ICS / NAT help needed.

[Colonel Sanders]

Current Setup:

LAN (5000+ users) --> My PC --> Cable Internet.

The LAN has an ISP, but it is useless. I want to share the cable connection with 4 (and only those 4) users from the LAN. We do NOT want to loose the LAN connection.

We want to use Rogers as our default gateway, and the LAN for any remote IP address that matches 129.97.*.*

How do I need to set up my PC?

How do I set up the clients to use the LAN only for 129.97 addresses and my shared connection as default?

I am running Server 2003, the others are Windows XP (Home and Pro) and one Mac OSX

[knight_dkn]

I can't quiet seem to work out what you want to do? You say you want to share you connection with the lan and then only with 4 people?

I point you in the right direction I think but you have two major problems: 1 your address range is a public one i.e. 129.97.*.*, if you want to use Windows 2k3 ICS you'll need to use the private range 192.168.*.*. 2. You have a Mac on your network, kill it, kit it now.

[Colonel Sanders]

Yes the 129 addresses are public, but we can NOT change them.

What I was thinking for sharing the connection: VPN.

Once a client connects, it will use my default gateway right?

Note: The Mac is not mine... its the neighbour's... and if I get a chance I will kill it.

[knight_dkn]

Yes, VPN could be used to that end, but I'm still not totaly clear on what you are trying to do. Also remember that using a configuration like this will add heaps of overhead to your network traffic. As for the Mac, well, do what you can, just try not to let it get away.

[Colonel Sanders]

The LAN's ISP is garbage (1500mb/week max [up and down], if you miss a windows update: banned. Run ANY server, and you get banned [not HTTP, SQL, DHCP [for ICS/NAT], not even a game server). If you get a virus that starts scanning the network, you get banned. I0f you download anything copyrighted, you’re banned. But the real kicker is if you use any programs that are capable of downloading copyrighted material, to download legitimate stuff, banned.)

Also, the LAN has a 28 mega bit fibre optic line, which isn’t too bad.... except its split between 5000 users. I get speeds equivalent to a 14.4k modem.

I am getting Rogers Extreme (5 mega bits down, 800kb up), and want to share it with 4 other people. These other people are on the same switch as me on the LAN.

Directly connecting these PCs to each other is not an option (too far apart, too many obstacles). To share the connection, we need to route it over the existing LAN.

I hope that clears up the problem, if you have any more comments, or any other solutions, I'd appreciate it.

[knight_dkn]

Okay , now I've got it. I'm guessing your living at a university? Let me see if I can come up with a solution... this is a tough one...

Right, this might be simpler that i though, for the moment I'm going to assume that you want to be able to still talk to the othe 1500 PC's and that their all on the same subnet 129.97.*.* without any extra gatways between them. What you could do is, connect your new cable modem to your box via a second network card, share this connection with windows ICS, have each of the 4 people change their default gateway and primary DNS to your 129.97.*.* address, they should set their seconday DNS to the 129.97.*.* DNS server. This should work but it will be possible for people other than those 4 to use your connection if they change their settings too.

To do this securly your going to have to use the routing and remote access server built into windows 2003, you can access it from the Administrative Tools program list, with this you can set up a VPN server that will restrict who can connect and access your new connection. It has an inbuilt wizard that will help you configure most of the setup. I've never used it in this way so I can't tell you the exact steps for configuration but it shouldn't be too difficult to work out.