My internet connection, that is.

Until I complete the move from California, and bring my Linux firewall and wireless router to Florida, I need to set up a quick'n'dirty router and port forwarder for the network here. I had a spare switch, so I just went out and picked up a second NIC for my main Windoze 2000 machine. The instructions for sharing the internet connection are seemingly simple, but they don't seem to work. I've got the new network set up in DHCP mode, and the machines are talking to each other, but I can't see the internet from the client (i.e., pinging a known IP address times out, though I can do internal network pings). I tried turning off the Zone Alarm firewall for the LAN, but it didn't seem to help. I'm obviously posting this from the machine with the working connection.

Anyone have any ideas?

[Update on Thursday morning]

OK, when I do ipconfig on the host machine, I get this:

***************************************
Windows 2000 IP Configuration

Ethernet adapter Interglobal LAN:

Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :

Ethernet adapter AT&T DSL Connection:

Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 67.101.124.115
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 67.101.124.115

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Autoconfiguration IP Address. . . : 169.254.163.94
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :

*******************************************

Note that "Local Area Connection 2" is the physical ethernet connection for the DSL (called here AT&T DSL Connection")

netstat -n yields:

*******************************************

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:445 127.0.0.1:3093 ESTABLISHED
TCP 127.0.0.1:3093 127.0.0.1:445 ESTABLISHED

*******************************************

I'm having trouble talking to client machines right now--the LAN seems to be flaky. I can ping client from host, but I can't ping host from client. More when I get one of more of the in communication.

Why not buy a small firewall box (like this one) for $80? Is it that much more than a NIC?

Other than that, I'd check the routing tables and make sure that packets to the internal network are routed via the internal NIC. Also, what IP addresses are you using for the internal network? They'll need to either be NAT'd or allocated to you by the ISP, or the ISP won't route packets with those addresses to your ISP connected box to forward to the internal network.

Because I have one packed away somewhere, and I have two other firewalls in California (a wireless router, and a truly fascist Debian Linux box). I'm just looking for a quick, cheap temporary solution and I don't want to go out and spend that much money on redundant equipment. The NIC was fifteen bucks (and if I was in California and able to get to Fry's, it would have been five or ten bucks).

How would my ISP know that I was forwarding? I'm running NAT as part of the internet sharing scheme, and it seems to be working, since, as I said, the computers are talking to each other--it's just that the client can't see the net.

$80? The little firewall/internet sharing devices can be gotten for a heck of a lot less. Several brands (NetGear, D-link) have these boxes for as low as $50 in most stores. (or less I'm sure at Fry's)

And at that price I would consider myself penny-wise but pound-foolish to get a cheap NIC card and wrestle around with Windows networking configurations instead of the simple solution. Remember, time is money. And not having the frustration has got to be worth something as well.

I needed a new NIC anyway, because when I get my firewall here, I'm going to be upgrading it to a new MB that doesn't have ISA slots (it's currently running two ISA NICS on an old AT board). All of the how-to pages say that the configuration isn't that big a deal, and in fact it isn't--the only problem is that it just doesn't work... ;-)

You must have something going on with the host machine that ICS doesn't understand. Keep in mind this was a very simple implementation of a software router for the most low-end customers before routers started coming in cereal boxes. It goes back to the Win98SE days when broadband ISPs were still trying to charge extra for having more than one PC connected.

My last venture to Miami showed to be something of a wasteland compared to LA for computer equipment but if $20 routers are common here how much more can they be there?

I hate trying to troubleshoot blind, but I can't leave a puzzle alone.

I'd be tempted to say that the machine(s) that can't talk don't have the gateway setup correctly, but that's a WAG.

Simplify the problem set. Turn DHCP off, turn the OTHER client machines off, manually assign an IP to one client and work from there.

As well, clear the arp table and/or DNS. The hosts file is clean as well, of course ....

I can't manually assign IPs to the clients--the ICS only works in DHCP mode. As I said, the DHCP seems to be working properly--client can see host and vice versa as network computers--I just can't get internet access from the client. There's nothing in "hosts" except localhost.

Here's a question. It says to assign a fixed IP (192.168.0.1) to the host machine on its LAN connector, but it doesn't say what the gateway should be. Anyone have any ideas?

"192.168.0.1"

Generally the 1st host on your subnet is the default gateway so I wouid say it is the above.

On the gateway machine running ICS, the gateway for the LAN adapter should be BLANK. On the interface you use to connect to your ISP, if it get's it's IP via DHCP, it should also be blank.

What they call the gateway on an interface in Windows Land is what the rest of the universe calls the 'default gateway', and just like everywhere else, there should only be one per machine, not interface.

So on a windows box that's acting as a router or similar, only the external interface should have a setting for "gateway". If you set it for the LAN ethernet, when that comes up it will stomp the real gateway setting provided by your ISP when THAT interface was brought up.

Oh, and you might have your ICS interface pointing at the wrong ethernet, that's easy to get wrong too.

Also, check the DNS server setting on the clients, it should be pointed at the ICS box (192.168.0.1)

Isn't Windows fun? MS had no clue about tcp/ip when they designed the initial network settings widgets back in NT 3.51/95 days, hence the wacky gateway and dns server settings being present for ALL interfaces. It just "kind of" knows which ones to use, when. Bah.

-Check the ZA logs
-check the cable (straight/crossover) [probably isn't that, you have connectivity]
-check that you have sharing enabled on the *internet* NIC
-check that the clients are in dhcp (get ip address from server) mode
-dns should work automatically if the clients are set up right, but ZA usually blocks stuff.

I've done this before, it should work; but there's many things that can go wrong, the above is all i can think of right now.

Rand: "I can't manually assign IPs to the clients--the ICS only works in DHCP mode"

That's really lame. Which isn't helpful, sorry, but I had to say it.

We ran right up to the edge of my competence there - I've never done ICS. In truth, my 486 has been running for five years now using bootable Linux for firewall/dhcp/NAT/DNS and so forth. Same software has done duty in turn as a router for dialup, xDSL, and now RoadRunner. Which isn't helpful (again), sorry.

I'd have to concur with the opinions above - your gateway setting is dorked, somewhere. The machines are talkig fine internally, but can't leave the local subnet: gateway issue.

Could you please run "ipconfig" on the gateway machine and post the result? And also on an offending inner machine. "netstat -rn" will provide still more detail -- especially for the dual-homed machine.

Can you ping the Internet from the gateway machine? If not, forget the other machines, your problem is there.

In any event, the inside machine should have the inner NIC address of the gateway machine as its gateway. The gateway machine should have whichever gateway address the ISP provides (either fixed or via DHCP).

It's possible that the gateway machine is trying to come back into the interior network for its "internet" routing.

DNS will be another issue -- hopefully the gateway machine will proxy, otherwise your inside machine(s) won't have the DHCP-provided ISP DNS address.

Mr. Simberg;

Your ISP wouldn't know you were sharing, which means it wouldn't know to send packets with the other IP addresses to your forwarding machines.

As for DHCP, it's not working on your Local Connection 2. That address is the hardwired default you get if the adapter can't get a DHCP address. Also, why do you have three connection configurations for a machine with only two network cards? Is LC2 your DSL connection or is the one labeled "AT&T DSL Connection"?

P.S. It's OK to not have a default gateway on teh local net NIC because everything is on the same wire.

Local Connection 2 is the ethernet adaptor that the DSL is coming into. So the three are the two physical adaptors, and the virtual DSL one which is physically on first one. DHCP is working fine on the one called "Interglobal LAN" but I still can't get an internet connection from a client. I'm not seeing any blocking events by Zone Alarm, either.