Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


Setting up NAT

Setting up NAT

Setting up NAT

Help please.

I am an Oracle DBA who has been dumped with network admin as our guy left after letting our network get virused badly. My boss has asked me to look into NAT. My aim is to have one external machine with everything else internal. I have 4 machines that are web servers and need to be available to the outside world. Can NAT do this? Can i have an internal machine serving a website that can be seen from outside using NAT? How does this work?

any pointers greatly appreciated


RE: Setting up NAT

Network Area Translation is used to mask internal IP addresses.  As an example, you could place all your internal addresses under 192.168.1.x. The deviced that does the Nating (your firewall) will translate that address or any addresses from your inernal network to one (usually purchased through your isp) public.  

As long as you have the correct device NATins is possible (usually any router/firewall will do).

Because of Nating, internal devices are hard to get to since you basically setup phony addresses (in a lame term).
However, again is possible depending on what application you use to get to your web server.

As for your web server, two nic cards will do the trick. (one will have a public IP so everyone from the outside get get to, the other one with an internal one so everone in your office can get to) however, you are mixing a few things here.

RE: Setting up NAT

Although installing 2 NICs in the server will work, it's overcomplicated, and exposes the servers to the outside world.

You want:
simple: internet--modem--NAT router--switch--PCs
paranoid: internet--modem--firewall--router--switch -- PCs

When a PC inside the LAN requests something (e.g. a webpage) it actually appears to have been asked for by the NAT device.  When the data is received, the NAT remembers who asked for it, and forwards it on.

The tricky part is if someone from the outside tries to connect in - e.g. to a webserver.  The NAT sees this incoming data - but no client has asked for it!
The answer is port forwarding (also known as virtual server).  Rather than making the entire server visible to the outside, you choose which ports are needed on that server.
 http=80, ftp=21, ssh=22, smtp=25, pop3=110, imap=143

It's even more complicated in this case because you have 4 webservers.  This means that an inbound connection on port80 can't just be forwarded to one place - you need another thing to examine.

With 4 webservers under NAT, you can either:
 - use 4 different ports (e.g. 80, 81, 82, 83) this requires more knowledge & IT literacy on the part of your users
 - have 4 public IPs on the NAT device, and forward appropriately you need a good (i.e. more expensive!) NAT device
 - operate virtual servers forwarding by URL this could either be through a decent NAT device, or a second internal device running virtual server redirection (Octagate is an example)

Short answer: Yes, NAT can do what you want!

<marc>   i wonder what will happen if i press this...

  • please tell us if our suggestion has helped
  • need some help? FAQ581-3339

RE: Setting up NAT

If at least one of your machines is Win2k Advanced Server, you can use the Windows Network Load Balancing features to NAT by port your four web servers, and NAT by port the remainder of your local LAN.

As manarth suggested above, NAT is generally what a router can do.  Depending on the sophistication of the router, you can create a virutal lan pool with the same port for your four servers, and segregate the LAN behind NAT IPs.

This sort of application is beyound the scope of regular retail broadband routers.  Look at the new offerings by Extreme, Cisco and possibly Xyxel.

It would be worth considering at the front end using a hardware firewall device.  There are several manufacturers.  The four web servers would require something slightly fancy behind them:  either use the Win2k server RRAS and WNLB features of the OS for load balancing by port for a cluster; or look at my earlier recommendations for high-end routers that offer VLAN features that match your needs.

RE: Setting up NAT

lol - just read the dates on the thread.

the poor guy waited nearly a year for his answer!

<marc>   i wonder what will happen if i press this...

  • please tell us if our suggestion has helped
  • need some help? FAQ581-3339

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close