Collaboration

Understanding Internet connection sharing

Windows 2000 and 98SE can connect multiple clients to the Internet using only one IP address. In this Daily Feature, Debra Shinder explains how, and why, Internet connection sharing works.


The original purpose of networking computers together was to share hardware peripherals, such as printers, and resources, such as data files and applications. Microsoft began to focus on setting up local area networks (LANs) and creating file and printer shares way back with Windows for Workgroups 3.11. It was not until the advent of Windows 98SE and Windows 2000, however, that a method was incorporated into the operating system to allow sharing of one very important resource: an Internet connection.

In this Daily Feature, I’ll discuss why connection sharing is needed, how an Internet connection can be shared among computers, and how translated connections work. To learn how to configure a shared connection on a Windows 2000 Professional or Windows 98SE host computer, see my companion Daily Drill Down, "Setting up Internet connection sharing in Windows 2000 and 98SE."

Why share an Internet connection?
As it became easier and more economically feasible for small and medium-size businesses and home users to go online in the 1990s, it also became obvious that a method was needed to allow multiple computers to access the Internet via one connection. In many offices and homes, the expense of separate phone lines, modems, and Internet service provider (ISP) accounts for each member of the firm or family was adding up fast. In the small business environment, allowing individual computer users to dial out via modems attached to their computers could present additional problems, including security risks.

Networking the computers and sharing one Internet connection over the LAN, just like sharing the connection to a printer, is the obvious solution. But it’s not quite that simple; there are obstacles that must be overcome.

Overcoming the obstacles to connection sharing
Communicating over the Internet uses the TCP/IP protocols, and one requirement of TCP/IP is that each computer on a network be assigned a unique IP address. This creates a problem if you want multiple computers to share an Internet connection. The typical dial-up account with an ISP (or cable modem or DSL connection) provides only one public IP address, which is dynamically assigned by the ISP to the modem when you establish the connection and is released when you hang up or are disconnected by the ISP server.

Public and private addressing
The IP addresses used to communicate on the Internet are public addresses. Ranges (blocks) of public addresses are assigned by the Internet Assigned Number Authority (IANA) to large organizations for use by computers on their networks and to ISPs for distribution to their customers. This ensures that there will be no duplication of addresses throughout the entire global Internet. Public addresses are also called registered addresses because they are registered with the IANA.

Several special blocks of addresses, called private or reserved addresses, are set aside by IANA and cannot be used on the public Internet. The Internet routers will not attempt to forward packets addressed to these private addresses.

The IP addresses allocated for private networks are specified in Request for Comments (RFC) 1597. These include the following three blocks of address space:
  • 10.0.0.0 - 10.255.255.255
  • 172.16.0.0 - 172.31.255.255
  • 192.168.0.0 - 192.168.255.255

In addition to the private addresses, the address range 169.254.0.0 to 169.254.255.255 is reserved for the use of Microsoft’s Automatic Private IP Addressing (APIPA), which allows computers that are configured as DHCP clients to assign themselves temporary IP addresses from the reserved range if they are unable to contact a DHCP server for address allocation.

The Internet Protocol (IP) uses the address to route data packets to the right computer. If several computers on a network share the same address, how will those packets get delivered to the correct machine? For example, if machine A sends an HTTP request over the Internet for a specified Web page, in order for the Web server responding to the request to send the page back to that machine’s browser, it must know machine A’s IP address (in addition to the port number, which is used to identify the application—in this case, the Web browser—making the request).

How, then, can different computers on a LAN communicate over the Internet using a single connection? There are two ways it can be done.

How does connection sharing work?
Multiple computers networked on a LAN can be connected to the Internet through one Internet connection by using a routed connection or a translated connection.

A routed connection requires either a dedicated routing device (such as a Cisco or other brand of router) or a Windows NT or 2000 server that has IP forwarding enabled to function as a software router. The key point to remember about routed connections is that, although they do allow you to connect to the Internet via a single modem and phone line (or other single physical connection point), they do not allow you to use a single public IP address. Every computer on the LAN that will communicate over the Internet must have its own unique IP address. Many ISPs charge extra to allocate multiple addresses.

A translated connection, on the other hand, does not require a separate hardware device, can be implemented without the expensive server operating system, and requires only one public registered IP address to connect all your LAN computers to the Internet.

Benefits of network address translation (NAT)
Network address translation (NAT) software has been around for a while. There are several third-party NAT solutions, such as Sygate and NAT32, that were widely used to provide translated connections for computers running Windows 95 and NT 4.0.

With a translated connection, the computers on your LAN are assigned addresses from one of the private address ranges. The computer that is connected to the Internet (via modem, ISDN, DSL, or cable) is configured as the NAT host, which maps the Internet requests from the other computers (NAT clients) to a table that includes the client’s private IP address and a port number. The NAT host then translates the address to the public IP address assigned to its external interface (such as a modem) and sends the packet out over the Internet. The table used to keep track of which computers on the LAN originate which requests is called the address translation table. This is how the host knows which internal computer should receive the response.
Some applications and protocols do not work with NAT. This is because their packets don’t contain the IP address in the IP header, or the TCP/UDP port is not in the TCP/UDP header. For example, IPSec cannot be used with address translation because the IP address is encapsulated inside the IPSec header. Some applications and services must be specially configured to work across the Internet.
With address translation, users on the LAN are able to send and receive data across the Internet using their Web browsers, e-mail clients, and other supported applications as if their computers were directly connected to the ISP.
For more information on NAT and on IP addressing, read these TechProGuild features:

About

Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 add...

Editor's Picks

Free Newsletters, In your Inbox