Download (direct link):
Internet Connection Sharing (ICS) made its debut in Windows 98 Second Edition, and it works similarly in Windows XP and 2000. (You may also see the acronym NAT, for Network Address Translation, used in the context of ICS. NAT is the Windows 2002/2000 Server service that, along with DHCP and DNS, provides ICS-type capabilities for larger networks.)
Remember Here's what you must know for the exam:
* Enable the feature by checking the Allow Other Network Users To Connect Through This Computer's Internet Connection box on the Advanced tab of the connection's property sheet (see Figure 13-11). You must be an Administrator to do this. Make sure you choose the right connection: It should be the one that links your PC to the Internet, whether that's a dial-up modem or an Ethernet card that connects to a DSL adapter.
Figure 13-11: Set up your ICS server machine here.
* If your connection isn't an 'always-on' type, then you can check Establish A Dial-Up Connection Whenever A Computer On My Network Attempts To Access The Internet, so that your PC calls up the ISP when any networked PC tries to gain access.
* The ICS feature is for SOHO (Small Office/Home Office) and personal home networking applications.
Don't use it on networks that have Windows 2002 or 2000 Server domain controllers, DHCP servers, DNS servers, or any computers with static IP addresses. Such networks should use NAT instead of ICS.
* When you create a shared Internet connection, Windows XP assigns your PC network card a static (that is, unchanging) IP address (192.168.0.1, subnet mask 255.255.255.0), and all present TCP/IP connections between your PC and other network PCs are lost.
* Other computers on the network that will use the ICS link must be set up to obtain IP addresses automatically on their TCP/IP property sheets.
The PC you're configuring to connect to the Internet effectively becomes a DHCP server, allocating IP addresses to other PCs on the local network. The range of allocatable addresses is 192.168.0.2 to 192.168.0.254.
* Those other computers must also configure their Internet Options control panel's Connection tab to never dial a connection; to not automatically detect LAN settings; to not use an automatic configuration script; and to not use a proxy server.
Internet Connection Firewall
Windows XP adds simple firewall protection automatically for Internet connections that you create with the Make New Connection Wizard or the Home Networking Wizard (the latter borrowed from Windows Me). If you're sharing an Internet connection, the Internet Connection Firewall, or ICF, need only be activated on the PC connection that actually links to the Internet. (ICF works on a per-connection basis.)
What ICF does is conceptually simple. It allows traffic to flow inbound from the public Internet only if that traffic is in response to a message that originated from the local PC (or one of the other PCs using the local PC's Internet connection as a gateway). So, if a user on a PC configured for ICF types a URL in the browser's address bar, ICF will permit traffic to flow back from that public URL to the user because the traffic is in response to a query that originated on the user's PC.
Tip Don't activate ICF on a VPN connection. ICF gets in the way of file sharing. (See 'Virtual Private Networking' later in this chapter.)
Instant Answer If you want to modify ICF to forward unsolicited inbound traffic to a Web server on your LAN, you can do so by enabling the HTTP service (port 80) on the ICF computer; just click the Settings button on the Advanced tab of the connection's property sheet and click Add. You'll need to specify the Web server's NetBIOS name or IP address. Another service you may want to add is Remote Desktop (that's port 3389).
Remember Setting the ICF status is an on/off proposition. Use the Advanced tab on the property sheet for the Internet connection to control whether ICF is on or off. Select Protect My Computer and Network by Limiting or Preventing Access to This Computer from the Internet.
Creating Inbound Connections
The Network Connections folder also contains icons for any inbound connections you may want to create. Windows XP supports inbound connections for modem, ISDN, VPN, serial and infrared ports. Lab 13-2 goes through the steps.
Lab 13-2: Creating an Inbound Connection
1. Log in as Administrator and start the Create a New Connection Wizard as usual. Click Next.
2. Choose Set Up an Advanced Connection in the Network Connection Type dialog box, and click Next.
3. Choose Accept Incoming Connections, and click Next.
4. Choose the device (modem and parallel port are the usual choices) and configure it, if you want, by clicking the Properties button.
5. Tell Windows to accept incoming VPN connections, as long as your computer has a unique Internet domain name or IP address.
6. Specify who can have access to this inbound connection, and (if you're using an analog or ISDN modem) set callback options for each user via the Properties button. Click Next.