How to configure Internet Connection Sharing Port Forwarding


I tried to configure the CIS firewall to allow port forwarding but I failed.

What I want to do is forward ports 80, 443, 2200 of the internet interface (the interface that does the internet sharing) to (an internal machine) ports 80, 443, 22 respectively.

The ports forwarding is configured in the internet sharing dialogs and the forwarding worked fine before I installed Comodo.

I found that the “Windows Operating System” process is getting blocked and might have to do sth with it so I tried to allow it (fully) but it didn’t work :frowning:

Any suggestions are appreciated.

Try this:
Firewall–Stealth Port Wizard then check second option Alert me to incoming connection and press Next!
Now every time press Allow on pop ups when CIS ask for ports!

Did not work - did not ask me for the ports :frowning:

He will when you start your ports!

The WOS blocks you see simply means there is no program listening. Hence it gets blocked. Nothing deep.

With first version(s) of v4 I have seen CIS not alerting for incoming traffic when set like that. Not sure it got fixed; it is not a mode I usually use.

Use Stealth Ports Wizard to set for default block. Choose the third option.

Read the following tutorial I made. Substitute the port numbers and protocol for your situation.

To open the port TCP 1723 for example

First step is to determine the MAC or Physical address of you network connector. Go to Start → Run → cmd → enter → a black box will show up and enter the following → ipconfig /all (notice the space before /all) → enter → now look up the Physical address and write it down.

Notice that Physical address = MAC address

Firewall → Advanced → Network Security policy → Global Rules → Add → fill in the following:
Action: Allow
Protocol: TCP
Direction: In
Description: Incoming Port

Source address: Any
Destination Address: Choose MAC address and fill in the found MAC/Physical address
Source Port: Any
Destination Port: 1723

Then push Apply → Now make sure that the new rule is somewhere above the basic block rule(s) as the bottom (the block rules have red icons); you can drag and drop the rules → Ok.

The ports were started and I tried to access them.

@EricJH - I will try this tonight

It did not work - tried various variations, any other suggestions?

I will need some more information to see what is happening.

Can you show me a screenshot of Global Rules? They are under Firewall → Advanced → Network Security → Global Rules. Also show me the rules you made for the three ports. Show them like I did in my little tutorial.

Also a screenshot of the firewall logs of around the time there is incoming traffic for the mentioned ports.

What is the IP address of the ICS machine? Does only this machine have a firewall or do both machines have a firewall?

on sharing tab after allow sharing check box there is a [services] button at the bottom
click on that button
there u can add the services
e.g. web hosting
name = web hosting
ip address of computer who host the service
type name or ip of your web server where u want to forward

then port 80
and protocal tcp

like this you can add as many services by adding ip address of the computer on lan which host this service and port u want to forward
it is very simple and works…

do not use netsh or any 3rd party port forwarding utility .