"Steve Winograd [MVP]" wrote:

> In article <3A85409F-AD08-4B44-82D2-84C4D2AC9***@microsoft.com>,
> Vilius <Vil***@discussions.microsoft.com> wrote:
> >Hello,
> >
> >I have configured NAT on Windows XP box by enabling IPEnableRouter in
> >registry. Everything worked like a sharm. Now I want to forward some ports to
> >one host on internal network. I know that I need ICS for that. So I enabled
> >ICS and forwarded some ports and it worked too. The problem is, that just
> >after I enabled ICS, NAT doesn't work anymore. My question is how can I make
> >NAT AND ICS work together?
>
> I'd like to help, but I don't have enough information.  Please answer
> these questions, and include any other information you can think of
> that would help people understand the situation:
>
> 1. What indicates to you that ICS breaks NAT?  What are you doing that
> works when ICS isn't enabled?  What's different when you enable ICS?
> If there are error messages, what do they say?
>
> 2. How many network adapters does the Windows XP box have?  What is
> each one connected to?  What is the IP address and subnet mask of each
> one?

>"Steve Winograd [MVP]" wrote:
>> >Hello,
>> >
>> >I have configured NAT on Windows XP box by enabling IPEnableRouter in
>> >registry. Everything worked like a sharm. Now I want to forward some ports to
>> >one host on internal network. I know that I need ICS for that. So I enabled
>> >ICS and forwarded some ports and it worked too. The problem is, that just
>> >after I enabled ICS, NAT doesn't work anymore. My question is how can I make
>> >NAT AND ICS work together?
>>
>> I'd like to help, but I don't have enough information.  Please answer
>> these questions, and include any other information you can think of
>> that would help people understand the situation:
>>
>> 1. What indicates to you that ICS breaks NAT?  What are you doing that
>> works when ICS isn't enabled?  What's different when you enable ICS?
>> If there are error messages, what do they say?
>>
>> 2. How many network adapters does the Windows XP box have?  What is
>> each one connected to?  What is the IP address and subnet mask of each
>> one?
>
>OK, my network topology is as follows. I have gateway hardware box with IP
>address 10.1.1.1. I configured it to route 192.168.100.121 address through
>Windows XP box (which has IP address 10.1.1.225).
>
>Windows XP box has two network interfaces:
>First: ip 10.1.1.225, default gw 10.1.1.1, subnet 255.255.255.0
>Second: ip 192.168.100.81, subnet 255.255.255.0
>
>When I enable IPEnableRouter in windows xp box, I can ping to
>192.168.100.121 (it is a computer on a second network) from other computer on
>a network with IP addresses of 10.1.1.x (for example from 10.1.1.121). And
>thats fine.
>
>BUT, if I enabled ICS, I can't ping from 10.1.1.121 to 192.168.100.121
>anymore.
>
>> 3. Which network adapter have you told ICS to use as the Internet
>> connection?
>
>The first one with IP address 10.1.1.225
>
>> 4. Which network adapter have you told ICS to use as the home network
>> connection?  ICS automatically changes that connection's IP address to
>> 192.168.0.1, with a subnet mask of 255.255.255.0.
>
>Yeah, I know that. But after that I manually changed back second interface
>address to 192.168.100.81
>
>> I think that you and I use different terminology, and I don't want it
>> to prevent me from understanding your question.  As I see it:
>>
>> 1. The IPEnableRouter registry key enables IP forwarding in Windows
>> XP.  IP forwarding causes packets that arrive at one network interface
>> to be repeated on other network interfaces, allowing an XP computer to
>> route traffic between multiple subnets.  Is that what you mean by
>> "NAT".
>
>Yeah, I ment IP forwarding then, not NAT. So I suppose I want IP forwarding
>to work between interfaces AND I want to forward couple of ports (for example
>10.1.1.225 24868 to 192.168.100.121 4868)

"Steve Winograd [MVP]" wrote:

> 1. Go to Control Panel > Security Center > Windows Firewall.
>
> 2. Set the firewall to "On", and un-check "Don't allow exceptions".
>
> 3. Click the Exceptions tab.
>
> 4. Click "Add Port"  and define the desired incoming port..
>
> 5. Click Advanced.
>
> 6. Click the network connection that uses the first adapter and click
> Settings.
>
> 7. Click Add and create a service definition, specifying the desired
> computer name/address and port numbers.

>>>OK, my network topology is as follows. I have gateway hardware box with IP
>>>address 10.1.1.1. I configured it to route 192.168.100.121 address through
>>>Windows XP box (which has IP address 10.1.1.225).
>>>
>>>Windows XP box has two network interfaces:
>>>First: ip 10.1.1.225, default gw 10.1.1.1, subnet 255.255.255.0
>>>Second: ip 192.168.100.81, subnet 255.255.255.0
>>>
>>>When I enable IPEnableRouter in windows xp box, I can ping to
>>>192.168.100.121 (it is a computer on a second network) from other computer on
>>>a network with IP addresses of 10.1.1.x (for example from 10.1.1.121). And
>>>thats fine.
>>>
>>>BUT, if I enabled ICS, I can't ping from 10.1.1.121 to 192.168.100.121
>>>anymore.
>>>
>>>> 3. Which network adapter have you told ICS to use as the Internet
>>>> connection?
>>>
>>>The first one with IP address 10.1.1.225
>>>
>>>> 4. Which network adapter have you told ICS to use as the home network
>>>> connection?  ICS automatically changes that connection's IP address to
>>>> 192.168.0.1, with a subnet mask of 255.255.255.0.
>>>
>>>Yeah, I know that. But after that I manually changed back second interface
>>>address to 192.168.100.81
>>>
>>>> I think that you and I use different terminology, and I don't want it
>>>> to prevent me from understanding your question.  As I see it:
>>>>
>>>> 1. The IPEnableRouter registry key enables IP forwarding in Windows
>>>> XP.  IP forwarding causes packets that arrive at one network interface
>>>> to be repeated on other network interfaces, allowing an XP computer to
>>>> route traffic between multiple subnets.  Is that what you mean by
>>>> "NAT".
>>>
>>>Yeah, I ment IP forwarding then, not NAT. So I suppose I want IP forwarding
>>>to work between interfaces AND I want to forward couple of ports (for example
>>>10.1.1.225 24868 to 192.168.100.121 4868)
>>
>>You're welcome.
>>
>>You've changed the IP address range that ICS assigned to the second
>>interface.  ICS doesn't support using any range except 192.168.0.x,
>>and I've seen strange things happen when that's changed.  I don't
>>think that what you want to do is possible using ICS.  Disable ICS,
>>then make sure that IPEnableRouter is still enabled.
>>
>>I also don't think that you need to use ICS.  If I understand your
>>setup, you can create exceptions in the Windows Firewall to forward
>>the desired ports.  I haven't tried this, but here's how I think it
>>would work with the Windows Firewall enabled on the first network
>>adapter:
>>
>>1. Go to Control Panel > Security Center > Windows Firewall.
>>
>>2. Set the firewall to "On", and un-check "Don't allow exceptions".
>>
>>3. Click the Exceptions tab.
>>
>>4. Click "Add Port"  and define the desired incoming port..
>>
>>5. Click Advanced.
>>
>>6. Click the network connection that uses the first adapter and click
>>Settings.
>>
>>7. Click Add and create a service definition, specifying the desired
>>computer name/address and port numbers.
>
>I tried that before I began fidling with ICS, but it wouldn't work. In
>Advanced I get exactly the same window as in ICS, so I suppose it doesn't
>work until ICS is enabled, and I think this ->
>http://support.microsoft.com/kb/297942/en-us KB article just prooves that I
>am right.
>
>Any other thoughts are appreciated.