Windows N
`
`DUMMIES?
`
`Server 4
`
`FOR
`
`by Ed Tittel with Mary Madden &
`
`James Michael Stewart
`
`#
`Hungry Minds"
`
`‘
`
`-\
`
`HUNGRY MINDS, INC.
`
`NewYork, NY 6 lndianapo|is,IN O C|eveland,OH
`
`Petitioner Apple Inc. - Ex. 1031, p. 1
`
`

`
`Windows NT® Server 4 For Dummies®
`Published by
`Hungry Minds. Inc.
`909 Third Avenue
`New York, NY 10022
`.
`www.hungryminds.com
`,
`www.dumm1‘ es . corn (Dummies Press Web site) -
`Copyright © 1999 Hungry Minds, inc. All rights reserved. No part of this book, including interior design, cover design.
`and icons, may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording, or
`otherwise) without the prior written permission of the publisher.
`'
`'
`‘
`Library of Congress Catalog Card No.: 99-60727
`ISBN: 0-7645-0524-6
`
`Printed in the United States of America
`10 9 8 7 6 5
`
`,
`‘
`IBIQV/QU/QRIIN
`Distributed in the United States by Hungry Minds, Inc.
`
`7
`
`Distributed by CDG Books Canada Inc. for Canada; by-Transworld Publishers Limited in the United Kingdom; by
`IDG Norge Books for Norway; by IDG Sweden Books ior Sweden; by IDG Books Australia Publishing Corporation Pty.
`Ltd. for Australia and New Zealand; by TransQuest Publishers Pte Ltd. for Singapore, Malaysia, Thailand. Indonesia,
`and Hong Kong; by Gotop information inc. Ior_Taiv.Fan; by ICG Muse, Inc. for Japan; by lntersoft for South Africa; by
`Eyrolles for France; by international Thomson Publishing for Germany, Austria and Switzerland; by Distrlbuidora
`Cuspide for Argentina; by LR- international for Brazil; by Galileo Libros for Chile; by Ediciones ZETA S.C.R. Ltda. for
`Peru; by WS Computer Publishing Corporation, lnc., for the Philippines; by Contemporanea de Edlciones for
`Venezuela; by Express Computer Distributors for the Caribbean and West Indies: by Micronesia Media Distributor,
`inc. for Micronesia; by Chips Computadoras S.A. de C.V. for Mexico; by Editorial Norma de Panama S.A. for Panama;
`by American Bookshops for Finland.
`
`For general information on Hungry Minds’ products and services please contact our Customer Care Department
`within the U.S. at 800-762-2974, outside the U.S. at 317-572-3993 or fax 317-572-4002.
`
`For sales inquiries and reseller information, including discounts, premium and bulk quantity sales. and foreign-
`language translations. please contact our Customer Care Department at 800-434-3422, fax 317-572-4002. or write to
`Hungry Minds, Inc., Attn: Customer Care Department. 10475 Crosspoint Boulevard, Indianapolis, IN 46256.
`For information on licensing foreign or domestic rights, please contact our Sub-Rights Customer Care Department at
`212-884-5000.
`
`,
`
`For authorization to photocopy items for corporate, personal, or educational use, please contact Copyright Clearance
`Center, 222 Rosewood Drive, Danvers, MA 01923, or fax 978-7'50-4470.
`For information on using Hungry Minds‘ products and services in the classroom or for ordering examination copies.
`please contact our Educational Sales Department at 800-434-2086 or fax 317-572-4005.
`Please contact our Public Relations Department at 212-884-5163 for press review copies or 212-884-5000 for author
`interviews and other publicity information or fax 212-884-5400.
`-
`
`I
`I’-‘
`: THE PUBLISHER AND AUTHOR HAVE USED THEIR BEST
`
`EFFORTS IN PREPARING THIS BOOK. THE PUBIJSHERAND AUTHOR MAKE NO REPRESENTATIONS ORWARRANTIES
`
`
`WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF,THIS BOOK AND SPECIFICALLY
`DISCLAIM ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. THERE
`
`
`ARE NO WARRANTIES WHICH EXTEND BEYOND THE DESCRIPTIONS CONTAINED IN THIS PARAGRAPH. NO
`WARRANTY MAY BE CREATED OR EXTENDED BY SALES REPRESENTATIVES ORWRIFTEN SALES MATERIAIS. THE
`
`
`ACCURACYAND COMPLETENESS OF THE INFORMATION PROVIDED HEREIN AND THE OPINIONS STATED HEREIN
`
`
`ARE NOT GUARANTEED OR WARRANTED TO PRODUCE ANY PARTICULAR RESULTS, AND THE ADVICE AND
`
`
`STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY INDIVIDUAL. NEITHER THE PUBLISHER NOR
`
`
`AUTHOR SHALL BE LIABLE FOR ANY LOSS OF PROFIT OR ANY OTHER COMMERCIAL DAMAGES, INCLUDING BUT
`NOT LIMITED TO SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR OTHER DAMAGES.
`
`Trademarks: Windows NT is a registered trademark of Microsoft Corporation in the United States and/or other
`countries. For Dummies, Dummies Man. A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, and
`related trade dress are registered trademarks or trademarks of Hungry Minds, inc. in the United States and other
`countries, and may not be used without written permission. All other trademarks are the property of their respective
`owners. Hungry Minds. inc. is not associated with any product or vendor mentioned in this book.
`
`
`
`fl‘
`I-IungryMinds-
`
`is a trademark of Hungry Minds, Inc.
`
`Petitioner Apple Inc. - Ex. 1031, p. 2
`
`

`
`Chapter 12
`
`Next on Montel — IP Addresses
`and the Nerds Who Love Them
`
`In This Chapter
`
`p» Working with TCP/IP and NetBlOS names
`
`‘ p Understanding IP addressing, nets, and subnets
`
`hr Obtaining Internet-ready IP addresses
`
`I» Using private IP addresses
`
`b» Using proxy servers and address translation
`
`hr Working with DHCP
`
`p Knowing when to use WINS
`
`yworking with DNS
`IOOOOIIOOOOIIIOIC0000!C0000OOIOCOOOOOOOIIIIIIOICC
`
`TIP/IP drives the Internet and makes it accessible around theworld. TCPI
`
`IP, however, is a lot more than just a collection of protocols: Many
`elements in the TCP/IP marry protocols to related services to provide more
`complete capabilities. Important examples include dynamic address alloca-
`tion and management, known as DHCP, plus domain name to address
`resolution services, known as DNS. You find out about TCP/IP names,
`addresses, and related standard services in this chapter, as well as some
`other services that are unique to Windows NT.
`
`Name-Calling with TCP/Wand NetBl0S
`
`Whenever you issue a command in Windows NT, you're expected to use the
`proper syntax. Otherwise, your efforts might not produce the desired
`results. For example, when you issue a NET USE command from a command
`prompt, youmust enter the server name and a share name, as well as the
`drive you wish to map. Thus, a simple command like N ET USE G :
`\\ LANNRI GHTS\APPS associates the drive letter G: with a share named APPS
`
`Petitioner Apple Inc. - Ex. 1031, p. 3
`
`

`
`I Part III: Hewing Up Your Server
`
`on the LANWRIGHTS server. If you’re using the TCP/IP protocol to convey
`the data involved, the protocol- doesn’t know how to interpret the name
`LANWRIGHTS as the server. Instead, it understands IP addresses, such as
`172.16.1.7.
`
`If you use TCP/IP on your network, you need some way to convert IP ad-
`dresses into names, and vice versa. Just as the United Nations requires
`translators so everyone can communicate, so does Windows NT! That’s why.
`understanding naming conventions and name-to—address resolution is such
`an important part of working with TCP/IP on Windows NT.
`
`NetBIOS names
`
`If you're like most folks, you freeze like a deer in the headlights when you
`hear the word NetBIOS. Don’t worry. Only a small number of people really
`understand NetBIOS in detail, but figuring out what you need to know
`without stressing out is easy.
`-
`
`A NetBIOS name is often called a computer name. When you install Windows
`NT onto a network, each computer that runs Windows NT requires a unique
`computer name. This permits all NetBIOS-based utilities to identify each
`machine by its name. Any time you enter a command that includes a com-
`puter name, Windows NT knows which computer you're talking about.
`
`If you try to give two devices the same name, you run into trouble — like
`trying to use the same Social Security number for two people. Each time a
`computer joins the network, it registers its name with a browser service that
`keeps track of such things. When the second computer with the same name
`tries to register, it is rejected because that name is already “taken.” In fact,
`that machine will be unable to join the network until its name is changed to
`something unique.
`
`When creating NetBIOS names, you need to work within their limitations:
`
`1/ NetBIOS names must be between 1 and 15 characters "long. (If you have
`DOS or Windows 3.x machines on your network, they can't recognize
`NetBIOS names with more than 8 characters.)
`
`1/ NetBIOS names may not contain any of the following characters:
`“ (double quotation mark), / (right slash), \ (left slash), [ (left square
`bracket), ] (right square bracket), : (colon), ; (semicolon),
`I (vertical
`slash), = (equal sign), + (plus sign), * (asterisk), ? (question mark),
`< (left angle bracket), and > (right angle bracket). Dollar signs are not
`recommended because they have a special meaning. (A NetBIOS name
`that ends in $ does not display in a browse list.)
`
`Petitioner Apple Inc. - Ex. 1031, p. 4
`
`

`
`_ Chapter 12: Next on Mental —— IP Addresses and the Nerds Who Love Them
`
`193
`
`1/ Don’t use lengthynames, or put spaces in names. Windows NT doesn‘t
`care if you use longer names or include embedded spaces, but other
`networking clients or systems may not be able to handle such usages.
`
`:4 Pick names that make sense to users that are short and to the point.
`Don’t name machines after their users or locations, especially if users
`come and go regularly, or if machines move around a lot. When it
`comes to servers, name them to indicate organizational role or affilia-
`tion (for example, Sales).
`
`What’s in a NetBlOS name, you ask? A short, clear indication of what's being
`named so that users can recognize what they see. At best, this kind of
`naming convention will make sense without requiring further explanation. At
`the least, you can do what we do and put a sticker with the machine’s name
`on each mon_itor for self-identification purposes. Figure 12-1 shows a list of
`NetBlOS names in our'neI_:work’s Network Neighborhood (names that begin
`with Nts indicate Windows NT Servers, Ntw indicates Windows NT Worksta-
`tions, and Win98 .
`.
`. well, you see what we mean; we also add numbers to
`identify each machine's IP address).
`
`Figure 12-1:
`NetB|0S
`computer
`names ' A
`show upfor
`‘
`machines
`=
`under
`the NT i
`
`Explorer
`Network
`
`Neighborhood.
`
`Enlira Network
`r @
`1:
`
`Nts?-pdc
`
`TC!’/H’ names and addresses
`
`TCP/IP uses a different scheme for names than does NetBIOS. TCP/IP uses
`32-bit numbers to construct IP addresses (for example, 172.16.1.11). Each
`host or node on a TCP/IP network must have a unique IP address.
`
`Petitioner Apple Inc. - Ex. 1031, p. 5
`
`

`
`1 Part III: Rewing Up Your Sewer
`
`IP addresses are not meaningful to most humans and are difficult to remem-
`ber. Thus, it’s helpful to have some way to convert IP addresses into mean-
`ingful names. On an Windows NT network, you use computer names (also
`known as NetBIOS names). The Internet community uses a different naming
`convention called domain names. Translation methods, such as WINS and
`DNS maintain databases for converting an IP address to a computer name
`(WINS) or a domain name (DNS).
`
`If you’ve ever used a Web browser on the Internet, you know that you can
`type a URL (Uniform Resource Locator) such as http: //206 . 224. 65 . 194/
`or http: //www. l anw . com/ to obtain access to a Web page. You can do so
`because the Internet uses the Domain Name Service, also known as DNS, to
`resolve IP addresses to domain names and vice versa. If you type the IP
`address, the Web browser jumps straight to the namedadclress; if you type
`a domain name, your request goes through a DNS server that resolves the
`name to an IP address, and then the browser jumps to the named address
`thereafter.
`‘
`
`In the IP world, the naming scheme you can use is limited if you plan to
`connect your network directly to the Internet. An organization known as the
`Internet Network Information Center, or InterNlC, is in charge of approving
`and maintaining the database of "legal" Internet domain names. You can
`request any domain name you want, but if someone else is using it or has a
`legitimate claim to a trade or brand name“, you won’t be able to use it. For
`example, you probably won’t be able to‘ use rncdonal ds . com or
`cocacol a . com as domain names; likewise, if somebody else has already
`registered xy zcorp . com, you wouldn’t be able to use that name, even if
`your company is" named XYZ Corporation.
`
`—
`
`'
`
`The format for a typical IP name is host.domainname.suffix. The domain '
`name is something you can’t guarantee, but typically represents your
`organization. The suffix sometimes identifies the country of origin (for
`example, .ca is Canada, .de is Germany) or the type of organization (.gov is
`government, .eclu is education, .com is a commercial business, .org is a
`nonprofit organization, and so forth).
`
`Some domain names are more complex; they can take a form like
`host.subdomain.domainname.suffix, as in ,1’ el l 0 . _eng . 5 un . com, where the
`host name is jel l 0, the subdomain is eng (for engineering), and the domain
`name is 5 un (the domain name for Sun Microsystems, Inc.) which is a
`commercial (.com) entity. The only part of the name that’s under control of
`the lnterNIC is the domain name part, and the suffix, but every domain name
`must be unique in its entirety to be recognized properly.
`
`Names that include the host part and the domain name and suffix (plus any
`other subdomain information that may apply) are called Fully Qualified
`Domain Names or FQDNS. To be valid, any FQDN must have a corresponding
`
`Petitioner Apple Inc. - Ex. 1031, p. 6
`
`

`
`__ Chapter 12: Next on Montel - IP Addresses and the Nerds Who Love Them
`
`7 95
`
`entry in some DNS servers database that permits it to be translated into a
`unique numeric TCP/IP address. For example, your authors’ Web server is
`named http : / I www .‘l anw . corn, which resolves into a numeric address of
`206.224.65.194.
`
`As long as you’re completely isolated from the Internet and intend to stay
`that way, you can assign any names and IP addresses you might like on your
`network. But if you ever connect your network to the Internet, you'll have to
`go back and change everything! If your network will be — or simply might
`be — connecting to the Internet, you have one of two options for assigning
`addresses:
`
`1. You can obtain and install valid public IP addresses and domain
`names now.
`
`You can obtain these directly from the InterNIC at some difficulty and
`expense, or you can pay your Internet Service Provider (ISP) to do this
`for you. We recommend the latter course. When you obtain a range of
`’ IP addresses for your network — remember, each computer needs its
`own unique address, and some computers or devices need multiple
`addresses (one for each interface) — make sure you get enough to
`leave some room to grow.
`‘
`
`_
`
`‘2. You can (and should) obtain a valid domain name from the InterNIC,
`but you can use any of a range of reserved IP addresses called
`private IP addresses to number your networks.
`
`These addresses may not be used directly on the Internet, but have
`been set aside for private use. When used in concert with a type of
`software called Network Address Translation (or NAT for short), this
`approach requires you to obtain only a small number'of public IP
`addresses but still permits Internet access for every computer on your
`network. This topic is discussed in more detail later in this chapter in
`the section “The magic of proxy servers and address translation."
`
`To find out more about the process of obtaining a domain name, visit the
`lnterNIC’s_ Web site at htt p : I / 1' nte rni c . net and click the hyperlink that
`reads “domain name registration services.” You‘ll find details on name
`registration services and well as the directory and database services that
`support the Internet's distributed collection of DNS servers.
`
`If you’re thinking about registering a domain name, check the existing name
`database at the lnterNlC Web site to make sure that name's not already
`
`J assigned to somebody else. Why ask for something you can't have?
`
`Petitioner Apple Inc. - Ex. 1031, p. 7
`
`

`
`7 Part III: Rowing Up Your Sewer
`
`
`
`An Address for Every Node
`
`A unique numeric identification tag, called an IP address, is assigned to each
`interface on a TCPflP network. Every IP address within a TCP/IP network
`must be unique. Each device on a TCP/IP network is known as a host. Each
`host has at least one network interface with an assigned IP address. How-
`ever, a host can have multiple network interface cards (NICS), and even
`multiple IP addresses assigned to each NIC.
`
`Of network and host IDs
`
`An IP address consists of two components: a network ID and a host ID. The
`network lD identifies the network segment to which the host belongs. The
`host ID identifies an individual host on some specific network segment. A
`host can only communicate directly with other hosts on the same network
`segment. A network segment is a logical division of a network into unique
`numeric network Ids called subnets. A host must use a router to communi-
`cate with hosts on other subnets.
`
`A router moves packets from one "subnet to another. A router reads the
`network ID for a pa'cket’s destination address and determines if that packet
`should remain on the current subnet or be routed to a different subnet.
`When a router delivers a packet to the correct subnet, the router then uses
`the host ID portion of the destination address to deliver the packet to its
`final destination.
`
`A typical IP address looks like 207.46.131.13? (which matches the domain
`name http : / /www . mi c ros oft . com). This numeric IP address format is
`known as dotted-decimal notation. But computers “see" IP addresses as
`binary numbers. This same IP address is 11001111 00101110 10000011
`10001001 in binary form and written in collections of eight bits called octets.
`Each octet is converted to a decimal number and then separated by periods
`to form the dotted-decimal notation format shown at the beginning of this
`paragraph. The decimal version of IP addresses is more human friendly than
`binary. As you may already know, domain names and NetBl0S names are still
`more friendly because they use symbolic names thatmake sense to humans.
`
`An IP address requires 32 binary digits and defines a 32-bit address space
`that supports nearly 4.3 billion unique addresses. Although this seems like a
`lot of addresses, the number of available IP addresses is dwindling. Conse-
`quently, several plans exist to expand or change the IP addressing scheme
`to open up many more addresses. For more information on such plans
`please visit the Web site at: http: //www.6bone.net/ngtr*ans.htm1.
`
`Petitioner Apple Inc. - Ex. 1031, p. 8
`
`

`
`_ Chapter ‘I2: Next on Montel — IP Addresses and the Nerds Who Love Them
`
`1 9 7
`
`IP designers carved the entire galaxy of IP addresses into classes, to meet
`different addressing needs. Today, there are five IP address classes labeled
`by the letters A through E. Classes A, B, and C are assigned to organizations
`to allow their networks to connect to the Internet, and Classes D and E are
`reserved for special uses.
`
`The first three classes of addresses differ by ‘how their network 1D is
`defined:
`
`1/ Class A addresses use the first octet for the network ID.
`
`1/ Class B uses the first two octets.
`
`1/ Class C uses the first three.
`
`Class A addresses support a relatively small number of networks, each with
`' a huge number of possible hosts. Class C addresses support a large-number
`of networks, each with a relatively small number of hosts as shown in Table
`12-1 (Class B falls in the middle). Thus, branches of the military, government
`agencies, and large corporations are likely to need Class A addresses,
`medium-sized organizations and companies Class B addresses, and small
`companies and organizations Class C addresses.
`
`When it comes to recognizing address classes A through C, the network [D
`for Class A addresses always starts its first octet with a zero. Each Class B
`network ID always starts with 10, while Class C network IDs always start
`with 110. Consequently, you can determine address class by examining an
`address, either in binary or decimal form. (See Tables 12-1 and 12-2.)
`
`Address Classes and Corresponding
`Table 12-1
`
`-
`‘
`_ Network and Host IDs
`
`Class ,
`
`High-Order Bits
`
`First Octet flange
`
`#Netwarks
`
`#Hosts
`
`Class A
`Class B
`
`Dxxxxxxx
`iilxxxxxx
`
`1-1 26.x.y.z
`128—191.x.y.z
`
`126
`15,334
`
`16,777,214
`55,534"
`
`
`
`2,097,152
`
`254
`
`Class C
`
`110xxxxx
`
`-
`
`192-223.x.y.z
`
`Table 12-2 ;
`Division of IP Address Component Oetets
`
`According to Class
`
`Class
`A
`1
`
`B
`
`IP Address
`1o.1.1.1u
`
`172.16.1.1o
`
`Network ID
`10
`
`172.16
`
`Host ID
`1.1.10
`
`1.10
`
`
`T C
`192.168.1.1il
`192.168.1
`10
`
`Petitioner Apple Inc. - Ex. 1031, p. 9
`
`

`
`
`
` 1 Part III: Revving Up Your Server ' I
`
`
`
`
`Note: Network ID 127 is missing from Table 12—1. That's because 12? is a
`loopback address (when testing IP transmission, it transmits to itself).
`
`No valid IP address may include an octet that consists entirely of ones or
`zeros (0 or 255 in decimal), because these addresses are reserved for
`broadcast addresses (255) and subnet identification (0).
`
`Subnetting I1’ addresses
`
`Subnets represent divisions of a single TCP/IP network address into logical
`subsets. The motivation for subnetting is twofold. First, subnetting reduces
`the amount of overall traffic on any network segment by collecting systems
`that communicate often into groups. Second, subnetting makes is easier for
`networks to grow and expand, and adds an extra layer of security controls.
`Subnets work by “stealing" bits from the host part of an IP address and
`using those bits to subdivide a single IP network address into two or more
`subnets.
`
`Subnet‘-masks are typically used to divide IP address blocks into smaller
`subnetworks. The base subnet masks for Class A, B, and C networks are
`255.0.0.0, 255.255.0.0, and 255.255.255.0 respectively. By adding extra bits set
`to I in the space occupied by the 0 that appears next to the rightmost 255 in
`any such number, additional subnet masks may be created. This transforma-
`tion is illustrated in Table 12-3, which shows the some typical values for
`usable subnet masks.
`
`
`
`Petitioner Apple Inc. - Ex. 1031, p. 10
`
`

`
`__ Chapter 12: Next on Montel — IP Addresses and the Nerds Who Love Them
`
`
`1 99
`
`
`
`
`
` Table 12-3 . subnet Masks and Results
`
`Binary Mask
`
`00000000
`
`'
`
`Decimal
`Equivalent
`
`-
`
`A: 25500.0
`B: 255255.00
`13: 255.255.255.0
`
`A: 255.128.0.0
`B: 255.255.128.0
`13: 255.255.255.128
`
`10000000
`
`11000000
`
`11100000
`
`11110000
`
`-'
`
`11111000
`
`11111100
`
`11111110
`
`'
`
`.
`
`—'
`
`A: 255.192.0.0
`B: 255.255.1920
`C: 255.255.255.152
`
`A: 255.224.0.0
`B: 255.255.224.0
`0: 255.255.255.224
`
`A: 255.240.0.0
`B: 255.255.2400
`C: 255.255.255.240
`
`A
`
`A: 255.24B.0.0
`B: 255.255.2480
`0: 255.255.255.240
`
`A: 255.252.0.0
`B: 255.255.252.0
`C: 255.255.255.252
`
`A: 255.254.0.0
`B: 255.255.2540
`C: 255.255.255.254
`
`Number of New
`Sub.-Jets
`
`Number of
`Hosts
`
`A: 16,777,214
`B: 65.534
`C: 254
`
`A: Not valid
`B: Not valid
`0: Not valid
`
`A: 4,194,302
`B: 16,382
`C: 52
`
`A: 2,0911 50
`B: 8,190
`0: 30
`
`A: 1,048,574
`B: 4,054
`13: 14
`
`A: 524,206
`B: 2,046
`0: 5
`
`A: 262,142
`B: 1022
`0: 2
`
`A: 131,070
`B: 510
`C: Not valid
`
`1
`
`Not valid
`
`2
`
`15
`
`14
`
`30
`
`62
`
`126
`
`
`
`Because routers are required to communicate across IP subnets, some
`router’s IP address on each subnet must be known to every client on that
`subnet. This address is called the default gateway, because it is where all
`out-of-subnet transmissions are directed by default (it’s the gateway to the
`world outside each Ioc_al subnet, in other words). If no default gateway is
`defined, clients can‘t communicate outside their subnet.
`
`Going: ublic: Obtaining Internet-ready
`U’ ad resses
`
`Deploying your own network or using a stand-alone system with NAT to
`connect to the Internet requires that you obtain one or more valid IP
`
`Petitioner Apple Inc. - Ex. 1031, p. 11
`
`

`
`Part III: Revving Up Your Sewer
`
`addresses. For some uses, you may simply contract with an ISP to use a dial-
`up connection. Each time you connect you’lI be-assigned an IP address
`automatically from a pool of available addresses. Once you disconnect from
`the ISP, that IP address will return to the pool for re-use. This works equally
`well for stand-alone machines and for the servers that might dial into an ISP
`to provide an on-demand connection for users who have private IP ad-
`dresses but can attach to the Internet using NAT software.
`
`One way to attach an entire network to the Internet, is to lease a block or
`subnet of IP addresses from an ISP. Leasing IP addresses can be expensive
`and can limit your growth. Also, many ISPs can no longer lease large blocks
`of IP addresses so you may have to limit Internet access to specific ma-
`chines or subnets.
`
`For more information about taking this approach, you need to contact your
`ISP to find out what it can offer by way of available addresses and contigu-
`ous subnets. For some uses, public IP addresses are required because
`security needs dictate a true “end-to-end" connection between clients and
`servers across the Internet. In plain English, a true end-to-end connection
`means that the IP address that a client advertises to the Internet is the same
`
`one it uses in reality. In the section “The magic of proxy servers and address
`translation," you discover an alternate approach where the IP address
`advertised to the Internet is different from the private IP address that a
`client uses on its home subnet.
`-
`
`
`
`For some applications, particularly where secure IP-based protocols like
`lPSec (IP Secure) or particular Secure Sockets Layer (SSL) implementations
`are required, network address translation techniques may not work! Make
`sure you understand your application requirements in detail before you
`decide whether to lease public IP addresses or use private IP addresses with
`network address translation.
`
`The magic of proxy servers and
`address translation
`
`If you don't want to pay to lease a range of IP addresses, and your applica-
`tion requirements permit you to use private IP addresses, you can employ
`the IP addresses reserved for private use in RFC 1918 on your networks.
`When used in combination with network address translation software to
`
`connect to an ISP, a single public_ IP address (or one for each Internet
`connection) is all you need to service an entire network.
`
`RFC 1918 (http : //www . faqs . org/rfcs/rfc1918 . htmi) defines special IP
`addresses for use on private intranets. These addresses, which appear in
`Table 12-4, will not be routed on the Internet by design. This approach
`actually provides improved security for your network as a fringe benefit,
`
`Petitioner Apple Inc. - Ex. 1031, p. 12
`
`

`
`_ Chapter 12: Next on Mantel — IP Addresses and the Nerds Who Love Them
`
`because it means that any impostor who wants to break into your network
`cannot easily masquerade as a local workstation. (Doing so would require
`routing a private_lP address packet across the Internet.) Because all of these
`addresses are up for grabs, you can use whatever address class makes sense
`for your organization (and for1Class B and Class C addresses, you can use as
`many as you need within the legal range of such addresses).
`
`Table 12-4
`
`Private IP Address Ranges from RFC 1918
`
`Class
`
`Address Range
`
`ii‘ Networks
`
`A
`
`10.0.0.0 - 10.255.255.255
`
`1
`
`‘
`
`15
`._ 172,115.00 - 172.31.255.255
`'
`B
`C 254 .192.168.U.lJ — 192.153.255.255
`
`
`
`
`
`Thus, usin__g address translation software to offer Internet access reduces
`your costs and allows nearly unlimited growth. If you think private IP
`addresses‘ combined with NAT software makes sense for your situation,
`consult with your ISP for specific details and recommendations on how to
`use this technology on your network.
`
`You've probably heard the terms firewall and proxy thrown about often
`when reading or talking about Internet access. Firewalls and proxy servers
`are networking tools that are little more than special-purpose routers. A
`firewall may be used to filter traffic, both inbound or outbound.
`
`Firewall filters can be based on source or destination address, a specific
`protocol, or port address, or even on patterns that appear in the content or
`a data packet. A proxy server is an enhanced firewall, and its primary
`purpose is to manage communications between an in-house network and
`external networks such as the Internet. Proxies hide the identity of internal
`clients and can keep local copies of resources that are accessed frequently
`(this is called caching, and improves response time for users),
`
`You can check out several great online resources for firewalls, but online
`information on proxies is limited to product documentation. In addition to
`consulting the Windows NT Server Resource Kit and 'l'echNet, here are
`several online resources you might want to check to discover more about
`these technologies:
`
`1/ Zeuros Firewall Resource: www . ze u M s . C o . u kl
`
`1/ Firewall Overview: www . access . d1’ gek . net/~bdboyl e/f1‘ rewall .
`vendor.html
`
`V Great Circle Associates: www . g r'e'atc1' rcl e. coml
`
`:/ 4 Firewalls: www.4f1' rewai 1 s . com/
`
`1/ Microsoft’s Proxy Server 2.0: www . mi crros oft . comlproxyl
`
`Petitioner Apple Inc. - Ex. 1031, p. 13
`
`

`
`Part-III: Hewing Up Your Server
`
`1/Aver_1tailVPN: www.aventail .com/
`1/ Netscape’s_Proxy Server: www . netscape.com/
`
`1/ Ositis Software’s WinProxy: www. osi ti 5 . com!
`
`1/ Deerfield Communication’s WinGate Pro: www. dee r'fi el d . com!
`
`For example, your authors use Ositis Software’s WinProxy product, which
`acts as a proxy and provides NAT services, to link their networks to an ISP
`across an ISDN connection. We allow the ISP to assign us an IF’ address each
`-time we log onto their host for an Internet connection. This doesn't matter
`because the NAT services translate between whatever address they assign
`us and the internal addresses each machine uses on the other side of the
`
`WinProxy software. We only pay for the temporary use of a single IP ad-
`dress, but we can handle up to eight connections to the Internet at a time!
`
`Go Figure: Configuring IP Addresses '
`for Windows NT Server
`
`Configuring TCP/IF’ on Windows NT Server can range from simple to com-
`plex. We review the simple process and discuss a few advanced items, but
`for complex configurations, you should consult a reference such as the
`Windows NT Server Resource Kit or 'I'echNet.
`‘
`
`Three basic items are always required for configuring TCP/JP:
`
`1/ IP address“
`
`1/ Subnet mask
`
`1/ Default gateway
`
`With just these three items, you can connect a client or server to a network.
`The protocol is. configured on the Protocol tab of the Network applet. If the
`protocol isn’t installed already; click the Add button to display a list of
`installable protocols. If it’s already installed, select TCP/IP in the list and
`click Properties.
`
`The TCP/IP Properties dialog box has five tabs. The first tab, Microsoft
`TCP/IP Properties dialog box (see Figure 12-2), is where the three IP configu-
`ration basics are defined. Notice there’s a selection to obtain an IP address
`
`from a DHCP server. Because most servers don’t work well using dynamic IP
`addresses, you should define a static IP address for your Windows NT .
`Server instead of using DHCP. You will either obtain a public IP address from
`your ISP, or use a private IP address from one of thereserved address
`ranges defined in RFC 1918.
`
`Petitioner Apple Inc. - Ex. 1031, p. 14
`
`

`
`__ Chapter 12: Next on Montel — IP Addresses and the Nerds Who Love Them 2
`
`Likewise, you must calculate a subnet mask for your network. Here again,
`you may obtain this from your ISP if you're using public IP addresses, or
`calculate your own if you‘re using private IP addresses. In most cases where
`private IP addresses are used, the default subnet mask for the address class
`should work without alteration or additional calculations.
`
`Finally, you must also provide a default gateway address for your server.
`The default gateway shouldbe the address of the router on the local subnet
`to which the server is attached that can forward outbound traffic to other
`
`network segments. On networks using public IP addresses, this will probably
`be a router, firewall, or proxy server that connects the local subnet to other
`subnets or the Internet. On networks using private [P addresses, this will
`usually be the machine where the proxy and NAT software resides, that
`mediates between the local subnet and an Internet connection.
`
`Once you define an IP address, a subnet mask, and a default gateway, click
`OK, then close the Network applet, and reboot. That’s all there is to basic
`TCP/lP configuration on Windows NT!
`
`Hrcrorofl TEPIIP Pro unic-
`
`T _
`
`dialog box.
`
`_
`
`Figure 12-2:
`Microsoft
`TCPIIP 1'."
`Properties '.
`
`-
`
`More complex configurations become necessary when your network is
`larger, and therefore, more complicated. The DNS tab is where you can
`define IP addresses for one or more Domain Name System (DNS) servers.
`DNS servers resolve domain names into IP addres