none
NAT in windows7

    Question

  • Hello,

    How to configure NAT in windows7 ?

    query:

    I have a virtual ethernet interface(Local Area Connection 3, i.e.tap - with a proper driver to manage it), whose IP address is assigned manually (static) 10.0.0.1/24 with subnet 255.255.255.0. I need to route traffic initiated from tap interface to physical interface(Local Area Connection - connected with internet). In windows XP the same can be accomplish using "netsh routing ip nat" which do NAT and unNAT for the traffic of tap network(10.0.0.0 - 10.0.0.255). But in windows 7 the netsh routing ip section is missing.

    Steps I used on windows-XP:

    1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters and change value of Key

        “IP Enable Router to 1”   from 0.

    2)

    net stop remoteaccess
    netsh routing ip nat install
    netsh routing ip nat add interface "Internet-NIC" full
    netsh routing ip nat add interface "TAP-NIC" private
    net start remoteaccess

    Can anyone help me out on how to accomplish the same in windows 7 ?

    Saturday, July 20, 2013 11:50 AM

Answers

  •   The Windows client OS does not support NAT directly - only the server OS does through RRAS. The client OS implements ICS (and has done since Win98SE). I have never tried to implement it using netsh commands.


    Bill

    • Proposed as answer by Balaji M KundalamMVP Thursday, July 25, 2013 3:02 PM
    • Marked as answer by Ronex Monday, June 02, 2014 6:55 AM
    Saturday, July 20, 2013 11:33 PM

All replies

  •   The Windows client OS does not support NAT directly - only the server OS does through RRAS. The client OS implements ICS (and has done since Win98SE). I have never tried to implement it using netsh commands.


    Bill

    • Proposed as answer by Balaji M KundalamMVP Thursday, July 25, 2013 3:02 PM
    • Marked as answer by Ronex Monday, June 02, 2014 6:55 AM
    Saturday, July 20, 2013 11:33 PM
  •   The Windows client OS does not support NAT directly - only the server OS does through RRAS. The client OS implements ICS (and has done since Win98SE). I have never tried to implement it using netsh commands.


    Bill


    Does it mean that on windows 7, `NAT`  feature is not available. So It can be done only through ICS which differs from NAT in many terms as well as it has some restrictions. So how could the same query can be solved using ICS through command line ? (because of not availability of NAT.)
    • Edited by Ronex Monday, July 22, 2013 4:44 AM More specific
    Sunday, July 21, 2013 8:10 AM
  • You can have a look at the following link:

    http://blogs.msdn.com/b/virtual_pc_guy/archive/2005/10/04/477195.aspx


    Balaji Kundalam

    Thursday, July 25, 2013 3:01 PM
  • You can have a look at the following link:

    http://blogs.msdn.com/b/virtual_pc_guy/archive/2005/10/04/477195.aspx


    Balaji Kundalam

    Thanks for sharing the information. But somehow it still doesn't answer my query.

    1) Here I need not to use Loopback adapter, tap adapter is already present, under network connection wizard.

    2) It mentions use of ICS which has some restriction that it sets IP address for the other interface to 192.168.X.X (which is not feasible for portability of the source).

    And If there is not any option for windows client operating system, could you share the command line steps for ICS(Internet Connection Sharing).

    Preferably I was looking for the kind of setup which I done over XP which is provides NAT with not such a restriction


    • Edited by Ronex Thursday, August 08, 2013 11:24 AM
    Friday, July 26, 2013 8:07 AM
  • ICS can be used for NAT, but still it's not well document how it can be done using command line. Although because of this I have to use graphical setting, It'd be much helpful if anyone can help me out in doing the same using command prompt.

    • Edited by Ronex Monday, June 02, 2014 6:57 AM
    Monday, June 02, 2014 6:57 AM
  • Use NAT32 program, you can download this from  http://v2.nat32.com/index.html

    I found info someone has used TeamViewer VPN + NAT32 which is similar to your case.

    1) Once you have properly installed winpfilter driver, you will see icons created on desktop





    2) Run Nat32_CFG




    3) Select Interface (Internet and Private)



    4) You must NOT disturbe the TeamViewer VPN interface. Check highlighted boxes and apply



    5) Only one main interface currently have just check box and apply





    6) Do not enable DHCP on TeamViewer interface, this will create error




    7) Check the Shell and if you see both interfaces up and running that is good sign and you have created NAT/VPN server





    8) Do not assign IP manually Teamviewer VPN will automatically put 7.0.0.0/8 network for you and just put persistence route on Windows VPN clients side (not server side)

    Eg: C:\Users\sjeon>route change 1.0.0.0 mask 255.0.0.0 7.54.52.116 metric 1 -p

    => You may create a bash file to automate or put -p for persistence route


    9) Check the traceroute and make sure to hit VPN IP first then GW




    10) Run Speedtest and check CPU of VPN server and see if it can handle right

    Monday, July 21, 2014 3:52 AM
  • Hello everybody, I investigated a lot for this issue.
    Establish a VPN session with TeamViewer to my home pc (remote side) and try to get access to this local network from my working place (local side).

    I found an solution i never read anywhere before. Since Windows 7 has removed NAT option using netsh it is difficult to solve it with windows on board tools only.

    - Install TeamViewer incl. VPN driver on both sides, activate unattended access on the remote side (my home pc). Use the button Show advanced options, and go to Advanced network options … Install VPN driver

    - Install WinPkFilter Device Driver on remote side (my home pc) and restart (http://www.nat32.com/v2/install.htm Download installer: http://www.ntkernel.com/downloads/winpkflt_rtl.zip . NAT32 you don't need. This WinPkFilter package contains a simple GUI to configure the NAT between the VPN interface (client) and the remote side LAN interface (provider). see following hints ...

    - Windows: Start RemoteAccess - service 'Routing an Remote Access'  and set to automatic (local/remote side).

    - Optional: On the remote side (my home pc), the registry has to be modified. Start the registry editor for example by Regedt32, and browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters Set the parameter IPEnableRouter to “1”. Using console or batch as admin: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "IPEnableRouter" /t REG_DWORD /d "1". On my system it worked without this option, but according internet forums it seems to be recommended.

    - Now create a remote desktop session to your home pc and start also the VPN connection within this TeamViewer session (Menu / Extras / VPN). I created a free TeamViewer account and added all pc's to my computers to make the access to my machines easier.

    - On remode side (my home pc) where WinPkFilter is installed start the Internet Gateway GUI of WinPkFilter: Start / Programms / WinpkFilter / Internet Gateway. Select (double click) the ethernet adapter of your local privat lan and set NAT Status to 'Provider'. Select the TeamViewer VPN adapter and set NAT Status to 'client'. Press 'Start NAT'

     - On local side (my working place) Add a route to the local side (my working place) to give access to several devices that have the same subnet, add the route like this:

    route add <base IP of remote devices> mask 255.255.255.0 <IP of Teamviewer VPN on remote PC> 
    metric 1

    Example (home lan ip range: 192.168.2.x / TeamViewer VPN IP in home pc (remote side) 7.37.88.245
    route add 192.168.2.0 mask 255.255.255.0 7.37.88.245 metric 1 <ENTER>

    route add 192.168.2.0 mask 255.255.255.0 7.37.88.245 metric 1 -p <ENTER> (if persistent)

    Do delete the route route delete 192.168.2.0

    Now you should have access to your private home network. Good luck and have fun.

    Tuesday, September 16, 2014 9:50 AM