Before you start
Objectives: Learn what is ICS and when can we use it on our network.
Prerequisites: no prerequisites.
Key terms: ics, network, internet, connection, private, server, address, dhcp, configure, dns, computer
What is ICS
With ICS feature we can share the Internet connection on one computer with multiple computers on a single, private network. ICS is implemented in such way that most configuration is automatic. When we configure our computer as ICS server, it actually becomes a NAT router. Also, additional services like DHCP and DNS proxy are enabled. With DNS proxy, DNS requests are forwarded to DNS servers on the Internet.
Remember that the ICS server has to have two network connections. One connection has to be connected to the Internet (public network), and the second connection has to be connected to the Local Area Network – LAN (private network). When we configure ICS server, the IP address for the private interface is automatically changed to a specific IP address. In Windows XP the address is 192.168.0.1, while in Windows 7 it is 192.168.137.1. The subnet mask is the same on both systems, it is 255.255.255.0.
The ICS server delivers information to hosts on the private network by using DHCP. Hosts get an IP address in the range from 192.168.0.2 to 192.168.0.254 (Windows XP) or from 192.168.137.2 to 192.168.137.254 (Windows 7), with a subnet mask of 255.255.255.0. They are also configured with a Gateway and a DNS server address which is of 192.168.0.1 (the private interface of the ICS system on Windows XP) or 192.168.137.1 (the private interface of the ICS system on Windows 7).
As you can see, in order for all to function properly, clients on our private network have to be DHCP enabled, so they can get an IP address that’s going to be compatible with the 192.168.0.0 or 192.168.137.0 network. If we have another DHCP server on the network, we should disable it. To force clients to use new DHCP server we can use the “ipconfig /release” and “ipconfig /renew” commands. This way they will get a new IP address from the new ICS DHCP server. Also, the private network should not have DNS servers, or domain controllers. We can configure our ICS to connect to the Internet on demand. For example, if an ICS is currently not connected to the Internet, and if a client computer needs to access some resources on the Internet, it will send a message to ICS saying that it needs to go to the Internet. At that particular moment, the ICS server will connect to the Internet and establish the connection, so that any of those clients can have full access to the Internet.
Internet Connection Firewall (ICF) should be enabled on the Internet connection on the ICS server, and not on the private connection. If we enable ICF on a private connection, this can disable communication with hosts on the private network. By default, the Firewall allows all outgoing Web traffic and responses to that traffic, but blocks all incoming traffic that is initiated from the public network. To allow incoming Web traffic, we have to open ports in the firewall based on the services we want to allow in. If the incoming service is hosted by a computer on the private network, we have to redirect the incoming port to the private host. We have separate article in which we provide more information about Firewall.
Example Configurations
We have separate articles in which we show how to configure ICS in different versions of Windows OS: