Setting up IP forwarding on a Windows network

My network at home has two subnets joined by a wireless link (note that the IP addresses have been changed to protect the innocent):

IP forwarding

You might wonder why it doesn’t all sit under my desk (after all we’re not talking about a multinational corporation here) but the simple fact is that most of my kit has been procured from an eclectic mix of sources over the years (so it is hardly what you might call standard) and the server (on which I do a lot of testing) is a noisy beast, as is the 24-port switch that it’s plugged into – hence the reason they are stored away in the basement.

The trouble with this configuration is that the dual-homed PC which acts as a bridge between the wired and wireless segments in the basement is exactly that – dual-homed – i.e. it needs the 802.3 adapter to be on one subnet and the 802.11b adapter to be on another (otherwise this could all have been on one flat subnet). That means that it also needs to be able to route traffic to and from each subnet, otherwise the server is invisible to the rest of the network (and vice versa).

That’s where IP forwarding comes in (aka IP masquerading in Linux-speak).

Disabled by default in Windows 2000, XP and Server 2003, IP forwarding basically allows a dual-homed host to act as a network bridge. Microsoft knowledge base article 323339 details the registry setting to enable this on Windows Server 2003 – there are other articles for Windows 2000 and XP but they are pretty much identical.

There are, however, a couple of important points to note:

  • Only one interface should have a default gateway. In my case, the default gateway for the bridge’s wired connection is blank.
  • I also had to put a static route to on my ADSL router using the IP address of the bridge’s wireless connection as a gateway (so that outbound traffic to the Internet from the 192.168.2.x network has a return path).

For comparison purposes, the routing table on my bridge ( looks like this:

IPv4 Route Table
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 08 02 xx xx xx ...... Intel(R) PRO/100 VM Network Connection
0x10004 ...00 80 c8 xx xx xx ...... D-Link AirPlus DWL-520+ Wireless PCI Adapter
Active Routes:
Network Destination Netmask Gateway Interface Metric 25 1 25 25 25 20 20 20 25 20 1 1
Default Gateway:
Persistent Routes:

Whilst on the ADSL router it looks like this:

Network Destination Netmask NextHop IF Type Origin isprouter ppp-0 Indirect Dynamic lo-0 Direct Dynamic eth-0 Direct Dynamic lo-0 Direct Dynamic eth-0 Indirect Local
isprouter mypublicipaddress ppp-0 Direct Dynamic
mypublicipaddress lo-0 Direct Dynamic
btrouter1 btrouter2 ppp-0 Direct Dynamic

For the other LAN-connected devices, the important details are that for LAN 1 the default gateway is and for LAN 2 the default gateway is

5 thoughts on “Setting up IP forwarding on a Windows network

  1. I have an interesting problem here with respect to IP Forwarding:

    1)PC has two interfaces.,

    2) has default gateway:

    3) I have an application-x which receives IP packets from IP address and destinated to a web server on

    On windows 2000 PC, I have to loop back IP packets with destination address So that I can forward them to the application-x who is receiving packets from

    I achieved this objective by entering the following:

    arp -s (MAC_ADDRESS of

    route add mask -p

    In Registry (EnableIPRouter = 1)

    Now the question is:
    Sometimes this procedure works and the application-x receives packets that webserver is sending to But it fails sometimes. I am very curious to know the reason for succeding sometimes. After seeing your blog I thought you are the right person to approach :)

    Thanks for your help.

  2. An alternative solution is to enable routing and remote access service (RRAS) functionality to manage LAN routing on Windows Server. RRAS is installed by default in Windows Server 2003 and part of the network policy and access service role in Windows Server 2008.

Leave a Reply