Interesting port-forwarding problem...
Oook, so, I'm on a dialup connection at home. I am wanting to serve 2 HTTPs and 1 SSH to the outside. On my internal LAN, I have one box serving one HTTP and one SSH. The basic network topology looks somewhat like this:
The gateway is running WinXP pro SP2. The router is a D-Link di-624.
I need the gateway because it has the dialup modem. It only has the XP firewall, and I'm also using ICS on it. It also has VNC server on it, accessible from outside, which is what I'm using to configure the ICS port-forwarding settings. The router port-forwards relevant packets to the web/ssh server. The router itself is configured to be logged in from a remote location, on port 8080.
Now, here's the fun part. Any connection from a remote location, using the ICS port-forwarded ports, is not reliable at all. Sometimes it will connect quite fast, other times it won't connect at all. The VNC server on the gateway, which is only using a port opened in the firewall, connects just fine.
I used VNC to tell my gateway to go to grc.com where it could scan my IP so I could see which ports were opened. It seems that every port that I forward in the ICS port-forward settings gets stealthed instead of opened. I also have the same ports allowed thru the firewall.
I have scanned multiple times, with the firewall off, and with it on. I have changed the ports in the ICS port-forward settings. Every port that I set to forward gets stealthed, even with the firewall off. The ports that I had set before that were stealthed are now "closed".
So, either the gateway's OS is going screwy, or my ISP is actively blocking every port that I have open.