Though file and printer sharing has been around since Windows for Workgroups, it wasn’t until the release of Windows 98SE and Windows 2000 that Microsoft gave us the ability to allow Internet connection sharing (ICS). In this Daily Drill Down, I’ll show you how to configure a shared Internet connection on a Windows 2000 Professional or Windows 98SE host computer. For background information, see my companion Daily Feature, "Understanding Internet connection sharing."
Microsoft’s Internet connection sharing (ICS)
Windows 98SE, Me, and Windows 2000 all include network address translation (NAT) solutions so that you can connect your small network to the Internet without purchasing extra software. Microsoft calls this implementation of NAT Internet connection sharing (ICS). It is a lite version of NAT. (A more full-featured and configurable NAT is included in Windows 2000 Server.)
ICS can provide three basic services:
- Allocation of private IP addresses to the clients on the internal network
- Translation of private IP addresses to a single public address
- Name resolution
Because ICS provides address allocation and name resolution, it should not be used on a network that has a DHCP and/or DNS server. Doing so will cause a conflict between ICS and these services.
ICS is designed specifically for sharing an Internet connection on a small office/home office (SOHO) network that functions as a workgroup (peer-to-peer network). If you want to share an Internet connection on a Windows 2000 domain or a network with DHCP or DNS servers, you should use the NAT routing protocol—which is configured via the Routing and Remote Access (RRAS) console on a Windows 2000 server—instead of ICS.
Using ICS on Windows 2000 Professional and Windows 98SE
Although its functionality is the same on either operating system, enabling and configuring ICS is significantly different depending on whether you are using Windows 2000 or Windows 98SE. In this section, I’ll show you how to set up ICS with both operating systems.
It is important to note that ICS is installed or enabled only on the computer that will share its connection to the Internet. The computer that will run ICS must have two connections: one to the internal network (LAN) and one to the Internet (a modem, ISDN or DSL terminal adapter, cable modem, etc.).
Windows 2000 Server supports both ICS as described here and the NAT routing protocol. ICS is configured with Windows 2000 Server in the same way as with Windows 2000 Professional.
Installing and configuring ICS on Windows 98SE
In Windows 98SE, the first step is to install ICS. To do so, open the Add/Remove Programs applet in Control Panel. On the Windows Setup tab, select Internet Tools and click the Details button. In the dialog box presented, check Internet Connection Sharing, as shown in Figure A.
|Install ICS in Windows 98SE via the Add/Remove Programs applet.|
Click OK twice to exit the Windows Setup page, and you’ll have ICS installed on your Windows 98SE computer. Note that you may be prompted to insert the Windows 98 CD installation disk. After the appropriate files are copied, the Internet Connection Sharing Wizard will start.
If you do not already have a dial-up networking connection or a LAN connection configured, the Internet Connection Sharing Wizard will automatically start, and you will be prompted to set up an Internet connection for this computer.
The wizard will walk you through the process of creating a Client Configuration disk, which is used to configure the other computers on your LAN that will connect to the Internet through ICS. (You can skip this step and configure the other computers manually if you prefer.)
You will be prompted to restart the computer, after which ICS will appear as an installed component in the computer’s Network properties (accessed via the Network applet in Control Panel or by right-clicking the Network Neighborhood desktop icon and selecting Properties), as shown in Figure B.
|After you install ICS, it appears on the Configuration tab of the Network properties sheet.|
Now you can configure ICS properties. In Control Panel, open the Internet Options applet, select the Connections tab, and then click the Sharing button, as shown in Figure C.
|Click the Sharing button on the Connections tab of the Internet Properties sheet.|
On the General tab of the Internet Connection Sharing properties sheet (see Figure D), you can choose:
- To enable or disable ICS on this computer.
- To show or hide the ICS taskbar icon, which indicates how many computers are connected through ICS.
- The connection you use to access the Internet.
- The network adapter you use to connect to your LAN.
|Enable and configure ICS with the Internet Connection Sharing properties sheet.|
Once ICS is installed and configured on the host computer, you must configure the other computers on your LAN to connect through the ICS computer.
The ICS wizard sets the IP address for the ICS host computer’s internal interface (the network card that connects to the LAN) to 192.168.0.1. There are two ways to set the IP addresses for the other computers on the LAN:
- Use automatic addressing (preferred)—In the TCP/IP properties of the network card for each client computer, select Obtain An IP Address Automatically. The ICS computer will act as a DHCP allocator and assign a different IP address on the 192.168.0.0 network to each computer.
- Set IP addresses manually—In the TCP/IP properties of the network card for each client computer, select Specify An IP Address and give each computer a different IP address on the 192.168.0.0 network (that is, 192.168.0.2, 192.168.0.3, etc.). Set the subnet mask for all computers to 255.255.255.0. Set the default gateway for all client computers to 192.168.0.1 (the IP address of the ICS host computer).
To set TCP/IP properties, select Network in Control Panel, select TCP/IP à <name of network adapter> and then click the Properties button. The Properties sheet is shown in Figure E.
|ICS can assign IP addresses automatically, or you can configure them manually.|
You can run the Client Configuration Disk created by the ICS wizard to configure the browser software on the client machines or skip to the section on configuring the browser’s Internet options for Windows 2000 and follow the same steps.
Enabling ICS on Windows 2000 Professional
On Windows 2000 Professional, ICS functionality is built-in and does not have to be installed. Microsoft has simplified configuration of the host computer. To enable ICS on a connection that you want to share (for example, a dial-up connection to your ISP), open Start | Settings | Network And Dial-Up Connections.
You must be logged on with administrative privileges to enable ICS on a Windows 2000 computer.
Right-click the connection to be shared and select Properties, as shown in Figure F.
|Right-click the connection you want to share and select Properties from the drop-down menu.|
This will open the Dial-Up Connection Properties sheet. Select the Sharing tab, as shown in Figure G.
|Enable ICS on the Sharing tab of the selected connection’s properties sheet.|
If the connection being shared is a dial-up connection, you can enable on-demand dialing, which will cause the ICS host to dial up and connect to the ISP whenever an ICS client computer tries to access an external resource (for example, when the user enters a Web site URL that is outside the LAN or attempts to send or check Internet e-mail).
If you have network applications that you want to configure for the client computers, click Settings. You can add applications on the Applications tab. You will need to know the TCP/UDP port numbers on your network to which the applications will connect. Likewise, you can configure services using the Services tab.
Note that it is not necessary to configure these settings for clients to use their Web browsers and e-mail clients to access the Internet. This setting is commonly used in order for network games and other nonstandard applications to work properly across the Internet. Also, the Web server service must be configured on the ICS computer only if you want users on the outside to be able to access a Web server hosted on your internal network.
The clients that will access the Internet through the Windows 2000 ICS computer must be configured to obtain an IP address automatically (as described above). The ICS host computer’s internal interface will be set to 192.168.0.1 and it will become a DHCP allocator, assigning IP addresses to the other computers on the LAN. The default gateway for each ICS client will be provided automatically. The ICS computer will also act as a DNS proxy to resolve fully qualified domain names (such as the URL entered in a Web browser) to Internet IP addresses.
Configuring your browser’s Internet options
Ensure that the browser settings on the ICS clients (on Microsoft Internet Explorer, these setting are located in Tools | Internet Options | Connections | LAN Settings) are configured as follows (see Figure H):
- Do not set the browser to automatically detect settings (clear the check box).
- Do not set the browser to use automatic configuration script (clear the check box).
- Do not set the browser to use a proxy server (clear the check box).
|Clear all check boxes in the Microsoft Internet Explorer LAN Settings dialog box.|
The Internet connection should be set to Never Dial A Connection on the Connections tab.
Troubleshooting ICS problems
If you have set up ICS on the host computer, but users are unable to connect to the Internet from the client computers on the LAN, check the following:
- Ensure that TCP/IP is installed on the ICS clients and configured to obtain an IP address automatically. DNS should be set to obtain a DNS server automatically, and no default gateway should be specified. (The ICS host, acting as a DHCP allocator, will provide the clients with this information.)
- Ensure that the Internet options in the browser settings are configured as described in this Daily Drill Down.
- Check that connection sharing is enabled on the correct adapter on the host computer. This must be the adapter that connects the host computer to the Internet.
- Ensure that the Internet Connection Sharing service is started.
To check the status of the ICS service on a computer running Windows 2000 Professional, open the Computer Management console (right-click the My Computer desktop icon and select Manage), expand the Services And Applications node in the left console pane, and click Services. In the details pane, note the status of the Internet Connection Sharing service, as shown in Figure I.
|Ensure that the Internet Connection Sharing service is started using the Computer Management MMC.|
If the service is not started, you can right-click it and select Start. You can change the start-up mode from Manual to Automatic by selecting Properties and configuring the properties sheet, as shown in Figure J.
|You can configure the service’s properties to start automatically when Windows starts.|
More troubleshooting help
The following Q&As address some other common problems you may encounter in setting up a shared connection.
- Q: After I enabled ICS on my computer, the computer lost connectivity to other TCP/IP computers on my LAN. What went wrong?
A: When you enable ICS on a host computer, its LAN card’s IP address is automatically set to 192.168.0.1. If you were communicating with other computers on the local network using TCP/IP and static IP addresses on a network other than 192.168.x.x, you would no longer be able to communicate with them because your ICS computer would be on a different subnet. You need to set the TCP/IP properties of computers to obtain an IP address automatically. The ICS host will allocate IP addresses to them, and you will be able to communicate with them again.
- Q: I enabled ICS on my Windows 2000 Professional computer and configured the ICS clients. I dialed up to the Internet and was able to browse the Web from the client computers. However, my ISP periodically disconnects my modem if it is idle for a time. When this happens, I can no longer access the Web from the ICS clients without going to the host computer and dialing the ISP.
A: You need to ensure that Enable On-Demand Dialing is checked on the Sharing tab of the Properties sheet for the Internet connection. This causes the ICS host to initiate a connection to the ISP whenever one of the ICS clients tries to access Internet resources.
- Q: I want to share my Windows 2000 Professional computer’s Internet connection, but I want to use a different private address range on my LAN instead of the 192.168.0.0 network. How can I do that?
A: You cannot modify the address range used by ICS, nor can you disable the DNS proxy or configure inbound mappings. If you need to do any of these things, you will need to use NAT (on a Windows 2000 Server) instead of ICS. NAT is configured via the RRAS console on the server computer and will work if you have a Windows 2000 domain controller, DNS server, or DHCP server on the network.
ICS is a useful feature that can save you money and make it easier and more convenient for all the users on your small LAN to access the Internet. Microsoft has built ICS into their most recent Windows operating systems so that it is no longer necessary to purchase third-party software to create a translated connection to the Internet. With a little bit of configuration and troubleshooting savvy, you can configure Windows 98SE and Windows 2000 Professional computers to share their Internet connections with other computers on your LAN.
For more information on NAT and ICS, read these TechProGuild features:
Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 additional books on subjects such as the Windows 2000 and Windows 2003 MCSE exams, CompTIA Security+ exam, and TruSecure's ICSA certification.