Network Address Translation

Network address translation (NAT) is the “big brother” of ICS for use on larger networks. These will usually have DNS and DHCP servers already present so the resolution and address allocation features of NAT are seldom used.

Use the buttons below to navigate through the lesson



When the NAT server has as many Internet IP numbers as it has internal clients on private addresses, it simply translates the private address into the public address for Internet access. This may seem a waste of resources but it gives added security to internet connections by hiding internal addresses from the outside where the bad people are.

If there are more internal machines than public addresses, the NAT server still translates the internal address of a requesting machine into a public address but stores the internal network address against a random port number.

Right-click on NAT/Basic Firewall.

Select New Interface…

Firstly, select the interface that is connected to the internal network.

Ensure Private Interface connected to private network is selected and click OK.

The connection has now been added. To add the Internet connection, right-click on NAT/Basic Firewall.

Select New Interface…Select the interface that is connected to the Internet. …then click OK.

Select Public interface connected to the Internet (or private interface if you are using NAT between private networks).

Select Enable NAT on this interface to enable the sharing of this connection.

It is also good practice to enable a basic firewall for the connection.

Select the Address Pool tab.

From this page you can configure the addresses that you have been assigned by your ISP.

Reservations are used if you need one of your local clients to use a public IP address.

Select the Services and Ports tab.

Ports are used when a connection to an internal server will produce a reply on a different port.

This is the case with services such as FTP or IRC (Internet Relay Chat). The server will make a connection to your machine in response to your connection attempt!

Select the ICMP tab.

The ICMP tab allows you to configure ICMP settings. ICMP is used by ping, and other networking troubleshooting tools. Click OK to continue.

To configure NAT, right-click on NAT/Basic Firewall.

Click Properties.

From this page, you can configure the level of logging that will take place.

Click Translation.

From this page, you can configure how long the mappings will remain available once they are created (i.e. the session length).

Click Address Assignment.

If you do not have a DHCP server on the network, and you would like NAT to function as the DHCP server, you can enable it and assign the address pool here.

Click Name Resolution.

From this page, you can choose to have NAT run a DNS cache if you have no DNS server present on the network.