NAT and Firewall
To connect a windows 2000/2003 network to the Internet, you may use one of
two methods: ICS and NAT. Both ICS and NAT provide translation, addressing,
and name resolution services to the network hosts.
ICS is designed to provide a single step of configuration (a single check
box) on the computer running Windows 2000/2003 to provide a translated
connection to Internet for all of the hosts on the network. However, once
enabled, Internet connection sharing does not allow further configuration
beyond the configuration of applications and services on the network.
NAT routing protocol is designed to provide maximum flexibility in the
configuration of the computer running Windows 2000 Server to provide a
translated connection to Internet. NAT requires more configuration steps;
however, each step of the configuration is customizable. The NAT protocol
allows for ranges of IP addresses from ISP and the configuration of the range
of IP addresses allocated to the network hosts.
How to enable NAT
Open Routing and Remote Access>Server name>IP Routing>General,
right-click General, and then click New Routing Protocol. In the Select
Routing Protocol dialog box, click NAT/Firewall, and then click OK.
enable NAT name resolution
Open Routing and Remote Access>server name>IP Routing>NAT. Right-click NAT,
and then click Properties. On the Name Resolution tab, select the Clients
using Domain Name System (DNS) check box.
enable inbound connections
To allow Internet users to access resources on your private network via
NAT, you must enable inbound connections. To do this 1) configure a static IP
address configuration on the resource server; 2) exclude the IP address being
used by the resource computer from the range of IP addresses being allocated
by the NAT computer; 3) configure a special port.
How to configure
2000/2003 NAT services and ports
Open RRAS>IP Routing>NAT, right-click external
NIC>Properties>Services and ports, select a service or add a port. To forward
to an internal IP, type IP address in Private address.
NAT server can
The NAT server can automatically assign IP addresses to internal network
clients. You may want to use this functionality if you do not have a DHCP
No one can access our
website behind NAT
Cause: 1) Network address translation
interfaces are not properly configured. 2) TCP/UDP port translation is not
enabled. 3) The range of public addresses is not configured correctly. 4) The
range of private addresses is configured incorrectly. 5) The traffic being
forwarded by the network address translation computer is not translatable. 6)
IP packet filtering is preventing the receiving or sending of IP traffic.
Server can access the
Internet but not clients
Symptoms: You have windows 2003 multihomed
server with DNS and NAT/Firewall. The server can access the Internet but none
Causes: 1. Incorrect default gateway on the
2. Incorrect DNS on the client settings.
3. NAT/Firewall blocks the client accessing the Internet.
4. The server doesn't enable IP routing or incorrect routing table.
Post your questions, comments, feedbacks and suggestions