Home Pauline's Pages Howto Articles Uniquely NZ Small Firms Search
Click for larger image
A Guide to Painless Networks
Internet Connection Sharing

A Guide to Painless Networks | Extra considerations when using Windows XP | ADSL Broadband | Microsoft Internet Connection Sharing Software | ADSL Wi-Fi Router Firewalls

Introduction and Overview

This latest part of the Painless Networking Series was started after I signed up for Broadband. The performance was so impressive that I was immediately asked if it could be made accessible on all our machines. Long term a wireless network based round a modem/router/wireless box such as the D-Link 604+ looks the way to go but speeds are increasing and costs falling so a software solution such as Microsoft's Internet Connect Sharing (ICS) software looked the the best short term solution and, after some grief has proved exceptional good. It is not for the complete newcomer or fainthearted - I have had to edit the registry twice whilst learning about ICS and even the procedures here may not be foolproof so make backups and be prepared for, in the limit, a clean reinstall of Windows before this will work.

Microsoft provide Internet Connect Sharing (ICS) software as part of Windows from 98 SE onwards. It was regarded as one of the 'killer applications' which justified the upgrade from earlier versions and is a must once you have an always-on broadband connection. It looks simple to set up but it seems to have been extremely problematic to many judging by the many and various pages on the web. The ICS and TCP/IP software with Windows SE and ME have flaws and can cause registry problems if you install and uninstall them too often, especially without frequent reboots.If you want extra information and to know what you may be letting yourself in for have a look at the Microsoft Technical Article Q238135 at http://support.microsoft.com/default.aspx?scid=kb;en-us;Q238135 which also has a lot of links.

The fundamental requirement, if you want to avoid problems, is that you must a tried tested and fully working network using TCP/IP and a working Internet connection before you starting to load ICS. Note - you only load ICS software onto the machine with your Internet Connection which can be Dial-Up or ADSL. If your ADSL connection is via a network card your need to have two cards, one for the modem and one for the connection between machines.

In my case the modem is a USB connection and I had a working network described fully in Painless Networking using IPX/SPX. I was not keen to add TCP/IP but I have found that one can add the TCP/IP protocol in addition to IPX/SPX and separate the file and printer sharing from the Internet Sharing by removing all the bindings to File and Printer Sharing And Client for Microsoft Networks in all the references to TCP/IP which is test show to allow safe connections. Tests using ShieldsUp at the Gibson Research Corporation web site show this to work and that the configuration is as good as one can get without a firewall.

Firewall issues: My favourite free Firewall is ZoneAlarm and I needed to add the range of IP addresses for the machines so they would be visible in the early stages of setting up. The free version does not handle ICS on the Server machine (the one with the shared connection) and the Internet Zone security level had to be reduced to medium (ie no stealth facility) to let it work. I have upgraded to the Pro version on the access machine running ICS to get full protection. The free versions will then also work in high security on the client machines and do need to be upgraded.

Installing Internet Connection Sharing (ICS) Software - Details

Now to the nitty gritty. Installing ICS on an existing network set up as per Painless Networking falls into several parts:
  1. Adding, configuring and testing the TCP/IP protocol on all machines.
  2. Installing the Internet Connection Software on the Server machine.
  3. Checking and changing Bindings of the ICS and associated Protocols on the Server Machine.
  4. Further setting up of protocols on all the Client Machines to utilise ICS
  5. Configuring the Software accessing the Internet on the client machines (Internet Explorer and Email etc.)
  6. Checking it is all 'safe' at the Gibson Research Corporation Site.
During the first 4 parts it is best to disable your virus checker and any firewalls - active virus checking and firewalls do not mix well with TCP/IP loading and configuration. It is however important you do not connect to the net until the breaking of bindings has taken place - on an ADSL continuous connection I am seeing hundreds of probes per day, over two thousand intrusions have been blocked by ZoneAlarm Pro so far on the day I am writing this and about half of them were rated as a high security risk. I hope it is unusual.

1. Adding TCP/IP safely on all machines.

In Painless Networking I showed how to use IPX/SPX protocols for file and print sharing to separate the Internet completely from the Local Area Network. We now need to allow Internet traffic to be passed over the Network. This means adding the TCP/IP protocol to all the machines as only it can carry the Internet traffic. I have found that one can add the TCP/IP protocol in addition to the IPX/SPX protocol and provided one separates the file and printer sharing from the Internet Sharing by removing all the bindings to File and Printer Sharing And Client for Microsoft Networks in all the references to TCP/IP it is almost as safe as before. In order to work with all flavours of Windows including Windows 95 and minimise the risks from use of 'clever' features I have chosen to use fixed IP addresses for the client machines as well as the Server which is already forced to 192.168.0.1 by the ICS software. It also makes any testing easier.

I will not go into how to add a protocol as it is covered in Painless Networking and if you have not already understood simple local networks you should probably not be trying to add ICS yet. When you have added the TCP/IP protocol it is probably best to reboot before changing the various settings on the tabs accessed via the Properties button. The end results are shown at various points below for the Clients and Server but at this point just setting the IP addresses and breaking all the bindings is enough. The settings for a typical client is below. The Server has IP address 192.168.0.1, the clients must have different last number up in the range 2 to 255 - it is logical to start at 2. Note - when you access a TCP/IP protocol it often warns you you should not change it - ignore the warning. After you have unticked all bindings you also have to confirm that you meant it.

Click for larger image   Click for larger image

At this point you may want to confirm the machines can see each other via TCP/IP. As we have fixed addresses it is very easy to check everything is working before installing ICS by using Pings. Ping is a simple (DOS level) system utility accessed by typing ping in the Run box (Start button -> Run and fill in the box). Ping 192.168.0.1 etc., should get a response from a machine with IP address 192.168.0.1 etc., whether sent from the machine itself or from another machine on the network. - if not then something is amiss and needs to be sorted. Pings also enable you to setup/check your firewall when you reinstall it. You would be wise to also check the changes have not stopped your file etc sharing working and that whatever mechanism you use for Internet Access still works - it will be very much more difficult to debug once the ICS server software is installed.

2. Internet Connection Sharing Software installation

You install ICS from Control Panel -> Add/Remove Programs to Windows Setup tab to Internet Tools and tick Internet Connection Sharing box and it runs a wizard which tries to detect your network and connections. In my case it failed to automatically detect and I had to select from drop down boxes the Dial Up Network and LAN adapters manually. They are accessible in the Internet Connection Sharing settings panel.

You reach the Internet Connection Sharing settings panel after leaving the Wizard from Start -> Settings -> Control Panel -> Internet Options -> Connections tab where you will find a new button Sharing in the LAN and Internet Sharing Settings at the bottom. Once you have got there it is worth ticking the Show Icon in Taskbar box so you can access the settings and turn it on and off easily.

Click for larger image

You will need to check/change the dialling options for your chosen default DUN connection - I have chosen to connect to ADSL manually at the start of the day but it should be possible to select the Always dial setting to connect automatically.

3. Checks and Changes on the Server after installing ICS Software

As I noted above installing ICS sets the TCP/IP address to be fixed at 192.168.0.1 which it why it is best to manually set the ICS 'server' machine to 192.168.0.1 and the other machines to be 192.168.0.2 etc. when you add/setup TCP/IP ready to install ICS. After the ICS install I confirmed the IP address of the Network Adapter (now named home) was 192.168.0.1 and checked the bindings were still unticked for Client for Microsoft Networks and File and Print Sharing. The following show those important tabs.

Click for larger image   Click for larger image

The rest of the tabs were not changed from the defaults but you can click on them in the following list to see them on my machine.

Click for larger imageYou will notice that after installing ICS several more network protocols and binding entries have appear and the existing TCP/IP ones have been renamed TCP/IP (Home) and TCP/IP (shared) as shown.

The items with red crosses have been added and those with a red sidebar have been changed where underlined.

The yellow sidebars indicate the TCP/IP protocols which need to be checked and modified as required.

In particular one must untick the bindings to Client for Microsoft Networks and File and Print Sharing on the new TCP/IP -> Internet Connection Sharing Bindings tab accessed via the properties button.

Click to see the TCP/IP -> Internet Connection Sharing Bindings tab

The TCP/IP (Home) you checked above and TCP/IP (Shared) Bindings tabs should be unchanged but I would still check that they look the same as the above with the bindings all unticked.

4. Client Machines - Additional Network Setup

The various documents I have read are inconsistent on the best TCP/IP settings for the client machines but the following is logical and works. I suggested earlier that it was best to set up to use fixed IP addresses. This enables one to check everything is working before installing ICS by using Pings. Ping is a simple system utility accessed by typing ping in the Start button -> Run and fill in the box. Ping 192.168.0.1 etc should get a response from the machine set correctly IP address 192.168.0.1 etc. - if not then something is amiss and needs to be sorted. A firewall may be the problem. Once that is working the machines need to know where the gateway to the unstick is and where the Domain Name Server (DNS) can be found hence those tabs are set up. The host name I gave on the DNS tab is that of the client machine (but I anm not sure it matters what you enter!). WINS is nor required.

Click for larger image   Click for larger image

Click for larger image   Click for larger image

The other parameters are as per the defaults. Click below for details.

5. Program Settings for Internet Explorer and Email.

We should now be on the home straight. The programs on the clients which access the Internet expect to use a local Dial-Up connection and need to be told to use the LAN. To get the Browsers Set-up go Start -> Settings -> Control Panel -> Internet Settings -> Connections tab - just either tick the box Never Dial a Connection or the box marked LAN depending on the flavour of Windows and that is it. Email packages are similar but one has to do it for every Account separately. FTP programs may need to have the Passive Transfers box ticked

6. Re-enable your virus checking software and Firewall(s) and check you are secure.

If you use ZoneAlarm the Server machine needs ZoneAlarm Pro or to run with the Internet Zone in the medium (non stealth) setting. You will need to put the address range used into the trusted zone on all machines. Clearly Virus checking needs to be re-enabled on all machines as soon as the set-up is complete. Now go to the Gibson Research Corporation Site http://www.grc.com and find the ShieldsUp tests and check all is secure.

Conclusions on ICS

Setting up ICS turned out to be the most challenging piece of system setting up yet but the results are well worth it. Access via the Network can not be differentiated from having the connection on he actual machine you are using. It provides broadband access with no loss of speed and the only 'cost' has been getting ZoneAlarm Pro 4 for the Server machine to maintain the same level of security as I had using the free version 3.7.193 The separation I have shown how to implement above should be sufficient but it is better to be safe. The number of probes I am seeing on an ADSL continuous connection is alarmingly high - over two thousand three hundred intrusions were blocked by ZoneAlarm Pro in 16 hours on the day I wrote this and about half of them were rated as a high security risk- ie looking for weaknesses for hacking attempts.

Feedback

The first part of this guide has been around a long time. The results have stood the test of time and I and others have set up many simple networks on Windows 95 and 98 machines very quickly and without hassle or problems. This part is, by definition, less mature and we would be very pleased if visitors could spare a little time to give us some feedback. We would be delighted if you could send comments or just let us know you have visited by sending a quick message to us.

A Guide to Painless Networks | Extra considerations when using Windows XP | ADSL Broadband | Microsoft Internet Connection Sharing Software | ADSL Wi-Fi Router Firewalls

Home page | Pauline's Pages | Howto Articles | Uniquely NZ | Small Firms | Search

Copyright © Peter and Pauline Curtis
Content last revised: 24th September 2004
Click for larger image