Reference Manual

NAME

setht - Interact with the Host Transfer Mode mechanism

SYNOPSIS

setht [host_ifn | all] [off | private_ifn]
setht off
sethtb ...

Tip To view available interfaces, click this icon: NAT32 Interface Popup
To view the Windows Routing Table, click this icon: Windows Routing Table Popup

DESCRIPTION

In Host Transfer Mode, all Windows Internet traffic for the specified interface host_ifn is sent and received via a NAT32 private interface private_ifn.

When Host Transfer Mode is off, Windows sends and receives all Internet traffic via its current default route and does not interact with NAT32 in any way.

When Host Transfer Mode is on, the MSTCP stack on the specified host_ifn is completely isolated from the interface and no packets of any type can be sent or received. Even the OS itself cannot remove the block, and the only way that applications can communicate with other computers is via the private interface private_ifn. This greatly increases security and allows networking applications to aggregate traffic over multiple Internet connections.

It is strongly recommended that you run NAT32 in Host Transfer Mode at all times so that all unsolicited traffic from the Internet is blocked from the Windows TCP/IP stack. Note that this applies even in the presence of software firewalls, because malicious applications and the OS itself can manipulate such firewalls at will.

If you need to run NAT32 on a computer that has no private LAN adapter, the Microsoft Loopback Adapter must be installed (by running hdwwiz.exe) to provide the necessary private interface. You then configure NAT32 to use your Internet adapter(s) and the private Loopback adapter. Be sure to configure the adapter's TCP/IP settings under Windows as follows:

IP 192.168.32.1, Mask 255.255.255.0, No gateway, DNS 192.168.32.254

Command setht off turns off Host Transfer Mode for all Internet interface.

Argument host_ifn should always be the NAT32 interface number that matches the interface of a Windows default route. Argument private_ifn should be the NAT32 private interface number that Windows is to use for Internet traffic. The NAT32 environment variable s can be used to denote the current main private interface (secondary interface).

If argument host_ifn is specified as all, then the Host Transfer Mode is turned on for all Internet interfaces and all Internet traffic then passes through the NAT32 private interface as specified by argument private_ifn.

NOTES
No version of Windows to date handles multiple Internet connections in a sensible manner. At best, Windows will monitor traffic from the current default gateway and switch to another gateway if the original gateway is not responding. Traffic aggregation over multiple gateways is not supported.

NAT32's Host Transfer Mode works by deleting the Windows default route for the specified interface and then adding a default route pointing to NAT32's private IP address on the specified private interface. Thereafter, all Windows Internet traffic will be sent to NAT32's private IP address, and NAT32 will distribute that traffic over the available Internet connections in accordance with the selection algorithm specified with the setis command.

To view the current Windows Routing Table, click this icon: Windows Routing Table Popup

While it is permissable to turn on Host Transfer Mode for multiple Internet connections, it does not make sense to specify a different NAT32 private interface in each case, because doing so would again add multiple default routes to the Windows Routing Table.

The sethtb version of the command blocks all Internet interfaces and allows all others.

The Host Transfer Mode cannot be enabled if Windows IP Forwarding is on. This is because UDP packet cycles can occur in this case. The winrt command can be used to turn off Windows IP Forwarding.

For Dial-Up networking connections, Host Transfer Mode can be turned on by adding the following command to the end of the connect script file: 

setht $2 s

Similarly, when the connection is closed, adding the following command to the end of the disc file will turn off Host Transfer Mode: 

setht $2 off

For all other Internet connections, Host Transfer Mode can be turned on in file user.txt and off in file onExit.

Note that when the Host Transfer Mode is on and the MSTCP for an Internet interface is blocked, VPN connections can still be established normally. However, if the interface is not blocked, VPN connections cannot be established unless a host-specific route for the VPN Server is added to the Windows Routing Table. The gateway for that route should be a default gateway other than NAT32's private IP address. While NAT32 will add this route automatically the first time a connection is dialed, that connection attempt will fail and will need to be redialed. Subsequent connection attempts for the same VPN Server will proceed without delay. The added route is not removed when NAT32 exits, because the VPN connection may still be needed, but a Windows route delete command for the entry is written to file restore.bat.

A host-specific route to a VPN Server via the NAT32 Primary interface can be added to the Windows Routing Table with the following command: 

vpnroute server

The command can be used in script files to add the needed route a priori.

SEE ALSO
setis, winrt