Copyright 1998, EZine Publications Caveat Introduction Routing Default Gateways The Internet Gateway Setting Up NT [Back to the Tech Section] Routing For Windows NT to route from one LAN segment to another there must be at least two network interfaces on the system. An interface can be an Ethernet Network Interface Card (NIC), an ISDN interface card, an X.25 connection, a modem using RAS, or any other connection on the NT system over which network communications can be established. For NT to route from one interface to another it is important that the routing software be able to tell that they reside on different physical network segments. The software determines this by comparing the IP Addresses and Net Masks. One of the most common errors encoutered in setting up NT as a router is not properly setting the addresses and net masks. Routing software uses net masks to determine the physical segment on which a given address resides. For example, with an interface that has an address of 234.56.78.90 and a netmask of 255.255.255.0, routing software will determine that the interface resides on the physical segment 234.56.78.0. This is done by using a logical AND operation and isolating the part of the address matching that part of the mask that is all binary ones. If a packet of data comes to the router software across that interface with any address in the 234.56.78.1 through 234.56.78.254 range, the software will assume that the destination is on the same physical segment as the interface and will not route it. If you have a single network of IP, for example a single Class C network, and you need to segment your LAN into two physical segments and route through NT, then you must use sub-netting to establish that the two segments are physically seperated. For more information on sub-netting, the the article "How does IP Subnetting work?". [Top of Document] Default Gateways When setting up routing it is not only important to identify which physical segment is attached to which interface, it is also important to establish where the "rest of the world" can be found. The routing software will examine the destination address of a packet to determine where it should be sent. If it is addressed to a segment that is directly attached to the router system, then the software will route it to the interface attached to that segment. If it is addressed to a segment that falls within a specific route in the routing table, again it will be routed to the proper interface. If the destination of the packet is not specifically determined by the routing table, then the routing software will send it to the default gateway for handling. In most common NT router situations you will have one Isolated Network connected through an NT router system to a Connected Network which has another router that is in turn connected to the rest of the world (commonly the Internet). The router connected to the rest of the world is referred to as the External Router. The default gateway for all systems connected to the Isolated Network would be the interface of the NT router system that is on the Isolated Network. The default gateway of the NT router system would be the interface of the External Router that is on the Connected Network. In this way, a packet originating from a system on the Isolated Network that is addressed to a system out on the Internet will first go to the NT router. From there it will be passed to the External Router, and from there on out to the Internet. [Top of Document] The Internet Gateway To build your NT Router system as an Internet Gateway, begin by contacting your Internet Service Provider and explaining what you are trying to do. Most experienced service providers will understand what you are doing and will know the information to give you. They may be more familiar with setting up routers, or Unix servers, but the principles are the same and the setups are very similar. First request a single IP Address and Net Mask for the Internet side of your Gateway/Router system, and the address of the Default Gateway that should be used on that network. This establishes the Connected Network discussed in the Default Gateways section above. If you are conected via a leased line, the Connected Network should be just your system and the router or server at the other end of the line, and the Default Gateway will be the IP address of the router or server at the ISP end of the line. If you are simply being added to an existing LAN, then you will use an address in that network, the same net mask as the other systems on the network, and the same default gateway that is used on that net. These addresses will be used to set up your Gateway/Router system on the ISP's network and will allow it to see and communicate with the Internet. Next ask for an IP Class C Address, or sub-net of IP, routed to your Gateway/Router system's Internet side IP address. This will define the addresses you will use on your Isolated Network. Also ask for the net mask you should use on this network. Most commonly you will get a Class C network of 254 IP addresses and your net mask will be 255.255.255.0. It should be no problem for you to get these two sets of IP addresses from your ISP if you are directly connected through them to the Internet. If you are not going to host your own DNS, get the IP address of your ISPs DNS server and give your ISP the IP addresses and names of your systems. You will need an Internet Domain Name. Register it through the ISP that is hosting your DNS. The InterNIC will charge you $100 for the first 2 years to register the name. Your ISP will probably charge you to register and host it. [Top of Document] Setting Up NT Install the NT operating system and the most recent Service Pack. The service packs are generally available on the Microsoft FTP site. If you are routing a LAN, or just one inbound modem, you can get away with using just NT Workstation. To act as an ISP with multiple inbound modems on RAS you need NT Server. Go to Control Panel / Network and add both of your NIC cards, or your single NIC adapter and Remote Access Service (RAS). If you will be having modems on this system used to allow dial-in access to the Internet, see the article Building a Windows NT Internet Dial-In Server with RAS. Go to Control Panel / Network and load the TCP/IP Protocol software and related components. Connectivity Utilities and Simple TCP/IP Services can be useful. If you do not know how to administer FTP then do NOT load the FTP Server Service under NT version 3.5 or 3.51 - it could be a potential security risk if not managed correctly. Go into the TCP/IP Protocol setup ("Configure" under 3.51, "Properties" under 4.0) and select the adapter that is connected to the Connected Network. Set the IP address of this adapter to the IP address on the Connected Network. Set the net mask and default gateway to the values for that network. Configure TCP/IP to enable IP routing. If this option is grayed out this is because the TCP/IP software does not recognize that there is more than one TCP/IP interface on the system. To manually enable the IP routing, go to REGEDT32.EXE and set the following value to 0x1: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters \ IPEnableRouter In TCP/IP Configuration / DNS, set your machine name, set the domain name to your Domain Name, and add the DNS server IP address. Next, go back to TCP/IP Protocol configuration and select the NIC that is connected to your Isolated Network. Set the IP address of this adapter to an address within YOUR network (usually 254 or 1). NOTE: You cannot use the first and last IP address from a sub-network because these are reserved for special purposes - If you have a full class C address, you cannot use 0 or 255 as a device address. Set the Subnet Mask to the net mask that you will be using for your Isolated Network. In the main TCP/IP Configuration, set the Default Gateway for this adapter to blanks (not zeroes). Finish out of the Network setup in Control Panel. These changes will not all take effect until the system has been reset. For workstations on the Isolated Network to have access to the Connected Network, and through it to the Internet, they must install TCP/IP software. This comes with Win ‘95 and can be downloaded for free from Microsoft for WFW 3.11 (you need Win32s and TCP/IP32 for WFW). On each workstation on your LAN, set the IP address of the individual system to an IP address in your Isolated Network. Set the Default Gateway to the IP address of the NIC on the Isolated Network side of the NT router/gateway system. Set the DNS to the IP address of the DNS server. Set the Subnet Mask to the net mask that you are using on your Isolated Network. After resetting you should be able to use communicate from the Isolated Network to the Connected Network, and if this is a Gateway system you should be able to use standard WinSock programs (Netscape, Eudora, MS-Internet Explorer, etc.) to talk directly out to the Internet. To troubleshoot your connection, use the Command prompt programs TRACERT and PING from an individual workstation on the Isolated Network. To use PING, give it the name or IP address of a computer somewhere on the Conected Network side on on the Internet (e.g. PING WWW.WHITEHOUSE.GOV or PING 198.137.240.92). It will send a special message to that computer, which will echo it back to you. If it doesn’t work then try another computer ID, most net sites are off the air from time to time. To use TRACERT give it the name or IP address of a computer somewhere out on the Internet (e.g. TRACERT WWW.WHITEHOUSE.GOV or TRACERT 198.137.240.92). It will trace the route and list each routing point between your workstation and the other computer. This way you can see how far you get before the communications break down, if you are having problems. I have used this configuration to connect systems with small to medium sized LANs (up to 48 PC systems) to the Internet. The configuration has not only allowed the users on the local LAN to have access to the Internet, it has adequately supported DNS, SMTP/POP E-Mail servers, Web servers, FTP servers, and a wide variety of other Internet services. For more detailed information on Windows NT IP Routing setups go to the Microsoft Knowledge Base and look up article Q140859. For a good reference book on using TCP/IP with Windows NT Server systems I recommend the book "Mastering Tcp/Ip for Nt Server" by Mark Minasi. Order it NOW! [Top of Document]