re: Did I dud my ICS?

i found a very usefull ICS configuration tool. It allows manual control of ports open and closed by ICS. ICS Configuration Utility.

=== INTRODUCTION ===

When Microsoft released the "second edition" of Windows 98,
they included an optional component called "Internet
Connection Sharing" (ICS). ICS allows a network of users
to share a single internet connection through a process
called Network Address Translation (NAT).

ICS allows any OUTGOING connection to take place. Therefore
any client computer can surf the net, or send and receive
email. However, INCOMING connections, like those required
for a web server, are another story entirely. ICS blocks
incoming connections on all ports unless they are explicity
opened.

Unfortunately, ICS does not include any means to open or
configure port access. This program, ICSCFG, allows you to
do just that. You can open or close port access. You can
create new port mappings. You can even have ICS forward
incoming connections to any interior machine.

This program was designed for network administrators, not
average end-users. An average user of ICS will do fine with
only the default settings of that program.


=== WHAT CAN'T IT DO? ====

There are many peer-to-peer internet applications that will
just not work on all your clients simultaneously. The best
you can get, by playing with ICSCFG, is the ability to
allow ONE station at a time to use the program. This is
still better than the alternative, disabling ICS, because
your other clients can still surf the web, collect email, etc.

Many applications are just not "NAT-friendly". No matter what
you do you are still sharing a single IP address. To someone
outside your network, there is no way to distinguish between
seperate ICS clients.

Some applications embed the destination IP address inside the
data that they send and receive. The only way to continue to
use sharing software is if the NAT can "strip out" this address
and replace it with the actual interior address (192.186.0.x).
ICS has some "Translations" built into it. You will see these
listed when you run ICSCFG and examine a port mapping. If none
of these work then you're out of luck: there is currently no
way to add new translations. Hopefully they'll add this later.


=== WEB SERVERS ===

Because a web server requires incoming connections you can
only have one server on your network per port number. ie:
only one machine on your network can listen to port 80. This
one machine doesn't have to be the ICS server: simply set the
ICSCFG "Target" to the private address of the machine running
the web server program.

Remote machines will connect to the PUBLIC (exterior) IP
address of the ICS server, but your own clients will have
to connect to the PRIVATE (Interior) address of the machine
running the web server. Your shared public IP address is
the only internet address that is not accessable by your
interior machines.


=== STATIC CLIENT IP ADDRESSES ===

If you want to direct any incoming connections to an interior
machine you should ensure that your ICS clients have static
IP addresses. Otherwise, your machines will have different
addresses if you boot them up in a different order.

For each client system that needs a static IP address, simply
launch the "Network" Control Panel applet and change the
properties of the TCP/IP protocol that is bound to the network
card. Although you can use any IP address within the range
normally allocated by the ICS server (192.168.0.2 to
192.168.0.253) it is best to choose one on the high side, ie:
starting with 192.168.0.200, to avoid collisions with any
dynamically allocated clients.

Set the DNS server address to the private interior address of
the ICS server (192.168.0.1). Specify this same address as the
"Gateway".


=== FTP CLIENTS ===

You may notice an inability to use FTP client programs while
ICS is running. You can't fix this behavior with ICSCFG because
the problem stems from the odd method that this protocol picks
transfer ports. Simply configure your FTP programs to use
passive (PASV) transfers and you'll have no more problems on
any client.


=== FILE & PRINT SHARING ===

Port 139 is treated specially by ICS and may appear open even
if you try to explicity block it. Because of this it is very
important that you don't have "File & Print Sharing" bound
to any TCP/IP component. Confirm this by using the Network
applet in the Control Panel.


=== A FINAL NOTE ===

This program doesn't really do much more than you could do by
hand by editing registry settings - It's just a lot easier.
Use it as a tool to help solve some of your networking problems.
Unfortunatly I can not remember where I got it. I will gladly pass it on to anyone needing help, as it was to me one day long ago. I have my own network and have spent countless hours on 7 PCs :o)
I am now studying CCNA and CCNP as the world of networking is forever more interesting.

A general ICS warning

Not specific to the query -- a standard ICS warning though.

Removing any component on which it depends (eg trying a new network card, uninstalling and reinstalling TCP/IP) while ICS is installed will break it, and uninstalling and reinstalling ICS won't help. You need to reinstall windows or do a complex registry edit. See

Get the IP addresses right

I believe the client machine needs a dynamically assigned IP address. The Server needs a static address.

Also, on the client machine, go to Tools > Internet Options > Connections > Never dial a connection.