When deploying a LAN, we will apply to the ISP operator to register a fixed IP or
public
IP
address, and then provide the LAN user with this public IP address. Internet access services, but because the number of IP addresses is a limited resource, this time we need to convert the private IP in the LAN into a public IP to allow LAN users to access the Internet normally. Usually the router has both Network Address Translation
(Network Address Translation, NAT), window server 2008 also has NAT function. The server playing the NAT role recommends using a stand-alone server or a domain member server. At least two network cards must be installed. For the sake of distinction, we will name the two network cards as internal and external network cards and set IP addresses for different network segments. Figure: 1 After setting the IP address for the internal and external network cards, we deploy the NAT server by adding the role wizard. First: Install NAT
Step 1: Select Server Role: Network Policy and Access Service Figure: 2 Step2: Select Role Service, check Routing and Remote Access Service and its associated services Figure: 3 Step3: Click【 Install the button to complete the installation of the NAT service. Installing the role is still very simple, and the next step is to configure the service. Figure: 4 Step4: Open the server manager, expand [Role] and select [Network Policy and Access Service] below. At this time, the [Routing and Remote Access Service] that we see is disabled, and a red stop identifier is displayed. In the right-click menu, click [Configure and Enable Routing and Remote Access], and then a [Routing and Remote Access Server Installation Wizard] will pop up. Microsoft's fascination is that it will give a friendly prompt window after each command option. According to its prompt step by step, it will be OK. Figure: 5 Step5: Check [Network Address Translation] in the configuration window, and configure the VPN access server from this window. We will discuss it separately in a later chapter. Figure: 6 Step6: Select the NIC of the public interface, knowing why we have to name the different NICs at the beginning, just for the convenience of configuration and management. Figure: 7 Step7: Complete the configuration. Figure: 8 There is a [summary] message in the completed configuration window. Note that the NAT server can enable DNS relay and DHCP relay, but its relay function is dependent on the DNS server and DHCP server. That is to say, in the network, we need to deploy a separate DNS server and DHCP server. Otherwise, although we have enabled its relay function, the client cannot obtain the correct IP address and still cannot access the Internet normally. Figure: 9 Second: Manage NAT
After configuring the NAT server, the next step is of course management. However, the management of the NAT server is relatively simple. In the navigation view on the left, we can see IPv4. Several related options: regular, static routing, IGMP, NAT, if there are no special requirements, the configuration of these options does not need to be adjusted. Management 1: Add interface If we add a few NICs on the server to publish the intranet server or do something else, we can right click on the NAT option, then select the [Add Interface] command, then the installation wizard prompts Just do it. Figure: 10 Management 2: Mapping Ports Through the NAT service, users on the intranet can access the Internet. Similarly, we can also open intranet servers for users on the external network. For example, we can set up an FTP or Web server in the content. Let's take the mapping web server as an example. First we need to set up a web server and specify a static IP address: 192.168.8.2. In the left navigation pane, find the [NAT] option, find the [External Network Card] in the content pane on the right, open its [Properties] window, select the [Services and Ports] option, in the service options window we You can see some commonly used services. When the [Web] server is checked, an [Edit Service] window will pop up; in the [Public Address] column, the system will select [at this interface] by default, in the [Private Address] column. Enter the IP address of the intranet web server, then click the OK button to return to the external network card properties window and continue to click the OK button. Figure: 11 If we bind multiple public IP addresses in an external network card, we can enable the [Address Pool] option. Management 3: Enable DHCP relay and DNS relay. In the NAT property window, [Address Assignment] is used to enable DHCP relay. [Name Resolution] is used to enable DNS relay. However, an independent server is set up in the internal network. Figure: 12 In addition, under the [General] option, we can make the necessary adjustments to the event log options according to the management needs. If there is no need to record, disable the event log, but in order to manage the troubleshooting, do not disable it.