because almost every consumer firewall box (netgear, DLink etc) in the last 5-7 years included NAT. In fact some cheap firewall boxes still rely on NAT as their sole “firewall” method. Any good modern firewall box will now include packet filtering/blocking rules as well — and the best use stateful packet filtering (matching opening of inbound ports to outbound requests from machines inside the firewall).

Thus Server 2003 is not likely needed for NAT, unless you are relying on the firewall features touted by DSL or cable modem (usually not actually very good) or using older low-end commercial routers. Commercial equipment especially Cisco be much more expensive and offers the option to reduce costs by breaking into very bare minimum features.

Doing NAT is great but only for the machines behind the 2k3 server. The outside interface of your server is still exposed if you are not using a firewall.

http://support.microsoft.com/?kbid=324286

(I’d still consider getting an external firewall box rather than use your server. One less item to cause trouble and workload on the server.)

But you can still have routing problems on your server because it is multihomed (Internet side network connection and workstation side network connection). The Internet side may be USB or other type but it is still a network connection. Basically misconfigured multihomed servers can get confused about which connection to use when sending out responses. Just because the workstation requested Internet (or files!) using the workstation side connection doesn’t mean its response will properly return via the workstation side connection. If it doesn’t the server reply is lost.
This misconfiguration occurs in the routing tables. Unfortunately if you make a network configuration error then correct it (or just change your network config) — the routing tables don’t necessary folling in multihomed situations.

Unfortunately vaguely related to how and why ICS does what it does. Mainly noticed via the chosen IP network range.
http://support.microsoft.com/kb/220874/en-us AIPAP

For a small workgroup you are much better off to buy a $50 firewall box from BestBuy (or similar) and configure it for DHCP. I’d stick with NetGear or DLink boxes (Linksys sometimes sucks). The firewall box will let you play with Internet without endangering your server. If you have Internet problems you won’t need to touch your server while working on that problem — business continues. If the server is down you can still reach the Internet for technical information, etc. Plus ISPs occasionally change their DNS servers IPs. A firewall box will automatically distribute the new DNS server info to all workstations. Well cheaper boxes might need to be rebooted themselves. But new and slightly more expensive ones won’t and they can have all sorts of neat features like site blocking by list (stop ads/porn by subscriber list or manual entry). In the long run you may want to look at an old computer plus IPCOP.org freeware.

But in any case you really don’t sound like you know enough configuration and security to be attaching the Internet directly to your 2003 server — which probably has lots of important stuff on it you don’t wnat to lose.