Network Address Translation (NAT) Quick Start Guide

Notice that on top of selecting the interface to be the public interface, I also selected the checkbox to translate TCP and UDP headers. This option is intended for NAT implementations where you have only one public IP address to be shared amongst many internal clients. Without this checkbox, you would literally need one public address for each and every internal client. More than likely you only have one “real” IP address (or maybe a couple), so select this checkbox in almost all cases. Once you do select the option to configure an interface as a public interface, you’ll notice that two additional tabs appear – Address Pool, and Special Ports.

The Address Pool tab allows you to configure your NAT server to use multiple public IP addresses. You would simply click the Add button, and then configure the addresses provided by your ISP. Again, with only a single address, you really have no need for this option. The lower portion of this property sheet gives you the ability to map a specific internal client to one of your public IP addresses if necessary. Again, with only a single address, this is not relevant.

The Special Ports tab allows you to configure your NAT server such that requests to certain ports on your external interface can be forwarded to internal clients. For example, let’s say that you have a public web server on your internal network, using a private IP address. In this case, that server is at 10.1.1.1, as shown in my example below. Based on my configuration, when the public IP address of the NAT server receives a request on Port 80 (the Incoming port), it will forward that request to my internal web server at 10.1.1.1, TCP port 80 (the Outgoing port). I know the terminology there can be a little confusing – however, the Outgoing port is simply the port number on which your internal server is waiting for a connection. In this case, my internal web server is waiting for connections on the default port as well, TCP 80.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.