Reference Manual

NAME

sethtx - Interact with the Host Transfer Mode mechanism

SYNOPSIS

sethtx [ifn | all [on | off | block | allow]]

 

...

Tip To view available interfaces, click here: NAT32 Interface Popup
Tip To view the Windows Routing Table, click here: Windows Routing Table Popup

DESCRIPTION

In Host Transfer Mode, all Windows TCP/IP traffic on the NAT32 machine for the specified interface ifn passes through NAT32. This allows NAT32 to route traffic via one or more gateways in accordance with various interface and gateway selection algorithms. Note that WinPkFilter filters may be in place that allow certain MSTCP packets to bypass NAT32. This ensures that local traffic can always flow.

When Host Transfer Mode is set to block, outgoing Windows TCP/IP packets destined for the Internet are intercepted by NAT32 and discarded. Even the OS itself cannot remove or bypass the block, and all applications running on the machine no longer have Internet connectivity via that ifn. This greatly enhances security and it gives NAT32 full control over all IP routing. In addition, it allows legacy versions of Windows to run without Internet access.

The allow option removes the block.

When Host Transfer Mode is off, Windows sends and receives all TCP/IP traffic directly to/from the adapter and does not interact with NAT32 in any way.

It is strongly recommended that you run NAT32 in Host Transfer Mode at all times so that all unsolicited, unmapped traffic never reaches the Windows TCP/IP stack.

Note that this recommendation applies even in the presence of software firewalls, because elevated applications and the OS itself can manipulate such firewalls at will.

Argument ifn should always be a NAT32 interface number that matches the interface of a Windows default route.

If argument ifn is specified as all, then the desired Host Transfer Mode option is applied to all Internet interfaces.

If existing connections are to remain undisturbed, turn on Host Transfer Mode only after the needed winmap tcp and winmap udp commands have been issued.

The isolate command can be used to block all data transfer between multiple machines on a private network. Machines on an isolated network can communicate with the Internet, but they cannot communicate with each other.

NOTES
No version of Windows to date handles multiple Internet connections in a sensible manner. At best, Windows will monitor traffic from the current default gateway and switch to another gateway if the original gateway is not responding. Traffic aggregation over multiple gateways has never been supported.

NAT32's Host Transfer Mode works by intercepting Windows TCP/IP traffic and forwarding it via an interface or gateway chosen by an interface or gateway selection algorithm. The desired selection algorithm is specified with the setis and setgs commands.

The Host Transfer Mode should not be enabled if Windows IP Forwarding is on because UDP packet cycles can occur in this case. The winrt command can be used to turn off Windows IP Forwarding.

For Dial-Up Networking connections, Host Transfer Mode can be turned on by adding the following command to the end of the connect.txt script file:

sethtx $2 on

Similarly, when the connection is closed, adding the following command to the end of the disconnect.txt file will turn off Host Transfer Mode:

sethtx $2 off

For all other Internet connections, Host Transfer Mode can be turned on in file user.txt and off in file exit.txt.

SEE ALSO
isolate, setgs, setis, winrt