NAT Network Address Translation is an IETF (Internet Engineering Task Force) standard that allows multiple computers on a private network (with private addresses in the 10.0.x.x, 192.168.x.x, 172.x.x.x) can share one IPv4 address providing access to the global network. The main reason for the growing popularity of NAT is due to the increasingly acute shortage of IPv4 addresses. Also, many Internet gateways make extensive use of NAT, especially to connect to broadband networks such as DSL or cable modems.
Setting up NAT
In order to act as a router, the server must have 2 network interfaces. The Internet and the network itself, which must be connected to the Internet. My network connections are called LAN_1 (Internet) and LAN_2 (local area network).
I’ll say right away that the service Windows Firewall/Internet Sharing (ICS) must be disabled.
So, let's start the installation:
NAT setup
So, we have installed the network interfaces, now let’s configure them.
First of all, let's configure External interface (LAN_1):
192.168.0.2 - IP address of the user who will access the network through our server
10.7.40.154 - external IP address of the server
When accessing the Internet using this technology, you will have an IP address of 10.7.40.154. There are different configuration methods; you can reserve addresses for each machine separately. You can specify more than one range of addresses in the reservation or not specify it at all, then any IP on the local network will be able to surf the Internet through the server.
Setting up the client machine
Let's go to Properties local network card, then TCP/IP Properties. We register the client’s IP, mask, in Default gateway enter the server IP address. In the DNS fields you must enter the IP addresses of the DNS provider or the IP addresses of the installed local DNS server.
All! This completes the installation and configuration.
Many users, having a router, think that they only need it so that only they can connect to the Internet. In fact, it also performs the function of connecting other users to the server. In this article we will tell you what NAT is in a router, why it is needed and how to configure it.
NAT in a router - what is it?
Network Address Translation from English translates as “network address translation” - this is the process of translating internal addresses into external addresses. If this function is not configured, the router will block access to any ports to all incoming connections from the global Internet, but if the parameters are configured, it will allow.
Settings
To configure nat in the router yourself, you need to perform the following series of steps:
- Launch any browser on your computer and type the address of this device 192.168.1.1 or 192.168.0.1 in the search bar.
- Then enter the username and password Admin/Admin. Afterwards, you can replace this login and password with your own.
- In the window that opens, select Settings - Network - Routing (routes) and click on New rule, which will allow you to set routing conditions in any way. There are five ways: through a DNS name, through a port, through broadcast to a specific user, through a network interface, or by replacing the address with the source address.
- Next, you need to set traffic conditions using one of the four proposed options (Auto, Gateway, Trunk, Interface) and click “Next” and “Close”.
After completing this series of steps, the router is ready for use.
There are times when you need to configure nat on your computer. To do this, go to “Control Panel” through “Start” and launch “Network Connections”. Select a new network device and right-click on it, in “Properties” select “Advanced”. And check the box next to “Allow other network users to use this connection” and click OK.
Setting up loopback
The meaning of the nat loopback is that if a packet comes from the internal network to the external IP address of the router, it is considered to have come from outside - which means that the firewall rules relating to external connections apply. If the packet successfully passes through the firewall, then nat is triggered, which becomes an intermediary between two computers located on the same network.
Attention! Without the nat loopback function, it would be impossible to find out about the network service settings or access the server. For each domain it would be necessary to configure the hosts file manually.
Nat types
There are several types of Network Address Translation. Let's look at each of them in detail:
Important! Often ports need to be configured manually.
How to change the type
In order to change the NAT type from one to another, you need to go to your router by entering the combination 192.168.1.1 or 192.168.0.1 in the search line of your browser, and enter your username and password. Then look at your IP address and network settings of your device. Then you need to contact your Internet connection provider so that they can reconfigure your router to the type you need. To do this, he will need to provide all the data.
More and more different digital devices are appearing in our apartments - laptops, tablets and smartphones. As long as there was only one computer in the apartment and connected directly to the provider’s network, there were no questions. And now, when you are faced with a problem - how to connect your new laptop or tablet to the Internet. This is where it comes to the rescue NAT technology. What is the essence of NAT technology?
NAT — Network Address Translation
— translated into Russian it sounds something like this: “network address conversion.” NAT is a mechanism in TCP/IP networks that allows you to convert the IP addresses of transit packets.
In simple terms, if there are several computers on a local network, then thanks to technology NAT all of them can access the external Internet network using one external ip address (IP).
What is an IP address?
Router — router— operates at the third level of the OSI system, accordingly it is used IP protocol— routed network layer protocol of the TCP/IP stack. An integral part of the protocol is network addressing. In accordance with existing rules, all devices on the network are assigned IP addresses (IP addresses) - unique network identifiers of the node address. There are 2 types of IP addresses used − gray And white. Gray addresses- this is part of the address space allocated for the local network - subnets of IP addresses 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16 . All other subnets are used on the Internet and are white IP addresses.
How to share Internet access with devices on your network.
In order to connect all devices on the local network to the Internet you will need router. Router is a device that can connect to the Internet through the provider’s network and distribute it to connected devices due to the fact that it has at least 4 LAN ports and Wi-Fi module. Do not confuse a router with a simple Ethernet switch, which is essentially a stupid network “splitter.” Due to the fact that a UNIX-like operating system is installed on the router, various services can be installed on the device, including NAT service. To do this, when setting up the router, check the box Enable NAT .
So router For each request that passes through it, it puts a specific label containing data about the sender on the local network. When this request receives a response, router by the label determines to which IP address on the local network to send the packet. That's all how NAT technology works in a nutshell.
It is no longer news that there are not enough IP network addresses for all devices that want to be on the Internet. Currently, a way out of this situation has been found by developing the IPv6 protocol, in which the address length is 128 bits, while the current IPv4 is only 32 bits. But in the early 2000s, they found another solution - to use network address translation, abbreviated nat. Later in the article we will configure nat in the router.
Entering the router settings menu
As an example, let's take the ZyXEL router of the ZyWALL USG and NXC5200 series.
First of all, go to the router settings. To do this, in any web browser, type 192.168.1.1 in the address bar. (standard router address), a window will appear asking you to enter your login and password.
In the “Username” field enter admin, in the “Password” field enter 1234. Click “OK”.
Setting up nat in the router
In the menu window that opens, go to the “Configuration” tab (the icon with two gears), then “Network”, then “Routing”. In the selected window, go to the “Policy Routing” tab.
ZyXEL router settings menu
In this menu, the routing policy is configured. In the “Criteria” area, we set up criteria for selecting traffic - which traffic needs to be broadcast (actually configure nat), and which one should simply be routed. Traffic can be selected based on several criteria:
- User (User);
- By interface (Incoming);
- By Source IP address;
- By recipient's IP address (Destination Address);
- By destination port (Service).
In the “Next-Hop” area we assign an object to redirect traffic:
Selecting a ZyXEL router redirection object
Where “Auto” – traffic will be redirected to the default global interface; Gateway – to the address specified in the gateway settings; VPN Tunnel – IPSec virtual private tunnel; Trunk – route to a “trunk”, where a “trunk” is several interfaces configured to work together or in redundancy mode; Interface – redirect to the specified interface:
It is important to remember that whenever you make changes to the router settings, click the “OK” button to save the settings, and not just close the web browser.
Setting up nat on a computer
As you know, a personal computer itself can serve as a router. Often there is a situation when there is a computer network of several computers, one of which has access to the Internet. In this situation, you can not buy routers at all, but set up a computer with Internet access as a router and configure nat on it. Let's consider this case in more detail.
Be sure to install 2 network cards on the main computer that looks at the Internet (let's call it SERVER) - the first for connecting to the local network, the second to the provider. The example will use the Windows Server 2012 operating system.
To configure, first of all, launch “Server Manager” (Start -> Administrative Tools -> Server Manager). The settings window will appear:
From here we will manage our server. To continue configuration, click “Add Roles and Features,” which will open the Add Roles Wizard window. First Step - Installation Type:
In the next window we need to select the role that we are installing on the server. Check the box next to “Remote access”.
The following window will appear, which displays a list of components required for operation. Click “Add components”, this window will disappear. Click “Next”.
In the next window, the wizard prompts you to add server components. There is no need to change anything, click “Next”.
On the next page, the wizard simply informs us about the operation of the Remote Access role. Click “Next”.
In the next step, you need to select “Role Services”. Check the box next to “Routing” and click “Next”.
The next window is again informational, you don’t need to select anything, but you can check the box next to “Automatic restart on the selected server...”, as a result of which the server will automatically restart after installation. But you can also do this manually. Click “Next”.
And the last step is the actual installation of the server. When finished, click the “Close” button.
Server installation
So, we have configured a computer that is connected to the Internet in server mode. Now you need to configure nat on it.
Go to Start / Administration / Routing and remote access. In the window that appears, on the left side we find the item “SERVER (local)”, right-click on it and in the drop-down menu click “Configure and enable routing and remote access”.
A wizard for setting up a routing and remote access server will appear, in which we will configure nat.
On the first page we are briefly introduced to the wizard - click “Next”. The next step is to select one of the services that will run on this server. Select “Network Address Translation (NAT)” and click “Next”.
Next, the wizard will ask you to select a network connection that looks at the Internet. Both network cards will be present in the list (at least depending on how many of them are installed on the server). We select the one to which the provider’s network cable is connected. Click “Next”.
In the next window, the wizard will start complaining that it cannot detect DHCP or DNS services on the local network. There are two options to continue - enable basic services, or install services later.
Select the first item and click “Next”. On the next page I will inform you in what range nat will work. The setup wizard selects this range automatically, based on the configuration of the network connection connected to the local network. Click “Next”.
nat range
That's it, the setup wizard completes nat setup. Click “Next”, and in the next window “Done”.
The last thing left is to configure the client computers, that is, all the other computers on the local network. To do this, on the client computer (this will need to be done on each computer on the network), go to Start / Control Panel / Network and Sharing Center / change adapter settings. Go to “Network Connections”. Right-click on the icon and select “Properties” from the drop-down menu. In the window that appears, select “Internet Protocol Version 4 (TCP/IPv4)” and click “Properties”.
In the “Default gateway” field we write the IP address of the server computer (which was configured in the previous step), in the “Preferred DNS server” field we write the IP address of the provider’s DNS server specified in the Internet connection information on the server. Click “OK”, and “OK” again. That's it, the client computer is connected to the Internet.
What is NAT
Your computer can be connected to the Internet directly. Then they say that he has external IP address.
This usually means that the computer is connected directly to a modem (DSL, cable or regular analog).
Behind NAT means that your computer is not connected to the Internet, but to a local network. Then he has interior An IP address that is itself inaccessible from the Internet.
Your computer accesses the Internet through NAT - the process of translating internal addresses to external ones and vice versa. A NAT device is usually called a router.
The specificity of NAT is that connections initiated by your computer transparently pass through the NAT device to the Internet. However, connections that other computers from the Internet would like to establish with you cannot reach you.
Finding the computer's IP address
Run">Open a dialog box to run programs: click on the Start button, select Run from the menu.
In Windows 2000/XP, type the command cmd /k ipconfig, click OK and look at the result.
Windows 2000 IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 192.168.1.10 Subnet Mask. . . . . . . . . . . : 255.255.255.0 Default Gateway. . . . . . . . . : 192.168.1.1
The first of these addresses is the IP address of your computer.
Are you behind NAT?
Three special IP address ranges are reserved for local networks and are not used on the Internet:
10. 0. 0. 0 - 10. 255.255.255 172. 16. 0. 0 - 172. 31.255.255 192.168. 0. 0 - 192.168.255.255
If your computer's IP address is in one of these ranges, that is, it starts with 10. or with 192.168. or from 172.nn. (where nn is from 16 to 31), then this is a local (internal) address, and you are definitely behind NAT.
If not, now check what IP address other computers on the Internet see you under. For example, on whatsmyip.org (“Your IP Address is x.x.x.x” at the top of the page) or on myipaddress.com.
If your computer's IP address matches one of these sites shown, then you are definitely connected to the Internet directly.
In other cases it is impossible to say for sure. The following options are possible:
- You are behind NAT, but your network administrator has chosen non-standard internal addresses for your local network. Find him and ask why he had to do this.
- you access the Internet through a proxy server (then whatsmyip.org showed you the address of this proxy server). In many cases, you can determine whether there is a proxy server between you and the Internet, using for example lagado.com/proxy-test.
Connecting via a proxy is not covered in this guide..
Connection options via NAT
If you are behind NAT, then the next step is to determine where exactly the NAT device is located.
NAT provider
- Then they say that
- the provider provides you with the Internet via NAT,
- or that the provider does not give you an external IP address,
- or that you are connected through the provider's local network
The easiest way is to call your provider and find out. Or ask knowledgeable neighbors with the same connection.
When connecting to the Internet through the provider’s local network, you cannot make an accessible port for yourself. Unless, of course, your provider redirects a specific port specifically for you, which is unlikely. Or unless you pay extra for a service that is usually called an "external" ("white") IP address.
NAT in an office or apartment building
In principle, the situation is the same, but you can look for approaches to the local admin. Ultimately, deciding whether a port is available depends on whether you have access to the router settings.
In addition, you can also try UPnP, in case your router left it enabled.
NAT is your own
In this case, you can almost always configure it and get an available port.
Usually this is either a connection through a home router or a connection through another computer, for example using ICS (the second option is not considered here).
Of course, in principle, it also happens that you have NAT both at home and at your provider, that is, your computer is behind two NATs at once. This can be checked by going to the router settings, looking at its external address and then following the above scenario (whether it belongs to this address of local network ranges, does it match the address under which you are seen on the Internet).
