Hi there, Wondering if anyone has come accross this problem that im having, i have a broadband modem connected via usb2 to my server machine running 2003 server std. in this box i have a 10/100 network card and a wireless network card. From the sever i run an ethernet cable out to a hub that is connected up to the other 4 computers in my house. I enable ICS and chose the cable network for it to be shared too thus creating my NAT. The problem is i have a laptop that i want to be able to give internet access to, so i create a normal ad-hoc connection between the server and my laptop, but you can only chose one connection to allow ICS to. so if i want to use the internet on my laptop wirelessly i have to remote desktop to the server and go from there. So is there any way to share an internet connection between two different network connections? I know what im basically trying to do here is create an very large access point but i just cant be arsed forking out for something if i can make one myself! :chk: Any help would be greatly appretiated. ~ferg~
Personally I'd do it a bit differently, since Windows doesn't make a very good router. Trust me, I'm actually certified for Microsoft ISA, their Internet Security & Accelleration server. ISA is an edge router/proxy which runs on Windows 2000/2003 Server and is meant to do exactly what you're trying to do. I really think you'd be much better off with a Unix powered router. They make for a faster & more secure network appliance, which is why Cisco's routers run a custom version of BSD Unix. I'm certainly with you on the point that you can build yourself a superior access point for little or no cost. That's why I keep pimping the free & powerful IPCop, which is Linux-based. It's basically Smoothwall on steroids. If your broadband modem either has an ethernet port or is on IPCop's hardware compatibility list, I'd really consider going that route. It'll eliminate all of the problems you're currently experiencing, and give you a lot more control over your own network. It'll also increase your network speed, decrease latency, and improve security in a big way. By the way, is that 2003 server running your file & print sharing, domain services etc, or just ICS? -AT
Using a unix box to do this is not an option to me as the computer has to be used for many other windows-based utils. At the moment it is only handling the ics, but this may change over time. Ive never used any ics devoted software, but is there any out there that might allow me to do this? Its so frustrating that you can only share an internet connection to one network device, you'd think there would be some work-around. Do you know where i may find any instructions for this ISA?
I do still have all of the original course materials for ISA. But ISA is aimed at the corperate market, and is therefore very expensive. As I said earlier though, it's not a very good solution for anybody as far as I'm concerned. There are products out there which are free of cost and actually superior, so I can't think of a single reason to recommend ISA. As a matter of fact, the ISA server class was the whole reason I tried Linux. One of the other guys in the class had a BSOD on his server during a lab exercise. He jokingly stood up and said, "That's it. I'm switching to Linux!" The instructor took him seriously, and looked as though he was going to faint! That incident made me wonder what this Linux thing was, and why it worried one of Microsoft's security advisors so much. Anyway, back on track. As far as your server and ICS are concerned, it's never a good idea to make a server and a router the same machine.The following guidelines will help keep your network running as securely and trouble-free as possible: 1) Place any servers securely behind a dedicated, firewalled router 2) Only open ports for those services which you need to make Internet accessible .......a) Only when they need to be accessible .......b) Only to whom they need to be accessible. 3) When possible, keep detailed logs on both your routers and servers .......a) Study those logs regularly .......b) Know what normal traffic looks like so you can quickly identify suspicious traffic 4) If you must run an Internet-accessible service on a server, place that server in a DMZ 5) On your servers, always give network clients the minimum possible privileges which still allows them to do their job 6) Keep all systems up to date with regularly scheduled updates, especially servers 7) Run an up to date antivirus on all Windows-based servers .......a) Run AV software on Windows clients if possible .......b) On non-Windows servers, run AV software if they will serve files or email to Windows clients 8) Use static IP addresses for servers & printers, and DHCP for clients I do recommend sticking to the above guidelines. However, if you decide that you still want to go ahead and make your Windows server the edge router, consider Kerio's Winroute or their free Personal Firewall. Unfortunately, Kerio firewall software does require quite a bit of networking knowledge to set up properly and securely. But it's probably the closest you can get to a real router on Windows.
