Eicon Networks 2440 Network Address Translation

Advanced Topics Page 52

Network Address Translation

The Diva 2440 uses network address translation (NAT) to ‘hide’ the local LAN from all external

resources. The benefits of this are the ability for all connected computers to acces s the Internet

using one Internet address and ISP account. For example, when communicating with the

Internet, the two computers in the following diagram share the dynamically assigned ad dress

‘222.182.22.39’.

Notes

• NAT operates transparently, translating internal addresses to a single external one for all data

traffic. There is no effect on throughput.

• Most applications will work with NAT. However, certain applications may experience problems

because NAT is turned on.

• NAT is enabled by default, and can only be disabled through the command line interface with

the DISABLE NAT command (see NAT (Network Address Translation) Commands on

page 78 for more information). It is recommended that you do not turn NAT off unless you

have a specific requirement to do so.

Security benefits

An additional benefit of NAT is increased network security. Like a firewall, NAT restricts access

to the computers that reside on the local LAN. By default, no computer on the inter nal LAN is

visible to the Internet. Computers on the internal network cannot ac t as FTP or web servers,

nor can they share their drives using Windows Network Neighborhood. However, these

security features can be weakened if you use NAT static mappings.

NAT static mappings

With NAT enabled, computers outside of the internal LAN do not have access to any computers

on the internal LAN. The computers on the internal LAN are effectively invisible to the outside

network. If you need a computer on the internal LAN to be visible to th e external network (such

as a web server), the Diva 2440 provides a solution through NAT static mappings.

How It Works

NAT static mappings allow you to allow specific computers on the internal LAN to receive

certain incoming network traffic. For example, you could designate a computer to rece ive all

incoming HTTP traffic, essentially allowing it to function as a web server. However, the actual

IP address of this computer is still hidden by NAT. Remote users must specify the address of

the Diva 2440 to gain access to the web server.

Diva2440

Contents

Main Second Edition (June 2001) 206-378-02 Contents Command Line Reference...........................................................................60 Specifications and Regulatory Information...............................................86 Page Introducing the Diva 2440 ADSL Router General Features ADSL and Network Features Hardware Features Packag e Content s Connection Scenarios One Computer Two Computers atOnce More than Two Computers How ADSL Works Splitters and Splitterless Operation Microfilters Setup Overview Connecting to Both Ports Requirements Internet Account Information Ports and Indicator Lights Ports Indicator Lights Step 1: Connect the Cables ADSL Cable Notes Ethernet Cable Notes USB Cable Notes Updating or reinstalling USB drivers To continue Step 2: Access the Diva 2440 Web Interface Step 3: Complete the Internet Wizard Page Optional: Installing the Diva Assistant Page Connecting a Second Computer LAN Setup About the Ethernet Cable General Setup Procedure Built-in DHCP Server Using the Diva Assistant to set on a LAN IP Addressing Adjusting LAN Settings TCP/IP Setup Windows 95/98 Configuring TCP/IP Windows NT 4.0 Configuring TCP/IP Windows 2000 Apple Macintosh (Mac OS 8 or later) Page Troubleshooting Browser Settings Connecting a Phone to the Pass-through Phone Port About Microfilters Connecting a Microfilter Page Using your Diva 2440 General Information Resetting the Device Normal Reset Reset Settings to Factory Defaults Boot Mode Starting the Web-based Configuration Interface Procedure Reset and other buttons on the Main Menu Editing Settings Pages Configurations Saving, Restoring, and Resetting Upgrading Firmware Backing up Configuration Files Opening to the Firmware Maintenance Page Retrieving Firmware from the Eicon Networks Web Site Uploading New Firmware Page Login Password and other Security Features Login Password Automatic Log Out IP Filtering Security Level Network Address Translation About the Diva Assistant Launching the Diva Assistant General Tab Performance Tab Tools Tab Diagnostic Log Tab Page Virtual Private Networking Setting up a VPN with Windows 95/98 Page Setting up a VPN with Windows 2000 Connecting the VPN Network Address Translation Notes Security benefits NAT static mappings How It Works Creating Static NAT Mappings Page Example: Allowing Web or FTP Request using NAT Static Mappings Command Line Interface (CLI) Prerequisites Establishing a Telnet Connection Using the CLI Command Line Reference Using TFTP to Transfer Files Prerequisites Enabling TFTP server support Uploading/downloading configuration files Examples Command Line Reference Overview Notational Conventions ADSL Commands ATM Commands DHCP Commands Page <ipaddress> IP address of the entry to delete. <ipaddress> IP address of the entry to enable or disable. Page Filter Commands <number> Position where new filter is to be added. <number> Number of the filter to edit. <number> Position where new filter is to be added. <number> Number of the filter that is to be deleted. Page Page Page General Commands Page IP Commands (General) Page IP Routing Commands Logging and Internal Trace Commands taskName A module name (as seen in SHOW LOG). Examples: DHCP. ALL Enable all module messages. hostAddr IP address of the remote device (only required when enabling). NAT (Network Address Translation) Commands Use DELETE IP NAT to remove the NAT assignment. PPP Commands Page Page Profile Commands SAR Commands <index> Index of the VC taken from the SAR VC table. TFTP Commands Time Protocol Commands Page Specifications General Specifications Packaging Contents Hardware Features LED Status Indicators Software and Firmware Specifications Installation Features Administration Features ADSL Features IP Services Regulatory Information for the United States Declaration of Conformity FCC Part 68 Notice Safety Notice Regulatory Information for Canada Safety Notice Regulatory Information for the European Union EU Declaration of Conformity Index A C D E