If you’re not in mood to read all I have to say, and want just simple plain tips, feel free to skip to the end of post. 🙂
About a month ago, I was trying to set-up ICS (Internet Connection Sharing) between my computer and my wife’s laptop.
There sure are many guides on the Net about how to set all up, and what to do or not to do. Unfortunately, many of them are contradicting each other (or sometimes even themselves, haha!).
All I needed to set up was the ICS itself, no disk/file/printer sharing. Thus, most of stuff that follows won’t be useful for anyone who needs also any other kind of sharing, except of the connection to the internet. To be precise, switching off all other kinds of sharing helped me to achieve much higher stability of service.
Original setup was, that I was simply connected to internet via ADSL modem over Ethernet card. New setup I was heading for was to be connected to modem via USB, and from Ethernet card via cross-over cable to the laptop.
I followed the simple path – using the “Network Setup Wizard” from the Control Panel->Network Connections. Many guides do not recommend this, and I fast found out why. Guide I found most useful was practicallynetworked.com guide, but many things included in it in the end made more troubles than help; see further on.
Originally, Ethernet card was used for the internet access, and now after re-wiring and reconfiguration of networks (both new Local Network, and now new – via USB – Internet Connection), Windows were refusing to operate the networks correctly, and behaved very confused. Only after I unistalled both networks (Local Network (via Ethernet card) and Internet Connection (via USB)) and installed again, including reinstallation of drivers of both Ethernet card and USB drivers for modem, Windows started to behave more normal. I.e. I was finally able to access internet again.
Unfortunately, my wife was not.
The solution of this problem came from new direction – my then firewall, ZoneAlarm Home Edition, was blocking the Local Network, simply because it was on the same hardware that was used for Internet Connection before. There is no way on Earth (or not one I was able to find) to make ZA aware of the fact, that it became a “Trusted Zone”. So, I changed to Kerio, and later to Comodo firewall. These both allow you to simply administer zones, it’s only up to you which will be more to your liking. [Kerio has switch called “This computer is ICS gateway” – that’s all you have to do; Comodo detects zones “on the fly”, so you can very easily setup trusted and internet zones]
But that was not all; soon, the internet connection started to drop here and there (ca every 2-3 hours, sometimes more often), and only disable/enable cycle on internet connection made it come back.
Look to Event Viewer showed, that each time after this IPNATHLP “Event 31008” appeared (“The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.”). The only solution to this I found was to set DNS servers manually on both computers (see tips on end for more details).
This moved the network fall-outs to like twice a day, which still is a pain in the a**, and I started to ask what do I really need – fast look into Properties showed, that there are quite a few protocols active, most of which I didn’t need at all!
So, the last step was to disable all protocols I didn’t need – which turned out to be all of them except of TCP/IP (and VMWare Bridge Protocol on the internet connection, to allow virtual machines access internet).
To cut my talk short, here are the promised tips:
- Feel free to reinstall networks (including drivers for all stuff involved – Ethernet card, USB modem, etc.). It sometimes saves lots of time.
- Don’t use ZoneAlarm Home Edition if you’re changing function of any hardware involved (e.g. if you’re now using Ethernet card for LAN access, while before ICS it was used for internet access); I’d recommend Kerio or Comodo firewalls (more on this read above).
- On ICS host (computer that is connected to internet directly), set DNS server manually to your provider’s DNS — for Internet Connection go to Properties->TCP/IP Properties->”Use the following DNS server addresses” and type them in manually, instead of “automatically”. The same do on the ICS client – instead of the pre-set “192.168.0.1” type in manually provider’s DNS servers. For both then on the same page click “Advanced” and go to DNS tab, and make sure “Register this connection’s addresses in DNS” is UNchecked. This should help to minimize Event 31008.
- Under ICS client’s Internet Connection Properties, go to Advanced tab, under Windows Firewall click Settings, go to Advanced tab, and make sure ALL connections under “Network Connection Settings” are UNchecked.
- Under ICS client’s Internet Connection Properties, and ICS host’s both Internet and Local Area Connection Properties, under General tab, UNcheck as many items in “This connection uses following items” as possible (if possible, uncheck all but TCP/IP; exception is e.g. “VMWare Bridge Protocol” for internet connection, that has to be checked to allow virtual machines to connect via NAT).