NAT32E: Connecting Private LANS to the Internet Build 1057
----------------------------------------------- ----------
(C) 2003 NAT Software Germany. ALL RIGHTS RESERVED
** NAT32 Enhanced Version 1.7 ** **** MFC free *** *** Built with BC55 **
Redistribution of this software without the prior written permission of the
author is strictly prohibited.
Version 1.7 WINDOWS 95/98/NT/2000/XP 8. July, 2003
---------------------------------------------------------------------------
NAT32E is a versatile Software Router which allows all computers on one or
more private LANs to share one or more Internet connections.
With appropriate configuration, NAT32E will bind to the following devices:
Windows WAN devices: Modems, ISDN, ADSL, PPPoE, Microsoft VPN
Windows LAN devices: Ethernet, Token Ring (but not emulated TR)
Hybrid Devices: One-way cable modems, Satellite devices (DirecPC)
NAT32E fully supports the Windows DUN/RAS Server, allowing dial-in access
to machines which connect to the Internet via some other Interface.
Administrators can remotely configure and interrogate NAT32E using a Java-
enabled WEB Browser. A NAT32 password must be specified and Internet
access to the NAT32E HTTP server is blocked per default.
NAT32E is an IP Router, NOT a Proxy Server. Time-consuming reconfiguration
of network applications is not required. All applications on your private
LAN have address-mapped UDP, TCP and ICMP access to the Internet.
NAT32E Version 1.7 supports "connection aggregation", a technique used for
distributing Internet traffic over two or more modems (or other types of
connections). The technique should not be confused with "modem bonding" or
"multilink", which requires ISP support and is usually only available for
ISDN services.
Connection aggregation is particularly useful in cases where two or more
Dial-Up Networking connections are available and router traffic is to be
spread (more or less) evenly over multiple connections. The feature is also
useful for DSL or Cable Modem users requiring a backup Internet connection.
If the high-speed connection fails, the DUN Connection can be easily
enabled for emergency use.
Installation
------------
The NAT32E archive can be unzipped into any desired directory, the example
below assumes the directory C:\NAT32E.
You should then run the setup program setup.exe. This program makes NO
major modifications to your system. In particular, no Windows DLLs or
Drivers are overwritten or modified, and your networking configuration is
not altered in any way. Only minor registry modifications are made.
Only one file is copied: nat32.inf to your Windows INF directory.
Before Running NAT32E:
----------------------
This version *requires* Internet Explorer 4 (or later). Even if you are a
Netscape or Opera user, you must install IE, even if you uninstall it
again afterwards. The IE uninstall procedure leaves all the needed DLL's
on your system.
WINDOWS 95 users should install the Microsoft DUN 1.2 (or later) upgrade
before running NAT32E. This upgrade is an absolute must (even for Cable
Modem users) because it contains the latest VIP.386 and TCP/IP upgrades,
as well as vastly improved Dial-Up Networking support. The upgrade is
available for free download from www.microsoft.com.
IMPORTANT
---------
You must turn off IP Header Compression for all DUN Connections you
plan to use with NAT32 (95/98/NT4 platforms only). If you ran setup,
this will have been done for you, but any connnections you add later
will need to have IP Header Compression turned off manually.
Installing NDIS3PKT
-------------------
NAT32E uses a special version of Dan Lanciani's NDIS3PKT driver. DO NOT
ATTEMPT to run NAT32E with any version of NDIS3PKT other than the one
contained in this distribution.
1. Start the Control Panel Network Applet and click Add then Protocol.
Under Windows 2000/XP, open Control Panel, Network and Dial-up
Connections, and then right-click any Local Area Connection. Then click
Install and select Protocol, Add.
2. Click the "Have Disk" button and specify the directory into which you
unzipped NAT32E as the source directory.
3. Select the required .inf file:
Windows 9X: NDIS3PKT.INF
Windows NT: OEMSETUP.INF
Windows 2K: NDIS3P2K.INF
Windows XP: NDIS3P2K.INF
4. Click OK.
5. REBOOT WINDOWS, even if a reboot is not requested. Note that the
NDIS3PKT driver can only bind to adapters which Windows enables at
boot time. If you have disabled an adapter, reenable it and then
reboot Windows so that NDIS3PKT can bind to it.
Running NAT32E
--------------
The first time NAT32E is run, it examines the existing Windows network
configuration and generates several configuration files in the directory
from which it was started. Click the Notepad Icon for more details.
IMPORTANT
---------
For NAT32E autoconfiguration to work correctly, you MUST have at
least one private LAN adapter which has been assigned a FIXED IP
address. That address should be private, but it needn't be.
A Dialog Box will be presented listing all Network Interfaces available
on your system, and you should then select the Interfaces you would like
NAT32E to use. For each of the selected Interfaces, you must click a
radio button indicating the type of network to which the interface
connects (Internet, Private, or One-way).
If Windows Internet Connection Sharing is enabled, please turn it off or
click Help for further details.
A yellow shortcut will be added to your Desktop, and you should use that
shortcut whenever you subsequently wish to run NAT32E with the selected
interfaces. A grey shortcut is also added. It can be used to start a new
NAT32E configuration run.
IMPORTANT
---------
NAT32E can be run as a Service, but you MUST NOT start it as
a service until it has been correctly configured and you have
familiarized yourself with its operation.
NAT32E is documented in the Windows Help File: nat32e.hlp.
************************* HOW TO UNINSTALL NAT32E ************************
* *
* Click Start/Programs/NAT32/Uninstall *
* *
* Uninstall leaves a few configuration files in your NAT32 directory, so *
* you should subsequently drag the NAT32 directory to the Reycle Bin. *
* *
* To uninstall NDIS3PKT, use Control Panel Network to remove the driver. *
* *
**************************************************************************
NAT32E is SHAREWARE and will run for 60 minutes to allow you to evaluate
its features. NDIS3PKT has been modified to run with NAT32E only.
**************************************************************************
* *
* Online Registration: see menu item Help/Register *
* *
* Web Site: see menu item Help/About *
* *
* Support: see menu item Help/About *
* *
**************************************************************************
What's New in this Release
--------------------------
DD.MM.YEAR
08.07.2003 BUILD 1057
GPQ now uses a CS for each queue.
Routing Table now uses CS rather than a semaphore.
Bpool now uses CS rather than a semaphore.
IPPROC now checks the IP queues in round-robin order for fairer
load distribution.
Above measures increased throughput by 25%.
02.07.2003 BUILD 1056
Problem with legacy adapter names on 2K/XP fixed.
Problem with private LANs using registered addresses fixed.
Problem with unused PPP adapters fixed.
Embedded browser support added (experimental).
IE Version check for WEB support and Autodial (IE > 4 required).
Httpd shell command added (uses pseudo-socket device). The httpd
now understands: http://127.0.0.1:8080/shell?cmd=cmd+arg+arg....
Shell environment variables added.
If command added: if variable cmd [args]+
The if command executes cmd [args]+ if variable is true.
Unary negation operator added: !variable
Set command added: set [name [value]]
ICS support modified. On 2K platforms, the initial ICS state is
restored on exit. An ics 0|1 line added to nat32ini.
Toolbar code modified: only current adapter buttons shown, DUN
buttons shown only if DUN is in use.
Shell and Window code corrected so that P32Window proc exits
cleanly and does not need to be killed on exit.
Scrollbars added to windows.
Icons and color added to Interface Selection dialog box.
Netstart modified to check more config details.
Java applets now work in Web window.
RAS support modified for all RAS versions.
Fixed bug in nd_get_conf for NDIS3PKT.386
26.04.2003 BUILD 1055
Function reflected() in netin2k modified.
Main dialog now supports double-click of an entry to view adapter
registry settings.
NSERVER set only to values found for Internet-connected interfaces
in netstart, winute and winutent.
TclExec error fixed, shell command sh modified.
About box now has clickable entries.
21.04.2003 BUILD 1054
Dhcpd modified.
20.04.2003 BUILD 1053
Command setw modified, new setw.htm man page posted.
FTP problem: some FTP servers don't originate connections at
port 20.
Added a wild-card mechanism to fix this.
Problem with PASV mode transfers fixed.
NOTE
====
PASV mode may not work with non-UNIX compatible FTP servers.
Check your FTP Client for details of supported server types.
14.04.2003 BUILD 1052
Nif diagnostic string added. Used to show Autodial trigger.
WIN32 brush handle problem fixed.
Refresh button added to Interface Selection dialog.
DHCP server upgraded.
Command ukmap added. See help page ukmap.htm for details.
Ukmap can be used to map a range of port numbers to a single port
number on a private machine. Used for some games and mapping scan
traffic to honeypots.
Command icmap upgraded. Now allows any number of private machines
to ping and traceroute simultaneously.
22.03.2003 BUILD 1051
NAT32 now detects Windows 98SE/ME Internet Connection Sharing.
Click Help, More Help in the Interface Selection dialog to view a
detailed description of how NAT32 and ICS can coexist.
ICMP FNADF packets now forwarded correctly.
NAT32 Windows 2k/XP ICS detection added.
16.03.2003 BUILD 1050
*** NEW NDIS3PKT.386 ***
*** NEW NDIS3PKT.SYS ***
The new NDIS3PKT driver solves a MUX problem.
Umap error fixed.
Map_port now increments the new src port for each retransmitted
SYN. The old MUX entry is deleted. This feature can be turned on
and off using the setdf command. It should probably NOT be used
for Satellite links.
IP_IN no longer reschedules on receipt of a packet.
DHCPD now allows 10 sec for ARP to complete (was 5 sec).
Test for ICS (SharedAccess) service added.
Test for ICS on 98 platforms added.
MSTCP traffic monitoring added. Use command "mstcp ifn" to start
the monitor, "mstcp ifn kill" to stop the monitor.
Command "mstcp ifn block" will block all MSTCP traffic for the
specified interface.
Command "mstcp ifn allow" will allow all MSTCP traffic.
Note that only one interface at a time can be monitored in this
release.
Main Dialog now indicates disabled adapters.
Windows Account Name displayed.
01.03.2003 BUILD 1049
Mux problems solved temporarily.
New NDIS3PKT driver pending.
28.02.2003 BUILD 1048
For DUN Connections, throughput is now calculated as the max of
received and sent bytes per second.
Unused bytes in short packets set to 0.
Sendf again used in ip_in.
Hex trace now dumps entire packet.
Netstart now does a mux reset to clear the NDIS3PKT MUX table.
OnExit does too.
Pmdel now resets stalled TCP connections correctly.
Map_port and unmap_port modified.
Local traffic handling modified (ipgetp, ipproc, ipputp).
21.02.2003 BUILD 1047
DHCPD was adding PENDING ARP entries to NAT32 ARP cache.
Resulted in new machines not being reachable from NAT32 for
about 600 sec.
Arpdel command fixed. Was failing if unconfigured interfaces
were present.
Experimental: if a TCP SYN segment is retransmitted, change the
mapped source port. Some servers require this.
19.02.2003 BUILD 1046
IP_IN modified to not force packet deleivery when IP input queue
is full. IP input queue size increased to 100 packets.
Above measures increased throughput to 5.4 Mbps on 133 Pentiums.
Trace indicates if a packet was dropped because of a full input
queue.
Local TCP traffic had incorrect source address if more than one
gateway present.
Rttimer: DHCP address change code modified.
Bug on 9x platforms fixed: if multiple adapters with the same name
were present, the adapter exclusion mechanism failed. The exclude
file is no longer used.
Fixed the problem with local traffic and multiple default routes
DHCPD now allocates less memory.
Dhcpd command syntax changed.
IPPROC now uses NI_PRIMARY default route if no Interface Selection
algorithm specified.
Setis command syntax changed.
Console lockup bug fixed. New window created in a seperate thread.
Primary Interface semantics changed. The Primary Interface is now
the interface used to communicate with the Internet. In cases
where 2 or more such interfaces exist, the Primary interface will
be used, unless the setis command has been used to enable
interface selection by other means.
Quick Dialog box now shows the settings for the Primary interface.
Winio: ctrl-b problem fixed.
10.02.2003 BUILD 1045
Connection name, IP address and Interface number now logged in
rttimer function.
W2000 and XP: major problem with connection aggregation fixed.
DHCPD problem fixed: for two or more DUN connections, single
adapter mode was being set.
W2000 and XP: major problem with Interface Number in netin2k
fixed.
Setis command modified to provide more details.
Connection name problem fixed for connections which come up while
NAT32 is running.
28.01.2003 BUILD 1044
Calls to ppp.log were colliding. Only "connect" and "disc" now
write to ppp.log.
For 2000 and XP platforms, the connection name is now displayed
for all connected NDISWANIP adapters.
Command 'setmap' now has following syntax:
setmap ["connection" [off | primary]]
The command can be placed in the script file 'connect' and is used
to turn mappings for a WAN connection on or off. If 'primary' is
specified, the interface will become the Primary Interface.
21.01.2003 BUILD 1043
Command 'setmap IP [mask]' added. Turns on mappings for DUN
connections which have an IP address matching 'IP' after it has
been AND'ed with 'mask'. Use for Windows 2000 and XP only.
20.01.2003 BUILD 1042
Command 'setnsi [ifn]' added. Sets the NSERVERs to that of the
specified interface. Use for Windows 2000/XP only.
Bug in winio.c fixed (keyboard input during output was locking on
W2K and XP).
NifUpdate now also updates NSERVER if it is equal to 137.92.1.1.
Winute bug fixed: ni_private was not being set.
Command setsu clears all NSERVERs and then calls NifUpdate.
Setsu mechanism modified and tested.
Command 'setsu' prints the subunit table.
Command 'setsu subunit' turns on mappings for the specified
subunit, if the adapter is Internet connected.
06.01.2003 BUILD 1041 ***** EXPERIMENTAL *****
On W2K and XP platforms, this build detects DUN connections as
they come up but does _not_ turn on the various port mappings
unless the NDIS3PKT subunit numbers match or the connection is
coming up for the first time. For the case where the subunit of
a connection has changed, the mappings must be turned on via a
new set subunit command:
setsu subunit
where 'subunit' is the subunit number of the desired Primary (DUN)
Interface. The needed subunit number is displayed in the relevant
Interface Configuration dialog box.
The needed setsu command can be added to file 'connect'. A future
build will automate this procedure.
Command 'setsu subunit' searches for the established DUN
connection with the matching subunit number and then does the
following:
1. Adds a default route
2. Turns on IP mapping
3. Turns on Port Mapping
4. Turns on ICMP Mapping
Command x_up now displays subunit and su_valid for each adapter.
20.12.2002 BUILD 1040
Registration bug fixed.
18.12.2002 BUILD 1039
Monitor bug fixed.
Bug in cat command fixed.
CURRPID modified in create function.
12.12.2002 BUILD 1038
All centered windows (and Trace) now have focus.
Setup Version 1.4 is now compatible with WinZip INSTALL.
Admin log problem fixed. Admin log file now opened in append mode.
30.11.2002 BUILD 1037
Redirection problem fixed in P32.C.
QuickDlg again displays a TaskBar button.
11.11.2002 BUILD 1036
95/98 platforms: stale DHCP values no longer returned by
GetDhcpDns95.
Password problem fixed.
TDI problem on NT/2000/XP platforms fixed.
No more double ping replies after a private machine has pinged.
DNS Help page fixed.
23.10.2002 BUILD 1035
Console window creation code modified.
22.10.2002 BUILD 1034
Netmeeting now works fully for outgoing connections to Internet.
Incoming connection support coming soon.
Quick command modified: throughput bar can be turned on/off as
needed.
Service behaviour modified:
1. Shutdown and logoff for NAT32 Service fixed.
2. No splash screen for NAT32 Service.
3. No Quick dialog for NAT32 Service at startup.
Note that on 98 platforms, NAT32 assumes it is running as a service
if a NAT32 value is present in the RunServices key.
12.10.2002 BUILD 1033
Hex dump mode in trace window added.
Console mode network trace removed.
DHCPD no longer pings 0.0.0.0.
10.10.2002 BUILD 1032
Permanent Port Mappings can now be made interface-specific.
04.10.2002 BUILD 1031
Minor changes only.
28.09.2002 BUILD 1030
Command added: setis [1|2]
The setis command sets the algorithm for choosing which of several
Internet-connected interfaces should be used for an outgoing TCP
connection. The value 1 sets the algorithm to choose the interface
which had the least amount of traffic over the last second.
The value 2 sets the algorithm to round-robin. This is the default.
Additional algorithms will be added in future builds.
Port Mapping now uses Critical Sections rather than Semaphores for
mutual exclusion.
Color change code modified.
RTTIMER bug fixed: no longer turns on IP mapping when a DUN server
connects.
DNS bug fixed. DNS port number is now fixed at 53.
DNS detection ignore servers that don't support recursion.
Console Window redraw bug fixed for NT platforms.
Dial-Up Networking dialog box modified: Properties button added.
Interface Configuration dialog box modified: DUN Server modem
number added (9X platforms only). This allows a particular DUN
Server modem to be specified for each DUN Server interface.
RAS not required if no PPP connections selected.
07.08.2002 BUILD 1029
Dial and Hangup mechanism modified.
WinInet Commands: ** Work for ONE connection only **
dial ["connection name"]
Dials "connection name" or the default connection
hangup ["connection name"]
Hangs up the specified connection or default connection.
RAS Commands: ** Work for any number of connections **
rdial "connection name"
Dials the specified connection via RAS.
rhangup "connection name"
Hangs up the specified connection via RasHangUp.
Command "dun" lists details of all open connections.
The Toolbar Dial Icons refer only to the Windows Default
Connection. Use Config, Dial-Up Networking Settings, to dial or
hangup connections other than the Windows Default Connection, or
click the DUN list box entry in the Quick dialog.
03.08.2002 BUILD 1028
Console window now dimensions properly for non-default font sizes.
Fixed PASV FTP problem when multiple connections are up.
Modified the Gateway dialog box to display all default routes.
31.07.2002 BUILD 1027
Fixed TCP problem when multiple Internet connections are up.
31.07.2002 BUILD 1026
Interface Configuration now supports an "auto" interface speed.
If a speed is specified, it overrides the speed reported by
Windows. This was needed because Windows reports 10 Mbps for DSL
connections, even though the actual service is usually much
slower.
The Quick dialog now calculates the total number of bits received
each second on all Internet interfaces. It then displays that
value as a bar graph. Each bar represents 2, 4, 8, 16 ... bits.
29.07.2002 BUILD 1025
Splash screen now closed in thread: pmain
Registration check modified.
27.07.2002 BUILD 1024
Interface Selection dialog modified.
Interface Configuration dialog modified.
Speed variable added.
Active thread no longer displays anything on Status Bar.
Slowtime displays total received bits per second each second for
all Internet-connected interfaces.
26.07.2002 BUILD 1023
Admin Backup saved in registry.
Load balancing not done if a Source Route is specified on any
Internet-connected interface.
Mappings dialog box now shows all mappings.
25.07.2002 BUILD 1022
Load Balancing algorithm modified. Link speeds now included in
algorithm.
24.07.2002 BUILD 1021
Admin list box log added, backup to registry added.
23.07.2002 BUILD 1020
FTP bug fixed. Only passive mode was working.
19.07.2002 BUILD 1019
Connection Aggregation now works in unregistered mode.
19.07.2002 BUILD 1018
DNS mapping modified: src IP address of responses to mapped
queries set to the NAT32 private IP address of the interface.
08.07.2002 BUILD 1017
Minor changes only.
06.07.2002 BUILD 1016
Ndis3log command added. Usage: ndis3log [c|w]
No args: print contents of ndis3log buffer
Arg 'c': check log, copy output to buffer.
Arg 'w': check log, copy output to buffer, wait for further output
Ndis3log.exe fixed to not crash on 9X platforms.
Admin buf fixed: IP addresses saved incorrectly in Registry.
Admin display modified.
Admin now displays bytes received from Internet for a private
machine.
Admin default is now "enabled".
Slowtimer now adjusts sleep time for processing delays.
04.07.2002 BUILD 1015
Admin saves details to registry each minute.
Setproms command added. Silent version of setprom.
03.07.2002 BUILD 1014
Umap port range bug fixed.
Dots no longer printed for each ICMP source quench sent.
23.06.2002 BUILD 1013
Not released.
20.06.2002 BUILD 1012
Bandwidth Limiting modified.
Umap command now accepts a Destination Port Range as its third
argument.
Active thread now actually sends a UDP packet through Winsock to
prevent Windows disconnection because of inactivity.
11.06.2002 BUILD 1011
ICMP code modified.
10.06.2002 BUILD 1010
Any number of Internet Interfaces and default routes supported.
Registered version balances Internet traffic over all Internet
interfaces. The best interface is the one over which the least
number of bytes arrived during the last second.
Wintrace now run as a thread when started from NAT32 menu.
TDI command -R arg added. Writes Windows Routing Table to
TDI_Buffer.
Test command added. Prints the TDI_Buffer.
Command usr added. Automatically configures the Primary interface
for the 3Com U.S. Robotics Cable Modem VSP.
Command rtdump added. Dumps NAT32 Routing Table, pointers and all.
Bandwidth Limiting for administered hosts added (experimental).
All dialog boxes (except Service Settings) now run in their own
threads.
Packet timestamps added.
01.06.2002 BUILD 1009
Interface Selection dialog redone.
Interface Configuration dialog changed.
31.05.2002 BUILD 1008
Log files are now appended to rather than created each time NAT32
starts.
Connection open and close logged to PPP.LOG.
29.05.2002 BUILD 1007
Interface selection on the basis of packets received during last
second.
Checkmtu bug fixed.
Interface metric bug fixed.
25.05.2002 BUILD 1006
UDP bug fixed: UDP connections with checksum failed.
DNS mapping: change destination address and then process as a
normal UDP packet.
14.05.2002 BUILD 1005
TCP bug fixed: local TCP connections failed.
13.05.2002 BUILD 1004
Packets destined for private networks for which NAT32 has no
network-specific route are now discarded in IPPROC, unless the
default gateway is a private IP address.
A provisional pmap entry is deleted if ipputp sends the packet on
a non-mapped interface.
08.05.2002 BUILD 1003
DNS changes not logged to nat32.log
New NDIS3PKT.386
30.04.2002 BUILD 1002
Port map deletion is now interface specific.
Configuration bug fixed: only changing a Primary Interface number
prompts for a confirmation.
Route selection mechanism modified. The pmap table is searched
only once.
24.04.2002 BUILD 1000
This is the initial Build and was generated from Build 4060 of
NAT32P Version 1.4.
NAT32E differs from NAT32P in that ALL mapping options are now
interface-specific.
In addition, multiple default routes are supported, each of which
is distinguished via an optional Source Address and Metric.
A Source Address is an IP Address (or Network Address) which can
be used to influence a routing decision. For example, if two
default routes exist, one which specifies a Source Network Address
of 172.16.2.0, then only traffic from private machines on that
network will be sent to the Internet via that default route.
All traffic from other networks will be sent via the other default
route.
A Routing Metric can be specified so that traffic from any private
machine can be routed via different default routes. The first
default route has a Metric of 15, the second a Metric of 14 and so
on. To use this feature, configure the preferred default route as
the Primary Interface, the next default route as Primary Backup 1
and so on.
Note that the Autodial mechanism (at present) works only for the
Primary Interface, not for any Primary Backup Interfaces. To dial
a Primary Backup Connection, use the Windows Dial-Up Networking
user interface to dial (or hangup) the second connection.
For the benefit of email spammers:
postmaster@microsoft.com
Download Driver Pack
After your driver has been downloaded, follow these simple steps to install it.
Expand the archive file (if the download file is in zip or rar format).
If the expanded file has an .exe extension, double click it and follow the installation instructions.
Otherwise, open Device Manager by right-clicking the Start menu and selecting Device Manager.
Find the device and model you want to update in the device list.
Double-click on it to open the Properties dialog box.
From the Properties dialog box, select the Driver tab.
Click the Update Driver button, then follow the instructions.
Very important: You must reboot your system to ensure that any driver updates have taken effect.
For more help, visit our Driver Support section for step-by-step videos on how to install drivers for every file type.