Anda di halaman 1dari 7

Connecting to Networks

Lesson 1: Configuring Network Address Translation

E EХ intranet 


 private IP addressing КIU A U U1К private IP
addresses  public Internet 
routable  E1К
 private IP addressing
A U U
 hosts E Internet 
communicate !U2I#IU  Network Address
Translation (NAT) server !IUA NAT  private IP addresses EКIU public
IP addresses EA translate !U$ traffic EКIU Internet IU  forward !UE 
$ Х 

Windows Server 2008 computer КIU NAT server A %!IU configure
!U!&IU
E


Network Address Translation Concepts

computer A $ $ 
IК  public IP address ХU$ 'IEIU  Internet КIU design
!U
 1К
$ 2
A Internet  A& 1К$ 
К 
!
 '!AE !UE!
К public IP addresses E ''I2I#E



NOTE Ipv6 and NAT


larger address space   improved private addressing design E1К
 Ipv6 
NAT
!IUA $ Х 
 Ipv4  
К&IU

IP address !UE!
К
E1К
 Internet Service Providers (ISPs) 

organization A $ $ КIU Internet connection A public IP addresses AE'A
A  $ assign !UE  U
computer 1000 'I organization
ХUA ISP  Internet connection )#AХ ISP  * organization
A public IP addresses 4 ХU
E 
 IU  E1К
 organization
' computer A!U 1000  public IP address КIU ХE)A U U'E
&IU

I
'


NAT  internal network A  '


+ E
К 'IE hosts EA
public IP address ХU'I computer !U ( IU ,U router ХU ) КIU A U U$
Internet access E
КE 
 internal network A  hosts E
RFC
1918 A' 
 EA
К address ranges 
A К private IP addresses
E 'IE'
- 192.168.0.0 – 192.168.255.255
- 172.16.0.0 – 172.31.255.255
- 10.0.0.0 – 10.255.255.255

Windows Server 2008 КIU NAT server A A U U2I#E


!  organizations
E  NAT A $  U!U
 hardware device КIU
E' Х 
A U U1К routers A
U
NAT capabilities  built-in A
'I
E1К
 NAT configure !UIU E
К hardware $   !IUAE
%# 
AК- NAT server
offline E&IU' clients A
!U public Internet КIU
access !U2I#E
 E1К
 NAT server A uptime EIU  A!
AE' 1К$  $  U!U
  hardware   2IU U' server 
downtime 2I#IU  A!
A!
IU
 A%E1К
&IUE
 server 
updates
E install !U$ ' restart !UIU  !IUA
+ hardware AIAIU ХU failure
2I#
+ software failures 2I#
 AХ КEE1К
 

Windows Server 2008 


NAT services 2 ХU )
- Internet Connection Sharing (ICS)
home   small offices EA A.IК ' ' mouse click A   
ICS configuration КIU E&
'К2I# E configuration options 


AК A E A' 



- Routing And Remote Access Services
multiple subnets 

) routed intranet 'IE organizations 
A
' '

Configuring Internet Connection Sharing

ICS computer ' external network interface 


public IP address ХU 'IE
internal network interface 
IP address 192.168.0.1 A 'IE ICS КIU auto
enable !U
' DHCP service !  auto enable E ICS ' DHCP service
 clients EКIU 192.168.0.0/24 addresses range A 
assign !U!I ICS
' DHCP service  Routing and Remote Access ' DHCP Server role or DHCP relay
agent feature   # $

NAT ' ICS КIU configure !UIU 


1. NAT server 
interfaces 2 ХU &$ configure !U
- public IP address   Internet КIU Х I&КIU  interface ХU
- static private IP address   private intranet КIU Х I&КIU  interface ХU
2. ХК Routing And Remote Access КIU enable !U
' disable !U
3. Start, right-click Network, chose Properties
Network And Sharing Center E/!

4. Tasks EA
К Manage Network Connections КIU click 
5. Internet КIU Х I&К
 network interface КIU right-click + Properties КIU click 
6. Sharing tab  Allow Other Network Users To Connect Through This Computer`s
Internet Connection check box 
check 
7. ' intranet 
'IE private IP addresses 

'I Web  e-mail server КIU
Internet  AХ
user E access !U2I#EХ ' Settings botton КIU click  internal
service A $ $ A EA
КAIU !UE&

- Services list 
service 'IE' * ' check box КIU select !U Service Settings
dialog box 
server ' internal name or IP address КIU 'IUК $ OK КIU click 
- list 
service 'I' ,U * service  non-standard port number КIU
A U U&IU' + Add КIU click  description   server ' internal name or IP address
КIU 'IUК  External Port Number For This Service   Internal Port Number For This
Service box 

server A U U port number E 'IUК  TCP or UDP КIU
select !U OK КIU click 
8. OK КIU click 

ICS КIU enabling !UХ  Internet network interface ' configuration КIU
E
 !E *  internal network interface КIU IP address 192.168.0.1   assign
!UХ
 A ICS computer  intrenet interface  DHCP requests

КIU
response !U!I clients 
КIU IP address range 192.168.0.0/24
A assign !U!I clients A
!U 
default gateway   preferred DNS
server address A 192.168.0.1 'IE!I

VPN or dial-up connection КIU!  share !U2I# $   computer


!U  remote network КIU connect !U2I# !IU+ intranet 
'IE AХ

computers 
 traffic 
КIU forward !UE 2I#

remote access connection ХUA ICS КIU EA


КAIU enable !U2I#
1. Start, right-click Network, Properties
2. Network And Sharing Center 
Manage Network Connections КIU click 
3. Network Connections window 
remote access connection КUI right-click $
Properties КIU E' 
4. Sharing tab  Allow Other Network Users To Connect Through This Computer`s
Internet Connection check box КIU select !U
5. AХ
E' Х '
ХUA Establish A dial-Up Connection Whenever A
Computer On My Network Attemps To Access The Internet check box КIU select
!U2I# *  remote network ХU IU forward !U' traffic ХUХU КIU
intranet 
'IE computer !U К send !UAХ remote access connection КIU
auto establish !U!I
6. E
К E' Х '
ХUA internal services EКIU remote network &
access !U2I#IU  Settings button КIU click $ configure !U2I#
7. OK КIU click 

Configuring Network Address Translation Using Routing And Remote Access

Routing And Remote Access КIU A U U$ full-featured NAT capabilities КIU enable
!U2I# ICS A
Routing And Remote Access КIU EA
К AХ К
E1К

A U U
- internal network A 192.168.0.0/24 A
AХ
addresses EКIU
A U U2I#
- internal networks 
A route !U2I#
- Windows Server 2008 ' built-in DHCP Server role AA) AХ
DHCP server

КIU A U U2I#
- DHCP relay agent AA) Routing And Remote Access component ХUХU
A U U
 computer 
ICS КIU enable !U2I#%#  ( RRAS   ICS A# U !IU
' )

Enabling NAT

Windows Server 2008 


Routing And Remote Access КIU A U U$ NAT КIU
EA
КAIU configure !U2I#
1. NAT server КIU Interface 2 ХU &
- public IP address   Internet КIU Х I&КIU  interface ХU
- static, private IP address   private intranet КIU Х I&КIU  interface ХU
2. Server Manager  Role object КIU E'  Add Roles КIU click  Network Policy And
Access Service role КIU add 
3. Server Manager  Roles\Network Policy And Access Services\Routing And Remote
Access КIU right-click 2$ Configure And Enable Routing And Remote Access КIU
E' Х 
4. Welcome To The Routing And Remote Access Setup Wizard page 
Next КIU click

5. Configuration page 
Network Address Translation (NAT) КIU select !U2$ Next КIU
click 
6. NAT Internet Connection page 
server КIU Internet 
Х I&К interface КIU
select 2$ Next КIU click 
7. Completing The Routing And Remote Access Server Setup Wizard page 
Finish КIU
click 
server  internal network  packets EКIU Internet IU  forward !UIU A $

Enabling DHCP

NAT КIU enable !UA


 Х    DHCP server КIU&IU A U U2I# Windows
Server 2008 computer КIU DHCP server A A U UХ &IU' Chapter 

E

AIU DHCP Server role КIU add !UХ  full-featured DHCP server
КIU ''I

NAT 
(A U U!IU  ' + E AК A  A' 
) single subnet 
DHCP clients EКIU IP address E provide !UE 2I# DHCP server )
NAT DHCP КIU configure !UIU  EA
КAIU !UE&

1. Server Manager  Roles\Network Policy And Access Services\Routing And Remote
Access\Ipv4\NAT 
right-click 2$ Properties КIU E' Х 
2. Address Assignment tab  Automatically Assign IP Address By Using The DHCP
Allocator check box 
select !U
3. Private network address   subnet mask КIU type !U
4. 'IE servers 

(NAT server ' private IP address) statically assign !U

specific addresses EКIU Х !
IU  !IUA&IU' Exclude button КIU click $
Exclude Reserved Addresses dialog box 
DHCP clients E
assign !U'
addresses EКIU list !U OK КIU click 
5. 
 dialog boxes EКIU IIU  OK КIU 2 1КI click 
DHCP server   К&IU statistics EКIU 1К 2I#IU A Roles\Network Policy
And Access Services\Routing And Remote Access\Ipv4\NAT node 
right-click $
Show DHCP Allocator Information КIU choose !U

Enabling Forwarding of DNS Requests

Internet КIU Х I&КIU  NAT clients 


 DNS requests 
КIU resolve !U2I#IU 
!IUA * A DNS Server role КIU A U U$ E' 2I#
DNS server !IUA small networks 
A NAT server E/
configure
!U
 DNS server IU  DNS requests E forward !UIU  NAT КIU configure
!U2I# AUA!
A' E
'' * DNS server  ' ISP

'IE

DNS requests E forward !UIU  EA


КAIU configure !U2I#

1. Server Manager  Roles\Network Policy And Access Services\Routing And Remote


Access\Ipv4|NAT 
right-click $ Properties КIU E' 
2. Name Resolution tab 
Clients Using Domain Name System (DNS) check box КIU
select !U
3. Network access A NAT server  VPN or dial-up connection КIU connect
!U'&IU' Connect To The Public Network When A Name Needs To Be Resolved
check box КIU select $ К&IU demand-dial interface КIU E' Х E 
4. Ok КIU click 
DNS server A statistics EКIU 1К 'U2I#IU  Roles\Network Policy And Access
Services\Routing And Remote Access\Ipv4\NAT node 
right-click $ Show DNS
Proxy Information КIU E' Х 

Configuring Client Computers

client computers EКIU configure !UIU 


- NAT server ' intranet interface   LAN ХU
'IE computers EA
NAT server ' intranet IP address КIU default gateway A E 
- AХ
intranet LANs 
A+ Internet IU U$   traffic EКIU forward !UIU 
routers E
NAT server ' intranet IP address КIU configure !UE 
- clients A
!U Internet DNS names EКIU resolve !U2I#E1К
 E Х
E NAT
server КIU DNS server A!  1К
Х1&IU !IU configure !U
E!'I
E AE
!  ,U)#  DNS servers configuring A chapter 2 КIU
1К 

Troubleshooting Network Address Translation

default 
Routing And Remote Access Services NAT component  NAT errors
EКIU System event log 
log !U Server Manager  Diagnostics\Event
Viewer\Windows Logs\System 
* logs EКIU 1К 'U2I# events A
!U 

SharedAccess_NAT source ХU 'IE

Warnings EКIU log !UIU  + verbose logging !UIU  ,U logging ХU!U КIU
disable !UIU  NAT КIU configure !U2I# NAT logging КIU configure !UIU  Server
Manager  Roles\Network Policy And Access Services\Routing And Remote
Access\Ipv4|NAT node 
right-click $ Properties ' General tab 
I1КIUК logging
level $ OK КIU click 
http://sbsangpi.blogspot.com/2009/07/connecting-to-networks.html