Troubleshooting Q&A - June 3, 2004
Sharing a Cable Modem Get to the Route of the Problem
In this week's Troubleshooting column, we look at what not to do when you set up two PCs to share a cable modem using a router. Plus, we help you configure your VPN to work with your firewall.
By Ron Pacchiano
Q. For Internet service at home we use a cable modem. For the last six months, the modem has been used exclusively with my daughter's PC. Recently, I was given an old laptop computer, which I would also like to use with the cable modem. I read that Windows has built-in software that would allow me to share the connection, but I had a lot of trouble trying to get it to work. So instead of continuing to fight with it, I decided to just spend the extra money and purchase a router. I connected the router to our network as the directions indicated: The cable modem is connected to the router's WAN port and the PCs to the router's LANs ports.
Once that was completed, we tried running Microsoft's Network Setup Wizard. When we did this, we got an error message that says, Cannot complete the Network setup wizard: Other computers cannot connect to the Internet through this computer. We double-checked our cable connections and everything looks right. Both my daughter and I are running Windows XP Professional and we're using her PC as the host. I tired calling technical support, but after waiting on hold for 45 minutes I gave up. Do you have any idea what could be preventing this from working?
A. I'm sorry you've had such a difficult time getting through to tech support. You'd actually be amazed how many people write to me for just that reason. However, I think the solution to your problem is much simpler then you realize.
Even though you didn't come right out and say it, your question implies that you're still running Microsoft's Internet Connection Sharing (ICS) feature on your PCs. ICS is necessary only when you lack a router, and instead connect the Internet connection directly to a PC. The PC being used as the "Host" would also need to be equipped with two network adapters in order for it to work. One is used for the cable modem and the other for the PC sharing the connection. Since you have a broadband router, you don't need a PC to have multiple network adapters or use Windows XP's ICS feature.
Having ICS installed and running is no doubt the cause of your problem. So all you need to do is disable it. To do this just right-click on your network adapter and select Properties, click the Advanced tab and uncheck the Internet Connection Sharing option. With ICS disabled, we now need to verify the router settings and configure the PCs to obtain an IP address automatically.
So if you didn't do it already, you need to configure the router to work with your Internet connection. This is typically done by using a Web browser to connect to the router's default IP address (it's probably 192.168.0.1 or something similar). Log-on information is provided in the documentation. Most routers come with a setup wizard to make this task easier for you. Once that has been completed verify that your router's Dynamic Host Configuration Protocol (DHCP) services are enabled. The DHCP service automatically assigns a valid IP address to any TCP/IP device it finds on the network. Once the configuration has been completed, just reset the router to activate your new settings.
With the router now properly configured, we now need to make sure that both computers are set to Obtain an IP address automatically. This is what allows the PC to accept the IP address the router is offering. To do this, just open the Control Panel and select Network Connections. Now right-click on your network adapter, select Properties and double-click on the item Internet Protocol (TCP/IP). If it isn't already selected, enable the Obtain an IP address automatically option and press OK. Other then perhaps a reboot, this should be all that is needed to get these PCs online.
One last thought, don't fuss with the Network Setup Wizard again. In my opinion, it has a tendency to make things unnecessarily complicated and in my experience, really isn't needed. Hope this helped!
Q. We are using a DSL line in our office for Internet conductivity. The DSL line is connected to a Windows XP PC running Internet Connection Firewall. Recently, we decided that we would like to have access to the network from outside the office. So we setup a Virtual Private Network (VPN) connection using a Point-to-Point Tunneling Protocol (PPTP) server.
The VPN appears to be configured correctly, but we can't seem to gain access to the network. I tired disabling ICF and to my surprise I discovered that the VPN server was now accessible. This leads me to believe that there is an incompatibility between our PPTP server and Windows XP. I don't feel comfortable having an open Internet connection without a firewall, but it's important that we have access to the VPN. Do you have any suggestions as to what I should do next? Any help would be appreciated. Thanks!
A. I agree that having an open Internet connection to your network is just asking for trouble. As you correctly assessed, the problem is being caused by the Internet Connection Firewall (ICF). The problem isn't because of an incompatibility with the PPTP server, but because as of this moment ICF is configured to block the traffic that is trying to get onto the network over the PPTP ports.
As you are aware, the role of the firewall is to protect your network from unauthorized access. To do this, the firewall monitors all traffic coming into your network. All Internet traffic is based on the TCP/IP protocol. TCP traffic travels through your network on ports. Different services travel along different ports. For example, standard Internet traffic or HTTP uses port 80, FTP uses port 21 and Telnet uses port 23. These ports have been predefined in ICF to allow this traffic to safely pass into the network. This type of configuration is typically referred to as a Rule.
As with those other servers, if you have a PPTP server on your internal network that you would like to be able to access from outside of your network, you'll have to open the ports in ICF to pass VPN traffic onto the PPTP server. This can be easily accomplished by adding a Service to the ICS Services List. The Services List contains information on the service type, the related TCP or UCP ports and the IP address of the host system.
To successfully configure ICS to pass PPTP traffic, you first need to know which ports the traffic is going to be passed on. A typical PPTP connection is composed of two types of traffic. The first is PPTP traffic, which uses TCP port 1723, and is used to establish and maintain the connection. The second is Generic Route Encapsulation or GRE which uses port 47 and is used to encapsulate the actual data that is passed between the two endpoints. If you where using IPSec as opposed to PPTP, then the port numbers would change to 500, 50 and 51. A detailed article on this along with step-by-step instructions can be found in the Microsoft Knowledge Base here.
Use our feedback form to submit your questions on home or SOHO networking issues. We cannot guarantee to answer every question we get, but we’ll consider them all.
|Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums|