Home Page,
Help Page,
Support,
Download the HOSTS
and HELP files
![[Back]](https://www.nat32.com/v2/back.gif)
+----------------------------------------------------------------+
| NAT32 VERSION 2.2 BUILD 22362 16. February, 2024 |
+----------------------------------------------------------------+
| |
| NAT32 Version 2.2 IP Router for Windows 7, 8, 10 and 11. |
| |
| (C) 2024 NAT Software, Australia. |
| |
| Default Password: nat32v2 |
| |
+----------------------------------------------------------------+
NAT32 Version 2.2 is a Windows application that provides Internet
Connection Sharing and Routing, DHCP and DNS Services, Wireless
Access Point services and Connection Aggregation for multiple LAN,
WAN, WLAN, WWAN, VPN and Bluetooth connections.
NAT32 Version 2.2 is the only software of its kind that supports
selective, forced routing of Internet traffic via an OpenVPN
connection.
NAT32 Version 2.2 is the only software of its kind to support two
Internet gateways per network, with automatic fail-over should the
main Internet gateway fail.
NAT32 Version 2.2 runs on ALL current 32-bit and 64-bit platforms,
including most Server and Embedded editions and is ideally suited
for use as a supplementary router in home and office networks.
The software also runs on Windows in Safe Mode with Networking.
In fact, for Windows 10 and 11, that is the recommended mode if
Microsoft telemetry and forced reboots are to be avoided.
A flexible DNS Analyser protects all machines against undesirable
Internet content such as malware, tracking and advertising.
NAT32 Version 2.2 consists of approx. 300,000 lines of C code as
counted with LocMetrics.exe. The nat32.exe file is approximately
1.8 MB in size. It has no runtime dependencies other than the
standard C runtime available on all Windows platforms.
+----------------------------------------------------------------+
| |
| LICENCE |
| |
| NAT32 Version 2.2 is available as a free generic version |
| for home and educational use. The generic version is fully |
| functional and includes the needed device driver otherwise |
| obtainable from: |
| |
| https://www.ntkernel.com |
| |
| The driver has its own installer and appears in the System as |
| the NDISRD Service. |
| |
| Redistribution of NAT32 without prior written consent from the |
| NAT32 Author is STRICTLY FORBIDDEN. |
| |
+----------------------------------------------------------------+
+----------------------------------------------------------------+
| |
| SUPPORT |
| |
| NAT32 support is no longer available. |
| |
| BE SURE to download the help2.zip file from: |
| |
| https://www.nat32.com/download2/help2.zip |
| |
| and then unzip it into your NAT32v2 directory. |
| This file contains not only help files, but also |
| script files for many of NAT32's advanced features. |
| |
+----------------------------------------------------------------+
What's new in each release
--------------------------
February, 2024 ***** [CURRENT BUILD 22362] *****
***** [CURRENT DRIVER 3.2.32] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- DNS bug in handling of SOA Resource Record types fixed.
- IP Options are now handled transparently and no longer
stripped. This fixed various bugs, including IGMP bugs.
- All packets from an Adapter destined for the MSTCP now
have correct checksums.
- All packets from the MSTCP destined for an Adapter now
have correct checksums.
- Numerous minor bugs fixed.
November, 2023 ***** [CURRENT BUILD 22360] *****
***** [CURRENT DRIVER 3.2.32] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- Nethood and nhupdate modified.
- Nethood names and DHCP host names are unrelated.
- Function ipsend() was not handling multicasts properly.
- ARPPROC no longer sets a Nethood Hint.
- addWinHostName now replaces 0x80000000 TTLs with 36000.
- CRONTAB now updates hosts every 6th minute only.
September, 2023 ***** [CURRENT BUILD 22358] *****
***** [CURRENT DRIVER 3.2.32] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- IMPORTANT: If NDISWANIP adapters are to be used, e.g. for
VPNs such as IKEv2 that use RAS connections, BE SURE to
set the Startup Mode of the RAS Connection Manager (RasMan)
service to AUTO. Otherwise, no NDISWANIP adapters will be
found by NAT32 if it runs as a service or via an entry in
the Startup folder.
- Several bugfixes and improvements. See the help files
for details.
July, 2023 ***** [CURRENT BUILD 22357] *****
***** [CURRENT DRIVER 3.2.32] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- Small number of bugfixes and improvements. See the help files
for details.
June, 2023 ***** [CURRENT BUILD 22356] *****
***** [CURRENT DRIVER 3.2.32] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- Small number of bugfixes and improvements. See the help files
for details.
March, 2023 ***** [CURRENT BUILD 22354] *****
***** [CURRENT DRIVER 3.2.32] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- Browser is set to Brave, Edge or IE.
- Commands 'rcmd' and 'remote' updated.
- Service stop now works correctly.
- For further changes see the updated help files.
February, 2023 ***** [CURRENT BUILD 22352] *****
***** [CURRENT DRIVER 3.2.32] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- BUGFIX: UDP source port now randomized.
- BUGFIX: Default password is now no longer valid after a new
password has been set.
- BUGFIX: GPF in 'routes vpn' command fixed.
- Honeypot server now supports POST requests.
- For further changes see the updated help files.
December, 2022 ***** [CURRENT BUILD 22349] *****
***** [CURRENT DRIVER 3.2.32] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- BUGFIX: Drop-down menu items now work correctly after an
RDP session.
- For further changes see the updated help files.
September, 2022 ***** [CURRENT BUILD 22348] *****
***** [CURRENT DRIVER 3.2.32] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- See the updated help files
April, 2022 ***** [CURRENT BUILD 22346] *****
***** [CURRENT DRIVER 3.2.32] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- Honeypot SSL daemon deprecated.
- DNSRD now returns NXDOMAIN responses for blocked names.
- PiHole support added. Use the pihole command to specify
which hosts are to resolve names via the PiHole.
- TCP support modified.
- FritzBox scripts updated for FritzOS 7.29
- Packet scheduling modified. The new algorithm is fairer.
- Several minor bugs fixed.
October, 2021 ***** [CURRENT BUILD 22342] *****
***** [CURRENT DRIVER 3.2.31] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- CRONTAB modified to run 'tcpc all' instead of 'tcpa all'.
- Switch command can now be used to embed a browser in a window
that doesn't have one. Example: switch 0 web
- Command 'winmap tcp' modified to not add port mappings for
local connections.
- Command 'wintcp listen' bug fixed.
- Commands 'switch', 'webo' and 'webc' fixed.
- Netstat applet now has a Help button.
- Command 'ns' now defaults to use NS1 for lookups.
- Command 'netcheck' fixed.
- Function IPGETP() now works correctly for MSTCP traffic.
- Command 'kill' may not always kill a process on the first
attempt. The second attempt will succeed.
- Nhupdate now terminates reliably.
- New packet scheduling algorithm implemented. IPPROC, IP_IN
and IPGETP extensively modified. DEQ(q, ifn) implemented.
- IPPROC now runs at higher priority per default.
- GETBUF now clears allocated buffers.
- EZERO now clears the entire packet.
- Function udpsend() modified.
- All netin threads set the netin_event when no buffers left.
September, 2021 ***** [CURRENT BUILD 22340] *****
***** [CURRENT DRIVER 3.2.28] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- Errors in tcpbind() fixed.
- Netstart no longer starts udpecho and tcpecho when any
PPP adapters are configured.
- RDP probes now work again.
- OpenVPN gateway check modified.
- IPPROC modified to NOT bypass routing of special traffic.
- Dialer.htm modified to include a Status button.
- IPPUTP modified to correctly handle mapped GRE packets.
- HTTPW modified to not modify URLs with cmdfixupx().
- Trace display improved.
- Command checki p.x now defaults to a TTL of 6. Note that
the command uses ICMP, and so some routers may not send
time-exceeded replies.
- Function tcpa may free memory allocated within another
process. This is not an error, although it does gnerate
debug output.
- Semaphore delete bug fixed.
- New variable 'checkttl' added for checki command. Used to
specify the number of hops for ICMP probes.
August, 2021 ***** [CURRENT BUILD 22340] *****
***** [CURRENT DRIVER 3.2.28] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- OpenVPN first-time connection issue fixed in regmon.c
- Problem with PTR queries fixed in dns_utils.c.
- Command setp modified.
- Modified switch.tcl to use new setp calling syntax.
- Command setgs modified.
- HOSTD and x_nethood extensively modified.
- Rttimer modified to clear openvpn_ref on disconnect.
- FritzBox scripts modified for FritzOS 7.27
- HOSTD local queries are now answered correctly.
- RASIN thread now sets an exit function.
- RAS support for Windows 10 updated.
- RAS issues fixed: dial, hangup and VPN routes.
July, 2021 ***** [CURRENT BUILD 22338] *****
***** [CURRENT DRIVER 3.2.28] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- New global variables added so that filters no longer require
hardcoded IP addresses and masks.
- Command 'ip ifn' modified to update the above globals.
- Command setf modified to allow partially specified filters.
Such filters now default to 'block'.
- DNS Resolver PTR queries now return accurate names.
The name 'nat32.dns' is only returned for ni_ip queries.
- Command 'isolate' has new syntax described in isolate.htm
- pnetin isolation code modified.
- ip_in isolation code modified.
- New mac.ini file
- File kodak.txt modified to include DNS setting commands.
- Help page for setnss command updated.
- TCPC functions and command modified.
- Honeypot_ssl connection close modified.
- New command: tcpa dev | all
Deallocates the TCB for abandoned connections.
- whname2ip now only returns local IP addresses, not remotes.
- DHCPD modified to work with ESP32 devices.
- HOSTD now ignores ISATAP containers.
- Updating the Hosts list now executes faster.
- mDNS and LLMNR support improved.
- IPPROC now starts correctly on Restart.
- ARP Q problems corrected.
- TCP device Q problems corrected.
- Regmon.c modified.
June, 2021 ***** [CURRENT BUILD 22335] *****
***** [CURRENT DRIVER 3.2.28] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- configuration code modified.
- Code to detect configuration changes modified.
- TCPC functions and command modified.
- Honeypot_ssl connection close modified.
- New command: tcpa dev | all
Deallocates the TCB for abandoned connections.
- whname2ip now only returns local IP addresses, not remotes.
- DHCPD modified to work with ESP32 devices.
- HOSTD now ignores ISATAP containers.
- Updating the Hosts list now executes faster.
- mDNS and LLMNR support improved.
- IPPROC now starts correctly on Restart.
- ARP Q problems corrected.
- TCP device Q problems corrected.
- Regmon.c modified.
May, 2021 ***** [CURRENT BUILD 22333] *****
***** [CURRENT DRIVER 3.2.28] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- Subnet masks now used throughout.
- Shutdown code for all threads modified.
- TCP code modified.
- HONEYPOT code modified
- DGREAD code fixed.
- Missing file hp.asp added.
- Working directory issue fixed.
- Packets to private IP addresses are now again forwarded to
Internet gateways.
- Packets to private IP addresses are now again transmitted
correctly.
- Release versions of rcmd.exe and remote.exe included.
- DNS resolution modified.
- KODAK.TXT modified.
- DHCPD.INI modified.
- Command file monitor.ini added.
Invoke remotely as: sh monitor.ini
- New command: tcpa dev | all
Aborts client device connections unconditionally.
- HOSTD ignores ISATAP info.
- Name lookup from private machines now also resolves names on
Internet-connected interfaces.
- Netin processes now pass all unmapped UDP broadcasts to the MSTCP.
March, 2021 ***** [CURRENT BUILD 22326] *****
***** [CURRENT DRIVER 3.2.28] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- DHCPD problem for network masks less than 255.255.252.0
fixed. For any network, the maximum number of assignable
addresses is now always less than 1024.
- X_DHCPD ni_mask issue fixed.
- Diagnostics code modified.
- TCL exec command modified.
- Flow control mechanisms modified and documented in flow.htm
- Performance improvements
February, 2021 ***** [CURRENT BUILD 22324] *****
***** [CURRENT DRIVER 3.2.28] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- Exit function modified to restore Console windows before
termination.
- DNS resolution problem fixed.
- IPPROC error when routing TCP flows fixed.
- Various other minor bugs fixed.
- Driver files updated.
- Files fb.js and fr.js removed to prevent Windows Defender
reporting nat32v2.zip as a virus
- DNS_UTILS no longer returns IP4 answers for IP6 questions.
January, 2021 ***** [CURRENT BUILD 22323] *****
***** [CURRENT DRIVER 3.2.26] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- IP_IN now again queues packets in the order of arrival.
- BUGFIX: setgs command corrected.
- ARP isolation feature removed as it was not effective.
- Several virtual WiFi modifcations made.
- BUGFIX: dhcpd command wasn't setting "limit" correctly.
- Functions SetAdapterFeature and GetAdapterFeature modified.
- BUGFIX: functions ipgetp and ipputp now honour ni_ipmap and
ni_pmap settings correctly.
- New command: isolate. See isolate.htm for details.
- New command: allow. See pmap.htm for details.
- New command: white. See dnsrd.htm for details.
- Filters in startup.txt now pass private port 445 traffic
to NAT32 rather than to the MSTCP. This is required to
ensure isolation.
- The SoftAP currently does not stop if one or more clients
are connected. Perhaps the softap command should force
disconnection?
- BUGFIX: Several changes made to wnet and hosts commands.
- BUGFIX: Several thread exit issues fixed.
- BUGFIX: function name2ip() now tries 2nd name server if
the first name server fails to resolve a name.
November, 2020 ***** [CURRENT BUILD 22322] *****
***** [CURRENT DRIVER 3.2.25] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- BUGFIX: pipclose must signal dsem so that the reader always
closes.
- Fast timer is now the default.
- New commands: setth and setlow. See setth.htm for details.
- New web pages and transparent images.
- IP_IN now queues packets according to length. Short packets
get priority. Three levels (128, 512, 1024).
- Commands 'route' and 'routes' now support both gateways on
an interface (main and alt);
- Commands 'checkhr' and 'checksr' added. They check for the
existence of a host route or a source route for a given IP
address, interface and gateway.
October, 2020 ***** [CURRENT BUILD 22320] *****
***** [CURRENT DRIVER 3.2.25] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- New distribution with updated driver files.
- Commands setnsn, setgwn and setgs modified. Usage of router1
and router2 modified; routes deleted and added as needed.
- BUGFIX: default name servers were not being set.
- BUGFIX: checkn command now uses the gateway to do a name
check if a PiHole is in use. This is because the
PiHole may switch name servers or return cached
information.
- BUGFIX: Function PiHole(op) in file nat32s.js now checks for
the PiHole IP address.
- The GATEWAY daemon for the Primary interface is now started
in NETSTART, even if a second primary gateway has not (yet)
been specified.
- Command 'nethood' updated.
- Command 'arping' updated.
- User admin feature updated.
- Inetin() and pnetin() modified. Sleep times are recorded and
can be viewed with commands 'nic' and 'ifn'.
- Help pages updated.
- Paypal button added for purchasing email support.
September, 2020 ***** [CURRENT BUILD 22319] *****
***** [CURRENT DRIVER 3.2.25] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- netin functions now call FlushAdapterPacketQueue when buffer
count is less than 10. Function sleep is no longer called.
- New command bpdump added.
- Major changes to message passing mechanism: seperate functions
for sending an int and a buffer. The buffer is always freed.
- ARPD modified.
- BUGFIX: Pipe device modified so that when the reader exits,
the writer terminates correctly.
- BUGFIX: Several upnpc bugs fixed.
- PiHole support added. See set command and nat32s.js.
- Autoconfig 'l' parameter doesn't add a default route
but 'L' does.
- Autoconfig should typicall be 'aDLw' or similar.
- Autoconfig 'aD' will present the Configuration dialog box that
can be dismissed with ESC (or Exit) if NAT32 has already been
configured.
- NXDOMAIN response behaviour can now be turned on via the
setns e5 or e7 (bit 2) command.
- Note that NXDOMAIN responses are not handled correctly by
some web browsers. The PiHole also has an option for this
but the 0.0.0.0 response for blocked names seems best
- Major changes to ifn_ini: Windows values now no longer have
priority.
- Major changes to x_openvpn so that connections can used either
gateway 1 or gateway 2.
- BUGFIX: Either gateway can now be 0.0.0.0.
- Variables router 1 and router 2 are now independent of Windows
gateway settings.
- BUGFIX: DNS resolution for machines on private networks now
works again.
- New command: sha256x $phpwd 2 will generate the needed auth
string in $phauth so that PiHole commands can be executed.
- Note that there is currently no known way of changing the
upstream DNS server that PiHole uses. We may want to do this
when an alternate Internet gateway is being used. Presently,
we depend on the PiHole detecting a dead DNS address and
switching to the alternate DNS address automatically.
- The sockio library now times out TCP connection requests if
they do not succeed within 2 seconds.
- BUGFIX: Filter mechanism structure packing added.
July, 2020 ***** [CURRENT BUILD 22317] *****
***** [CURRENT DRIVER 3.2.24] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- Interface configuration dialog box modified to allow specific
gateway and DNS server addresses to be added.
- Interface configuration dialog box now adjusts routes if
gateways are modified.
- DNS counters have been modified to increase accuracy.
- DNS reverse lookups (ip2name) now function correctly.
- UPNP client commands now accept IP or name argument.
- Experimental: INETIN, RTADD and NETWRITEA modified to forward
169.254.x.x traffic.
- NAT32 no longer hangs on exit when a network adapter is
disabled or removed.
- Support for 169.254.0.0 reachability added.
- Route add command added to startup.txt:
route add 169.254.0.0 255.255.0.0 0.0.0.0
- ICMP reachability issues corrected.
- Several web pages modified.
June, 2020 ***** [CURRENT BUILD 22316] *****
***** [CURRENT DRIVER 3.2.24] *****
***** [New HELP2.ZIP file] *****
***** [Always restart NAT32 after updating help files] *****
The following changes have been made:
- VLAN support added (experimental). Traffic with a VLAN ID is
handled by NAT32. All non-matching traffic is forwarded
transparently. Command 'vlan [ifn [ID]]' is used to specify
the ID. The default VLAN ID is 0. A future version of the
WinPkFilter driver will support filtering by VLAN ID.
- Multicast DNS (mDNS and LLMNR) support improved.
- Nethood support improved.
- Bug in HTTPW fixed.
- Bug in DHCPD fixed. Networks with masks shorter than
255.255.255.0 are now handled correctly.
- Netcheck now validates connection IP and Mask for all
interfaces. The value (IP & Mask) must be unique for all
interfaces. Note that & denotes the bit-wise AND operation.
- File diag.txt modified.
- ICMP code modified to support ICMP 3 3 correctly.
- Detection of QUIC traffic added.
- An experimental QUIC daemon (udpquic) has been added.
It responds to QUIC traffic that has been redirected to the
honeypot.
- The winquic.sys device driver is being examined on Windows 10
platforms.
- Port mapping now checks the nexthop address of a packet.
This will disable the QUIC connection migration 'feature'.
That feature undermines the use of VPN connections to increase
anonymity.
- OpenVPN now adds a filter to allow UDP Port 443 traffic to
an OpenVPN server. The filter does not conflict with a filter
added to block the QUIC UDP Port 443 traffic. The filter is
deleted on disconnect.
- Environment variable "nat32.local" added. It holds the actual
string to be used for the .local name to be used in name
resolution.
- Command 'js dev [func [arg]]' enhanced. It allows scripts in the
top window of the web page displayed in 'dev' to be executed.
Script output is written to STDOUT. An argument to the script is
now optional.
- Command 'jsf' now requires a flag argument. See js.htm for usage.
- BHO support removed.
- Exec command supports a "browser" alias. It is similar to the
"ie" alias but uses MSEdge instead of Internet Explorer.
- Note that IE11 is still the embedded browser because a release
version of the Edge browser object (WebView2) is still not
available. NAT32 can be started with argument 'b' if no web
browser is to be embedded.
- Device driver files updated to Version 3.2.24.2. NDISAPI library
rebuilt. Install and delete now works correctly.
- Auto-config code modified. Option "aD" will use an existing
configuration if the Welcome Dialog is cancelled and the driver
is already running.
- No password is required if NAT32 is running in Admin mode.
- The gateway daemon (GWD) modified to work correctly if no alternate
gateway is available.
- Command "checki" modified to work correctly if no alternate
gateway is available.
- File diag.txt modified.
- Name resolution modified (see name2ip.c).
- Filtering code modified (see setf.c).
- OpenVPN code modified (see x_openvpn,c).
- Netcheck code modified (see x_netcheck.c).
- Interface selection code modified (see x_setis.c).
- Route timer code modified (see rttimer.c).
- Calls to name2ip corrected in various shellx commands.
- New change.txt file.
- HTTPGET now supports chunked transfers
- Bug in function uncompress() fixed
May, 2020 ***** [CURRENT BUILD 22314] *****
***** [CURRENT DRIVER 3.2.24] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- Various minor bug-fixes and improvements.
- Gateway Monitor Daemon regularly checks status of gateways
on the Primary Internet interface.
- Routing-only mode updated to support multiple gateways.
- DNS server settings detection made more robust.
- Several new shell commands added. See the updated help
pages for details.
April, 2020 ***** [CURRENT BUILD 22313] *****
***** [CURRENT DRIVER 3.2.20] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- Various minor bug-fixes and improvements.
- Several help pages updated.
March, 2020 ***** [CURRENT BUILD 22312] *****
***** [CURRENT DRIVER 3.2.20] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- New applet: netstat.exe [ip | name]
Full details are in backupg.htm.
- Routing issue fixed in IPPROC Line #1100. Hosts on other
private networks are now again reachable.
- The UDPECHO service has been extended to support backup
gateway failover.
February, 2020 ***** [CURRENT BUILD 22310] *****
***** [CURRENT DRIVER 3.2.20] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- Trace functionality enhanced.
- DNS queries for type ANY now supported.
- Alternate gateway support enhanced.
- DNS resolution mechanisms enhanced.
- DNS Test feature enhanced.
- File startup.txt now calls 'setuc' to set a default
UPnP interface.
- File startup.txt now calls 'mdnsx p on' so that LLMNR name
requests are answered.
- Command 'checkx ifn.gwn' now returns the external IP address
of the specified gateway.
- Fo clients with no source route, NSERVER is used to resolve
names. This has the side-effect that when an OpenVPN connection
is in place, name resolution will always be via the DNS server
of the OpenVPN connection. To modify this behaviour, simply
set NSERVER to the desired address via the 'setns ip' command.
- IFNx.INI file format changed. Reconfigure NAT32 to generate
new ifn.ini files.
January, 2020 ***** [CURRENT BUILD 22309] *****
***** [CURRENT DRIVER 3.2.20] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- UPNP Client code enhanced.
- Problem with vsnprintf in release builds fixed.
- Unix time problem fixed in trace and admin commands.
- Various FritzBox scripts updated.
- Embedded browser defaults to loading local pages only.
December, 2019 ***** [CURRENT BUILD 22308] *****
***** [CURRENT DRIVER 3.2.20] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- NAT32 icon in system tray now changes colour if a DUN
connection is up or down, even if the connection is not ours.
- File crontab edited to not run the hosts commands in the
background.
- TCP port 3389 (RDP) filters modified in startup.txt.
- Packets to private IP addresses are no longer forwarded to
Internet gateways.
- IPPROC modified to call the new rtgeti() function that always
matches source addresses, even the 0.0.0.0 ones.
- Various DHCPD helper functions modified so that no GPF occurs
if the the DHCPD never ran.
- Reinstated the non-shared private IP address feature.
- Command setgw1 p forces ALL traffic to use gateway 1 (main).
Command setgw2 p forces ALL traffic to use gateway 2 (aux).
- Default search provider changed to StartPage.com.
November, 2019 ***** [CURRENT BUILD 22307] *****
***** [CURRENT DRIVER 3.2.20] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- OpenVPN support modified to allow a connection to a given
server even if another machine already has such a connection.
- Names defined in DHCPD.INI now stick.
- Command ns now resolves DHCP-assigned names.
- Commands arpadd and arpdel now resolve DHCP-assigned names.
- Command setf enhanced. See setf.htm for details.
- WARNING: The MS-LLTD protocol fails when NAT32 is running.
The reason for this is unknown.
- The 'active' thread now no longer spins.
- NAT32 exit issues fixed.
- CRON issues fixed.
- New variables added. See set.htm for details.
- INT64 now used for gateway counters.
- Command gwstat now accepts an ifn.gwn argument and clearing
of counters.
- Route added for IP address 127.0.0.x mask 255.0.0.0
- Command 'xevent pid' added. It can be used to force a thread
to terminate by setting its exit event (if one exists).
- Command "if" is now a builtin. This fixed exit and break
issues.
- Command "route alt" fixed for the case that no alternate
gateway exists.
- Command "dunupd" added. It causes connect.txt to be executed
for DUN connections that are in place on startup.
September, 2019 ***** [CURRENT BUILD 22306] *****
***** [CURRENT DRIVER 3.2.20] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- Several routing modifications made to allow the following:
- Any machine can request the use of an alternate Internet
gateway. This includes the MSTCP of the NAT32 machine
itself. See route.htm for details.
- OpenVPN connections can now also be established over an
alternate Internet gateway.
- Several bugs fixed that caused some HTM pages to malfunction.
BE SURE to download and unzip the new help2.zip file.
- TCL parser modified to strip lines starting with # within
braces (parse.c line #466).
- OpenVPN setup simplified. See openvpn.htm for details.
- Var no_sleep modified to not prevent monitors from being
turned off.
- Function sbcprintf modified to print in both Console and
Web window modes.
- TCP Keepalive code modified.
- IPPROC source routing code modified.
- MSTCP routing table changes are now monitored.
August, 2019 ***** [CURRENT BUILD 22304] *****
***** [CURRENT DRIVER 3.2.20] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- The arpingn command now resolves IPs to names.
- Special names like nat32.box now resolve even if no name
server is reachable.
- File nat32js modified to include an IP address that can
be used instead of nat32.box in configurations that do
not have a name server on any NAT32 interface.
- File change.txt modified to add/delete the default route
on the Primary interface.
- Skype Tool support deprecated.
- A few minor bugs fixed.
July, 2019 ***** [CURRENT BUILD 22302] *****
***** [CURRENT DRIVER 3.2.20] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- The WinPkFilter driver now supports NdisMobileIP adapters.
- NAT32 can now share Mobile IP connections.
See Mobile_IP.txt for more information.
- A few minor bugs fixed.
June, 2019 ***** [CURRENT BUILD 22301] *****
***** [CURRENT DRIVER 3.2.18] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- BUGFIX: The NAT32 service failed to start if file nat32.pid
existed. File nat32.pid (and others) are now always
deleted on Windows shutdown and restart.
- New command: route alt [ip | name] [delete]
Adds a default source route for the specified IP or Name.
Option 'delete' deletes such a route.
The command fails if no alternate gateway is available on
the network of the specified IP or Name.
DNS requests from the specified machine are redirected to
the adapter's second name server.
For test purposes, a new command: setnhf ifn [ip | name]
has been added. It will block all access to the specified
IP or Name via the specified ifn.
- BUGFIX: Command setf was printing an uninitialised field.
Command setf now checks args[2] (add or delete).
May, 2019 ***** [CURRENT BUILD 22298] *****
***** [CURRENT DRIVER 3.2.18] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- IMPORTANT: Reconfiguration is required because the ifnx.ini
file format has changed.
- NEW FEATURE: A backup (fallback) interface can now be
specified. A fallback daemon can be run as: 'startd fallback".
It monitors the Primary Internet connection and switches
between it and the backup Internet connection to ensure
continuous Internet connectivity.
- NEW FEATURE: A backup (fallback) gateway can now be specified
for an Internet-connected interface. A fallback daemon can be
run as: 'startd fallback p.x", where 'p' is the Primary
interface and 'x' stands for the gateway number (0, 1 or 2)
that is to be used for fallback. The fallback daemon monitors
the Primary Internet gateway and switches between it and the
backup Internet gateway to ensure continuous connectivity.
This feature has been tested with a Raspberry Pi running the
ROOter version of OpenWRT. The ROOter supports just about
every conceivable Mobile Internet device and gives Internet
connectivity whenever the fallback daemon switches the
primary gateway to the IP address of the Raspberry Pi.
- Support for .local names added. This was needed because
some web browsers have started warning users if an HTTP
URL is used rather than HTTPS. For local traffic in trusted
environments, this "feature" can be bypassed by using URLs
like http://192.168.178.1/ or http://nat32.local/ or even
just http://nat32/
- Support for mDNS and LLMNR modified. See the relevant Help
pages for details.
- Pipe problem fixed.
- Exec commands modified, particularly the execdk and shortcut
variants.
- NAT32 can now switch to a second desktop. This feature could
be useful for hiding NAT32 windows from the regular user of
the computer.
Example: desk aux # Switches to auxiliary desktop
desk main # Switches to main desktop
Note: On the aux desktop, Ctrl-Alt-E switches back to main.
- NAT32 DHCPD modified:
New range command
New max command
See dhcpd.htm for details.
- New command: host add | del ip | wname
This command allows a host (specified by its IP or its Windows
name) to be added to or deleted from the Windows Host Table.
February, 2019 ***** [CURRENT BUILD 22296] *****
***** [CURRENT DRIVER 3.2.16.1] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- MAJOR: inetin and pnetin sleep for 10 msec when the buffer
pool nears exhaustion. This modification improves throughput
dramatically for heavy loads e.g. during speed testing.
- BUGFIX: arpin_q problem.
- Several ARP debugging commands and GPQ commands modified.
- Several pipe modifications made.
- Shell TCL command now handles unbalanced quotes correctly.
- BUGFIX: pipes now close correctly.
- BUGFIX: nested TCL exec commands now work correctly.
- New shell command: m3u url
Downloads an m3u URL and extracts the first link.
See the web radio applet (swrx.htm) for an example.
- A "Run" menu item now executes the script file specified in
the 'script' environment variable. Results are displayed in
a popup window.
- DHCPD commands that change parameter table values now also
transfer those values to the interface table.
NOTE that dhcpd.ini is executed after DHCPD initialisation
has been done.
January, 2019 ***** [CURRENT BUILD 22294] *****
***** [CURRENT DRIVER 3.2.16.1] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- Tcl grep script corrected
- Several editor bugs corrected.
-
- File fr.js modified to use the IP address of fritz.repeater
- BUGFIX: SoftAP app now handles rcmd commands correctly.
- Startup.txt modified so that httpd confirmation is off per
default.
- Command 'route add' now modifies the gateway when a route is
added that matches an existing route.
- NDISAPI library updated for the 3.2.16.1 driver.
- New command: pcheck.tcl password
Checks the password against the HIBP database.
- BUGFIX: Web interface is at 'localhost' when in Winsock Mode.
- BUGFIX: A crash on exit no longer occurs.
- BUGFIX: Redirection in the shell was sometimes failing
because the original device was being closed before the new
device was set. This caused nested Tcl exec commands to
fail. An additional fix now closes all redirected devices
except pipes.
- Skype Tool rings FritzBox phone on incoming calls.
- Find box in Web View now works correctly.
- BUGFIX: Function isVPN() in data.js corrected.
- BUGFIX: Command 'setmem' now works correctly.
- Command 'route vpn IP|name' added. The specified host
will then communicate via a VPN connection only. If the VPN
connection goes down, such hosts will have local access only
until the VPN connection is reestablished.
- A DNS resolution problem solved by attaching .local to
an SMB name.
- Command 'dhcpd' now allows a host-specific gateway address
and host-specific DNS server address to be specified.
Previously, these values could only be specified per
interface, not per host. Of cours, the specified host must
renew its lease for the new settings to take effect.
- The Interface Selection dialog box now works correctly.
- Command 'dhcpd ifn ip ...' now allows just the host portion
of an IP address to be specified (for convenience).
- Port Mapping Table and Routing Table sizes now default to
4096 (the maximum). Commands 'set pmsize' and 'set rtsize'
can be used to limit the table sizes for better performance
on 'slow' systems.
December, 2018 ***** [CURRENT BUILD 22292] *****
***** [CURRENT DRIVER 3.2.16] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- TCP device bug fixes.
- Stealth mode behaviour modified.
- Honeypot SSL/TLS support updated.
- Tcl memory usage modified.
- IP fragmentation support modified.
- Pipe device modified.
- Softap code modified.
- TCP keepalive support modified.
- Port mappings for WPF filtered ports no longer added.
- New variable 'uk2mstcp' added. Command ukmap mstcp | nat32
now allows unknown incoming traffic to default to MSTCP
or NAT32. In the latter case, specific uk mappings must be
specified.
- Bug in icunmap() fixed.
October, 2018 ***** [CURRENT BUILD 22290] *****
***** [CURRENT DRIVER 3.2.16] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- An SNMP Get command has been added. It can be used to fetch
VDSL2 speeds from an SNMP agent as follows:
snmpget 10.97.1.1.2.1.9.1 # Max downstream [kbps]
snmpget 10.97.1.1.2.1.9.2 # Max upstream [kbps]
snmpget 10.97.1.1.2.1.10.1 # Current downstream [kbps]
snmpget 10.97.1.1.2.1.10.2 # Current upstream [kbps]
- NAT32 now exits promptly.
- Command 'panic' immediately terminates the NAT32 process.
September, 2018 ***** [CURRENT BUILD 22290] *****
***** [CURRENT DRIVER 3.2.16] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- Calls to TerminateThread now generate a pprintf warning.
- Hosts command no longer blocks during enumeration.
- Function addWinHostName is now always interface-aware.
- Nethood functionality now checks for MAC changes for a
given name. Name changes for a given MAC were already
being checked.
- Nethood add command fixed.
- Nethood clear command fixed.
- The pages details.htm and cpanel.htm now allow a target IP
or Name to be specified. All operations are then performed
for the target machine.
Note: use this feature with care!
- Various minor problems in Winsock Mode fixed.
- Restart now works reliably.
- Many web pages updated.
August, 2018 ***** [CURRENT BUILD 22288] *****
***** [CURRENT DRIVER 3.2.16] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- All 6 Tcl file mode options now work correctly.
- A 'camera' variable added. This allows a connected IP
camera to be displayed when web page 'default.htm' is
viewed. The program 'cam2web' is recommended as camera
streamer.
- FritzBox and FritzRepeater support updated.
- Predictive ARP feature added for Winsock access.
- All script?.htm files updated.
- Commands 'pmapt' and 'pmapu' modified to allow an IP source
address to be specified.
- Port-mapped TCP connections are now reset if both SYN flags
are 0.
- Command 'arpadd' marks added entries as 'permanent'.
A gratuitous ARP is broadcast for the added entry.
- Entries in dhcpd.ini now have permanent ARP entries.
- Command 'dev' now accepts a device number, dev class or
device name argument.
- Command 'dev classes' prints the list of class names.
- Network domain now defaults to 'local';
- The DHCPD will now dprint names of unsupported options.
- Global variables are injected into 'data.js' by the HTTP
and Honeypot servers.
- Command 'wintcp' now supports 'state' and 'port' args.
- Several Homekit variables added. See 'set' command for
a listing of all variables. These are used when the NAT32
machine is also running a Homebridge server.
- Problem with the WinPkFilter wpff command fixed. On 64-bit
systems, the handle field was incorrect for filters that
were to apply to all interfaces.
- Commands 'ns' and 'wns' now handle the 'fbnet' variable
correctly.
June, 2018 ***** [CURRENT BUILD 22286] *****
***** [CURRENT DRIVER 3.2.16] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- JSON support added.
- Pipe device updated.
- FritzBox and FritzRepeater support enhanced.
- Support for a Raspberry Pi HOSTAPD and display device added.
- Homekit support added.
- Resume from sleep behaviour improved.
April, 2018 ***** [CURRENT BUILD 22285] *****
***** [CURRENT DRIVER 3.2.8] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- Selective Sharing of OpenVPN connections implemented.
Details are in openvpn.htm and the relevant command
help pages.
- DHCPD modified: Some systems expect Option 54 to be present
in a DHCP Ack, even though the DHCP Request did not ask
for it. The Option 54 is now always returned in the Ack.
March, 2018 ***** [CURRENT BUILD 22284] *****
***** [CURRENT DRIVER 3.2.8] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- Help Pages updated.
- A new HTTPD access mode has been added. Clients can only
communicate with the HTTPD if their IP address appears in
the Network Neighbourhood Table.
- HTTPD never responds to localhost traffic (127.0.0.1)
- HTTPD requires user confirmation for traffic from external
clients.
- Various DHCPD issues fixed.
- Password checking now controls access to the Console window
and Quick dialog only.
- AVM support has been updated for FB 7590 and FR 1750E.
- UPNP client now shows router stats: upnpc -g
January, 2018 ***** [CURRENT BUILD 22282] *****
***** [CURRENT DRIVER 3.2.8] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- DNS Resolver Daemon (DNSRD) problems fixed.
- Admin feature enhanced. (See help page for details)
- Monitor window problems fixed.
- Function arpadd() now checks protocol addresses for
validity.
- This command now works: start http://.........
- Ping command now supports microsecond resolution.
- The trace window now uses the full screen width.
- Admin command now adds an IP only if ni_admin is true.
- Buffer pool names are now listed.
- Netin threads now sleep if bpool count is low.
- Help now also supports .html files.
- DHCPD now also checks the nethood table.
December, 2017 ***** [CURRENT BUILD 22281] *****
***** [CURRENT DRIVER 3.2.8] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- Network neighborhood support enhanced.
- Nethood command now displays the Network Neighborhood for
ALL interfaces (does NOT require SMBv1 support).
- Nethood update command now displays MSTSC or RDP capability
for all discovered machines.
- Password checking enhanced.
- OpenVPN support now works in User Mode.
- Numerous web pages updated.
- Captive Portal support added.
- Skype support updated.
- DHCPD bug fixed (Code54 was being appended twice in ACK)
May, 2017 ***** [CURRENT BUILD 22276] *****
***** [CURRENT DRIVER 3.2.7] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- SMB support enhanced. The HOSTD is now started and forwards
all traffic transparently, except for NetBios Name Queries,
which it answers.
- CRONTAB modified.
- STARTUP.TXT modified.
- WINDOWS 10 interface configuration modified to show all
adapters correctly.
- Several TCL bugs fixed.
- SNMP support improved
- WUPNPD updated. Device home page is now cpanel.htm.
- New command: ssdp notify
- An OpenVPN-related bug corrected. This was causing NAT32 to
hang in cases where no TAP Adapter was available.
- New command: setwns [ips]
Sets the Name server for the current "best" Windows interface.
NOTE: This command requires privilege.
April, 2017 ***** [CURRENT BUILD 22274] *****
***** [CURRENT DRIVER 3.2.7] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- All SNMP commands corrected (snmp, wsnmp, tcl snmp).
- Tcl code now uses C malloc/free instead of xmalloc/xfree.
- Find box in nav.htm now does a case-insensitive search in
all NAT32v2/htm/*.htm files.
- Command pdump usage message bug fixed.
- Command 'find' modified to search settings variables.
- Command 'webcmd' modified to use correct browser window.
- Problem with GetAdaptersW fixed.
- name2ip now resolves nat32.box correctly in WinSock mode.
- x_set now honours -s correctly.
- xmalloc use revised.
- HTTPD can now use other directories (see htdir setting).
- iPhone tethering now supported.
- Monitor 'find' command improved.
- WinPkFilter now restores filters correctly for all interfaces
on resume from sleep.
- RegMon and DevMon code modified.
- Email now sent if any log file limit is reached.
- Several web pages modified.
- Several minor bug-fixes.
- Several minor improvements.
May, 2017 ***** [CURRENT BUILD 22270] *****
***** [CURRENT DRIVER 3.2.7] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- File change.txt modified so that netcheck is only done when
an interface comes up (not down).
- File rss.tcl modified so that STDOUT is the current window.
- File startup.txt now opens the quick dialog later.
- Ipproc now forwards MSTCP 224.0.0.9 packets to the network.
- Winute.c modified so that NAT32 settings are not updated if
the interface's Windows settings are not yet valid.
- Special name: nat32.vpn added. This allows DNS Analyser
settings to be adjusted via the cpanel.htm page for OpenVPN
connections.
- The quick dialog now has a cPanel icon. The Chat feature has
been removed.
- File HOSTS.INI has been updated.
- Monitor window modified.
- Shell commands that use xmalloc now explicitly call xfree on
return. This prevents memory leaks if the command functions
are called within a thread.
- Default check level and block level for private interfaces
now set to "none". Default levels for VPN interfaces remains
at "all". Use the cpanel.htm page to modify these levels.
- Several minor bug-fixes.
- Several minor improvements.
February, 2017 ***** [CURRENT BUILD 22268] *****
***** [CURRENT DRIVER 3.2.7] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- WebSocket support has been added. This allows OpenVPN status
updates to be sent as they occur to any web client that has
an open WebSocket to the NAT32 HTTPD.
- The cpanel.htm page has been improved to allow Microsoft
blocks (as in ms.txt) and Apple blocks (as in ios.txt) to be
toggled on or off individually. The page now uses a WebSocket
to display status updates or monitor updates.
- When file nat32.log file size exceeds the value set in variable
'mls', it is archived as yyyy.mm.dd.nat32.log.zip and a new
nat32.log is created.
- The email command now has the syntax: email title file to
The 'from 'field is set to the value in variable 'email' and
the mail is sent via the server set in variable 'smtps'.
- WLAN connect and disconnect commands now work again.
- DHCPD bug fixed. This bug was preventing new devices from
obtaining an IP address in some cases.
- Several minor bug-fixes.
- Several minor improvements.
December, 2016 ***** [CURRENT BUILD 22262] *****
***** [CURRENT DRIVER 3.2.7] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- Several important bug-fixes.
- Several minor improvements.
October, 2016 ***** [CURRENT BUILD 22260] *****
***** [CURRENT DRIVER 3.2.7] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- Several important bug-fixes.
- Several minor improvements.
- Fixed several RAS configuration issues.
September, 2016 ***** [CURRENT BUILD 22259] *****
***** [CURRENT DRIVER 3.2.7] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- Several important bug-fixes.
- More Windows 10 Version 1607 compatibility fixes.
- Windows10.txt updated
- BUGFIX: If a DNS response has no Answer Count, the response
must not be dropped, because Windows assumes the DNS server
is down and tries all future queries via NetBios for several
seconds.
- HOSTS.INI format now has a single space as separator instead
of 3 spaces.
August, 2016 ***** [CURRENT BUILD 22256] *****
***** [CURRENT DRIVER 3.2.7] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- Several minor bug-fixes.
- Windows 10 Version 1607 fixes applied.
July, 2016 ***** [CURRENT BUILD 22254] *****
***** [CURRENT DRIVER 3.2.7] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- several web pages updated.
- Full integrated OpenVPN support added.
- ICMP support modified.
- Setting command "set" now supports string search.
Example: 'set find wlan' prints all variables containing
'wlan' in their name or description.
- several minor bugs fixed.
- FritzBox support modified.
- Restart issues fixed.
- Command 'jsb [filename]' added.
This command allows Javascript to be specified for
execution by the Honeypot (useful for test purposes).
- Fixed UPnP client support. UPnP SEARCH requests are now
sent via the 'best' interface. Help page updated.
- DHCPD modified to deal with cheap and nasty clients that
use fake Ethernet addresses. Some IP cameras even use the
address 00-00-00-00-00-01.
June, 2016 ***** [CURRENT BUILD 22252] *****
***** [CURRENT DRIVER 3.2.7] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- The Comer and Stevens TCP code has been modified to fix a
number of problems.
- The honeypot daemon has been modified to allow up to Ntcp
simultaneous connections.
- INETIN and PNETIN modified to correctly respond to incoming
TCP connections at 1.2.3.4.
- RASIN modified to correctly handle PPPoE traffic.
- Softap reset command modified.
- BUGFIX: Function get_connections().
May, 2016 ***** [CURRENT BUILD 22250] *****
***** [CURRENT DRIVER 3.2.7] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- Console windows now scroll the caret line into view.
- DNS Resolver now returns a TTL of 5 for black-listed names.
- DNS Resolver behaviour modified for private machines.
- DNS Resolver now always returns a computed address (typically
the honeypot address) for all names it resolves.
- File DHCPD.INI modified to assign NAT32 as the gateway.
- New command: wintcp test [port]
- DNS Resolver modified (major changes).
- Monitor exit bug fixed.
- Various bug-fixes in TCP functions and readln2() used by
honeypot.c.
- Honeypot connections now reset because some clients don't
honour close() as they should.
- Function check_long(name, ...) was returning an error for
names containing underscores. This could be an issue in the
Windows DnsValidateName() function.
- Added footprintdns to default black-list.
- Valid length of a DNS component is now < 32.
- Functions xmalloc() and getmem() no longer warn or panic
if no memory is available. They just return 0 and require
that the caller handles the issue.
- Memory leak in create() fixed.
- New command: setgw ifn [ip]
- Adds a default route for the specified interface.
- Determines the gateway from the MSTCP or the MIB.
- Will not overwrite an existing gateway.
- Hang on exit because of scrolling issue fixed.
- OpenVPN support modified.
- The route copy command was modified to accept an additional
ifn argument.
- IPPROC now does the needed route copy when the first packet
for the Internet is received, and a TAP interface is in use.
- New command: tap [open | close | attach | detach]
- works only if no other process has opened the TAP adapter.
- CRON @hourly bug fixed.
April, 2016 ***** [CURRENT BUILD 22248] *****
***** [CURRENT DRIVER 3.2.7] *****
***** [New HELP2.ZIP file] *****
The following changes have been made:
- New WinPkFilter driver with enhanced performance added.
- DHCPD Server improved.
- DHCPD dhcpd.ini script now runs interface-specific commands.
- DNS resolver improved.
- Control Panel web page added (cpanel.htm) to allow DNS checking
options to be modified.
- Windows Power Broadcast handler improved.
- Shell "more" command improved.
- Shell "unwind" command added. This allows for easier script
debugging.
- Environment variable "shdbg" added for script debugging.
- Shell "if" command now supports the "=" operator.
- Shell "if" command now supports more "ifn.x" options.
- Shell "echov" command now supports $ substitution.
- Multi-monitor support added.
- FritzBox scripts updated to work under the current FritzOS.
- The rcmd.exe and remote.exe applications have been updated.
- DNS checks now call the Windows DnsValidateName function.
- RAS Client and Server support for Windows 10 added.
- Problems with adapter index corrected.
- Windows DHCP settings for an interface are now ignored.
- RasDialDlg removed.
- For fixed IP configurations, use NAT32's IP if MSTCP IP is 0
------------------------------------------------------------------
January, 2016 ***** [CURRENT BUILD 22236] *****
***** [CURRENT DRIVER 3.2.4] *****
***** [New HELP2.ZIP file] *****
25 Auto-configuration code arguments:
nat32.exe aDlwv
'a' indicates auto-configuration
'D' indicates install driver if needed ('d' for uninstall)
'l' indicates include a LAN adapter
'w' indicates include WiFi adapters
'v' indicates include Virtual WiFi adapters
Web page net.htm shows traffic and DHCP details.
23 New version of rcmd.exe.
New version of remote.exe.
New version of SoftAP.exe.
13 Autocfg.log output modified.
New command: itest [idx]
With no argument, the command prints MIB_IF_ROW2 details
for all interfaces known to the WinPkFilter driver.
Otherwise, details for the interface specified by "idx"
are displayed. Note that "idx" is the Windows Iphlpapi
index that is shown in the interface list printed by the
Windows "route print" command.
Diag.txt now includes itest output and autocfg output.
11 Auto-configuration code modified to accept the following
arguments:
nat32.exe alwv
'a' indicates auto-configuration
'l' indicates include a LAN adapter
'w' indicates include WiFi adapters
'v' indicates include Virtual WiFi adapters
Configuration details are written to file autocfg.log
7 Auto-configuration code modified to detect WiFi adapters
by their Windows media type value (0x10 for WiFi).
Auto-configuration code modified to update Windows TCP/IP
settings before writing the ifn.ini files.
Auto-configuration code modified to accept the following
arguments:
nat32.exe awvr
'a' indicates auto-configuration
'w' indicates include WiFi adapters
'v' indicates include Virtual WiFi adapters
'r' indicates include the RAS Server and 2 clients.
5 Auto-configuration code modifed to detect the secondary
adapter more reliably.
4 NEW FEATURE: NAT32.EXE has a new auto-configure argument.
When started as: nat32 a
auto-configuration code will run and new nat32.ini and
ifn.ini files will be generated, unless they already
exist, in which case they will be parsed and executed
in the normal way.
December, 2015 ***** [CURRENT BUILD 22236] *****
***** [CURRENT DRIVER 3.2.4] *****
***** [New HELP2.ZIP file] *****
31 MAJOR CHANGES: DHCPD modified to correctly initialize for
interfaces that are not yet configured.
DHCPD reset modified so that static entries added via
user.txt (or similar) are preserved.
DHCPD reset now correctly detects state changes (IP -> 0
and 0 -> IP).
The HTTPD now serves content in a way that allows IE11
to display the output of shell commands without delay.
Note that this feature depends on undocumented behaviour
of IE11.
The softap shell command now supports additional options.
Inetin modified to forward MSTCP traffic for local
destinations without mapping.
DNS client checks now default to "all" for clients on
private networks and to "none" for clients on Internet
connected networks, unless such clients are configured
by the NAT32 DHCPD, in which case the check level as
specified in the static entries list applies.
28 MAJOR CHANGE: DNS client checking now defaults to OFF for
Internet interfaces and ON for private interfaces.
21 MINOR CHANGE: SoftAP is turned off before sleep.
MINOR CHANGE: Function winute() modified to not suggest
an IP address for unconfigured private network adapters.
MINOR CHANGE: Command webstat (and its webpage) updated.
18 MINOR CHANGE: For FritzBox users, the DNS functions now
recognize the special name "fritz.repeater".
MINOR CHANGE: The embedded browser can now block all
frames on a web page if the Frames option in the Window
menu is unchecked.
16 BUGFIX: Function tcplisten() no longer resets incoming
connection requests if no control block is available.
MINOR CHANGE: Function vsprintfd() now uses the length
returned by vcsprintf().
14 NEW FEATURE: An auto-configuration utility (config.exe) is
now available for configuring NAT32 to run as a Software
Access Point. Details are in softapcfg.htm.
12 BUGFIX: Help command was faulting in WINSOCK mode.
11 DHCPD function dhcp_arp() in request.c modified to wait
for 2000 msec for a response. This gives WiFi devices
ample time to respond.
10 DHCPD modified further. Tested with Windows, IOS and
Android clients.
9 Command softap() modified to use Wlan API functions.
DHCPD modified to correct various problems.
Changes made in discover.c and request.c.
6 NEW FUNCTIONALITY: Cron now supports @resume lines in the
crontab. This allows the SoftAP to be started when the
machine resumes after sleep.
Sample crontab entries are:
@reboot softap on # At reboot, turn on the SoftAP
@resume softap on # On resume, turn on the SoftAP
NOTE: The "softap on" command requires privilege.
It will work silently when NAT32 runs as a service, but
it will otherwise prompt for permission if User Account
Control is on (the default).
November, 2015 ***** [CURRENT BUILD 22234] *****
***** [CURRENT DRIVER 3.2.4] *****
***** [New HELP2.ZIP file] *****
29 MAJOR CHANGE: The dhcpd now checks for existing use of an
about to be assigned IP address more rigorously. The ARP
case is first checked and an ARP request is then broadcast.
If the address resolves, it means it is in use and will not
be assigned.
28 MINOR CHANGES: honeyb lengths checked more rigorously.
File change.txt now deletes the ARP entry.
The pnetin thread now passes ARP Requests to the MSTCP
and to NAT32's ARP Input thread.
27 NEW COMMAND: Command 'startp' is identical to 'start'
except that only STDIO devices are inherited from the
parent. Use startp to start threads from script files.
25 MINOR CHANGE: The wupnpd modified to not run on the
RAS Server interface.
24 BUGFIX: The DNS resolver was returning the incorrect IP
address for names in the 'local' list.
23 BUGFIX: wlan command was not displaying output.
BUGFIX: unshared address mode for both Internet-connected
and private networks now works correctly.
Changes in ipget() and map_port().
BUGFIX: Function printfs() modified.
18 NEW FEATURE: The following admin commands have been added:
adminlf [file] # default is login.htm
admingf [file] # default is good.htm
adminbf [file] # default is bad.htm
adminac ifn [access_code] # default is "Accepted"
See the login1.htm file for an example.
16 NEW FEATURE: Environment variable "userid" added. When 1,
admin checks require unique User IDs. When 0, the same
User ID can be used for multiple machines.
13 NEW FEATURE: The dhcpd command now accepts a 5th argument
that specifies the level of DNS checking to be applied to
requests from the specified host.
Allowed values are:
"all" (all checks done)
"hosts" (only host checks done)
"none" (no checks done).
12 DNSD privilege mechanism enhanced. The DNSD command now
understands the checking levels: all, hosts, none.
Command "set" now accepts "" or 0 for IP string vars.
Shell now allows empty args (e.g. "").
Function copy_routes() now uses the Windows metric when
adding RIP-advertised routes.
8 File nat32.js modified.
File script/app: Lines can begin with a # (Comment)
The dnsd command now allows a security level to be set
for a specified host IP address. Levels are as follows:
0 Do ALL name checks (the default)
1 Do hosts.ini checks only
9 Do NO checks at all
Global flag "dnsc" added. Values are as above and apply
to all clients that have no entry in the DNS Client table.
October, 2015 ***** [CURRENT BUILD 22232] *****
***** [CURRENT DRIVER 3.2.4] *****
22 Minor Changes:
Function p32open() was calling getnam() instead of
getpname() in error messages.
Minor error in unixutil() line #90 corrected.
Minor error in in x_log.c line #19 corrected.
The DHCPD now honors a specified offset only for DISCOVERs
with no code 50 IP address.
Default DHCPD lease duration is again 7 days.
BUGFIX: The buffer size used by the browser devices has
been increased to 8*64K (webinit.c line #35).
The same increase was done in edit.c line #521.
13 Minor Updates:
Minor changes in wupnpd.
NEW FEATURE: Command htest now accepts an argument
specifying how many times a name should be looked up.
This gives more accurate time estimates for the lookup.
NEW FEATURE: The arping command now resolves Vendor IDs
for MAC addresses, if a file mac.txt or mac.ini exists.
The supplied mac.ini file is based on the manuf file
distributed with Wireshark.
--------------------------------------------
***** IMPORTANT NOTE for OpenVPN users *****
--------------------------------------------
Some versions of the TAP-WIN32 driver on some platforms
were causing NAT32 exit to fail if the adapter was set to
report its Media Status as Always Connected rather than as
Application Controlled.
6 Minor Updates:
A black-list entry containing a ^ character must be in
quotes.
Udptime server fixed.
Udpdtime server added (UDP Daytime Service).
Default DHCPD lease duration is now 1 day (86400 sec).
Monitor dialog box modified to allow clearing of the
entire list.
Various web pages updated.
September, 2015 ***** [CURRENT BUILD 22232] *****
***** [CURRENT DRIVER 3.2.3] *****
29 NEW FEATURE: The DNSRD now treats black-listed names that
start with ^ differently. A strcmp() is done instead of a
strstr() in this case.
BUGFIX: The rasin thread now discards incoming packets if
the number of buffers in the pool reaches 10.
28 NEW FEATURE: The DNSRD now checks for long DNS labels and
blocks names with a starting label longer than dnsl bytes.
The dnsl variable is initially 40 bytes and has a maximum
value of 63.
26 BUGFIX: DHCPD modified to mark a declined entry as
unavailable for 60 sec rather than just 10 sec. This fixed
the duplicate address problem.
24 BUGFIX: DHCPD modified to offer a different address each
time a particular address is declined.
20 MODIFIED: Connections can now be dialed via a web page.
RasDial() is now used rather than RasDialDlg().
MODIFIED: DHCPD now always broadcasts OFFERs and ACKs.
This was needed because some clients do not set flags
correctly.
MODIFIED: Function log() now prints more diagnostic
information if a log file can't be opened.
18 BUGFIX: WINIO modified to fix resizing bugs.
17 DHCPD modified as follows:
Unicast behaviour changed, NACK behaviour changed.
Function request() no longer calls arp_send() to check
the requested IP.
12 NEW FEATURE: The DNS lookup functions now check the WHOST
table. The DHCPD now adds an entry to that table after
sending an ACK to a REQUEST. This fix is particularly
useful for LINUX-based devices.
9 Various string functions modified to ensure VS2015
compatibility. Note the sprintfx.cpp and vsprntfd.c
modifications.
8 BUGFIX: The DHCPD now adds an ARP entry before sending an
OFFER, ACK or NACK. This allows devices that do
not set the BROADCAST flag in DISCOVER and REQUEST
packets to work correctly.
BUGFIX: Function inetin() now passes mapped packets to
NAT32 regardless of source, if a mapping exists.
7 BUGFIX: Portmap send_ack() error fixed.
An ARP request for IP destination instead of
IP nexthop was being sent.
BUGFIX: Honeypot serve_real_content() fixed.
The request length is now checked.
BUGFIX: See all the 5.9.2015 notes relating to udpsend(),
ipsend, and their callers.
4 NEW FEATURE: The httpd_proxy environment variable now
allows (1) or diallows (0) HTTPD proxy behaviour.
3 BUGFIX: DHCPD was sometimes not responding to request.
2 A new WinPkFilter Driver Version 3.2.4 is now available.
August, 2015 ***** [CURRENT BUILD 22232] *****
***** [CURRENT DRIVER 3.2.3] *****
31 MODIFICATION: The dhcp command has been renamed to dhcpd.
30 Error in nav.css fixed.
28 BUGFIX: TCL: Several minor file I/O errors corrected.
26 NEW FEATURE: arping command added.
Usage: arping ifn [IP | MAC]
The command is used to obtain a list of all machines on a
network (arping ifn) or to "ping" a machine by IP address
or MAC address.
CRON now re-syncs when the machine resumes from sleep.
23 NEW FEATURE: mechanism for overriding DHCP offers from
external DHCP servers modified.
21 NEW FEATURE: Command 'dhcpc ifn test' gathers responses for
2 seconds. It thus detects all DHCP servers that have sent
an offer during that interval.
File 'crontab' detects external DHCP servers every minute.
NOTE: If the DHCPD is set to static mode on an interface,
then stations not in the reserved list will never be
initialised if no external DHCP server is active.
19 NEW FEATURE: mechanism for overriding DHCP offers from
external servers improved.
16 BUGFIX: several minor DHCPD bugs fixed.
15 NEW FEATURE: Honeypot now honors FILE and CMD requests.
14 BUGFIX: Port 137 lookups for "wpad" now honored.
13 BUGFIX: UDP echo command was sending to broadcast address
if name resolution failed.
NEW FEATURE: RDP and SMB traffic is now mapped directly to
the MSTCP by the driver. This greatly increases performance
for local traffic.
12 NEW FEATURE: The winset command can now be used to start
the Windows Firewall Control Panel applet.
11 CHANGE: The ICF code now no longer defaults to ON.
10 NEW FEATURE: The honeypots, DHCP server and HTTP servers
are now started via startup.txt only.
9 NEW FEATURE: The DHCPD now supports configuration of MSTCP
interfaces. A new dialog box asks the user for an IP address
and Mask to be used on the interface. In order to support
DHCP renew requests, the DHCPD reports the fixed IP address
x.x.x.232 so that such requests actually make it down to
the NDIS layer. That IP address is pingable from other
machines.
8 BUGFIX: Error in ReadPostData() corrected. This error was
causing NAT32 to exit if WUPNPD received a command.
7 WSUPNPD exception handling added.
6 BUGFIX: WUPNPD buffer size increased.
4 BUGFIX: HTTPW now uses a larger reply buffer for DNS
lookups.
3 BUGFIX: HTTPD POST Request now works correctly.
July, 2015 ***** [CURRENT BUILD 22230] *****
***** [CURRENT DRIVER 3.2.3] *****
31 BUGFIX: various buffer issues in the HTTPD fixed.
BUGFIX: additional sanity checks added to the TCP code.
BUGFIX: honeypot_ssl was not closing connections because
read() calls were blocking.
BUGFIX: Function tcpwrite() was sometimes writing too much
data.
25 BUGFIX: termination when additional shells are running.
BUGFIX: tcpsend() error when no data needs to be sent.
BUGFIX: buffer length error in mwrite() and monitord().
22 Several bugfixes and improvements, including:
Winsock WUPNPD improved (see upnpd.htm).
New command setu added (see upnpd.htm).
WUPNPD now started on Secondary interface in startup.txt
NAT32.EXE flags modified. Flag "h" now indicates
"No HOSTS checking"
Flag "p" now indicates "give network I/O priority".
FritzBox and FritzRepeater script files modified.
Default stack size increased.
15 BUGFIX: Fixed potential GPF in pmain.c
Various other minor issues fixed.
12 BUGFIX: TCP keepalive now works correctly.
6 Minor changes in how winio.c handles change between web
mode and standard mode.
4 Many changes made, particularly in memory allocation in
several functions.
Most (but not all) printf variants now use xmalloc().
The minimum stack size is now 16K rather than 4K.
The WinPkFilter 3.2.3 is now installed per default.
BUGFIX: The NSERVER string is now no longer sometimes
falsely set.
June, 2015 ***** [CURRENT BUILD 22228] *****
***** [CURRENT DRIVER 3.2.x] *****
15 This is the last build that will run on Windows XP.
BUGFIX: Function wlogin() modified to close startup.txt
once it's execution has completed.
Several commands modified to interpret "all" as all
interfaces.
9 BUGFIX: File change.txt now sets interface selection
algorithm to 'main'.
NEW COMMAND: netcheck displays important network settings.
8 IMPROVEMENT: DNS resolver now checks Windows notion of a
name server address before resorting to OpenDNS.
BUGFIX: Shutdown command now clears no_sleep before
calling ExitWindowsEx().
BUGFIX: Exit flag is now set when a network input thread
is forcefully terminated (e.g. via a netstop command).
6 BUGFIX: IPPROC minor DNS modification.
5 BUGFIX: The NETOUT thread was sometimes terminating
prematurely. This happened whenever its semaphore was
signalled and the ouput queue had been emptied in the
interim. Changes in netout(), netwriteq() and slowtimer().
4 Major changes to how DNS is used and detected. Nsdetect
is no longer used, as it allows any private machine to
change DNS Server settings within NAT32. The mechanism
is still in place but no longer turned on in startup.txt.
3 Several web page improvements and enhancements.
Winio() now displays web pages by running x_web() and
x_webf() in a thread rather than via a function call.
May, 2015 ***** [CURRENT BUILD 22228] *****
***** [CURRENT DRIVER 3.2.x] *****
29 SoftAP.exe major change: Stop button now forces a stop.
SoftAP.exe minor changes: debug output removed, status info
now updates correctly.
25 Admin.exe modified to start child processes without
inherited handles. This means that such processes will no
longer prevent NAT32 from terminating if they are still
active at the time.
Support for a second Windows ICS magic address added.
24 NEW FEATURE: Throttling added. See setf.htm for details.
BUGFIX: WiFi and Virtual WiFi adapters now recognised
correctly on Windows 8 and higher.
23 NEW COMMAND: arpoff ip | name [ifn]
This command modifies the state of the specified ARP entry
to "refuse". Thereafter, traffic to the address will have
an invalid Ethernet destination address causing such
traffic to be ignored by the receiver. This action can be
reversed with an arpon command with the same syntax.
This feature is useful for blocking traffic at the MAC
level rather than at the IP level.
22 Startup.txt modified as follows:
1. The setis command is now: setis main
2. The no_sleep variable is now set to 1
3. Command: "setnsi p" was added to ensure that the main
DNS server is used per default.
When running as a service, a 20-sec startup delay has been
removed.
Various kprintf functions were modified so that they work
correctly when NAT32 runs as a service. If kprintf2 is
ever called, the caller blocks until Ok or Cancel is clicked
on the xlog.htm page.
CAUTION: kprintf2 is called from the kecho command. If that
command is ever used, BE SURE to display the log buffer in
a browser so that Ok or Cancel can be clicked.
A new certificate for the WinPkFilter driver was added. The
original certificate had expired.
21 MINOR CHANGE: ARP cache size increased.
NEW FEATURE: WiFi and Virtual WiFi detection added. New
help pages explain the feature.
RIP modified so that rip udates are never sent on interfaces
that are configured, but not in use.
19 MAJOR CHANGE: The code that handles adapter configuration
changes and DHCPD changes has been extensively modified.
The file 'change.txt' has also been modified and the old
version should no longer be used.
BUGFIX: All netin functions have been modified to correct
a DHCP Renew problem.
NEW FEATURE: The SoftAP.exe program has been enhanced.
18 Kernel modification: The thread wrapper now checks for an
unreleased Critical Section and releases it if necessary.
17 BUGFIX: dstat command modified (ARP CS issue)
BUGFIX: eth2ip command modified (ifn arg added)
15 MINOR CHANGE: Service configuration improved.
14 MAJOR CHANGE: A problem was occurring on networks that are
connected to the Internet via routers that have multiple
private IP addresses. NAT32's inetin() thread was dropping
incoming packets that had a MAC source address that did
not match that of the configured gateway.
13 NEW COMMAND: "dstat ea" converts the specified Ethernet
Address to an IP address and name (if known).
The Monitor window is now preserved across restarts. This
means that decho the and mecho commands (which both call
dprintf to display output in the monitor windos) can now
be used at any time.
Various help texts in dialog boxes updated.
10 Unsolicited incomimg ICMP traffic is now passed to NAT32
for processing rather than to the MSTCP. This means that
pings will work even if the Windows Firewall is blocking
ICMP traffic.
BUGFIX: Problem with shell exit after a restart fixed.
9 BUGFIX: wpad dns now works correctly.
Softap.exe notification handling improved.
Several htm pages updated.
8 BUGFIX: Function sets() line #47.
7 BUGFIX: Function inetin() now routes packets received from
the MSTCP that are addressed to a different local network.
Packets from the MSTCP for addresses on the same network
are written directly.
BUGFIX: The DHCPD reset command was setting the nserver to
1.2.3.4 instead on nif[ifn].ni_ip.
4 Command config no longer writes to logfile unless a debug
argument is specified.
3 The GPF Dialog box now works correctly for all options.
A gpf command is available for testing the GPF handler.
Full details are in file gpf.htm.
2 NEW COMMAND: The wpad command can now be used to configure
the wpad features and to turn wpad support on or off.
Full details are in file wpad.htm.
1 NEW FEATURE: The DNSRD now resolves names containing
wpad.domain to NAT32's IP address. This causes a web
client to send a GET request for file wpad.dat to NAT32,
which then responds with the contents of file proxy.pac
that is located in the NAT32v2 HTM directory. A sample
proxy.pac file is included, but it should be edited as
needed. The sample proxy.pac redirects all traffic to
the NAT32 HTTPD at port 8080.
April, 2015 ***** [CURRENT BUILD 22225] *****
***** [CURRENT DRIVER 3.2.2] *****
30 Various HTML pages updated.
The "su" command now always executes admin.exe, even on
systems without UAC enabled.
26 Build 22225 created from the Build 22224 codebase.
Minimum platform requirement is Windows 7 (Server 2008 R2).