Washington Apple Pi

A Community of Apple iPad, iPhone and Mac Users

 

Setting Up A Network With A Firewall

 By Edgar Durbin

 Washington Apple Pi Journal, April/May 2001, pp. 53-64, reprint information

The year 2000 ended on an upbeat for me, as I succeeded just before Christmas in connecting all the Macs in our home to a network that connected via a hardware firewall to the Internet using Verizon DSL service. The improvements I made in 2000 to our home computing system included:

  • An Ethernet network connecting my Quadra 800 and laser printer upstairs to my wife's G3 Macintosh downstairs;
  • An AirPort Base Station bridging a wireless network to the hardwired Ethernet;
  • An iBook allowing me to connect to the Internet from anywhere in our home;
  • A DSL bridge connecting me to Verizon Online;
  • A SonicWALL firewall protecting my internal networks from Internet hackers;
  • A new G4 Macintosh for me, to ultimately replace my Quadra 800.

Doing all that was not painless, but it was worth it. There are fewer delays to connect to the Internet, I can browse much faster, and I can compute and connect from any place in the house. Getting to this point involved several steps, some easy and others harder. You can set up an Airport wireless network using Airport cards and a Base Station very easily. If you have already set up a dialup connection to the Internet using the Remote Access control panel, the AirPort Setup Assistant will configure your Macintosh and the Base Station for you. Setting up an Ethernet network is easy, too. You just plug all the Ethernet capable computers and printers into a hub, open the AppleTalk control panel and set AppleTalk to Connect via Ethernet. If you want to share files between the computers on the network, turn on file sharing with the File Sharing control panel. If you want to browse via Ethernet, open the TCP/IP control panel, and set Connect via Ethernet. It's simple:

  • To print you use Apple Talk;
  • To share you use File Sharing; and
  • To browse you use TCP/IP.

Well, it's really not that simple, or I wouldn't be writing this article. The Internet in particular can be a little frustrating, and firewalls finally prodded me to look into how networks work, since there are so many parameters in their configuration.

Networks are complicated, and it helps to sort out the pieces in two dimensions. First, networks can be sorted by type or suite or company. For example, there are different suites of protocols for networks built by IBM, DEC, Microsoft, Novell, Apple, Xerox, and the generic TCP/IP.

Second, protocols are divided into layers. There are several naming systems for protocol layers. The system developed by the International Organization for Standardization (ISO) is called the Open Systems Interconnect (OSI) Reference Model, and has seven layers. The US Department of Defense system has only five layers, merging OSI layers 7-5. The IEEE breaks OSI layer 2 into two layers, not shown in Figure 1. Also, this figure is a simplification, since some protocols span more than one layer. More on this when we discuss Ethernet, below.

 OSI LAYER

 SERVICE

 TCP/IP SUITE

 APPLE

 MICROSOFT

 NOVELL

 

7

 

Application

 

File transfer, browsing, mail, network management, remote terminal session

 

FTP, Finger, HTTP, SHTTP, POP3, SMTP, SNMP, Telnet

 

 

 

 

6

 

Presentation

 

Encryption, data conversion (e.g. BCD to binary, ASCII to EBCDIC)

 

 

AppleTalk Filing Protocol (AFP)

 

Server Message Block (SMB)

 

NetWare Core Protocols (NCP)

 

5

 

Session

 

Start, stop session

 

DNS

 

AppleTalk Session Protocol (ASP)

 

Network Basic Input/Output System (NetBIOS)

 

Network Basic Input/Output System (NetBIOS)

 

4

 

Transport

 

Flow control, multiplexing, error checking and recovery

 

TCP, UDP

 

AppleTalk Transaction Protocol (ATP)

 

Network Basic Extended User Interface (NetBEUI)

 

Sequenced Packet Exchange (SPX)

 

3

 

Network

 

Routing to LANs and WANs

 

IP, DHCP

 

Datagram Delivery Protocol (DDP)

 

 

Internet Packet Exchange (IPX)

 

2

 

Data Link

 

Transmit data from node to node

 

SLIP, PPP

 

 

 

 

1

 

Physical

 

Cabling and electrical signals

 

Ethernet

 

Ethernet

 

Ethernet

 

Ethernet


Figure 1: Sorting of the TCP/IP protocols into OSI layers

AppleTalk is used for printing and file sharing on the Macintosh. It can be turned on or off with the AppleTalk Control Panel. You also select the port by which your Mac connects to the AppleTalk network: either via the modem port, the printer port, or the Ethernet port. For some peripherals AppleTalk must be turned off. For example, AppleTalk must be turned off for my Olympus digital camera to connect to my Mac via the printer port. I haven't learned more about AppleTalk than that, because Apple has made it simple for the user. TCP/IP, the suite of protocols used on the Internet, is not so simple, and so I have more to say about that.

Each layer of a network has a function, as indicated in Figure 1. A given layer in the OSI stack generally communicates with three other OSI layers: the layer directly above it, the layer directly below it, and its peer layer in other networked computer systems. A layer communicates with another in order to obtain the service it provides.

Communications are broken into pieces (called packets or datagrams or frames), each with a header containing addressing information. It's as though a book was sent through the mail page by page, each page wrapped in an envelope (datagram) with an address (header) on the outside.

For data to move across a network from one application to another, it must move through each of the OSI levels. For example, when you request a web page, your browser application must send that request to the Application layer. It acquires a header and is sent to the Presentation layer, where it is again encapsulated within another protocol, given another header, and sent down to the Session layer. It moves on down to the Physical layer, where it is transported over the Ethernet cables. The concept of encapsulation is depicted in Figure 2.

 System A

 

 

 

 

 System B

 

7

 

 

 

 

 

7

 

6

 

 

 

 

 

6

 

5

 

 

 

 

 

5

 

4

 

 

 

Header 4

 

Data

 

4

 

3

 

 

Header 3

 

Data

 

3

 

2

 

Header 2

 

Data

 

2

 

1

 

Data

 

1

Figure 2: Encapsulation of protocols

I will not talk about each of the TCP/IP protocols, but will limit this article to those topics you may need to set up a home network like the one in my house. That work will involve the use of the three control panels I mentioned above: AppleTalk, File Sharing, and TCP/IP. In addition, setting up a SonicWALL firewall will lead us to several other topics.

First, note that both AppleTalk and TCP/IP run over Ethernet. This is indicated in Figure 1, and is reflected in the Connect via Ethernet setting that you make in the two control panels. Ethernet is a LAN protocol that operates at OSI layers 1 and 2. That is, it moves data around inside my house, but to get the data out to the phone company and onto the Internet, higher layer protocols (PPP, IP, TCP) are needed. Ethernet comes in various flavors, of which the most familiar is 10BaseT. The 10 means 10 MHz, the rate at which bits are transmitted. The T means twisted pair, the physical conductor of 10BaseT Ethernet. Other types of Ethernet include Gigabit Ethernet, 100BaseT, 10Base5 (ThickNet), and 10Base2 (ThinNet). The last two types use more expensive coaxial cable and connectors, and have been replaced for the most part by 10BaseT and 100BaseT. Gigabit Ethernet operates at one billion bits per second over optical fiber. An Ethernet frame is shown in Figure 3.

 LENGTH (bits)

 FIELD NAME

 FUNCTION

 

64

 

Preamble

 

Alerts receiving nodes that a frame is coming

 

48

 

Destination address

 

To: MAC address

 

48

 

Source address

 

From: MAC address

 

16

 

Type

 

Specifies the upper-layer protocol to receive the data after Ethernet processing is completed.

 

368-12,000

 

Data

 

 

32

 

FCS

 

Frame check sequence to detect errors


Figure 3: Ethernet frame

The IEEE (Institute of Electrical and Electronic Engineers) has broken the Data Link layer into two sublayers, the Logical Link Control (LLC) and Media Access Control (MAC). MAC addresses are hardware addresses that identify each node on a network. They are also known as Ethernet addresses. MAC addresses are 48 bits in length and are expressed as 12 hexadecimal digits. A hexidecimal digit can take the 16 values 0-15, and is written 0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F. The MAC address of the Ethernet card on the computer on which I am writing this is 00 30 65 51 0E A8, sometimes written 00:30:65:A8:51:0E. The first 6 hexadecimal digits, which are administered by the IEEE, identify the manufacturer or vendor. You can find the MAC address of your Mac from the TCP/IP Control Panel. Click the Info button in the lower left corner of the TCP/IP window, and the MAC address will be displayed as the hardware address. You needn't be concerned with the MAC address, since you don't have any control over it, with standard Apple software. It is set at the factory, and you don't reset it or enter it in any control panel or firewall configuration. Figure 4 gives the settings in the AppleTalk Control Panels for three computers on my home network.

 AppleTalk

 iBook

 G4

 Quadra 800

 

Connect via

 

AirPort

 

Ethernet

 

Ethernet

 

Current zone

 

<no zones available>

 

<no zones available>

 

<no zones available>

 

AppleTalk address

 

 

 

 

Node

 

174

 

128

 

92

 

Network

 

65114

 

65802

 

65664

 

Network range

 

0 to 65534

 

0 to 65534

 

0 to 65534

 

Addresses

 

 

 

 

This Macintosh

 

65114.174

 

65802.128

 

65664.92

 

Hardware address

 

00 30 65 30 10 73

 

00 30 65 51 0E A8

 

08 00 07 2B D2 9C

 

Router

 

<not available>

 

<not available>

 

<not available>


Figure 4: AppleTalk Control Panel settings

The AppleTalk Control Panel is a view into OSI layers 1 and 2 on your Macintosh. When you open the TCP/IP Control Panel, you're into OSI layers 3 and 4. The Internet Protocol (IP) is in layer 3 of the TCP/IP protocol stack. An IP datagram is shown in Figure 5.

 

 LENGTH (bits)

 FIELD NAME

 FUNCTION

 

IP Header

 

4

 

Version

 

Version of the IP header

 

 

4

 

IHL

 

Internet header length in units of 32 bit words; points at beginning of data

 

 

8

 

Type of service

 

Quality of service, in terms of precedence, delay, throughput and reliability

 

 

16

 

Total length

 

Total length of datagram, in units of 8 bit words; usually limited to 576 octets

 

 

16

 

Identification

 

Aids in assembling the fragments of a datagram

 

 

3

 

Flag

 

Controls fragmentation of datagram

 

 

13

 

Fragment offset

 

Indicates where in the datagram this fragment belongs

 

 

8

 

Time to live

 

Limits the time a datagram can stay in the internet system

 

 

8

 

Protocol

 

Indicates the next level protocol used in the data portion of the datagram

 

 

16

 

Header checksum

 

Error detection for the header only

 

 

32

 

Source address

 

IP address of the author of the datagram

 

 

32

 

Destination address

 

IP address of the destination to which the datagram is directed

 

 

32

 

Options + Padding

 

 

 

Variable

 

Data

 


Figure 5: Internet Protocol version 1, 1981

The fields of the IP header you are most often concerned with are the Source Address and Destination Address. These are the To and From IP addresses. Since a 32-bit digital number is inconveniently long to write in digital format, IP addresses are written as four "octets" separated by periods. An octet can take 28 =256 values from 0 to 255. E.g. the IP address for google.com is 64.208.34.100. Written in digital format, that is 00001000000110100001000101100100, which is harder to copy without error. IP addresses are assigned by the Internet Address Naming Authority (IANA) so that no two servers have the same address. The IANA has left some blocks of IP addresses unassigned, reserved for the use of private intranets, such as the private network behind my firewall. The unassigned IP number ranges are 10.x.x.x, 172.16.x.x-172.32.x.x, and 192.168.x.x, where x can have any value from 0 to 255. Therefore, there should be no servers connected to the Internet with an address in those ranges. Since 232 = 4,294,967,296, the IP version 4 limit of 32 bit IP addresses means there can be no more than 4.3 billion IP addresses. With the growth in the internet and in the use of TCP/IP, this limit is being reached, so IP version 6, being introduced now, will use IP addresses up to 128 bits long.

The service provided by IP is transmission of datagrams, fragmentation of large datagrams when required, and reassembly of datagram fragments. The IP service does not include reliability (error detection and correction), flow control (adjusting transmission rate so slower nodes can keep up with faster nodes), or proper sequencing of datagrams to reassemble a long message. Those services are provided instead by a higher level protocol, the Transmission Control Protocol (TCP). A TCP datagram is shown in Figure 6.

 

 LENGTH (bits)

 FIELD NAME

 FUNCTION

 

TCP Header

 

16

 

Source port

 

 

 

16

 

Destination port

 

 

 

32

 

Sequence number

 

 

 

32

 

Acknowledgement number

 

 

 

4

 

Data offset

 

Total length of TCP header, in units of 32bit words; points to where the data begins

 

 

6

 

Reserved

 

For future use

 

 

6

 

Control bits

 

 

 

16

 

Window

 

Limit on the size of data field, in units of 8bits

 

 

16

 

Checksum

 

Error detection for header and data

 

 

16

 

Urgent pointer

 

 

 

32

 

Options + Padding

 

 

 

 

Data

 

TCP data or higher layer protocol


Figure 6: Transmission Control Protocol Datagram

The port fields in a TCP header are used by the firewall to correctly route messages from the Internet to the proper clients on the LAN. They are also used for messages going the other direction, from clients to servers that offer multiple services. A single server on the Internet can host more than one service. That is, it may serve files using FTP and web pages using HTTP and mail using SMTP. A client request is directed to the correct service by the destination port number, which is part of the request. The destination port is a 16-bit number (0 to 65525) in the TCP protocol. The TCP header also contains the source port number. Some port numbers (0-1023) are "well known", a list that is maintained by the IANA (Internet Assigned Numbers Authority). Some of these are shown in Figure 7.

 PORT

 SERVICE

 

23

 

Telnet

 

20

 

FTP (File Transfer Protocol)

 

21

 

FTP

 

25

 

SMTP (Simple Mail Transport Protocol)

 

53

 

DNS (Domain name server)

 

70

 

GOPHER

 

79

 

Finger

 

80

 

HTTP (Hypertext Transfer Protocol)

 

107

 

Remote Telnet

 

109

 

POP (Post Office Protocol)

 

110

 

POP

 

144

 

News

 

194

 

IRC (Internet Relay Chat Protocol)

 

220

 

IMAP (Interactive Mail Access Protocol)

 

531

 

Chat

 

532

 

Readnews

 

 


Figure 7: Example well known port numbers

Note that we have defined three different addresses used in the TCP/IP suite:

  • At OSI layer 2, the MAC or hardware or Ethernet address. E.g. 00:30:65:51:0E:A8 for the Ethernet card in my computer.
  • At OSI layer 3, the IP address. E.g. 142.155.40.17 for my firewall public side.
  • At OSI layer 4, the port number, part of the TCP header. E.g. 80 for http and 23 for Telnet.

Which address is used depends on which service is being performed. En route to your Internet service provider, a datagram traverses several other devices, and depending on the function performed by each device, it is passed up to the layer at which the function is performed, then passed back down to the Physical layer for transmission to the next node. For example, an Ethernet hub is an OSI layer 1 device, so it just passes on the signals it receives from one node to all other ports on the hub, without any translation. However, a bridge, such as a Base Station, needs a MAC address to which to forward a datagram. This is a level 2 function. My firewall allows only packets to pass that pass certain tests, and those tests can be at levels 3, 4, or 5.

The TCP/IP Control Panel is the place where you set the IP address of your computer and of your ISP. Figure 8 shows the TCP/IP settings for three of the computers in my home network, which is shown in Figure 9. The possible settings for the Configure field are Manually, Using PPP Server, Using BootP Server, and Using DHCP Server. If I had a fixed IP address given me by my ISP and no firewall, I would Configure Manually and enter that IP address in TCP/IP. However, I am using a firewall, which defines a LAN on the "safe" side. The other side of the firewall is the WAN, or Internet side. The Configure Using DHCP Server setting in TCP/IP Control Panels means that all three computers, which are on the LAN, get their IP addresses from the firewall. DHCP stands for "Dynamic Host Configuration Protocol". DHCP's purpose is to supply you an IP address, from a pool held by the server. The alternative is for each client to have a fixed IP address, which would mean more IP addresses would be used. DHCP runs over UDP, utilizing ports 67 and 68. In DHCP's typical use, the server uses a requesting computer's MAC address to uniquely identify it. A DHCP lease is the amount of time that the DHCP server grants to the DHCP client permission to use a particular IP address. I didn't enter the values shown in Figure 8; they were provided by the firewall. For this to happen, I have to tell each computer, using the TCP/IP Control Panels, to look to the router (the firewall) at 192.168.114.1 for an IP address; and I have to tell the firewall to turn on DHCP. (I'll show where you do that later.)

 TCP/IP

 iBook

 G4

 Quadra 800

 

Connect via

 

AirPort

 

Ethernet

 

Ethernet

 

Configure

 

Using DHCP Server

 

Using DHCP Server

 

Using DHCP Server

 

IP Address

 

192.168.114.4

 

192.168.114.2

 

192.168.114.5

 

Subnet mask

 

255.255.255.0

 

255.255.255.0

 

255.255.255.0

 

Router address

 

192.168.114.1

 

192.168.114.1

 

192.168.114.1

 

Name server addr.

 

blank

 

199.46.23.38

 

199.46.23.38


Figure 8: TCP/IP Control Panel settings


         
         

                                  H-P Laserjet Quadra800
                                            \ /
Internet---PhoneCo---DSLmodem---SonicWALL---Hub---G4
                                            / \
                          iBook---BaseStation G3 downstairs

Figure 9: My home network

The field Subnet Mask tells each computer what is local and what is remote. If a computer wants to communicate with an IP address that is local (on the LAN), it does so directly. If it wants to communicate with a remote IP address (on the Internet), it has to go via the router, whose address is given in another field in the TCP/IP Control Panel. The operation of a subnet mask is better understood if we rewrite it in binary notation. When we do that, 255.255.255.0 becomes 11111111.11111111.11111111.00000000. The 1 means "same as" and the 0 means "variable". The subnet mask is added to the router address, and the result is "Any IP address that is same as 192.168.114.x where x is between 0 and 255 is on the LAN". With this subnet mask, there can be 255 nodes on the LAN.

The Name Server Address gives the location of the server that converts URLs (uniform resource locators, such as google.com and wap.org) to IP addresses. Domain names are easier to remember than IP addresses, and often contain trademarked terms, such as kodak.com or kleenex.com. A domain name server (DNS) is a server that either can translate a URL into an IP address or knows where to ask. Resolving URLs into IP addresses is an OSI layer 5 process.

You configure a computer using AppleTalk and TCP/IP Control Panels. To configure a Base Station, you use the AirPort application and the AirPort Admin Utility application. Figure 10 shows the settings for these applications on my network. Note that "AirPort ID" is the hardware address of the AirPort card in my iBook, the same as the hardware address that I read in the AppleTalk Control Panel. If I had AppleTalk set to Connect via Ethernet, the Hardware Address displayed would be for the Ethernet card in the iBook, which is different from the AirPort card. The Base Station ID is the hardware (MAC) address for the wireless network card in the Base Station. We will see below that the Base Station has another MAC address, for the Ethernet card it contains. While a Base Station contains a modem and can dialup to an ISP, that capability is not used in my network and my Base Station is not connected to a phone line. The RJ45 Ethernet port of my Base Station is connected to the firewall via a hub. My Base Station functions as a bridge from the wireless network to the wired Ethernet. As I noted earlier, a bridge operates at OSI level 2 and reads MAC addresses to send datagrams to the correct nodes on the Ethernet. I've given the same name to my wireless network and to my Base Station.

 AirPort

 

 

AirPort ID

 

00 30 65 30 10 73

 

Base Station ID

 

00 60 1D F2 42 C9

 

 

 AirPort Admin Utility

 

 

Base Station name

 

LaGuardia

 

IP Address

 

192.168.114.3

 

Configure

 

 

Airport tab

 

 

Identity [Base Station name]

 

LaGuardia

 

Network name

 

LaGuardia

 

Internet tab

 

 

Connect using

 

Ethernet

 

Configure TCP/IP

 

Using DHCP

 

Network tab

 

 

Distribute IP addresses

 

Not selected


Figure 10: AirPort settings

My firewall took some time to set up, though the large number of parameters to set there stimulated me to learn more about networks and how a Macintosh connects to them. The basic problem was that I needed an upgrade to the SonicWALL to allow me to connect using PPPoE. The firewall is like a computer that uses solid state flash memory instead of a hard disk. Whereas a computer application is updated by revising the software on the hard disk, the SonicWALL is updated by uploading new firmware to its flash memory. The updates are obtained from the http://firmware.sonicwall.com/ web site. The expanded update is a file with the extension .bin. This is not a compressed file; running Stuffit or BinHex or other decompression applications to expand it is unnecessary. It is ready to upload as is.

To get it into your firewall, you connect a computer to the private side (a.k.a. safe or LAN side, to distinguish it from the Internet or WAN side) of the firewall and navigate to the firewall with a browser. As SonicWALL comes from the factory, its address is http://192.168.168.168. It behaves like a web server, and provides HTML pages to show the settings currently loaded and forms to allow you, the administrator, to input new settings. The factory settings do not allow any access to this web site except from computers on the private side that supply the correct userid and password. The userid is always "admin" and the password should be changed by you when you first access the firewall and begin setting it up. It is possible to change the settings so that someone from the WAN can access the firewall, e.g. to administer it remotely; but that is less secure than requiring an administrator to physically be present in your home. To load new firmware, you click the Tools button on the page at http://192.168.168.168 and select the Firmware tab. Note that if you sit and think about what to do for 5 minutes or longer, your authentication expires, and you have to re-enter userid and password. To help you in configuring SonicWALL for DSL, there is an assistant, which you can invoke if it does not launch automatically, by clicking the Tools button on the page at http://192.168.168.168 then the Launch Wizard button at the Preferences tab.

 General button

 

 

Status tab

 

 

Serial number (hardware address)

 

00 40 10 0C DE 62

 

Network tab

 

 

Network Addressing Mode

 

NAT with PPPoE Client

 

LAN Settings

 

 

SonicWALL LAN IP Address

 

192.168.114.1

 

LAN Subnet Mask

 

255.255.255.0

 

ISP Settings (PPPoE)

 

 

User Name

 

 

Password

 

 

WAN Settings

 

 

WAN Gateway (Router) Address

 

10.1.1.2

SonicWALL WAN IP (NAT Public) Address

 142.155.40.17

 

DNS Settings

 

 

DNS Server 1

 

199.46.23.43

 

DNS Server 2

 

199.46.23.38

 

DHCP button

 

 

Setup tab

 

 

General

 

 

Enable DHCP Server

 

Ã

 

Lease Time

 

60 min

 

Client Default Gateway

 

192.168.114.1

 

DNS

 

 

Specify manually

 

 

DNS Server 1

 

199.46.23.38

 

DNS Server 2

 

199.46.23.37

 

DNS Server 3

 

0.0.0.0

 

WINS

 

 

WINS Server 1

 

0.0.0.0

 

WINS Server 2

 

0.0.0.0

 

Dynamic Ranges

 

192.168.114.2 &emdash; 192.168.114.11

 

Status tab

 

 

DHCP Leases

 

 

Current

 

4

 

Available Dynamic

 

6

 

Available Static

 

0

 

Total

 

10

 

Current DHCP Leases

 

192.168.114.2 00:30:65:A8:51:0E dynamic [G4]

 

 

192.168.114.3 00:30:65:3A:65:ED dynamic [Base Station]

 

 

192.168.114.5 08:00:07:9C:2B:D2 dynamic [Quadra800]

 

Advanced button

 

 

Intranet tab

 

 

SonicWALL’s WAN link is connected directly to the Internet router

 

Ã


Figure 11: SonicWALL settings

Many of the settings on my firewall are shown in Figure 11. I haven't implemented several features of the firewall that other users, e.g. those with young families, may want to use. I haven't blocked access to any web sites; I haven't set up access privileges for different users; I haven't changed any of the allowed services (HTTP, FTP, SMTP, et al.) from their factory settings. The two features that you must use to connect to DSL with multiple computers, however, are NAT and DHCP. NAT is network address translation. I have as many as four computers on the private side, and they can all simultaneously be browsing. The WAN side of the firewall has the single IP address assigned to my DSL account. So if computer 1 asks for web page A and computer 2 asks for web page B, verizon.net sends both page A and page B to the same IP address. However, they are sent to different port numbers. The firewall looks up the port number in its translation table, and sends the page to the proper browser to display.

Note that the only settings I had to make for DSL were the router address, the DNS address, and NAT using PPPoE Client. I didn't have to install any software from my ISP. The instructions that come with Verizon service assume that you will not use a firewall, and involve the installation of software off a CD while your computer is directly connected to the DSL modem. This will install a couple of extensions and an application called Verizon Online on your computer. It may also overwrite any version of Netscape Communicator you have already installed, so you should save your Address Book and Bookmarks before installing. You should also record the settings for home page, incoming and outgoing mail servers, and mail address, since the installer will change them to the values for your Verizon account.

I have reset my home page and my mail server preferences in Netscape back to Washington Apple Pi, so while I browse at high speed using the Verizon web server, I can retrieve mail from WAP and send mail from WAP. To send mail from wap.org while using verizon.net as my ISP, I have to first Get Mail, then Send Mail within 30 seconds. Otherwise, when I try to Send Mail I will get the error message that the mail was refused by wap.org because "We do not relay mail". The 30 second rule is in effect to prevent spammers from using the WAP mail servers. When I Get Mail, my Internet address is put on the list of machines from which Send Mail will be accepted, but it stays on that list for just 30 seconds. That is, the window of opportunity for any spammers using verizon.net is just open for 30 seconds, and is thus unlikely be used by anyone except the same user who logged on, giving a valid WAP password with the Get Mail requrest.

Verizon isn't the only supplier of DSL or high speed Internet service in the Washington area. You can look at the TCS Conference 3 Bulletin Board 2 or browse at dslreports.com to do your own market survey. I didn't look around much, and subsequently I learned from dslreports.com that Verizon has a bad rating from other users. As I write this, Verizon is 27th down the list of national DSL ISPs at http://www.dslreports.com/gbu. (There is a separate list for cable ISPs.) However, I chose Verizon because it had the lowest total cost (monthly fee plus startup fee plus equipment cost). The worst part of Verizon so far has been very long waits for telephone support. I think that has improved in the month that I have had DSL service, though.