Network Address Translation in Windows 2000 - PowerPoint PPT Presentation

1 / 44

About This Presentation

Title:

Network Address Translation in Windows 2000

Description:

More configurable than ICS and offers added features. 9. Overview ... More configurable. Able to control the DHCP Allocator and DNS Proxy ... – PowerPoint PPT presentation

Number of Views:29

Avg rating:3.0/5.0

Slides: 45

Provided by: anned156

Category:

more less

Transcript and Presenter's Notes

Title: Network Address Translation in Windows 2000

1
Chapter 9

Network Address Translation in Windows 2000

2
Learning Objectives

Explain the differences between Internet
Connection Sharing (ICS) and Network Address
Translation
Describe the address translation process
Install and configure ICS on Windows 2000 Server
or Professional
Install and configure NAT on Windows 2000 Server
Monitor and manage NAT

3
Overview

Network Address Translation (NAT)
A protocol that provides a way for multiple
computers on a network to share a single
connection to the Internet via an Internet
Service Provider
Runs only on the Windows 2000 Server family,
implemented as a routing protocol within the RRAS
More configurable than ICS and offers added
features

4
Overview

Internet Connection Sharing (ICS)
Simplified version of the NAT protocol that is
easy to configure and mange
Available in Windows 98, Windows Millennium
Edition, Windows 2000 Server, and Windows 2000
Professional
Not as configurable as NAT

5
Benefits of Address Sharing

Inherent security benefit
Cost
Simplicity

6
Public and Private Addressing

Public address
Any address not belonging to one of the three
ranges of IP addressees designated as private by
Internet authorities
Private address
Any address belonging to one of the three ranges
of IP addresses designated as private by Internet
authorities
With NAT, private networks now have a way of
transferring information to the Internet, even
though they only use private addresses

7
How NAT Works

A NAT server is basically an IP router that maps
the IP addresses and TCP/UDP port numbers of
packets as those packets are forwarded between
the public and private interfaces of the NAT
server

8
How NAT Works

Two forms of mapping are available
Dynamic mappings
Are created when users on the private network
initiate traffic with a public Internet location
NAT service automatically translates the IP
address and source ports and adds these mappings
to its mapping table
Static mappings
Define in advance how to map certain addresses
and ports instead of letting mappings happen
automatically
Most commonly used to host some form of Internet
service on a private computer

9
NAT Editors

For NAT to translate packets directly between a
private and public network
Packets must have an IP address in the IP header
Packets must have either a TCP or UDP port number
in the IP header
NAT editor
An installable component that modifies packets so
that NAT can translate them

10
NAT Editors

Windows 2000 includes built-in NAT editors for
FTP, ICMP, PPTP, and NetBT
Windows 2000 includes proxy software for H.323,
Direct Play, ILS registration, and RPC
NAT protocol does not support Kerberos
authentication or IPSec protocol

11
DHCP Allocator

Simplified version of a DHCP server used by NAT
to assign IP addressing information automatically
to clients on the private network

12
Host Name Resolution

DNS proxying is used to resolve remote host names
on the Internet

13
Differences betweenICS and NAT
14
Advantages of NAT over ICS

More configurable
Able to control the DHCP Allocator and DNS Proxy
Able to maintain multiple public IP addresses

15
Installing and Configuring Internet Connection
Sharing

Easy, but has little flexibility
Primarily for users with a small home or office
network on a single network segment and a single
Internet connection to share
The only choice, unless you run Windows 2000
Server on the computer with the Internet
connection

16
Installing the ICS Service

Preliminary requirements
Computer on which you plan to enable ICS actually
has a functioning Internet connection
Network adapter
Is installed on the ICS computer
Is configured and functioning properly
Connects properly to other computers on the
network

17
Installing the ICS Service

Use a single check box on the Sharing property
page of an Internet connections properties

18
Once the ICS Is Installed

Network adapter in the ICS computer is assigned
the IP address 192.168.0.1 and the subnet mask
255.255.255.0
ICS service starts and is configured to start
automatically each time the computer starts
DHCP Allocator service starts and is configured
to start automatically with Windows

19
Configuring ICS

Takes place from the Sharing page of the
adapters properties dialog box
Click Settings button to open a dialog box that
allows configuration of two groups of settings
that determine what entries are preloaded in the
NAT mappings table on the ICS computer
Properties boxes
Applications
Services

20
Applications Properties

Controls static outbound mappings
Used to create predefined routings for Internet
services that you want users to be able to access

21
Applications Properties
22
Services Properties

Controls static inbound mappings
Used to allow hosts on the Internet to access
certain resources on the private network
Most common service types FTP, IMAP3, IMAP4,
SMTP, POP3, and TELNET

23
Services Properties
24
Installing and Configuring Network Address
Translation

NAT protocol offers much more potential for
configuration than its ICS implementation
Preliminary requirements
Internet connection works
Adapters connected to internal networks are
configured properly

25
Installing the NAT Service

Ensure that your server supports routing
Install NAT (on Windows 2000 Server only) as a
routing protocol in the RRAS snap-in
Add the NAT protocol to the interfaces you want
to use
Configure the protocol and interfaces for use

26
Installing NAT Along with RRAS

Log on to server with Administrator privileges
and open the RRAS utility from the Administrative
Tools program group on Start menu

27
Installing NAT Along with RRAS
28
Installing NAT Along with RRAS

Right-click name of the server
Choose Configure and Enable Routing and Remote
Access from shortcut menu to begin the RRAS Setup
Wizard, which takes you through several
configuration steps
Select type of configuration you want to install
Choose the Internet connection server option
Choose to set up the NAT option
Choose Internet connection to share

29
RRAS Setup Wizard
30
RRAS Setup Wizard
31
Configuring NAT Interfaces

Before you can use NAT on your network, make sure
that a NAT interface exists for any interfaces on
your local or your public network
Create the interface for the local network first
and the public network second

32
Adding a NAT Interface

Right-click the Network Address Translation
container in the RRAS
Choose a New Interface command
Select the appropriate network adapter for which
to create the interface

33
Adding a NAT Interface
34
Configuring NAT Interface Properties

General
Address Pool
Special Ports

35
Configuring NAT Interface Properties General

Choose the type of interface
Create an interface connected to the private
network
Create an interface connected to the public
network

36
Configuring NAT Interface Properties Address Pool

Controls public IP addresses associated with the
interface

37
Configuring NAT Interface Properties Special
Ports

Provides another way to edit the NAT mapping
table
Allows you to specify to which ports inbound
traffic should map

38
Configuring NAT Interface Properties Special
Ports

Specify any number of public port numbers that
you want channeled to special private hosts
Controls supported by Edit Special Port dialog
box
Public Address
Incoming port
Private address
Outgoing port

39
Configuring NAT Properties