Windows XP and ICS
The setup requirements for ICS, be it with XP, 2000 or 98 are pretty much the same with most of the differences being in the location of the necessary setup screens. Consequently, this page looks very similar to that of the 2000 ICS setup.
An Internet service on a gateway machine can be processor intensive, depending both on the Gateway and Clients users' Internet Usage. This is probably more of an issue on a Windows machine than a Linux machine due to the fact that you need to have the WIndows environment up within Windows in order to use the sharing capabilities, whereas with Linux this is not normally necessary. As Windows requires Windows to be running (!), there is a great temptation to use the ICS machine as a workstation as well, but this can cause serious performance issues when clients want to use the ICS machines services. At minimum, I recommend at least a 300Mhz system with at least 128MB of RAM. If, for whatever reason, you need to use the ICS machine as a workstation as well, then I'd suggest at least doubling both of those.
Like most Internet Gateways, a Windows XP machine requires that it has two ethernet adapters installed, at least one of which must have a 10BaseT interface and connect to the Cable Modem using a straight RJ45 cable. The other adapter should connect to your internal network by whatever method used by the private LAN, be it RJ45, Thin/Thicknet or whatever. The information contained here uses 10baseT connectivity throughout. Like ALL gateways, it must also be switched in order for any LAN clients to be able to contact the outside world. If you do not want this situation then the only alternative is to purchase an all-in-one Gateway/Router/Firewall such as a Linksys or SMC Barricade (see the page on routers;-)).
As far as TCP/IP settings for the ICS machine are concerned, the CM attached NIC should have it's address and DNS server set to be obtained automatically. The other NIC will be set, by ICS, to 192.168.0.1, so there is no need to configure anything for this. Note tho' that if you already have an address configured on NIC2 then this will be overridden when the other NIC is enabled as shared.
Clients that wish to use the ICS server need to have their TCP/IP properties set to automatic also. ICS will enable both a DHCP and a DNS service that the clients can use these to obtain their address, gateway and DNS server. Detailed below are two diagrams showing deployment of ICS using XP, the first where a single client is connected to an ICS host using an CAT5 x-over cable and the second, where more than one client is connected to the ICS gateway via a hub or switch.
As previously stated, adding two NICs to a Windows XP machine adds the facility for one of them to be a shared device that other machines on a private network can also use to connect to other networks. Consider a Windows XP machine that contains two Local Area connections, shown as Local Area Connection and LAC 2 in the following screen dump. LAC2 is connected to the Local LAN and Local Area Connection is connected to the Cable Modem, which is the interface on which sharing will be enabled.
Note that it is possible to change the labels for these icons, so it can be useful to change your shared NIC to a friendlier name such as Cable_Shared or NTL for example.
Selecting the properties for Local Area Connection reveals the adapter and protocol settings. All protocols except TCP/IP should be unticked on this interface, as shown below. Notice that there are now three tabs available in the Properties. ICS is set via the Advanced tab.
Selecting the Advanced tab reveals two configuration areas, Internet Connection Firewall (ICF) and Internet Connection Sharing (ICS). For ICS, there are two options. The first enables ICS operation and allows client PCs access to the Internet. The second determines whether remote operations are possible on the ICS connection. If the ICS machine is not being used as a workstation, then this option can be enabled so that client machines can administer the ICS connection.
On XP, there is no longer a warning that the LAN connection will be set to 192.168.0.1, and after OK is clicked, the network configuration dialogue is closed. Note however, that the icon for the shared connection is now slightly different. The labels of the icons have now also been changed in the following screenshot so as to more reflect their use.
ICS Server TCP/IP Setup
The properties for the TCP/IP protocol on the NTL need to be set for DHCP (or, 'Obtain an IP address automatically' is ticked). In addition, DNS server addresses will also need to be set as automatic. This ensures that your ICS machine will get it's IP settings from NTL's DHCP server. These are actually the default settings for a NIC installed in XP.
The Advanced Button near the bottom of the panel leads to a further panel of options which enable further configuration of the TCP/IP settings, if necessary. The initial screen just informs that the NIC is set to DHCP.
The DNS tab is largely blank, and there is no need to make any changes to this.
The Wins tab details the configuration for the Windows Name service, WINS and also the configuration of the NetBIOS service. You can leave the settings blank on the WINS address list, but on the NetBIOS configuration I would suggest setting this to disabled, as shown.
The last tab, Options, has, at the time of writing just one option, TCP/IP Filtering. This allows setting of filters for specific ports and protocols. You can leave these at default, but it is important to note that by default, windows has little protection from the nastier Internet traffic, so you should look at some form of firewall. Kerio, ZoneAlarm, Outpost, Sygate, etc., all support ICS networking. Ideally tho', the firewall should be installed before connecting your PC to the Net!.
The TCP/IP properties for the local LAN NIC are reset to that shown below when sharing is enabled on a NIC on the sytem. No changes should be made to these properties, lest ICS is disrupted. All other TCP/IP configuration should also be left at default. This includes Microsoft Client and File and Print Sharing, assuming you wish to share files between the ICS machine and the clients.
Client TCP/IP Setup
Enabling ICs automatically sets your network to use 192.168.0.0 as it's network number. The hosts on your network must also use this network number as part of their IP address, with the host part being a number between 2 and 254 (1 cannot be used as the ICS machine already has that address!). ICS does provide a DHCP server, so the simplest method for getting the client PCs to connect is to set them for automatic address and DNS servers. This will result in the client PCs having both default gateway and DNS server as 192.168.0.1.
In some instances, DHCP does not work particularly well with ICS and it may be necessary to configure the client machines manually. In this case, the client needs to have the following settings:
- IP address is specified as 192.168.0.101 with a mask of 255.255.255.0
- The Gateway Address is set to 192.168.0.1
- DNS Servers are set to 220.127.116.11 and 18.104.22.168 (these are NTL's DNS servers)
Sometimes it is necessary to configure NTL's servers manually even if the client has leased an IP address from the ICS machine. If ICS is set-up correctly and the clients have valid 192.168.0.x addresses but are not able to access the Internet, then set NTL's servers as shown below:
Subsequent machines added to the Network will also require identical settings, bar the assigned IP Address which will require the final digit to be unique. For example, addresses 192.168.0.102, 192.168.0.150 and 192.168.0.200 are all valid addresses that can be used. The MS DHCP server will not allocate an address that it sees is already being used on the network.
An XP machine connected via ICS setup on an XP machine will also show an Internet Gateway Icon in The Network Connections window. Here we see Droid as the Internet Gateway as seen by an XP client machine. Note, this icon only appears when XP is the ICS provider.
This icon can be viewed as another Network connection for the local machine, so it is possible to view it's properties and, if granted access, manage the ICS connection remotely. This is a global option so if enabled, it will allow all users to change the status of ICS. The properties of such an Internet Gateway is shown below.
Note that, unless allowed to do so, it will not be possible to disable or view the properties of the ICS connection.
All Copyrights and Trademarks ACK'd. Not to do so would be a SYN!