ICS there, ICS mising

Discussion in 'Windows Networking' started by david.balazic, Dec 30, 2005.

  1. I have two network interfaces. On one I have the ICS option, on the
    another (where I need it), I don't.

    Even after swapping all the TCP/IP settings between the two (just to
    see if it makes a change), the ICS option is offered again on the same
    (wrong) interface as before.

    Can anyone sched some light into this ?

    The first interface is ethernet and connects me to the internet.
    The second is ieee1394 and connects to a PC, from which I want to
    access the internet (thru the server).

    The problem is, Windows does not offer the ICS option on the ethernet

    What to do ?

    The OS is Windows 2003 Enterprise edition.

    David Balazic
    david.balazic, Dec 30, 2005
    1. Advertisements

  2. david.balazic

    Herb Martin Guest

    I think you will find that RRAS-->NAT does what you want,
    allows you to choose (multiple) external and (multiple) internal
    interfaces, and offers you far more control over the setup than
    does ICS.

    You are running a Server, use NAT rather than ICS.
    Herb Martin, Dec 31, 2005
    1. Advertisements

  3. david.balazic

    phoenix Guest

    The only option is to install ICS on the Internet connected NIC and not the
    one connected to another PC. Why would you want it on the other NIC, it
    doesn't make sense (to me, at least).


    phoenix, Jan 1, 2006
  4. The only option is to install ICS on the Internet connected NIC

    Of course. That's what I'm trying to do.
    Turn on ICS on the NIC, that connects to the internet.

    Herb, that is good idea, but since this problem also happens on
    Windows XP, I still wan to clear things up.


    PS: If someone knows a more suitable group for this subject, please say
    so. Or even maybe some other resource, like web forums etc.
    david.balazic, Jan 1, 2006
  5. david.balazic

    Herb Martin Guest

    Well, you have to be specific about the problem since we cannot
    "see" what you have -- if it is an XP problem too then something
    is clearly wrong.

    ICS should show in the Advanced tab (with ICF) IF, and ONLY IF,
    you have at least two "network interfaces".

    [ I actually don't know why it wouldn't show in Server but make
    it a point never to use ICS on that OS so wouldn't worry about it.]

    You would always wish to "share" (turn on ICS) on the external
    interface but that shouldn't prevent it showing on any interface
    since the OS cannot know (for certain) which is the external
    interface until you chose it.

    This is true whether the interfaces are real NICs or even VPNs
    and dial interfaces.
    Herb Martin, Jan 1, 2006
  6. I can not be specific.
    The problem is "ICS option is missing".

    For example, one guy had a LAN (ruter, PC1 and PC2).
    He wanted to connect a laptop over BlueTooth ("BT" from now on).
    He plugged a BT adapter into PC2 and tried to enable ICS on the LAN
    adapter in the same PC. But there was no ICS option. Funny, there was
    an ICS option on the BT adapter ...

    Then he removed the BT adapter from PC2 and put it into PC1.
    There, magically, the ICS option was available for the LAN adapter, and
    he could enable it and everything worked.

    So basically: on two almost identical setups, in one case the ICS
    option was missing.

    It is similar on my PC. I have two network interfaces, but the ICS
    option is missing on one. (the one that connects to the internet; it
    gives me the ICS option on the other interface, where it does not make

    It is a mistery... :-(

    david.balazic, Jan 1, 2006
  7. After some "dribbling" ( uncheck the TCP/IP protocol in the NIC
    properties, check it back, uncheck in the other NIC, enable NIC,
    disable NIC, reboots, etc.) the ICS option appeared where I needed it.

    Also whether the firewall is on or off does not seem to make any
    difference, inspite of what Mr. Winograd says.

    david.balazic, Jan 4, 2006
  8. In <> stated, which I commented
    I do not think IEE394 (firewire) is a valid network connection type for the
    system to offer the ICS option or as an option when configuring interfaces
    in NAT for that matter.

    As everyone said, NAT is the proper way to do it and NOT ICS on a serve. ICS
    conflicts with the DNS and DHCP service and would be very detrimental in an
    AD environment. Whether AD or not, ICS is VERY limited and cannot be
    configured past it's limited default settings and basically a simple Linksys
    router for $20 is far more configurable than ICS.


    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    If you are having difficulty in reading or finding responses to your post,
    instead of the website you are using, if I may suggest to use OEx (Outlook
    Express or any other newsreader of your choosing), and configure a newsgroup
    account, pointing to news.microsoft.com. This is a direct link into the
    Microsoft Public Newsgroups, and it is FREE and DOES NOT require a Usenet
    account with your ISP. With OEx, you can easily find your post, track
    threads, cross-post, and sort by date, poster's name, watched threads or

    Not sure how? It's easy:
    How to Configure OEx for Internet News

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft MVP - Windows Server Directory Services
    Microsoft Certified Trainer
    Assimilation Imminent. Resistance is Futile.
    Infinite Diversities in Infinite Combinations.
    Ace Fekay [MVP], Jan 4, 2006
  9. In <> stated, which I commented
    Glad you got it working and proved that you can use IEE394 for ICS.

    btw- who is Mr. Winograd??

    Ace Fekay [MVP], Jan 4, 2006
  10. david.balazic

    Herb Martin Guest

    "Ace Fekay [MVP]"
    I am pretty sure it is, Ace.

    I know for sure that I have bridge IEEE1394 (just to see if
    I could do it), and the general rule is that ANY interface is
    accessible in NAT (VPN, modem, and real NICs of course.)

    IEEE is consider a real NIC.
    Actually not to AD (directly) but it would interfere with any
    DHCP server and your DHCP clients would get the wrong
    settings which might make you THINK it interfered with AD.
    Herb Martin, Jan 4, 2006
  11. who is Mr. Winograd??

    Steve Winograd, MS-MVP

    (google will tell you the rest)

    He posted several times, that for ICS three conditions are necessary :
    - no FW on one interface (I don't remember)
    - two working TCP/IP interfaces
    - something else

    Well the first rule is obviously wrong.
    david.balazic, Jan 4, 2006
  12. david.balazic

    Herb Martin Guest

    The first rule is incomplete or misstated:

    The FW may be set on the SHARED interface, and while
    it may physically be enabled on the internal interfaces the
    ICS functions will not then work.

    So firewall on the external/shared is ok; internal is not.
    Herb Martin, Jan 5, 2006
  13. In
    I wasn't really sure. Thanks for clarifying it.
    Right, the clients would get the outer interface's DNS settings, and there's
    no way to change that or add WINS, and other Options.

    Ace Fekay [MVP], Jan 5, 2006
  14. In <> stated, which I commented
    Ok, I've heard of him, and respect his opinions.

    The first thing you posted is not true, so I agree with Herb that it's
    probably mis-quoted. The firewall would be logically on the outer interface.
    And the "something else" thing doesn't help. I'm not familiar with his
    statement of "conditions" and obviously don't want to go by what you posted,
    therefore I can't comment on them until I actually read them directly
    (either properly quoted or from one of his links).

    But as for ICS , as long as you two viable TCPIP interfaces, then there
    shouldn't be a problem. But ICS is not recommended and will conflict with
    any internal DHCP or DNS infrastructure services.

    How To Set Up Internet Connection Sharing in Windows Server 2003

    Ace Fekay [MVP], Jan 5, 2006
  15. david.balazic

    Herb Martin Guest

    "Ace Fekay [MVP]"
    I was mildly surprised when I becamse aware of this.
    No, you can (always) override those (DNS, WINS, even Default
    Gateway) on a DHCP client, BUT YES it would interfere with
    the client if it used the DEFAULT client settings.

    Many people do not realize that a DHCP client can override
    everything but IP and Mask.
    Herb Martin, Jan 5, 2006
  16. Many people do not realize that a DHCP client can override
    You can override the IP address too. I do it all the time.
    And the mask can be overridden too. (of course if it differs
    too much from the correct value, then it wont work).
    david.balazic, Jan 6, 2006
  17. Quote :

    The ICS options only appear when all of these are true:

    1. There are at least two enabled, connected network connections: one
    for the Internet, and one or more for the LAN.
    2. The Internet Connection Firewall is disabled on the LAN
    3. The Internet connection isn't bridged.
    Best Wishes,
    Steve Winograd, MS-MVP (Windows Networking)

    End quote

    Before me I have a PC with two interfaces, FW is turned ON on both.
    The ICS option is there (on both).
    Conclusion : Mr. Winograd is wrong.
    (try it yourself)

    Maybe that was true with ICF, but not with Windows Firewall.

    Quote source :
    (you can find it with google in Advanced grups search :
    http://groups.google.com/advanced_search , search by Message ID at the

    david.balazic, Jan 6, 2006
  18. david.balazic

    Herb Martin Guest

    Not for a DHCP client (see what I wrote above and see below.)

    My guess is that you MANUAL set some of the ICS machines
    so that they are NOT DHCP clients.

    Once you set the ADDRESS it is not a "DHCP client".
    Again, these are manual IP settings, not DHCP overrides.

    Once you do this you are responsible for ALL of the client
    IP settings on that NIC.
    Herb Martin, Jan 6, 2006
  19. david.balazic

    Herb Martin Guest

    This certainly was not ALWAYS true because it USED to
    be a common mistake to share the INET and (incorrectly)
    firewall the Internal LAN.

    Won't work, but it could be set this way.
    Seems an odd requirement, but notice that doing all of these
    ODD things is seldom even tried by anyone who knows what
    is going on, and some of them are KNOWN not to work so
    are never tried.
    We all make mistakes occasionally. Correct them (or me)
    when you find them.
    No. It's pretty much the same as always in functionality.
    Herb Martin, Jan 6, 2006
  20. In
    One thing I've discovered wtih ICS, which is another caveat that I do not
    like, is the mini DHCP service it has does not give out IPs in ascending
    order, but rather random. On a system with 6 machine, I've found one to be, another to be,, etc. So if one were
    to force a client wtih a static IP, than there's a chance that it may cause
    a conflict due to this.

    Another reason I hate ICS...

    Ace Fekay [MVP], Jan 6, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.