Connecting to the Internet in a home or small office network

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Connecting to the Internet in a home or small office network

With the Internet Connection Sharing (ICS) feature of Network Connections, you can connect your home or small office network to the Internet. For example, you might have a home network that connects to the Internet by using a dial-up connection. By enabling ICS on the computer that uses the dial-up connection, you provide network address translation (NAT), addressing (DHCP Allocator), and name resolution (DNS Proxy) services for all of the computers on your network.

For more information, see Enable ICS, Internet Connection Sharing and network address translation, and Incoming connections.

After ICS is enabled, and users verify that they are all joined to the same networking workgroup as the ICS host, home or small office network users can use programs such as Internet Explorer and Outlook Express as if they were directly connected to the Internet service provider (ISP). The ICS host computer connects to the ISP and creates the connection so that the user can reach the specified Web address or resource.

ICS is intended for use in a home or small office where network configuration and the Internet connection are managed by the computer where the shared connection resides. It is assumed that this computer is the only Internet connection on the network, the only gateway to the Internet, and that ICS sets up all internal network addresses.

You might need to configure services on the ICS host computer to work properly across the Internet. The Web services that you provide must be configured so that Internet users can access them. For example, if you are hosting a Web server on your home network, and you want Internet users to be able to connect to it, you must configure the ICS host computer to permit traffic from the Web on to your network. For information, see Manage service definitions for ICF or ICS.

ICS requires two connections in order to work: one public and one private. The private connection, typically a LAN adapter, connects the ICS host computer to the computers on your home or small office network. The public connection, typically a DSL, cable, or dial-up modem, connects your network to the Internet.

Enable ICS on the public connection of your home or small office network, and before doing so, ensure that the network connection that ICS will use as the private connection connects only to your home or small office network. If you have only one connection to your network, that connection is automatically selected as the private side of your shared Internet connection when you enable ICS. If you have two or more connections to your network, you must do one of the following in order to enable ICS:

  • Select one connection to be the private side of your shared Internet connection. For information about how to select the private connection, see Enable ICS.

  • Set up Network Bridge to include all of the private connections to your network, so that Network Bridge serves as the private side of your shared Internet connection. If you set up Network Bridge to include all of the connections to your network, Network Bridge is automatically selected as your private connection when you enable ICS. If you do not set up Network Bridge to include all of the connections to your network, you can still select Network Bridge as your private connection.

    Combined Ethernet and wireless network For information about how to select the private connection, see Enable ICS. For more information about how to bridge connections, see Set up Network Bridge.

Adding ICS client computers to a home or small office network

When ICS is enabled on the Internet connection of a computer running Windows XP; Windows Server 2003, Standard Edition; or Windows Server 2003, Enterprise Edition, you can add a client running Windows 98; Windows 98 Second Edition; Windows Millennium Edition; Windows XP; Windows Server 2003, Standard Edition; or Windows Server 2003, Enterprise Edition to your home or small office network in the following ways:

  • Add a computer running Windows Server 2003, Standard Edition or Windows Server 2003, Enterprise Edition to your home or small office network by adding it to the home or small office network workgroup. For more information, see Join a workgroup.

  • Add a computer running Windows XP to your home or small office network by running the Windows XP Network Setup Wizard on it.

  • Add a computer running Windows 98, Windows 98 Second Edition, or Windows Millennium Edition to your home or small office network by running a Windows Server 2003, Standard Edition or Windows Server 2003, Enterprise Edition installation CD on it, and then running the setup program Netsetup.exe. For more information, see Configure client computers for ICS.

You can also add a computer running Windows 98, Windows 98 Second Edition, or Windows Millennium Edition to your home or small office network if you have a Windows XP installation CD. Run Network Setup Wizard on the computer running Windows 98, Windows 98 Second Edition, or Windows Millennium Edition. The wizard provides an opportunity to create a setup disk that can be run on computers running Windows 98, Windows 98 Second Edition, or Windows Millennium Edition.

Network Setup Wizard cannot be run on computers running Windows 2000. You can provide ICS addressing and name resolution services to a computer running Windows 2000 by adding it to your home and small office network workgroup.

Notes

  • When you enable ICS, the adapter connected to the home or small office network is given a new static IP address configuration. Consequently, when you enable ICS, TCP/IP connections that are established between any small office or home office computer and the ICS host computer are lost and need to be reestablished.

  • If your home or small office users need to access a corporate network that is connected to the Internet by a tunnel server from a home or small office network on which ICS is enabled, they need to create a virtual private network (VPN) connection to tunnel from the computer on the home or small office network on which ICS is enabled to the corporate tunnel server on the Internet. The VPN connection is authenticated and secure, and creating the tunneled connection allocates proper IP addresses, DNS server addresses, and WINS server addresses for the corporate network. For more information about creating a VPN connection, see Make a virtual private network (VPN) connection.

Items configured by ICS

When you enable ICS, certain protocols, services, interfaces, and routes are configured automatically. One important configuration is that the ICS host computer automatically becomes a Dynamic Host Configuration Protocol (DHCP) allocator for the home or small office network. DHCP distributes IP addresses to users when they start up.

Caution

  • If you enable ICS on any of your private network adapters, the home or small office network DHCP allocator might grant IP addresses to users outside of your network, causing problems on their networks. Additionally, if you enable ICS on a private network adapter on a computer that is directly attached to the Internet, you might expose your network to computers outside your network, potentially allowing external attacks.

  • Transmissions may be disrupted if you enable ICS on an existing network with other domain controllers running Windows Server 2003, Standard Edition, DNS servers, gateways, DHCP servers, or systems configured for static IP addresses. If you are running Windows Server 2003, Standard Edition and one or more of these components exist, you must use NAT to achieve the same results and to protect your network against data loss. For more information, see Deploying network address translation.

The following table describes each of the protocols, services, interfaces, and routes are configured automatically when you enable ICS.

Configured item Action

IP address 192.168.0.1

Configured with a subnet mask of 255.255.255.0 on the LAN adapter that is connected to the home or small office network

Autodial feature

Enabled

Static default IP route

Created when the dial-up connection is established

ICS service

Started

DHCP allocator

Enabled with the default range of 192.168.0.0 and a subnet mask of 255.255.255.0. Unique addresses in the range of 192.168.0.2 to 192.168.0.254 are allocated to private network clients

DNS proxy

Enabled

Notes

  • You cannot modify the default configuration of ICS. This means you cannot configure items such as disabling the DHCP allocator or modifying the range of private IP addresses that are distributed, disabling the DNS proxy, configuring a range of public IP addresses, or configuring inbound mappings. If you want to modify any of these items, you must use NAT.

  • For information about how to enable ICS, see Enable ICS.

  • Internet Connection Sharing and Network Bridge are not included in Windows Server 2003, Web Edition; Windows Server 2003, Datacenter Edition; and the Itanium-based versions of the original release of the Windows Server 2003 operating systems.