Virtual OS/2 International Consumer Education
VOICE Home Page: http://www.os2voice.org
October 2002

[Newsletter Index]
[Previous Page] [Next Page]
[Feature Index]

editor@os2voice.org


How to create your own (small) ISP, in 3 easy (and 57,245 difficult) steps. Part 1

By Michael W. Cocke © October 2002

Part 1: In which we attempt to prove that 2 tin cans and a string was a good idea.

This is NOT a technical step-by-step instruction manual - this is an overview, with assorted advice and some tips and pointers. You are assumed to be familiar with MPTS and TCP/IP.

First, you'll need a broadband, static address, connection to the internet. I use an aDSL line (384K up/768K down). WARNING: Allow me to relate my own experiences in getting this line, as a warning to those who follow.

First, find a company that will sell you a static IP xDSL line. That was good for a 2 week search, all by itself. A static IP line is typically a business service, and what the vendors are usually set up to provide you with is a wire with an IP address. That's it.

After you manage to find a vendor, you will have to endure the installation process. Mine went like this.  (Real company names are used - this really happened, and if you work for one of the mentioned companies, you don't have any legal recourse.)

WebmasterUSA sold me the service and gave me an installation date. A few weeks later, they gave me a different installation date. A week later, they gave me a different installation date. I told them, in no uncertain terms, that they had better install the thing when they said they were going to, or I would find a new vendor. Ok. The installation date came... and went. I called WebmasterUSA. They gave me a phone number at Bell Atlantic (now Verizon) and wished me luck. Thanks folks.

I called Bell Atlantic. They said the work order had been completed. I pointed out that, no, it had not. Three days of phone tag with people at Bell Atlantic passed.... and I got someone at Bell to admit that, no, the work had not been completed. They sent out a technician (a week later) who was actually quite good.

Next, I had to get Covad out there to finish the thing. I want to say this quite clearly - Covad was the only company that showed up when they said they would, and did what they were supposed to do, without my having to beat them up. Bell Atlantic got a little confused, but after I straightened that out, they also performed well. WebmasterUSA, who I paid, and who was supposed to handle this whole process for me, was completely useless. All they managed to do was collect my money (they were VERY efficient about that).

Ok - Now you should have a static IP address, broadband internet connection. Whoopee.

What you'll need next is a computer. I recommend a Pentium II 400 Mhz or better, with 256Mb of RAM and at least 8 Gb of hard drive space. More of everything is a good idea. Here's where it gets tricky. You're also going to need two separate network cards (NICs). I recommend using two different models for reasons which will become apparent below. Personally, I use a 3Com 3C509 and a 3Com 3C900.

This machine is running Warp Server for e-Business (WSeB) here, although it is technically possible to do it on Warp 4 or eCS. The reason I use WSeB is for the 386HPFS file system. Speed is going to be important.

Get TCP/IP bound to the network card that has your connection to the internet. This is where it's a good idea to have used two different NICs. If you used two of the same NIC, you're going to have some fun working out which NIC is on which network. You'll probably need to contact tech support at your ISP (again) to get the DNS addresses and gateway address. Don't take "Just install windows" for an answer, keep working until you get a senior tech who knows something. The information is out there. In fact, remember that statement - it will become your mantra.

Ok - assuming that you can now ping yahoo.com (or anything, really) AND GET A CONNECT, it's time for more fun. If you cannot manage this, do NOT proceed - it is infinitely easier to troubleshoot one thing at a time, rather than set everything up and then try to figure out which part is busted.

The other NIC is going to connect your gateway machine to the rest of your intranet. Back to MPTS, and this time you'll need to bind TCP/IP and NETBIOS (if you're using Warp Peer to communicate on your intranet) to the other NIC. I'll mention something now that took me a day to figure out - use the 192.168.xxx.xxx address range for your intranet. The gateway system (here) is 192.168.0.1, the file server is 192.168.0.2, and so on. Again, get two machines working first, then expand. Remember, ping is your friend. If you can get a return from ping, you're doing well - other things will follow. I should also mention that netmask should be 255.255.255.0 everywhere on your intranet.

Let me mention one thing that may be an issue; I have heard (but not personally tested) that the first network adapter listed in MPTS will have NETBEUI bound to it, whether you want it to or not. My suggestion is to play it safe - make your first NIC the one for your intranet - you do NOT want a NETBEUI connection exposed to the internet!

Now, assuming that you've got two TCP/IP networks going, internet and intranet, it's time to get them connected. Run, do not walk, to F/X Communications and purchase the Injoy Firewall. Think carefully about the available options - I recommend the SOHO Professional package, with IPSEC and NAT. Yes, it's not cheap, but it works VERY well, and it does things that the hardware firewalls cannot do.

Now, print the WHOLE manual for the firewall and read it. I'll wait.


Now, before we go any further, let me mention two serious problems with WSeB (one of which is also a serious problem with Warp 4, and probably with eCS. You're going to need to modify the ibmlan.ini file at some point. If you're doing this on a WSeB system, DON'T MANUALLY EDIT THIS FILE. If you do, the lsserver service will never again start and you will never again be able to run the LANINST program. If you restore a backup, lsserver will start again, but LANINST will NEVER, EVER start again. Don't ask me why, IBM tech support (at $210.00 US per hour) couldn't figure it out either. The other problem is that MPTS will never, ever get the different NET lines correct. When you encounter this problem (probably when trying to set up a VPN), you will know it, and by that time, should know what to do about it. It won't come up at this time if you're following along.

Ok - set the firewall up as you want it. At this point, don't get cute with filters and port redirections. Do that stuff later, after you've got something that works to test with.

Now, let me mention one MORE thing to watch out for. The firewall manual warns against running MPTS if the firewall device driver is installed. They don't warn nearly loudly enough. DO NOT DO THIS. If you do, you will mess up protocol.ini and a few other things up, and you will wish that you had listened. No one in their right mind wants to manually edit the protocol.ini file. If you don't believe me, go look at it. Understand it? No, neither does anyone else.

Ok - if you read the manual for the firewall, you should have everything working to this point. A ping from one system will return from another, and all systems should be able to ping yahoo.com (or whatever).

References:

Other links referenced:
  Apache for OS/2 - http://silk.apana.org.au/apache/
  Weasel SMTP/Pop3 server - http://eepjm.newcastle.edu.au/os2/weasel.html
  FX Communications - Injoy Firewall/Injoy Connect - http://www.fx.dk
  Timekeeper/2 - http://hobbes.nmsu.edu/cgi-bin/h-search?key=timekeeper
  cron214.zip - http://hobbes.nmsu.edu/pub/os2/util/schedule/cron214.zip
  Bind - http://hobbes.nmsu.edu/pub/os2/apps/internet/util/bind824.zip
  Mike's Notebook - http://www.catherders.com/mwcexp.shtml


Mike's Notebook - http://www.catherders.com/mwcexp.shtml web site contains an assortment of frequently updated articles and tips for OS/2 users.


[Feature Index]
editor@os2voice.org
[Previous Page] [Newsletter Index] [Next Page]
VOICE Home Page: http://www.os2voice.org