Sharing Internet Connections with NAT

[October 29, 2001]
Sharing Internet Connections with NAT
By: Shawn Porter
Feature
InstantDoc #22798
Web Exclusive from Windows IT Pro

Get security and cost-effective Internet sharing

In this age when limited IP addresses conflict with the ever-expanding number of computers attached to the Internet, many companies and home users have had to look for ways to use one IP address to connect their networks to the Internet. Trying to keep such systems secure is a challenge. Enter Network Address Translation. NAT can be a useful tool for home networks and large companies alike. You can configure NAT quickly and easily in Windows 2000 Server, allowing for inexpensive Internet sharing and basic security.

A Crash Course in NAT
NAT is a popular way to share out a common Internet IP address to systems within your network. In its most fundamental form, NAT passes the external valid IP address that your ISP provides to the internal invalid IP address on your system behind your NAT implementation. (By invalid I mean addresses such as those in the 10.x.x.x range or 192.168.x.x range that work fine on internal networks but don't work on the Internet.)

When a system on your internal network requests data (e.g., a Web page), the system sends the request to the Internet. However, the request first passes through the NAT server. NAT then assigns a port through which the system's communications will pass (typically, a high-number port that isn't in use—e.g., 3003) and records the port number in a table. Next, NAT packs up the packet and stamps it with a unique, valid IP address that the packet uses to connect to the Internet. When the Web server receives the packet, the Web server completes the request and sends the packet back to the NAT server because that's the IP address the Web server sees. The NAT server receives the data, reads the return address port that it had previously specified for the packet, and routes the data to the appropriate system on the internal network.

For example, let's say a client sends a Web page-request packet to an external Web server. The packet has the client's internal source address (10.0.1.12). The destination is the Web server's address (125.108.0.9) and port 80. The NAT server receives the packet, chooses a free port number—5002—on its system, then adds an entry in the translation table that links packets coming to port 5002 to client address 10.0.1.12 and port 3003. Then, NAT replaces the source address with its own address and the source port 3003 with port 5002 and puts the packet on the Internet. The Web server receives the packet and responds with the Web page, sending packets to the NAT server on port 5002. The NAT server receives the Web page, replaces the port with 3003 and the destination address with the client's address, then puts the packet onto the internal network.

Cost-Effective Internet Sharing
NAT can be practical for almost any small network that wants to share out its Internet connection. However, NAT doesn't scale up well to larger networks and can become rather ineffective because of the amount of time necessary to process, send, and receive requests from clients within the network. Therefore, you might think that only a home user or a small business can truly benefit from NAT—an assumption that isn't necessarily true. In many situations, NAT can help a large organization with an expansive network.

For example, let's say that a large organization has several small field offices that run on tight budgets. The field offices each need to network 10 systems to the Internet, but budgetary limitations don't let them purchase additional expensive hardware. Those offices could configure their network servers to use NAT. Thus, the small field offices get the Internet sharing they need for little cash outlay.

Many hardware routers include NAT support. Even the new battery of inexpensive small office/home office (SOHO) cable and DSL routers often come with a built-in NAT option. (You can install and configure NAT even if you don't have a broadband Internet connection, although high-speed connections are optimal.) However, what if you don't have the resources to purchase a NAT-enabled Cisco router for your network? What if the NAT-capable inexpensive cable and DSL routers aren't flexible enough to suit your needs (e.g., they can't connect enough systems because of insufficient network connections, they don't have the ability to block specific ports)? In situations such as these, you can turn to your OS for assistance. You can configure NAT in most OSs, including most types of Linux. Even Windows NT 4.0 has the ability to configure NAT, although doing so is often a difficult and cumbersome endeavor. Of the current OSs, Win2K provides one of the best implementations of NAT I've seen. NAT in Win2K is quick and easy to set up as well as fairly flexible in its design.

A word of caution: If you decide to implement NAT in an OS or with additional NAT software, keep in mind that you must secure your NAT server to protect it from attacks. In addition, I recommend that you secure each system behind your NAT server with at least strong passwords and removal of unnecessary services.

Prev. page [1] 2 3 next page

You must log on before posting a comment.

If you don't have a username & password, please register now.

ADS BY GOOGLE SPONSORED LINKS

Order Your SharePoint Fundamentals CD!: Learn how to uncover rich information management capabilities with this free SharePoint CD.

Try Idera’s new SQL admin toolset!: 24 essential desktop tools for managing SQL Server for $495.

Simplify your data management: Affordable multi-database query and design tool-- free trial!

Virtualization Congress Oct. 14-16: Don't miss Virtualization Congress, the premiere EMEA conference dedicated to hardware, OS and application virtualization. Oct. 14-16 in London.

FEATURED LINKS

Master SharePoint with 3 eLearning Seminars: Learn how to customize field types, create scheduled services, and go further with the Content Query Web Part with MVP Andrew Connell. Register today!

Microsoft BI Conference – Oct. 6-8: Discover best practices and gain product insight from Microsoft’s product experts in the 2nd annual event in Seattle.

Attention User Groups & User Group Leaders...: Announcing the eNews Generator—a FREE HTML e-newsletter builder for user group leaders. Build your HTML and text e-newsletters in minutes. And add Windows IT Pro & SQL Server Mag articles alongside your own message!.

Get SQL Server 2008 at SQL Connections: Don’t miss SQL Server Magazine Connections Conference, the premier event for Microsoft developers and DBAs, in Las Vegas, November 10-13. Every attendee will receive a copy of SQL Server 2008 Standard Edition with one CAL.

SQL Server Magazine Master CD: Take the Experts with You!: Find the solutions you need in thousands of searchable articles, helpful bonus content, and loads of expert advice with the SQL Server Magazine Master CD. Order comes with a 1-year subscription to the new, online articles posted every day!

	SQL Server Magazine Register Subscribe FAQ for Windows WinInfoNews
	Contact Us / Customer Service Editorial Calendar Media Kit Affiliates / Licensing Technical Resources Directory
	Windows IT Pro Office & SharePoint Pro Windows Dev Pro IT Library Connected Home Windows Excavator SuperSite IT Job Hound ITTV

	Copyright © 2008 Penton Media, Inc. All rights reserved. Terms and Use Privacy Statement Reprints and Licensing

Search

Related Whitepapers

Related Events

Related eBooks

Related Essential Guides

Related Resources

vLabs Links

SQL Job Openings

ADS BY GOOGLE SPONSORED LINKS

FEATURED LINKS