Network Address Translation in Windows 2000 - PowerPoint PPT Presentation

1 / 44
About This Presentation
Title:

Network Address Translation in Windows 2000

Description:

More configurable than ICS and offers added features. 9. Overview ... More configurable. Able to control the DHCP Allocator and DNS Proxy ... – PowerPoint PPT presentation

Number of Views:29
Avg rating:3.0/5.0
Slides: 45
Provided by: anned156
Category:

less

Transcript and Presenter's Notes

Title: Network Address Translation in Windows 2000


1
Chapter 9
  • Network Address Translation in Windows 2000

2
Learning Objectives
  • Explain the differences between Internet
    Connection Sharing (ICS) and Network Address
    Translation
  • Describe the address translation process
  • Install and configure ICS on Windows 2000 Server
    or Professional
  • Install and configure NAT on Windows 2000 Server
  • Monitor and manage NAT

3
Overview
  • Network Address Translation (NAT)
  • A protocol that provides a way for multiple
    computers on a network to share a single
    connection to the Internet via an Internet
    Service Provider
  • Runs only on the Windows 2000 Server family,
    implemented as a routing protocol within the RRAS
  • More configurable than ICS and offers added
    features

4
Overview
  • Internet Connection Sharing (ICS)
  • Simplified version of the NAT protocol that is
    easy to configure and mange
  • Available in Windows 98, Windows Millennium
    Edition, Windows 2000 Server, and Windows 2000
    Professional
  • Not as configurable as NAT

5
Benefits of Address Sharing
  • Inherent security benefit
  • Cost
  • Simplicity

6
Public and Private Addressing
  • Public address
  • Any address not belonging to one of the three
    ranges of IP addressees designated as private by
    Internet authorities
  • Private address
  • Any address belonging to one of the three ranges
    of IP addresses designated as private by Internet
    authorities
  • With NAT, private networks now have a way of
    transferring information to the Internet, even
    though they only use private addresses

7
How NAT Works
  • A NAT server is basically an IP router that maps
    the IP addresses and TCP/UDP port numbers of
    packets as those packets are forwarded between
    the public and private interfaces of the NAT
    server

8
How NAT Works
  • Two forms of mapping are available
  • Dynamic mappings
  • Are created when users on the private network
    initiate traffic with a public Internet location
  • NAT service automatically translates the IP
    address and source ports and adds these mappings
    to its mapping table
  • Static mappings
  • Define in advance how to map certain addresses
    and ports instead of letting mappings happen
    automatically
  • Most commonly used to host some form of Internet
    service on a private computer

9
NAT Editors
  • For NAT to translate packets directly between a
    private and public network
  • Packets must have an IP address in the IP header
  • Packets must have either a TCP or UDP port number
    in the IP header
  • NAT editor
  • An installable component that modifies packets so
    that NAT can translate them

10
NAT Editors
  • Windows 2000 includes built-in NAT editors for
    FTP, ICMP, PPTP, and NetBT
  • Windows 2000 includes proxy software for H.323,
    Direct Play, ILS registration, and RPC
  • NAT protocol does not support Kerberos
    authentication or IPSec protocol

11
DHCP Allocator
  • Simplified version of a DHCP server used by NAT
    to assign IP addressing information automatically
    to clients on the private network

12
Host Name Resolution
  • DNS proxying is used to resolve remote host names
    on the Internet

13
Differences betweenICS and NAT
14
Advantages of NAT over ICS
  • More configurable
  • Able to control the DHCP Allocator and DNS Proxy
  • Able to maintain multiple public IP addresses

15
Installing and Configuring Internet Connection
Sharing
  • Easy, but has little flexibility
  • Primarily for users with a small home or office
    network on a single network segment and a single
    Internet connection to share
  • The only choice, unless you run Windows 2000
    Server on the computer with the Internet
    connection

16
Installing the ICS Service
  • Preliminary requirements
  • Computer on which you plan to enable ICS actually
    has a functioning Internet connection
  • Network adapter
  • Is installed on the ICS computer
  • Is configured and functioning properly
  • Connects properly to other computers on the
    network

17
Installing the ICS Service
  • Use a single check box on the Sharing property
    page of an Internet connections properties

18
Once the ICS Is Installed
  • Network adapter in the ICS computer is assigned
    the IP address 192.168.0.1 and the subnet mask
    255.255.255.0
  • ICS service starts and is configured to start
    automatically each time the computer starts
  • DHCP Allocator service starts and is configured
    to start automatically with Windows

19
Configuring ICS
  • Takes place from the Sharing page of the
    adapters properties dialog box
  • Click Settings button to open a dialog box that
    allows configuration of two groups of settings
    that determine what entries are preloaded in the
    NAT mappings table on the ICS computer
  • Properties boxes
  • Applications
  • Services

20
Applications Properties
  • Controls static outbound mappings
  • Used to create predefined routings for Internet
    services that you want users to be able to access

21
Applications Properties
22
Services Properties
  • Controls static inbound mappings
  • Used to allow hosts on the Internet to access
    certain resources on the private network
  • Most common service types FTP, IMAP3, IMAP4,
    SMTP, POP3, and TELNET

23
Services Properties
24
Installing and Configuring Network Address
Translation
  • NAT protocol offers much more potential for
    configuration than its ICS implementation
  • Preliminary requirements
  • Internet connection works
  • Adapters connected to internal networks are
    configured properly

25
Installing the NAT Service
  • Ensure that your server supports routing
  • Install NAT (on Windows 2000 Server only) as a
    routing protocol in the RRAS snap-in
  • Add the NAT protocol to the interfaces you want
    to use
  • Configure the protocol and interfaces for use

26
Installing NAT Along with RRAS
  • Log on to server with Administrator privileges
    and open the RRAS utility from the Administrative
    Tools program group on Start menu

27
Installing NAT Along with RRAS
28
Installing NAT Along with RRAS
  • Right-click name of the server
  • Choose Configure and Enable Routing and Remote
    Access from shortcut menu to begin the RRAS Setup
    Wizard, which takes you through several
    configuration steps
  • Select type of configuration you want to install
  • Choose the Internet connection server option
  • Choose to set up the NAT option
  • Choose Internet connection to share

29
RRAS Setup Wizard
30
RRAS Setup Wizard
31
Configuring NAT Interfaces
  • Before you can use NAT on your network, make sure
    that a NAT interface exists for any interfaces on
    your local or your public network
  • Create the interface for the local network first
    and the public network second

32
Adding a NAT Interface
  • Right-click the Network Address Translation
    container in the RRAS
  • Choose a New Interface command
  • Select the appropriate network adapter for which
    to create the interface

33
Adding a NAT Interface
34
Configuring NAT Interface Properties
  • General
  • Address Pool
  • Special Ports

35
Configuring NAT Interface Properties General
  • Choose the type of interface
  • Create an interface connected to the private
    network
  • Create an interface connected to the public
    network

36
Configuring NAT Interface Properties Address Pool
  • Controls public IP addresses associated with the
    interface

37
Configuring NAT Interface Properties Special
Ports
  • Provides another way to edit the NAT mapping
    table
  • Allows you to specify to which ports inbound
    traffic should map

38
Configuring NAT Interface Properties Special
Ports
  • Specify any number of public port numbers that
    you want channeled to special private hosts
  • Controls supported by Edit Special Port dialog
    box
  • Public Address
  • Incoming port
  • Private address
  • Outgoing port

39
Configuring NAT Properties
  • Right-click Network Address Translation container
    in RRAS snap-in
  • Choose Properties from the shortcut menu
  • Property pages for the NAT protocol
  • General
  • Translation
  • Address Assignment
  • Name Resolution

40
Configuring NAT Properties General
  • Used only to configure the level of event logging
    that the NAT protocol sends to the Windows 2000
    system event log
  • Default Log only errors

41
Configuring NAT Properties Translation
  • Used to set the lifetime for TCP and UDP mappings
    in the NAT table
  • Defaults
  • To keep TCP entries for 24 hours
  • To keep UDP entries for one minute

42
Configuring NAT Properties Address Assignment
  • Controls whether the DHCP Allocator is used or not

43
Configuring NAT Properties Name Resolution
  • Controls whether the NAT server should resolve
    DNS names to IP addresses for connecting clients

44
Chapter Summary
  • Benefits of address sharing
  • Public and private addressing
  • How NAT works
  • Differences between NAT and ICS
  • Installing and configuring Internet Connection
    Sharing
  • Installing and configuring Network Address
    Translation
Write a Comment
User Comments (0)
About PowerShow.com