Apple’s new AirPort Express Base Station combines streaming music, USB printer sharing, and wireless networking – but with only a single Ethernet port. This doesn’t initially sound like a problem: you simply plug an AirPort Express Base Station into a broadband modem and then you’re online, right?
Yes, but only if you don’t currently – and never will – need to share your broadband connection with computers connected via Ethernet to your local network. Because AirPort Express has just the single Ethernet port, it cannot simultaneously act as a gateway for your DSL or cable modem and also share that connection with wired computers.
You do have options if you want to make the AirPort Express Base Station your sole Wi-Fi gateway and you want to use wired machines on the same network. Luckily, these workarounds aren’t necessary if you’re adding an AirPort Express to an AirPort Extreme network, you already have a home broadband gateway that handles sharing your connection, or if you’re connecting only via AirPort or AirPort Extreme (although I’d still encourage you to check out my new ebook, "Take Control of Your AirPort Network").
The Return of Graphite? Apple’s last base station model with a single Ethernet port was the original graphite-colored AirPort Base Station introduced in 1999. At the time, AirPort was seen as an affordable add-on to networks that wanted to layer Wi-Fi on top of an existing wired network. With relatively few home users having broadband (and even then often with just a single AirPort-capable computer), sharing a connection wasn’t on top of Apple’s priority list even though it included a network sharing feature.
As wireless networking grew in popularity, and more homes had multiple computers, Apple replaced the graphite with the snow model which included two Ethernet jacks: a Wide Area Network (WAN) Ethernet port to connect to your ISP’s broadband network, and a Local Area Network (LAN) port to get in touch with your network’s wired side. Later AirPort Extreme Base Stations also had these two separate ports.
The WAN port negotiates a connection with your ISP, including using PPP over Ethernet or a Dynamic Host Configuration Protocol (DHCP) client to obtain an address from the ISP’s network server. The LAN port can feed out private "fake" network addresses using Network Address Translation (NAT), letting you share what’s typically a single, dynamic address from the ISP with multiple local machines. (Wireless gateways from other companies work the same way, but typically include a 3- or 4-port Ethernet LAN switch in addition to the WAN port.)
By splitting the WAN and the LAN, Apple was able to offer different functions on each port, essentially creating two separate networks with the base station acting as a router between them. This approach prevents "backwash" in which the private network addresses are fed out over the WAN port, potentially confusing dynamic address assignment for other ISP customers. The graphite unit allowed this backwash; the snow models avoided it by separating the network segments.
Here’s the rub. As far as I can tell without yet having a unit in hand, the AirPort Express Base Station’s single Ethernet port can act only as either a WAN or a LAN port – not both at the same time. That means that you can’t use it as a gateway for wired machines. The graphite base station could (and did) cause this backwash, which was one of the reasons for its replacement; AirPort Express almost certainly won’t repeat history.
You might think that you could solve the problem by using Internet Sharing in Mac OS X to share the incoming network connection with other wired machines. However, doing so might result in your broadband account getting canceled for corrupting the ISP’s network with dynamic address backwash.
Polluting Your ISP’s Waters — Many ISPs, especially cable modem providers, bridge your broadband network connection directly onto their own local network: your Ethernet network is just an extension of their larger pool. This is a stupid design for a variety of reasons, but it’s standard practice. (ISPs could use filtering to keep all LAN-style traffic from leaking upstream, for instance, and some do filter out Windows file sharing, for instance.)
This is why, when you try to share a connection over Built-In Ethernet using Internet Sharing, a dialog warns that you’re potentially making a mistake. Backwash from Internet Sharing could confuse other computers that occupy the same network segment to which you’ve been assigned by your ISP.
Here’s how the backwash happens. Internet Sharing combines NAT with DHCP to feed out private IP addresses as computers on the network request them; these private IP addresses only work on the local network and can’t be reached directly from the rest of the Internet. They’re one-way addresses – for the most part – for requesting information, not serving out data.
If you were to plug a Mac and your broadband modem into an Ethernet switch, and then enable Internet Sharing so that it shares the connection from Built-In Ethernet to computers using Built-In Ethernet, Internet Sharing would happily assign its private addresses to computers owned by other users on the ISP’s network. This would either route all their traffic across your network or prevent them from connecting altogether. Either way, your ISP could cancel your service because of your technical failing, and at best, you’d receive an angry phone call.
For this reason, AirPort Express isn’t designed to share a connection to wired machines. If you’re looking to connect wired and wireless networks without paying the full cost of an AirPort Extreme Base Station (with its dual Ethernet ports), this limitation would seem to stymie you, but there are ways of making it work.
Wired Makes Wireless Better — The workaround for an AirPort Express-based network is either to add a wired broadband gateway or to add an Ethernet card into an existing Power Mac to create your own WAN/LAN split. In both of these scenarios, you want to set your AirPort Express Base Station to receive its address via DHCP and to disable the option to distribute IP addresses (using the AirPort Admin Utility). The AirPort Express base station is not creating its own network for wireless computers: it merely enables wireless computers to join an existing private network on your Ethernet LAN. When a computer connects wirelessly to the AirPort Extreme Base Station, the wired gateway (or the Mac with two Ethernet cards) assigns it an address.
A wired broadband gateway offers essentially the same features as an AirPort Extreme Base Station without the wireless radio. Most models cost between $30 and $50. I’ve had good luck most recently with the Linksys BEFSR41, which features auto-sensing Ethernet ports (so you don’t have to hunt down the right kind of cable) and an easy setup process. It costs about $50, but a 4-port Ethernet switch is $20 to $30 on its own, so this is a good combination at a good price.
Safari wasn’t happy with the unit’s Web configuration, but Opera 7.5 for Mac worked perfectly with it, and was even able to update its firmware – a feat that Mac browsers are sometimes incapable of achieving because of manufacturers’ focus on Windows.
Plug the AirPort Express Base Station into one of the four 10/100 Mbps Ethernet LAN ports on the Linksys BEFSR41 and configure the Linksys gateway to connect to your broadband modem through its WAN port. Turn on DHCP service, and you’re good to go: you’re creating private addresses for all wired and wireless machines.
At $180 ($130 for the AirPort Express and $50 for the Linksys gateway), this combination actually improves on the $200 AirPort Extreme Base Station in some respects: you get a full 4-port Ethernet switch and some better reporting and configuration options in the Linksys for network gaming and selectively handling access to machines behind the passive NAT firewall.
The other option is to put a second PCI Ethernet card into a Power Mac. (See Adam’s article elsewhere in this issue about finding an ideal, inexpensive, compatible Ethernet card that can be used for this purpose.)
After adding the Ethernet card and rebooting, set up one Ethernet interface as your WAN-facing network, using the Network preference pane to configure it to connect to your ISP via your broadband modem. Connect the other Ethernet port to your LAN via an Ethernet switch or hub into which you also plug your AirPort Express Base Station. In the Network preference pane, name these two configurations WAN Ethernet and LAN Ethernet so you can tell them apart. Finally, configure your Internet Sharing settings to share from the WAN Ethernet connection over your LAN Ethernet connection.
Cooking with One Port — This might seem like a lot of rigmarole, but if you have your heart set on starting an AirPort network with the AirPort Express Base Station, I hope I’ve just saved you hours of frustration and confusion. If you choose the approaches I outline above, you won’t find your service canceled, and you will be able to build exactly the kind of network you want.
I’ve written about this scenario and many others in my new ebook, "Take Control of Your AirPort Network," released last Friday. I discuss how to pick an appropriate base station, including alternatives to AirPort; how to solve common configuration problems; what you need to do to expand your network’s coverage area; how to set up your own dynamic addressing with many more options than covered in this article; and what to do to secure your network or your data. In appendixes, I walk through using AirPort Management Utility, finding a non-Apple card for new and old Macs, and using AirPort Express. The book costs $5, which includes free updates as with all the Take Control books. I will expand the AirPort Express coverage once I’ve had a chance to work with a unit for a while.