Internet Connection Sharing on Windows XP

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search

Microsoft Windows 98 Second Edition came with ICS "Internet Connection Sharing" as part of the distribution. Previously, individuals wishing to share Internet from one Windows PC to another, with the previous hosting the WAN connection, third party software such as Wingate was necessary. ICS changed all that, or did it?

Microsoft Internet Connection Sharing, or ICS, has been watered down and like so many other lame Microsoft products, Microsoft has intentionally handicapped ICS so that with all of its limitations, it leaves the end user needing more, opening the door to third party software once again.

Microsoft Internet Connection Sharing / ICS

05star.png

Microsoft ICS allows two or more networked computers to share a single Internet connection. ICS makes use of DHCP. ICS routes TCP/IP packets from a small LAN to the Internet. ICS maps individual IP addresses of local computers to unused port numbers in the TCP/IP stack.

You can enable ICS either manually or by using XP's Network Setup Wizard. To do it manually, open the Network and Dial-up Connections folder. Then right click the Internet connection that you want to share and select Properties. Click the Advanced tab, then check Allow other network users to connect through this computer's Internet connection.

ICS has very annoying limitations that were purposely imposed by the Microsoft developers. The original Win98SE ICS could actually do more than the version now distributed with XP.

Limitations

  • there is no way to review DHCP leases using ICS.
  • no provisions for bandwidth limiting
  • server will always have the IP address 192.168.0.1 so the WAN may not use that subnet
  • subnet may not be modified even if the client is static
  • ICS should not be used on a domain controller or DNS server.
  • ICS will conflict with any other DHCP solution
  • ICS conflicts with most VPN solutions

 

Third Party Internet Sharing Software

Here we review only those software solutions that run on Microsoft Windows. Your best option is to use a Linux solution, such as Netfilter and/or IPMasquerade to create your own Netfilter Firewall and Router. However, in some instances it is not possible to run linux on the gateway computer (the one with the Internet WAN interface.) Due to the ridiculous limitations in Microsoft's ICS, a good third party Internet Connection Sharing solution is needed. This is something that not only enables Windows as a router (which XP can do with a simple registry hack) but also provide NAT (Network Address Translation) for packet forwarding.

All of the third party software reviewing here contained NO SPYWARE at the time the review was written. Software known to contain spyware will never be recommended without FULL DISCLOSURE. In short, spyware sucks and we don't like it either.

Routix Netcom

45star.png

When price is a factor (and it is damn hard to find good NAT software for Windows XP that is FOSS) the Routix Netcom software is the best option available!

Routix Netcom: http://www.routix.net/netcom/

Some of the features include packet forwarding, NAT, traffic shaping, Ethernet bridging, and remote management.

Routix Netcom is not free, open source software, and is not freeware. However, the trial version has no limitation on the number of days that you may use it. With it you may also do everything you can with Microsoft ICS and much more (without the stupid ICS limitations.) The only limitation is that there are is a cap on the number of firewall rules you can use (5) unless you register.

PPPShar

15star.png

PPPshar Pro is a proxy server that enables you to share a single Internet connection of any type among several computers in a network. You can connect your home network or office to the Internet and use all Internet services like Email, WWW, FTP, Telnet, IRC, Real Audio/Video, ICQ, SOCKS 4 & 5 and more. PPPshar has a very simple interface, very easy to setup and use. Free Trial, $25.00 to buy. (requires Java Virtual Machine)

PPPShar: http://www.pppindia.com/intl/pppshar/index.html

 

Sharing VIA a Proxy Server

This is different from using NAT / packet forwarding. Microsoft has Proxy software, but it is not free. There are also 3rd party proxy software available.

Microsoft Proxy Server and ISA Server

05star.png

With Microsoft's web proxy, before a user can access the Internet their Internet application must perform a special undocumented "handshake" with the proxy (Called NT Lan Manager or NTLM authentication). The only web browser, for example, that knows how to perform this "handshake" correctly is Microsoft Internet Explorer. Microsoft keeps the "handshake" messages undocumented and confidential, making it next to impossible for users to run alternative web browsing software, such as Mozilla Firefox or Opera.

This is because of NTLM authentication. More recently the Mozilla Firefox was able to utilized a reverse engineered driver and thus recent versions have built in NTLM support.

Microsoft Internet Security and Acceleration (ISA) Server 2006 has replaced ISA Server 2004, ISA Server 2000, and Microsoft Proxy Server.

Freeproxy

20star.png

FreeProxy is Freeware which channels requests for internet pages via a single computer and enables many computers to share an internet connection. FreeProxy runs Windows 98, NT, 2000, XP and Server 2003.

FreeProxy by Hand Crafted Software: http://www.handcraftedsoftware.org/

Wingate

35star.png

Designed for the enterprise sharing an Internet connection on a LAN, WinGate Pro is one of the most complete proxy systems on the market. In addition to the top-of-the-line proxy server at its core, the server offers an e-mail server, spam filtering, and a full suite of plug-in features. But as thorough as WinGate Pro is, it's not for the less technically savvy or the impatient.

Wingate is also expensive. In the past Wingate has had some serious security issues.

OBIK (was Deerfield) Wingate: http://www.wingate.com/product-wingate.php

 

How to Enable Packet Forwarding / Make XP Act as a Router

To enable TCP/IP forwarding, follow these steps:

1 Start Registry Editor (Regedit.exe).
2 In Registry Editor, locate the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
3 Set the following registry value:
Value Name: IPEnableRouter
Value type: REG_DWORD
Value Data: 1
A value of 1 enables TCP/IP forwarding for all network connections that are installed and used by this computer.
4 Quit Registry Editor.

 

Using Linux Netfilter / IPMasquerade on MS Windows

XXstar.png

This is theoretically possible using Cygwin. Installing Cygwin on Windows XP gives you the ability to run many Linux commands from Windows. It is possible IPTables can be made to work on Windows XP via Cygwin. This is not verified nor confirmed.