NAT or Network Address Translation is a method of providing Internet access to computers that are using a private IP. Because Internet evolved in an unanticipated manner, private IP address were invented to provide a method of saving public addresses from depletion. By using private non routable network addresses, large enterprises were able to expand without considering the number of public IP addresses needed. NAT is the mechanism which allows a computer using a private IP to communicate within the Internet by “translating” its IP into a public routable address. Imagine a company using 500 computers that is implementing NAT to provide Internet access for all these computers. Around 2 or 3 public IPs would be sufficient to provide connectivity with external computers. There are three private IP classes used with NAT:
192.168.0.0 – 192.168.255.255
172.16.0.0 – 172.31.255.255
10.0.0.0 – 10.255.255.255.0
Companies are usually using dedicated devices such as routers to provide NAT capabilities. Such device would be placed at the edge of the network and would be responsible for forwarding network packets from the private network to the Internet and vice-versa. These network devices must not have high down-times caused by maintenance or updates this is why, routers are preferred instead of servers. Servers are also more susceptible to infection or slow performance caused by viruses or malfunctioned applications. If needed, NAT can be configured on a Windows Server so, I will show you how to enable this feature. You would need a Windows server that is using two network interfaces, one connected to the Internet using a public IP address and another one connected to the private network. For testing purposes I’m using a virtual machine. Windows Server 2008 provides two NAT mechanisms:
ICS (Internet Connection Sharing) – used by small companies with few devices which require Internet connection. With ICS enabled, a computer would act as the center point in the communication process between private and public computers. Before enabling ICS on a Windows Server, make sure that one interface is using a public IP address. Open Control Panel, navigate to Control Panel\Network and Internet\Network Connections, right click the network interface on which you’d like to enable ICS and select Properties. In the Ethernet Properties panel select the Sharing tab and check the Allow other network users to connect through this computer’s Internet Connection box and choose what private network interface will be used in the ICS process.
If needed, you can check the allow other network users to control or disable the shared Internet connection. Press settings to explore additional features provided by ICS:
You can allow external users to access services hosted in your private network, just check the desired network service.
Routing and Remote Access Services – this feature is generally used by enterprises with offices in different geographical areas and multiple interconnected subnets. To configure this feature, we must add the Network Policy and Acces Services server role:
Note that you’ll need to enable the Routing and Remote Access Services:
After installing the server role, right click on Roles/ Network Policy and Access Services/Routing and Remote Access and select Configure and Enable Routing and Remote Access:
Read the welcome screen in the Routing and Remote Access Services Wizard and click Next. In the following window select the Network address translation (NAT) feature and click Next:
You’ll need to select the network interface that will provide Internet access to private computers. After the installation is completed, your Windows computer will be configured as a NAT server.
The NAT server is usually configured as a DNS server because network clients must be able to resolve public names. You can also configure the NAT server to forward DNS queries to the DNS server configured locally. When troubleshooting NAT, verify Event viewer under Windows Logs/System. NAT events will have the ShareAccess_NAT source:
You can also enable or disable NAT logging from the Routing and Remote Access console. On Windows clients you will need to configure the NAT server as the default gateway.
That’s it for this article folks, if you’ve enjoyed it don’t forget to share it to others. Leave any comments if you have misunderstandings and don’t forget to enjoy your day.