Sunday, 24 June 2012

Configuring Network Address Translation (NAT) on Windows Server 2008

Introduction

Network Address Translation (NAT) allows an Internet Protocol (IP) network to maintain public IP addresses separately from private IP addresses. NAT is a popular technology for Internet connection sharing.

In it's most common configuration, NAT maps all of the private IP addresses on a home network to the single IP address supplied by an Internet Service Provider (ISP). This allows computers on the home LAN to share a single Internet connection. Additionally, it enhances home network security by limiting the access of external computers into the home IP network space.

e.g. In my office I have a LAN. I want to access Internet on every computer. I cannot afford to buy separate Internet connections for each system. Here NAT helps. I will purchase a single Internet connection for the Server computer and using NAT, I can allow the remaining computers in the network to share the Internet connection.

Practical

Consider the following scenario.

Network Address Translation (NAT) Example Diagram
We have a server computer with two NICs. 
  • NIC with IP address 192.168.1.10 is connected to the Internet.
  • NIC with IP address 10.0.0.1 is connected to the LAN switch.

There are four more computers viz. with IPs 10.0.0.2, 10.0.0.3, 10.0.0.4 and 10.0.0.5 on which we need to access the Internet. NAT will help us here. So let's start with the practical.

Note: We are doing this practical using Oracle VM VirtualBox.

Step 1 : Add three NICs to the Server machine. 

(Why 3 ? we will tell it very soon. Go on performing it.)

Select Machine
Goto Settings
Network
Add 2 More Adapters and Refresh Mac Address of each.
Start the Machine

Adding NIC to a machine in Oracle VM VirtualBox

Step 2 : Configure the IP Address settings of each NIC.


Go to Network & Sharing Center
Manage Network Connections

Right Click & Disable Local Area Connection 3



Right Click on Local Area Connection 2
Properties
Uncheck Internet Protocol Version 6 (TCP/IPv6)
Select Internet Protocol Version 4 (TCP/IPv4)
Proprties & Configure as shown in the image.

IP Settings for NIC connected to LAN
Right Click on Local Area Connection 1
Properties
Uncheck Internet Protocol Version 6 (TCP/IPv6)
Select Internet Protocol Version 4 (TCP/IPv4)
Proprties & Configure as shown in the image.

IP Settings for NIC connected to Internet

Step 3 : Install Role Netwrok Policy and Access Services

Goto Server Manager and Install Role Netwrok Policy and Access Services -> Next -> Next
Select Routing and Remote Access Services (2 more options will get selected automatically)
-> Next -> Install -> Close

Step 4 : Configuring Network Address Translation (NAT) Service

Start -> Administrative Tools -> Routing and Remote Access

Right Click on SERVER(local) -> Configure and Enable Routing and Remote Access -> Next
Select Network Address Translation (NAT) -> Next
Select the NIC connected to Internet (In our case NIC with IP Address 192.168.1.10) ->
Select NIC to which local network is configured. (In our case NIC with IP 10.0.0.1)

Do you remember we added 3 NICs though we need only 2 as per the diagram. We did that to see this window of selecting NIC connected to LAN. If we add only two NICs and do this practical then after selecting NIC connected to Internet, it automatically takes the other NIC as connected to LAN and this window is skipped.

-Next -> Finish


Step 5 : Configuring Client Machine

On Client, open Network and Sharing Center and configure the IPv4 settings of the NIC as shown in the following image.


IP Settings of Client Machine NIC
We are done with the practical. To test go to command prompt and execute the following ping commands from the client machine.
  • ping 10.0.0.1 -t
  • ping 192.168.1.10 -t

You will receive reply from both. A reply from 192.168.1.10 means you are allowed to access the public network i.e. the Internet.



Ping reply from both the NICs

No comments:

Post a Comment

Your comments are very much valuable for us. Thanks for giving your precious time.