Network Address Translation
Windows 2000 Server also includes another solution similar to ICS but more robust, in the form of the Network Address Translation protocol in Routing and Remote Access. While it basically consists of the same functional elements as ICS (and works in a very similar manner), NAT has some additional features that may make it a better fit than ICS in some environments.
The idea behind NAT is pretty straightforward. The system requires at least one external public IP address, from which all requests for external resources by clients on the internal network are made. This single IP address appears to be the one originating all requests to other servers on the Internet. In reality, the NAT server is making the requests for internal clients and keeping track of things by holding a table in memory that maps the internal request to an external request. The NAT server maps the port number that the external request was made on to the internal system that made the request (both the internal IP and port number used by the internal client). When the NAT server receives the appropriate response to its request, it looks at the table, sees which port number the reply is coming in on, and forwards the reply to the correct internal client. This setup allows many many computers to easily access the Internet off of only a single external IP address.
Obviously you will need to configure your Windows 2000 Server’s Routing and Remote Access tool to support NAT. This is accomplished by choosing to add a new routing protocol from within the tool, as shown below:
Once added, NAT is configured by accessing its properties. One
of the main benefits of NAT is that you can choose whether
or not you wish for the services to act as a DHCP server
for internal clients. This would allow you to continue
using an already established DHCP server to hand out
addresses, or use the functionality of NAT to do so. It
will also allow NAT to be used as a standard address
translation service, perhaps translating between internal
public and external public ranges if such an addressing
scheme is already in use, or simply to connect two
different networks together while gradually moving towards
an entirely new addressing scheme. For example, if two
companies merged, they might be using incompatible ranges
of addresses, with immediate connectivity being a
priority. The screenshot below outlines the DHCP
functionality that can be configured if required,
including exclusions if necessary. Note that by default
the private 192.168.0.0 range will be used, unless
NAT would allow this as an interim solution prior to the
reconfiguration of the entire network. Another feature
within NAT is the ability to continue to handles DNS
resolution requests if required via a DNS proxy function
(where the internal clients again forward DNS resolution
requests to the NAT server). Note that this ability is
turned off by default (as is the address assignment
function), but can be configured as required, as shown
below, even for demand-dial connections.
Much like ICS, NAT can also be configured to allow external requests to a certain port to be mapped to an internal server, such that a web server or otherwise could be hosted behind the NAT server, on the internal network.