Network Address Translation ( NAT ) allows multiple computers to share a single Internet connection using a single IP address. The benefits of this include the capability to connect multiple computers to the Internet using a single Internet connection. This in turn also helps to solve the increasing shortage of public IP addresses. Network Address TranslationAs the name implies, one of the things NAT does is provide IP address translation services. The system configured with NAT has an external and internal network interface. Because a public IP address is required to access the Internet, the external network interface of the NAT server is configured with an Internet routable IP address. The internal network interface is assigned the IP address of 192.168.0.1 by default and internal clients can be assigned an IP address from one of the private IP address ranges. All internal requests are routed through the NAT server and appear as though they originated from the same public IP address. The NAT server basically acts on behalf of internal clients. When internal clients access the Internet, NAT receives the request and translates the private IP address and the port numbers before forwarding the request to the Internet. The IP address and port number of the internal client is mapped to the external port number on which the request is made.
All internal requests are mapped to an external request (the internal IP address is mapped to the IP address assigned to the public interface) and the information is kept in a table that is stored in memory. When the response to a request is returned to the NAT server, it uses the mappings stored within the table to determine the internal client to which the response should be returned. Static and Dynamic MappingsBefore you discover the NAT process in more depth in the next section, you need to be aware of one of the key benefits of NAT. This benefit is that NAT can use static or dynamic mappings . Dynamic mappings are created when an internal client initiates communication to an Internet location. Static mappings are manually created so that traffic initiated from the Internet can be mapped to a specific server and port on the private network. When an internal request is received, NAT can create a dynamic mapping and store the information in the mapping table. Or static mappings can be created. This allows you to specify that certain traffic always be routed to a certain location. For example, all external traffic destined for port 80 on the public interface of the NAT server can be routed to a specific internal Web server. How Does NAT Work?The following steps outline the process that occurs when a request is received on the internal interface of the NAT server:
For inbound traffic initiated on the Internet, the process is slightly different. This is for security purposes to protect computers on the local area network from Internet attacks. When an inbound request is received, NAT checks to see if a static mapping exists that matches the request. If there is no mapping, the request is dropped. Enabling NATNAT can be enabled in one of two ways depending on the existing configuration. If Routing and Remote Access is not enabled, NAT can be enabled using the Routing and Remote Access Server Setup wizard. To enable NAT using the wizard, follow these steps:
In some cases, Routing and Remote Access may already be enabled on your system. If this is the case, you can use the following process to manually enable and configure NAT. Before you begin, make sure the internal interface is assigned an IP address of 192.168.0.1 and a subnet mask of 255.255.255.0 (this address can be changed if necessary). The ISP will provide the DNS settings you configure. The external interface will be configured with an IP address from your ISP. If necessary, create a new demand-dial interface within the Routing and Remote Access console (refer to Chapter 7 for step-by-step instructions). To manually enable NAT, follow these steps:
|