French | Spanish | Portuguese | Italian | German | Japanese | Chinese | Korean | Russian | Arabic

If you’ve decided that NAT is the way to go, choose between using Windows’ ICS and another NAT device either hardware or software. ICS has several strong points:

• ICS is included with Windows, so the price is right. By contrast, a hardware NAT device will typically set you back $30 to $100. However, if your NAT device is included in a DSL router or a wireless access point that you need to buy anyway, the cost may be irrelevant.

• ICS includes the various networking components that you need to share a network connection: NAT, a proxy server, a router, and a DHCP allocator a minimalist DHCP server. ICS even gets around some of the problems of computers not being able to communicate with each other when each is behind a different NAT device.

• ICS is integrated with Windows Firewall. This integration lets you set up a shared and fairly well firewalled Internet connection easily. You can poke holes through Windows Firewall easily to enable programs that have specific connectivity needs.

• ICS and Windows Firewall are fully aware of Windows’ features and Microsoft’s add-on programs and are designed to work with them. For example, Windows Live Messenger knows how to automatically ask ICS and Windows Firewall to open the ports that it needs to communicate. Likewise, ICS and Windows Firewall open ports for remote-connection technologies such as Remote Assistance discussed in Article 21 and Remote Desktop Connection discussed in Article 30. ICS has two significant limitations:

• You need to keep the ICS host computer running all the time so that it can handle the Internet connection and the sharing. This limitation is obvious, but it can be restrictive.

• Because of the way ICS is set up, you can share only one Internet connection at the same time on the same network by using ICS. To share two Internet connections, you’ll need to set one up manually for sharing via another technology. Alternatively, you can create two separate networks with an ICS connection in each, but doing so is usually much more work than setting up a second shared connection manually, because those two networks won’t be able to talk to each other directly without ICS conflicts. You can also use unshared Internet connections alongside your shared connections without any problems.

You can get around the limitation of needing to keep the host computer running by using a hardware NAT device- for example, a cable router, DSL router, or ISDN router- instead of ICS. Almost all these routers have NAT built in, and most can run DHCP as well, so they provide an effective means of sharing an Internet connection. Some routers have firewalls built in as well, which you can use instead of or in addition to Windows Firewall. Some models are designed to connect to a network switch or hub and have two ports: an internal port for connecting to the switch or hub and an external port for connecting to the cable modem or DSL splitter. Others have switches or hubs built in, so if you haven’t yet bought the switch or hub for your network, you can solve all your connectivity needs with a single box. If you do decide to get a hardware NAT device, install it according to the instructions supplied. If you decide to stick with ICS, and you haven’t set it up yet, set it up and configure it as described in the following sections.

Configuring ICS Manually

If you haven’t had the Network Setup Wizard set up Internet Connection Sharing for you, configure it manually by taking the following steps:

1. Choose Start Connect To. Windows displays the Select a Network to Connect to window.

Control. Windows displays the Properties dialog box for the connection.

3. Click the Sharing tab. Windows displays the Sharing page .

4. Select the Allow Other Network Users to Connect through This Computer’s Internet Connection check box.

5.If you want other computers to be able to cause ICS to start up the network connection when it’s not running, make sure the Establish a Dial-up Connection Whenever a Computer on My Network Attempts to Access the Internet check box is selected. Clear this check box if you want only the computer with the connection to be able to start the connection.

6. If you want users of the other computers on the network to be able to control the Internet connection, select the Allow Other Network Users to Control or Disable the Shared Internet Connection check box. Clear this check box if you don’t want them to be able to manipulate the Internet connection directly.

7. If you want to set Windows Firewall to allow incoming requests for certain services across this connection, follow the steps shown in the next section. Normally, you won’t need to allow incoming requests across your Internet connection.

8. Click the OK button. Windows displays a Network Connections dialog box shown next to make sure you understand the settings that the wizard will apply and that you still want to proceed.

9. Click the Yes button. Windows closes the Properties dialog box for the connection, changes the IP address of your network adapter to the static IP address 192.168.0.1, and starts telling the other computers to get their IP addresses from it if there’s no other DHCP server on the network. At this point, ICS should be up and running. The shared connection appears in the Network Connections window with the word “Shared” next to it. Most Internet-enabled programs on computers that connect to the Internet through the ICS host should now be working. ICS shares the details of the connection via UPnP, so the client computers learn of the ICS host automatically. Other programs and services have special requirements for Internet connectivity and so run afoul of the protection provided by Windows Firewall. For example, if you’ve chosen to host a website on a computer that connects to the Internet through an ICS host, you’ll need to configure Windows Firewall to pass on the requests to the web server, because otherwise Windows Firewall will treat the incoming requests as hostile and discard them automatically. For such programs and services, follow the instructions in the section “Configuring Windows Firewall Manually,” a little later in this article.

Allowing Incoming Services to Traverse Your Internet Connection

In general, incoming requests across your Internet connection are a threat to your computer- for example, unauthorized people trying to access your computers. So Windows Firewall comes configured to block such requests by default. But if you run a web server or an FTP File Transfer Protocol server inside your network, you may need to allow incoming services to traverse your Internet connection.

Troubleshooting: Dealing with an IP Address Conflict When You Turn on ICS

If you have another computer on the network using the 192.168.0.1 IP address, Windows gives you a Network Error dialog box, as shown here, telling you to change the IP address on the other computer if you assigned the address manually.

The most likely reason for this error is that you’ve already set up ICS on another computer. Alternatively, you may have another NAT device currently managing the network and using this address range. To deal with the problem, take one of these actions:

• If you have another NAT device, remove it.

• If you have another computer running ICS, display the Properties dialog box for its shared connection, clear the Allow Other Network Users to Connect Through This Computer’s Internet Connection check box on the Sharing page, and then click the OK button.

• If the other computer isn’t running ICS but has the 192.168.0.1 IP address set manually, either set a different address manually or switch to automatic addressing. If you take one of these actions, click the Close button to close the Network Error dialog box. If none of the above applies to your network, click the Diagnose button. Windows attempts to diagnose the problems and then displays a Windows Network Diagnostics dialog box such as the one shown next. Usually, your best bet here is to click the Reset the Network Adapter “Local Area Connection” button, authenticate yourself to User Account Control, and let Windows try to resolve the problem. To allow incoming services to traverse your Internet connection, follow these steps:

1. On the Sharing page of the Properties dialog box for the Internet connection, click the Settings button. Windows displays the Advanced Settings dialog box .

2.In the Services list box, select the check box for each service you want to allow. For example, if you’re running an FTP server on one of your computers that you want Internet users to be able to access or that you want to be able to access when you’re elsewhere, select the FTP Server check box. To tell Windows which computer should receive the data, follow these steps:

• Select the service in the list, and then click the Edit button. Windows displays the Service Settings dialog box, as shown here:

• In the Name or IP Address of the Computer Hosting This Service on Your Network text box, type the computer’s name or IP address. If you’ve assigned static IP addresses to your computers, using the IP address is clearest here. But if you’re using DHCP to allocate IP addresses to the computers as needed, enter the computer name instead.

• Click the OK button. Windows closes the Service Settings dialog box.

3. To add a service, follow these steps:

• Click the Add button. Windows displays the Service Settings dialog box.

• Type a descriptive name in the Description of Service text box. This name is for your benefit, so make it whatever you want. Windows will add this name to the Services list box.

• In the Name or IP Address of the Computer Hosting This Service on Your Network text box, type the computer’s name or IP address. If you’ve assigned static IP addresses to your computers, using the IP address is clearest here. But if you’re using DHCP to allocate IP addresses to the computers as needed, enter the computer name instead.

• In the External Port Number for This Service text box, type the port number on which the requests for this service will arrive. Select the TCP option button if the requests will be TCP packets. Select the UDP option button if the requests will be UDP packets. TCP and UDP are Transmission Control Protocol and User Datagram Protocol, respectively, two of the protocols that make up TCP/IP. See http://www.iana.org/assignments/ port-numbersfor a list of common port numbers.

• In the Internal Port Number for This Service text box, type the port number that ICS should use when passing along the packets for the service.

• Click the OK button. Windows closes the Service Settings dialog box, adds the service to the Services list in the Advanced Settings dialog box, and selects its check box.

4. To delete a service you’ve created, select it and click the Delete button. Windows deletes the service from the list without confirmation.

5. Click the OK button. Windows closes the Advanced Settings dialog box.