Using a computer with 2 nics as a router/connection sharing

I want to get my tivo permanently put on the internet, but I ideally don’t want the hassle of an actual router unit. I have 2 NICs on the PC - and I should probably remember how to do this, but I don’t - if I set it up correctly, I can have requests from one device route through one NIC, through the computer, to the other NIC that has internet access, and therefore have both devices have internet access without a dedicated router (the computer acts as a minimally functional router).

Is there an easy method to do this? A piece of software that sets up the routing tables or NAT if that’s required? If not, how would I go about doing it myself? Manually setting the second NICs routing table to point basically all traffic though the first NIC? Would that even work, or would the cable modem reject the second NICs IP because I’m limited to one IP per modem?

It sounds like what you want is Windows’ Internet Connection Sharing.

I was going to suggest just bridging the connections - this causes the computer to behave as a switch or hub, but if the internet connection device isn’t providing DHCP services, then that probably won’t work.

I know it can be done with a proxy server program - something like this one:
http://www.janaserver.de/start.php?lang=en
-but that might be a bit of a drain on resources.

Ah, right, ICS. Does some basic NAT IIRC. Would it recognize two nics on the same computer as being part of the same network?

I haven’t paid for any extra IPs for my cable modem service, so if it acts like a hub, I’m guessing that the second nic would request its own IP and get rejected.

IIRC ICS doesn’t provide full routing facilities, but I can’t recall the details. Really, I think you’re making work for yourself here. Just buy yourself a cable modem router. and attach both the PC and the TIVO to it. Such routers are not hard to set up - you’re not doing anything fancy.

I agree - I know you said you didn’t want the hassle, but there really isn’t any. They’re also quite cheap now. I’d say there’s actually considerably less hassle with a router/modem, because you’re not compelled to switch on the main computer when the satellite device wants a connection.

The article I found on ICS said something quite strange and disturbing about how it manages the IP addresses - I’ll see if I can find it again.

Ah… here it is:
http://www.practicallynetworked.com/sharing/xp_ics/

If that’s true, it sounds astonishingly poor - smacks of ‘magic number’ coding.

As I understand it, with the cheaper routers, you have to configure them to port forward every time you want to run a new server on the hosting computer. I don’t want to have to configure it every time I want to run a game server, or whatever. I can go with that option - but I’m trying to work out a superior, and free, option first.

It’s not “magic number” coding - 192.168.0.X is the class C ip block reserved for private network use in the IP addressing scheme. Everything else (that’s class C) can be confused with a public (internet) network.

I know about the range, the ‘magic number’ thing I’m talking about is when values that ought to be configurable are hard-coded. Given that Class C isn’t the only possibility out there, these parameters ought not to be writ in stone.

I think you’ll find that you have to do something quite like that if you use a PC as a router, or else turn off the firewall, which might not be desirable.

IIRC, some of the cheap routers have an inbuilt database of known ports for different applications and games, so adding port forwarding rules is pretty much point & click.

Hmm. That’s interesting. I hadn’t thought about that.
I use a simple application level firewall (zonealarm) and I’m not sure exactly at which stage it intercepts incoming packets. I wonder how it would treat an outbound request from a device on another NIC from ICS and the reply.

I guess I can fiddle with ICS and see if it’ll work for my purposes.

I have very little experience dealing with “dsl router” type devices - do they have some way of essentially setting them to send all data, except the return of a NAT-translated device-specific request, to one system? That way I wouldn’t have to worry about fiddling with the port controls all the time, and I could essentially just tell it to send everything to my computer except replies specifically addressed to other devices? I’m not interested in the limited security a dsl router can provide, and I’d trade that for less hassle.

Yes, they typically allow you to expose all ports to one client on the network (occasionally more than one, but usually just the one) - it’s called ‘DMZ

Or temporarily DMZ the game machine.

Alternatively, DMZ it.

As it says at the foot of that article, they may like to call it a DMZ, but if the exposed host is on the internal subnet it’s no DMZ at all.

That’s true - there’s still NAT happening, although with all ports run straight through, I’m not sure that makes a practical difference.

ETA: I see it does make a difference to the integrity of the local network (although I think my home router does isolate the DMZ host from the rest of the subnet.