>i've also tried from an outside ip to get to the ics server (on the isp public ip) and
>forwarded port. but since the case above did not work, this case couldn't have
>worked
OK - the above statement is wrong, proceeding from a false assumption.
First, do *not* try testing this from an internal machine until you get it working for external (non-local) machines. I can't speak as to why it won't work for external (non-local) machines, but you will encounter additional difficulties testing from internal machines even after you get it working for external machines (I bet you probably *have* gotten it working off and on for external machines, but you never noticed since you're testing from a local internal machine).
I can't believe no one has brought up the typical problem of connecting to one local machine from another via external NAT...
It goes something like this (OK, *exactly* like this). Local machine A tries to talk to local machine B via a port-forward on the local firewall by using an external address [assigned to the firewall]. The external firewall address gets translated to the internal address of B, thanks to the port-forward NAT on the firewall, however the source address (machine A) remains the same. Machine B attempt to respond directly to A (since both src and dst are on the same network). However, A is expecting a response with a src of the address to which it originally connected, which is the external address on the firewall. Since A is not expecting a response with a src of B, it ignores the packet, and you never get connected.
Fix the port-forward by testing only external machines. Then, if you really need it to work from internal machines, buy an actual firewall.
Cheers,
-Jon
