See correction to this article

Routing comes home

LAN-to-WAN IP routing has been something of a theme for me for several years. In 1992, I decided to establish my company on the Web, so I went to an ISP and procured 256 IP addresses. I wanted the company to host its own Web and mail servers, so I needed a 24 * 7 Internet connection. Rather than buy a LAN-to-WAN router from Cisco Systems or some other router vendor, I chose to view the project as a learning experience and build a router. I built my first router to handle IBM's OS/2 2.0 and TCP/IP for OS/2. As soon as Windows NT began to support IP routing, I replaced the OS/2 box with an NT box. Then, I wrote a series of articles for Windows NT Magazine about how to make an NT box into a LAN-to-WAN router. Those articles still generate a fair amount of mail, all describing the same scenario and asking the same question: I have a computer in my house connected to the Internet with a Digital Subscriber Line (DSL)/cable modem/ISDN link. I also have several other machines in the house. How do I set up my Internet-connected PC to share its Internet link with the other machines?

After the initial set of articles, I revisited the question twice—first when Microsoft released improved routing code called RRAS (aka Steelhead), and again when Microsoft released Proxy Server 2.0. RRAS wasn't the answer for would-be home users because RRAS required that each machine have an IP address that the ISP provided; making up random addresses for home machines didn't work. Proxy Server circumvented this problem but created another problem because of the software's expense—in the $1000 range.

But if you have Windows 98 Second Edition (Win98SE) or Windows 2000 Professional (Win2K Pro), all you need to do is click your mouse a few times, reboot your home PCs, and enjoy routing with ease. Win98SE should be available by the time you read this column, and Win2K Pro and Windows 2000 Server (Win2K Server) will probably be available soon. Unfortunately, Microsoft won't offer Win98SE to just anyone—like Win95's OEM Service Release (OSR) versions, you can get Win98SE only with a new computer purchase. But if you can wait until Windows 2000 (Win2K) ships or you buy a new PC, easy routing is in your future.

You set up the Internet-connected PC much as you've done before, by creating a DUN entry. I haven't investigated how Win98SE sets up DUN entries, but the process is probably similar to that of Win95 and the first edition of Win98. Win2K has a different process, so you'll have to go to a different place in the user interface (UI) to set up your Internet connection. Right-click My Network Places, and select Properties. Double-click Make New Connection, and from there everything will look familiar—specify the kind of modem you use, what number to dial, and so on. (I've used this method to set up regular modems and ISDN. My cable and telephone companies don't offer cable modem or DSL service, so I can't tell you how to configure your system for those services.)

After you create the new dial-up object, right-click it and select Properties. Select the Shared Access tab, and select the Enable shared access for this connection check box. You'll get a dialog box that states When Shared Access is enabled, your LAN adapter will be set to use IP address 169.254.0.1... Are you sure you want to enable Shared Access?

This 169.254.0.1 address is where Internet connection sharing gets interesting. Built into the address is a Network Address Translation (NAT) router. If you don't work on infrastructure in a large firm, NAT routers might be unfamiliar to you. These routers provide a solution for companies that have several machines in an intranet that need access to the Internet. One way to get Internet access is to obtain IP addresses for every machine in the intranet. The intranet is then a subset of the Internet, so by definition the machines can access the Internet. But the relative scarcity of IP addresses, coupled with some valid security concerns, have led firms to instead build intranets with nonroutable IP addresses and connect those intranets to the Internet with NAT routers. The NAT routers give the machines Internet access without address visibility, thus offering a modicum of security.

Basically, Internet Connection Server (ICS) makes your system into a simple NAT router and DHCP server. After your dial-up connection is complete, the Ethernet card on the dialing machine reaches the 169.x.x.x address. Your ICS machine then acts as a DHCP server for your home network, handing out 169.x.x.x addresses to any machine requesting an address. The DHCP server also tells the requesting machine to look to the ICS machine to resolve DNS queries and to provide a default gateway for the other machines on your home network.

After you hook up your ICS machine to the Internet, you need to configure the other machines on your home network to look to DHCP for their IP addresses, then reboot the machines. As long as the machines can act as DHCP clients or you can set the machines' static addresses in the 169.254.x.x network, three things will be true: The ICS computer will give the machines IP addresses, the machines will have the ICS computer route their packets, and every machine in the house will be on the Internet. And those machines aren't restricted to Web (i.e., HTTP) access on the Internet. Although I haven't performed extensive testing, so far I've been able to retrieve POP3 mail, send SMTP mail, and ping locations without any trouble.

Furthermore, if you don't have a 24 * 7 connection, ICS offers the option to dial on demand. Thus, if you're sitting at a computer across the house from the ICS machine and you initiate some kind of Internet-based activity (e.g., retrieve mail, browse a Web site, ping a location), the ICS machine will sense that someone is trying to route packets to the Internet and will automatically dial your ISP to establish an Internet connection. As with RRAS's demand-dial capability, establishing the connection can take so long that whatever operation you're trying to perform can time out first. To avoid that possibility, I usually prime the pump by opening a command line and pinging somewhere. A standard ping will time out. By the time the fourth ping is finished, the connection is nearly ready, and the ICS machine is far enough along that you can usually open your Web browser or mail client and get through before it times out.

Microsoft clearly intends this routing solution for small office/home office (SOHO) use because the company doesn't provide much in the way of a management interface. You can't control the range of addresses that the ICS machine gives out, nor have I figured out how to query the ICS machine so that it will list the active DHCP leases. I'd like to have a situation in which ICS separates a small network from the Internet but connects to the Internet with an Ethernet card. However, ICS apparently won't let you share a LAN connection to the Internet—only a dial-up connection. (Anyone have a modem driver for a 3Com XL card?)

Perhaps the most significant consideration when you're thinking about setting up an ICS connection is whether your ISP will let you share your Internet connection among several machines. Some ISPs specifically do not let you run proxy servers, probably in reference to WinGate software. WinGate is a Windows-based proxy server program, popular because until recently it was about the only low-cost Internet connection-sharing technology you could get. But ICS isn't a proxy server, so you might not violate your ISP agreement by running it—at least until ISPs figure out that ICS exists.

End of Article
CORRECTIONS TO THIS ARTICLE:
Inside Out: "Internet Connection Sharing" incorrectly states that you can get Microsoft Windows 98 Second Edition (Win98SE) only with a new computer purchase. You can buy Win98SE at any software store or Internet site that sells Microsoft OSs. We apologize for any inconvenience this error might have caused.



You must log on before posting a comment.

If you don't have a username & password, please register now.

Reader Comments

Hi Mark,

I'm always like you articles. They are very informative, easy to understand and correct. Your books are very good too.

Hoa,

Hoa- September 28, 1999

Mark,

I had this working with RC1 (Ad. Srvr) as a primary, and a 98SE as a secondary. Everybody was 'happy' at home. I did a clean migration(readclean install) of RC2 and all hell has broken loose. Symptoms are: When sharing is enabled the IP given is 192.x.x.x rather than 169.254.x.x. When you change and click OK system hangs. (Finally did a change via regedit) Now I have the Server working to use cable modem, but cannot get the SE to work. I can ping from SE to IP address, but not the host name.

Anybody who might be able to provide a solution? Does RC3 correct this problem?

Thanks

Amin Mawji- November 16, 1999

In Inside Out: "Internet Connection Sharing" (October 1999), Mark Minasi discusses how to set up a Windows 98 Second Edition (Win98SE) computer as a Network Address Translation (NAT) router. Mark states that the host Internet Connection Server (ICS) system acts as a DHCP server. It doesn't. In Win98, Microsoft implemented Automatic Private IP Addressing (a fallback mode for Win98 computers configured to use a DHCP server) to make it easier for the average home user to set up a small home network without having to first learn about TCP/IP. Here's how Automatic Private IP Addressing works. Win98 first attempts to contact a DHCP server. If that attempt fails, Win98 assigns the computer an IP address. Win98 picks a random IP address of the form 169.254.x.x and checks to see whether any other computer on the network is using that address. If so, Win98 tries other IP addresses until it finds an unused one. You can check out this process for yourself. Simply disconnect a Win98 computer from your network (i.e., isolate the computer from a DHCP server or an ICS host machine) and force the computer to release and renew its IP address. After a noticeable delay, you'll get a 169.254.x.x IP address. In the article, Mark also states that ICS works only through dial-up connections and won't let you share a LAN connection on the Internet (e.g., what would happen if you had a Digital Subscriber Line--­DSL--­or cable-modem connection). When you use the ICS Wizard to set up ICS, you get a dialog box that lets you choose your Internet- connected adapter. You can select a network adapter or a dial-up adapter. I've successfully set up ICS on a LAN with a dual-homed ICS host that didn't even have a modem installed. --­Seth Atkins

Seth Atkins- February 16, 2000

<i> Your assertion about private addresses is correct, as is your observation that ICS works on connections other than dial-ups. Thanks for sending in the correct information. --­Mark Minasi </i>

Mark Minasi- February 16, 2000

I was wondering if Win2K pro allows you to share multiple lan adapters with one modem. Win98 does but using the point and click method only seems to allow one lan connection to share with the modem. Do you have any registry hacks that might fix this ?

robert Thompson- March 01, 2001

I was running Win2K on my internet PC and that allowed me to disable dial on demand so that the other PCs didnt cause the modem to dial all the time. I am now running WinMe and there is an option to disable dial on demand and also a registry entry for it but they don't work. How can I disable dial on demand for WinMe with ICS?

Simon Woodstock- June 20, 2001

I have a computer in my house connected to the Internet with a Digital Subscriber Line (DSL)/cable modem/ISDN link. I also have several other machines outside the house which will be able to dial-in into my pc using analog modems. How do I set up my Internet-connected PC to share its Internet link with the other machines?

Kevin Kane Li- February 15, 2002

I also have the same problem, it has been consuming me for some time now. tha Lan part was easy but the dial-in is prooving a challenge. Hope to hear from somenone

Manuel Amorim- November 05, 2003

How to configure ICS on a dial-in connection and share an internet access i have 2 modems 1 is connected to internet and 1 is for incoming connection setup are successfully connected the problem is the incoming client cannot access the internet ... PLEASE HELP where and how to configure it so that dial-in connection can all access internet

BING LOYSA- November 30, 2003

Do you know of any third party software that manages ICS? I have multiple internet connections, some of which I would like to password protect. I have heard of some programs working with ICS and giving you some management options. Have you, and if so what is the name or a downlaod link.

I have tried many different methods, and find ICS the best for bandwidth on the remote computers. All software routers, proxy, and socks servers seem to eat up half the bandwidith for the remote machines.

Thanks,

Keith- December 27, 2003

Ok i have 2000 advance server connected to the internet with a dialup connection and 3 2000 pro workstations on a small lan. ICS workes very well ( Leasing address anywhere from 192.168.0.2 to 192.168.0.254 ) but can be a bit annoying when im forced to search for a machine by pinging its host name because ICS changes address VERY frequently expecially if the server and workstation reboots. I decided to try Network address translation so i could use statistic ip address which is less headaches for a small network BUT i get problems. The NAT service gives address to the machines connected to the internal adapter with out any problems but the external adapter (modem) dosen't connect to internet and i dont get any error messages ot codes.

So now for the 2 questions: 1) HOW do i fix that problem or what am i not doing right ?

2) Can client machines access internet without ICS, NAT or a Proxy server installed on the server or else where on the network ?

Junior- May 01, 2004

This article is fantastic thak you so much for the corrections regarding ICS to LAN and also private IP addresses. The later being an issue i do not yet have a grasp of; hopefully by returning here i will soon have enough of an understanding to set up this network in my garage where i work on old PC's. A PII 400 98se clean install with a wireless card to an access point-on a LAN- created by Linky hardware firewall to the big bad internet via Cable Modem is the ICS machine.(whew!) ive got a yellow cat5 cable...wish me luck. sincerly jon c. Sammamish Wa.

j- June 01, 2004

how to share internat without any proxy with some ip settings/

Anonymous User- January 04, 2005

ICS on XP by default uses the 192.168.0.x range, and includes a DNS server, along with the NAT translator and DHCP server you list as having been in the 98 version.

Anonymous User- March 10, 2005

Article Rating 4 out of 5

 
 

ADS BY GOOGLE