Instance description server and router NAT technology application (1)

I often hear network administrators talk about NAT technology. When will NAT technology be used? There are two main aspects: first, the public IP address is not enough. When an enterprise only rents a limited number of public IP addresses, it is impossible to allocate a public IP address to each internal computer, how can I solve the problem of insufficient IP addresses?

In this case, you can use NAT technology. Multiple internal computers use the same public IP address when accessing the INTERNET. The second is that when the company wants to effectively protect the security of internal computers, it can use NAT technology, all computers in the internal network are protected by routers or server firewalls when accessing the internet. Hacker and virus attacks are blocked on the network egress device, greatly improving the security of the internal computer.

I. NAT Server:

Next, I will take you step by step to configure and enable the NAT Function on the Windows 2003 Server.

1. Specific Network Environment:

China Telecom's ADSL, one vswitch, one server, several clients, and network cables are ready. All machines use windows2000 or XP.

2. configure Server NAT address translation

Step 1: Start "route and remote access" and use "start"> program ">" Administrative Tools ">" route and remote access "to list local computers as servers by default. To add other servers, right-click "server status" in the console directory tree and click "Add Server ".

Step 2: Right-click the server you want to enable, and click "configure and enable Routing and Remote Access" to start the Configuration Wizard.

Step 3: Click Next when the welcome page appears. The Select Server role settings page appears, select "Network Address Translation NAT", and then click Next.

Step 4: Select "use Internet connection" on the Internet connection page and select "Internet connection" in the following Internet list. We will allow the client to access the Internet through this connection, as shown in the interface. Click Next to continue.

TIPS: This is very important. You must not select an incorrect interface between the Intranet and the Internet. Otherwise, the configured NAT cannot take effect. Therefore, we modified the name of the local connection above, it is clear here.

The "enable basic Name and Address" dialog box is displayed. If you do not have DHCP or DNS servers, you can enable them and click "Next. After the Wizard is complete, the system starts the Routing and Remote Access functions and completes initialization.

Configure a static route. In the Routing and Remote Access window, choose Server> IP Route> static route ". Right-click static route and select new static route ". In the "Static Routing" configuration dialog box that appears, select "Internet connection" at the interface, fill in "0.0.0.0" for the target and subnet mask, and fill in "1" for the hops ". Click OK to exit.

Tip: when both the target and subnet mask are set to 0.0.0.0, this static route is the default route, and any data packets sent to the Internet are transmitted through the Internet interface.

3. Test configuration results

Ping the local address of the NAT server from any client, that is, ping 192.168.1.254. Ping the peer address of the local address of the NAT server using the client, that is, the IP address dynamically obtained through ADSL. The IP address is a public IP address.) Ping the client from the server, for example, ping 192.168.1.2.

If all the above PING operations are successfully connected, the NAT settings are successful, and the computers on the internal network are protected by servers, the IP address used for data transmission over the INTERNET is also the IP address obtained by the server through ADSL dialing.

Summary:

NAT is favored by many small and medium-sized enterprises. A server can be easily configured as a NAT server, provided that two NICs must be installed. The security and reliability of the NAT network are greatly improved. However, NAT also has a disadvantage, that is, the transmission speed is affected to some extent because data packets must undergo an address conversion process.