How to setup Windows routing to avoid having to log into a access node to get to a private lab node?

In my development environment, the developers write code on their desktop Windows machines. The testing machines are on a private networks in the lab and we have to first log into a host node in the lab and then from there log into the test node:

[Windows 7 Node] -->[company intranet]–> [Linux Lab Host Node] --> [Test Node]

Is there a way for me to setup routing on my Windows client so that I don’t have to first log onto the Lab Host? Ideally, I would like to setup routing so that a specific IP is routed through a specific Host Node since I usually have to access several different Test Nodes and they could all be in the same private IP range. For example: -> -> ->

I’m sure that it wouldn’t work if I had to go to two different private nodes both with the same IP (, but I can work around that when necessary. The things I’m not sure about:

  • How to setup routing on my Windows box so it uses the right Lab Host for each private IP.

  • How to setup the Lab Host so that it acts as a network gateway to automatically route to the Lab Node.

  1. You enable ip forwarding on your Linux host to allow packets to route between the Intranet and Test Network.
  2. You then add a route entry your Windows node using the ‘route add’ command, declaring a that the Windows machine should use the Linux host as the next hop/gateway to reach the Test Network.

Note that Dev/Test networks are typically segregated for safety reasons; check with your local IT to make sure you are not violating company or computing policy by doing this.

Thanks for the help. I checked and ip forwarding is enabled on the middle host already. It’s segregated like this because there’s a lot of dynamic test systems rather than for security concerns. I’ve tried setting the route on my Windows box, but I can’t connect to the lab network. When I ping the address, I get a message like:

> ping

Pinging 1192.168.1.5 with 32 bytes of data:
Reply from Destination host unreachable.
Request timed out.

I tried different routing values, but I haven’t had any luck. The current route shows as:

I’ll try a few more things and see what happens.

It’s not IP forwarding that’s required but routing. RRAS is the Windows service - I don’t know about Linux.

I too would echo the comments about safety and security. Having the two networks transparently linked is generally not a good idea. Something I’ve seen done is to have a Windows terminal server with two network cards, with one card on each network. You can then remote into the terminal server using the Microsoft client, which can be set to automatically let you through, and then your session on the terminal server has access to both networks, but the server does not itself route across networks. I believe the newer versions of Windows Terminal Server allow you to run applications on the terminal server (e.g. your SSH client) seamlessly.

IP forwarding *is *routing. If a host has multiple interfaces, you enable IP forwarding to make it act as a router.

Does “Test Node” know how to route back to the Windows host? E.g. does it have a default gateway or other routing table entry to get beyond its local network? Maybe in the current set-up, you are SSHing into “Linux Lab Host Node” which has another interface on the network, and the test lab host can reach that directly, which is why that works.

IP forwarding on the gateway is not routing on the client. OP needs to have both configured.

To see routes on client, open a terminal window / command shell (run | cmd) and type


to capture the information, for reposting here, type


I have no idea why you have to log onto the Access Node. Perhaps you have to open the firewall. Perhaps you have to configure routing/forwarding on the Access Node. It is unlikely that anything you do on the client will replace “logging into the access node”. However, if you can, if it does, you will need to have routing/forwarding set correctly on both the client and the Access Node.