A Closer Look at NAT
Novell Cool Solutions: Feature
Digg This -
Posted: 27 Nov 2002
Novell BorderManager 3.7 Network Address Translation (NAT) allows IP clients on your local network to access the Internet without requiring you to assign globally unique IP addresses to each system. In addition, NAT acts as a filter, allowing only certain outbound connections and guaranteeing that inbound connections cannot be initiated from the public network.
NAT configuration consists of selecting one of three modes: dynamic only, static only, or a combination of static and dynamic.
- Dynamic-only mode is used to allow clients on your private network to access a public network, such as the Internet.
- Static-only mode is used to allow clients on the public network to access selected resources on your private network, or to allow specified private hosts to access public hosts. Static-only mode requires the additional configuration of a network address translation table.
- The combination static and dynamic mode is used when functions of both the static mode and the dynamic mode are required. The combination static and dynamic mode also requires the configuration of a network address translation table for the static mode.
Before configuring NAT, verify that the following prerequisites have been met:
- A registered IP address has been obtained for each public interface on the server.
- TCP/IP has been enabled for and bound to two interface boards (the public and private interfaces).
If your Novell BorderManager 3.7 installation was successful, this prerequisite has already been satisfied for at least one board.
- For interfaces that have TCP/IP enabled, IP packet forwarding has been enabled or static routing has been enabled to use a static routing table.
To enable IP packet forwarding from the server console, load INETCFG, select Protocols > TCP/IP and change the status of IP Packet Forwarding from Disabled End Node to Enabled Router.
To configure static routing from the server console, load INETCFG, select Protocols > TCP/IP, enable LAN Static Routing, and select LAN Static Routing Table to enter static routes.
- An Internet Service Provider (ISP) connection has been configured with enough bandwidth for the number of users on your network.
If the Novell BorderManager 3.7 server does not provide the connection to the ISP, ensure that the server has a static route configured or that the router to the ISP is in the routing path of the Novell BorderManager 3.7 server.
NOTE: It is assumed that all clients that will use the NAT-enabled interface as a default route to the Internet have already been configured with a TCP/IP stack and an IP address. The IP addresses can be registered or unregistered addresses.
To enable and set up NAT on a LAN or WAN interface:
To enable and set up NAT on a LAN or WAN interface:
1. At the server console, enter
2. Select Protocols > Bindings.
3. Select the appropriate interface with TCP/IP bound to it.
NAT can be set up on the private interface or the public interface. The public interface is either a LAN or WAN interface that connects your router to the Internet or other public network. NAT is most commonly used on the public interface.
4. Select Expert TCP/IP Bind Options.
5. Select Network Address Translation.
6. Set Status to Dynamic Only, Static and Dynamic, or Static Only.
7. If you set Status to Static Only or Static and Dynamic, complete the following substeps to map private IP addresses to public IP addresses:
a. Select Network Address Translation Table.
b. Press Ins to open the Network Address Translation Entry window.
c. In the Public Address field, enter the public IP address to which a private address is mapped.
d. In the Private Address field, enter the IP address of the private host that you want public hosts to access using the public IP address.
e. Press Esc to add the entry to the NAT table.
f. For address translation of inbound requests, repeat the steps for each private host to be accessed by public hosts.
g. (Optional) If you selected Static Only, for address translation of outbound requests, repeat the steps for each private host that you want to have access to the Internet through the NAT-enabled interface using a public address.
The public addresses can be on the same network or subnetwork as the primary IP address, or they can be on a different network or subnetwork. If the public addresses are on the same network or subnetwork, use multihoming, as described in Setting Up NAT with Multihoming, to add secondary addresses to the NAT-enabled interface.
Each private host address can be mapped to only one public host address. To access IP hosts using the public address within the private network, ensure that the static address pair specifies the same address for both the public and private addresses.
If NAT is connected to the Internet using multi-access WAN links, you must add static routes on your external router so that packets that are destined to one of the public addresses can be routed to the NAT interface.
8. If you set Status to Static Only or Static and Dynamic, configure a secondary address for each public address you configured in the network address translation table.
Refer to Setting Up NAT with Multihoming for instructions on how to configure a secondary address.
9. Press Esc until you are prompted to update your changes, then select Yes.
10. Press Esc until you are prompted to exit INETCFG, then select Yes.
11. If you want the NAT configuration to take effect immediately, bring down and restart the server.
For More Info
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com