Network Address Translation (NAT) Basics

If you’re planning to connect your network to the Internet, chances are good that your ISP will provide you with only a single “real” IP address. The good news is that’s all you’ll need for multiple internal PCs to connect to the Internet. Network Address Translation (NAT) is a feature that allows systems on an internal network to use private IP addresses (such as those in the 192.168.0.0 range) to connect to the Internet using only one “real” IP address. When an internal system needs to access an Internet resource such as a Web server, the request is sent to the default gateway, which would be running NAT. The NAT server would take that request, translate the “source” IP address in the request to be the “real” IP address assigned by your ISP, and then forward the request along to the site you are trying to connect to. The reply will be sent back to this “real” address as well, where the NAT server will change the destination address to be that of the internal client that originally made the request. To keep everything organized, the NAT system maintains a table that maps internal requests to external requests, allowing multiple internal systems to share a single “real” IP address.

Thankfully, configuring NAT does not take a degree in rocket science. All home routers are configured as NAT servers by default – all you need to do is connect everything correctly, configure clients to obtain their IP addresses automatically (via DHCP), and the rest is history – NAT is up and running, and there’s nothing left for you to do. Same goes if you’re sharing an Internet connection using the ICS feature in Windows 98/ME/XP – ICS effectively is a type of NAT implementation, although Microsoft has given it a catchier name. Again, as long as ICS is enabled and clients are configured to obtain their IP addresses automatically, you’re good to go. Both ICS and almost all hardware routers include integrated DHCP server functionality to allocate IP addresses to clients on your internal network.

Although the basic DHCP server functionality included with most NAT devices and software (like ICS) makes it easier for users to configure their home network, there may be times when you want to allocate dedicated static IP addresses to internal clients. For example, you might be running an internal Web server, and not want its IP address to change, which may occur with DHCP. Although Microsoft explicitly states that clients must be using DHCP in order to function on an ICS network, this technically isn’t true. You can definitely assign static IP addresses to clients, but you’ll have to be careful about the addresses you use.

For example, when ICS is configured, the internal interface of the ICS system will be configured with an IP address of 192.168.1.1 – this cannot be changed, as other clients will use it as their default gateway. Then ICS will hand out addresses using DHCP starting with 192.168.1.2, moving upwards to 192.168.1.3, and so forth. You cannot configure the addresses that will be allocated with ICS, but you can give a client a sufficiently “high” address that ICS will likely never reach. In this example, you might give a client the static address 192.168.1.100 – an address that ICS is unlikely to hand out unless you have almost 100 computers on your network.

Choosing a high number allows you to avoid potential conflicts, which is the main reason for Microsoft’s “warning”. Besides specifying a “higher” IP address, be sure to use the correct subnet mask (255.255.255.0), as well as the correct default gateway (192.168.1.1) used by ICS, and everything will work fine. One other note – when your network is using ICS, you should not configure clients with the address of a DNS server, since the ICS system will handle DNS requests on behalf of clients.

If you’re using a hardware router that includes DHCP functionality, you can usually control the IP addresses that are handed out by the router. To avoid conflicts, assign static addresses that are outside of the configured DHCP pool.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.