When talking about Internet sharing, we can easily think of using a proxy server or an ADSL Modem with the routing function. In fact, we also have a cheaper option-using the shared Internet function provided by Windows. This is nothing new, but many people have not noticed that there are two ways to share the Internet in Windows: ICS and NAT. The two methods are different in terms of concepts, principles, advantages and disadvantages. This is what we will discuss next.
What is ICS
ICS, short for Internet Connection Sharing, is an Internet Connection Sharing service provided by Windows for a home network or a small Intranet network. It is actually equivalent to a network address converter, the so-called network address converter is when the packet forward process, you can switch the IP address in the packet and TCP/UCP port and other address information. With the network address converter, a private address can be used on a computer in a home network or a small office network, in addition, the network address converter converts a private address to a single public IP address allocated by the ISP to achieve Internet connection. ICS is also called an Internet conversion connection.
What is NAT
NAT refers to Network Address translation. in a broad sense, ICS also use NAT technology, however, the NAT mentioned here refers to using a computer running Windows 2000 Server as an IP router to forward data packets between a LAN and an Internet host for Internet sharing. NAT is also called an Internet route connection. Network Address Translation NAT converts a private internal address to a public external address to hide an internal IP address. In this way, you can use non-registered IP addresses internally and convert them into a small number of external registered IP addresses, thus reducing the cost of IP address registration. At the same time, this also hides the internal network structure, thus reducing the risk of internal network attacks.
Figure 1 shows how the source IP address (private IP address) is mapped to the public IP address assigned by the ISP for outgoing packets from NAT, TCP/UDP port numbers are also mapped to different TCP/UDP port numbers. For incoming packets to the NAT protocol, the target public IP address is mapped to the internal private address of the source, and the TCP/UDP port number is remapped back to the source TCP/UDP port number. For outgoing packets, NAT converts the source IP address and source TCP/UDP port number into a public IP address and port number. For packets flowing into the internal network, NAT converts the destination address and TCP/UDP port to a proprietary IP address and the original TCP/UDP port number.
It seems confusing. What is the difference between the two? In the Help file for Windows 2000, ICS and NAT are called Internet conversion connections and route connections. In fact, ICS is a simplified version of NAT, you do not need to understand IP addresses and routes when using ICS, and provide a simple configuration for using Windows 2000 vrouters to share the Internet in a LAN, however, ICS may not allow all IP communication between LAN and Internet hosts, such as multi-player games such as Diablo, real-time communication, and other peer-to-peer services, if you use a private address on the public Internet or use the same port number at the same time, these applications will be aborted. NAT configuration requires knowledge about IP address and route configuration. Its configuration is more complex than that of ICS. It allows all IP addresses to communicate between LAN and Internet hosts. In addition, ICS can only use one valid public IP address, while NAT can use multiple valid public IP addresses provided by the ISP for sharing by configuring the address pool.
Configure ICS and NAT services
ICS and NAT services cannot coexist in a LAN. We can only choose one of them.
The ICS configuration process is quite simple. First, you can establish a connection with the ISP through the "Network and dial-up connections" folder in the control panel, select the "share" tab from the "properties" of the connection, select the "Enable Internet Connection Sharing" check box, and click "OK, complete the settings of the ICS server according to the system prompts. The client only needs to set the NIC to "automatically obtain the IP address" and leave the "Default Gateway" blank. Then, the ICS service can be used after restart.
NAT configurations are relatively complex. First, you must set the IP address of the NIC that the server is connected to the LAN to 192.168.0.1, the IP address of the NIC connected to ADSL or Cable Modem is set to automatically obtained (or a valid fixed IP Address Provided by the ISP ). Set the DNS and DHCP services of the server. The NAT Function is mainly implemented through the "Routing and Remote Access" configuration in "Management Tools. When defining TCP/IP protocol properties, the client needs to set DNS and specify the default gateway as 192.168.0.1 to use the NAT service to share the Internet.
Select ICS or NAT
From the comparison between the two and the implementation of the two, we can draw a conclusion:
ICS is more suitable for the home network environment: it has simple functions and easy settings. It can be set without too much professional knowledge, which is necessary for the home network; it can only use a single public IP address and does not need to register multiple public IP addresses. Therefore, it costs a little, while home networking is usually very cost-sensitive. It does not have any security measures, security measures such as firewalls must be added, but you only need to install firewalls on the ICS host, and other machines in the LAN will be effectively protected, generally, the home network environment does not have high security requirements. ICS does not have special requirements on the system platform, computers installed with Windows 98 SE and later versions can be configured as ICS hosts, which is more suitable for the networking requirements of mainstream operating platforms in the current family.
NAT is suitable for the company's office network environment: it is more complex than ICS, and requires the installer to have a certain degree of professional knowledge, which is usually not available in families; it can use multiple public IP addresses (set the address pool), so that LAN users can use multiple valid IP addresses to access the Internet, to apply for multiple IP addresses, of course, only a large network can have such a need. Because IP routing is used, it has certain security measures and is more secure than ICS. Of course, for a LAN that uses NAT shared Internet access, it is also necessary to install a firewall. Currently, only Windows 2000 Server/Advance Server is supported, obviously, this type of operating system is not used by home users. it is logical to set the Windows 2000 Server that provides other services to the NAT Server in the office network at the same time; unlike ICS that require clients in the network to be dynamically assigned IP addresses by DHCP servers, clients in the NAT network can set static internal IP addresses, so their settings are more elastic and applications in the network can also Diverse and more adaptable to large-scale networks.