Open Kalrand opened 8 months ago
loxia01
commented
7 months ago Sorry for late answer. I will do some research if this is possible to do in PowerShell. My first impression is that it is perhaps theoretically possible, but does not seem to be an easy task to implement. If possible, it is probably best to implement in a standalone script.
Kalrand
commented
7 months ago I agree, it's not an easy task. Sadly I've been trying to automate this for some time but the method to do so has eluded me. To be frank, beyond the surface level commands, PS commandlets, or registry changes I kind of lose my way. Any insight you have would be greatly appreciated.
loxia01
commented
7 months ago I took a brief look into this. Because I'm not myself using ICS port mapping, I must first ask what your use case is. I tested on my system today and when I activate port mapping by checking one (or more) of the existing port mappings on the public shared connection (for example '1705' and/or '1706'), those will stay activated not only across reboots, but also after ICS disabling and re-enabling. This fact will make automated port mapping less useful, unless you often change between different port mappings and/or enable/disable them. But perhaps your environment resets connection settings after reboots, ICS disabling/re-enabling or other system events?
Kalrand
commented
7 months ago Thankfully no, we don't have something that comes along and changes the service port. In our case this is for a mobile cart that will connect to a central console via HTTPS for remote management. There is a desktop workstation in the cart that is on Wi-Fi and also sharing that connection, using ICS, to the ethernet for the cart. The idea was to automate as much as possible for the ICS setup, the more that's automated the less that will fail due to human error. It also would make it easier on the remediation side to run and done so to speak.
On Thu, Feb 8, 2024, 12:48 PM loxia01 @.***> wrote:
I took a brief look into this. Because I'm not myself using ICS port mapping, I must first ask what your use case is. I tested on my system today and when I activate port mapping by checking one (or more) of the existing port mappings on the public shared connection (for example '1705' and/or '1706'), those will stay activated not only across reboots, but also after ICS disabling and re-enabling. This fact will make automated port mapping less useful, unless you often change between different port mappings and/or enables/disables them. But perhaps your environment resets connection settings after reboots, ICS disabling/re-enabling or other system events?
— Reply to this email directly, view it on GitHub https://github.com/loxia01/PSInternetConnectionSharing/issues/4#issuecomment-1934641727, or unsubscribe https://github.com/notifications/unsubscribe-auth/BFABUAWDHF65THL74USRYETYSUFV5AVCNFSM6AAAAABBHAKK7WVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMZUGY2DCNZSG4 . You are receiving this because you authored the thread.Message ID: @.***>
loxia01
commented
7 months ago Ok.
As I understand after short testing and looking through some Microsoft docs, it is possible to do this in PowerShell using a similar approach as in the *-Ics functions. Adding custom port mappings is a bit more complicated, but also possible. One could for example create functions like Enable-IcsPortMapping, Disable-IcsPortMapping, and optionally Add-IcsPortMapping, Remove-IcsPortMapping for custom port mappings.
loxia01
commented
6 months ago When I get time over I will try to add this to the module. Any inputs are welcomed.
Kalrand
commented
6 months ago I really appreciate it.
On Sat, Feb 10, 2024, 7:21 PM loxia01 @.***> wrote:
When I get time over I will try to add this to the module. Any inputs are welcomed.
— Reply to this email directly, view it on GitHub https://github.com/loxia01/PSInternetConnectionSharing/issues/4#issuecomment-1937367470, or unsubscribe https://github.com/notifications/unsubscribe-auth/BFABUAQI4OOKIJSAZOU4ZY3YTAFKFAVCNFSM6AAAAABBHAKK7WVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMZXGM3DONBXGA . You are receiving this because you authored the thread.Message ID: @.***>
loxia01
commented
6 months ago I have written a test module you can download to your PSProfile module directory. It has one function at the moment, Enable-IcsPortMapping. The syntax is:
Enable-IcsPortMapping -ConnectionName <name of the shared connection> -Name <name(s) of port mapping(s)> -PassThruUnfortunately, there is no way to change the IP Address or Computer Name property for the predefined port mappings (17**) programatically, so I doubt this will work if enabling the port mappings from scratch (before having set them up manually at least once. But you can test.
Otherwise, the only solution is to add new custom port mappings to use, but then you will have to add name, port numbers, protocol and ip address/computer name by yourself for every new port mapping.
Kalrand
commented
6 months ago Setting the IP address afterwards isn't a downer. Actually if left to it's own devices, ICS will set the bridged NIC to 192.168.137.1 and subnet mask of 255.255.255.0 after being set. So at this point I think we have a good test.
On Thu, Feb 22, 2024, 10:12 PM loxia01 @.***> wrote:
I have written a test module you can download https://raw.githubusercontent.com/loxia01/IcsPortMappings/main/IcsPortMapping.psm1?token=GHSAT0AAAAAACBMEQVMYQVVX7UTAWJMFZO6ZOYBLEQ to your PSProfile module directory. It has one function at the moment, Enable-IcsPortMapping. The syntax is:
Enable-IcsPortMapping -ConnectionName
-Name <name(s) of port mapping(s)> -PassThru Unfortunately, there is no way to change the IP Address or Computer Name property for the predefined port mappings (17**) programatically, so I doubt this will work if enabling the port mappings from scratch (before having set them up manually at least once. But you can test.
Otherwise, the only solution is to add new custom port mappings to use, but then you will have to add name, port numbers, protocol and ip address/computer name by yourself for every new port mapping.
— Reply to this email directly, view it on GitHub https://github.com/loxia01/PSInternetConnectionSharing/issues/4#issuecomment-1960675010, or unsubscribe https://github.com/notifications/unsubscribe-auth/BFABUATZHUFETKQ7SWXOBGDYVACLDAVCNFSM6AAAAABBHAKK7WVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNRQGY3TKMBRGA . You are receiving this because you authored the thread.Message ID: @.***>
loxia01
commented
6 months ago ok, you can report back when you know more.
Under the Sharing tab there is a settings button. Is it possible to set the Services? For instance in our environment we use 1706 (Port 80) and 1707 (Port 443) for web traffic, without those selected we can't get data to flow.