Internet Gate for OS/2 - by Chris Williams

Providing an inexpensive and reliable way to share an Internet connection with other computers in the SOHO environment just got easier. These days, implementing complete Internet gateway solutions means having more than just a Web proxy server. It also means providing basic firewall protection, DNS proxy services, SOCKS and even specific site blocking & "tattleware" functions to control access to places an organization might find undesirable. Thanks to Marco Maccaferri Software Development's Internet Gate, an OS/2 equipped PC can act as, well... an Internet gateway for any number of machines connected to it.

The price is certainly right for anybody looking for an efficient way to expand the capabilities of their small network. And while setting up and managing a TCP/IP network is still not something a novice should try on their own, day-to-day operations with Internet Gate are very straightforward.

An example of a situation where Internet Gate is a great answer is something like this: A community service organization has a small, peer-to-peer LAN with 5 workstations. They have set things up on the LAN so that they can share a printer and a few files using NetBIOS over TCP/IP. They have picked a range of TCP/IP addresses to use at random since, at first, they never expected to connect their entire network to anything in the outside world. One of their computers is also equipped with a modem which is set up so that it can connect to the Internet via a local service provider. They have set up specific routing to the TCP/IP addresses they are using locally, so the modem-connected PC can talk simultaneously with both the Internet and the local network.

This organization decides it would be really great if they could share the Internet connection they have with all of their computers. Of course, they can't afford to buy lots of hardware and software to make this all work. The ideal solution for them would be if they could have the Internet connection establish itself automatically when they needed it, and then to disconnect itself when nothing was happening. Internet Gate does all of this and more.

Installation uses the standard-issue OS/2 installer we all have come to know and love. You are presented with the path where the files are going to be placed and given the opportunity to change it. Once that's done, the files are copied over and an appropriately named folder is created on the desktop. It's all quite uneventful -- exactly the way an installation program should be. In my case, the install program made no changes to my CONFIG.SYS file even though the installer had preselected the option to update it. Unchecking this option produced the standard "Are you sure?" and "Would you like a copy instead?" series of messages.

There is no specific uninstaller for the program, but the number of files is relatively small and they are all placed in the same directory. Removing the product is just a matter of deleting the Internet Gate folder from the desktop and the directory containing the program files. A quick check of CONFIG.SYS for any changes is probably not a bad idea, though.

Setting up Internet Gate's configuration is also easy provided you have a good basic understanding of TCP/IP networking. Everything is done via a single, tabbed settings notebook. Most of the features are enabled or disabled with checkboxes and the default settings are nicely tuned for the small environment. All of the things you would expect to be present are there. The latest of these is HTTP caching, which allows for faster retrieval of recently accessed pages. The default cache size of 2MB is a bit on the small side for my taste, but it's not a problem to change it around.

One of the features I like the most is the automatic dialer and automatic disconnect features. Internet Gate can use either the IBM Global Network Dialer or the Dial Other Internet Providers programs to automatically connect or disconnect based on the presence or lack of a request from another computer to access the network. Because it uses the existing dialer programs, all of the settings you need to make your connection work should be completed within those dialer programs. Once things are going the way you want them to, just tell Internet Gate which of the dialer programs you want to use and how long you want to wait before dropping the line for lack of activity. The rest happens automatically. Whatever you do here, don't try to get Internet Gate to work with your dialer until after you are sure the dialer is able to connect properly to your ISP with no outside intervention. If you don't, it won't work. Period.

The bread-and-butter feature of Internet Gate is probably the SOCKS server. This provides the main method for other computers to access the Internet over your gateway. It allows negotiation of the majority of the Internet protocols used by Web browsers today. SOCKS requires the presence of a DNS server to work properly, so it is a good idea to also enable the DNS proxy included with the software if you don't have a local DNS server for all of your systems. Also included is a HTTP Proxy server which only passes HTTP protocol, a Rule Manager for basic firewall protection, a Mapped Link Gateway to support protocols like IRC, FTP & Telnet gateways and lots more. You can enable, disable and configure any of these features to taste. Again, the defaults for most all of these features are a good place to start, but most people will want to fine-tune things as they go.

The first time you start Internet Gate, you will notice that all of the services are enabled on the traditional ports one would expect. You wind up deciding which of these you want to turn off and which will need to be changed to conform to your particular network configuration. Again, this is not for the networking novice, but an experienced person will readily understand and be able to configure all of these. The Rule Manager allows any combination of allowing or denying a specific TCP/IP address or URL, or ranges of addresses & URLs, to pass in or out of the gateway. These individual rules are masked by a set of default rules that apply to the gateway in general. The combination of the two provide a tool to fully manage both the firewall and access to any of those places you or your organization might find undesirable (or even embarrassing) to have displayed on your computer screens. There is no "tattleware" feature that will audit attempts to connect to any URLs you have locked out. This would be a nice additional feature to see in the future.

Documentation for Internet Gate comes in the form of an on-line book. It is well structured and easy to read, but is certainly intended for an audience of people who have the basics of Internet and TCP/IP networking under their belts. This is not necessarily a bad thing. I can think of few people who would trust their organizations' Internet access to someone with very little or no networking experience. If you know enough to be able to set up a TCP/IP based network under OS/2, this program is a snap. The documentation is arranged in a way that most everything you would want to know to set up and maintain your gateway can be found in just a few clicks.

In all, Internet Gate is a well balanced tool for providing basic gateway services to small and medium-sized networks. It's easy to install and well behaved. Most of all, it doesn't interfere with the regular operation of the PC that is running it. That means you can still use the system you're running your gateway on for other tasks. While you might not want just anybody using your Internet firewall and gateway machine as their desktop computer, it's certainly a testimony to this product that it is possible. For the price, it's definitely one to put on your Christmas list if you have any would-be Internet access administrators you want to surprise.

Internet Gate v1.21

by MaccaSoft
download from BMT Micro (ZIP, 855k)
Registration: Free for personal use; US$75 for 5-users

Chris Williams has been actively involved with OS/2 systems for the past six years. A former IBM employee, OS/2 Ambassador, and long time member of Team OS/2, he is currently a PC and network specialist for Perot Systems Corporation.

Copyright © 1997 - Falcon Networking

ISSN 1203-5696