Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


ICS on Win2000 Pro

Posted on 2002-07-18
Medium Priority
Last Modified: 2010-04-13
I have just installed ICS on my Win2k Pro machine.(put in another NIC. Made that one my local network. Shared the connection on the external network)  Everything works fine on the host. I am having a problem with one of my clients.(actually my only client at this time)  It is a Red Hat 7.3 Linux box.  I have it set to use DHCP.  That part seems to work fine.  It receives an IP address, usually something like  But I can't seem to get it to connect to the internet though.

From the Win2k host, I can ping the Linux client just fine.  From the Linux client, I can ping my host's real IP address(64.xxx.xxx.xxx), but not the local address of the host(

It also seems like DNS is working correctly.  I can 'ping anydomain.com' from the client, and it resolves the name to an ip address, yet it does not actually recieve any packets back.(or actually send any for all I know)  Traceroute, telnet, ftp, whois, etc. does not work either.  But nslookup, host, and dig work just fine.  That is why it seems like my dns stuff is working, but I am not sure.  I cannot connect to any websites though.  This is my big problem.

I have taken down my personal firewall on the Win2k host.  I have taken down the firewall on my linux box as well.('ipchains -F')  I cannot think of anything that would be blocking it.

I can't seem to figure out what I am doing wrong.  Do I need to share certain applications from the host that the client will use, such as port 80, tcp and upd?  I played around with these settings, but without much luck.  Any help would be appreciated.
Question by:barthalamu
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1

Expert Comment

ID: 7163501
post and 'ipconfig /all' read on both these systems for us... it sounds to me like you might have a default gateway issue on the linux...

LVL 63

Expert Comment

ID: 7163534
I agree. You normally leave the default gateway on the Win2k Server Internal LAN NIC empty, since win2k knows it should route all external traafic to the second NIC.


Yes there is. Go to Routing & Remote Access, chose to manually configure and start the service if asked.

 Open IP-Routing. Right-click on "General" and choose "New Routing Protocol". Add the "Network Address
                 Translation" (NAT) protocol. Goto the NAT protocol.
 Add your internet connection (using the contect menu) as public interface with TCP/UDP header translation
                 Add your private NIC(s) as private interfaces.
                 Goto static routes and add a route for "", mask "" with your internet gateway (if on a
                 NIC card) and a metric of 100 or so.

  This should be working now. You can change the options for the NAT and add mapped ports etc. using the  context menu.
 Routing and RAS is not a proxy, thus it does not check the requests made by name or URL. However, you  can define filters for each netowrk interface, including IP range and ports to be locked out (or to  have exclusive access).
This will allow you to define simple rules depending on the IP or IP range. You could also block port 80 and use another proxy software to do more detailed filtering, while still allowing all other traffic  to be handled by the NAT.
From: andyalder   Date: 09/04/2001 05:32AM PST
   The second screen of the RRAS connection wizard allows ICS or NAT, not both. Which did you pick???

    If you picked ICS then disable the DHCP service as ICS provides it's own DHCP agent.

     If picked NAT then ensure the DHCP service is running and had a router (03) option of your servers
               There's more to it than this but confirm whether ICS or NAT first.
  From: Kong     Date: 09/04/2001 06:26AM PST
     Hi Andy, I chose NAT on the second screen...

  Sorry about the confusion, on the first screen, I selected ICS and on the second screen, I selected
               From: andyalder   Date: 09/04/2001 06:45AM PST
               Under RRAS, ip routing NAT check that the 2 interfaces properties in case you have the inside interface
               defined as the external interface (unlikely)

               On DHCP manager set the router(03) and DNS server(06) to be your server

               Under DNS manager, select the properties of the server and under the Forwarders tab enter your ISP's
               DNS server as a forwarder. If the checkbox is grayed out then under forward lookup zones delete the
               zonefile "." then action-refresh it will no longer be grayed out.

               Also ensure no win2k workstation or win98SE has accidentally setup ICS or that might assign the DHCP
               info to your clients. Easy to check with ipconfig.
 From: andyalder   Date: 09/04/2001 09:38AM PST
               I'm not sure, I always use a firewall or setup the router to filter unwanted traffic. Probably the router
               itself is performing NAT in which case no incoming ports would be forwarded to your server anyway, just
               replies to it's own packets.
How to Configure Input Filters for Services That Run  Behind Network Address Translation NAT
http://support.microsoft.com/support/kb/articles/Q254/0/18.ASP might be worth a read.

I hope this helps !

LVL 63

Accepted Solution

SysExpert earned 800 total points
ID: 7163539
Whoops, you are using win2k Pro, not server..

More info :

From: dcgames
                                                                  Date: 07/11/2001 08:09AM PST
        A) IP Forwarding cannot be enabled with a dialog box or button on Win2K PROFESSIONAL. You have to set a flag in the registry using REGEDT32.

      B) To share an internet connection, just right click on it and open it's properties. There should be
                 a tab to do it. Just check "Share this connection".  It works for dialup just fine.

  - You have to have installed Internet COnnection Sharing (ICS) as a component when you installed Win
         2K. Check in the Control Panel, Add/Remove Programs, Windows Components and make sure it's installed.

      - When you "share the connection", you also need to specify that the connection is "dial-on-demand".

       - You don't need to worry about enabling IP Forwarding if you are using the sharing the connection.
                 That's automatic.

   - The lan NIC will be changed by ICS to IP address It also installs a mini DHCP service.
      Clients then use "dynamic IP" and are assigned, etc., with gateway  But you
      can set the client's IP address statically if you prefer. Just remember it's (or higher),
          mask and gateway

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.


Author Comment

ID: 7163557
ipconfig on host machine:

Windows 2000 IP Configuration

        Host Name . . . . . . . . . . . . : win2k1
        Primary DNS Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Broadcast
        IP Routing Enabled. . . . . . . . : Yes
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : sd.cox.net

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Macronix MX98715 Family Fast Ethernet Adapter (ACPI)
        Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . :
        Subnet Mask . . . . . . . . . . . :
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . :

Ethernet adapter Cable Modem:

        Connection-specific DNS Suffix  . : sd.cox.net
        Description . . . . . . . . . . . : NETGEAR FA311 Fast Ethernet PCI Adap
        Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
        DHCP Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 64.xxx.xxx.27
        Subnet Mask . . . . . . . . . . . :
        Default Gateway . . . . . . . . . : 64.xxx.xxx.1
        DHCP Server . . . . . . . . . . . : 172.xxx.xxx.25
        DNS Servers . . . . . . . . . . . : 64.xxx.xxx.30
        Lease Obtained. . . . . . . . . . : Thursday, July 18, 2002 7:09:52 AM
        Lease Expires . . . . . . . . . . : Friday, July 19, 2002 7:09:52 AM

netstat -r on Linux client:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface     *        U        40 0          0 eth0       *            U        40 0          0 lo
default         UG       40 0          0 eth0

Default gateway seems to be configured right, I think.  Thanks.

Expert Comment

ID: 7163621
the gateway does, in fact, look good... however the IP on the linux seems a bit problematic... is a network address & cannot be used for a machine.  change this to and see how it goes


Expert Comment

ID: 7163628
as a add'l thought... is also questionable, as that is also a network address... if this is your "localhost" IP, it should be


Author Comment

ID: 7163637
The problem was actually a VPN client(SecureRemote) on the host machine.  ICS works when I unbind SecureRemote from both interfaces.  Thanks to both for the help.  Wish I could give points to each.
LVL 63

Expert Comment

ID: 7163715
You can !

You can put in a request to                    
to distribute the points in any manner you think is proper.
This is especially true when you think you have received good information from more than one person.

Also see  http://www.experts-exchange.com/jsp/cmtyQuestAnswer.jsp

     I hope this helps !

Expert Comment

ID: 7163904
Points reduced for split.  Eric, look for your question in this topic area.

E-E Moderator

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question