Indirect Internet Interchange

The direct route to the Internet might not be the safest. A proxy server can give you an extra measure of security as you provide access to TCP/IP networks such as the Internet. Microsoft's Proxy Server lets you connect to the Internet but keep workstation addresses anonymous. Without a workstation address, an intruder doesn't know where to attack. (Mark Joseph Edwards explains proxy servers in "Microsoft's Internet Access Server," September 1966, and "Configuring Microsoft's Internet Access Server," October 1996.)

To connect network workstations to the Internet through Microsoft's Proxy Server, you need a server running Windows NT Server and the latest version of Internet Information Server (IIS), and a communications link to your local Internet Service Provider (ISP). I used an Integrated Services Digital Network (ISDN) line and for communication support, a U.S. Robotics internal Courier I-Modem. The I-Modem is an ISDN terminal adapter that looks and acts like a modem with respect to the server, so the procedures outlined here are identical for any modem.

Proxy Server provides two kinds of services, Web proxy server and a Winsock proxy server. You can use one or both. Both services can use dynamic connections, and both can operate at the same time using the same connection.

The Web proxy server works with any client that supports a Web proxy server. For example, a Macintosh running Netscape Navigator can use the Web proxy server to access a Web server on the Internet. The Web proxy server works with a Web browser and assumes a TCP/IP connection between the workstation and the NT Server's IIS Web server. Most Web browsers, such as Microsoft's Internet Explorer (IE) and Netscape Navigator, support Web proxy servers. To conFigure the proxy server settings in IE, select the Connection tab from the View, Options menu. The Web proxy server supports only a few Internet protocols, such as Web access and FTP support. You can't use the Web proxy server for Internet applications such as videophones or to pick up email.

The Winsock proxy server uses a special version of the Winsock DLL on each workstation that uses the server. The ordinary Winsock DLL accesses the network directly and provides access to the Web server on the network. In contrast, the proxy Winsock DLL connects to the Winsock proxy server, which redirects any requests to the appropriate server. The proxy server can access local or remote servers. The workstation Winsock DLL can communicate with the proxy server using IPX, NetBIOS, or TCP/IP protocol, whereas the Web proxy server uses TCP/IP to access the requested server.

The Winsock proxy server works with any Winsock application to let the application use any higher level protocol, such as Post Office Protocol (POP) 3 email services and videoconferencing support. Of course, you need the appropriate application. The Winsock proxy server provides transparent access to any TCP/IP service, including email, but you must have matching Winsock support on the client. Currently, only Windows 3.x, Windows 95, and NT have Winsock support. I will describe how to install and conFigure both the Web proxy server and the Winsock proxy server, and the Winsock client.

Although I will discuss here only Microsoft's Proxy Server, it is not the only proxy server you can get. Other options are dedicated hardware units, such as Bay Networks Instant Internet, and software solutions, such as Virtual Motion's Internet LanBridge.

Installing the Hardware
The U.S. Robotics Courier I-Modem I used is an internal 16-bit ISA ISDN terminal adapter. I followed U.S. Robotics' instructions for installing the adapter and conFigured the adapter to appear as COM2. You use U.S. Robotics' DOS-based application to conFigure the ISDN and to set the ISDN Service Profile Identifier (SPID) numbers. You also need to set the type of ISDN switch your telephone company provides. Telephone company installers provide this information when they install the ISDN line.

The next step is to conFigure NT to use the modem. First, add the modem (in this case, the I-Modem). You need the configuration floppy supplied with the modem. Second, install the NT Remote Access Service (RAS). From Control Panel, Network; choose the Services tab, then Remote Access Service. In the Remote Access Setup dialog box, Click Add. Select the modem from the RAS Capable Devices list on the Add RAS Device dialog, and conFigure it as Dial out only, as you see in Screen 1. The protocol you select depends on the kind of connection you need, TCP/IP in this case. Choose dynamic IP or fixed IP address according to the type of service your ISP provides.

Close down the network configuration and restart NT Server. You can now use the NT dial-up networking support to test the modem. In Programs, Accessories, Dial-Up Networking, create a new phone book entry. Your ISP supplies the telephone number for its new phone book entry and related information, including the name and password you need to make the connection. Select More, and be sure that the idle time settings in User preferences and Logon preferences are set to the same value; 300 seconds is a good starting point to avoid excessive connect time.