Configuring NAT Interfaces

Once NAT interfaces have been added, they can also be configured through their properties window. Keep in mind that the interface designated as private has a different set of property tabs than the public interface.

Configuring the Public Interface

As shown in Figure 8.10, the properties window for the public connection has three property sheets. From the General tab you can enable an interface as private or public.

Unlike ICS, NAT supports multiple public IP addresses. If you have been assigned only a single IP address from the ISP, nothing needs to be configured. If you have been allocated multiple IP addresses, the public interface must be configured with the range assigned by the ISP. Using the Address Pool tab shown in Figure 8.14, you can identify the range of addresses allocated to the NAT server.

In some cases, you may need to reserve one of the IP addresses from the public address pool for an internal computer. Clicking on the Reservations button (refer to Figure 8.14), brings up the Add Reservation window, as shown in Figure 8.15. From this window, you can map a public IP address to an internal computer. If the computer needs to be accessible to Internet users, select the option to Allow Incoming Sessions to the Address; for example, if there is a Web server on the local area network that needs to be accessible to users on the Internet.

Configuring Inbound Traffic

NAT is normally used to allow internal clients access to external resources. Once NAT is configured, clients can use their Web browsers, such as Internet Explorer, and email programs, such as Outlook Express, to create connections with external computers. Inbound traffic is accepted on the external interface as long as an internal client initiated the traffic. This is the default behavior of NAT.

However, there may be instances in which you want to make internal resources available to users on the Internet; for example, if you are running Web or FTP services on the local area network. For inbound connections to be permitted, you configure the computer on the local area network that will be made accessible to Internet users with a static IP address. Make sure that the IP address is excluded from the range being assigned by the DHCP server to avoid address conflicts.

Once the computer has been assigned a static IP address, you can use the Special Ports tab, shown in Figure 8.16, to create a static mapping.

The static mapping will map a public IP address and port number to the private IP address and port number of the internal computer. Click the Add button to designate which IP address and port number any traffic received on the public interface (or a specific IP address) should be routed to (see Figure 8.17). The incoming port identifies the port number for incoming traffic. The private address and outgoing port fields identify the private IP address of the internal computer and the port number to which traffic should be sent.

Before Internet clients can access resources on the local area network, you must assign a static IP address to the internal client and configure a special port mapping.