NAT - Network Address Translation, is a term that comes across regularly in the production environment. Here, I would like to explain the steps that you need to follow, in order to implement NAT in a Windows 2003 Server. The steps are fairly simple and if you already have a public address, you can set it up in less than an hour.
Basically, there are two benefits in using NAT:
-
It allows to secure our internal IP addressing scheme.
-
It also allows to save costs, because we don’t need to purchase a public IP address for each host in the network. We can hide several machines under a NAT server, which is configured to use a single public IP address. If you had to purchase or reserve an IP address for each computer and host in the internal networks across the globe, there would practically be no IP address left.
Before going into the steps for implementing NAT, it will be useful to know how a NAT server modifies the outgoing and incoming packets.
-
The client machine generates a request and sends it to the NAT server. Let’s assume that the packet is intended to port 80 at 206.xx.xx.xx.
-
The NAT server scans the packet and creates an entry in the NAT table, which ties the real destination address and the port number to its origin and a substitute port number, that it chooses in random. It also replaces the source IP address in the packet with its own address, so that, replies from 206.xx.xx.xx will reach the NAT server.
NAT allows to secure our internal IP addressing
scheme, and also to save costs, because we don’t need to purchase a
public IP address for each host in the network. |
Installing NAT Using the RRAS Console
Note : You should have at least two network interfaces available on your computer for this; One for the public side and the other for the private side.
If you’ve already configured RRAS to handle some other feature, then you will need to configure NAT without deactivating RRAS, or it can lead to wiping out its configuration information.
Now, I’ll mention the steps that you need to follow if you have already configured RRAS to handle some other feature like IPX routing.
-
In the RRAS snap-in, locate the server on which you want to enable NAT. If the icon has a small red downward arrow, right-click on it and choose the “Enable And Configure Routing and Remote Access Service” command. Also, choose the option for NAT/basic firewall in the RRAS Wizard to complete the NAT installation.
-
Otherwise, right-click on the “General node” under IP Routing and select “New Routing Protocol“.
-
In the “New Routing Protocol” dialog box, select the NAT/Basic Firewall option and click OK.
-
You can see that a new node called NAT/Basic Firewall now appears under IP Routing.
Adding and Removing NAT Interfaces
Note: You have to distinguish between adapters that are connected to your local network and those connected (or that can connect) to the Internet, when adding a NAT interface.
Adding a NAT Interface
First, create an interface for your local network adapter.
Next, create the Internet adapter interface.
You can do this as follows.Next, create the Internet adapter interface.
-
Right-click on “NAT/Basic Firewall” and choose “New Interface“.
-
The “New Interface For Network Address Translation” dialog box comes up. Select the adapter that you want to use and click OK.
Setting NAT Interface Properties
The relevant options to our discussion are: the NAT/Basic Firewall, Address Pool, Services And Ports tabs. Under each tab, I will explain the options that we need to be concerned about.
The NAT table is the key to the whole process,
because it associates the original source address and port with the
destination address and port. |
The NAT/Basic Firewall Tab:
The NAT/Basic Firewall tab allows you to designate what kind of NAT interface it is.
-
The “Private Interface Connected To Private Network” radio button, is what you use to specify that the interface is bound to the adapter on your local network.
-
The “Public Interface Connected To The Internet” button specifies that the adapter is connected to the Internet.
It basically lists the configured range of public IP addresses assigned to you. The address range is typically obtained from your ISP. You can manage the pool using Add, Edit, Remove, and Reservations buttons
The Services And Ports Tab:
Suppose you need to run a web server on your local network, which should serve requests from around the globe. In this case, you can set it up in a machine with a private IP and configure NAT to forward the requests that it receives on port 80 in the public interface, to port 80 on your internal Web server.
You can specify the ports to which inbound traffic should be mapped to, using the Services And Ports tab.
The Services And Ports tab lists the port mappings you have in effect. You can manage the the port mappings using buttons at the bottom of the pane.
Configuring NAT Properties
The Properties dialog box has four tabs:
- General tab,
- Translation tab
- Address Assignment tab and
- Name Resolution tab.
General Tab
The General tab allows you to change the amount of event logging information that the NAT software writes to the system event log.
Translation Tab:
The Translation tab help us to have a control over how long the the entries, remain in the NAT table after the use..
Conclusion
On the positive side, the greatest benefit of NAT is that it has been a practical solution to the exhaustion of IPv4 address space. Networks that previously required a block of network addresses can be connected to the Internet with a single dynamic or static IP address.
No comments:
Post a Comment