Eicon Networks 1530 Network Address Translation (NAT)

Security 46

Network Address Translation (NAT)

The Eicon 1530 uses network address translation (NAT) to ‘hide’ the local LAN from all

external resources. The benefits of this are the ability for all connected computers to access the

external network using one user account, defined on the device itself. For example, when

communicating with the Internet, the four computers in the following diagram share the

dynamically assigned address ‘222.182.22.39’.

Notes

• NAT operates transparently, translating internal addresses to a single external one for all data

traffic. NAT has no effect on total throughput.

• Most applications will work with NAT. However, some programs may not work well or at all

with NAT enabled.

• NAT is disabled by default.

Security benefits

An additional benefit of NAT is increased network security. Like a firewall, NAT restricts

access to the computers that reside on the local LAN. By default, no computer on the internal

LAN is visible to the external. Computers on the internal network cannot act as FTP or web

servers, nor can they share their drives using Windows Network Neighborhood. These security

features can be weakened if you use NAT static mappings (see NAT static mappings on the

following page).

NAT static mappings

With NAT enabled, computers outside of the internal LAN do not have access (are not visible)

to any computers on the internal LAN. If you need a computer on the internal LAN to be visible

to the external network, the Eicon1530 provides a solution through NAT static mappings.

NAT static mappings allow you to permit specific computers on the internal LAN to receive

certain incoming network traffic. For example, you could designate a computer to receive all

incoming HTTP traffic, allowing it to function as a web server. However, the actual IP address

of this computer is still hidden by NAT. Therefore, remote users must specify the address of the

Eicon 1530 to gain access to the web server.

When you create a NAT static mapping, the Eicon 1530 routes all traffic for the protocol you

specify to the designated computer. This includes traffic normally handled by the Eicon1530

itself. This leads to the following restrictions: