Step By Step: Sharing your Internet connectionThis column originally published in Australian Personal Computer magazine long, long ago. Last modified 03-Dec-2011.
Quite a lot of households, and an awful lot of small businesses, have more than one PC. If you want all of the computers connected to the Internet, the most obvious way to do it with an ordinary Plain Old Telephone System (POTS) modem - or other Net connection, but probably an modem - on every PC.
This isn't exactly the most elegant solution, since you either need to install multiple phone lines (and, probably, get multiple Internet accounts) or take turns dialing up. It's expensive, too.
If the computers are networked, though - and if they're not, you can do it for considerably less than the cost of a modem for each PC; see my guide here - you can quite easily share one Internet connection between all of them. A single modem connection will serve for light Web use and e-mail; if you've got lots of heavy Internet users or want to play Internet games then a faster connection will be necessary. Either way, it's shareable.
There are two basic ways to share a Net connection. Way one is via a proxy server, way two is via Network Address Translation (NAT). Serious network-oriented operating systems like Linux can do bulletproof Internet sharing out of the box, but it's possible to get it happening on Windows as well, and you don't need to be a propellorhead to do it.
However you do it, Internet sharing requires the TCP/IP protocol, on which the Internet is based, to be used on the local network. Many small Windows networks have TCP/IP installed only for the "dial-up adapter" of the machines with modems; by default, networked Windows 95 machines don't have it installed, but Windows 98 and later ones do. In any case, it's easy to add the TCP/IP protocol for the network cards of the other machines in Network Properties, and it won't interfere with whatever other protocol/s you may be running. The installation guides that come with the more popular sharing systems, and the basic Windows help system, cover TCP/IP address setup adequately; so, of course, does my network guide.
For any kind of Internet access sharing - proxy or NAT based - you need one device, usually a PC, with a connection to the local network and a connection to the Internet. If you're using a POTS modem, that means one network adapter, plus the modem; if you're using pretty much any broadband Internet connection (cable, DSL, microwave, instantaneous tachyonic communicator that gives you a ping time below zero), that means two network adapters, one for the Internet connection gadget, one for the local network connection.
If you're using an asymmetric semi-broadband Internet connection, like those satellite arrangements where you get downstream data from a dish but send upstream data via phone-line modem, then you of course need the Internet connection network adapter and POTS modem, and the network adapter for the local network as well.
Some broadband Internet connections let you have multiple computers connected; you generally hook up the cable modem, DSL box or whatever straight to the network like any other normal node (PC, printer, whatever; it doesn't need a dedicated PC of its own) and multiple machines, maybe with IP addresses specified by the ISP, maybe with hostnames similarly specified, maybe with a special logon client program running, all have Internet access without further fooling around.
Many recent broadband Internet connection gadgets are technically capable of working this way, but most ISPs don't provide the service, and most ISPs that do provide the service charge extra for it. Sharing your connection the proxy or NAT way, in contrast, works on any connection and doesn't cost any more. Some ISPs prohibit sharing, but it's very difficult for them to tell that you're doing it, as long as you're not violating their other policies having to do with running servers, or using too much bandwidth, or whatever.
Most ISPs either explicitly condone connection sharing - though they usually don't provide any technical support for it - or just ignore it, as long as you're not breaking other rules.
Many Internet users are familiar with proxies already, because their ISP runs one and either requests, or demands, that all customers use it. A proxy server sits between your client applications, like for example your Web browser, and the servers on the Internet from which you're requesting information. Your requests go to the proxy, and it passes them on only if it has to; if it's already got the data you want in its local cache, it can deliver it more quickly. ISPs want you to use their proxies because any data you get from the proxy doesn't have to be collected over the ISP's own paid-for Internet connection.
Proxies improve performance in much the same way as your local browser cache, because you can always get data faster from your ISP than from some more distant server. Your local browser cache can deliver data as fast as you can pull it off the hard drive, whereas data from the ISP proxy has to come via your Internet connection, but because the ISP proxy caches everything that's requested by all of the ISP's customers, you can get data quicker the first time you request it, as long as someone else has asked for it before.
A proxy, inherently, acts as a firewall, giving you some network security. There's no way for requests from the outside to get to any local machines other than the proxy box, and you can configure what, if any, requests the proxy box will listen to.
Proxies can also do fancier tricks, like blocking banner ads, or preventing access to particular sites. All of the basic Internet applications - HTTP, FTP, e-mail, telnet and so on - will work fine through an appropriately configured proxy, but you can also easily turn off services you don't want some or all clients to access.
ISP proxies have to be high performance systems, but you can run a bonsai version on any regular PC. If the proxy machine's on the same TCP/IP network as the rest of the computers that want Internet access, all they have to do is have its address set in the proxy section of their Internet configuration, and then whenever the proxy machine's on-line, so are they.
Possibly the most popular proxy for the Windows platform used to be WinProxy, which is commercial software but has a free 30 day evaluation version. It's got a friendly setup wizard, and it lets you individually assign particular permissions to particular clients. For instance, some clients can have HTTP access only, or just mail and FTP, or whatever combination you like.
This makes WinProxy handy for bosses that want to prevent their less motivated employees from accessing the Web, but still want them to be able to use e-mail. WinProxy can also log what different clients have done, and optionally restrict the time users can spend on a dial-up connection - handy features for parents. WinProxy isn't really a proxy any more, though; now it's based on NAT technology.
Network Address Translation (NAT) is simpler to use than proxy software. It provides automatic translation of incoming and outgoing data, and you have to do less fiddling with the clients to make them work with it. Like a proxy, a NAT setup runs on the computer (or other appliance) that physically connects the network to the Internet, but unlike a proxy, it does practically no processing of the data, and stores none of it locally.
Plain NATs are thus more transparent than proxies, but they don't have the ability to cache pages or block particular things, which is necessary for ad filtering, for instance. You can layer firewall and filtering functions on top of NAT - WinProxy does - but a plain NAT without this icing has no such abilities.
The most popular NAT software in the Wintel world today, judging by the number of people who could be using it if they wanted to, is the Internet Connection Sharing (ICS) feature which is built into Windows 98 Second Edition and later - WinME and Windows 2000 have it, too. Only the computer that's actually got the Internet connection needs to have a Windows version with ICS installed; the other machines can be anything that can use TCP/IP.
Internet Connection Sharing is actually an excellent, nothing-more-to-buy way to get your shared Net connection working, provided you're just connecting a simple LAN to the Internet. It includes a Dynamic Host Configuration Protocol (DHCP) server that can dole out IP addresses to all computers on the network. So out-of-the-box Windows installations with TCP/IP installed should just work, automatically, provided you don't mind using the local 192.168.0.x IP addresses which ICS sets up by default.
If you install ICS and some or all of the machines on the network were previously set up to use a proxy, you'll have to manually clear the proxy setting, or ICS won't work. If you're installing on a network that didn't previously have any kind of shared Internet access, though, this won't be a problem.
You may run into difficulties with ICS if your network configuration changes, though. For instance, if you take the ICS server machine and plug it temporarily into a network that has its own DHCP server. The ICS DHCP server turns itself off when it detects another DHCP server on the network, but making ICS work again afterwards without reinstalling Windows can be... well, it can be a challenge. Microsoft's off- and on-line documentation for ICS is copious, but unhelpful.
There are other cheap Windows NAT packages, like for example the $US25 shareware program NAT32, the evaluation version of which will only run for an hour at a time and is missing some of the newer features, but is good enough to illustrate the principle. WinGate and SyGate are another couple of popular NATs with downloadable evaluation versions, and they're both more capable and less mystifying than the Microsoft option. It's actually worth downloading SyGate just for its documentation, which explains the whole deal a lot better than Microsoft's skimpy ICS docs.
It's possible to play on-line games via a proxy or a NAT, and many games will work perfectly with the more popular sharing packages without changing anything. If you do need to change things, what you'll be doing is opening certain TCP or UDP (User Datagram Protocol, the simple protocol used by games like Quake) "ports", which are used by the games for communication, but not by the usual Internet applications. The kind of port and its ID number varies with the game being played.
If you're fantasising about playing first person action games on-line over one dial-up modem connection, be advised that it's not worth trying. A single player will use all of the bandwidth even the fastest POTS modems can provide, and for smooth play you really need a faster link even for only one player. More than one person just can't play a decent game over a single POTS modem link. If you're using a proxy it's likely you'll see reduced performance even for one player, because the proxy takes a significant amount of time to process the game data. NAT software is faster than a proxy and, generally, doesn't add enough lag to worry about.
Less time-critical entertainments, like real time strategy games, deal better with restricted bandwidth - but it depends on the game. Once lots of units start fighting, you're likely to find yourself dealing with the same nasty lag and drop-out issues. Turn based strategy games, on the other hand, can work really well over even very slow connections.
Hardware or software?
An Acer modem Internet connection sharer, reviewed here
You can get hardware devices that perform proxy and/or NAT functions. These can be an excellent solution for a small business, because plain models for one or two modems or a broadband connection cost much less than a new PC, are more reliable even than a Linux box (and much more reliable than a crash-prone Windows 98 or ME one), and are about as easy to set up as software sharing options. They can be left on all day, every day, in a cupboard somewhere with their modem. When a PC is doing the sharing, it mustn't crash or be turned off, but if that PC is also used for regular work then there's no way you'll be able to keep it up all the time, especially if it's running Windows.
On the minus side, hardware sharing appliances may or may not be able to do what less normal Internet connections need them to do. Australia's BigPond broadband services, for instance, require you to run a special logon client to get access; no sharing appliance can do that, so you have to jump through a hoop or two to make a local machine visible to the Internet and let it run the logon thingy. And @Home connections, including the Australian Optus@Home, identify computers via a NetBIOS hostname. Many sharing appliances can send a hostname; some can't.
On top of that, many ISPs provide handy-dandy short hostnames for their local services, like e-mail and Usenet and the proxy, which their local domain name server understands. So, for instance, the mail server name is just "mail". I've seen sharing appliances which don't pass requests for these names through properly. Mind you, I've also seen PC-based sharing systems that have the same problem, though most of them don't seem to.
If it happens, you have to find the real name of the servers, which are likely to be something like mail.cartagia.ispcorp.net, and subject to change without notice. Or their IP addresses, which can also be changeable.
Aside from these niggles, though, hardware sharer gadgets can be a great option, particularly for businesses with no real IT staff.
Which to pick?
Proxies give you a lot of power over who can do what, but NATs are, generally, easier to set up and will work better with odd applications like games. For a plug-and-go office solution, a stand-alone hardware proxy device is a good choice. For home networking, Microsoft's ICS works brilliantly. For a really industrial strength solution, a Linux box is the way to go.
But you don't need much expertise to set up the simpler Internet sharing options, and the benefits are huge.