Does ICS or Firewall have a NAT

[Descartes]

Hi All,

A friend of mine said that there's a NAT functionality built into the ICS
(or Windows Firewall) when I set up a home network and Internet sharing on a
XP Pro machine. Could you verify this?
And if it is true, is there a way to enter static mapping?

Any information on the topic would be highly appreciated.

Descartes

 

[Joe Crown]

ICS is NAT. I personally recommend getting a router to do the NAT
because ICS uses up a ton of CPU cycles & that computer has to be on
whenever you want an Internet connection.

Hi All,

A friend of mine said that there's a NAT functionality built into the ICS
(or Windows Firewall) when I set up a home network and Internet sharing on a
XP Pro machine. Could you verify this?
And if it is true, is there a way to enter static mapping?

Any information on the topic would be highly appreciated.

Descartes

--

Don't pay malware vendors - boycott Sony & Symantec for helping them

Please do not contact me directly or ask me to contact you directly for
assistance.

If your question is worth asking, it's worth posting.

If it’s not worth posting you should have done a search on
http://www.google.com/ http://www.google.com/grphp?hl=en&tab=wg&q= or
http://news.google.com/froogle?hl=en&tab=nf&ned=us&q= before wasting our
time.

If I sound hostile or arrogant you need to read the following before
posting a question "How To Ask Questions The Smart Way" at
(The site I've linked
to just has this article I think people should read before posting a
technical question.)

 

[Steve Winograd [MVP]]

Hi All,

A friend of mine said that there's a NAT functionality built into the ICS
(or Windows Firewall) when I set up a home network and Internet sharing on a
XP Pro machine. Could you verify this?
And if it is true, is there a way to enter static mapping?

Any information on the topic would be highly appreciated.

Descartes

Yes, ICS uses NAT.

What do you mean by "static mapping"? What exactly do you want to do?
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Descartes]

Yes, ICS uses NAT.

What do you mean by "static mapping"? What exactly do you want to do?
--

Well I read somewhere, that a NAT creates a mapping of an intranet computers
request out to the Internet. When a response arrives from the internet, the
NAT looks in its mapping, to which intranet computer it should forward the
response. This mapping is created dynamically and deleted when not needed
anymore. The side effect of this is that the NAT actually works as a kind of
fire wall neglecting all inbound traffic for which it does not have a
mapping. This is all OK and does not require static mapping.
But, if I would set up a server (on the intranet) to be accessible from the
Internet, the NAT would need a static (persistent) mapping to know to which
computer forward the requests coming from the Internet and addressed to the
server.
Please correct me if this doesn't make sens at all.

Best reagrds
Descartes

 

[Steve Winograd [MVP]]

Well I read somewhere, that a NAT creates a mapping of an intranet computers
request out to the Internet. When a response arrives from the internet, the
NAT looks in its mapping, to which intranet computer it should forward the
response. This mapping is created dynamically and deleted when not needed
anymore. The side effect of this is that the NAT actually works as a kind of
fire wall neglecting all inbound traffic for which it does not have a
mapping. This is all OK and does not require static mapping.
But, if I would set up a server (on the intranet) to be accessible from the
Internet, the NAT would need a static (persistent) mapping to know to which
computer forward the requests coming from the Internet and addressed to the
server.
Please correct me if this doesn't make sens at all.

Best reagrds
Descartes

Yes, that makes perfect sense. To make the static mapping, configure
the Windows Firewall to forward the desired traffic to a specific port
on a specific computer:

1. Right-click the shared Internet connection and click Properties |
Advanced.

2. Click the Settings button under Internet Connection Sharing.

3. If the desired service is listed, put a check mark in its box,
click Edit, and enter the name or IP address of the computer hosting
the service.

4. If the desired service isn't listed, click Add, define the service
and its ports, and enter the name or IP address of the computer
hosting the service.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Kerry Brown]

Well I read somewhere, that a NAT creates a mapping of an intranet
computers request out to the Internet. When a response arrives from
the internet, the NAT looks in its mapping, to which intranet
computer it should forward the response. This mapping is created
dynamically and deleted when not needed anymore. The side effect of
this is that the NAT actually works as a kind of fire wall neglecting
all inbound traffic for which it does not have a mapping. This is all
OK and does not require static mapping. But, if I would set up a server
(on the intranet) to be accessible
from the Internet, the NAT would need a static (persistent) mapping
to know to which computer forward the requests coming from the
Internet and addressed to the server.
Please correct me if this doesn't make sens at all.

Best reagrds
Descartes

Yes, ICS can do what you want. A stand alone router is a better idea for a
couple of reasons.

1) Using ICS the gateway computer is dirctly exposed to the Internet on the
public interface. A router will give all computers some level of protection
from malware. ICS will give all the other computers this level of protection
but the computer running ICS will still be exposed.

2) The computer running ICS must be on for the other computers to access the
Internet. The computer running ICS will run slower because of ICS. You may
or may not notice this depending what else the computer is used for.

Kerry

 

[Steve Winograd [MVP]]

Yes, ICS can do what you want. A stand alone router is a better idea for a
couple of reasons.

I agree that a router is usually better than ICS, Kerry. But a router
can't do the job if you're sharing a non-Ethernet Internet connection,
like a dial-up modem or a USB cable modem.

1) Using ICS the gateway computer is dirctly exposed to the Internet on the
public interface. A router will give all computers some level of protection
from malware. ICS will give all the other computers this level of protection
but the computer running ICS will still be exposed.

The ICS computer should be fine if it's running Windows Firewall.
However, a router plus firewall gives two layers of protection.

2) The computer running ICS must be on for the other computers to access the
Internet. The computer running ICS will run slower because of ICS. You may
or may not notice this depending what else the computer is used for.

I can't imagine that ICS would have a noticeable effect. A typical
broadband router has much less memory and a much slower processor than
any computer that can run XP. For example, my SMC Barricade router
has a 40 MHz CPU and less than 1MB of memory

Kerry

--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Kerry Brown]

I agree that a router is usually better than ICS, Kerry. But a router
can't do the job if you're sharing a non-Ethernet Internet connection,
like a dial-up modem or a USB cable modem.


The ICS computer should be fine if it's running Windows Firewall.
However, a router plus firewall gives two layers of protection.

Two layers is always better.

I can't imagine that ICS would have a noticeable effect. A typical
broadband router has much less memory and a much slower processor than
any computer that can run XP. For example, my SMC Barricade router
has a 40 MHz CPU and less than 1MB of memory

I have seen otherwise respectable machines have a noticable slowdown,
especially when dialing, when a some winmodems are used with ICS. As you say
normally not a problem, but it can be noticable.

Kerry

 

[Descartes]

Thank you Joe, Steve and Kerry for all your input.
I think I know now how to proceed.

Best regards
Descartes

 

[Kerry Brown]

Your welcome.

Kerry

Thank you Joe, Steve and Kerry for all your input.
I think I know now how to proceed.

Best regards
Descartes

 

[Steve Winograd [MVP]]

I have seen otherwise respectable machines have a noticable slowdown,
especially when dialing, when a some winmodems are used with ICS. As you say
normally not a problem, but it can be noticable.

Kerry

I'd say that the winmodem driver, not ICS, is slowing the machine
down.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Kerry Brown]

I'd say that the winmodem driver, not ICS, is slowing the machine
down.

You're probably right but it is something to take into consideration. Many
Dell/HP/Gateway pc's have cheap winmodems in them and are very common for
home use. Installing an external modem can often speed up a dial-up
connection and thus speed up ICS as well.

Kerry

 

[Joe Crown]

You might want to check out the following links as they show a dialup
router or more information about them. One other thing with USB 2.0 we
don't need to have a computer to make a USB connection so theoretically
someone could make their router capable of connecting to a USB modem.

http://www.tombridge.com/rta/2005/09/how_to_create_a.html

http://www.makezine.com/blog/archive/2006/01/how_to_building_an_out_of_band.html

http://www.hawkingtech.com/products/productlist.php?CatID=33&FamID=79&ProdID=85

http://www.apple.com/airportextreme/

http://www.buy.com/retail/product.a...rm=10359021&Type=PE&Category=Comp&dcaid=15889

http://www.ezlan.net/DialUp.html

http://reviews.cnet.com/5208-6142-0.html?forumID=62&threadID=29073

http://www.join.uni-muenster.de/Dokumente/drafts/draft-huitema-ipngwg-dialondemand-00.txt

O wait I also found information on a USB router two. It looks like only
one company made one & they only did one model. From looking at their
site it looks like they don't even sell it anymore.

http://practicallynetworked.com/item.asp?pid=427

http://www.draytek.co.uk/support/v2200usb_shooter.html

It looks like one was sold on eBay.

http://72.14.203.104/search?q=cache...:ebay.com+Vigor+2200&hl=en&lr=lang_en|lang_ja

The auction ended over 90 days ago so you cant view it. My point is
that you can get a router to do either of these connections. Just
remember this "All generalizations are dangerous, including this one.".

I agree that a router is usually better than ICS, Kerry. But a router
can't do the job if you're sharing a non-Ethernet Internet connection,
like a dial-up modem or a USB cable modem.

--

Don't pay malware vendors - boycott Sony & Symantec for helping them

Please do not contact me directly or ask me to contact you directly for
assistance.

If your question is worth asking, it's worth posting.

If it’s not worth posting you should have done a search on
http://www.google.com/ http://www.google.com/grphp?hl=en&tab=wg&q= or
http://news.google.com/froogle?hl=en&tab=nf&ned=us&q= before wasting our
time.

If I sound hostile or arrogant you need to read the following before
posting a question "How To Ask Questions The Smart Way" at
(The site I've linked
to just has this article I think people should read before posting a
technical question.)