Real NAT on Windows XP
Follow these steps to have your Windows XP to work as a NAT but without the restrictions of ICS (Internet Connection Sharing)
Requirements:
- To have two network cards:
- NIC1: One connected to the internal network (any network not only 192.168.1.0).
- NIC2: The other one connected to the Internet (or other network you want to connect to)
- To have administrative access to stop/start some services.
Steps:
- Disable ICS on both NICs.
- Right-click on NIC -> Properties -> Advanced. Make sure Allow other network users to connect through this computer’s Internet connection is unchecked.
- Enable Routing and Remote Access Service.
- Control Panel -> Administrative Tools -> Services. Enable Routing and Remote Access
- Disable Firewall/ICS Service (which might take precedence over step 1)
- Control Panel -> Administrative Tools -> Services. Disable Windows Firewall/Internet Connection Sharing (ICS)
- Configure the NICs:
- Only 1 should have a gateway (In my example is NIC2). Disable the gateway on the other NIC (NIC1)
- Add the NAT configuration.
– You still need to find out the name of your network cards. Here are presenting them as NIC1 and NIC2. In reality they could be something like “Local Area Connection”
type the command netsh
pushd routing ip nat
uninstall
install
set global tcptimeoutmins=1440 udptimeoutmins=1 loglevel=ERROR
add interface name="NIC2" mode=FULL
add interface name="NIC1" mode=PRIVATE
popd
And that’s it!. Your users on the private network can go to the internet using NAT, just make sure they can route their packets through this configured PC.
Enjoy.
Nano.
Note1: This solution was compiled from various sources that were providing me hints about the full solution, but none of them provided all the steps.
Note2: I am pretty sure the steps can be changed, but I have not tried other ways and this one worked for me 🙂
Thank you for reading this post. You can now Read Comments (18) or Leave A Trackback.
Post Info
This entry was posted on Tuesday, July 15th, 2008 and is filed under Networking, Windows.You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.
Previous Post: New home for this package »
Next Post: Kohana[v2.3]: AUTH, A2 & ACL »
Latest Posts:
- How to connect to Mysql using SSH in Windows
- Announcing a new PHP DICOM toolkit: Nanodicom
- Nuevo Portal LoteriaFutbol.com: La Polla del Mundial Sudáfrica 2010.
- Kohana 3: AUTH, A2 & ACL
- Kohana[v2.3]: AUTH, A2 & ACL
- Real NAT on Windows XP
- New home for this package
- File_DICOM.php update
- The unofficial File_DICOM.php v 0.3
- DICOM php
August 5th, 2008 17:17
thanks for posting this up!
January 7th, 2009 10:56
I’ve really appreciate your post! Extremely helpful.
Thanks again
January 21st, 2009 08:27
some steps can be done from the command line:
::# stop “Windows Firewall/Internet Connection Sharing (ICS)” service
sc stop SharedAccess
::# enable “Routing and Remote Access” service
sc config RemoteAccess start= auto
::# start “Routing and Remote Access” service
sc start RemoteAccess
missing end of line (at least with my web browser):
set global tcptimeoutmins=1440 udptimeoutmins=1 loglevel=ERROR
January 21st, 2009 09:02
You can use NETSH to apply the whole NAT configuration simply by importing a file.
netsh -f NATcfg.txt
NATcfg.txt
[code]
# ———————————-
# NAT configuration
# ———————————-
pushd routing ip nat
uninstall
install
set global tcptimeoutmins=1440 udptimeoutmins=1 loglevel=ERROR
#
#NAT Configuration For Interface Local Area Connection
#
add interface name=”NIC2″ mode=FULL
#
#NAT Configuration For Interface Local Area Connection 2
#
add interface name=”NIC1″ mode=PRIVATE
popd
[/code]
[Nano]: Thank you for your comments
February 3rd, 2009 14:02
Does anyone know if you can use netsh to static NAT? … based on the commands (addressmapping) it would appear so. Among many attempts, here is the current set-up:
install
add interface name=”Local Area Connection 2″ mode=FULL
add addressrange name=”Local Area Connection 2″ start=10.87.1.10 end=10.87.1.100 mask=255.255.255.0
add addressmapping name=”Local Area Connection 2″ public=10.87.1.10 private=106.40.4.10 inboundsessions=enable
with the intention that a packet inbound to this interface with a destIP=10.87.1.10 be NAT’d to 106.40.4.10. However, it does not do anything! Simply routes the packet as if NAT is not defined. Thanks.
March 22nd, 2009 02:53
Your tutorial is just awesome.
I am just worried in one place –
The Server left without any firewall.
Can we do anything to secure the Server a little bit more ?
[Response] Interesting question. I will guess that you will have to play directly with the routing rules and filters. I will guess that the firewall at the very end does that, converts the selections from the GUI into rules on the routing commands. Good luck on that.
May 2nd, 2009 11:48
Thanks for the good explanation!
I have a very strange problem. I use the NAT on a windows XP laptop with wireless (internet) and wired (local) NICS like you described above. I also configure a ubuntu 8.10 client to use this laptop as router. ping works perfect, no pck loss. in firefox, google works (loading + searching) but all other websites fail to load! Also, the package managers always seems to block somewhere.
Any Ideas?
Thanks a lot…
May 31st, 2009 03:11
Thank you! This tutorial is helpful.
But now that I’ve set up my computer to be a NAT, can i make it a Port Address Translator? I mean I’ve made these settings, (FULL=”Local Area Connection”; PRIVATE=”Wireless Network Connection”), and i can ping on the internet from any host in the private network (so the level 3 config is excellent). But if I’m trying to browse the internet, or use any application, it doesn’t work. It must be a port forwarding problem. I have tried other tutorials regarding this problem, but they are ambiguous and I’m still having the same problem.
Please, help!
June 19th, 2009 09:45
[…] NAT. Nano Documet | Real NAT on Windows XP __________________ It has been said that the contents of the rules sections of sendmail.cf most […]
September 3rd, 2009 13:23
(en)Thanks for tipps. I made little script collection about ICS, NAT and dial-up.
(ge)Vielen Dank fĂĽr die Tipps. Ich habe ein paar Scripts geschrieben rund um die Themen ICS, NAT und Dial-up.
Enjoy X-INetConnect 2.0 -> http://x-event.designo.ch/init/?q=ge/node/392
Kind regard, steve
October 22nd, 2009 11:05
Thanks for the explanation.
When I type command “set global tcptimeoutmins=1440 udptimeoutmins=1 loglevel=ERROR”
^ The following command was not found,
What should I?
October 23rd, 2009 05:56
i have some problem after doing that. my network connection always disapear when starting up windows
May 8th, 2010 08:00
Response to Chris February 3rd, 2009 14:02.
You will need to add portmapping also
June 11th, 2010 02:35
Thanks for the guide.
I am looking for a solutions for doing this on a ppp interface. I tried giving the name of the ppp (pppoe/dsl) connection as the value for parameter name, but yielded an “interface not present” message.
Apparently only physical interfaces are supported? But as the ics can work with ppp interfaces it should be possible to configure this somehow, i’d guess.
September 19th, 2010 16:56
[…] http://www.nanodocumet.com/?p=14 […]
October 12th, 2010 01:32
Thank you for this very helpful tutorial.
January 9th, 2012 03:30
[…] on this feature or the numerous third-party walkthroughs on “NAT with Windows RAS” like this one which you’ll find by querying the search engine of your […]
February 23rd, 2012 08:47
Routing and remote access service doesnot start. Err code : 711…..Kindly help