NAT Setup and Configuration
Win2K Server provides fairly complete NAT support out of the box and even provides an easy-to-use wizard to help you with basic NAT configuration. In Win2K, you implement NAT through RRAS.
For this example of a basic setup, you need Win2K Server installed with two NICs. Connect one NIC to the Internet and the other to the network. In this example, you can substitute the Internet connection with a dial-up connection or even a direct cable connection. In addition, if you have only one other computer in your network, the connection to the internal network can be a crossover cable connected to a second PC. (Crossover cables are the same as network cables except a few of the wires inside the cable are switched, letting two systems communicate directly, without a network hub or switch.)
I also recommend that you run DHCP for your Internal network systems to make managing connections to your NAT server easier. Make sure that for your DHCP services, you specify the gateway as the internal IP address of your NAT server. In this way, when you've implemented NAT and your systems on the internal network connect to the Internet, those systems will point to the NAT server and thus gain Internet access. Remember that you should never place the server that provides DHCP addresses on your external Internet connection. If the DHCP server is open to the Internet, anyone on the same subnet as the DHCP server and using the same Internet provider could send a DHCP request and possibly hop on to your network without needing to be physically plugged in to it.
To begin configuring your NAT service, first ensure that the server is running and you're logged on as an Administrator. Next, open the RRAS console by clicking Start, Programs, Administrative Tools, Routing and Remote Access. (If you've installed but not enabled RRAS, you might see a red dot beside your server. Right-click the server you're going to use for RRAS, then select Configure and Enable Routing and Remote Access. In the introductory dialog box of the RRAS Configuration Wizard, click Next. The Common Configurations dialog box lists the options that are available. Choose the Internet Connection Server option, then click Next. In the Internet Connection Server Setup dialog box, select the Set up a router with the Network Address Translation (NAT) routing protocol option, as Figure 1 shows, then click Next. The next dialog box displays the two NICs that you installed. Select the NIC that connects to the Internet, then click Next.
Depending on your server configuration, after you've selected the Internet NIC, the wizard requests which NIC you want to use for your internal network connection. The wizard might also display a dialog box stating that the IP address for the internal NIC must be an invalid IP address. If such a dialog box appears, the wizard will either make the change automatically or let you make the change manually. If the option to make the change manually is available, follow the appropriate prompts. Otherwise, click Next, Finish. When you've configured NAT, your NAT server will appear in the Routing and Remote Access console, as Figure 2, page 5, shows.
Securing Your NAT Server
If you've performed the steps I've laid out, NAT starts working right away. If NAT doesn't start right away, reboot both the server and your workstation to refresh all the new settings. Next, use a Web browser on a machine that's on the internal network to try to connect to a Web site. If you can't surf the Web as usual, double-check your Internet connection on the NAT server. If the connection is working, you might have selected the wrong interfaces in the RRAS Configuration Wizard, or you might not have configured your DHCP service with the appropriate information. Double-check your settings in RRAS, then make the appropriate changes.
When your NAT service is functioning properly, you can configure special ports that let data pass to a specific address on the internal network. To configure these ports, right-click the interface (Public or Private) that's connected to the Internet, then select Properties. In the connection's Properties dialog box, click the Special Ports tab, then specify the TCP and UDP ports that you want to open for your clients on the network.
In addition to opening special ports, you can also secure your NAT-enabled server and network by blocking access according to IP address. To block access, open the RRAS console, then locate your NAT server. Double-click the NAT server to display the folders that reside beneath it. Click the General folder to display its contents in the right pane of the RRAS console. At least three entries appear: Internal, External, and Loop Back. Right-click External in the right pane, then select Properties. In the External Properties dialog box, click the General tab. Choose the Input Filters option to open the Input Filters dialog box, which Figure 3 shows. From this dialog box, you can specify network addresses and protocols that you don't want to connect to a particular network or address. Click Add. In the Edit IP Filter dialog box, which Figure 4 shows, use the Protocol drop-down list to see the list of protocols that you can block.
Prev. page
1
[2]
3
next page 
