Network Address Translation (NAT) allows you to hide a group of computers (such as a network) behind one public IP address. In the Unix world, this is known as IP masquerading . Basically, your network sits behind the NAT server, which also is typically a proxy server and/or firewall. This means that you only need one "legal" IP address for the server running the NAT software. The IP addressing scheme that you use on the computer network behind the NAT server is really up to you (although there are ranges of IP addresses reserved for this purpose, which we will discuss in a moment). The Internet connection sharing service provided by Windows 2000 and Windows XP (discussed earlier in the chapter) is really an example of the use of NAT. Windows Server 2003 also offers a full-blown version of the NAT service as part of its Remote Access and Routing features. Because the purpose a proxy server is to hide a trusted network from an untrusted network, many proxy servers also offer NAT. For example, AnalogX Proxy Server is freeware provided by AnalogX (check out the Web site at www.analogx.com; it offers a number of very useful freeware utilities and applications). AnalogX allows you to connect several computers to one Internet connection. In theory, it works in a fashion that is similar to the Internet connection sharing feature provided by Microsoft Windows. The AnalogX Proxy Server software is installed on a computer that is outfitted with two NICs. One of the NICs is configured with an IP address provided by your ISP (or receives its IP address from the ISP's DHCP server) and is connected to the ISP. The other NIC is connected to your network and configured with an IP address that is consistent with the pool of addresses you use for your internal network. ARIN has actually blocked out a range of IP addresses in each of the three address classes (A, B, and C), as shown here:
The great thing about using a proxy server with NAT capabilities (or a NAT server) is that you can use as many IP addresses as required internally. For example, you can treat your internal network as if it is a Class A or Class B network, which provides a huge number of addresses. Remember, NAT only requires one "official" IP address for the proxy or NAT server that sits between your network and your ISP. AnalogX Proxy Server is actually quite amazing in that it provides proxy server caching, NAT, and some firewall capabilities. It also runs on a number of different versions of Microsoft Windows, making it easy to implement for a small office or home business. Figure 15.6 shows the simple interface provided by AnalogX Proxy Server. Figure 15.6. The AnalogX Proxy Server software provides a simple proxy server that also provides network address translation.
It allows you to toggle Internet services such as HTTP and FTP on and off, and it also allows you to configure email aliases for users on the network. This allows you to use any number of email accounts provided by your ISP (without the need for an IP address for each computer accessing an email account). Proxy servers and NAT not only provide security and filtering capabilities for large networks, but a proxy server with NAT capabilities can offer low-cost connection options for small companies and home businesses that want to attach more than one computer to a single Internet connection. As with anything else you do associated with networking your business, you need to do research on the options available for the particular client OS and NOS platforms you are running on your network.
|