Which is the better solution?

[KommisMar]

My knowledge of networking is still pretty rudimentary, so forgive my ignorance here.

Currently my network setup is very simple. I have my main computer, my roommate's laptop, and a living room HTPC all connected directly to the Internet (Cable) through a janky half-duplex 10mbit network hub. We also do file/printer sharing (NetBIOS).

Technically, I am only paying for one IP address. My ISP has never said anything about the multiple machines, so I haven't said anything, either. I never have more than two of the computers on at the same time, partly because I don't think it would be a good idea, and partly because I'm cable-swapping. Keeping that detail in mind...

About a year ago I migrated to Windows XP and an ISA-free motherboard, leaving a lot of legacy music hardware collecting dust - hardware that I actually want to keep using. I found a place selling refurbished Dell Optiplex Celeron 466 systems for under $100, which gave me an idea. I could buy four or five of these things, put a different classic soundcard into each one, and turn them practically into little stackable sound modules.

In planning this project, I realized that filesharing might be an interesting little problem. Floppies are limiting, and these days you can expect them to go bad after a few uses (what the heck is up with that, anyway?). CD burning is wasteful if the computers are a few feet away from each other. Plus, I just might want to access the Internet from one of these workstations, so I figured networking would make the most sense.

My ISP would freak out if I just bought an 8-port switch, so that's obviously out.

I also initially ruled out a router/switch because my understanding is that I need an external IP address for what I do with my computer. But maybe someone can tell me if I'm wrong here. Both my roommate and I share files on IRC, and if I understand correctly, a router would prevent anyone from sending me a file (ditto for an application like KazaaLite). OTOH, I suppose I could just start using IRC port 6669 and have him keep using 6667, and use port forwarding. Maybe that would be a workaround. Maybe someone could explain what a router prevents you from doing?

Here's the other solution I came up with, which for all I know may not even be possible in WinXPPro. I thought I could set up a second NIC in my computer and connect it to the workstations with a switch, while also having my computer function as an ICS gateway for the workstations. I guess it would be possible, seeing as how plenty of people have similar ICS setups.

So which is the better solution?

[SkyDog]

I'd strongly recommend a router.

First of all, you've got file & print sharing enabled with no firewall. Your roommate may be able to share your files & printers, but so can everyone else on the Internet! If you had a router -- or a software firewall on every machine at the very least -- you could block the file & print sharing ports (137-139) to the outside world (and other vulnerable ports) so that you're not so vulnerable.

I can't comment on how a router affects file transvers via IRC, since I haven't used IRC in a few years. But most routers seem to have configuration options for IRC, so I'd imagine there's a way to make it work. KaZaA Lite works fine through a router with no extra configuration needed.

ICS works essentially the same as a router -- it's basically using your computer to perform network address translation (NAT) instead of having a dedicated box (the router) do it.

One thing just came to mind, though... You could install an additional NIC or two into one of those Dell Optiplexes and use it to run something like Smoothwall. Smoothwall is a Linux-based NAT router, and it's much more configurable than a consumer broadband router or Windows ICS. If there are things you couldn't do with a broadband router, you could almost certainly make them work with Smoothwall.

[KommisMar]

Thanks a lot for the suggestions. Based on what you say, it sounds like a router is definitely the way to go.

I'm not sure if it has something to do with the WinXP services I routinely disable, because I don't run a software firewall, but I don't believe that my file/print sharing ports are open. According to grc.com, I have port 139 stealthed, and auditmypc.com, which allows you to pick which ports to probe, says that I'm not listening on ports 137 and 138.

I dunno...

I still have ports 135 and 445 open, though. Guess there's not much to do about that other than start using a firewall of some sort...

[vertices]

Originally posted by SkyDog
If there are things you couldn't do with a broadband router, you could almost certainly make them work with Smoothwall.

Smoothwall rocks. Been using for it about 2 years now. I absolutely love it.