McAfee Secure

Network Address Translation

Exam: Microsoft 70-649 - TS: Upgrading Your MCSE on Windows Server 2003 to Windows Server 2008, Technology Specialist

NAT enables the use of a host with two or even more network adapters for sharing an internet connection with hosts on a private network. NAT is different from routing for it allows hosts on a private network but does not allow hosts that are on the internet to have direct access to hosts on the private network. An exception to the rule is Post forwarding. In Windows Server 2008 environment there are two kinds of NAT -

  • NAT through Routing and Remote Access: It allows use of internal network addresses with multiple subnets and allows using separate DHCP servers for providing addresses to the hosts on a network that is internal. The deployment of this kind of NAT can be done in combination with Network Access Protection (NAP) with DHCP enforcement.
  • NAT through ICS: This type of NAT supports a single subnet only with the addresses on the network. While using ICS, its DHCP server has to be used and it cannot be used with NAP with DHCP enforcement. It is possible to use NAP with IPsec enforcement and with 802.1x enforcement. NAT is principally employed through ICS on networks that have less than ten hosts as in the case of retail outlets or a branch office.

Configuring NAT

For configuring NAT using Routing and Remote Access, the Routing and Remote Access Server Setup Wizard has to be run followed by selecting Network Address Translation as shown in the figure below. The wizard asks for specifying the interface that is can be addressed from the internet. A new demand dial interface can be created in order that a connection can be initiated through a modem using RRAS.

Set up NAT through the Routing And Remote Access Server Setup Wizard

Set up NAT through the Routing And Remote Access Server Setup Wizard.

For configuring NAT, the following steps need to be followed:

  1. The first step is to open the Network And Sharing Center, followed by clicking on Manage Network Connections.
  2. The next step is to click on the network interface connecting to the Internet. Here Properties has to be selected followed by clicking on Continue for dismissing the User Account Control dialog box.
  3. In the Network Interface Connection Properties dialog box, click on the Sharing tab followed by selecting the check box

    Allow Other Network Users To Connect Through This Computer's Internet Connection, as represented in the figure below.

Enabling ICS

Enabling ICS.

Port Forwarding

Port forwarding allows redirecting the traffic that is targeted to a port on the public interface of the NAT server to a host on an internal network. Its working is based on interface address and not on the hostname. This means that the requests cannot be forwarded to different hosts on the internal network. Go through the following steps for configuring port forwarding:

  1. The first step involves opening the Routing And Remote Access console and navigating to the Server\IPv4\NAT node.
  2. The next step involves right clicking the network interface connected to the Internet, and then selecting Properties. This will open the Network Interface Connection Properties dialog box.
  3. On the tab Services And Ports tab, click on the check box with the name of the service to be forwarded from the network interface which is connected to the Internet to a host on the internal network followed by clicking on Edit.
  4. This will open the Edit Service dialog box where the IP address of the internal network host to which the NAT forwards the traffic to the port.

Port forwarding can also be configured using the netsh command-line tool.