vicom-review.html

Sharing an Internet Connection with Vicom Internet Gateway

(or "What to do with an old Macintosh")

Quick Summary: The Vicom Internet Gateway is an impressively engineered piece of software that allows you to effortlessly share your Internet connection and protect your internal network with almost zero administration time.

If you're setting up a small business office (or home office) with a few computers and are looking for an efficient way to share a high-speed Internet connection (cable modem or ADSL), you need some kind of software or hardware setup to perform IP masquerading.

IP masquerading is performed by a computer, usually with two network cards (it can be done with one, but two is cleaner). One network card talks to your Internet connection (cable-modem, etc...), while the other talks to your internal network of other machines. This in-between machine becomes a proxy for all network connections that your internal machines make to the outside world. Your internet provider only sees one computer (albeit a very "active" computer), as does the rest of the world. Your IP masquerader is thus also a firewall for your internal network.

Another role often played by such a machine is that of DCHP Server to your internal network. DHCP (Dynamic Host Configuration Protocol) is a mechanism by which machines on the internal network obtain all of their networking information (including IP address, routing, name service) from a DHCP server on the local network. This allows any computer to easily plug into the local network and be more or less (depending on your operating system) immediately configured with the proper networking parameters.

There are numerous, self-contained boxes on the market that perform all of these tasks. They usually cost between $500 and $1000, and aren't always easy to maintain, although a number of friends have had good experiences with these, too. More problematic, though, is when your Mediaone cable guy freaks out at the sight of this box and refuses to set up your network connection because such a setup isn't "supported."

The other way to go is to use a software solution on top of an existing machine. This is what I decided to do with my old Powermac 7500 which was starting to lag behind in speed on those 400 Mhz Pentium II boxes and G3 Powermacs. I bought a simple $49 Ethernet card from Farallon to get a second network interfaces, and got myself the Vicom Internet Gateway (version 4.5) from Vicom Software.

Installation

As any Macintosh installation, both the hardware and software installs were so easy that I started wondering if I had missed a step. I popped open the case, plugged in the Ethernet card, turned on the box, inserted the driver disk, double-clicked on "Install", and rebooted. The Vicom installation then took one drag and drop, and one reboot.

15 minutes later, I was ready to configure my IP Masquerader.

Configuration

Configuring the Vicom software turned out to be the hardest part. Although a nice guide supposedly leads you through the entire process, one is never presented with what seemed to me like the obvious path:

How are you connected to the Internet? (DHCP, fixed address, PPP, etc...) and over which network interface (Ethernet card 1 or 2?)
How would you like to run your internal network (DHCP, fixed addresses), and over which network interface (Ethernet card 1 or 2?)

Instead, I found the guide so confusing that I set up Vicom without its help, just by trial and error. It took approximately 30 minutes to get things right.

I'm not complaining that 30 minutes is too much, but it definitely could have been shorter. A number of users would probably get confused (especially if they try using the automated setup guide). Vicom may have greatly improved this in version 5.0 of their software, but I have not had the chance to test the newest version.

Long term use

Everyone knows that the Macintosh is less than perfectly reliable. This is why I was expecting to reboot it approximately once a week or so. I also had my doubts as to whether my poor litte 132 Mhz Powermac could handle the routing for a full cable-modem connection at speeds of up to 180K/secc when, by itself, it could never reach that download speed.

On both of these issues, I was quite pleasantly surprised. The Vicom Gateway has never crashed over a period of months. Download speeds quickly reached the cable-modem maximum. The DHCP Server never failed. In fact, the only downtime I've experienced in my Internet connection so far was caused by power failures. As I write this, my Macintosh has been routing my home network for almost two straight months without interruption.

Pricing

The Vicom Gateway costs approximately $200 for a 5-user license (i.e. your router will route only 5 IP addresses out to the outside world). This is not a particularly cheap product, but it is certainly worth the cost.

Security and Advanced Features

The very interesting part of using Vicom on a Mac is the amazing level of security you gain for your internal network. Given that Macs have limited remote administration capabilities, the chance of someone breaking into your Macintosh router is very slim. Breaking into other computers on your internal network is prevented by the firewall properties of the Vicom Gateway: machines on your internal network can never be addressed directly.

This contrasts quite strongly with the other well-known solution to this IP masquerader problem: Linux. Linux PCs ship with the ability to perform IP masquerading right out of the box. However, Linux machines, because of the power they provide with the more modern Linux operating system, are vulnerable to all sorts of attacks and need relatively involved system administration. You may be unpleasantly surprised the day Mediaone decides to cut your connection because your Linux machine has been broken into and is being used as a launching pad for new attacks on other machines. Don't get me wrong: I love Linux. I just keep my Linux box protected on the inside of my home network.

Conclusion

The Vicom Internet Gateway is a clear winner. Once the configuration part is done, the network runs perfectly smoothly, even when the router is a somewhat under-powered machine.

Editor's note: Alternatives to the Vicom/Macintosh are described in the servers chapter of Philip and Alex's Guide to Web Publishing. Basically you can get a little box from Cayman Systems or SonicWall (about $400). You can also install IP masquerading software on a Linux machine (the software is free).

ben@mit.edu

Reader's Comments

Everything good Ben Adida says about Vicom Internet Gateway is equally true of the excellent Macintosh shareware program IPNetRouter by Sustainable Softworks. I have used this program on my PowerMac 7200/75 for about nine months, since my IP masquerading Linux router proved to be too flaky in the presence of power outages. (No flames, please. It's the simple truth.)

IPNetRouter does everything that I can think of wanting a software router to do. Furthermore, it has several advantages over VIG. 1. It supports unlimited clients. 2. The online documentation is excellent! 3. It's shareware. Try before you buy, for up to 30 days. 4. It's cheap: $89 for a one-gateway license, or half that price if you are an educational user.

In this era of slow, buggy bloatware, IPNetRouter is refreshingly small, fast, and reliable - as well as full-featured. And it's shareware, so you lose nothing by trying it.

-- Robert Rhode, April 20, 2000

Add a comment | Add a link