Understanding Network Address Translation

Network Address Translation (NAT) allows you to hide a group of computers (such as a network) behind one public IP address. In the Unix world, this is known as IP masquerading . Basically, your network sits behind the NAT server, which also is typically a proxy server and/or firewall. This means that you only need one "legal" IP address for the server running the NAT software. The IP addressing scheme that you use on the computer network behind the NAT server is really up to you (although there are ranges of IP addresses reserved for this purpose, which we will discuss in a moment).

The Internet connection sharing service provided by Windows 2000 and Windows XP (discussed earlier in the chapter) is really an example of the use of NAT. Windows Server 2003 also offers a full-blown version of the NAT service as part of its Remote Access and Routing features.

Because the purpose a proxy server is to hide a trusted network from an untrusted network, many proxy servers also offer NAT. For example, AnalogX Proxy Server is freeware provided by AnalogX (check out the Web site at www.analogx.com; it offers a number of very useful freeware utilities and applications). AnalogX allows you to connect several computers to one Internet connection. In theory, it works in a fashion that is similar to the Internet connection sharing feature provided by Microsoft Windows.

The AnalogX Proxy Server software is installed on a computer that is outfitted with two NICs. One of the NICs is configured with an IP address provided by your ISP (or receives its IP address from the ISP's DHCP server) and is connected to the ISP. The other NIC is connected to your network and configured with an IP address that is consistent with the pool of addresses you use for your internal network. ARIN has actually blocked out a range of IP addresses in each of the three address classes (A, B, and C), as shown here:

  • Class A: to, with a subnet mask of

  • Class B: to, with a subnet mask of

  • Class C: to, with a subnet mask of

The great thing about using a proxy server with NAT capabilities (or a NAT server) is that you can use as many IP addresses as required internally. For example, you can treat your internal network as if it is a Class A or Class B network, which provides a huge number of addresses. Remember, NAT only requires one "official" IP address for the proxy or NAT server that sits between your network and your ISP.

AnalogX Proxy Server is actually quite amazing in that it provides proxy server caching, NAT, and some firewall capabilities. It also runs on a number of different versions of Microsoft Windows, making it easy to implement for a small office or home business. Figure 15.6 shows the simple interface provided by AnalogX Proxy Server.

Figure 15.6. The AnalogX Proxy Server software provides a simple proxy server that also provides network address translation.


It allows you to toggle Internet services such as HTTP and FTP on and off, and it also allows you to configure email aliases for users on the network. This allows you to use any number of email accounts provided by your ISP (without the need for an IP address for each computer accessing an email account).

Proxy servers and NAT not only provide security and filtering capabilities for large networks, but a proxy server with NAT capabilities can offer low-cost connection options for small companies and home businesses that want to attach more than one computer to a single Internet connection. As with anything else you do associated with networking your business, you need to do research on the options available for the particular client OS and NOS platforms you are running on your network.

The Absolute Minimum

In this chapter we took a look at the issues of connecting a network to the Internet. Issues related to ISP selection, acquiring a domain name , and using proxy servers and Network Address Translation were also discussed.

  • The Internet backbone is made up of a number of metropolitan area ethernets (MAEs). Connection to an MAE is provided by a network access point (NAP). Communications companies such as Sprint operate NAPs.

  • Internet service providers (ISPs) provide a full complement of Internet services, including email and Web hosting.

  • Any of the WAN technologies can be used to connect to an ISP or an IAP, including T lines, Frame Relay, and DSL. Cable television companies also offer cable modem connections to the Internet.

  • Domain names are procured from domain registration providers. IP addresses can be obtained from your ISP or, for large corporations, directly from ARIN.

  • Microsoft Windows 2000, Windows XP, and Windows Server 2003 offer Internet connection sharing, which allows you to connect a number of computers to the Internet using one Internet connection.

  • Proxy servers provide a barrier between trusted networks and untrusted networks. Proxy servers can provide Web page caching, Network Address Translation, and some firewall capabilities.

  • Network Address Translation allows you to masquerade a number of computers through one "legal" public IP address.

Absolute Beginner's Guide to Networking
Absolute Beginners Guide to Networking (4th Edition)
ISBN: 0789729113
EAN: 2147483647
Year: 2002
Pages: 188
Authors: Joe Habraken

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net