How to redirect/route IP address to another IP address?

Solution 1:

Intro Considerations

Before implementing any of this, it would be really helpful to know just what routing actually does.

Routing doesn't change network addresses. (Well, NAT does. And NAT can be performed while routing gets applied. However, if you want to learn how to do something, you should be trying to keep things simple. And it is best to think of simple/traditional routing as a separate process, because that is a much simpler way to think about it.)

Before looking at changing stuff like addresses, let's make sure there's a thorough understanding of how stuff actually works, so that we don't try to do something that will violate common network design rules (and which will probably be rejected by a majority of hardware and software that typically implements those rules). If this stuff gets learned, then at least if we try something crazy, we will understand that what we are trying is crazy, and will be mentally prepared for the types of obstacles we are trying to face. That is much better than not knowing these details.

About Routing

Routing is typically designed to make sure that traffic gets from one network (often called a "subnetwork", or "subnet") to another network.

When you computer sends network traffic, it is likely sending "frames" of network traffic. These frames are called "Layer 2" traffic. (Layer 1 focuses on physical connections, like cables or antennas and airwaves.) Frames are delivered to MAC-48 addresses (also known as EIU-48 addresses, and much more commonly just called "MAC addresses"). The most common ways that frames get delivered are by using Ethernet (over UTP copper cabling) or Wi-Fi.

Frames tend to contain packets. The most common types of packets these days are IPv6 and IPv4. (Probably not in that order...) These packets are considered Layer 3 traffic. The packets tend to contain TCP segments or UDP datagrams, which are layer 4 traffic. I'm using the term "layer" consistently with what is described by the "OSI Model", which tends to get taught in a lot of professional-level networking classes/training.

Now, let's say you're at 192.168.1.103 and want to communicate with 4.2.2.2. This could be UDP port 53 traffic (DNS), but I will instead use ICMP (ping) as an example.

Typically, your computer will compare 192.168.1.103 and the size of your network, which is specified by the prefix length (e.g., IPv4 /24). Prefix lengths (especially IPv6 /64) are most common for IPv6. For IPv4, the size of the network is very often written out as a subnet mask. The binary values of common subnet masks start with all the ones, with all of the zeros towards the end of the subnet masks, so you often end up with subnet masks like 255.255.255.0. Using these examples of IPv4 /24 and 255.255.255.0, the size of the network is 256 addresses. So the computer figures out which addresses would be at the start and end of a group of 256 addresses if all possible Internet addresses are divided into evenly-sized groups of that size. So, if all possible Internet addresses were split into groups of 256 addresses, then 192.168.1.103 would be in a group that is goes from 192.168.1.0 and 192.168.1.255 (inclusive).

Since the desired destination is 4.2.2.2, and 4.2.2.2 is not between 192.168.1.0 and 192.168.1.255, then the traffic doesn't just get sent to 4.2.2.2's MAC address using a frame. (We are unlikely to be able to use IPv4's Address Resolution Protocol (ARP) or Neighbor Discovery Protocol (if we were using IPv6) to discover the MAC address, because that is on a different network. This has to do with limitations that affect ARP and IPv6 NDP.) So, if we can't send a frame to there, how can we communicate with 4.2.2.2?

By routing. We can find a gateway that will help us get traffic to 4.2.2.2. For most common consumer equipment, people are often used to having just two types of networks: a network that the computer is part of, and the worldwide Internet. (Corporations sometimes have multiple sites, and may have other networks.) A gateway that is meant to handle addresses to anywhere in the world (the entire Internet) is sometimes called the "gateway of last resort", and much more commonly called the "default gateway". That is the gateway that will be used for any address if there isn't a more specific gateway that happens.

So, your computer will send an IPv4 ARP request for the default gateway, which will need to be in your network. Quite commonly, that will be the first "usable" address on your network. (Due to some very old broadcast standards, and perhaps also due to some common confusion, many people just treat the first address of a subnet as unusable. This includes creators of some software and hardware, so the decisions of those people often affect the rest of us. So 192.168.1.0 may be unusable in this example.) So 192.168.1.1 may be the first usable address, and may be the default gateway. I will use that example.

Once your computer figures out the MAC address of your default gateway, then your computer sends out the ICMP message by using an IP packet that is addressed for 4.2.2.2, and that IP packet is part of a frame that goes to the MAC address of the gateway.

So, the network traffic containing the ICMP message doesn't actually get sent to the IP address of 192.168.1.1. The traffic gets sent to the MAC address that is related to 192.168.1.1.

Then, your local router will pay attention to the traffic because the traffic is going to the MAC address. Because it is a router, it will cooperate by routing the traffic. So your router will figure out if it knows how to communicate directly to 4.2.2.2, by being on the same network. In all likelihood, your router won't know how to get 4.2.2.2's MAC address. So the process gets repeated, as your router will then "route" the traffic to the MAC address of another router, which may be located at your Internet Service Provider (ISP).

Now, the point in explaining all this is that even if you did manage to get your computer to translate the 10.10.10.10 to 20.20.20.20, that might be useless if the receiving equipment is not expecting traffic for 10.10.10.10. The receiving device at 20.20.20.20 might receive the traffic, but may ignore it if the traffic is meant for 10.10.10.10.

Keep in mind that in my working example, even though the IP traffic got sent to the MAC address related to the default gateway, the IP packet's destination of 4.2.2.2 remained unchanged during the entire process of routing traffic.

So, if you are trying to change the destination IP address, that isn't simple routing. That is NAT. NAT is an abbreviation for Network Address Translation. So, when network traffic involves a specific network address (10.10.10.10), it gets translated to another address (20.20.20.20). See: NAT in Windows.

TCP's Limit

Note that a lot of Internet traffic uses TCP. If you are trying to get a TCP connection going to 20.20.20.20, TCP's requirement for two-way communication may cause some troubles. Even if you could get traffic sent to 20.20.20.20, then 20.20.20.20 needs to be able to successfully respond, because TCP requires two-way communication in order to complete the "TCP handshake" at the start of the TCP connection, before any of your ("payload") data gets sent. If your software program thinks that it is sending traffic to 10.10.10.10, then your software program will not accept response traffic from 20.20.20.20. So, in addition to NATting outgoing traffic, you may also need to be able to reverse the NAT effects if you're using TCP. TCP is very common, e.g. HTTP (web) and SMTP (E-Mail). The main exceptions are traffic which is very small (e.g. classic DNS which uses UDP. Another example is ICMP) or traffic which is very sensitive to slowness (maybe VOIP, news (like stock prices, where old information is useless than re-updated newer information), real-time games). It can be very helpful to learn whether the protocol you intend to use will rely upon a lower-level protocol like TCP. Network sniffing (e.g., tcpdump or Wireshark) can also be quite useful in understanding why things don't work.

NAT availability

Typically, you don't bother with NAT on end user machines. Typically, that is done by a router. Some versions of Windows do support the feature of being a router, which means the computer can treat network traffic similar to how other routers treat the traffic.

This question has the "Windows" tag, so I'm guessing you're wanting to do this using software built into Microsoft Windows, I would think that NAT would be supported by a feature called "Routing". Modern versions of Windows have this feature built into some software called "Routing and Remote Access" (abbreviated "RRAS").

As far as I know, RRAS is often not supported by "Home" versions of Microsoft Windows. It is often supported by the Windows Server releases (e.g., Windows Server 2008 R2). I think it might be supported by "Professional" end user releases, like "Windows 7 Professional". I'm rather suspecting that this feature might be entirely missing from Home releases like "Windows 7 Home".

Even if the feature is potentially available in your version of Windows, it is probably so disabled by default that it is even uninstalled. So you might need to go to a spot where you can install Windows Features (e.g., "Server Manager", or maybe Control Panel's applet that includes the word "Programs" as part of its name, and then the left frame of that applet may have a hyperlink for adding/installing/enabling "Features").

  • Possible Resource: TechNet: Enable and Configure NAT
  • Possible resource: TechNET: Netsh Routing IP NAT Context Commands

Now, in theory, you might be able to tell your computer to route traffic to a proxy that NATs the traffic and sends it out as a different IP address. So what you're asking for might be possible.

Approaches

One possible alternative: Consider manipulating DNS instead of IP traffic. e.g., point a DNS name to a different IP address, possibly by using CNAMES (if you can affect the DNS records for the relevant domain names), or by using hosts files. Often much easier to implement, and to reverse (if you decide to undo your changes).

Chances sound very, very good that this isn't going to be the best approach for whatever you're really trying to accomplish. Understand that trying to do things normally, according to the rules, can be very challenging. Trying to invent your own ways of doing things is much more challenging. It is highly inadvisable to get too inventive when designing networks before you have had experience successfully designing networks using standard methods, and you know the limitations of the standard methods (and probably also why those limitations exist), and you really know that what you're doing is better (and why it is better). Otherwise, you're likely to run into a host of problems. (I can speak from some experience. Eventually, I simply learned to try doing things the straightforward way first.)

The question looks like a classic case of XY Problem. If you're trying to accomplish something other than what you just asked for, try creating another question where you are asking for what you are really trying to accomplish.