Static routing on windows network using consumer router

I never really understood the presence of static routing on consumer grade routers. But recently, I got the opportunity to try out that functionality in office and tearing out my hair at the same time (read: networking n00b). Documenting the steps here to prevent further hair-loss.

Setup:

ISP <—> Router A [192.168.0.0/20] <—> Router B [192.168.16.0/24]

Router A
WAN IP: DHCP-assigned by ISP
Gateway: DHCP-assigned by ISP
LAN IP: 192.168.0.1
Static route: (Destination) 192.168.16.0, (Netmask) 255.255.255.0, (Gateway) 192.168.0.2, (Interface) LAN

Router B
WAN IP: 192.168.0.2
Gateway: 192.168.0.1
LAN IP: 192.168.16.1

Basically that is all for configuration on both routers for the illustrated setup. For windows machines that are directly connected to Router A [192.168.0.0/20], an incoming rule has to be added to the hosts’ firewall to allow incoming ICMP redirect packets from the Router A, assuming the firewall is enabled.

On Windows Vista and above, the following command (run as administrator) will add the rule:

netsh advfirewall firewall add rule name="enable static routing" dir=in action=allow enable=yes profile=private remoteip=defaultgateway protocol=icmpv4:5,any

In English, the command “adds a rule with name ‘enable static routing’, for the incoming direction, that allows traffic to pass, at the same time enabling the rule, for the private profile, only from the default gateway, with ICMP v4 redirect packets”. Tweak as needed.

Yes, it potentially requires configuration on the clients. A more transparent alternative is to dish out static routes to clients via DHCP server and eliminating the need to configure the firewall, but that is out of the scope of this post. Which brings me back to my original thought: if a user need to configure so many items, on both routers and clients, will it be better to provide an option to serve routes via DHCP? Without which, is this whole static routing even suitable for a home user on a home router?

Netsh Commands for Windows Firewall

DHCP option 121

Advertisements

One thought on “Static routing on windows network using consumer router

  1. happened upon your site randomly researching ida-related material – read this post because i was trying to accomplish a very similar task some time ago; turns out dhcp can push all kinds of interesting options in addition to ip addresses. take a look at this old dinosaur of a docfile section 6.8 https://tools.ietf.org/html/rfc2132

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s