Configure ICS in XP

Before you start

Objectives: learn how to configure Internet Connection Sharing on local network using XP machine.

Prerequisites: You have to know what is ICS in general. you should have a Switch which will be used to connect all clients on the local network. Also, some kind of Internet connection is required on the XP computer which will be used to configure ICS.

Key terms: internet, connection, network, server, ip, address, private, tcp, firewall, dhcp, access, protocol, udp


Enabling ICS

Internet Connection Sharing lets us share Internet connection with other computers on a home or small office network. In this example we have two network connections on the computer which we will use as ICS server. One is a broadband connection to the Internet and the other is a LAN connection to the home network. In our case, broadband connection is connected to the Internet trough DSL modem, and LAN connection is connected to the Switch. All other clients are also connected to the Switch.

 Network Connections

Image 242.1 – Network Connections

The first step in configuring ICS is to make sure that both connections are configured. Let’s examine the configuration of the Local Area Connection. Let’s open its properties, and then open the Internet Protocol properties. Notice that the IP address on this network adapter is now 192.168.1.70.

LAN IP Address

Image 242.2 – LAN IP Address

To configure connection sharing, we have to edit the properties of the connection that is used to connect to the Internet. In this case, we are using broadband connection called ‘Internet’. Let’s open its properties and go to the Advanced tab.

 Advanced Tab

Image 242.3 – Internet Connection Properties – Advanced

To enable Internet Connection Sharing we have to check the ‘Allow other network users to connect trough this computer’s Internet connection‘ option.

 Credentials Warning

Image 242.4 – Credentials Warning

Notice the warning. Right now the username and password for this Internet connection were not saved for use by all users. This means that this connection can only be initiated if we are currently logged on to the computer. We are going to fix this later. Let’s click OK, and take a look at other options that we can configure. Typically we do want to enable demand dialing. Demand dialing establishes an Internet connection whenever a computer on a network tries to connect to the Internet. Also, we can allow other users to be able to control the Internet connection sharing. In this example we will leave the default settings. Let’s click OK to save our changes. Take a look at the warning message.

 ICS Warning

Image 242.5 – ICS Warning

When we enable Internet Connection Sharing, the IP address on a network adapter will be changed to 192.168.0.1. Click Yes to confirm the change. Next, we need to save the username and password of the Internet connection for all users. Notice that right now the username and password are only available for us.

Connect to the Internet

Image 242.6 – Credentials

That means that we have to be logged on for anyone else to be able to use this connection. We need to change this so that anyone who uses this computer is able to use the Internet connection. When we select the ‘Anyone who uses this computer’ option, we have to reenter our password and click ‘Connect’, so that our credentials get saved. Finally, let’s take another look at the Local Area Connection properties and the TCP/IP properties. Notice that the IP address for this network adapter has been changed to 192.168.0.1.

LAN IP Address After ICS

Image 242.7 – LAN IP After ICS

Remember, all clients in our private network needs to be configured to use DHCP to automatically obtain IP addresses.

Firewall Settings

By default, when we configure an Internet connection on our workstation, a connection is configured only as a client connection. Internet Connection Firewall is enabled to prevent hosts on the Internet from contacting hosts on the private network directly. If our computer or computer on our private network provides services on the Internet (such as Web or FTP server), we need to allow access to those services. To edit those settings, we have to open the properties for the Internet connection, and go to the Advanced tab.

Advanced Tab

Image 242.8 – Advanced Tab

Here, under the ‘Windows Firewall’ section, we have to click the ‘Settings’ button. Again, we have to go to the Advanced tab.

Advanced Firewall Tab

Image 242.9 – Advanced Firewall Tab

Here, under the ‘Network Connection Settings’, we have to select the connection which we use to connect to the Internet, and click the ‘Settings’ button.

List of Services

Image 242.10 – List of Services

The Services tab identifies the services provided by hosts on the private network. These are the services that can be contacted by clients from the Internet. For example, we are going to enable FTP server on this computer. Let’s check the ‘FTP Server’ service. The following window appears:

FTP Server

Image 242.11 – FTP Server

Let’s click OK. Now, we are also going to enable Web server access. However, in the example, the Web server is actually running on a different computer on our private network, so we need to type in its IP address (or name), and click OK. In this example the machine which will act as a web server is named ‘webserver’.

Web Server

Image 242.12 – Web Server

We can use the ‘Add’ button to add additional services and ports. Now, let’s open the ICMP tab. Here we can control the system’s response to ICMP packets. The default is to not respond to any ICMP messages. For example, with Internet Connection Firewall (ICF) enabled, our computer will not respond to ‘ping’ or ‘traceroute’. Let’s enable ‘Allow incoming echo request’, which essentially means people can ‘ping’ this computer.

Allow Ping

Image 242.13 – Allow Ping

Other options allow us to customize which ICMP messages are supported. Click OK to save the changes, and click OK again to finish.

Common Port Numbers

  • Domain Name Service (DNS) – 53 (TCP and UDP)
  • Dynamic Host Control Protocol (DHCP) – UDP port 67 for sending data to the server, and UDP port 68 for data to the client
  • File Transfer Protocol (FTP) – TCP port 20 (data) and TCP port 21 (control)
  • Internet Message Access Protocol (IMAP) – TCP port 143
  • L2TP VPN – 1701 (UDP) and 1707 (TCP)
  • PPTP VPN – 1723 (TCP and UDP)
  • Internet Mail Access Protocol version 3 (IMAP3) – 220 (TCP and UDP)
  • Internet Mail Access Protocol version 4 (IMAP4 or just IMAP) – TCP port 143
  • IP Security (ISAKMP) – UDP port 500
  • Lightweight Directory Access Protocol (LDAP) – 389 (TCP and UDP)
  • Post Office Protocol (POP3) – TCP port 110
  • Remote Desktop – 3389 (TCP and UDP)
  • Secure Web (HTTPS, SSL) – TCP port 443
  • Send Mail Transfer Protocol (SMTP) – TCP port 25
  • Telnet – TCP port 23
  • Web Server (HTTP) – 80 (TCP and UDP)

Remember

In order for ICS to function we have to have two connections on ICS server. One connection will connect us to the Internet, and another to the LAN. Other computers (clients) on the LAN will access the Internet trough ICS server. We also have to manage Firewall settings on ICS server. Note that ICS configuration may differ depending on the network design and devices used. Default IP address of ICS server is 192.168.0.1 and Subnet Mask is 255.255.255.0. All other devices on local LAN should be DHCP enabled so that they automatically get IP addresses in the proper subnet from the ICS server.