How to Turn NT Server into an IP Router

Last month, I talked about the basics of Internet Protocol (IP) addressing. The reason that anyone cares about IP is because it makes building large networks relatively simple. The strength of IP lies in its routing ability. But in order to use IP for this purpose, you need a piece of hardware called an IP router.

There are several kinds of IP routers: One connects your network to the Internet over a WAN connection. Another connects LANs to LANs directly with no WAN connections.

The first kind of router you'll need to install is the network-to-WAN router, but as your network grows, you'll also need the LAN-to-LAN type. The problem with network-to-network routers is that they cost about $3000+. But for simple routing, you don't need to spend a dime: You can use Windows NT Server. This month, I'll show you how.

LAN-to-WAN Routers
My firm uses about 50 IP addresses for its computers (most of which need one IP address each), our Integrated Services Digital Network (ISDN) bridges (again, one IP address each), and our routers. A few years ago, we put our network on the Internet. To do that, we needed a LAN-to-WAN IP router and an Internet Service Provider (ISP).

A router is basically a box that sets between two networks. It allows each network to communicate with the other by relaying messages between them. For example, on my network, I'm allowed to use the range of addresses from 199.34.57.0 through 199.34.57.255--I have a C-class network.

You may recall from last month that I cannot use two of those addresses: 199.34.57.0 and 199.34.57.255. The ".0" is the network number, a generic way of saying "all addresses from 199.34.57.1 through 199.34.57.254." The ".255" is the broadcast address, a single address used to send a message to all the computers on my network. (Last month I also noted that I couldn't use the 199.34.57.1 and 199.34.57.2 addresses. That's not a carved-in-stone Internet rule, but rather an artifact of how I run my network.)

My network resembles the network shown in figure 1. It has a LAN-to-WAN IP router with a set of instructions that tells it how to route the packets it receives. The routing table has an absurdly simple mission: If there's a message for 199.34.57.0--in other words, if there's a message for any address on my C-class network--send it to the Ethernet. If there's a message for any other address, send it via the serial port to the modem, which then puts the message on the Internet.

The router in figure 1 is not the one I recommend you use with Windows NT Server. It's not usually a good idea to use Windows NT as a LAN-to-WAN router, although it can be done.

For my network, I use a Compatible Systems Microrouter 900i. It's one of the best purchases I ever made for my network. It cost about $850, which is quite reasonable, but that's not the only reason it's a good deal. Although it's possible to use an NT machine as an Internet-to-Ethernet-via-WAN-connection router, my tests show that the Compatible box routes packets more than twice as fast as an NT machine does.

Building an NT LAN-to-LAN Router
If my network becomes larger and I get another C-class network, for example, 223.200.200.0, or if I decide to divide my network into smaller subnets, I will have multiple network segments--it's the same story whether you use Ethernet or Token Ring--and I will need a router (see figure 2).

The LAN-to-WAN router now has a more difficult job. For a machine on 199.34.57.2 to send a packet to any machine on 223.200.200.0, it must send the packet to the router at 199.34.57.2. That's where it sends all packets that need routing. Now that router must be smart enough to know not to send the packet over the WAN but to send it to the router for 223.200.200.0. You also need a LAN-to-LAN router between 199.34.57.0 and 223.200.200.0.

To build a Windows NT Ethernet-to Ethernet router, you need a computer with two Ethernet cards, one for each of the network segments (223.200.200.0 and 199.34.57.0). The Ethernet card for 223.200.200.0 will be the default gateway for that network, and convention says that it should then be assigned the first address in the available range: in other words, 223.200.200.1. The address for the Ethernet card on the 199.34.57.0 side is pretty much up to me, so I'll arbitrarily assign it IP address 199.34.57.241.

Now, how would I configure the NT system so that it routes packets between 199.34.57.0 and 223.200.200.0? As always, I configure TCP/IP on each of the two Ethernet cards via the Control Panel: Open Network, select TCP/IP protocol, and click on the Advanced button. That gives me a dialog that lets me assign different IP addresses to the different network adapters.

On the 199.34.57.0 network card, I set the IP address to 199.34.57.241, my Ethernet card address. Because this network is not divided into subnets beyond C class, I use subnet mask 255.255.255.0, and as before, the gateway for my 199.34.57.0 network is 199.34.57.2.

On the 223.200.200.0 network card, I set the IP address to 223.200.200.1, which is the default gateway--and the convention--for that network. Assuming that I don't want to subnet the network further, the 255.255.255.0 subnet mask should be fine.

Now--and here's the strange part--I set the Default Gateway to all blanks. Instead of "0.0.0.0," I put a blank into each field. I don't know why this works, but I know that it does. In fact, it seems to be essential to the recipe. I haven't found a way to route packets via NT without it.

In the Advanced Microsoft TCP/IP Configuration dialog you'll see Enable IP Routing. If you have only one network adapter, this box is grayed out. But if you have multiple network cards, it is enabled. Check the box to tell NT to route packets, click on OK until you're out of the Control Panel, and then reboot your system.

When NT router is ready
Now is a good time to see if you've gotten everything set up correctly. Open an MS-DOS command prompt, and type IPCONFIG /ALL. This useful command works for both Windows NT machines and Windows for Workgroups machines. Windows 95 has a similar program called WINIPCFG. On my system, IPCONFIG/ALL displays the information shown in screen 1.

Now, I'm almost ready. But my NT machine's IP software is a bit confused. When it gets data, it doesn't know which network card to send the data to. To resolve this confusion, I need to force the software to route everything over 199.34.57.241.

Because "0" means "everything"--as in 199.34.57.0--I tell the system to route everything over 199.34.57.241 with a command executed from the command line: route add -p 0.0.0.0 mask 0.0.0.0 199.34.57.241. The mask 0.0.0.0 says that the reference is to all addresses, and the -p means that it should be a permanent change to the NT machine's routing tables.

Then I go to my LAN-to-WAN router and add a line to its routing tables: route add -p 223.200.200.0 mask 255.255.255.0 199.34.57.241. This new line says, "whenever you need to send something to 223.200.200.0, send it to 199.34.57.241."

These route commands are called static routes because they're hard-wired. I told the routers how to route data. In networks that are larger than mine, you wouldn't use a router that relies upon static routes. Instead, you'd buy one with some built-in intelligence that tells it how to route. That's why these routers cost $3000.

Just above static routers in capability are those routers using common protocols, called Routing Internet Protocol (RIP) or Open Shortest Path First (OSPF). Higher-performance routers use proprietary routing algorithms. But, sadly, a Windows NT machine can do only static routing. It knows how to go only where you tell it to go. But if your network is a small one, that might just be enough to handle your needs.

Just the Beginning
This is just one aspect of setting up a multiple-segment network. Next, you'll have to handle the problem of supporting network browsing across a router. You may want to ignore my earlier advice and use your Windows NT machine as a LAN-to-WAN router. I'll discuss both of these topics in future columns, I promise!