Logo -Internet Security Systems

q000069
advICE :Support :KB : q000069

Running in a small home network.

This article applies to: BlackICE Defender.

SUMMARY

The product was designed to run on a client system, but it can be adjusted to work in an Internet sharing network environment (that is, run on a gateway system that all the other PCs connect through).

DETAILS

The basic configuration was tuned for a stand-alone computer system that provides no network services. Therefore, in order for it to work on a home or small business network where the program is set up to run on a network proxy (like WinGate, or MS Proxy 2, or Win 98SE ICS), you will need to do some tweaking of the configuration.

Below is an example you can use to base your own changes to the configuration.

In this scenario, I have 3 computers. One computer (named GREEN) is running Win 98SE and ICS (Internet Connection Sharing); GREEN is directly connected to the Internet using an external DSL modem. GREEN has two network interface cards; one is connected to the DSL modem, the other is connected to an Ethernet hub (the internal network). The other computers, named YELLOW and BLUE each have an Ethernet network interface card; and these cards are connected to the Ethernet hub as well.

YELLOW and BLUE shares GREEN's Internet connection through ICS. ICS assigned the IP address 192.168.0.1 to GREEN's internal network interface connection. Green's other interface has a static IP address assigned to it by the ISP (Internet Service Provider).

After installing, I immediately noticed that my internal computers--YELLOW and BLUE can no longer connect to the Internet. They only work when I set the protection level to "Trusting".

I then do the following things on GREEN to make the my setup work with the firewall:

  1. Open the file firewall.ini located in the installation directory, and add the following line in the [MANUAL UDP low... section:
    ACCEPT, 67, DHCP, 1999-07-22 20:26:53, PERPETUAL
    This line will open up UDP port 67 so that the DHCP service provided by ICS will work.
  2. Save and close firewall.ini.
  3. Click on the icon at the system tray to open the user interface.
  4. Click the shield icon at the top left corner of the window.
  5. From the menu that drops down, select "Configure BlackICE".
  6. At the Configuration dialog box, click the Trusted Addresses tab.
  7. Add the following addresses to the trusted list:
    • 192.168.0.2
    • 192.168.0.3
    • 192.168.0.4
    • 192.168.0.5

    The addresses above are the potential IP addresses of YELLOW and BLUE. Most likely YELLOW and BLUE will get assigned the IP addresses 192.168.0.2 and 192.168.0.3. Later, if I add two more computers to my internal network I don't have to do anything more.

  8. Restart YELLOW and BLUE to make sure that they receive an IP address assignment from GREEN via ICS.

From here on, I'm able to change the protection level on GREEN without blocking Internet access to YELLOW and BLUE. 

 
Keywords: ICS, Internet Sharing, Proxy 
Version:  1.8.6.7, 1.8.6.8 
Fixed:     
Modified: 1999-11-30
SEARCH
Privacy Policy |  Copyright Info