Tips about how to use Win2K Pro's ICS
One of Windows 2000's most useful networking features is Network Address Translation (NAT) support. NAT, which the Internet Engineering Task Force (IETF) Request for Comments (RFC) 1631 defines, is a routing protocol that lets an Internet-connected device share its Internet connection with the rest of the network. The protocol provides this functionality by translating the IP header of TCP and UDP packets from IP addresses on the internal network to a single routable address on the Internet-connected interface. In addition to providing Internet-connection sharing, NAT technology enables security for internal LANs because Internet hosts can't reach the private addresses assigned to the machines behind a NAT-enabled device.
In Win2K, two software components provide NAT features: Internet Connection Sharing (ICS), which Win2K Professional and all Win2K server products include, and the NAT routing protocol, which Win2K server products provide as part of RRAS. If you're running Win2K Pro in a small office/home office (SOHO) environment and need to share your Internet connection with multiple computers, you'll definitely want to take a look at Win2K's ICS component. (For a comparison of ICS and NAT, see "Related Articles in Previous Issues.")
Win2K's ICS
Win2K's ICS is similar to its cousin of the same name in Windows Me and Windows 98 Second Edition (Win98SE) but is even easier to configure and implement. ICS works with all types of Internet connections, including LAN adapters connected to routers (e.g., xDSL, frame relay, ISDN) and dial-up connections over modems and ISDN terminal adapters. In addition, Win2K Pro automatically installs ICS, so it's readily available on your Win2K Pro system.
Setting up ICS is a fairly simple task. To enable ICS on an existing dial-up or secondary network connection, right-click the connection's icon in Network and Dial-Up Connections and select Properties. On the Sharing tab of the resulting dialog box, select the Enable Internet Connection Sharing for this connection check box. If the existing connection is a dial-up connection (e.g., modem, ISDN terminal adapter), you'll also see an Enable on-demand dialing check box. Select this option if you want to have Win2K automatically establish an Internet connection whenever the OS detects traffic destined for the Internet. This option is particularly useful and provides seamless Internet connectivity for your SOHO LAN because it establishes a connection regardless of whether the Internet-bound traffic was generated locally or by another machine on the network.
Next, configure each of your network clients to use DHCP. This configuration will cause the clients to obtain IP addresses from the ICS feature's built-in DHCP server, the DHCP Allocator, and enable clients to access the Internet.
While you're at it, also configure the clients' browsers. From the Microsoft Internet Explorer (IE) Tools menu, select Internet Options. On the resulting dialog box's Connections tab, in the Dial-Up Settings section, ensure that the Never dial a connection check box is selected, just in case the machine previously used a dial-up connection and was configured to dial on demand. Next, click Settings, and in the Automatic Configuration section of the resulting dialog box, select the Automatically detect settings check box and clear the Use automatic configuration script check box. In the Proxy Server section, clear the Use a proxy server check box. After you reboot your clients, your shared Internet connection should be up and running.
Understanding ICS's Laws and Limitations
As you can see, the ICS configuration process isn't very involved. However, this apparent simplicity is a result of some inflexibility that isn't immediately obvious to new users. Make sure that you understand ICS's limitations before you implement it on your network.
First, be aware that ICS provides a scaled-down DHCP server and DNS and WINS proxy servers, none of which you can disable. As a result, you should never enable ICS on Win2K servers acting as domain controllers (DCs) or those running DHCP or DNS services (or networks running these services) because ICS's operation will interfere with them. This warning also applies to Active Directory (AD)based Win2K domains because they must include DNS services.
Second, ICS is fairly inflexible in its required network configuration: After you enable it, ICS automatically configures the Win2K system acting as the Internet gateway so that the internal LAN adapter has an IP address of 192.168.0.1 with a class C subnet mask of 255.255.255.0. To make your LAN clients work with the ICS-enabled system, you must configure them to be on the same 192.168.0.x subnet and use the ICS-enabled machine as their default gateway. The easiest (and Microsoft-recommended) way to accomplish this setup is to simply configure the clients to use DHCP, which causes them to pick up the correct IP addressing information from the ICS-enabled system. The ICS machine will provide both DNS and WINS proxy services to LAN clients in this configuration, so you should ensure that the DNS and WINS server addresses on the ICS machine are correct.
Customizing an ICS Configuration
Assuming that the requirements of your network environment permit you to commit to ICS's configuration constraints and you followed the configuration instructions, you should have a shared Internet connection at this point. The only truly advanced configuration option possible with ICS is customizing ICS to let it work with specific types of applications and services over the Internet connection.