How to implement NAT use WFP? RRS feed

  • Question

  • Hi, all

    I development NAT on Win7, and from the forum, I can use WFP framwork.

    use FWPM_LAYER_IPFORWARD_V4 to forward intranet packets to internet

    use FWPM_LAYER_INBOUND_IPPACKET_V4 to forward internet packets to intranet

    I reference the WFPSamples, but I met some issues:

    I cannot receive the packet in IPFORWARD layer?

    Our test environment:

    one wireless card to connect internet, another wireless card(802.11/a) use for AP(gateway).



    Sunday, March 9, 2014 12:36 PM

All replies

  • FORWARD will only be invoked if the packet is not destined for the interface it was received on.  Additionally this means that forwarding must be enabled for TCP/IP.

     Value Name: IPEnableRouter
     Value type: REG_DWORD
     Value Data: 1

    If the packet is destined for an address of the receiving interface:

    • The packet goes to INBOUND_IPPACKET (local stack processes it). 

    If the packet is destined for an address reached via a different interface:

    • If IP Forwarding is not enabled:
      • The packet is discarded
    • If IP Forwarding is enabled
      • If the packet is destined for an address of an interface on local machine
        • If loose source mapping is not enabled  
          • The packet is discarded
        • If loose source mapping is enabled:  
          • The packet goes to IPFORWARD, and then to INBOUND_IPPACKET (local stack processes it)  
      • If the packet is destined for an address of a remote machine:
        • The packet goes to IPFORWARD

    Note that in order for any callouts to be invoked, the traffic must match the callout’s filter.

    Hope this helps,

    Dusty Harper [MSFT]
    Microsoft Corporation
    This posting is provided "AS IS", with NO warranties and confers NO rights

    Tuesday, March 18, 2014 9:23 PM