ICS FAQ Confusion

Greetings

In the LnS FAQ Internet Connection Sharing (ICS) section it says:

On the Client PC, import the rule ICMP:ICS Client from this file ics.rie.
On the server PC, import the rule IP:ICS Server from this file ics.rie.

For Windows XP SP2 import the ruleset SharingSP2.rie.

So......Is it necessary to import all three of these rule sets or just the SharingSP2.rie ? Which rules go where? Using XPSP2 and LnS 2.06p2 on both computers here.

Thank you.

 

Hi,

Normally under XP-SP2 you just need SharingSP2.rie file.
ICMP rules were for previous versions of Windows.

Under Vista, it should work directly without importing rules.

So, if you are under XP-SP2, just use SharingSP2.rie first. If it doesn't work and you see some ICMP alerts in Look 'n' Stop log then import the other ICMP rules.

Regards,

Frederic

 

As stated by Frederic, just use the 2 rules within the SharingSP2.rie, these just allow the high ports for the ICS nat (one for DNS and the other for web etc). I did set up and check, and all worked correctly.

On the default EnhancedRulesSet, I placed the 2 rules just below the "TCP: Block incoming connections"

If you are using the SPF rules (2.06p2) for DNS, then I would suggest adding (or editing the default rule) for use with ICS. (then remove the UDP sharing rule)

 

Can you explain this a little better please? Right now using the SPF ruleset the client computer is working fine and resolving DNS apparently (meaning there are no DNS errors).

 

I was giving ref to the 2 rules placed on the Host (for ICS). One of the rules is for UDP~ DNS. I was just thinking you may be better to replace that rule with an SPF rule.

 

Yes, this is an alternative option for the DNS rule, since the SPF rule will automatically takes care of the local port value.

More explanations:
- when using ICS under XP-SP2, the local ports seen on the server are in the range 49152-65535, and the basic rules in standard rulesets are allowing 1024-5000 only, that(s why it blocks.
- SharingSP2.rie just contains 2 rules to allow the right range (for TCP and UDP DNS)
- SPF rules for DNS will allow automatically the right port

Frederic

 

Hi Frederic,

I did re-check,.. I see that the client on ICS does go through (for DNS) the SharingSP2.rie UDP rule regardless if the default UDP SPF rule is in place (I did at first think (sorry did not fully check) the default SPF rule contained the local ports used).

I find that if I disable the SharingSP2.rie UDP rule, then DNS lookups cannot be made from the client, the requests fall through to the UDP blocking rule.

I did look at this from DNS client enabled/disabled on Host, but still the same. Is this some problem with the SPF rules or routed packets or ?

 

There is actually a field to verify the local port is in the Local range (1024-5000 or 49152-65536 depending on the host windows version).

So, yes, finally just using the standard SPF DNS rule won't solve the initial issue.
To solve it, this check against the local port should be removed in the SPF rule. This is field #5 in the first rule (the one detecting the first packet).

Frederic

 

Hi Frederic,

I did look at this before posting on thread.



Please show how the user should correctly change this setting


Regards,

 

Hi Stem,

Just select NA for the criteria instead of PORT_LOCAL_IN, this will remove completely this field and the check against the local port.
Then OK and Apply (and Save if it works).

Frederic