Eicon Networks 1530 manual Network Address Translation NAT, Security benefits

Network Address Translation (NAT)

The Eicon 1530 uses network address translation (NAT) to ‘hide’ the local LAN from all external resources. The benefits of this are the ability for all connected computers to access the external network using one user account, defined on the device itself. For example, when communicating with the Internet, the four computers in the following diagram share the dynamically assigned address ‘222.182.22.39’.

Notes

•NAT operates transparently, translating internal addresses to a single external one for all data traffic. NAT has no effect on total throughput.

•Most applications will work with NAT. However, some programs may not work well or at all with NAT enabled.

•NAT is disabled by default.

Security benefits

An additional benefit of NAT is increased network security. Like a firewall, NAT restricts access to the computers that reside on the local LAN. By default, no computer on the internal LAN is visible to the external. Computers on the internal network cannot act as FTP or web servers, nor can they share their drives using Windows Network Neighborhood. These security features can be weakened if you use NAT static mappings (see NAT static mappings on the following page).

NAT static mappings

With NAT enabled, computers outside of the internal LAN do not have access (are not visible) to any computers on the internal LAN. If you need a computer on the internal LAN to be visible to the external network, the Eicon 1530 provides a solution through NAT static mappings.

NAT static mappings allow you to permit specific computers on the internal LAN to receive certain incoming network traffic. For example, you could designate a computer to receive all incoming HTTP traffic, allowing it to function as a web server. However, the actual IP address of this computer is still hidden by NAT. Therefore, remote users must specify the address of the Eicon 1530 to gain access to the web server.

When you create a NAT static mapping, the Eicon 1530 routes all traffic for the protocol you specify to the designated computer. This includes traffic normally handled by the Eicon 1530 itself. This leads to the following restrictions: