I m currently working on a firewall based on winpkfilter si lhmon ( great topic the one related on multiple network addapter ..helped me a lot 10x SerpentFly). I have a question : How can I diferentiate the network packets requested by the other computers in the LAN trought an internet connection sharing, from the packets intended only for the machine that handles the ICS? I want that the traffic generated trought the machine that handles the ics by the computers in the lan using the ics to pass without proccesing.
I found out that for this i have to check the packets IP’s and ports against the NAT table mapping but i don’t know how to access this table. I’ve searched the net but did not found any example to give me a starting point . Can some one help me with this problem?
First of all I don’t think that there is any documented way to access ICS table.
However, if you filter on the internal interface(LAN) you can differentiate packets destined to the external network (Internet) from the packets destined to the ICS server by their destination IP address. It is hardly possible possible on the external interface (after NAT applied), however you still can use information gathered (build your own copy of NAT table) on the internal network card.