Proxy servers simplify connectivity

In my February 1996 through October 1996 Inside Out columns, I explained how to use a Windows NT machine as an IP router. Those columns' continued popularity surprises me. To this day, hardly a week goes by that I don't receive a note from some exasperated soul trying to attach a small or midsized business to the Internet by using an NT machine as an IP router. Turning an NT machine into an IP router is probably too much work for most folks. This month, I'll explain how routers differ from a usually more desirable alternative, a proxy server.

The Traditional Approach
Most companies connect their LAN to the Internet through a four-step process. First, they acquire a block of consecutive IP addresses from either Network Solutions or the American Registry for Internet Numbers (ARIN). Most companies hire an Internet Service Provider (ISP) to handle the paperwork associated with registering IP addresses. Second, they assign one IP address to each network card in the company; two machines can't share an IP address. Third, they lease a full-time connection to their ISP. Fourth, they set up routing.

Many people don't realize until they reach step three that they can't parlay their $20-per-month unlimited-access, dial-up Internet account into shared access for a group of machines with distinct IP addresses. ISPs can afford to offer only so-called unlimited access accounts for a few dollars a month because ISPs have a built-in barrier to network overload: a limited number of phone lines. In theory, your dial-up account offers unlimited access, but in practice your ISP has 10,000 unlimited access subscribers and only 200 phone lines, or ports. Some ISPs mysteriously disconnect unlimited access subscribers who've been connected too long. If you want a truly full-time connection, your ISP must dedicate a port to you, and you'll pay more than $20 per month.

Network pricing depends on the number of addresses and the connection speed. I recently started a new company, and I needed a block of 254 IP addresses for my firm. I found a wide range of prices for this size network, but the best deal I found was $400 per month for a 64-kilobits-per-second (Kbps) frame-relay connection. Nearly $5000 per year for 64Kbps might sound like a raw deal, but it's not, at least not in the Washington, D.C., area right now. I expect bandwidth prices to drop as the communications network infrastructure improves.

After you contract with your ISP for full-time access to your IP addresses, you'll need an IP router, a device that directs packets on your LAN to and from the Internet. You have many choices in the router market, but your ISP might recommend a particular brand. I've configured routers from Cisco Systems, Bay Networks, Ascend Communications, and Compatible Systems; I prefer Compatible Systems boxes because they're easy to configure. Alternatively, if you have the necessary software and plenty of patience, you can use a PC as an IP router. I don't recommend this setup, but I've used it in the past. After you configure your router, you're wired.

Proxy Server Setup
Setting up an IP connection to the Internet can be expensive and a lot of work, and establishing IP addresses can be more hassle than I described. You might have trouble getting as many IP addresses as you want. At one time, you could get blocks of hundreds of IP addresses fairly easily, but now the Internet is running out of addresses, so Network Solutions and ARIN limit address assignment. You might find that you don't want everyone in the company connected to the Internet; surfing is too distracting for some people. Establishing a policy that regulates who gets access and who doesn't adds to the time and effort you spend setting up a proxy server. And a full-time Internet connection might cost more in your geographic region than in Washington, D.C.

The alternative to the hassles and cost of connecting to the Internet through the traditional approach is a proxy server. To set up Internet access through a proxy server, you assign IP addresses that the Internet doesn't recognize (between 10.0.0.0 and 10.255.255.255) to all the computers on your network. These addresses let your PCs communicate with each other. Next, you connect one of your networked computers (let's call it PROX) to an ISP via a modem or Frame Relay Access Device (FRAD). Your Internet account can be a dedicated account or a $20-per-month dial-up account. PROX, your proxy server, then has two IP addresses: the 10.x.x.x address on its Ethernet card and a valid Internet IP address that your ISP provides.

For PROX to provide Internet access to the other computers on your 10.x.x.x network, you must set up proxy server software on PROX. Then, install a Web browser on every computer that will access the Internet through PROX, and tell the browser to connect to the Internet via a proxy server. For example, in Internet Explorer (IE) 4.0, click View, Internet Options, Connection, and select the Access the Internet via a proxy server check box.

After you set up PROX to run proxy server software and configure your internal network computers to use a proxy server, users can access Web sites from computers on the 10.x.x.x network. When your 10.x.x.x network users request a Web site through their browsers, their request goes to PROX, and PROX accesses the site. From the Web site's point of view, PROX is the computer that requests the site; the remote computer doesn't detect the proxy server software. When PROX receives the requested Web pages, it forwards them to the user on the internal network who requested the pages. Several people on the 10.x.x.x network can access different Web pages at once. The proxy server software keeps track of who asks for what information.

Proxy Server Benefits
What are the benefits of using a proxy server? First, the proxy server protects your 10.x.x.x network from hackers. The proxy server is as vulnerable to attack as any other computer on the Internet, but because your other computers don't connect directly to the Internet, they are fairly safe.

Second, the computers on your network can share a cheap, $20-per-month dial-up connection. You can set up your proxy server to connect to your ISP only when someone on an internal computer requests access to a Web site. This dial-on-demand setup is much cheaper than a full-time connection. (You need a full-time connection to host your Web and mail servers onsite, but most ISPs will host these services for a fee.)

Third, proxy servers save often-visited pages in a cache. Suppose an employee arrives early one morning and checks out http://www.news.com. News.com might be busy, so the first employee might have to wait for the news.com content. But if a second employee accesses the same site later that day, she gets a nearly instantaneous response because the proxy server serves her the cached pages. Finally, if you use a proxy server, you can easily block users from accessing particular URLs and reduce the time they spend at work surfing silly sites.

Qbik Software's WinGate (http://nz.com/webnz/qbik/index.html) is the least expensive proxy server software on the market, but it has security problems. Another popular proxy server product is Microsoft's Proxy Server 2.0 (http://www.microsoft.com/proxy/default.asp), which comes as part of BackOffice. Two other proxy server options are available from SERVERxtras: CSM Proxy and NetRoad TrafficWARE (http://www.serverxtras.com).

Proxy servers have disadvantages, which I'll cover in a future column. However, they help eliminate some of the expense and technological know-how that installing a fully routed block of Internet addresses requires. If you're thinking about getting wired, take a look at the proxy server alternative.