Manualshelf

- Eicon ADSL Router User's Guide

ManualsBrandsEicon Networks ManualsNetwork RouterDiva 2440
51525354555657585960
Advanced Topics Page 52
Network Address Translation
The Diva 2440 uses network address translation (NAT) to ‘hide’ the local LAN from all external
resources. The benefits of this are the ability for all connected computers to access the Internet
using one Internet address and ISP account. For example, when communicating with the
Internet, the two computers in the following diagram share the dynamically assigned address
‘222.182.22.39’.
Notes
NAT operates transparently, translating internal addresses to a single external one for all data
traffic. There is no effect on throughput.
Most applications will work with NAT. However, certain applications may experience problems
because NAT is turned on.
NAT is enabled by default, and can only be disabled through the command line interface with
the DISABLE NAT command (see NAT (Network Address Translation) Commands on
page 78 for more information). It is recommended that you do not turn NAT off unless you
have a specific requirement to do so.
Security benefits
An additional benefit of NAT is increased network security. Like a firewall, NAT restricts access
to the computers that reside on the local LAN. By default, no computer on the internal LAN is
visible to the Internet. Computers on the internal network cannot act as FTP or web servers,
nor can they share their drives using Windows Network Neighborhood. However, these
security features can be weakened if you use NAT static mappings.
NAT static mappings
With NAT enabled, computers outside of the internal LAN do not have access to any computers
on the internal LAN. The computers on the internal LAN are effectively invisible to the outside
network. If you need a computer on the internal LAN to be visible to the external network (such
as a web server), the Diva 2440 provides a solution through NAT static mappings.
How It Works
NAT static mappings allow you to allow specific computers on the internal LAN to receive
certain incoming network traffic. For example, you could designate a computer to receive all
incoming HTTP traffic, essentially allowing it to function as a web server. However, the actual
IP address of this computer is still hidden by NAT. Remote users must specify the address of
the Diva 2440 to gain access to the web server.
Diva 2440