ICS on Win2000 Pro

Posted on 2002-07-18
Medium Priority
Last Modified: 2010-04-13
I have just installed ICS on my Win2k Pro machine.(put in another NIC. Made that one my local network. Shared the connection on the external network)  Everything works fine on the host. I am having a problem with one of my clients.(actually my only client at this time)  It is a Red Hat 7.3 Linux box.  I have it set to use DHCP.  That part seems to work fine.  It receives an IP address, usually something like  But I can't seem to get it to connect to the internet though.

From the Win2k host, I can ping the Linux client just fine.  From the Linux client, I can ping my host's real IP address(64.xxx.xxx.xxx), but not the local address of the host(

It also seems like DNS is working correctly.  I can 'ping anydomain.com' from the client, and it resolves the name to an ip address, yet it does not actually recieve any packets back.(or actually send any for all I know)  Traceroute, telnet, ftp, whois, etc. does not work either.  But nslookup, host, and dig work just fine.  That is why it seems like my dns stuff is working, but I am not sure.  I cannot connect to any websites though.  This is my big problem.

I have taken down my personal firewall on the Win2k host.  I have taken down the firewall on my linux box as well.('ipchains -F')  I cannot think of anything that would be blocking it.

I can't seem to figure out what I am doing wrong.  Do I need to share certain applications from the host that the client will use, such as port 80, tcp and upd?  I played around with these settings, but without much luck.  Any help would be appreciated.
Question by:barthalamu
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1

Expert Comment

ID: 7163501
post and 'ipconfig /all' read on both these systems for us... it sounds to me like you might have a default gateway issue on the linux...

LVL 63

Expert Comment

ID: 7163534
I agree. You normally leave the default gateway on the Win2k Server Internal LAN NIC empty, since win2k knows it should route all external traafic to the second NIC.


Yes there is. Go to Routing & Remote Access, chose to manually configure and start the service if asked.

 Open IP-Routing. Right-click on "General" and choose "New Routing Protocol". Add the "Network Address
                 Translation" (NAT) protocol. Goto the NAT protocol.
 Add your internet connection (using the contect menu) as public interface with TCP/UDP header translation
                 Add your private NIC(s) as private interfaces.
                 Goto static routes and add a route for "", mask "" with your internet gateway (if on a
                 NIC card) and a metric of 100 or so.

  This should be working now. You can change the options for the NAT and add mapped ports etc. using the  context menu.
 Routing and RAS is not a proxy, thus it does not check the requests made by name or URL. However, you  can define filters for each netowrk interface, including IP range and ports to be locked out (or to  have exclusive access).
This will allow you to define simple rules depending on the IP or IP range. You could also block port 80 and use another proxy software to do more detailed filtering, while still allowing all other traffic  to be handled by the NAT.
From: andyalder   Date: 09/04/2001 05:32AM PST
   The second screen of the RRAS connection wizard allows ICS or NAT, not both. Which did you pick???

    If you picked ICS then disable the DHCP service as ICS provides it's own DHCP agent.

     If picked NAT then ensure the DHCP service is running and had a router (03) option of your servers
               There's more to it than this but confirm whether ICS or NAT first.
  From: Kong     Date: 09/04/2001 06:26AM PST
     Hi Andy, I chose NAT on the second screen...

  Sorry about the confusion, on the first screen, I selected ICS and on the second screen, I selected
               From: andyalder   Date: 09/04/2001 06:45AM PST
               Under RRAS, ip routing NAT check that the 2 interfaces properties in case you have the inside interface
               defined as the external interface (unlikely)

               On DHCP manager set the router(03) and DNS server(06) to be your server

               Under DNS manager, select the properties of the server and under the Forwarders tab enter your ISP's
               DNS server as a forwarder. If the checkbox is grayed out then under forward lookup zones delete the
               zonefile "." then action-refresh it will no longer be grayed out.

               Also ensure no win2k workstation or win98SE has accidentally setup ICS or that might assign the DHCP
               info to your clients. Easy to check with ipconfig.
 From: andyalder   Date: 09/04/2001 09:38AM PST
               I'm not sure, I always use a firewall or setup the router to filter unwanted traffic. Probably the router
               itself is performing NAT in which case no incoming ports would be forwarded to your server anyway, just
               replies to it's own packets.
How to Configure Input Filters for Services That Run  Behind Network Address Translation NAT
http://support.microsoft.com/support/kb/articles/Q254/0/18.ASP might be worth a read.

I hope this helps !

LVL 63

Accepted Solution

SysExpert earned 800 total points
ID: 7163539
Whoops, you are using win2k Pro, not server..

More info :

From: dcgames
                                                                  Date: 07/11/2001 08:09AM PST
        A) IP Forwarding cannot be enabled with a dialog box or button on Win2K PROFESSIONAL. You have to set a flag in the registry using REGEDT32.

      B) To share an internet connection, just right click on it and open it's properties. There should be
                 a tab to do it. Just check "Share this connection".  It works for dialup just fine.

  - You have to have installed Internet COnnection Sharing (ICS) as a component when you installed Win
         2K. Check in the Control Panel, Add/Remove Programs, Windows Components and make sure it's installed.

      - When you "share the connection", you also need to specify that the connection is "dial-on-demand".

       - You don't need to worry about enabling IP Forwarding if you are using the sharing the connection.
                 That's automatic.

   - The lan NIC will be changed by ICS to IP address It also installs a mini DHCP service.
      Clients then use "dynamic IP" and are assigned, etc., with gateway  But you
      can set the client's IP address statically if you prefer. Just remember it's (or higher),
          mask and gateway

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more


Author Comment

ID: 7163557
ipconfig on host machine:

Windows 2000 IP Configuration

        Host Name . . . . . . . . . . . . : win2k1
        Primary DNS Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Broadcast
        IP Routing Enabled. . . . . . . . : Yes
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : sd.cox.net

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Macronix MX98715 Family Fast Ethernet Adapter (ACPI)
        Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . :
        Subnet Mask . . . . . . . . . . . :
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . :

Ethernet adapter Cable Modem:

        Connection-specific DNS Suffix  . : sd.cox.net
        Description . . . . . . . . . . . : NETGEAR FA311 Fast Ethernet PCI Adap
        Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
        DHCP Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 64.xxx.xxx.27
        Subnet Mask . . . . . . . . . . . :
        Default Gateway . . . . . . . . . : 64.xxx.xxx.1
        DHCP Server . . . . . . . . . . . : 172.xxx.xxx.25
        DNS Servers . . . . . . . . . . . : 64.xxx.xxx.30
        Lease Obtained. . . . . . . . . . : Thursday, July 18, 2002 7:09:52 AM
        Lease Expires . . . . . . . . . . : Friday, July 19, 2002 7:09:52 AM

netstat -r on Linux client:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface     *        U        40 0          0 eth0       *            U        40 0          0 lo
default         UG       40 0          0 eth0

Default gateway seems to be configured right, I think.  Thanks.

Expert Comment

ID: 7163621
the gateway does, in fact, look good... however the IP on the linux seems a bit problematic... is a network address & cannot be used for a machine.  change this to and see how it goes


Expert Comment

ID: 7163628
as a add'l thought... is also questionable, as that is also a network address... if this is your "localhost" IP, it should be


Author Comment

ID: 7163637
The problem was actually a VPN client(SecureRemote) on the host machine.  ICS works when I unbind SecureRemote from both interfaces.  Thanks to both for the help.  Wish I could give points to each.
LVL 63

Expert Comment

ID: 7163715
You can !

You can put in a request to                    
to distribute the points in any manner you think is proper.
This is especially true when you think you have received good information from more than one person.

Also see  http://www.experts-exchange.com/jsp/cmtyQuestAnswer.jsp

     I hope this helps !

Expert Comment

ID: 7163904
Points reduced for split.  Eric, look for your question in this topic area.

E-E Moderator

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question