Network Address Translation (NAT) has two main applications:

• It can be used to allow IP clients on your private network that do not have globally unique registered addresses to access the Internet.
• It can be used to limit the access clients on the public network have to resources on your private network.

To access the Internet, a client must have a globally unique address assigned by the Internet Assigned Numbers Authority (IANA) or other Internet registry. However, because the depletion of registered IP addresses, it might be impractical to reassign globally unique IP addresses to all the systems on your private network. NAT solves this problem by automatically reassigning a globally unique address to any client that accesses the Internet through a particular router interface. Using NAT enables the clients on your private network to access the Internet even if their IP addresses are not globally unique.

NAT can also be used to limit the access clients on the public network have to resources on your private network. By configuring NAT to translate addresses only for the private hosts that you want to be accessed from clients outside your private network, access to all other resources on your network is denied.

NAT can be configured to operate in one of three modes: dynamic only, static only, and a combination of dynamic and static. Dynamic mode is used to allow clients on your private network to access the Internet. Static mode is used to allow clients on the public network to access selected resources on your private network or is used to allow certain private hosts to access public hosts. The combination mode is used when all three functions are required. For more information about the NAT operating modes, refer to Novell Internet Access Server 4.1 Routing Concepts.

In addition to IP address translation, using NAT has the following advantages:

• In dynamic mode, NAT enables you to access the Internet without having to obtain and reassign a globally unique IP address for each system on your private network.
• NAT enhances the level of security of your private network by hiding its private addresses.
• In dynamic mode, NAT permits an almost unlimited number of users access to the Internet using just one network address because a different port number is used for each user who is connected to the Internet.
• NAT acts as a filter, allowing only certain outbound and inbound connections. The type of filtering that occurs is determined by whether NAT is configured to operate in dynamic or static mode. For more information about NAT filtering , refer to Novell Internet Access Server 4.1 Routing Concepts.
• NAT provides the functionality of a proxy server without the extra administrative overhead and the need for special client software.

NOTE: Multicast and Broadcast packets are not translated by NAT.

How to Configure Network Address Translation

To enable and configure NAT on a LAN or WAN interface, complete the following steps:

1. Load NIASCFG, then select the following parameter path:

   Select Configure NIAS > Protocols and Routing > Bindings

2. Select the LAN or WAN interface that connects your router to the Internet or other public network.

3. Select Expert TCP/IP Bind Options.

4. Select Network Address Translation.

5. Set Status to Dynamic Only, Static Only, or Static and Dynamic.

   Dynamic Only mode is used to map private network addresses to a well-known public network address. In this mode, all TCP, UDP, and ICMP packets have their source or destination address (depending on the direction) translated. The public address used for this translation is primary IP address of the NAT interface, which is specified in the Local IP Address parameter.

   Static Only mode is used for permanent one-to-one mapping of the public registered IP addresses to local IP addresses inside the private network. Static address translations are recommended for internal network service hosts, such as an FTP server or World Wide Web server.

   The combination mode (Static and Dynamic) is used if some hosts on your network require dynamic address translation and other hosts require static address translation. You can use both methods concurrently by selecting Static and Dynamic.

   For more information about the dynamic, static, and combination modes, refer to Novell Internet Access Server 4.1 Routing Concepts.

6. If you selected Static Only or Dynamic and Static, select Network Address Translation Table, and press Ins.

   Enter the IP address of a private host that you want to be accessed by public hosts through this interface. Next, enter the public addresses to which the private address is mapped. Repeat this process for each private host necessary.

   The public addresses can be on the same network or subnetwork as the primary IP address, or they can be on a different network or subnetwork.

   Each private host address can be mapped to only one public host address, in their direction. To access IP hosts using the public address within the private network, the static address pair should specify the same address for both the public and private addresses.

   For addresses that are on a different network or subnetwork, static routes should be added to enable inbound packets to reach their destinations on the private network. Also, you must add static routes on your external router so that packets that are destined to one of the public addresses can be routed to the NAT interface.

7. Press Esc until you are prompted to save your changes, then select Yes.

8. Press Esc to return to the Internetworking Configuration menu.

9. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.