Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Modify routing table with script? 1

Status
Not open for further replies.
pyropelle

pyropelle

IS-IT--Management
Joined
Jan 15, 2003
Messages
3
Location
SE
Hi, how do I write a script that modifies windows routing table? Also I need to retreive the systems IP adresses to create the new table entries. Can anyone help me with this?

I tried to use 'netsh' but din't get much out of it (is that just for servers or can a normal workstation use it?).

Thankful for reply
//Pelle
 
Sort by date Sort by votes
It is possible to manipulate the routing table with a batch file using the ROUTE command. netsh should also be able to do the job, but it is a real bear to figure out.

Having said that, your post doesn't really explain what you are trying to do. There may be other (better) ways to accomplish your task with some more information.
 
Upvote 0 Downvote
Ok, here's the hole story.
I have an Linux server running as a VPN server with windows 2000 clients connected to it. I want them to act as they were directly connected to each other creating a LAN over a larger geographic area.
The thing I don't want is that they send trafic NOT ment for the lan, sutch as trafic to other internet servers, thru the tunnel eating up bandwidth.
I thought that changes in the clients routing tables could fix this. I want a script to do this for me but I don't want to make one separate script for each client based on that systems IP configuration.
 
Upvote 0 Downvote
Not exactly sure what you are trying to do but if you want to know the ip addresses, default gateway, dns server etc. From a command prompt type ipconfig /all. This will give you all that information. If you want to connect all your computers then make a Workgroup and make them all members of it. The win 2000 machines shouldn't bother your VPN connection unless you have established a connection to them and even then you can make the connection for all computers or just yourself. Maybe a little more explanation would help on what it is exactly you are trying to accomplish.
 
Upvote 0 Downvote
Thought about this one for a while. Changing the routing tables with a simple batch file is pretty easy. The 'route' command can do everthing. Problem here is extracting the existing configuration, ip's, LAN connectons, existing gateways, etc. Those things aren't provided in variables that can be accesses in a command shell script.

I think what you are wanting to do could be done in Visual C++, or Visual Basic for that matter using API calls. Haven't entirely thought it through, but it will be on my mind for a while.

Having said that, I think the spirit of what you want to do can be carried out fairly easily. As long as the user doesn't check that stupid box on the network connection for the VPN that says 'use default route on remote gateway' or something like that, and they leave the box marked on their network connection for their ISP, you shouldn't see internet traffic across your VPN. Adding the route to allow access to the other VPN clients should not be to bad, something like 'ROUTE ADD 192.168.20.0 MASK 255.255.255.0 192.168.20.XXX', replacing the xxx with the VPN client ip. Seems to me that there is a way to execute that after the connection is made, but not sure about how to come up with the ip. I would probably assign a static ip from the VPN pool to each machine and make the route persistent (add -P to the end of the command) just to simplify things.

Once that is done, you still have the problem of keeping the internet traffic off of your VPN. I would setup an iptables firewall on the linux box, if you haven't already. When the VPN connection is created, a virtual interface is created on the linux box. You could setup a few rules for the firewall, basically any traffic coming from the ppp0 interface should be checked as follows:

Originating from addresses other than those assigned to your VPN -- drop
(that's a good idea anyway, if someone does manage to trick one of your clients into routing traffic back to your VPN server, it would make it a little harder for them to do real damage)

Destined for anything other than your VPN addresses (or your LAN, if you're allowing access there as well) -- reject
This would solve the problem of using your bandwidth for the most part. If a client does try to route internet traffice through you, the initial connection would be refused, probably even the DNS lookup unless it is cached locally. Shouldn't make too much traffic. Your users will complain, and you can walk them through enabling the default route on their main connection.

Destined for one of your VPN addresses -- forward

Again, not the perfect answer, but I'm still thinking on something better. Hope some of this makes sense, it is late here. If any of this is of interest and you need a better explaination, post back. I'll be watching.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Flinx
  • Locked
  • Question Question
backup fails with error code 0x81000019 and possible fix
Replies
5
Views
2K
Flinx
Flinx
Diane Sandstrom
  • Locked
  • Question Question
PDF with highlighting
Replies
2
Views
587
Diane Sandstrom
Diane Sandstrom
Flinx
  • Locked
  • Question Question
continuing issues with Windows 10 slow transfer to NAS
Replies
6
Views
1K
pmonett
pmonett
Shengfu
  • Locked
  • Question Question
PROBLEM WITH FILES IN FLASHDRIVE
Replies
3
Views
634
mikrom
mikrom
Edu_uy
  • Locked
  • Question Question
Inverted brightness keys on hp with windows10
Replies
3
Views
480
mikrom
mikrom

Part and Inventory Search

Sponsor

Back
Top