TCP
/ IP
What's Network Address Translation
(NAT)?
|
NAT lets organizations hide their internal IP addresses and
provides a means for connecting many more computers over TCP/IP
than would be possible if every computer that accessed the Internet
needed its own IP address. An organization or a site within
an organization that uses NAT can use almost any IP address
internally for any purpose, with the exception of a few IP address
ranges that are reserved for internal network use (for information
about these IP ranges.
Unlike machines on your internal network that can use just
about any IP address, machines that connect to the Internet
must use allocated (i.e., registered) IP addresses. However,
you can use a NAT gateway to connect any machine on your internal
network to the Internet. The gateway will communicate with the
outside world on the internal machine's behalf and forward responses
from the Internet to the originating machine on your internal
network.
For example, if a company has 20 computers that all need Internet
connectivity, you'd need to register 20 different IP addresses.
However, if you used a NAT gateway, you'd need to register only
one IP address for the gateway machine that connects to the
Internet. (In practice, you'd probably establish several NAT
gateways for fault tolerance and load-balancing purposes.) Then,
you'd simply channel the other 19 machines through the gateway
server. The figure below illustrates how the three components
(the internal network using an internal IP address subnet, the
NAT with a registered Internet IP address, and the Internet)
fit together.
The use of NAT has grown in popularity because the use of TCP/IP
has grown in popularity. The original TCP/IP address format
is based on a 32-bit structure, which provides 4,294,967,296
possible IP addresses. (Fewer addresses are actually available
because certain classes or sets of addresses are allocated and
reserved for specific purposes.) Because the need for new IP
addresses is constant, we'll eventually run out of available
addresses based on the original 32-bit format. In recognition
of this shortcoming, the Internet Engineering Task Force (IETF)
has prepared IPv6, which is the next-generation Internet protocol
and will use a 128-bit format to provide an astronomical number
of addresses (3.4 x 10^38). The new protocol also does a better
job than the current addressing scheme of concealing your internal
IP address structure.
When I add a static IP route,
what value do I use for the interface?
|
The Windows IP subsystem uses IP configuration information
(e.g., subnets, gateways) to automatically create a routing
table that dictates how the OS will send IP packets to other
host systems. To view the routing table on your system, open
a command prompt and type
route print
You'll see a routing table similar to the following sample
table: ========================================================
Interface List
0x1 ............................................... MS TCP
Loopback interface
0x2 ...00 10 a4 8b 4b 8e ............. Intel(R) PRO/100+ MiniPCI
- Packet Scheduler Miniport
0x4 ...44 45 53 54 42 00 .............. Nortel IPSECSHM Adapter
- Packet Scheduler Miniport
0x20003 ...00 04 5a 0c 96 db ...... Instant Wireless - Network
PC CARD #2 -
Packet Scheduler Miniport
========================================================
Active Routes:
Network
Destination
0.0.0.0
127.0.0.0
192.168.1.0 192.168.1.100 192.168.1.255 224.0.0.0 255.255.255.255
255.255.255.255 255.255.255.255 |
Netmask
0.0.0.0
255.0.0.0 255.255.255.0 255.255.255.255 255.255.255.255
240.0.0.0 255.255.255.255 255.255.255.255 255.255.255.255
|
Gateway
192.168.1.1 127.0.0.1 192.168.1.100 127.0.0.1 192.168.1.100
192.168.1.100 192.168.1.100 192.168.1.100 192.168.1.100
|
Interface
Interface 192.168.1.100 127.0.0.1 192.168.1.100 127.0.0.1
192.168.1.100 192.168.1.100
2
192.168.1.100
4 |
Metric
30
1
30
30
30
30
1
1
1 |
Default Gateway: 192.168.1.1
Persistent Routes:
None
Occasionally, the automatically generated routing table will
be inaccurate and you might want to use the Route Add command
to force a particular route for some IP traffic. You can obtain
information about this command by typing
route /? at the command prompt, but the basic syntax is
route [-p] add <destination> mask <subnet mask>
<gateway> metric
<lowest number wins> if <interface>
For example,
route -p add 0.0.0.0 mask 0.0.0.0 192.168.1.1 metric 1 if
0x20003
This sample command uses the -p option to add a persistent
route (i.e., 0.0.0.0) that will still be in place, even after
a reboot, to all destinations. This persistent route will
use the 192.168.1.1 gateway with the highest priority (i.e.,
metric 1) on interface 0x20003 (i.e., wireless network). The
last piece of this information is the interface. Determining
which value to use for the interface can sometimes be confusing.
Basically, you use the Interface List value that appears in
the first part of the routing table. In the sample table above,
the valid values are 0x1, 0x2, 0x4, and 0x20003. Although
this information is easy to obtain, the first part of the
routing table often scrolls off screen, leaving users unsure
of what value to use.
1 2
3 4
|
