For the purposes of routing, computers may be divided into two groups.
Workstations usually have a single network adapter and they do not forward packets from one interface to another one. They keep a routing table, but they only use it when sending their own packets. The routing table usually contains a default router (gateway) entry. There is a direct route from the workstation to the default router.
Gateways have more than one network adapter (interface). By means of the interfaces, the gateway is connected to two or more networks. When a packet arrives at an interface, the gateway must decide to which of the remaining interfaces the packet should be sent. The appropriate interface is chosen according to the packet's target IP address and the gateway's routing table.
The computer on which WinRoute runs works as a router.
In simple networks (e.g. in a single-segment local area network connected to the
Internet using a modem) it is not necessary to modify the routing table on the
computer that runs WinRoute. On the other hand, you will most probably
have to modify the routing table if you have a network with multiple segments.
Routing in Networks with Multiple Segments
In networks with multiple segments located behind other gateways
it might be necessary to enter the routes to individual segments by hand
(unless your network uses some routing protocol).
The figure bellow shows a network with two segments connected by a router.
In this case, the routing is configured as follows:
c:\>route -p add 192.168.2.0 mask 255.255.255.0 192.168.1.100
Routing in the Windows Environment
This section describes in more detail the routing in the environment of the
Windows operating systems.
To work with the routing table, use the system command "route", entered at the command prompt.
You may use the "route" command in the following ways:
The records in the routing table are searched for a record in which the network field matches with the target IP address in the packet (with the network mask applied). If several matching records are found, the record with the most selective mask is chosen. If there are two or more such records, we choose the one with the smallest metric.
The packet is sent to the interface indicated in the record. If the target computer is not in the network directly connected to the interface, the packet is sent to the gateway named in the record.
The record with zero network address and zero mask has a special meaning. It denotes the default route. The record indicates where to send a packet if no other appropriate record has been found.
We may categorize the records in the routing table according to their origin:
Direct routes are added to the table using the IP address and mask assigned to individual interfaces on the router. They identify a directly accessible networks.
Persistent routes identify network which are not directly connected to the interfaces of the router. These routes are configured by router's maintainer and are set during operating system start-up.
Temporary routes are entered by the user or are learnt by means of a routing protocol. They are lost if the system is switched off.
During start-up, the Windows routing table is created as follows:
Direct routes are created, and the permanent routes are read from the Windows registry (permanent routes may only be configured in Windows NT). Also, the default route is added (in Windows TCP/IP configuration of individual interfaces, default route is denoted as default gateway). You may set default routes on several interfaces, it is however reasonable to set it on one interface only - on the one which connects the computer to the external network (the Internet).
During run-time, the routing table is modified as follows:
The table may be modified by user or by a routing protocol (e.g. RIP), if it is used. If you create a telephone connection, Windows adds a default route (according to the settings of the particular telephone connection). If the routing table contains a default route already, its metric is increased and thus the telephone connection obtains a higher priority. When the telephone connection is closed, its route is removed.
Port Mapping Examples
The examples bellow represent a typical use of port mapping. You may
however create many other mapped ports. When doing that, you should always
bear in mind the security of your network. By creating a mapped port
you allow the particular service in your network to be accessed from
the entire Internet. Use packet filtering if you want to make the port accessible
from certain internet addresses only.
WWW
Let us suppose you run a WEB server in your private network (the address of the
server being 192.168.1.10) and you wish to allow the users in the Internet to
access the server. You have to create a mapped port in the following manner:
Protocol :TCP Listen IP: <unspecified> Listen Port: 80 Destination IP: enter the IP address of the WEB server (192.168.1.10 in our case) Destination Port: 80
Protocol: TCP Listen IP: <unspecified> Listen Port: 25 Destination IP: enter the IP address of your mail server Destination Port: 25
1 For the control connection:
Protocol: TCP Listen IP: <unspecified> Listen Port: 1723 Destination IP: IP address of your PPTP server Destination Port: 1723
2 For the GRE (PPTP) packets:
Protocol: PPTP Listen IP: <unspecified> Destination IP: again, the IP address of your PPTP server
Protocol: UDP Listen IP: <unspecified> Listen Port: 7648 Destination IP: the IP address of the workstation that runs the CU-SeeMe client Destination Port: 7648
Protocol: UDP Listen IP: <unspecified> Listen Port: 7649 Destination IP: the IP address of the workstation that runs the CU-SeeMe client Destination Port: 7649Limitations:
Protocol: TCP Listen IP: <unspecified> Listen Port: 5000 - 5011 Destination IP: IP address of the workstation that runs the ICQ client Destination Port: 5000 - 5011Then do the following: In ICQ "Preferences" choose "Connection", "I'm using a permanent internet connection (LAN)", "I'm behind a firewall or proxy". In "Firewall Settings" choose "I don't use a SOCKS Proxy server ...", press the "Next" button, choose "Use the following TCP listen ports for incoming event" and enter the range 5000 through 5011.
If you wish to run several ICQ clients in your LAN (and these clients need to accept calls from other ICQ users), you have to create an entry in the mapped ports table for each additional client and assign a port range to it (e.g. 5012 - 5023). You also have to configure each ICQ client accordingly.
Using WinRoute with DirecPC
This description assumes that you are already well termed with DirecPC
and you have the appropriate software modules installed and functional.
WinRoute may cooperate with DirecPC in two ways, depending on how the outgoing packets are sent to Internet.
If you decide to use the second method, you must select the interface for sending outgoing packets. This may be done in the menu:
|
Settings => Interfaces => interface Settings => DirecPC
|
If you select a RAS interface, then in the TCP/IP settings of the RAS entry, the "Use default gateway of remote network" must not be checked.
Example Setting 1
The figure bellow shows a network configuration when the first method is used
(outgoing packets are sent to the Internet using the DirecPC Navigator).
Example Setting 2
The figure bellow shows a network configuration when the second method is used.
The outgoing packets are sent via RAS interface (the device is a modem or
an ISDN adapter). In the TCP/IP settings of the RAS entry,
the "Use default gateway of remote network" must not be selected, otherwise
all traffic will be routed to the RAS interface and DirecPC will not be used!
Example Setting 3
The figure bellow shows a network configuration when the second method is used
and the outgoing packets are sent via an Ethernet interface.
Configuring TCP to Increase Throughput
The obtain the highest possible data throughput when connected to the Internet by means of DirecPC, set the size of TCP receive window on all computers that will use DirecPC in the following manner:
In Windows NT:
Add (if it exists, edit it) an entry named "TcpWindowSize" (it is of type DWORD)
in registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters.
Set its value to 0xBB80.
In Windows 95:
Add (if it exists, edit it) an entry named "DefaultRcvWindow" (it is of type string)
in registry HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP.
Set its value to "0xBB80".
Dividing Network into Multiple Segments
When using a firewall to protect a local area network, it is in some situations
necessary to change the network's configuration.
The first example shows what are the possibilities when the local area network is connected to the Internet via a router and uses registered IP addresses. This is the network's configuration: