Cry How To...
Set up IP Forwarding
The successful implementation of IP forwarding enables one workstation to sit on two LANs and to act as a gateway forwarding IP packets from one LAN to another. IP forwarding is also referred to as ‘bridging’ networks.
Requirements:
- At least two network cards installed in the workstation or server.
- Each network card to be connected to a different LAN
To set-up:
On the ‘gateway’ PC:
- Ensure that a correct IP address is specified for each network card and that the IP address is static and not allocated from a DHCP server.
- Enabled IP forwarding:
On Windows XP:
- Open ‘Control Panel’
- Double click on ‘Network Connections’ to open it.
- Select/highlight the two network connections to ‘bridge’.
- Right click and select ‘Bridge Connections’.
On Windows NT:
- Open ‘Control Panel’
- Double click on ‘Network’.
- Click the ‘Protocols’ tab.
- Double click on ‘TCP/IP Protocol’.
- Click the ‘Routing’ tab.
- Tick ‘Enable IP Forwarding’
On the workstations that will use the gateway, the workstation must be set-up to use the gateway:
- Open a command/DOS session.
- Type:
Route add -p <sub-net-address> mask <subnet-mask> <IP-address-of-gateway>
Or
Route add -p <sub-net-address> mask <subnet-mask> <name-of-gateway>
For example, if the remote subnet address is 192.0.0.x with a mask of 255.255.255.0, and the address of the gateway on the local LAN is 10.1.137.1, then the route command would be:
Route –p add 192.0.0.0 mask 255.255.255.0 10.1.137.1
or this could be expressed using the name of the gateway thus:
Route –p add 192.0.0.0 mask 255.255.255.0 GatePC
The ‘-p’ flag makes the route permanent across reboots. By default route changes are lost when the workstation is rebooted.
Instead of specifying the IP address of the gateway, the name of the gateway can be specified.
You will need to be logged in as a local administrator of the workstation to do this.
Workstations that will use the gateway will not know the IP addresses of the ‘remote’ workstations. These must be defined explicitly:
- Edit or create the file ‘
C:\WINNT\System32\drivers\etc\lmhosts.sam
’ with a text editor (such asnotepad
). - Add a line at the end of the file of the following form for each
‘remote’ workstation that this workstation needs to talk to:
<remote-IP-address> <computer-name>
For example, if the remote computer were called ‘portable_brain’ and its IP address on the remote network were ‘10.1.128.29’ then the following should be appended to the lmhosts file:
10.1.128.29 portable_brain
As a rule each computer listed in the lmhosts file should have a reciprocal entry in its lmhosts file.
- Open ‘Control Panel’
- Double click on ‘Network’.
- Click the ‘Protocols’ tab.
- Double click on ‘TCP/IP Protocol’.
- Click the ‘WINS addresses’ tab.
- Tick ‘Enable LMHOSTS lookup’
- Click ‘[Import LMHOSTS…]’
- Open the file ‘
C:\WINNT\System32\drivers\etc\lmhosts.sam
’
Note:
- If the name specified in the LMHOSTS file is different from the real host-name then communications will still be possible but it will not be possible to mount shared drives.
These notes have been tested with Windows NT4, W2K and XP Workstation.
About the author: Brian Cryer is a dedicated software developer and webmaster. For his day job he develops websites and desktop applications as well as providing IT services. He moonlights as a technical author and consultant.