Documentation for WinProxy

The Protocols Tab

The Protocols Tab allows you to enable and configure, for use on your local system, a wide variety of protocols, including HTTP, FTP, Telnet and Socks.

Tab options

HTTP Setup

HTTP (HyperText Transfer Protocol)-the protocol used on the World Wide Web-allows one computer to retrieve documents from another. The HTTP checkbox option shown above enables the HTTP Proxy, often called the «proxy server.» HTTP servers usually listen for connections on port 80.

When you enable the HTTP proxy in WinProxy, you also automatically enable secure sockets connections (known as HTTPS or SSL, and used for secure transactions on the Internet), unless its specifically prohibited by command filtering (see below). Enabling the HTTP proxy also enables the classic CERN HTTP proxy, which allows the Transparent HTTP Proxy. If the Transparent HTTP Proxy is to work, however, both the HTTP setting and the transparent proxy setting on the NAT Tab must be on.

If you leave the HTTP checkbox blank, both the classic HTTP proxy and the Transparent HTTP proxy will be disabled.

USERS CHECKPOINT:Browsers configured to use a proxy server go through the classic proxy. Client browsers configured to use a network connection but not a proxy server connect through the Transparent proxy or the NAT, Classic Proxy and Transparent Proxy connections) take advantage of caching and submit to user and site restrictions set in WinProxy. The classic proxy provides better performance when your browsers connect to Internet http 1.1 servers.

The HTTP Setup Dialog allows you to configure command filtering and a reverse proxy path for an HTTP (Web) server, as well as enable SSL (secure sockets connections) on non-standard ports.

Enable Command Filtering allows you to specify which specific HTTP commands WinProxy users can utilize. Command Filtering works on both Proxy (http) and Transparent Proxy (httn) connections. The various sub-options are grayed out until you check Enable Command Filtering; you may then select the sub-options you want available to users. We discuss here the four most commonly-used commands (youll probably never need to use the others, which are proposed HTTP extensions):

NOTE TO LAN ADMINISTRATORS:Ifcommand filtering is disabled, all commands are permitted- even those not recognized-as long as they are formatted correctly.

Permit SSL Connections on non-standard ports allows secure connections on non-standard ports. This option applies to connections through the standard proxy, and is not needed for connections through Transparent Proxy. Enable this option if software youre using-or a website youre accessing-establishes SSL connections on ports other than the standard 443 and 563, and the software is configure to go through a proxy. Secure servers using non-standard ports are becoming more common on the Internet.

Incoming HTTP Proxy allows you to open a web server on your local net to other people on the Internet (if you dont have a web server, leave this option disabled). To reach your internal web server, outsiders must have the external address of your WinProxy machine (either a static external address or a maintainable dynamic address with IP address publishing software). WinProxy can use command filtering on the incoming connection. The internal location of the web server can be changed at any time without having to change the name registered with official Internet organizations.

Once this option is enabled, WinProxy makes an exception to its rule of never listening for external connections. It passes any external connection on the HTTP port (80) directly into the machine specified in Internal Server IP (see below), with no validation except the command filtering youve established.

A NOTE OF CAUTION:Enabling this option, which allows outsider access to the web server constitutes a hole in your firewall. The web server is responsible for its own security. See Using Wildcards With Settings for pointers on enhancing the security of internal servers which are outsider-accessible. The example shown is for a mail server, but the same method works with an internal web server.

• Internal Server IP: Enter the local IP address of your machine with the web server.
• Internal Server Port: You would normally use the common port 80 here, but you dont have to.

Permitted Incoming Commands allows you to specify commands that others can send to your local web server. It pays to be selective. Get and Post cover most common web interactions; dont enable the others unless youre sure you need them.

FTP Setup

The File Transfer Protocol (FTP) Proxy, the second checkbox option on the Protocols Tab, is used to transfer files between computers on the Internet. Click FTP Setup to change the port number used for FTP connections-the port used by other FTP programs such as CuteFTP or WS_FTP when operating through the proxy. This box enables/disables only the classic FTP proxy. The Transparent FTP proxy is enabled when you enable Transparent Proxy for FTP connections.

Take Note: FTP access through proxy-enabled browsers can use either the CERN HTTP Proxy protocol or the Socks protocol.

USERS CHECKPOINT:FTP applications (including the command line) which connect to the WinProxy machine first on the FTP port, wait for the prompt, and then connect to the distant server are using the classic FTP proxy. Applications which connect directly to the remote address are connecting through the Transparent Proxy or the NAT.

Port 21 is a standard port for FTP connections. If your firewall machine is already running an FTP server on port 21, you may want to choose another port. A commonly-used alternate is 8021.

For more information about using command-line FTP and various FTP software applications with the classic proxy, refer to Configuring Common Applications in the Technical Support section of our website (http://www2.winproxy.com).

WinProxy will first attempt a PASV mode connection when establishing an FTP session between a client browser and an FTP server on the Internet. The setting in the use passive mode for all data transfers box determines what happens if WinProxy fails to connect in the PASV mode.

• If this box is not checked, WinProxy falls back to the User@Site method and attempts another connection. If the second attempt fails, WinProxy passes along the servers error message (if one was received) or a «failed to connect» message.
• If the box is checked, WinProxy immediately reports as an error that the distant server does not support the PASV mode. These error reports are only visible in the browser.

Check this box when using WinProxy behind a filtering router. Many such routers dont permit the return connection required for a User@Site connection.

When you use an FTP application such as CuteFTP or WS_FTP on a client machine, WinProxy passes along whichever of the two supported modes (PASV or User@Site) the application uses.

NOTE TO FTP GURUS:When you attempt an FTP connection with a browser, WinProxy preferentially uses the PASV mode between itself and network servers, but the connection on your internal network between the browser and WinProxy will not be a PASV connection. A browser will use either HTTP via the CERN HTTP proxy, or Socks via the Socks proxy.

When setting up another FTP program, enable its User@Site option. See our website for screenshots of specific applications.

Version 3 of WinProxy offers a new feature: support for a publicly-accessible FTP server behind the firewall. To reach your internal web server, outsiders must use the external address of your WinProxy machine.

NOTE:We recommend putting your FTP server on a client machine, not on the WinProxy machine. The only way to make an FTP server work well on the WinProxy machine is to set the Firewall setting to Low or Medium Low, disabling much of your firewall. PASV connections will fail on any other firewall setting, and PASV connections are at the discretion of the FTP client, not the FTP server. Putting your FTP server on a client machine allows you to use higher firewall settings, and permits PASV connections to your server.

Just as with any other incoming connection, when you enable the incoming FTP server, you create a potential firewall hole. Whatever program receives the incoming connection is responsible for the security of that connection. See Using Wildcards with Site Restrictions for pointers on enhancing security when you must have a public server behind your firewall. The example given also applies to an FTP server.

Internal Server IP: Enter the IP address or computer name of the local network machine with the FTP server. The name wont be saved; WinProxy executes an immediate lookup to resolve the name to an IP address. Your FTP server should have a static local IP address. Any connection request seen on WinProxys external IP address on port 21 will be forwarded directly to the Internal Server IP and Port.

Internal Server Port: Enter the port on which your FTP server will listen for connections. In most cases the standard FTP port 21 wont interfere with other FTP applications on that machine.

Telnet Setup

This option enables the classic Telnet Proxy, which connects Internet computers through a remote connection. Click Telnet Setup to change the port number used for the Telnet proxy. The standard telnet port number is 23 (dont change it unless you have a specific reason). Telnet will be enabled through the Transparent Proxy whenever Transparent Proxy for all connections is enabled on the NAT Tab.

USERS CHECKPOINT:If you telnet from a client machine to the WinProxy telnet port and wait for a prompt before connecting to the Internet, the connection is being made through the classic proxy. If you telnet using the final destination as the address, youre going through the Transparent Proxy or the NAT.

The following options apply only to the classic Telnet proxy:

The following instructions (for Windows telnet) illustrate how to use the Classic Proxy telnet from a client.

1. Start telnet: open a DOS box (Start/Program/MS-DOS Prompt) and type telnet on the command line.
2. When telnet comes up, click connect and then remote system.
3. Enter the IP address of the WinProxy machine in the Host box. Enter WinProxys telnet port in the Port box (the default is 23).
4. Click connect. You should see a few lines and a prompt back from the WinProxy machine. Youre now ready to telnet out to the Internet.

With these options enabled, Telnet can be a useful tool. On the example screen youll notice that WinProxy Classic Proxy saves your previous telnet entry. Thus, if you visit the same place repeatedly you need only hit Enter instead of re-typing the destination.

To use telnet via the Transparent proxy, open telnet and enter the name or IP address of the final destination (rather than the IP address of the WinProxy machine). You will not get a prompt from the WinProxy machine. Classic proxy telnet connections will appear under the Telnet protocol heading in ConnectionView, and Transparent proxy telnet connections will appear under the Transparent Proxy heading. No options shown here will apply to Transparent proxy telnet connections. Inactive Transparent proxy telnet connections are automatically closed after twenty minutes.

SOCKS: Setup

This option enables the Socks Proxy, a powerful and flexible protocol used for several types of connections. The Socks Setup Dialog allows you to configure the port number WinProxy uses when listening for Socks connections (usually 1080). If you enable the Socks proxy, be sure to also enable the DNS proxy and set up DNS on your local system (DNS is required when using Socks). Socks is a powerful and flexible protocol. Your browsers can use Socks for news, mail, and FTP functions.

USERS CHECKPOINT:Socks are implemented only via the classic proxy.

AOL Setup on Client Computers, using alternate ISP

This section describes how to set up AOL access on client computers when WinProxy is connected to a standard ISP (that is, not AOL-see the note below). Although the paths and screenshots shown here are for the AOL 4.0 browser, the principles remain the same for AOL 3.0.

IMPORTANT NOTE:If America Online is your Internet Service Provider, you must install AOL on the server computer and verify that you have a working connection to AOL before you can utilize WinProxy. For detailed information, refer to Chapter 14, «Running WinProxy with AOL as an ISP.»

To begin, open the AOL program on the client computer. When you get to the Logon Screen click Setup on the bottom right. When a new window opens, click Expert Setup button on the bottom right (see image below).

In the next window, illustrated in the figure below, click Expert Add:

You will now see the «Add Number (Connection)» window, which is where well set the client computer up to connect through WinProxy.

To do so:

1. In the «Name» field, enter WinProxy.
2. The field «Will Be Added To This Location:» should be changed to «ISP/LAN Connection,» and «Connect Using:» should be changed to «TCP/IP, LAN or ISP.»
3. Place a check in the «Automatic Connection Script: Direct TCP/IP Connection» box. Finally, click OK fol lowed by Close.
4. Exit from AOL to ensure that settings are updated.

When youve completed all the steps outlined above, open the AOL program and logon using your AOL account name and password.

NOTE:A few caveats to keep in mind when running AOL clients behind WinProxy connected to a standard ISP:

Only one instance of any single AOL account may be open at a time (and you cant get around this by using different aliases from the same account).

Any number of different AOL accounts can be open at the same when connecting through a standard ISP.

AOL browsers must be run from client machines when accessing AOL in this manner; you cannot use an AOL browser on the WinProxy machine.

DNS Setup

This option enables DNS, permitting WinProxy to act as a DNS server on your local network. Anything WinProxy cant resolve on the local network it tries to resolve through the servers you list in the DNS Setup Dialog. These will be the DNS servers provided by your ISP; they will be queried in their listed order.

If you have multiple DNS servers available from your ISP, add the Primary DNS server first. Enter the secondary DNS servers in the order you want them searched.

The DNS server IP addresses should be available-and are best obtained-from your service provider. However, if necessary, WinProxy can link you to a web site displaying the IP addresses used by your service provider: just click Find my Name Server. You may see some unfamiliar IP addresses when you first look in the WinProxy DNS settings; if no DNS address was specified during initial installation, then WinProxy enters default addresses. For best results, use your service providers DNS addresses instead.

To add a server to the list: type the server name into the box on the left and click Add. To remove a server from the list: select it in the list on the right and click Remove.

WinProxy will function as a full Domain Name Server, resolving names for computers inside your firewall. To do so efficiently, it needs to know the domain name which refers to your network (this neednt be a domain recognized on the Internet). In the setup dialog, enter the name you want used in the Domain field; you should enter the same name in the TCP/IP configuration on each internal computer. Searches are quicker if the domain name is appended by a common appellation such as .com or .org.

NOTE:For WinProxy to function as the DNS server for your entire local network, youll have to configure the other computers as DNS clients. See Chapter 2, Section 2.1 for details.

Next, enter the names and IP addresses of your local computers in NameList.pxy, the file used by WinProxys Domain Name Services and DHCP server to associate names with local addresses. This file can be edited by clicking Edit NameList. If your domain is MyDomain.com and your computer is named MyComputer, enter MyDo-main.com as the domain in the DNS configuration and specify an IP address for MyComputer. WinProxy then resolves the name for MyComputer, as well as MyComputer.MyCompany.com. Computer names are not case sensitive: it makes no difference whether you type my computer or MyComputer.

Edit Name List configures name services. When you click Edit Name List, a notepad with the NameList.pxy file is brought up. A sample file is included which contains detailed instructions on formatting names and IP addresses. If WinProxy is your DNS server, the namelist will hasten local lookups.

Proxy DNS Through TCP enables the TCP proxy for DNS, which is typically transmitted through UDP (The TCP method is rarely used with DNS). Unless youre certain its needed, we recommend leaving TCP disabled to save system resources and obtain improved performance.

Many new features in WinProxy, such as BannerBlocker, rely for functionality on a close coupling with Win-Proxys DNS server. In other words, for these features to work correctly WinProxy must be your DNS server. If you already have a DNS server on your local network, we recommend that the client machines recognize WinProxy as the DNS server; WinProxy can then use your other DNS server as the first machine in its search order. This other DNS server must in turn have an Internet DNS server as part of its own search order. Be sure to avoid DNS loops where each of your local servers references the other.

News Setup

News has its own protocol, called NNTP. The Internet News Setup dialog allows you to configure (a) the port number on which the classic News proxy will listen for connections, and (b) the IP address of an external News server to which it will connect them. NEWS Setup enables only the classic News protocol; the Transparent news protocol is enabled when you choose Transparent Proxy for all connections on the NAT Tab.

USERS CHECKPOINT:When a news application uses the WinProxy IP address as the location of its news server, its utilizing the classic proxy. When using the «real» IP address of the news server, it utilizes the Transparent Proxy or the NAT.

News Server IP: Enter the IP address of the external News server (usually your ISPs News Server). WinProxy always uses port 119 on its external network connection to communicate with the News Server at the IP address specified here.

News Proxy Port: Enter the port number on which WinProxy listens for News requests on its internal network connection. All client connections arriving on this port are forwarded to port 119 at the IP address specified in News server IP, described above. The default value for this field is 119.

The Classic proxy news settings allow access to only a single news server. With Transparent Proxy enabled, you can connect to as many different servers as you want. In some cases, service providers wont allow connection to news server unless you use their dial-up facilities.

Mail Setup

This protocol enables only the classic Mail proxy, permitting you to enable incoming SMTP. If you prefer, client mail applications can continue to access external mail servers via the Transparent Proxy or the NAT.

Several different protocols are used for mail:

• SMTP is used for sending mail.
• POP3 is used when receiving mail.
• IMAP4 is an alternative protocol for receiving mail.

SMTP and POP are commonly used; IMAP4 less so. As a general rule, if you dont know what protocol youre using, you probably have POP service. Most service providers locate their SMTP and POP servers at the same IP address, but a substantial minority use different addresses.

To use the classic Mail proxy, you must first configure an external Mail server and an external POP server. The Mail Setup Dialog allows configuration of the IP addresses used for connecting to external SMTP, POP3, or IMAP4 servers. WinProxy wont permit you to change the external ports used for mail communication (theyre standard and dont vary). You can, however, change ports on the internal network connection where it listens for mail communication from client mail applications.

USERS CHECKPOINT:If your mail application is configured to use the WinProxy address as the mail server address, its connecting through the classic proxy. If the mail application is configured to use the real mail server address, its using the Transparent Proxy or the NAT. The Classic Proxy provides a greater degree of control; the transparent proxy makes it easy to reach many different mail servers.

The following options (except the final options pertaining to Incoming SMTP proxies) apply only to the Classic proxy implementation.

Mail Host IP specifies the IP address for connecting to an external SMTP server to which outgoing mail is sent. WinProxy always uses the standard SMTP port 25 to connect to this server. You can specify on which internal port WinProxy listens for mail in the Mail Proxy Port, described below. If connected to the Internet, you can enter a name instead of an IP address; however, an IP address is preferable.

Mail Proxy Port is the port number on which WinProxy listens for SMTP communications from client computers. All connections are forwarded to the standard SMTP port at the IP address specified in Mail Host IP. The default value for this field is 25. Unless you have special configuration needs (such as installing your own local mail server) you wont need to change the default setting.

POP 3 Server IP specifies the IP address of the external POP3 server, where you go to check your incoming mail. WinProxy always uses the standard POP3 port 110 to connect to this server.

PPOP 3 Proxy Port is the port number on which WinProxy listens for POP3 communication from your local client computers. All connections are forwarded to the standard POP3 port at the IP address specified by POP3 Server IP, described above. The default value for this field is 110, and shouldnt need to be changed unless you have specific configuration needs.

Use IMAP 4 is only for IMAP 4 users. Unless you specifically know otherwise, you probably wont need to use this option.

IMAP 4 Server IP specifies the IP address used to connect to an external IMAP 4 server. WinProxy always uses the standard IMAP4 port 143 to connect to this server.

IMAP 4 Server Port specifies the port on which WinProxy listens for IMAP4 connections from your local network. The default value for this field is 143.

Alternate Mail Servers

NOTE:As a security precaution, some service providers wont permit mail access from another Internet site but only via a direct dial-up connection. As an anti-spamming measure, many providers wont permit you to send mail (SMTP) except through their own dial-up connection. A smaller but growing group wont allow you to receive mail (POP or IMAP) except through their own dial-up connection.

This section applies only to network administrators who wish to control which mail servers their users can reach and have both NAT and the Transparent Proxy turned off. When either one is enabled, users can enter the real IP address of any external mail server and reach it. With both disabled, the only way to reach additional mail servers is through the classic proxy.

Three different methods are used to specify additional mail servers (mostly used for additional POP servers). One method is useful when a single user needs a different server than the one ordinarily configured; this can be set with the User/New Tab, described elsewhere. The second is similar to the method used for adding news services; its shown in the section on Mapped Ports. The third method is enabled with the two settings described here:

Allow users to specify alternate mail servers is modeled after the POP3 server usage of delimiters. This feature will not work through a cascaded proxy.

Mail Server Delimiter allows you to choose a delimiter, within reason. Most non-alphanumeric keyboard characters are eligible; WinProxy will not permit those in common usage for other purposes (the @ sign, for example).

Using these methods you can specify the mail server within the client application. Usage will vary, depending on the specific mail application. One example: use the delimiter # in the username field, as in username#mail.dis-tantserver.com. You can have as many additional mail servers as the application allows. More information about delimiters is posted on our website.

Internal Mail Servers

The following settings configure access to an internal mail server behind WinProxy. This option generally applies to medium and larger businesses; if youre getting mail from a service providers server, you wont need to use these settings.

Mail Servers use the SMTP protocol to send mail to each other. The following settings allow outside mail servers to send mail directly to your mail server behind the firewall. There is little provision for «maybe later» between mail servers; any single mail server expects to be able to send mail directly to another at any time. In practice, this means having WinProxy and your internal Mail Server running all the time, and a static IP address for your Internet connection.

External mail servers use the static IP address of the WinProxy machine as the address to send mail. Any mail connection to the external WinProxy SMTP port will be sent directly to the internal IP address and port you specify in the settings below.

A NOTE OF CAUTION:Do not underestimate the fact that these settings constitute a hole in your firewall, allowing potential entry to your network by an outsider. Your internal mail server is responsible for its own security. Some mail servers have well-known security holes, and its possible for hackers to enter through the incoming SMTP, and exploit the mail server holes to gain access to the rest of the internal network. Its up to the mail server to prevent this. See Using Wildcards with Site Restrictions for a method of limiting your exposure through the mail server.

Incoming Proxy for SMTP. WinProxy can work as a reverse proxy for SMTP, allowing you to place an internal SMTP server behind the firewall. This protects the server from unauthorized access, while permitting people to send mail to it from the Internet. Once this option is enabled, WinProxy makes an exception to its rule of never listening for external connections, and will listen for incoming connections on port 25. It will not qualify or validate the incoming connections.

Internal Server IP specifies the (local) IP address of your internal SMTP server. When a connection is received on external port 25, WinProxy forwards the connection to this machine.

Internal Server Port specifies the port number of the Internal SMTP server. When a connection is received on external port 25, WinProxy forwards the connection to this port number on the machine specified (typically port number 25). Users should configure their e-mail mail servers to use the proxy server as Mail and Post Office hosts. Even though all e-mail transactions take place with another computer outside the firewall, to the e-mail application WinProxy appears to be the server.

Real Audio: Setup

The RealAudio Setup dialogue lets you configure the port number used by WinProxy to listen for RealAudio connections-usually port 1090. In some versions, Progressive Networks changed the default port number to 1080, which conflicts with the port number typically used for Socks. We still default to 1090, removing the possibility for conflict. The RealAudio Classic proxy in WinProxy supports both TCP and UDP (connected and streaming) data stream types.

To configure your RealAudio client machines to use the Classic Proxy:

• Select the Proxy Tab in Preferences
• Enter the IP address of the WinProxy server.
• Enter the port number as 1090.

To configure your Real Audio G2 client to use the Transparent Proxy:

• Go to Options/Preferences/Transport.
• Deselect both «Automatically select best transport» and «Use specific UDP port.»

While youre here, click RTSP Settings and select «Attempt to use TCP for all content»:

When youre finished establishing RSTP Transport Settings, go back to the Transport Tab. Choose PNA settings:

Finally, select the Proxy Tab. Choose No HTTP Proxy. De-select everything else.

From now on, your Real Audio player will make its connections through WinProxys Transparent Proxy. As with any application running through the Transparent Proxy, the network Gateway setting must be set to WinProxys internal IP address-and, of course, WinProxy must have Transparent Proxy or NAT enabled under the Client Access Method Tab.

Automatic Network Configuration (DHCP)

Dynamic Host Configuration Protocol provides a means for a central computer to assign network addresses and information to individual computers as needed. Enabling this protocol allows WinProxy to perform as a DHCP server. Most people have used the services of a DHCP server without realizing it. For instance, when you dial into an ISP with a standard modem, the ISP uses a DHCP server to assign your modem a network address from a predefined pool of available addresses.

WinProxy can perform this same function for the computers on your local network. You may have noticed in your network TCP/IP settings that you have the choice of assigning a static IP address yourself, or choosing Obtain an IP address automatically. With the latter, that computer broadcasts a DHCP request when its network programs start up; if there is a DHCP server on the network, that server will respond with settings for the requesting machine. A DHCP server can provide IP address, subnet mask, and gateway address information.

In addition, if you have DNS disabled on that card, then the DHCP server provides DNS settings, including Server Search order, domain name, and host name (that's because, in this case, the disabled setting is more akin to "obtain automatically"). WinProxy will use a pool of numbers based upon the IP address and subnet mask of the internal network card on the WinProxy machine. It uses some simple rules to make these assignments:

1. Lowest first. The lowest number in the range is assigned first.
2. Namelist assignments. You can pre-assign specific numbers to specific machines by using the NameL-ist function (part of the DNS protocol settings). WinProxy will assign numbers to computers as shown there, and will not give a pre-assigned number away until it must. As an example, if your namelist has the following entries:
   ArthurP 90.0.0.7
   LianaA 90.0.0.8
   Then the "LianaA" computer will be assigned 90.0.0.8 even if WinProxy hasn't yet reached that number. On the other hand, if those computers are not yet online when WinProxy reaches those numbers, it will skip them and continue with the next non-pre-assigned number.
3. Give it if you've got it. If WinProxy runs out of numbers to assign, it starts assigning unclaimed NameList numbers, lowest first.

DHCP will also work when WinProxy is installed on a multi-homed machine (one with more than one internal network connection); each subnet will get the appropriate information assigned.

The only static IP address(es) that you must have are the internal network connections on the WinProxy machine. The remainder of your local machines can get their TCP/IP settings automatically if you wish. It doesn't hurt anything at all to run the WinProxy DHCP server even when your client machines don't need the service. For most folks, the more relevant question is whether they want their client machines to use the services (you can of course mix-and-match, having some machines with static tcp/ip settings and others receiving settings dynamically from WinProxy).

Upside to Using the Service	Downside to Using the Service
1. It's real, real easy. You don't have to configure any of those myriad tcp/ip thingies.	1. The WinProxy machine must be on whenever two client machines need to communicate via tcp/ip: (a) File and Printer sharing and network neighbor-hood don't rely on tcp/ip. (b) Windows 98 machines assign themselves default numbers when a DHCP server is not present, so W98 machines could converse anyway.
2. No mistakes. You needn't understand what all those thingies mean. You don't have to trouble-shoot pesky tcp/ip misconfigurations.	2. User restrictions are harder to configure. Actual tcp/ip addresses, which use wildcards, are more flexible if you have to configure many user restrictions. Each computer with a dynamically assigned address must be listed separately by name (although Namel-ist can be a way around this).
3. What settings? Months from now, when you add another machine, you don't have to remember settings for the other machines.	3. Internal servers (mail, web, or FTP) should have a static IP address assigned.