Software602 602LAN SUITE 2004
as an All-In-One Tool to Organize
Internet Access in a Small LAN
It all started a couple of months ago, when I got access to Home Ethernet and faced the problem of sharing it between several computers simultaneously. I sometimes want to read news on my handheld, comfortably sitting on a sofa. My friends sometimes come with their own notebooks. Besides, I may have more than one computer at home in future... Of course, Windows offers Internet Connection Sharing. But this feature is rather primitive. Besides, it just means "sharing" proper, while all the other features are configured on each computer separately, each in its own way.
In short, I'd like something like a router. Ideally — sort of a local server (but preferably not requiring a stand-alone computer). The most popular inexpensive solution for small companies in ex-USSR countries (as far as I know) is "some Pentium MMX" + Linux or FreeBSD. Nobody is going to deny positive sides to this solution (mostly its price, good configurability and functionality), but I don't possess a necessary level of expertise in *NIX-like OS. And to study this operating system just to solve this very task is hardly a good choice in terms of the benefits / efforts ratio.
Thus, I formed the following "request package": I needed something easy (both in terms of system resource appetites as well as learning curve), preferably for Windows, not for server versions, but for regular Windows XP. Besides, I hated the idea of messing with questionable ways to force licensed software (usually called "cracks & keygens") to run. Thus, my choice was limited to freeware (or at least inexpensive) software, so that I could legalize it normally, as required by the developer. The title of this article is a hint to you that I found what I had looked for. Everything below is actually my story about "how good I felt after I found IT". This story (from the point of view of networking gurus) will certainly seem amateurish. I don't object to it! That's a story of an amateur, who found a solution. But the tool discovered was so convenient (for me the amateur) that I decided to write about it (for users of the same level). Perhaps, they will also like it :).
Several words about 602LAN SUITE
This product is developed by Czech Software602, which is probably better known as a developer of the free office software 602PC SUITE. 602LAN SUITE, offered by this company, is intended for the same group of users: small companies and private users, who cannot afford buying "all-purpose monsters" from Windows software leaders — for economical reasons as well as because their functionality is obviously excessive for this group of users.
LAN SUITE integrates nearly all server functions you'll need at home or in a small office. The pricing policy is very flexible: for example, a minimum paid license for 10 users is just $149.95. Besides, (the most delicious thing!) — if your network includes up to 5 users only, this suite is free!
Below I will describe the key features of this suite in the order this program offers to configure itself. So, this article is actually devoted to the configuration (and also to the feature overview) of this suite.
Humorous lyrical digression: despite the English interface, brothers Slavs left "a visiting card", pointing at the origins of the program — e-mails folders are called "vstupni" and "vystupni". Russian-speakers will have some difficulties, but if you know the Ukrainian, you will definitely recognize them as "incoming" and "outgoing". To say nothing about the name of another system folder in LAN SUITE — "odlozeno". :).
The installation package of this program is about 32 MB. It can be downloaded from the official web site. 602LAN SUITE can be installed in the put-some-weight-on-the-Enter-key mode. That is you don't need to answer any questions, except for choosing an installation folder (if you don't like the default installation path). If you install the program on your computer for the first time, it will prompt to run Configuration Wizard at startup. You can either complete the wizard or just press Cancel and proceed right to Advanced Configuration. I usually take up the second way, as Wizard does not provide access to all settings I'm interested in. You'll be prompted to reboot after the installation is complete as a rule. But to all appearances, it's necessary only to activate the firewall driver.
There is a very convenient feature: bugfix releases (maybe even new versions) can be safely installed on the old version — all user settings of the previous installation, proxy-server cache, accounts, and mail boxes will be preserved. A fleeting analysis backed up my assumption that almost no settings are stored in Windows registry (except for the information about the program itself), configuration files are created in the installation folder (only if such files don't exist already), when you run the program for the first time. I even carried out a funny experiment: having copied the folder with installed LAN SUITE to a flash drive, I installed LAN SUITE on another computer (normal install procedure), then deleted everything in the install folder and copied LAN SUITE from the flash drive. After rebooting the computer, LAN SUITE worked fine with all correct settings (of course, I could probably overwrite only all configuration files, but I just didn't want to figure them out).
One note about installing this program under Windows XP SP2: as LAN SUITE has its own firewall, you should decide what firewall you are going to use: from LAN SUITE or the built-in Windows XP firewall. Thus, you either have to disable Windows XP firewall before the installation, or not to forget to disable LAN SUITE firewall after the installation, to avoid conflicts. You should do the same, if you use another firewall.
After the installation is complete, you'll be offered to register the program on the official web site and to get a serial number. Of course, this procedure is free for the program in free mode (5-user license). After the registration procedure your serial number will be sent to the email address, you specified. No keys are necessary to install bugfix releases, that is the registration procedure should be done only once for all sub-versions. By the way, program registration gave me one significant advantage, which I used many times: as you specify your email address, you start receiving emails. To the credit of Software602, among rare "spam" emails concerning multiple improvements and benefits of paid versions, I regularly received direct links to bugfix-releases of LAN SUITE.
Features and configuration
On this tab, we can create, remove, and modify accounts. It should be noted that the number of these very accounts is the number of LAN SUITE users (as it has already been mentioned, they determine the license cost). I draw your attention to this issue deliberately, because the number of people/computers, which can for example use LAN SUITE proxy server, even in the free 5-user version, is not limited.
The list of users cannot be empty, you should create at least one account. Besides, if there is just one user, it must have administrative privileges. The name specified in User name will be the email address. For example, on the screenshot we can see a user called nawhi and Default domain: ixbt.com. Thus, the email address of this user is email@example.com. If LAN SUITE users have email addresses at different domains, Default domain can be omitted. And now let's examine the modify user window (called by Add and Properties buttons).
Everything is quite self-explanatory: user name, full name, password. Privileges are assigned by checkboxes: whether the user is an administrator, whether he can send fax messages (LAN SUITE also supports this feature), Internet messages, use the proxy server (these privileges are granted to administrators by default). There may be several administrators — even all users. But mind it that any administrator has access to remote administration of LAN SUITE settings (via web interface) and to the web server directory via FTP with unlimited rights. Of course, if the remote administration and WWW-server options are enabled.
Besides, you can have all unsorted faxes and emails, or all incoming and outgoing messages redirected to this user. Aliases can be specified in the corresponding field, delimited by commas. For example, this user will have the following email addresses (besides firstname.lastname@example.org): email@example.com and firstname.lastname@example.org. You should also specify the maximum size of a mail box, in megabytes. I have plenty of HDD room, so I always specify the maximum size possible (9999 MB).
Concerning aliases: if you read a chapter about LAN SUITE working with external POP3 servers, you will understand how it automatically resolves the possible conflict of matching aliases with real user names in a specified domain. In brief: even if you specify a real email address of another user as one of your aliases, you will just fail to get emails from this address. So your mail just won't be sent to this alias. But this email address will be considered yours in "local" terms (inside LAN SUITE, installed on a given computer). For example: email@example.com is not my address. Thus, I cannot get emails from firstname.lastname@example.org. But if I send an email to myself (from email@example.com to firstname.lastname@example.org), I'll get it. That's because it will not go outside LAN SUITE, installed on my computer.
Configuring connection types
You can easily notice that LAN SUITE can work even with a dial-up connection (in case you choose "Connection — Permanent", all other options on this tab will become unavailable, as they will be not necessary). I must admit that I didn't test how well this program works with dial-up. The reason is simple - I just don't have a modem.
But judging from the options, the configuration is rather flexible. LAN SUITE can satisfy the most frequent needs of dial-up users: it can establish scheduled connections (separate schedules for different services) and, no less importantly, it can establish a connection on demand (in case of unsent emails or an incoming request for a proxy server). It can also break a connection automatically, in case the proxy-server does not receive new requests for a specified period of time.
There is even such a exotic option as to automatically establish the second connection after the first one has been successfully established. Starting a BAT file can be very useful. The simplest use for this function is to start Download manager automatically, not to waste a second of precious online time, even if you are not at your desk. But I still think that dial-up users should look for something simpler than LAN SUITE. However, that's just my personal opinion, nothing more...
NAT and Firewall
If your computer has two network interfaces, you can set up NAT (Network Addresses Translation). Dial-up Adapter can act as a network interface as well. Frankly speaking, NAT seems excessive for a home LAN with 2-3 computers, that's why I don't use this function. I'll just note that the program does not allow to set up NAT for itself (that is for the computer with installed LAN SUITE): the interface selected in the Connection to share drop-down menu immediately disappears from the Select internal interfaces list (NAT will work for these very options).
LAN SUITE also has a simple but functional built-in firewall. In the most primitive case, you can just enable it and select a security level — high, medium, or low. A description of the selected level will appear to the right of the slider.
If you want full control, you should select the custom level. It provides the most flexible options for firewall configuration, but it requires high expertise from a user. I'll risk to note that the Custom level in LAN SUITE firewall settings is slightly out of tune with the overall suite — it's really too complex even for an intermediate user. It requires a knowledge level of a system administrator.
In order to enable Custom Security level, you should have at least one set in the Permissions set list. If the list is empty, you should add a permission set. The program comes with several Permission sets, in particular High, Medium and Low Security presets. Conveniently, the meaning of other sets is clear from their titles.
The sets consist of simple rules. One rule usually describes one protocol and one direction. You can add, remove and modify rules in a set. You can also create your own rule sets (though you'd better edit ready sets).
A window for adding a new rule (a general case). Available options:
- Protocol: All, TCP (in this case you can specify a range of ports and select the response packets only checkbox), UDP (the same applies here — a range of ports, allow also response packets checkbox), ICMP (here you can select allowed message types), Other (you should specify a protocol number).
- Direction: incoming, outgoing, for the entire computer, or for each of the available network interfaces separately.
- From address: any, specified IP, IP in a subnet, IP range. You can additionally specify (a simple list, no masks) blocked IP addresses (exceptions).
- To address (configured like the previous option)
So: rules are combined into sets, sets can be added to the list of used permission sets, there are also standard predefined sets. That's all about the firewall. Theoretically, it's quite sufficient for practically any task. There is one problem: this firewall cannot work with different applications differently, any rule applies to all software installed on a computer. Besides, Windows XP Security Center cannot detect this firewall.
To High Security fans: you can use another method to ensure network security — not to use the built-in firewall, but to install an external program with one simple rule: Internet access (with proper limitations on ports and protocols) is allowed to LAN SUITE only. Considering that proxy server LAN SUITE supports HTTP, HTTPS, FTP via HTTP, FTP, SOCKS, Telnet and Real Audio — practically all programs can work with it. As a rule, even quite fastidious IM- and P2P-clients (ICQ, eMule) quite painlessly work via SOCKS proxy without significant limitations on their functions. By the way, I have Microsoft Windows Update, well known for its fastidiousness, working via HTTP-proxy LAN SUITE.
SMTP and POP3 server
Configuring a local SMTP server (including optional SSL). Everything is quite clear from the screenshot. You can specify an IP address, from which SMTP server will be available (if your computer has several IPs on different cards). But you can select either All or one IP (two out of three are not allowed). Anyway, SMTP is available to programs working on the same computer as LAN SUITE at 127.0.0.1 (localhost), you cannot change that. LAN SUITE SMTP server does not support authorization directly, you can just deselect the Verify sender by previous POP3 access checkbox.
Accessibility of the SMTP server can be limited by specifying IP filters (Permit access or Deny access, IP, Mask). This measure seems quite justified due to the limited authorization procedure, supported by the LAN SUITE SMTP server.
Configuring an external SMTP server, so that emails, sent to the local SMTP, go to the world wide web. Configuration options on the screenshot are self-explanatory. I will just note that there may be only one external SMTP server specified. Authorization is supported for both SMTP as well as POP3. It should be noted that the Re-send interval option applies only to the interval between attempts to send emails if the previous attempt failed. In a normal situation, emails are sent to an external SMTP server in less than a minute after they were received by the LAN SUITE SMTP server.
Configuring the local POP3 server (including SSL). In some aspects, it's similar to configuring the local SMTP: you can specify a port and IP, at which this POP3 server will be available. The POP3 server is also always available from the computer with installed LAN SUITE at 127.0.0.1. This cannot be changed either. Access to LAN SUITE POP3 server requires a user name and a password — those specified in a user account (described above).
And now let's review configuring external (relative to LAN SUITE) mail boxes, where e-mails will be collected and then distributed from the local POP3. There may be as many mail boxes as you need (even in the free 5-user version).
Setting up (adding/editing) external mail boxes. The procedure is quite standard, but there is one useful feature: you may specify a local user to receive e-mails, sent to this POP3 account (Received messages deliver to). Thus, it's very easy to organize receiving e-mails even from 10 different addresses so that they are collected in one mail box. I use this feature to the full, as I have a lot of email addresses, which I use just to read messages and never send emails from them.
I should explain here: of course, even if your local mail box collects emails from dozens of external addresses, you will be able to reply to any of them. But the reply will be sent from the address, which collected all the emails, and sometimes you don't want to expose it. However, this problem can be solved by creating a rule in your firewall to allow clients use third party SMTP servers. You may also allow access to remote POP3 servers, so that your guests won't have to reconfigure their email clients to get new messages.
I shall note one thing directly, even though it seems obvious enough: a user name and a password, specified in an account of the external POP3 server, and a user name and a password, specified in a LAN SUITE account are absolutely different. Of course, you may have them identical, but that's a special case, nothing more. LAN SUITE user with a user name "john" and a password "tomato" can get emails from an external POP3 server with a login "bill" and a password "orange". That's a common situation.
Observation: emails from external POP3 servers do not appear on the local POP3 server at once — you sometimes have to wait a little. When emails are collected from all mail boxes, LAN SUITE makes a pause and only then starts sorting incoming emails. I don't understand the reasons: judging by the logs, if there are no other requests, it may just remain idle for about a minute. I have one assumption though: as all received messages are stored in one folder as files before being sorted into the mail boxes, the local POP3 server may have its own scheduler (which cannot be configured by users); it's not checking for new emails in this folder constantly, but in some time periods.
Antivirus and anti-spam tools
602LAN SUITE has a special Anti-virus Edition with a built-in antivirus (it uses the core and virus bases from BitDefender). However, it does not come for free. Nevertheless, there is a way out! The fact is that the regular LAN SUITE can work with free antivirus AVG Free (it's also developed in Czechia by Grisoft — not surprising, considering the patriality of Software602). You are urgently recommended to install it. It's quite a good antivirus that supports all necessary functions for home users, it's free, its virus databases are regularly updated. Its LAN SUITE integration grants this antivirus another good feature. Here it is:
if LAN SUITE detected an antivirus (it can happen only in two cases: you either have AVG or LAN SUITE Anti-virus Edition) — you may specify an email address (LAN SUITE user) to redirect all infected emails. I intentionally added the spam user, so that all infected emails from all external mail boxes go there. The main boxes become twice as clean :). Outgoing emails can also be checked for viruses (settings are absolutely the same as for the incoming mail).
Justice is above all. Once I ran across one "bug": a spam email with a virus (packed into a zip file) put LAN SUITE into stupor: when the server received this email, it tried to analyze whether its contents were safe and then opened the classic Windows message "This program has performed an illegal operation and will shut down". I had to switch to receiving emails directly (into a mail client instead of the server) to get this email. With the average mail volume of about 1000 messages a day (including spam, of course), this situation occurred only once for three months.
Certification tab in the free version of the suite is not available, it works only in LAN SUITE Anti-virus Edition. However, this procedure only allows to add an antivirus status to each incoming and/or outgoing message. Considering that many viruses can fake similar status reports, benefits from email certification seem quite questionable to me...
Observation: emails are checked for viruses after they are received (not on the fly), so an infected email still manages to get to a computer hard drive for some time in the form of a LAN SUITE file. But this virus still cannot be activated, so there is nothing tragic about it.
Besides, LAN SUITE has a built-in Bayesian filter (learning). Emails, qualified as spam, can also be redirected to a selected mail box. Thus, I have all infected emails and spam redirected to a virtual address email@example.com. I look through this mail box once two or three days. And thanks to this approach, my main mail boxes are in peace and quiet... :)
The built-in Bayesian filter learns in an original way: you have to forward a spam message to the virtual address junk@junk. If a message is not spam, you should forward it to notjunk@junk. On the one hand, it's less convenient than clicking a button in your email client. On the other hand, how else can you teach a Bayesian filter, which is built into a server instead of an email client?
Besides, built-in anti-spam tools support filtering based on lists of "bad" SMTP servers as well as standard features - white and black lists of email addresses. Speaking of the Bayesian filter: there is an option to make the filter learn automatically from emails included into the white list.
The Bayesian database can be saved and restored. Here is my database, in case you don't want to accumulate your own one. It's a database of my filter, based on 1200 spam emails and 1666 non-junk messages. Of course, I cannot guarantee it will suit you, as I taught it to comply with my requirements. To restore a database, unpack both files from the ZIP archive into any folder and choose it after clicking the Restore Bayesian filter database button.
Besides, the anti-spam/antivirus tools, built into LAN SUITE, support filtering by unwanted attachment extensions.
LAN SUITE can act as a proxy server for HTTP, HTTPS, HTTP-FTP, FTP, SOCKS, Telnet, Real Audio. Besides, it can work as DNS Proxy. User authorization is supported for HTTP, HTTPS, HTTP-FTP proxy. You can block access to HTTP/FTP via SOCKS (which is natural and comes in handy...)
Of course, the proxy supports caching. Cache preloading from a specified address (HTTP, FTP) or a folder. You can prohibit caching CGI queries (you should really do it).
You can also limit access to the proxy server by an IP filter. You are strongly recommended to configure it, or any user will be able to use your proxy server to access Internet (if your computer has a "white" IP). It's even more convenient than to enable authorization, as not all programs work well with proxy servers requiring authorization.
I didn't test features of the built-in WWW server thoroughly. At least, it works well on the simplest level (it grants access to index.htm, allows to follow links). There is a checkbox to allow directory browsing — if you need to publish photos and don't want to create a web site. If directory browsing is allowed, your web server can be browsed like an FTP.
In addition, LAN SUITE can work as a DHCP server and thus covers all the features necessary to set up a software LAN router.
Administration and FTP server
Restricting administrative access to the program is very simple: this program can be configured either by all users or by administrators only. You can also allow remote administration and statistics access via web.
Note that there is an inaccuracy in the remote administration options: even if remote administration authentificaton is set to free access, absolutely all users will have web access only to statistics — you will still have to enter user name and password to get access to LAN SUITE settings. It's certainly logical and justified, but does not comply with the term "Free access". If you choose User authentification required, anonymous access will be blocked even for statistics browsing.
In order to get local access to remote administration, you need to type the following string in your browser: <http://127.0.0.1/admin>. In case of "truly remote" access, 127.0.0.1 must be replaced with a real IP address of your computer in your LAN or in Internet (if it has a "white" IP). Web administration is supported to the full extent: all those settings you saw on the screenshots are available not only locally, but also remotely, via browser. Frankly speaking, remote administration did not work well in the Opera browser (for some unknown reason I had no left menu, shown on the screenshot). But I had no problems in Internet Explorer.
Besides, LAN SUITE can work as an FTP server with some limitations (if you select the Allow update of the WWW server via FTP checkbox). That's because developers did not want to integrate a sterling FTP into LAN SUITE. This function was intended only to work remotely with WWW server contents. Consequently, there is no anonymous logon, no user right policies: only LAN SUITE administrators can access the FTP server (they must enter their user names and passwords) and they always have full access. Besides, the FTP server works only with a folder, specified as a web-server's root.
As you can see, practically all kinds of logging are supported. But we don't recommend to enable all logging options: it's clear that the Firewall messages / Log all packets option will immediately swell FWL.LOG to an unimaginable size, it may even slow down your PC performance.
A piece of advice: even if all logging options are disabled, each email sent and received will still add one line to lansuite.csv (in the LAN SUITE folder). If you work actively with email, it may grow quite large in time. Unfortunately, I can recommend only one solution: delete it from time to time manually.
LAN SUITE offers this feature as well (considering the intention to create an all-in-one suite, as well as integrated POP3 and SMTP servers, it would have been strange not to have it). You can get local access to web mail by typing the following address in your browser: <http://127.0.0.1/mail>. In case of remote access, you should replace it with a real IP. You will see a window prompting for your user name and password. Then you'll get access to your mail box. As any web mail, Web Mail from LAN SUITE is certainly inferior to stand-alone email clients in usability. But you can quickly browse your email box on a computer without an email client, or, for example, (in case of "white" IP) read your email from any internet cafe. It's hardly a disadvantage, is it?
The only emails, which are more convenient to work with in Web Mail than in a stand-alone client, is... spam :). No need to forward anything. You just mark the spam, click Junk, and the Bayesian filter in LAN SUITE will gladly "swallow" another lesson. Emails will be automatically moved to a special folder.
You can run the program in usual mode (like any other EXE file) or LAN SUITE can be installed as a system service. But I must warn you: you should do it only after you have completely configured the program. The problem is you cannot open the program window (and thus get access to its settings), if LAN SUITE is started as a system service. An attempt to start lansuite.exe, when the service is already running, results in a displaying a diagnostic message that the service is already running. Thus, you'll have to use web interface to change settings (even locally), which is not always convenient. Besides, the main window contains a very useful option - collect POP3 mailboxes and send Internet messages. As I have already written, immediate send is not very useful, as emails are sent rather quickly anyway. But getting new messages from all external mail boxes without waiting for the next scheduled reception may come in handy.
A useful tip (it's buried somewhere deep in the documentation): lansuite.exe, started with /hide option, starts up automatically minimized to tray.
The main window of the program
The main window of the program displays logs — all mixed up, depending on activities of the corresponding services. Note: in this case all events are displayed irregardless of what logs are enabled.
This is an interesting and in some cases quite legally free program. Of course, I may be mistaken, but I really don't know any other similar programs: working under Windows, all in one, freeware. In conclusion I can say that LAN SUITE 2004 has been running on my computer for three months already and it copes well with all its functions. No bugs, no freezes, or any other troubles. The program has humble memory requirements for its class: after a week of continuous operation, according to Windows Task Manager data, Mem Usage — 26 084 K, VM Size — 36 504 K. Here is a recap of the features:
- NAT and Firewall
- SMTP (including SSL) and POP3 (including SSL) servers
- Built-in (or external) email anti-virus tools
- Built-in anti-spam tools
- Fax message support (I didn't test it, but it's available...)
- Proxy server supporting the following protocols:
- HTTP and HTTPS
- FTP and FTP via HTTP
- SOCKS 4 and 5
- Real Audio
- DNS proxy
- DHCP server
- WWW server
- Defeatured, but still functional FTP server
- Full-featured web administration
- Web Mail
- All servers support IP Filtering
- Flexible logging
- Dial-up support (it's hardly vital, but still available...)
Frankly speaking I can hardly imagine a reason to start using another program. The only shortcoming of the current version is the lack of sterling FTP server. On the other hand, paraphrasing a proverb: one shouldn't look a freeware horse in the mouth. Strong points of LAN SUITE: it supports nearly all necessary functions, crystal clear configuration GUI (no need to edit configuration files manually), it can work together with a good freeware antivirus. It all makes this suite an ideal choice for a so called advanced user, who is not afraid of such mysterious words as TCP/IP, SMTP, PROXY, but who is still not confident enough to administrate more complex products. Besides, you can hardly overestimate convenience of the situation when absolutely all settings of all internet servers and services running in your system are accessible in one window — just switch among tabs.
Of course, some LAN SUITE functions (the ones I don't use :)) are left "off-camera". They include fax support, LDAP address book, advanced SSL settings, and many others... But it seems to me I have reviewed enough features to at least draw you attention to this product, if you are looking for such a program.
Write a comment below. No registration needed!