> 5. What is the complete Name/Manufacturer/Model of the “hub”?

I forget but it said 17 port hub. I’ll look more closely next time.

>> 6. How is the network connected ? Does the Internet connection from the DSL modem go directly into the “hub” and each computer is connected to the “hub”, or is it that the Internet connection from the DSL modem is connected directly to one of the PCs and another cable from this computer is connected to the “hub”, and the other computers are connected to the hub?

As I said, all the computers are connected to the hub and so is the modem.

>> The hub, by definition, would have no way to route incoming packets to the computers. It is most probably a router. If it is a router, it’s probably using NAT (Network Address Translation) to handle the IP addresses of the different computers.

It says “17 port hub”

>> If the IP address of just one of the 6 computers is 193.0.3.XXX, while the other computers are using private IP addresses, it is entirely likely that the Internet connection from the DSL modem is connected directly to this computer, and this computer handles the address translation.

No, the modem is connected to the hub and all the computers have addresses in that range.

>> If the IP address of all 6 computers is of the order 193.0.3.XXX it is possible that the network is configured with what are known as “illegal” or ovelapping IP addresses. Try a ping command to 193.0.3.XXX, what response do you receive ?

I’ll try that and let you know

>> For a firewall, the easiest option would be to download and configure ZoneAlarm on each of the machines. But we need to figure out your network before we tackle that bit.

Yeah, thanks.

We (me & the girlfriend) have DSL courtesy of Verizon and the ADSL modem, a Westell, is definitely a router. My computer’s local TCP/IP settings have me at 192.0.0.2 but that’s not an address you could ping me at.

Ok, so now the likely scenarios are:

  1. The DSL modem has an integrated router. This router is connected to the hub. The rest of the computers are connected to the hub. The DSL Modem/Router handles the address translations (most likely).

  2. The ISP has given you multiple IP addresses, and therefore you can connect through a hub (less likely).

Here’s a neat diagram of possible scenarios:

http://www.pcnineoneone.com/howto/hmnetwk1.html

If the Router supports DHCP, set the PCs to use DHCP and obtain IP address automatically. Do this on a single PC initially.

Alternately, if the router does not support DHCP, set one of the PCs to use the following IP address:

192.168.0.2 (not 192.168.0.1, just incase the Router has taken that address for itself to communicate with the internal network)

and Subnet Mask:

255.255.255.0 (if the other 5 PCs use some other subnet mask, use that address)

Make sure all PCs have the same subnet mask.

If DHCP works, you won’t have to do much configuring, but you’ll need to find out what you need to do to change the configuration of the DSL Modem’s integrated Router. I won’t be able to give you specific instructions without knowing the name and model number of your modem. It should have a web-based interface to configure the router.

If manually setting the IP address to 192.168.0.2 still keeps you successfully connected to the Interet, we’ve got your problem solved. Set all the other PCs’ IP addresses sequentially, keeping the same subnet mask.

For the firewall, download ZoneAlarm onto each PC and configure. A hardware firewall would be best, but that’s added cost. ZoneAlarm is free.

I agree that the DSL modem is probably a router, and that whoever set your private addresses to routable public addresses is a bonehead. If the NAT is being done on the ISP’s end, get a new ISP - they either don’t know or don’t care that they’re using public addresses. If it’s being done in the DSL router, you may be able to blame someone in the office who set it up.

“Obtain automatically” means they get the addresses from a DHCP server, which is either in your router or at the ISP. (Your computer doesn’t need to know where it is.)

For example, I have a hub with a few computers and a cable modem connected. The computers are set to automatically get IP addresses. When I turn one on, it sends a DHCP request to the hub, through the cable modem, to Comcast, and they send back an IP address. (Annoyingly enough, they put the computers on separate subnets. One is 12.x.x.x, one is 67.x.x.x, etc.)

AHunter3, 192.0.0.2 is not a private IP address. The private address ranges are:

10.0.0.0 – 10.255.255.255
169.254.0.0 – 169.254.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255

BTW the questions raised here are nothing to do with ethernet, they are about IP, the next layer up. It would be exactly the same if it was on token ring. The thread title is misleading.

sailor, I’m not too clear on what the problem is that brought the investigation on.

Is her question “how should I set up a firewall”? If so, I highly recommend a single point box. Software on individual nodes is not a good idea. Very hard to manage. And it should be a snap to install.

Yes, it’s true that the choice of IP addresses was poor, but it’s extremely unlikely (to a point where the word “impossible” isn’t inappropriate) that this will cause a real world problem. If I ran the network, I’d fix that, but really just for cleanliness sake; it’s not practically important. Also, there may be other complications to changing the network around. Perhaps the DHCP server is upstream and on that local 193 network. Perhaps there are other company servers upstream also on that net. If you have time and interest, it’s nice to be neat, but without good cause I wouldn’t mess with that.

If you really do want to track down what’s going on, the suggestions above to see what/where the default route and dhcp server is are good ones.

As far as where NAT is happening, the consensus is correct. It’s likely in the modem/router, second choice the hub, third choice upstream.

Your friend wouldn’t happen to live in Nigeria? (Can’t beleive I was the forst to post that barb) :wink:

Just a casual conversation with her over lunch where she told me she felt their network was very insecure and open to viruses and hackers. Since she believes I am an expert she was asking my opinion. I told her I am no expert in netwroks but I’d have a look at it. In reality my interest is in learning a bit about networks.

I found out the components:Soho 17 port hub and Efficient Networks Speedstream 5660 SOHO DSL Router so it is a router as many here guessed. How does one configure the router?

I am interested in learning a bit here. I may attempt to mess with the network or I may decide to just tell her if it’s working better leave it alone.

sailorThe router comes with a configuration utility. You use the browser to access it, by entering the ip address of the router in the address bar. (Something like //192.168.123.254). The key setting is to clone the MAC address. The process is slightly different for every router, so you may need to find the manual. The router acts as a firewall, so you may or may not need to run ZoneAlarm or the like.

Set all computers to “obtain ip address automatically” in the same range as the router (192.168.123.001 to 253).

There will be a file on each computer, named “hosts” (I think in the system32 folder) which may have stored the 193.xxx.xxx.xxx addresses and will interfere with the “obtain ip address automatically” setting. Rename or delete each one.

NutMagnet, I found the router configuration instructions here and the whole thing looks pretty complex as I have never messed with a router but I guess this is a good opportunity to learn about this topic.
So let me start asking the basics:

How do I find out the address of the router? Can I find it by looking it up in another computer on the network? Is this a fixed address or can it be changed?

>> The key setting is to clone the MAC address. The process is slightly different for every router, so you may need to find the manual.

I haven’t the slightest clue as to what this means.

>> The router acts as a firewall, so you may or may not need to run ZoneAlarm or the like.

That’s good to know

>> Set all computers to “obtain ip address automatically” in the same range as the router (192.168.123.001 to 253).

OK, so this is better than assigning each computer an address? why?

>> There will be a file on each computer, named “hosts” (I think in the system32 folder) which may have stored the 193.xxx.xxx.xxx addresses and will interfere with the “obtain ip address automatically” setting. Rename or delete each one.

I checked and the HOSTS files have no such reference so there should be no problem there. Thanks for the help.

Well according to the product description the hardware firewall is already onboard and active so all you really need to do is tweak the firewall (if you want – it may not be necessary) and slap Nortons 2003 Anti Virus on each machine.

Here are the install and configuration manuals and drivers if needed for the 5660

SpeedStream 5660

BTW page 16 of the 5660 manual says the address for accessing the configuration utility is “http://10.0.0.1” or “Speedstream” in the browser address bar. This will get you to the firewall config. page.