Application of server and router NAT technology (1)

I often hear network administrators talk about NAT technology. When will NAT technology be used? There are two main aspects: first, the public IP address is not enough. When an enterprise only rents a limited number of public IP addresses, it is impossible to allocate a public IP address to each internal computer, how can I solve the problem of insufficient IP addresses?
In this case, you can use NAT technology. Multiple internal computers use the same public IP address when accessing the INTERNET. The second is that when the company wants to effectively protect the security of internal computers, it can use NAT technology, all computers in the internal network are protected by routers or server firewalls when accessing the internet. Hacker and virus attacks are blocked on the network egress device, greatly improving the security of the internal computer.
I. NAT Server:
Next, I will take you step by step to configure and enable the NAT Function on the Windows 2003 Server.
1. Specific Network Environment:
China Telecom's ADSL, one vswitch, one server, several clients, and network cables are ready. All machines use windows2000 or XP.
2. configure Server NAT address translation
Step 1: Start "route and remote access" and use "start"> program ">" Administrative Tools ">" route and remote access "to list local computers as servers by default. To add other servers, right-click "server status" in the console directory tree and click "Add Server ".
Step 2: Right-click the server you want to enable, and click "configure and enable Routing and Remote Access" to start the Configuration Wizard.
Step 3: Click Next when the welcome page appears. The Select Server role settings page appears, select "Network Address Translation NAT", and then click Next.
Step 4: Select "use Internet connection" on the Internet connection page and select "Internet connection" in the following Internet list. We will allow the client to access the Internet through this connection, as shown in the interface. Click Next to continue.
TIPS: This is very important. You must not select an incorrect interface between the Intranet and the Internet. Otherwise, the configured NAT cannot take effect. Therefore, we modified the name of the local connection above, it is clear here.
The "enable basic Name and Address" dialog box is displayed. If you do not have DHCP or DNS servers, you can enable them and click "Next. After the Wizard is complete, the system starts the Routing and Remote Access functions and completes initialization.
Configure a static route. In the Routing and Remote Access window, choose Server> IP Route> static route ". Right-click static route and select new static route ". In the "Static Routing" configuration dialog box that appears, select "Internet connection" at the interface, fill in "0.0.0.0" for the target and subnet mask, and fill in "1" for the hops ". Click OK to exit.
Tip: when both the target and subnet mask are set to 0.0.0.0, this static route is the default route, and any data packets sent to the Internet are transmitted through the Internet interface.
3. Test configuration results
Ping the local address of the NAT server from any client, that is, ping 192.168.1.254. Ping the peer address of the local address of the NAT server using the client, that is, the IP address dynamically obtained through ADSL. The IP address is a public IP address.) Ping the client from the server, for example, ping 192.168.1.2.
If all the above PING operations are successfully connected, the NAT settings are successful, and the computers on the internal network are protected by servers, the IP address used for data transmission over the INTERNET is also the IP address obtained by the server through ADSL dialing.
Summary:
NAT is favored by many small and medium-sized enterprises. A server can be easily configured as a NAT server, provided that two NICs must be installed. The security and reliability of the NAT network are greatly improved. However, NAT also has a disadvantage, that is, the transmission speed is affected to some extent because data packets must undergo an address conversion process.
2. Step by step teach you how to configure NAT Huawei 3COM)
In the previous article, we explained how to use the WINDOWS operating system to create a NAT server step by step to teach you how to configure a NAT server), successfully hiding the Intranet computer under the NAT server, on the one hand, improves network security, on the other hand, the problem of insufficient public network IP addresses is solved. We can also configure the vro so that the vro can act as a NAT packet while routing data packets. Today, we will teach you detailed configuration instructions.
1. Network Environment:
The Intranet user IP address is 10.83.91.0/255.255.254.0, that is, the IP address is two class C addresses, ranging from 10.83.91.0 to 10.83.92.255. The vro uses the 2621 product produced by Huawei, which has two ethernet statements for use. Port 1 connects to the Internet and the IP address is a public IP address. Port 2 connects to the Intranet and the IP address is a private IP address.
2. configuration process:
The company wants to configure the NAT Function on the vro to allow users in the Intranet to access the Internet through NAT. 2621 the Internet interface IP address is 61.51.3.103 (Public IP address) and the Intranet interface IP address is 10.83.91.254. The NAT configuration command is as follows. I will describe it in detail one by one.
"Acl 1"
Command explanation: Set an access control list with the list number 1.
"Rule normal permit source 10.83.91.254 0.0.1.255"
Command explanation: Add Rules for the access control list to allow all IP addresses in the 10.83.91.254/255.255.254.0 CIDR block to pass. Note that the reverse mask format 0.0.1.255 is used in the command. In fact, it indicates that the subnet mask is 255.255.254.0.
"Nat outbound 1 interface"
Command Description: Set the NAT egress interface, that is, the Internet interface, to enable the NAT Function. The host that allows NAT is the address specified in Access Control List 1.
Tip: When the NAT feature is enabled on a Huawei router, an EASYIP technology is used to map Intranet IP addresses to the IP addresses of the router's Internet interface, so that multiple Intranet IP addresses correspond to one public IP address, this technology can save one public IP address in quantity.