Installing NAT

Network Address Translation ( NAT ) allows multiple computers to share a single Internet connection using a single IP address. The benefits of this include the capability to connect multiple computers to the Internet using a single Internet connection. This in turn also helps to solve the increasing shortage of public IP addresses.

Network Address Translation

As the name implies, one of the things NAT does is provide IP address translation services. The system configured with NAT has an external and internal network interface. Because a public IP address is required to access the Internet, the external network interface of the NAT server is configured with an Internet routable IP address. The internal network interface is assigned the IP address of 192.168.0.1 by default and internal clients can be assigned an IP address from one of the private IP address ranges.

All internal requests are routed through the NAT server and appear as though they originated from the same public IP address. The NAT server basically acts on behalf of internal clients. When internal clients access the Internet, NAT receives the request and translates the private IP address and the port numbers before forwarding the request to the Internet. The IP address and port number of the internal client is mapped to the external port number on which the request is made.

graphics/note_icon.gif

When NAT receives a request, it modifies the source IP address, the source port, and the checksum. If additional information must be translated, a NAT editor can be installed. Windows 2000 includes NAT editors for the following protocols: FTP, PPTP, ICMP, and NetBIOS over TCP/IP.


All internal requests are mapped to an external request (the internal IP address is mapped to the IP address assigned to the public interface) and the information is kept in a table that is stored in memory. When the response to a request is returned to the NAT server, it uses the mappings stored within the table to determine the internal client to which the response should be returned.

Static and Dynamic Mappings

Before you discover the NAT process in more depth in the next section, you need to be aware of one of the key benefits of NAT. This benefit is that NAT can use static or dynamic mappings . Dynamic mappings are created when an internal client initiates communication to an Internet location. Static mappings are manually created so that traffic initiated from the Internet can be mapped to a specific server and port on the private network.

When an internal request is received, NAT can create a dynamic mapping and store the information in the mapping table. Or static mappings can be created. This allows you to specify that certain traffic always be routed to a certain location. For example, all external traffic destined for port 80 on the public interface of the NAT server can be routed to a specific internal Web server.

How Does NAT Work?

The following steps outline the process that occurs when a request is received on the internal interface of the NAT server:

  1. NAT first checks whether a static mapping exists that matches the request.

  2. If no static mapping is found, a dynamic mapping is created. If the NAT server is configured with a single public IP address, a port mapping is created. If the NAT server is configured with multiple public IP addresses, the private IP address is mapped to a public IP address.

  3. If a NAT editor is required for the request, NAT performs the necessary modifications to the IP datagram.

  4. The IP datagram is modified to reflect the mapping and the information is stored in the mapping table.

  5. The request is forwarded to the public interface.

  6. When the results are returned to the NAT server, it uses the information in the mapping table to route the information back to the appropriate client.

For inbound traffic initiated on the Internet, the process is slightly different. This is for security purposes to protect computers on the local area network from Internet attacks. When an inbound request is received, NAT checks to see if a static mapping exists that matches the request. If there is no mapping, the request is dropped.

Enabling NAT

NAT can be enabled in one of two ways depending on the existing configuration. If Routing and Remote Access is not enabled, NAT can be enabled using the Routing and Remote Access Server Setup wizard.

To enable NAT using the wizard, follow these steps:

  1. Click Start, point to Programs, Administrative Tools, and click Routing and Remote Access.

  2. Right-click your server and click Configure and Enable Routing and Remote Access. This launches the Routing and Remote Access Server Setup wizard. Click Next.

  3. From the list of common configurations, select Internet connection server. Click Next.

  4. Select the option to Set Up a Router with the Network Address Translation (NAT) Routing Protocol (see Figure 8.7). Click Next.

    Figure 8.7. Enabling Network Address Translation.

    graphics/08fig07.jpg

  5. Select the public interface used to connect to the Internet. If necessary, create a new demand-dial connection. Click Next.

  6. Click Finish.

In some cases, Routing and Remote Access may already be enabled on your system. If this is the case, you can use the following process to manually enable and configure NAT. Before you begin, make sure the internal interface is assigned an IP address of 192.168.0.1 and a subnet mask of 255.255.255.0 (this address can be changed if necessary). The ISP will provide the DNS settings you configure. The external interface will be configured with an IP address from your ISP. If necessary, create a new demand-dial interface within the Routing and Remote Access console (refer to Chapter 7 for step-by-step instructions).

To manually enable NAT, follow these steps:

  1. Within the Routing and Remote Access console, expand IP Routing. Right-click General and select New Routing Protocol.

  2. From the New Routing Protocol window, select Network Address Translation (NAT) (see Figure 8.8). Click OK.

    Figure 8.8. Adding the Network Address Translation protocol.

    graphics/08fig08.jpg

  3. Select Network Address Translation. The available interfaces will be displayed.

  4. To add additional interfaces, right-click Network Address Translation and select New Interface.

  5. From the New Interface for Network Address Translation window, select the appropriate interface and click OK (see Figure 8.9). The Network Address Translation Properties window appears.

    Figure 8.9. Adding a new NAT interface.

    graphics/08fig09.jpg

  6. From the General tab, ensure that Public Interface Connected to the Internet is selected as well as the option to Translate TCP/UDP Headers (see Figure 8.10). Click OK.

    Figure 8.10. Enabling a public interface.

    graphics/08fig10.jpg

  7. To configure the private NAT interface, repeat the process outlined in step 5. When the Network Address Translation properties window appears, select the Private Interface Connected to Private Network option. Click OK.

graphics/tip_icon.gif

To configure a computer to use a NAT server, the default gateway on the client must be pointing to the IP address assigned to the internal interface of the NAT server.




Windows 2000 Network Infrastructure Exam Cram 2 (Exam 70-216)
MCSE Windows 2000 Network Infrastructure Exam Cram 2 (Exam Cram 70-216)
ISBN: 078972863X
EAN: 2147483647
Year: 2005
Pages: 167

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net