Basically a router with NAT already keeps trouble from Internet away.
It's just the software inside your network that can cause harm (like browsing to the Internet or other PCs inside that contain a worm).
The "Set up an Internet connection" just unblocks your browser because Ethernet based systems are connected already. It just guides you through Internet connection by modem (which you don't have ofc).

(Yes, I remember those days when I used cable modem and installed Windows 2000 on a machine that directly was connected to the Internet. I got the worm already during the installation of Windows 2000.)

Renaissance 2K wrote on 2024-10-11, 22:11:

Hey, everyone. […]
Show full quote

Hey, everyone.

I'm adding a new 95-era PC to the family. It came with a PCI ethernet adapter, which renewed my interest in getting my home PCs networked to save on sneaker ops.

I already have a wired network at home for my modern PCs and PC-adjacent devices, both for inter-device networking and providing Internet access. I know that connecting an old Windows machine to the Internet is like throwing hamburger in the water during Shark Week, so I assume that just plugging the PCs into my existing office switch is probably a Bad Plan™. I still want to look into ways that my modern Internet-connected PC, RetroNAS, and retro machines could communicate.

What are my options here? Is it safe to just plug the devices into the switch and not use the "Set up an Internet connection" wizard? Do I need to configure some sort of firewall - literal or figurative - to prevent the Internet access? Do I have to create a second network to connect the PCs that excludes my modem?

I found quite a bit of info on Vogons about using the Internet on old systems, but not specifically avoiding the Internet while networking. Some people say it's nothing to worry about, but I've heard that anecdote about old PCs getting infected within four minutes as well; they just cited it on a PC World podcast. Any help or advice would be appreciated.

Thanks.

If your Win9x PCs are behind any firewall or NAT (read consumer router), you won't have to mind anything. The worst offenders were routers that had uPnP enabled, coupled with malware which would run on your Windows system and use the uPnP thing to configure your router to allow unwanted traffic - but I haven't seen that enabled by default for a good long while, and I doubt you'd be running any such applications on your Win9x PCs anyway. Consequently I have my retro stuff on the same network with all my modern stuff. It's no less secure really, and I can easily use SSH to transfer data between them without having to resort to cloud services or looping stuff through the internet. Just grab the files you need on a modern secure system and then transfer them inside your home network onto the older systems.

Windows XP could still be used for web browsing I guess, and that would make it an active target, but my advice with such a system is to just use any web browser but Internet Explorer, if you're actually going to go online using one.

I have 2 setups for this kind of thing.

1. Two physical networks - one is the usual one connected to the internet and 2 computers. These 2 computers have 2 network cards each, where the 2nd card is on a different subnet and connected to its own switch, which also joins to some more computers that don't need the internet. For this extra subnet, do not specify a gateway address, or a dns address. All connections are done via hard-coded IP addresses. This is quite secure because the extra subnet is isolated from the internet.

2. The second place has all the machines actively connected to the internet, even going back to Windows 3.11 - some machines get left on all day and they've never been attacked. Still, if it worries you, remove the gateway and dns addresses on them and give them hard-coded IP addresses. This makes it similar to the setup above, except it isn't physically isolated.

So for the ones that are going to have hard-coded IP addresses, turn off the automatic setting and just put in an IP address and the subnet mask, leaving everything else blank.

You could even turn off the dns and dhcp services on the XP machine for a bit of added security.

Now, there's other ways entirely you could use. For example you could get rid of IP altogether and use NetBEUI - it's a protocol that only works locally, and it doesn't need any configuration. All OS's from 3.11 up to XP support it, and allows 2-way communication between all those machines via mapped drives. Of course, there's no internet, but I believe that's how you want it. The only thing I can't answer is connecting the machines to your NAS.

I have 2 NAS's - one can connect with W2K and above, while the other does Win95 /NT and above. You can always use a FTP client if needed, but then of course you'll need an IP address.

Let us know what you decide and what works for you.

There are several ways to do what you want to do it just depends on what way you want to do it.
In software or in hardware? If hardware then do you want an enterprise class switch or something more consumer orientated?

Robbbert wrote on 2024-10-12, 01:43:

Now, there's other ways entirely you could use. For example you could get rid of IP altogether and use NetBEUI - it's a protocol that only works locally, and it doesn't need any configuration. All OS's from 3.11 up to XP support it, and allows 2-way communication between all those machines via mapped drives. Of course, there's no internet, but I believe that's how you want it. The only thing I can't answer is connecting the machines to your NAS.

There's another choice for a vintage network. AppleTalk protocol (AFP).
There are network drivers for DOS that support NE2000 cards for EtherTalk and that also are compatible under Windows 3.x.
On Windows XP, AppleTalk protocol can be added, too. Might involve copying Windows 2000 files, though.

PS: Another network protocol that used to be popular among different platforms was LANtastic..

Jo22 wrote on 2024-10-18, 03:34:

There's another choice for a vintage network. AppleTalk protocol (AFP). There are network drivers for DOS that support NE2000 ca […]
Show full quote

Robbbert wrote on 2024-10-12, 01:43:

Now, there's other ways entirely you could use. For example you could get rid of IP altogether and use NetBEUI - it's a protocol that only works locally, and it doesn't need any configuration. All OS's from 3.11 up to XP support it, and allows 2-way communication between all those machines via mapped drives. Of course, there's no internet, but I believe that's how you want it. The only thing I can't answer is connecting the machines to your NAS.

There's another choice for a vintage network. AppleTalk protocol (AFP).
There are network drivers for DOS that support NE2000 cards for EtherTalk and that also are compatible under Windows 3.x.
On Windows XP, AppleTalk protocol can be added, too. Might involve copying Windows 2000 files, though.

PS: Another network protocol that used to be popular among different platforms was LANtastic..

If going down that route, I'd argue for IPX. Same benefits but also needed for alot of multiplayer games of the era. However official support was dropped in Win10 (workarounds exist)

But really as others have said, assuming your behind a router and not activly surfing the web on retro machines, your safe to just plug in an ethernet cable, allow it to pick up an IP address. No need for fancy configuration on the network side of things.
Windows side you may need to do a bit of tweaking to get file shares working properly.

For vintage windows up through win2k, just use netbeui instead of tcp/ip.

You wont be able to use a snazzy modern nas or anything, but BETWEEN those old systems, file and print sharing will work.

You could also use ipx/spx as the transport. Same basic effect.

Running appleshare/appletalk at the same time 'might' let you use the NAS. Maybe.

If you're really paranoid: dual Ethernet pi or similar with a real firewall.

If you're less paranoid : disable every network related client/service and use an ftp client.

If you're minimally paranoid: back it up and restore regularly. NAT is a pretty good firewall even though it's technically not. I liken it to a secretary who only answers from numbers you've called first.
Your router might be able to block internet access to certain devices.

A fairly simple way to block external access is to set the ip manually but remove the default gateway.

Set:
Ip
Mask
Dns=router
Gateway =0000

chinny22 wrote on 2024-10-18, 04:03:

If going down that route, I'd argue for IPX. Same benefits but also needed for alot of multiplayer games of the era. However off […]
Show full quote

Jo22 wrote on 2024-10-18, 03:34:

There's another choice for a vintage network. AppleTalk protocol (AFP). There are network drivers for DOS that support NE2000 ca […]
Show full quote

Robbbert wrote on 2024-10-12, 01:43:

Now, there's other ways entirely you could use. For example you could get rid of IP altogether and use NetBEUI - it's a protocol that only works locally, and it doesn't need any configuration. All OS's from 3.11 up to XP support it, and allows 2-way communication between all those machines via mapped drives. Of course, there's no internet, but I believe that's how you want it. The only thing I can't answer is connecting the machines to your NAS.

There's another choice for a vintage network. AppleTalk protocol (AFP).
There are network drivers for DOS that support NE2000 cards for EtherTalk and that also are compatible under Windows 3.x.
On Windows XP, AppleTalk protocol can be added, too. Might involve copying Windows 2000 files, though.

PS: Another network protocol that used to be popular among different platforms was LANtastic..

If going down that route, I'd argue for IPX. Same benefits but also needed for alot of multiplayer games of the era. However official support was dropped in Win10 (workarounds exist)

But really as others have said, assuming your behind a router and not activly surfing the web on retro machines, your safe to just plug in an ethernet cable, allow it to pick up an IP address. No need for fancy configuration on the network side of things.
Windows side you may need to do a bit of tweaking to get file shares working properly.

Hm. Why so conservative? 😀 Are we getting old or are afraid of trying new things? 😉
I thought the retro hobby was because of fascination about older tech, rather than just the usability and comfortability standpoint.

I mean, where's the point if we all end up using TFTs, CompactFlash cards as IDE HDD replacement, modern optical mice, RJ45 network cards and Goteks eventually?
What's left of the original experience if we don't do things the hard way once in a while?

Like using an SCSI CD-ROM drive/HDD, a null-modem cable or a real Hayes modem on a simulated or recreated landline?
Or use different network technologies that will be attached to networkbridges, so that they can talk to each others?

Really, it's not meant as criticism. I'm just wondering in general, because I noticed that retro hobby becomes more and more, um, uniform.
People all seemingly use things like CuteMouse, XT-IDE and mTCP as if nothing else there is.

By contrast, I'm enjoying to always figuring out if there's not something new about old and forgotten things.
Like old memory managers, network software, obscure hardware and so on.
Or handy scanners from the 80s (Logitech ScanMan) or something else.

There's not much fruit to be had there.

The most novel, imo, is using a win2k or nt4 machine to host an appletalk segment over ethernet, with an asante appletalk bridge, and a phone-net segment for vintage classic macs to live on.

Outside of wanting to reopen old wounds, like Novell Netware deployment/installation, or something, there's very little utility to using very old and obscure networking solutions.

Using ipx/spx transport, at least, has benefits.

1) modern internet worms are not built to exploit/use it.
2) old games want to use it for LAN play
3) windows can shoehorn file and printer services on it
4) 'the internet' will never see it/programs cant use it to talk to the internet.

Netbeui is more regressive, in that it only allows file and print services.

You can use all sorts of vintage protocols, but for the use case of sharing files from modern file servers or desktops, TCP/IP is by far the easiest and available on every single platform (down to XT here, but you can go older if you really want).

Risk is purely a function of age - explioits exploit vulnerabilities in services, if the service doesn't exist, there's nothing to exploit. I've yet to hear of anyone doing nasty stuff via mTCP, for example 😜

That means I'd suggest DOS with mTCP does not require any further measures, current malware simply can't run on it and vice versa malware that actually targets DOS era PCs isn't aware of this kind of networking. WIndows XP is probably the other extreme - it had (and indeed still has) a huge installed base of internetted computers, it has a lot of (poorly secured) services exposed by default and was a choice target of malware for decades and indeed current malware will likely still target it. Run stuff downloaded from the internet on an XP PC and bad things may happen, not just to that PC but through it on your wider LAN.

So, what to do? It's not rocket science, you ensure that PC doesn't know where the internet is and even if it tries to access it, it can't:
- do not give the PC a default gateway address, or if you must give it something, give it an incorrect one. Easiest way is to do this manually on the machine itself, but you can also allocate it by DHCP - but then you need to have separate DHCP servers (or at least realms) for vintage vs current machines, which gets more complicated.
- in your gateway firewall, set a rule to block traffic to the internet from the IP of this PC, and from the internet to the IP of this PC.

If you have multiple machines you want to protect like this, put them in a separate subnet and set the block rules for that subnet.

wierd_w wrote on 2024-10-18, 06:03:

The most novel, imo, is using a win2k or nt4 machine to host an appletalk segment over ethernet, with an asante appletalk bridge, and a phone-net segment for vintage classic macs to live on.

Outside of wanting to reopen old wounds, like Novell Netware deployment/installation, or something, there's very little utility to using very old and obscure networking solutions.

Well, in case anyone wonders about the AppleTalk experience on DOS, there's a blog site that I have seen while surfing the internet.
The user has used an Am5x86/133 PC, which I think is interesting.

http://oldvcr.blogspot.com/2020/07/appleshare … -and-apple.html

Ok, probably not the taste of the users in this thread, but maybe still interesting to those forum visitors experimenting with VMs or emulators, at least.
NE2000 card must be selected (LocalTalk), since neither PCem nor 86Box support an RS-422 port as provided by the Apple LocalTalk ISA card.
Farallon also had AppleTalk software for DOS/Windows 3.1, which might been an alternative to Apple's.

Edit: *nix systems had both equally bad support for IPX and AFP.
IPX had to be enabled in kernal, while AFP was supported via netatalk. Mor or less.

Some NAS systems have already two network cards, which you could put into different segments.
Just download the stuff with the "safe" computers to the NAS and your retro pcs can get them later from the NAS.

You have several ways.
You can get an older router to dedicate it to your retro network.
You can set up a VLAN with no internet access for your retro network.
Any half decent router has parental control options. You just select the devices you don't want to have internet access and block them.

Jo22 wrote on 2024-10-18, 04:50:

Hm. Why so conservative? :) Are we getting old or are afraid of trying new things? ;) I thought the retro hobby was because of f […]
Show full quote

Hm. Why so conservative? 😀 Are we getting old or are afraid of trying new things? 😉
I thought the retro hobby was because of fascination about older tech, rather than just the usability and comfortability standpoint.

I mean, where's the point if we all end up using TFTs, CompactFlash cards as IDE HDD replacement, modern optical mice, RJ45 network cards and Goteks eventually?
What's left of the original experience if we don't do things the hard way once in a while?

Like using an SCSI CD-ROM drive/HDD, a null-modem cable or a real Hayes modem on a simulated or recreated landline?
Or use different network technologies that will be attached to networkbridges, so that they can talk to each others?

Really, it's not meant as criticism. I'm just wondering in general, because I noticed that retro hobby becomes more and more, um, uniform.
People all seemingly use things like CuteMouse, XT-IDE and mTCP as if nothing else there is.

By contrast, I'm enjoying to always figuring out if there's not something new about old and forgotten things.
Like old memory managers, network software, obscure hardware and so on.
Or handy scanners from the 80s (Logitech ScanMan) or something else.

I'm giggling slightly because of the mTCP connection and the XT-IDE connection. (The original XT-IDE card was trace optimized on one of my work laptops while it was idle. And I did a bit of early testing on it.) I'll see if I can go pollute Cute mouse now.

On a more serious note, there can be fun and joy in discovering (or rediscovering) a hidden software gem. But those gems really are few and far between. (I spent years searching BBSes, SIMTEL, and other sites when they were new.) A lot of old software was just bad or locked into the programming styles of the time. I started on mTCP because other networking software was constantly crashing, was confusing, or wouldn't work on a smaller machine like a PCjr or an XT.

Hardware has different problems. Most people you see coming into the hobby in the past few years were not around when this stuff was new, and are only learning and experiencing it for the first time now. So things like CF cards, standard Ethernet networking, "WiFi" modems, etc. make sense because they are plentiful and well documented. How many people are going to spend the time to learn how to do a vampire tap on ThickNet? Even if they had the time, what is the expense going to be and for what purpose? How many people are going to setup an entire NetWare server for basic file sharing? I love the sound of old MFM drives but they die and except for possible repairs on the electronics, they can't be repaired.

Let me tell you about my adventures with SCSI sometime ... Nevermind. The OS/2 crowd and the PS/2 people have far better stories.

Before I was the mTCP guy I was the PCjr, and even as an original owner it took a huge amount of time to document what I had. And then I spent a few more years saving related items and documenting those too. If you (all of us, not one person in particular) feel strongly about saving the older, less obscure tech, put together some "how-to" guides and post them where they won't get lost. Without the documentation it's very hard for newer people to discover and enjoy these relics, whether it be software or hardware.

Sigh. So we're surrounded by consumers everywhere?
That's hard to get used to. I grew up in both a ham and diy household and in a time were tinkering was normal.

When I had gotten my 286, PC magazines still encouraged users to use a soldering station for little projects here and there.

Like building a dialer for the phone. Was just a vero board, a diode, a little miniature relay. It was controlled by a serial pin and did simulate pulse dialing.

Or an audio digitizer, using an amp ic and a little a/d converter. Such things.
The programs were available as listings for GW-Basic, Turbo Pascal or as debug instructions.

Covox plugs were also popular projects. About every mod player shipped with a sample schematic.

Anyway, I've never seen this as a burden but as gift and an opportunity.
What else could be as fun as understanding your hardware and work with it? 😃

Thanks for your reply.

Are we having this discussion again? Don't worry about it. Just connect them to your network.

If you ignore the fringe ideas like IPX and AppleTalk

I guess the easiest way is to manually assign an IP address and subnet mask to the Win95 PC but leave the default gateway address blank.
That way it wont be able to resolve IP addresses.

You could use your routers settings page and deny internet access to the IP address of the Win95 PC.

If your router supports bridging, which not all ISP provided routers do, you could use bridging to prevent access.

You could install a software firewall like ZoneAlarm, or Norton Firewall to allow local traffic but deny all else.

There are many other ways of course, most of which I would favour myself but they would all involve buying something.

Are we having this discussion again? Don't worry about it. Just connect them to your network.

Alright, let's skip this annoying discussion. Why bother with vintage hobby, at all? It costs time, money and isn't comfy.

How about just using emulation like normal people do? 86Box, UTM..
Or just use a modern Linux PC with WINE. It doesn’t need any knowledge of archaic and obscure hard and software.

I mean, why do you want to cook a meal at home if there's fastfood available?
It just costs time and money, so why stick out of the crowd and be different for once?
After all, most people eat fastfood. They can't be wrong, can they?

Edit: No offense, but I think that the days of SMB1 are numbered. It's 2024 and not 2004, anymore.
I noticed this back in 2006/2007 when Windows Vista was available as release candidate.

Classic things like using a workgroup concept for small-scale networking had been phased out in favor of the new homegroup concept.

Holding onto SMB1 on a modern PC in order too keep communication with vintage systems not only works poorly, but it also means a security risk to the modern system.
In general, It's a loose-loose situation, I think. In my opinion, I mean.

I mean, it starts at the authoritzation level, already.
DOS-based Windows works on a per folder level, while NT-based Windows works per user level.
It's a wonder they can work together, even, when having completely different concepts.

Here's my personal story about this little odyssee..
Re: Windows 98 PC suddenly stopped appearing in the Network on my main (Windows 7) PC

Windows NT was designed for domain based networking, rather than workgroup networking. WfW (and W95) was meant for peer-to-peer networking.
And on top of that, on NT, we have to deal with NTFS permissions.

That's why I suggested thinking about a different networking stack in first place.
It's not because I want to shove it into someone's throat, but because I wanted go give an alternative approach.

Because if an external NAS is in the network, it might be multi-protocol and wouldn't require to be configured to SMB1 only in order to talk to a vintage PC.
The vintage PC could run something else, such as IPX or AppleTalk/AFP.

And since Mac OS 10.2.8 from the 2000s was still supporting AFP, I thought it might be supported by commercial NASes, as well.
Macintoshs were very popular in early 2000s, after all. When meanwhile IPX was "dead".
The venerable MacOS 8/9 was as well supported as Windows 98SE back then.

Also, since AppleTalk was a non-PC technology, I thought it wasn't being tied to NetBIOS/NetBEUI so much.
By contrast, IPX and SPX were highly PC-specific and historically did depend on NetBIOS.

Anyway, I don’t mean to insist on the OP using AppleTalk here.
It was just meant as an example for counter-technology to the ubiquitous SMB protocol, which once was popular.
Other vintage platforms like Amiga at one pont had implemented AppleTalk, too (see DoubleTalk).

It might also be feasible to use a Raspberry Pi as a NAS or a "bridge", which connects both worlds.

Edited.

Edit: What I noticed when sharing files using SMB between old Windows 9x PCs and modern Windows NT systems:
It's harder for an old system to be allowed to access files on a modern system than the other way round.
And since that's what most of us try to do, SMB isn't exactly ideal from to begin with.
Modern OSes are very restrictive and demand for higher authetication levels.
A dedicated network drive (NAS) without such high demands might be favorable, thus.

Edit: In other words, if a NAS is used for folder sharing, then the modern PC wouldn't have to go down to SMB1, but could remain safe.
It would rather be up to the the NAS to use SMB1 or any other vintage protocol, when ever needed.