Previous Page | Next Page

  1. Introduction
  2. Installation
  3. Hardware Issues
  4. Filesystems
  5. Networking
  6. Security
  7. Servers
  8. Services
  9. Utilities
  10. Control Panel
  11. Printing
  12. Performance Monitor
  13. Network Monitor
  14. Event Viewer
  15. Other Issues
  16. User Accounts
  17. Groups
  18. Policies
  19. User Rights
  20. Auditing
  21. System Policies
  22. Sharing
  23. Profiles
  24. Roaming Profiles
  25. Domains
  26. Server Management
  27. Directory Replication
  28. License Management
  29. Client Administrator
  30. Netware Tools
  31. Macintosh Support
  32. RAS Server
  33. SNMP
  34. DHCP
  35. DNS
  36. WINS
  37. Mail Service
  38. Internet
  39. Internet Information Server
  40. Routing and Firewalls
  41. Items to Remember
  42. Terms
  43. Credits

Windows NT Routing and Firewalls

Do not confuse the functions of routing and firewalls. Although they perform a similar function such as managing datagrams or frames, their similarity ends there. If you set up a firewall, your firewall is not actually a router. If you set up a router, it is not a firewall. The purpose of a firewall is security with limited connectivity, and the purpose of a router is connectivity alone.

Routing Support

NT uses the Multi-Protocol Router (MPR) service to support routing using the following protocols:

  • Routing Information Services (RIS) for IP
  • RIP for NWLink - Allows dynamic routing of IPX/SPX.
  • DHCP Relay agent - Allows DHCP to work across routers.

Routing Requirements

NT Server with 2 or more network cards.

Routing Information

Backbone network - Various subnets are routed through one router onto a network backbone. This way only two hops are required to go from one subnet to another.

Static IP Routing

To perform static IP routing, the following must be done:

  1. Enable forwarding using the control panel network applet protocols tab. Select TCP/IP, properties button and check the "Enable IP forwarding" checkbox.
  2. Use the "route" command to set up the routing tables.

Dynamic IP Routing

NT 3.5.1 couldn't support dynamic routing protocols but NT 4.0 does. Routing Information Protocol (RIP) is used to support dynamic routing. RIP uses a distance vector routing algorithm that counts the number of routers (hops) a package must go through to reach its destination. RIP uses more network bandwidth since it periodically broadcasts its routing table to other routers. RIP routers update their route tables every 30 seconds by default. This may be configured to happen between 15 and 8840 seconds.A more efficient routing protocol uses link state algorithms. Installation of RIP:

  1. Use the control panel network applet services tab. Click the "Add" button and select "RIP for Internet Protocol".
  2. Restart the computer.

Static IPX Routing

  1. Enable RIP dynamic routing:
    1. Use the control panel network applet protocols tab.
    2. Select the "NWLink IPX/SPX" protocol and click on the "Properties" button.
    3. Select the Routing tab
  2. Configure IPX route tables manually using the IPXROUTE command. Use the "Start". "Help" menu for more information.

Dynamic IPX Routing

Install "RIP for NWLink IPX".

  1. From the control panel network applet services tab, click the "Add" button.
  2. Select "RIP for NWLink IPX", click "OK", and specify the correct path for the distribution files.
  3. Click "Continue" and Select whether NetBIOS broadcast propogation should be enabled.
  4. Restart the computer

Routing information protocol (RIP) and Service advertising protocol (SAP) services are used. NetWare uses SAP to broadcast services. SAP is installed automatically with "RIP for NWLink IPX". Also NetBIOS Broadcast Propagation (Type 20 packets) may be enabled.

To support NetWare and NT servers, the following must be done for routing:

  1. Install "RIP for NWLink IPX".
  2. Enable IPX Routing using the NWLink IPX/SPX properties dialog box.
  3. Enable NetBIOS type 20 broadcast propagation packets.

DHCP Relay Agent

Installation of this agent covers both the BOOTP and DCHP protocols.

  1. From the control panel network applet services tab, click the "Add" button.
  2. Select "DHCP Relay Agent", click "OK", and specify the correct path for the distribution files.
  3. Click close
  4. Reboot the computer and log on as an administrator.
  5. Select the control panel network applet protocols tab.
  6. Select the "TCP/IP Protocol" and click on the "Properties" button.
  7. Select the "DHCP Relay" tab. The following options are displayed:
    • Seconds Threshold - A time in which a request must be answered. This is a time to live option. Default is 4.
    • Maximum Hops - The maximum number of routers the request may be sent through.
    • DHCP Server
  8. Add DHCP servers to the DHCP Server text box using the "Add" button then click "OK" when done.

At least one DHCP server IP address must be configured to use the DHCP relay agent. A BOOTP relay may also be set up as a service, but it is not configurable.

Route Discovery Methods:

  • Distance vector - Periodically sends route table to other routers. Works best on LANs, not WANs.
  • Link-state - Routing tables are broadcast at startup and then only when they change. OSPF uses link-state.