I never really understood the presence of static routing on consumer grade routers. But recently, I got the opportunity to try out that functionality in office and tearing out my hair at the same time (read: networking n00b). Documenting the steps here to prevent further hair-loss.
ISP <—> Router A [192.168.0.0/20] <—> Router B [192.168.16.0/24]
WAN IP: DHCP-assigned by ISP
Gateway: DHCP-assigned by ISP
LAN IP: 192.168.0.1
Static route: (Destination) 192.168.16.0, (Netmask) 255.255.255.0, (Gateway) 192.168.0.2, (Interface) LAN
WAN IP: 192.168.0.2
LAN IP: 192.168.16.1
Basically that is all for configuration on both routers for the illustrated setup. For windows machines that are directly connected to Router A [192.168.0.0/20], an incoming rule has to be added to the hosts’ firewall to allow incoming ICMP redirect packets from the Router A, assuming the firewall is enabled.
On Windows Vista and above, the following command (run as administrator) will add the rule:
netsh advfirewall firewall add rule name="enable static routing" dir=in action=allow enable=yes profile=private remoteip=defaultgateway protocol=icmpv4:5,any
In English, the command “adds a rule with name ‘enable static routing’, for the incoming direction, that allows traffic to pass, at the same time enabling the rule, for the private profile, only from the default gateway, with ICMP v4 redirect packets”. Tweak as needed.
Yes, it potentially requires configuration on the clients. A more transparent alternative is to dish out static routes to clients via DHCP server and eliminating the need to configure the firewall, but that is out of the scope of this post. Which brings me back to my original thought: if a user need to configure so many items, on both routers and clients, will it be better to provide an option to serve routes via DHCP? Without which, is this whole static routing even suitable for a home user on a home router?