ICS:Internet Connection Sharing

I had a reason for setting up ICS (wanted to connect a modem-less Linux PC to the Internet) so had a go at setting it up.

There’s no shortage of advice on the Internet, starting with microsoft.com and continuing around sundry forums and websites. It’s not so easy to find out exactly what to do for one’s particular hardware, and rather a lot of the advice is biased towards one particular solution, rather than explaining what range of solutions should work.

First, ICS (Internet Connection Sharing) is a scheme whereby one computer, equipped with a modem or suchlike device, provides a connection to the Internet and shares it with other computers via a local network.

Here’s what I found worked:

Used a computer running Windows XP Pro SP2 as the host. This computer had in effect two network ports; one connected to the Internet via USB2 ADSL modem, and the other, RJ45 port, connected to a wired 100MB network via a 5-port switch.

Ran the ICS setup wizard on the host. This sets up the host on a workgroup MSHOME  with IP address

Made the wizard’s floppy disk and used it to set up a Win98 client computer and a WinXP client computer as follows: workgroup MSHOME,  LAN addresses acquired automatically (DHCP), Internet addresses acquired automatically (DHCP)

Manually configured two Linux clients with LAN addresses acquired automatically (DHCP), Internet addresses acquired automatically (DHCP)

Turned off the ZoneAlarm software firewall on the host. Turned on the Windows XP firewall and added an exception for Port 80 on the local network. (This allows HTTP traffic from the clients).

The Linux clients show a Windows network, with workgroup MSHOME, in their file browsers.

Notes: Nowadays most home installations use a physically separate router box rather than using ICS.

Hardly any of the recent advice mentions using wired networks rather than wireless or powerline networking. This is strange – perhaps it is thought that wiring up a wired network with RJ45 terminated cables is too much bother for the home user! In fact, wired networks are no trouble at all once the wires are plugged in, which is more than can be said for wireless. Wireless has well-documented security problems. And sometimes it won’t work at all.  The IT person installed wireless networking in our lab where I work, but after a week or so it all had to be stripped out and replaced with a wired network. The wireless network was useless in an electrically noisy environment.

You might be put off by the idea of drilling cable holes in your home. However there is little in the interior of the average home to resist the determined driller. A power drill will soon put a 3/4″ hole through plasterboard, floorboard, lightweight partitioning or building block (but check where the pipes, joists and power cables go first).  And when you move out, a dab of filler and a lick of paint should make good the holes.

You can change the LAN DNS address from if you want – some say this would improve security. The LAN could use fixed addressing (i.e. etc) instead of DHCP if you want, though I didn’t test this.  One source said that you had to use fixed LAN addressing with Linux clients, but this is clearly untrue.

It is assumed that all the computers on the network have the relevant drivers for TCP/IP networking installed on them…

The free version of Zonealarm is incompatible with ICS – it seems you have to upgrade to the paid-for Pro version.  The Windows XP firewall was OK but only after I set port 80 as an exception for the local network (LAN), naming the exception HTTP80. Port 80 is used for HTTP and the exception allows web browsers on the client to work.

If you poke around in the control panels you can turn on an icon which shows on the XP client toolbar when the host is connected to the internet.

You may notice that time display on the clients is now synchronised to the host.

When it doesn’t work: Check your setup is correct.  Use file-share browsing to check that you can browse from and to all the computers on the network. If you can’t, you have a problem.  If some computers can’t see others or be seen by them, try disabling the local network (in the Windows control panel) and then enabling it. This worked for me in clearing a hangup.

If none of the clients can browse the Internet even though you see indications that it’s connected, try turning off the software firewall (or firewalls!) on the host. If that cures the problem, fix the firewall! Running with no firewall in place is a very bad practice.

It is important that the host computer should have two network ports (e.g. one USB modem and one RJ45 port) otherwise your ISP will get very annoyed about the lack of separation between local and Internet addressing, and may disconnect you.