TCP/IP in Windows 2000 Professional
Internet Connection Sharing (ICS) allows multiple computers in a small
office or home office to access an Internet connection using a single
public IP address. For example, you may have a computer in an intranet
that connects to the Internet by using a dial-up connection. By enabling
ICS on the computer that uses the dial-up connection, you can provide
Internet access to all computers in the network. ICS provides network
address translation, address allocation, and name resolution services for
all computers on your network. ICS can also be enabled for high-speed
networks, such as Integrated Services Digital Network (ISDN), Digital
Subscriber Line (DSL), and cable-based Internet connections.www.tartoos.com
ICS is a version of a network address translator (NAT). A network
address translator is an IP router defined in RFC 1631 that can translate
IP addresses and TCP/UDP port numbers of packets as they are being
forwarded. Consider a small business network with multiple computers
connecting to the Internet. A small business normally has to obtain an
Internet Service Provider (ISP)–allocated public IP address for each
computer on its network. With a NAT, however, the small business can use
private addressing (as described in RFC 1918) and have the NAT map its
private addresses to a single or to multiple public IP addresses as
allocated by its ISP. ICS uses the private network 192.168.0.0 with a
subnet mask of 255.255.255.0 for all computers in an ICS-enabled network,
permitting a maximum of 254 hosts.www.tartoos.com
Figure 22.18 shows an example of a small business intranet using ICS.
The small business has obtained a public IP address of 207.46.140.35 by
its ISP. ICS assigns IP addresses from the private network address
192.168.0.0 for all computers in the business intranet.www.tartoos.com
Figure 22.18 Internet Connection Sharing Procedure
-
When a user on the small business intranet connects to an
Internet resource, the user's TCP/IP protocol creates an IP packet with
the following values set in the IP and TCP or UDP headers (bold text
indicates the fields changed by ICS):
-
Destination IP Address: Internet resource IP address
-
Source IP Address: Private IP address
-
Destination Port: Internet resource TCP or UDP port
-
Source Port: Source application TCP or UDP port
-
The computer forwards this IP packet to ICS, which
translates the addresses of the outgoing packet as follows:
-
Destination IP Address: Internet resource IP address
-
Source IP Address: ISP-allocated public address
-
Destination Port: Internet resource TCP or UDP port
-
Source Port: Remapped source application TCP or UDP
port
www.tartoos.com
-
ICS sends the remapped IP packet over the Internet. The
responding computer sends back the response to ICS. When received by
ICS, the packet contains the following addressing information:
-
Destination IP Address: ISP-allocated public
address
-
Source IP Address: Internet resource IP address
-
Destination Port: Remapped source application TCP or
UDP port
-
Source Port: Internet resource TCP or UDP port
-
When ICS maps and translates the addresses and forwards
the packet to the intranet client, it contains the following addressing
information:
-
Destination IP Address: Private IP address
-
Source IP Address: Internet resource IP address
-
Destination Port: Source application TCP or UDP
port
-
Source Port: Internet resource TCP or UDP port
www.tartoos.com
For outgoing packets, the source IP address and TCP/UDP port numbers
are mapped to a public source IP address and a possibly changed TCP/UDP
port number. For incoming packets, the destination IP address and TCP/UDP
port numbers are mapped to the private IP address and original TCP/UDP
port number.
ICS includes a DHCP allocator service to assign private IP addresses,
and a proxy DNS server to perform name resolution services on behalf of
all computers in the intranet.www.tartoos.com
Note
Do not enable ICS in an existing network that has DNS
servers, gateways, DHCP servers, or computers configured with static IP
addresses. If your Windows 2000 Professional– based computer is in a
network where one or more of these conditions exist, you must use
Windows 2000 Server network address translation. For more
information, see “Unicast IP Routing” in the Internetworking
Guide.www.tartoos.com
|
