EDITOR'S NOTE: This article is an excerpt from Take Control of Your AirPort Network, by Glenn Fleishman (2005; reprinted by permission of Peachpit Press).
Most U.S. households with one computer have one, two, or three more, demographers tell us. And most broadband ISPs offer just a single address for their least-expensive accounts. Reconciling that mismatch of quantity is why many users need to take control of dynamic addressing: assigning private Internet protocol (IP) numbers to machines on their local networks to share a single IP address provided by their ISP.
If you use a gateway such as an AirPort Extreme Base Station to connect to the Internet, then you are probably already using dynamic addressing in the form of Dynamic Host Configuration Protocol (DHCP) coupled with Network Address Translation (NAT). This combination creates private addresses in the gateway and assigns them on demand to the computers on your network. DHCP and NAT work together to take the single address your ISP assigns you—which is often assigned dynamically from a pool of addresses itself—and multiplies it transparently across your LAN.
But there are times when your gateway’s built-in DHCP-NAT combination won’t cut it. One of the most glaring: when, like the AirPort Express Base Station, your gateway has only a single Ethernet port. If that’s the case, you can’t use its Internet connection sharing for machines with wired (as opposed to wireless) connections, because doing so would pollute your ISP’s DHCP service. In fact, Apple’s current AirPort hardware won’t allow you to share in this fashion; the original single-Ethernet-port graphite AirPort Base Station did.
The problem is that many ISPs—especially cable-modem providers—bridge your network connection directly onto their network: your Ethernet network becomes an extension of their larger pool. This is a stupid design for many reasons, but it’s standard practice.
If you activate DHCP service on your gateway, and that gateway has just one WAN or LAN port, then your DHCP service could push out to other machines in your ISP’s network. If those other machines use your DHCP-assigned addresses, they probably won’t be able to connect to the Internet at all, and your ISP could cancel your service in retribution for the trouble you’ve caused.
But there are ways of configuring DHCP on your end to prevent that from happening. In addition, you can use these same configuration tips when you want to assign fixed, private addresses to specific computers, based on their MAC (Media Access Control) addresses or DHCP client IDs; when you don’t want to live with the limited addresses your gateway dishes out; or when you’re running a combination of static and dynamic addresses and your gateway can’t handle them the way you want.
Configuring DHCP with AirPort
Here’s how to turn on DHCP in your AirPort base station using AirPort Admin Utility 4.1:
After opening AirPort Admin Utility (in Applications: Utilities), connect to your AirPort base station.
In the Network tab, select Distribute IP Addresses (See top screenshot).
3. Set the DHCP lease. (A lower number recycles addresses faster; a higher number is better for machines that stay on the network indefinitely. On busy networks, a longer lease time can cause you to run out of addresses.)
If your ISP gives you a single IP address that you want to share with all the computers on your network (the likeliest scenario), continue on; otherwise, you’re done.
4. Select the Share A Single IP Address (Using DHCP And NAT) option.
5. Typically, you can leave the Use 10.0.1.1 Addressing option selected in the pop-up menu, and just click on Update.
If you want to change the private, NAT-generated addresses assigned by the base station, use the pop-up menu to choose one of two other ranges of reserved addresses that don’t overlap with real addresses: 192.168.1.1 or 172.16.1.1.
You can also choose Other from the pop-up menu to open a dialog box where you can define the third number in the IP range. If you were already using the identical network range for some other purpose, you would choose a third number in the IP range, other than the Apple default; if, for example, you already have a network that starts with 192.168.0, you could set your AirPort gateway to feed out addresses that start with 192.168.1 (See middle screenshot). The .1 address—such as 10.0.1.1—is always reserved for the AirPort base station as the gateway address.
Software-Based DHCP Servers
Software-based DHCP servers can provide more flexibility or, if your gateway lacks Internet connection sharing, substitute for the missing functionality. There are two simple software-based methods of adding DHCP and NAT: the Internet Sharing software built into OS X 10.2 and 10.3, and the commercial software IPNetRouterX ($100), from Sustainable Softworks.
These software-based DHCP server options work only with a network that uses static IP addresses, or in which a gateway is connected via its LAN ports to the local Ethernet network. If you use one of these methods, you must turn off DHCP and NAT in any existing gateways (by deselecting DHCP Service, Distribute IP Addresses, or whatever setting your particular hardware uses).
OS X 10.3 lets you run a simple DHCP and NAT server combination through its Internet Sharing feature. (OS X 10.2 has a similar, less powerful feature.) To set it up:
1. Select the Internet tab in the Sharing preference pane (See bottom screenshot).
2. Choose Built-In Ethernet from the Share Your Connection From pop-up menu.
3. In the To Computers Using list, select the Built-in Ethernet option.
4. You’ll get a warning about disrupting your ISP’s network. Click on OK to close the warning, and then click on the Start button in the Sharing preference pane.
Wired Broadband Gateways
It’s easy to overlook this last option, yet it’s a cheap and simple method to add DHCP and NAT service to your network. While most broadband gateways are sold with Wi-Fi as a full wireless option, you can still purchase inexpensive hardware boxes that have all or most of the same features but no Wi-Fi. These devices are the ideal solution when you’re trying to use a single-port base station, such as the AirPort Express, with wired computers on the same network.
Whichever way you do it, customizing the DHCP configuration inside your network can solve a multitude of problems—just be careful that doing so doesn’t get you kicked off your ISP.
[ Glenn Fleishman is a frequent contributor to Macworld.]AirPort Admin Utility’s Network tab is where you set up DHCP and NAT addressing.Clicking on the pop-up menu under Share A Single IP Address lets you customize the addresses that DHCP hands out.You can also use Panther’s built-in Internet Sharing to configure and run DHCP and NAT services from your Mac.