Internet Connection Firewall

ICF and ICS

Internet Connection Firewall (ICF) is a host firewall. It is also a network firewall if configured with Internet Connection Sharing (ICS). In another word, that combination will function like a router. As with any router, an improperly configured ICF will block access to your servers.

Setting up ICF

lac-prop: Local Area Connection Properties

Open Local Area Connection

Right click, select Properties

lac-tcpip: TCP/IP Properties

Highlight TCP/IP

Click Properties

lac-auto: Setting Local Area Connection to automatic

Click Advanced

lac-icf: Enabling Windows firewall

Select (tick) Protect my computer and...

Click Settings

lac-vsrv: Setting up Windows virtual servers

If a desired protocol is listed, e.g. HTTP, select (tick) it

If not, click Add

lac-vsrv-http: Setting up Windows virtual servers

Let us try to enable the Web server. Select (tick) Webserver (HTTP).

Take note that port number and protocol have already be preset.

Key in the private IP of the web host, click OK.

lac-vsrv-login: Setting up Windows virtual servers

Athena login server:

Key in all details in Service Settings:

Description: any sensible name for your server

Name or IP: always use IP, i.e. LAN IP of host

External port: port you intend to host server

TCP or UDP: Select TCP

Internal port: port you intend to host server

Click OK.

lac-vsrv-list: Setting up Windows virtual servers

The newly created virtual server (Athena login server) is now shown

Repeat for other servers

Catch 22?

ICF must be up in order for virtual servers (forwarding) to function. This might appear to be a conflicting situation. No, it is not. A router works like a form of firewall. So, do not disable ICF if you have configured virtual servers with it. If you intend to use it as a host firewall, be very careful when you configure virtual hosts on another private IP.