4C-1: How do I enable IP routing between a NTAS server with a PPP/SLIPconnection to the internet and the local IP subnet?
Description
This article is from the Windows NT Internet FAQ, by sscoggin@enet.net (Steve Scoggins) with numerous contributions by others.
4C-1: How do I enable IP routing between a NTAS server with a PPP/SLIPconnection to the internet and the local IP subnet?
The following is based on the information I received from several
sources, you should enable the following registry entries:
Also, make sure you enable routing on the NTAS servers on both ends of
the PPP to PPP link.
Do not use the same IP address for the local ethernet card and
the RAS PPP to PPP link. The local ethernet card should have an
IP assigned from you local subnet, and the PPP IP address should
be assigned from the Internet providers subnet you are dialing into
using RAS.
You will have to use the route command to add a static route from the NT server
to other machines on the local subnet. Use the netstat -rn
command on the NT server to confirm proper routing table entries
after you establish the RAS PPP to PPP link.
Enabling Routing of IP Packets on RAS Clients for NTAS V3.5
\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
IPEnableRouter
REG_DWORD:0x1 Enables IP routing
REG_DWORD:0x0 Disables IP routing
You must set the DisableOtherSrcPackets registry entry on RAS clients
if you want to route IP packets through that RAS client. This parameter
only affects forwarding of packets on the client side--this does not
affect the server.
Note: (I could not find this entry so I assume you must add it.)
The registry path for this entry is:
\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RasArp\Parameters
DisableOtherSrcPackets
REG_DWORD:0x1 Disable IP packets from external sources
REG_DWORD:0x0 Enable IP packets from external sources
Controls the routing of IP packets with an IP source address other than
the IP address of the RAS network adapter card.
Set to 0 packets with source address other than the IP address of the
RAS adapter will be sent.
Set to 1 packets with source address other than the IP address of the
RAS adapter will not be sent.
Default: 1
We received the following message from Carl Byington with comments
on the use of Windows NT as a TCP/IP gateway with IP routing enable.
FROM: Carl Byington
TO: Steve Scoggins
DATE: 11/9/94 11:23 AM
Re: Routing with PPP works!
Well, it does work but there are some pitfalls.
We have a class C internet network that is subnetted, and my part of
it uses the subnet mask 255.255.255.248 - that gives me 8 host
addresses, 2 of which are loopback and broadcast so I can have 6 hosts
on my subnet, although I currently have only two machines. My host
addresses are .17 and .18 and the reserved ones are .16 and .23.
The .18 machine is the secondary machine without a modem. The .17
machine is the primary machine with the modem and another IP address
for the RAS link.
The RAS link uses IP addresses .9 (the Unix end) and .10 (my end).
Note that this puts the RAS link on a different network than my local
ethernet.
I have
SYSTEM/CurrentControlSet/Services/RasArp/Parameters/DisableOtherSrcPackets
set to 0 (I had to create this entry).
I have
SYSTEM/CurrentControlSet/Services/Tcpip/Parameters/IPEnableRouter set
to 1.
The configuration for .18 is
default gateway = .17
dns server address = .130
The configuration for .17 is
default gateway = .17
dns = none
The RAS configuration on .17 is
require specific IP address = .10
dns server address = .130
use default gateway on remote network
With that configuration, if I just boot .17, I can ping .18 but not
.130 since we are not connected yet. After bringing up the RAS link,
I can ping .130 and the rest of the world. HOWEVER, we are not done
yet. Attempts to ping from .17 to .18 cause NT to die with the blue
screen. This is on the 807 debug build from MSDNII.
So we reboot .17 and this time set a static route to .18 with
'route add x.x.x.18 x.x.x.17' reconnect the RAS link and everything
works like a charm. Both .17 and .18 can ping the world thru the
RAS link, and both can run Mosaic. WHEE!!
It seems that the 'use default gateway on remote network' setting in
the RAS tcp/ip dialog overrides all the local routing unless you have
static routes set. If the local network had a lot of machines, that
would be a real pain. In my case, I can just have the startup group
run a single route add command.
The other problem is that the route add does not work unless you are
logged in with administrator privileges, and it does not stick around
between reboots. Therefore, after every reboot, you need to log in as
administrator and reset the local static routes. If you fail to do
this, then bringing up the ras link and pinging local machines kills
your machine. Oh well, at least the consequences are severe enough
that the training time is fairly small.
Thank you very much for all your help with this!
Continue to:
My Books
