Eicon Networks 2440 manual Network Address Translation, How It Works, Security benefits

Page 52

Network Address Translation

The Diva 2440 uses network address translation (NAT) to ‘hide’ the local LAN from all external resources. The benefits of this are the ability for all connected computers to access the Internet using one Internet address and ISP account. For example, when communicating with the Internet, the two computers in the following diagram share the dynamically assigned address ‘222.182.22.39’.

Diva 2440

Notes

•NAT operates transparently, translating internal addresses to a single external one for all data traffic. There is no effect on throughput.

•Most applications will work with NAT. However, certain applications may experience problems because NAT is turned on.

•NAT is enabled by default, and can only be disabled through the command line interface with the DISABLE NAT command (see NAT (Network Address Translation) Commands on page 78 for more information). It is recommended that you do not turn NAT off unless you have a specific requirement to do so.

Security benefits

An additional benefit of NAT is increased network security. Like a firewall, NAT restricts access to the computers that reside on the local LAN. By default, no computer on the internal LAN is visible to the Internet. Computers on the internal network cannot act as FTP or web servers, nor can they share their drives using Windows Network Neighborhood. However, these security features can be weakened if you use NAT static mappings.

NAT static mappings

With NAT enabled, computers outside of the internal LAN do not have access to any computers on the internal LAN. The computers on the internal LAN are effectively invisible to the outside network. If you need a computer on the internal LAN to be visible to the external network (such as a web server), the Diva 2440 provides a solution through NAT static mappings.

How It Works

NAT static mappings allow you to allow specific computers on the internal LAN to receive certain incoming network traffic. For example, you could designate a computer to receive all incoming HTTP traffic, essentially allowing it to function as a web server. However, the actual IP address of this computer is still hidden by NAT. Remote users must specify the address of the Diva 2440 to gain access to the web server.

Advanced Topics

Page 52

Image 52

Contents Diva 2440 Adsl Router User’s Guide Second Edition June 206-378-02 Contents Index Introduction How Adsl WorksGeneral Features Adsl and Network FeaturesHardware Features Introducing the Diva 2440 Adsl RouterPackage Contents One Computer Connection ScenariosTwo Computers at Once More than Two Computers Adsl line DivaSplitters and ‘Splitterless’ Operation How Adsl WorksMicrofilters Setup About Microfilters Technical SupportOverview Connecting to Both PortsRequirements Internet Account Information Ports and Indicator Lights PortsIndicator Lights Power LightAdsl Cable Notes Connect the CablesEthernet Cable Notes USB Cable Notes Updating or reinstalling USB driversTo continue Access the Diva 2440 Web Interface Complete the Internet Wizard LinkSetup Complete Optional Installing the Diva Assistant Setup Connecting a Second Computer LAN Setup About the Ethernet CableGeneral Setup Procedure Using the Diva Assistant to set on a LANBuilt-in Dhcp Server IP AddressingAdjusting LAN Settings If your LAN has a Dhcp ServerIf your LAN uses Static IP Addresses If your LAN has a routerTCP/IP Setup Installing TCP/IPConfiguring TCP/IP Windows 95/98Windows NT Windows Verifying TCP/IP SettingsApple Macintosh Mac OS 8 or later Setup Troubleshooting Browser SettingsConnecting a Phone to the Pass-through Phone Port Connecting a Microfilter About MicrofiltersTechnical Support Upgrading Firmware General Information Resetting the DeviceAbout the Diva Assistant General Information Resetting the Device Normal ResetReset Settings to Factory Defaults Boot ModeStarting the Web-based Configuration Interface Procedure‘Reset’ and other buttons on the Main Menu Editing Settings PagesConfigurations Saving, Restoring, and Resetting Accessing the ConfigurationBacking up the current configuration Restoring a configuration from a fileBacking up Configuration Files Opening to the Firmware MaintenanceUpgrading Firmware Retrieving Firmware from the Eicon Networks Web SiteUsing your Diva Login Password and other Security Features Login PasswordDefining a password Erasing the system passwordIP Filtering Security Level Automatic Log OutNetwork Address Translation Launching the Diva Assistant About the Diva AssistantGeneral Tab Performance Tab Diagnostic Log TabTools Tab Advanced Topics Setting up a VPN with Windows 95/98 Virtual Private NetworkingDiva Requirements InstructionsAdvanced Topics Setting up a VPN with Windows Connecting the VPN Network Address Translation How It WorksSecurity benefits NAT static mappingsSpecifying a Default NAT Server Creating Static NAT Mappings‘Default NAT Server’ field Diva Establishing a Telnet Connection Command Line Interface CLIPrerequisites Using the CLI Command Line ReferenceUploading/downloading configuration files Using Tftp to Transfer FilesEnabling Tftp server support Loading New firmware via Tftp ExamplesRetrieving message.txt Command Line Reference Cancel Notational ConventionsAdsl Commands Show Adsl ConfigurationSET Adsl Modulation Type G9922 Multimode Show Adsl StatisticsATM Commands Show ATM ConfigurationSET ATM Service Category UBR CBR Show ATM VCDhcp Commands Primary Wins server Secondary Wins serverIpaddress IP address of the Wins server Domain Domain name, a string of up to 31 charactersIpaddress IP address of the entry to enable or disable Ipaddress IP address of the entry to deleteDelete Dhcp Staticmap ipaddress Show Dhcp StaticmapShow Ethernet Statistics Ethernet CommandsShow Ethernet Address Filter Commands Number Position where new filter is to be addedNumber Number of the filter that is to be deleted Number Number of the filter to editFilter applies to both incoming and outgoing data default Number Number of the filter to copyDiscard the data Forward the data to the next filterApplied to TCP data default Applies to all dataApplies to UDP data Applies to TCP connection SYN dataEnable Ethernet multicast filtering Disable Ethernet multicast filteringMacaddress Source or destination MAC address Type Hexidecimal number indicating type of Ethernet frameGeneral Commands Hours Range 00 to Minutes SecondsReset Reset FactoryEnable Echo Server Disable Echo Server Enable Sysman Disable SysmanIP Commands General Show Statistics Ping ipaddress number sizeIP Routing Commands Show IP RouteEnable all module messages Logging and Internal Trace CommandsTaskName Module name as seen in Show LOG. Examples Dhcp NAT Network Address Translation Commands Enable NAT Disable NATUDP or TCP protocol Show IP NATPPP Commands Value Range 0-2147483647. DefaultValue Range 0-2147483647 milliseconds. Default Enable PPP Echo Request Disable PPP Echo RequestEnable PPP Phase Logging Disable PPP Phase Logging Enable PPP FSM Logging Disable PPP FSM LoggingSET PPP Local Username SET PPP Local Password Show PPP ConfigurationProfile Commands Enable Profile Disable ProfileShow Profiles Connect DisconnectSAR Commands Show SAR ConfigurationIndex Index of the VC taken from the SAR VC table Show SAR VC indexTftp Commands Enable Tftp Server Disable Tftp ServerTime Protocol Commands Enable Timeprotocol Disable TimeprotocolShow Timeprotocol Configuration TimeServer Address of the time serverRegulatory Information for Canada SpecificationsThis Section Specifications General SpecificationsSoftware and Firmware Specifications Declaration of Conformity Regulatory Information for the United StatesFCC Part 68 Notice Safety Notice Regulatory Information for Canada Safety Status TNV-3 Power ConsumptionRegulatory Information for the European Union EU Declaration of ConformityIndex Index