In the some cases NAT via TCP/IP stack does not works because other Firewall, Packets filter or NAT software installed on the same machine. This other software can drop NAT-ed by NetCom packets.

In this case possible to make NAT manually/directly (not via Windows TCP/IP stack) - NetCom does not send packets to stack. These packets redirected to NIC directly and not visible to stack, like you can see in diagram:

       For example you'r network topology and configuration equal to represented on the next diagram:

If you want to allow access to the Intenet for workstations with addresses 192.168.0.12 and 192.168.0.14, do the following:

1. ALLOW ALL

Create rule to allow all network traffic from all to all (it must be always last item in rules list):

Packet action equal to Allow

2. DENY EXTERNAL

Create rule with denied access for all from internal to external network (it must be always pre-last item in rules list):

Packet action equal to Deny

Protocols equal to Any IP

Source IP NOT in range 192.168.0.0 - 192.168.0.255

Destination IP in range 192.168.0.0 - 192.168.0.255

3. ALLOW BROADCASTS

Create rule with allowed IP broadcasts (it must be always first item in rules list):

Packet action equal to Allow

Protocols equal to Any IP

Destination IP equal to 255.255.255.255

4. 192.168.0.12

Create rule with allowed access for 192.168.0.12 from internal to external network:

Protocols equal to Any IP

Source IP equal to 192.168.0.12

Destination IP NOT in range 192.168.0.0 - 192.168.0.255

Packet action equal to Allow

Add data to NAT table enabled

Replace source MAC address with MAC address of you'r external inteface

Replace destination MAC address with MAC address of you'r gateway

(Note: you can detect these MAC addresses with "arp -a" and "route print" windows commands)

Replace source IP with you'r external IP (207.46.130.108)

Redirect to external interface

5. 192.168.0.14

Create rule with allowed access for 192.168.0.14 from internal to external network:

Protocols equal to Any IP

Source IP equal to 192.168.0.14

Destination IP NOT in range 192.168.0.0 - 192.168.0.255

Packet action equal to Allow

Add data to NAT table enabled

Replace source MAC address with MAC address of you'r external inteface

Replace destination MAC address with MAC address of you'r gateway

(Note: you can detect these MAC addresses with "arp -a" and "route print" windows commands)

Replace source IP with you'r external IP (207.46.130.108)

Redirect to external interface

6. CHANGE RULES ORDER

You must change order of rules to this:

1. ALLOW BROADCASTS - needed for normal network work;

2. 192.168.0.12 - allow access to Internet;

3. 192.168.0.14 - allow access to Internet;

4. DENY EXTERNAL - deny other external traffic;

5. ALLOW ALL - needed for normal work of Internet connection and local network.

7. ENABLE FILTERING