Monday, August 11, 2008

Natting service with windows xp

Follow these steps to have your Windows XP to work as a NAT but without the restrictions of ICS (Internet Connection Sharing)

Requirements:

  1. To have two network cards:
    1. NIC1: One connected to the internal network (any network not only 192.168.1.0).
    2. NIC2: The other one connected to the Internet (or other network you want to connect to)
  2. To have administrative access to stop/start some services.

Steps:

  1. Disable ICS on both NICs.
    1. Right-click on NIC -> Properties -> Advanced. Make sure Allow other network users to connect through this computer’s Internet connection is unchecked.
  2. Enable Routing and Remote Access Service.
    1. Control Panel -> Administrative Tools -> Services. Enable Routing and Remote Access
  3. Disable Firewall/ICS Service (which might take precedence over step 1)
    1. Control Panel -> Administrative Tools -> Services. Disable Windows Firewall/Internet Connection Sharing (ICS)
  4. Configure the NICs:
    1. Only 1 should have a gateway (In my example is NIC2). Disable the gateway on the other NIC (NIC1)
    2. Add the NAT configuration.
      - You still need to find out the name of your network cards. Here are presenting them as NIC1 and NIC2. In reality they could be something like “Local Area Connection”
      type the command netsh

      pushd routing ip nat
      uninstall
      install
      set global tcptimeoutmins=1440 udptimeoutmins=1 loglevel=ERROR
      add interface name="NIC2" mode=FULL
      add interface name="NIC1" mode=PRIVATE
      popd

And that’s it!. Your users on the private network can go to the internet using NAT, just make sure they can route their packets through this configured PC.

No comments: