• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 452
  • Last Modified:

ICS on Win2000 Pro

I have just installed ICS on my Win2k Pro machine.(put in another NIC. Made that one my local network. Shared the connection on the external network)  Everything works fine on the host. I am having a problem with one of my clients.(actually my only client at this time)  It is a Red Hat 7.3 Linux box.  I have it set to use DHCP.  That part seems to work fine.  It receives an IP address, usually something like  But I can't seem to get it to connect to the internet though.

From the Win2k host, I can ping the Linux client just fine.  From the Linux client, I can ping my host's real IP address(64.xxx.xxx.xxx), but not the local address of the host(

It also seems like DNS is working correctly.  I can 'ping anydomain.com' from the client, and it resolves the name to an ip address, yet it does not actually recieve any packets back.(or actually send any for all I know)  Traceroute, telnet, ftp, whois, etc. does not work either.  But nslookup, host, and dig work just fine.  That is why it seems like my dns stuff is working, but I am not sure.  I cannot connect to any websites though.  This is my big problem.

I have taken down my personal firewall on the Win2k host.  I have taken down the firewall on my linux box as well.('ipchains -F')  I cannot think of anything that would be blocking it.

I can't seem to figure out what I am doing wrong.  Do I need to share certain applications from the host that the client will use, such as port 80, tcp and upd?  I played around with these settings, but without much luck.  Any help would be appreciated.
  • 3
  • 3
  • 2
  • +1
1 Solution
post and 'ipconfig /all' read on both these systems for us... it sounds to me like you might have a default gateway issue on the linux...

I agree. You normally leave the default gateway on the Win2k Server Internal LAN NIC empty, since win2k knows it should route all external traafic to the second NIC.


Yes there is. Go to Routing & Remote Access, chose to manually configure and start the service if asked.

 Open IP-Routing. Right-click on "General" and choose "New Routing Protocol". Add the "Network Address
                 Translation" (NAT) protocol. Goto the NAT protocol.
 Add your internet connection (using the contect menu) as public interface with TCP/UDP header translation
                 Add your private NIC(s) as private interfaces.
                 Goto static routes and add a route for "", mask "" with your internet gateway (if on a
                 NIC card) and a metric of 100 or so.

  This should be working now. You can change the options for the NAT and add mapped ports etc. using the  context menu.
 Routing and RAS is not a proxy, thus it does not check the requests made by name or URL. However, you  can define filters for each netowrk interface, including IP range and ports to be locked out (or to  have exclusive access).
This will allow you to define simple rules depending on the IP or IP range. You could also block port 80 and use another proxy software to do more detailed filtering, while still allowing all other traffic  to be handled by the NAT.
From: andyalder   Date: 09/04/2001 05:32AM PST
   The second screen of the RRAS connection wizard allows ICS or NAT, not both. Which did you pick???

    If you picked ICS then disable the DHCP service as ICS provides it's own DHCP agent.

     If picked NAT then ensure the DHCP service is running and had a router (03) option of your servers
               There's more to it than this but confirm whether ICS or NAT first.
  From: Kong     Date: 09/04/2001 06:26AM PST
     Hi Andy, I chose NAT on the second screen...

  Sorry about the confusion, on the first screen, I selected ICS and on the second screen, I selected
               From: andyalder   Date: 09/04/2001 06:45AM PST
               Under RRAS, ip routing NAT check that the 2 interfaces properties in case you have the inside interface
               defined as the external interface (unlikely)

               On DHCP manager set the router(03) and DNS server(06) to be your server

               Under DNS manager, select the properties of the server and under the Forwarders tab enter your ISP's
               DNS server as a forwarder. If the checkbox is grayed out then under forward lookup zones delete the
               zonefile "." then action-refresh it will no longer be grayed out.

               Also ensure no win2k workstation or win98SE has accidentally setup ICS or that might assign the DHCP
               info to your clients. Easy to check with ipconfig.
 From: andyalder   Date: 09/04/2001 09:38AM PST
               I'm not sure, I always use a firewall or setup the router to filter unwanted traffic. Probably the router
               itself is performing NAT in which case no incoming ports would be forwarded to your server anyway, just
               replies to it's own packets.
How to Configure Input Filters for Services That Run  Behind Network Address Translation NAT
http://support.microsoft.com/support/kb/articles/Q254/0/18.ASP might be worth a read.

I hope this helps !

Whoops, you are using win2k Pro, not server..

More info :

From: dcgames
                                                                  Date: 07/11/2001 08:09AM PST
        A) IP Forwarding cannot be enabled with a dialog box or button on Win2K PROFESSIONAL. You have to set a flag in the registry using REGEDT32.

      B) To share an internet connection, just right click on it and open it's properties. There should be
                 a tab to do it. Just check "Share this connection".  It works for dialup just fine.

  - You have to have installed Internet COnnection Sharing (ICS) as a component when you installed Win
         2K. Check in the Control Panel, Add/Remove Programs, Windows Components and make sure it's installed.

      - When you "share the connection", you also need to specify that the connection is "dial-on-demand".

       - You don't need to worry about enabling IP Forwarding if you are using the sharing the connection.
                 That's automatic.

   - The lan NIC will be changed by ICS to IP address It also installs a mini DHCP service.
      Clients then use "dynamic IP" and are assigned, etc., with gateway  But you
      can set the client's IP address statically if you prefer. Just remember it's (or higher),
          mask and gateway

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

barthalamuAuthor Commented:
ipconfig on host machine:

Windows 2000 IP Configuration

        Host Name . . . . . . . . . . . . : win2k1
        Primary DNS Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Broadcast
        IP Routing Enabled. . . . . . . . : Yes
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : sd.cox.net

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Macronix MX98715 Family Fast Ethernet Adapter (ACPI)
        Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . :
        Subnet Mask . . . . . . . . . . . :
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . :

Ethernet adapter Cable Modem:

        Connection-specific DNS Suffix  . : sd.cox.net
        Description . . . . . . . . . . . : NETGEAR FA311 Fast Ethernet PCI Adap
        Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
        DHCP Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 64.xxx.xxx.27
        Subnet Mask . . . . . . . . . . . :
        Default Gateway . . . . . . . . . : 64.xxx.xxx.1
        DHCP Server . . . . . . . . . . . : 172.xxx.xxx.25
        DNS Servers . . . . . . . . . . . : 64.xxx.xxx.30
        Lease Obtained. . . . . . . . . . : Thursday, July 18, 2002 7:09:52 AM
        Lease Expires . . . . . . . . . . : Friday, July 19, 2002 7:09:52 AM

netstat -r on Linux client:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface     *        U        40 0          0 eth0       *            U        40 0          0 lo
default         UG       40 0          0 eth0

Default gateway seems to be configured right, I think.  Thanks.
the gateway does, in fact, look good... however the IP on the linux seems a bit problematic... is a network address & cannot be used for a machine.  change this to and see how it goes

as a add'l thought... is also questionable, as that is also a network address... if this is your "localhost" IP, it should be

barthalamuAuthor Commented:
The problem was actually a VPN client(SecureRemote) on the host machine.  ICS works when I unbind SecureRemote from both interfaces.  Thanks to both for the help.  Wish I could give points to each.
You can !

You can put in a request to                    
to distribute the points in any manner you think is proper.
This is especially true when you think you have received good information from more than one person.

Also see  http://www.experts-exchange.com/jsp/cmtyQuestAnswer.jsp

     I hope this helps !
Points reduced for split.  Eric, look for your question in this topic area.

E-E Moderator
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now