If you’ve been wrestling with trying to figure out how to get ICS to allow people to access servers on the ICS client machines, help has arrived!
ICS Configuration (written by Harley Acheson) is a handy utility that makes it easy to open, close and otherwise manage ports in ICS.
Version 1.5 fixes some display related problems and other bugs. See the complete list of changes below.
ICS Configuration does not work with Windows 2000!
You don’t need it to map ports since Windows 2000 has a built-in capability to map ports.
See this Microsoft On-Line documentation page for information on how to map ports in Win2000.
ICS Configuration 1.5
This program is free* and you can download it by clicking on the link below.
– Fixed problem with HOSTS file editing that wouldn’t work if the HOSTS file didn’t already exist.
– Fixed problems so that program looks good at any resolution, color-depth, and font size setting.
– Added feature that allows user to specify the Target IP manually for ICS DHCP IP ranges other than 192.168.0.X. Also changes the Target drop-down list to match the DHCP server IP range.
– Added Window animation.
– The network statistics are now organized into groups (IP, TCP, & UDP).
– Added option to save port mappings in “INF” format, instead of the native “ICS” format, so that they can be installed by users that don’t have ICSCFG installed.
– You can now set the ending value for the range of IP addresses allocated by DHCP.
– Added a handy utility for editing the ICS server’s HOSTS file.
– Added real-time TCP/IP statistics so you can watch the traffic as it occurs.
– Mappings can now be disabled and enabled while preserving the target IP address info.
– Added an “Enable/Disable” button to the main “list of mappings” window. Also added a similar option to the “In-context” popup menu. No need to “Edit” the mapping to simply change its status.
– Added ability to double-click an “ics” file, right-click for in-context choices, or drop it onto a running or non-running application icon. You can even drag a mapping FROM the mapping list TO a directory, so dragging works both ways now!
– Mapping Notes that contain a web or email link in the text it will become a live link that you can click on to launch your browser or email client.
– Added enable/disable dial-on-demand, select the dial-up connection used, and change the client hangup time.
– Added Web Resources tab to Miscellaneous window. Contains useful links to all the appropriate Microsoft Knowledge Base articles.
From the ICS Configuration “Read Me” file:
=== INTRODUCTION ===
When Microsoft released the “second edition” of Windows 98, they included an optional component called “Internet Connection Sharing” (ICS). ICS allows a network of users to share a single internet connection through a process called Network Address Translation (NAT).
ICS allows any OUTGOING connection to take place. Therefore any client computer can surf the net, or send and receive email. However, INCOMING connections, like those required for a web server, are another story entirely. ICS blocks incoming connections on all ports unless they are explicity opened.
Unfortunately, ICS does not include any means to open or configure port access. This program, ICSCFG, allows you to do just that. You can open or close port access. You can create new port mappings. You can even have ICS forward incoming connections to any interior machine.
This program was designed for network administrators, not average end-users. An average user of ICS will do fine with only the default settings of that program. This second release, version 1.2, has added the ability to import and export individual mappings. Knowledgable users can now distribute settings to less knowledgable users.
=== WHAT CAN’T IT DO? ====
There are many peer-to-peer internet applications that will just not work on all your clients simulataneously. The best you can get, by playing with ICSCFG, is the ability to allow ONE station at a time to use the program. This is still better than the alternative, disabling ICS, because your other clients can still surf the web, collect email, etc.
Many applications are just not “NAT-friendly”. No matter what you do you are still sharing a single IP address. To someone outside your network, there is no way to distinguish between seperate ICS clients.
Some applications embed the destination IP address inside the data that they send and receive. The only way to continue to use sharing software is if the NAT can “strip out” this address and replace it with the actual interior address (192.186.0.x). ICS has some “Translations” built into it. You will see these listed when you run ICSCFG and examine a port mapping. If none of these work then you’re out of luck: MS currently has no way of adding translations. Hopefully they’ll add this later.
=== WEB SERVERS ===
Because a web server requires incoming connections you can only have one server on your network per port number. ie: only one machine on your network can listen to port 80. This one machine doesn’t have to be the ICS server: simply set the ICSCFG “Target” to the private address of the machine running the web server program.
Remote machines will connect to the PUBLIC (exterior) IP address of the ICS server, but your own clients will have to connect to the PRIVATE (Interior) address of the machine running the web server. Your shared public IP address is the only internet address that is not accessable by your interior machines.
=== FTP CLIENTS ===
You may notice an inability to use FTP client programs while ICS is running. You can’t fix this behavior with ICSCFG because the problem stems from the odd method that this protocol picks transfer ports. Simply configure your FTP programs to use passive (PASV) transfers and you’ll have no more problems on any client.
=== FILE & PRINT SHARING ===
Port 139 is treated specially by ICS and may appear open even if you try to explicity block it. Because of this it is very important that you don’t have “File & Print Sharing” bound to any TCP/IP component. Confirm this by using the Network applet in the Control Panel.
=== A FINAL NOTE ===
This program doesn’t really do ANYTHING that you can’t do by hand by editing registry settings – It’s just a lot easier. Use it as a tool to help solve some of your networking problems but please DON’T email me asking for one-on-one help for your particular problem.
I probably don’t even use the same program that you’re trying to get working. I have a full-time job and a family that I’d like to spend time with when I’m not working. Therefore please direct your questions about particular internet applications to the program vendor, or consult web resources, user communities, or newsgroups.
ESPECIALLY don’t ask me any questions about “DialPad”, which only works for users in the USA. I live in Canada so I have no way of testing it.