beautypg.com

Network address translation (nat), External network – Eicon Networks 1550 User Manual

Page 56

background image

Security

56

Network Address Translation (NAT)

The Eicon 1550/1551 uses network address translation (NAT) to ‘hide’ the local LAN
from all external resources. The benefits of this are the ability for all connected
computers to access the external network using one user account, defined on the
device itself. For example, when communicating with the external network, the four
computers in the following diagram share the IP address ‘222.182.22.39’.

Notes

• NAT operates transparently, translating internal addresses to a single external one

for all data traffic. NAT has no effect on total throughput.

• Most applications will work with NAT. However, some programs may not work well or

at all with NAT enabled.

• NAT is disabled by default.

Security benefits

An additional benefit of NAT is increased network security. Like a firewall, NAT restricts
access to the computers that reside on the local LAN; no computer on the internal LAN
is visible to the external network. Computers on the internal network cannot act as
FTP or web servers, nor can they share their drives using Windows Network
Neighborhood. These security features can be weakened if you use NAT static
mappings (see

NAT static mappings

below).

NAT static mappings

With NAT enabled, computers outside of the internal LAN do not have access (are not
visible) to any computers on the internal LAN. If you need a computer on the internal
LAN to be visible to the external network, the Eicon 1550/1551 provides a solution
through NAT static mappings.

NAT static mappings allow you to permit specific computers on the internal LAN to
receive certain incoming network traffic. For example, you could designate a computer
to receive all incoming HTTP traffic, allowing it to function as a web server. However,
the actual IP address of this computer is still hidden by NAT. Therefore, remote users
must specify the address of the Eicon 1550/1551 to gain access to the web server.

IP Address

External
Network

192.168.1.1

192.168.1.5 192.168.1.4

192.168.1.3

192.168.1.2

222.182.22.39

HUB

LAN interface

Eicon 1550/1551

See also other documents in the category Eicon Networks Hardware: