beautypg.com

Network address translation (nat) – Eicon Networks 1530 User Manual

Page 46

background image

Security

46

Network Address Translation (NAT)

The Eicon 1530 uses network address translation (NAT) to ‘hide’ the local LAN from all
external resources. The benefits of this are the ability for all connected computers to access the
external network using one user account, defined on the device itself. For example, when
communicating with the Internet, the four computers in the following diagram share the
dynamically assigned address ‘222.182.22.39’.

Notes

• NAT operates transparently, translating internal addresses to a single external one for all data

traffic. NAT has no effect on total throughput.

• Most applications will work with NAT. However, some programs may not work well or at all

with NAT enabled.

• NAT is disabled by default.

Security benefits

An additional benefit of NAT is increased network security. Like a firewall, NAT restricts
access to the computers that reside on the local LAN. By default, no computer on the internal
LAN is visible to the external. Computers on the internal network cannot act as FTP or web
servers, nor can they share their drives using Windows Network Neighborhood. These security
features can be weakened if you use NAT static mappings (see

NAT static mappings

on the

following page).

NAT static mappings

With NAT enabled, computers outside of the internal LAN do not have access (are not visible)
to any computers on the internal LAN. If you need a computer on the internal LAN to be visible
to the external network, the Eicon 1530 provides a solution through NAT static mappings.

NAT static mappings allow you to permit specific computers on the internal LAN to receive
certain incoming network traffic. For example, you could designate a computer to receive all
incoming HTTP traffic, allowing it to function as a web server. However, the actual IP address
of this computer is still hidden by NAT. Therefore, remote users must specify the address of the
Eicon 1530 to gain access to the web server.

When you create a NAT static mapping, the Eicon 1530 routes all traffic for the protocol you
specify to the designated computer. This includes traffic normally handled by the Eicon 1530
itself. This leads to the following restrictions:

See also other documents in the category Eicon Networks Hardware: