Resource Page CIS 2153 Syllabus Chapter Lesson Notes: 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11
Internet Connection Sharing (ICS)
Network Address Translation (NAT)
Feature |
ICS |
NAT |
| Configuration | On the ICS computer Network and Dial-Up Connections ÷ Internet interface ÷ Properties ÷"Enable Internet Connection Sharing for this connection" If connection is dial-up: "Enable on-demand dialing" Application-Specific mappings Applications tab Specify static mappings for outbound connections (only if the application requires particular port numbers or additional associated connections. Ex: multiuser Internet apps) Service-Specific Mappings Services tab - list of well known Internet services: FTP, POP3, SMTP - if not listed then Add Specify static mappings for inbound connections (to Web or FTP service)
|
On NAT Server Enable RRAS and ensure it’s config for routing (General tab of server properties) Add NAT protocol Global NAT properties Rt click on protocol ÷ PropertiesGeneral tab - logging Translation tab - dynamic and static mappings "Remove TCP mappings after (minutes)" - default = 1440 min ÷ 24 hours"Remove UDP mappings after (minutes) - default = 1 min Applications... create static mappings for outbound connections (similar to the Applications tab option in ICS ) Address Assignment tab If want to use the DHCP allocator check "Automatically assign IP addresses by using DHCP" Can specify the private address range for workstations If static address on internal interface a suggestion will be made from this If not, default is 192.168.x.x Unlike ICS, this can be changed here. Click Exclude to exclude addresses If want to use standard DHCP (to use a different WINS server or use some of the advanced DHCP options) uncheck "Automatically assign IP addresses by using DHCP" Name Resolution tab - specify whether the NAT server should resolve DNS names to IP addresses for connecting clients.
|
Feature |
ICS |
NAT |
| Configuration (cont’d) |
On the client Internet Explorer Initial set up of IE - Set up manually or connect through LAN Clear: "Automatic discovery of proxy server" If IE already set up - IE ÷ tools ÷ Internet Options ÷ Connections ÷ "Never dial a connection" ÷ LAN Settings ÷Clear: (1) "Automatically detect settings" (2) "Use automatic configuration script" (3) Use a proxy server" |
NAT interface properties Add at least two interfaces to the NAT protocol - Rt NAT protocol ÷ AddGeneral Properties options: Internal connection - "Private interface connected to private network" External connection - "Public interface connected to the Internet" and "Translate TCP/UDP headers (recommended)" Address Pool tab - specify multiple public address; Reservations button - used to reserve specific IP addresses Special Ports tab - static mappings for inbound connections (corresponds to Services tab in ICS) On the client Internet Explorer Initial set up of IE - Set up manually or connect through LAN Clear: "Automatic discovery of proxy server" If IE already set up - IE ÷ tools ÷ Internet Options ÷ Connections ÷ "Never dial a connection" ÷ LAN Settings ÷Clear: (1) "Automatically detect settings" (2) "Use automatic configuration script" (3) Use a proxy server" |
| Configuration Options | Static mappings only - incoming and outbound | Static mappings Dynamic mappings Address assignment Name resolution |
Static mappings |
Incoming Public IP address and port map to private IP address and port - ex: required for Web server Config with Application Settings button in the Sharing tab Outbound Maps private address of originating workstation to public address of ICS computer AND maps original source port # to a new source port # |
Incoming Public IP address and port map to private IP address and port - ex: required for Web server Config as part of Internet interface properties Outbound Config as part of the NAT global properties |
Feature |
ICS |
NAT |
Dynamic mappings |
Not dynamically assigned | Incoming Outbound - see below
|
Address assignment |
DHCP allocator - cannot be
disabled, cannot exclude addresses Automatically assign IP addresses to other workstations on the same subnet using a private address range (192.168.x.x) Assign the default gateway to be the same internal IP address as the computer running ICS Cannot mix static and dynamic IP addresses on client workstations |
DHCP allocator Define address range - only a single scope Exclude addresses - Should add server’s static IP address as a reserved address Assign the default gateway t be the same internal IP address as the server running NAT DHCP server on network (preferable - cannot have if using DHCP allocator) Static addresses |
Name resolution |
Assign the DNS server to be the
same internal IP address as the computer running ICS DNS proxying Cannot disable DNS on ICS computer No WINS server allocation Broadcasts LMHOSTS |
Assign the DNS server to be the
same internal IP address as the computer running NAT DNS proxying Can disable DNS on NAT server and use DNS server on local network (assigned by DHCP server) If NAT server is config with a WINS server on internal interface, NetBIOS name resolution from clients will be sent to that WINS server If NAT config with DHCP allocator, NAT server acts as a WINS proxy with requests going t the server’s local WINS server. Clients NOT registered in WINS database or checked for duplicates |
| Computer | W2K Professional or Server Can run on only one computer on the network |
W2K Server |
| Network Connections | One to internal network
192.168.0.1 One to the Internet - IP assigned either statically or dynamically by ISP |
One to internal network One or more to the Internet Can use multiple adapters = can have multiple subnets on private network
|
Feature |
ICS |
NAT |
| Type of network | Single segmented Private <=254 workstations |
Can have multiple subnets if have multiple Internet IP addresses |
| Conditions | No other servers on network offering DNS or DHCP | May use network DHCP and DNS servers |
| Monitoring | System Event Log Network Monitor Capture and analyze packets to and from the NAT computer |
From RRAS View statistics for each NAT interface interface View current mappings table for each interface ÷ select interface ÷ Show mappingsRt click on Network Address Translation (NAT) ÷ Show DHCP Allocator Information and Show DNS Proxy InformationNetwork Monitor Capture and analyze packets to and from the NAT computer |
Mapping for Internet Traffic
Outbound:
If ICS or NAT receives request from workstation and a static mapping is defined or a dynamic mapping is still in memory, that mapping is used
If ICS or NAT using only one Internet address - maps private address of originating workstation to public address of NAT server AND maps original source port # to a new source port #.
If NAT using multiple Internet addresses
If one is free - maps private to this address and source port # is unchanged
If last Internet address is available it behaves as if the server had only one Internet address
Incoming:
When ICS or NAT receives incoming requests from the Internet
If a static mapping is defined, the connection is redirected accordingly
If a static mapping is NOT defined, the connection request is discarded.