NAT v cch thit lp NAT server

http://www.vanesoft.com/network/mcse/NAT/

NAT v cch thit lp NAT server

Khi qut v NAT

NAT hay cn gi l Network Address Translation l mt k thut c pht minh lc khi u dng gii quyt vn IP shortage, nhng dn dn n chng t nhiu u im m lc pht minh ra n ngi ta khng ngh ti, mt trong nhng li im ca NAT ngy nay c ng dng nhiu nht l NAT cho php

1. Chia s kt ni internet vi nhiu my bn trong LAN vi mt a ch IP ca WAN

Mt li im na ca NAT l n c th lm vic nh mt

2. Firewall, n gip du tt c IP bn trong LAN vi th gii bn ngoi, trnh s dm ng ca hackers. 3. Tnh linh hot v s d dng trong vic qun l
NAT gip cho cc home user v cc doanh nghip nh c th to kt ni vi internet mt cch d dng v hiu qu cng nh gip tit kim vn u t.

1 of 17

7/27/2011 9:53 PM

NAT v cch thit lp NAT server

http://www.vanesoft.com/network/mcse/NAT/

NAT cng c nhiu loi hay hnh thc khc nhau, chng ta s ni s lc qua cc dng NAT

Static NAT
Vi static NAT th s chuyn i packet gia hai network, gia ngun v a ch n tr nn n gin v nht nh, cc iu kin v trng thi kt ni khng cn phi gi li. N ch cn nhn vo mi IP packet khi chuyn i, cc thng tin v mapping u khng cn thit. Static NAT s dng khi s lng IP trong LAN bng s lng NAT-IP. Cc bn c th tham kho hnh sau y v cu hnh static NAT.

2 of 17

7/27/2011 9:53 PM

NAT v cch thit lp NAT server

http://www.vanesoft.com/network/mcse/NAT/

Dynamic NAT
Dynamic NAT khc vi static l cc a ch host IP c thay i lin tc mi ln to kt ni ra ngoi cc host ny s nhn c mt a ch NAT-IP v mi ln nh vy NAT s gi li thng tin IP ca host ny trong NAT Table ca n v c nh th. Tuy nhin ci bt li ca dynamic NAT l khi NAT-IP c cung cp ht do cng mt lc c nhiu host rong LAN gi yu cu th lp tc s khng cn bt k mt kt ni no c chuyn dch na qua NAT v NAT-IP c cp pht ht v nh vy n phi i ti ln kt ni sau. Cc bn c th tham kho hnh sau y c th hiu cch lm vic ca Dynamic NAT NAT rule: Dynamic translate tt c IP thuc class B 138.201 n mt a ch thuc class C 178.201 Mi mt kt ni t bn trong mun ra ngoi s c NAT cung cp mt a ch trong s lng IP sn c ca NAT, nu cc NAT-IP ny c cp pht ht th cc connection t class B s khng th ra ngoi c na.

NAT ngy trang hay gi lp (Masquerading)

y l dng NAT ph thng m chng ta thng gp v s dng ngy nay trong cc thit b phn cng hay phn mm routing nh router hay cc phn mm chia s internet nh ISA, ICS hay NAT server m lt na y chng ta s c dp tm hiu cch thit lp n. Dng NAT ny hay cn c gi vi mt ci tn NPAT (Network Port Address Translation), vi dng NAT ny tt c cc IP trong mng LAN c du di mt a ch NAT-IP, cc kt ni ra bn ngoi u c to ra gi to ti NAT trc khi n n c a ch internet. Cc bn c th tham kho hnh di y tm hiu cch lm vic ca NAPT NAT rule: Gi trang internet IP address 138.201 s dng a ch NAT router Cho mi packets c gi ra ngoi IP ngun s c thay th bng NAT-IP l 195.112 v port ngun c thay th bng mt cng no cha c dng NAT, thng thng l cc cng ln hn 1204. Nu mt packet c gi n a ch ca router v port ca destination nm trong khong port dng masquerading th NAT s kim tra a ch IP ny v port vi masquerading table ca NAT nu l gi cho mt host bn trong LAN th gi tin ny s c NAT gn vo a ch IP v port ca host v s chuyn n n host .

3 of 17

7/27/2011 9:53 PM

NAT v cch thit lp NAT server

http://www.vanesoft.com/network/mcse/NAT/

Hy vng nhng g c a ra trn, phn no gip bn c cht kin thc cn bn v NAT bc tip theo sau chng ta s lm quen vi cu hnh ca NAT server.

Setup NAT Server

1. Bc u tin thit lp NAT bn cn phi enable RRAS. Start, Programs, Administrative Tools, Routing and
Remote Access (RRAS)

2. Trong mc Routing and Remote Access, bn right click vo tn server chn Configure and Enable Routing
and Remote Access nh hnh di y.

3. Sau khi bn chn Configure and Enable Routing and Remote Access, welcome windows s hin ln, bn ch
vic click Next.

4. phn Common Configurations nh hnh di y, bn nn chn vo mc Manually configured server, sau

click Next.

4 of 17

7/27/2011 9:53 PM

NAT v cch thit lp NAT server

http://www.vanesoft.com/network/mcse/NAT/

5. Windows tip theo bn chn Finish v tip theo chn Yes nh hnh di y

6. Bi tip theo sau l bn chn giao thc routing theo hnh di y. Chn New Routing Protocol

7. Trong phn New Routing Protocol bn chn Network Address Translation (NAT). Click OK theo hnh di

5 of 17

7/27/2011 9:53 PM

NAT v cch thit lp NAT server

http://www.vanesoft.com/network/mcse/NAT/

8. Nh vy l bn va ci xong giao thc NAT. NAT c th lm vic bn cn xc nh NIC card no dnh cho
NAT v NIC card no dnh cho mng LAN. Theo hnh di y bn right click vo Network Address Translation, chn New Interface

9. Trong phn New Interface for Network Address Translation (NAT), bn chn NIC card tn WAN cho phn kt
ni vi internet, chn OK

6 of 17

7/27/2011 9:53 PM

NAT v cch thit lp NAT server

http://www.vanesoft.com/network/mcse/NAT/

10. Sau khi bn chn NIC card cho phn kt ni vi internet bn hy check vo hai th mc nh hnh di y v,
click vo phn Address Pool

11. Trong phn Address Pool ny bn chn mc ADD v sau nhp vo dy s a ch IP m cc ISP cung cp
cho bn nu bn s dng NAT ny lm gateway, hoc bn c th t ci dy s IP theo bn mun, tuy nhin lu phn subnet nu bn t ci IP range

7 of 17

7/27/2011 9:53 PM

NAT v cch thit lp NAT server

http://www.vanesoft.com/network/mcse/NAT/

12. Sau khi bn chn mc ADD trn th bn c th nhp vo dy s m ISP cung cp cho bn, trong trng hp
ny IP range ca mnh c cp pht nh hnh di y v, chn OK

13. Dy s IP range m bn va nhp vo s dng mapping gia NAT IP v cc host trong LAN khi cn. Trong
trng hp bn s dng dynamic IP th phn Address Pool ny bn khng cn phi in vo v s i thng ti bc 19. Nu cng c th reserve mt a ch NAT-IP cho ring mt a ch server no trong LAN, bn c th chn mc Reservations theo hnh di y

8 of 17

7/27/2011 9:53 PM

NAT v cch thit lp NAT server

http://www.vanesoft.com/network/mcse/NAT/

14. Sau khi bn chn Reservations th bn c th nhp a ch no bn mun bo qun ring cho mt server trong
LAN, bn c th nhp vo y theo hnh di, trong trng hp ny mnh mun server vi a ch 192.168.0.15 c static NAT vi a NAT-IP l 68.122.45.220 nu bn khng mun add static NAT vo y th bn c th tip tc sang bc 15, cn khng th bn click OK

15. Trong mc Spcial Ports ny cho php bn m nhng cng cn thit cc dch v ca cc host bn trong LAN
c quyn truy cp cng nh bn ngoi c th truy cp c cc dch v ny ca cc host trong LAN, chn giao thc TCP. Click vo mc Add pha di

9 of 17

7/27/2011 9:53 PM

NAT v cch thit lp NAT server

http://www.vanesoft.com/network/mcse/NAT/

16. Trong phn Add Special Port, bn add vo cc port cn thit tng xng vi a ch IP ca tng server bn trong
LAN nh th d di y, bn c th chn vo mc On this interface hay On this address pool entry. Nu bn chn On this interface v nhp vo a ch IP ca server trong LAN l 192.168.0.15 th tt c cc IP c ci trn NIC WAN s chu trch nhim translate qua cho a ch IP 192.168.0.15 vi port l 80 v, c tip tc add cc port cn thit cho cc dch v ca bn. Nu bn chn mc On this address pool entry th ch c mt a ch l 68.122.45.220 chu trch nhim lin lc v masqurerading gia a ch ny v 192.168.0.15 v ngc li

17. y l nhng ports cn thit dnh cho cc dch v ca cc server bn trong LAN, ty theo yu cu ca tng dch
v bn s s dng TCP ports hay l UDP ports, phn ln l TCP ports nh hnh di l mt s TCP port thng dng c m ra cho cc server mang a ch theo sau

10 of 17

7/27/2011 9:53 PM

NAT v cch thit lp NAT server

http://www.vanesoft.com/network/mcse/NAT/

18. V y l cc UDP ports cn thit nh l DNS port v DHCP port, 192.168.0.25 l DNS cng l DHCP server.
Sau khi ban cung cp y thng tin cn thit cho NAT th bn c th click OK

19. Phn trn l phn thit lp NAT cho NIC card WAN, sau y l phn thit lp NAT cho LAN. Lp li bc 8 v 9,
bn chn interface l LAN, click OK nh hnh di y

11 of 17

7/27/2011 9:53 PM

NAT v cch thit lp NAT server

http://www.vanesoft.com/network/mcse/NAT/

20. Trong mc Network Address Translation Properties ny bn ch vic click OK theo hnh di y. y bn c
th c xem nh l hon tt thit lp NAT. Nu bn khng cn s dng cc dch v DHCP v DNS Proxy ca NAT th bn c th t ci static IP vo cc client v ch gateway ti internal NAT interface, trong trng hp ny l 192.168.0.1. Trong trn hp bn mun thit lp DHCP v DNS proxy cho NAT th bn c th theo d bc tip theo

21. cc client bn trong LAN c th truy cp c internet cng nh s dng nhng dch v ca NAT cung cp
nh DHCP v DNS Proxy bn c th lm nh sau, right click vo Network Address Translation, chn Properties theo hnh di

12 of 17

7/27/2011 9:53 PM

NAT v cch thit lp NAT server

http://www.vanesoft.com/network/mcse/NAT/

22. Chn mc Address Assigment, y l chc nng DHCP ca NAT, cho php NAT cung cp cc a ch IP khi
client cn truy cp internet Bn check vo mc Automatically assign IP address by using DHCP v bn nhp vo dy IP no bn mun trong trng hp ny l class C bt u t 192.168.0.1 n 192.168.0.254. Lu : trnh tnh trang DHCP cung cp IP ca gateway cng nh cc IP quan trong khc trong mng nh WINS server, DNS server, mail server bn c th chn NAT cung cp cc a ch y trong mc Exclude

13 of 17

7/27/2011 9:53 PM

NAT v cch thit lp NAT server

http://www.vanesoft.com/network/mcse/NAT/

23. Trong phn Exclude Reservered Addresses, bn nhp vo cc a ch IP m bn ngh rng NAT khng c
cung cp cho client v s b mu thun IP, trong trng hp ny 3 a ch IP di y khng c php cung cp cho client l gateway 192.168.0.1, DC 192.168.0.15 v mail server l 192.168.0.25. Sau khi nhp vo cc d liu di y, bn click OK

24. client c th truy cp c internet th cng cn phi c DNS, bn c th s dng proxy DNS ca NAT
cung cp cho cc client khi cn truy cp. Trong phn Network Address Translation (NAT) Properties, chn Name Resolution, di phn Resolve IP addresses for check vo mc Clients using Domain Name System (DNS), sau : click OK

14 of 17

7/27/2011 9:53 PM

NAT v cch thit lp NAT server

http://www.vanesoft.com/network/mcse/NAT/

25. Nh vy l bn va hon tt thit lp mt NAT server. Hai bc di y gip bn theo di NAT v vic
mapping ca NAT bng cch bn click vo Network Address Translation, windows bn phi, bn right click vo WAN interface chn Show Mapping, Nat s cho php bn theo di mapping table ca NAT ang lm vic, nhng ai ang truy cp vo nhng server no bng port no...

26. Trong trng hp bn c DHCP server trong mng v bn khng mun s dng DHCP ca NAT th bn c
th thit lp DHCP Relay Agent bng cch click vo DHCP Relay Agent chn Properties theo hnh di y

15 of 17

7/27/2011 9:53 PM

NAT v cch thit lp NAT server

http://www.vanesoft.com/network/mcse/NAT/

27. Trong phn DHCP Relay Agent Properties ny, bn nhp vo a ch IP ca DHCP server chu trch nhim cp
pht IP cho mng LAN, click Add vy l bn khng cn s dng chc nng Assign IP address ca NAT. Lu : Trc khi bn thit lp DHCP Relay Agent, bn cn phi tt chc nng Automatically assign IP address by using DHCP bc 22. Trong bi ny DHCP server l 192.168.0.35

Nh vy l bn va thit lp xong mt NAT server, chc bn vui v. Nu c g thc mc c th lin lc vi mnh ti a ch info@vanesoft.com hoc c th gi message vi mnh thanhuy68

16 of 17

7/27/2011 9:53 PM

NAT v cch thit lp NAT server

http://www.vanesoft.com/network/mcse/NAT/

2004 by vanesoft.com

Contact: info@vanesoft.com

17 of 17

7/27/2011 9:53 PM