Knowledgebase: General Networking
Configuring WinGate behind a DSL/Broadband Router
Posted by Adrien de Croy (Import) on 24 February 2004 02:49 PM
When configuring WinGate to access the Internet through a DSL/Broadband router, there are usually several considerations to make, depending on the particular features of the router. With more routers offering their own built in Network Address Translation(NAT) and DHCP services, it can often lead to confusion of how WinGate can work with such solutions.
This article attempts to clarify the most common steps to take when configuring these types of routing solutions with WinGate. As this article is a general overview, individual features of particular routers may vary, and if in doubt users should refer to the documentation of their particular router.
It is common in this scenario that the WinGate machine should have two network cards, one connected to the router, and one which connects it to the rest of the LAN.
Routers with DHCP (Dynamic Host Control Protocol)
If the Router comes with DHCP service it will usually be designed to assign private class IP addresses to computers on the network such as (192.168.*.* or 10.0.0.*.).
However in this case the WinGate server will be the only machine to receive network details from the routers DHCP service. These details will be assigned to the network interface that connects the WinGate machine to the router.
Note: Obviously if you wish to not use the DHCP service of the router to assign network details to the interface on the WinGate machine that it is connected to, then these same details can be applied statically.
In this scenario the second Network interface in the WinGate machine that connects it to the client machines on the LAN, (referred to here as the LAN Interface) should be configured with a static private class IP that is on a different subnet range as to what is issued by the router.
This IP address on the LAN interface of the WinGate server should be in the same address range as used by the client machines on the LAN.
As with other WinGate configurations the client machines will use this static address on the WinGate server for their Gateway and DNS entries in their network properties.
This will allow client machines to direct their Internet connections through the WinGate machine and inturn out through the router. To see an example of a network set up that uses this scenario click here
Routers with Network Address Translation
In the scenario described above, the WinGate server is assigned the IP address 10.0.0.2 on its interface that connects to the router. Its Gateway and DNS properties are automatically set to 10.0.0.1 (the internal Interface of the router) by the Routers DHCP service.
As mentioned earlier if a router provides DHCP then it will generally have built in NAT to provide translation between the routers private IP address range (in this case 10.0.0.*) and the external IP, and the Internet at large.
WinGate has been designed to work in this common situation and it is ofted referred to as being located behind a NAT translated Firewall, or in simple terms NAT behind NAT.
A common query is how does this work with client machines on the LAN who are behind WinGate?
This is the very reason why it was suggested earlier that LAN clients and the LAN interface on the WinGate server be configured with a different private IP address range from what is being used by the router (In our example 192.168.4.*).
Obviously this keeps routing and identification of IP addresses simple and allows for WinGate to offer its own NAT for its LAN clients.
You will also notice that the LAN Interface (IP address 192.168.4.1) on the WinGate server is not assigned a Gateway or DNS entry as the interface that connects to the router does. This is because in basic routing all traffic that is addressed to a location not found on the local subnet is forwarded to the Gateway address specified in the machines network properties.
So in this case all Internet/DNS requests are forwarded to the router (IP address 10.0.0.1) via the interface that connects the WinGate Server to the router.
If the router comes with a built in Firewall then it is important that approriate ports are configured to allow Internet access when dealing with WinGate in this scenario.
Generally router configuration utilities will allow administrators to open pinholes (ports) in the router's firewall to allow traffic for Internet applications to pass through to the LAN.
In this scenario because WinGate is handling the Internet access for the LAN, all of these "pinholes" on the router's firewall need to be set to redirect the traffic to the WinGate Server(Ip address). In the example given this address(interface)would be 10.0.0.2. Please refer to the particular router documentation on how to configure these pinholes.
27 November 2009 11:36 PM
If you have a internet connection going to a lan connection no dhcp server should be connected to the internet conection. Only the lan connection should be connected to the server. binding a dhcp server to a internet connection interferes with the normal internet service then what you have is a dhcp server connected to both sides of a dhcp client.