Network Address Translation

The Diva 2440 uses network address translation (NAT) to ‘hide’ the local LAN from all external resources. The benefits of this are the ability for all connected computers to access the Internet using one Internet address and ISP account. For example, when communicating with the Internet, the two computers in the following diagram share the dynamically assigned address ‘222.182.22.39’.

Diva 2440

Notes

NAT operates transparently, translating internal addresses to a single external one for all data traffic. There is no effect on throughput.

Most applications will work with NAT. However, certain applications may experience problems because NAT is turned on.

NAT is enabled by default, and can only be disabled through the command line interface with the DISABLE NAT command (see NAT (Network Address Translation) Commands on page 78 for more information). It is recommended that you do not turn NAT off unless you have a specific requirement to do so.

Security benefits

An additional benefit of NAT is increased network security. Like a firewall, NAT restricts access to the computers that reside on the local LAN. By default, no computer on the internal LAN is visible to the Internet. Computers on the internal network cannot act as FTP or web servers, nor can they share their drives using Windows Network Neighborhood. However, these security features can be weakened if you use NAT static mappings.

NAT static mappings

With NAT enabled, computers outside of the internal LAN do not have access to any computers on the internal LAN. The computers on the internal LAN are effectively invisible to the outside network. If you need a computer on the internal LAN to be visible to the external network (such as a web server), the Diva 2440 provides a solution through NAT static mappings.

How It Works

NAT static mappings allow you to allow specific computers on the internal LAN to receive certain incoming network traffic. For example, you could designate a computer to receive all incoming HTTP traffic, essentially allowing it to function as a web server. However, the actual IP address of this computer is still hidden by NAT. Remote users must specify the address of the Diva 2440 to gain access to the web server.

Advanced Topics

Page 52

Page 52
Image 52
Eicon Networks 2440 manual Network Address Translation, How It Works, Security benefits, NAT static mappings