I am using MS Windows 2008 and I have a laboratory with 100 computers. When we connected to the Internet we were allocated only 5 IP addresses (public) 168.167.43.226 - 230. This means we only have 5 computers through which we can access the Internet. How can we get all the computers having access to the Internet without applying for more IP addresses? I heard some people talking about the use of a proxy to generate more IPs. How true is that and how do you do it if its true?
3 Answers
NAT. The way it works is you can have private addresses.
These are their ranges (from rfc1918)
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
those private addresses don't go out on the internet. A so-called router does NAT and DHCP so is both a "NAT device" and DHCP device, an dcan issue them out.
Almost every home user and the vast majority of businesses using almost any router on the market, uses NAT!
It is fascinating that you haven't run into it.
For most people, their ISP issues them one IP. But they have multiple computers connected to their router. And if in windows you open a cmd window and run ipconfig you see the private IP. e.g. 192.168.0.1
If an IP like 192.168.0.1 looks familiar then that's NAT.
I still can't believe you haven't run into it! Maybe some expensive Cisco routers don't do NAT 'cos they're really serious routers. But other than that, almost any router is a so-called router, and does NAT. They also do DHCP which in this case, is where you tell it to hand out IPs between say 192.168.0.2-192.168.1.254 or 192.168.0.1/24
Your router's LAN side would have 192.168.0.1 and your router's public side would have the IP from your ISP.
The NAT device could be called a type of proxy, and it modifies the packet in that it changes the IP. There is then an issue of, what if you are running a server, how can the "router"/nat device know which computer to "forward" the packet to. Well, people often use NAT/PAT (which says, if the router got it on port 1234 then forward it to Computer 192.168.0.15 port 1234. Or they have managed to give that computer its own public IP.
-
2@radoo i'm guessing you have confused NAT with PAT. There's no PAT here, but there's still NAT. Try to look things up before you downvote!– barlopCommented Sep 23, 2013 at 11:19
-
Thank you Barlop. I have practically never done anything on networking. Thank you once, I am working on getting to understand that and try to implement it– KrizCommented Sep 23, 2013 at 14:48
-
@Kriz well, just get any router(call them first to make sure it's appropriate), find out a good make. some people use netgear (though in britain i've had better luck with local british makes). These companies e.g. netgear, have tech support lines. You can call them and they'll tell you everthing you need to know and answer your questions to get it set up. When you have problems you give them a call, and pretty soon you'll be able to use the methods they tell you, to troubleshoot it yourself and you'll have good expertise with it.– barlopCommented Sep 23, 2013 at 16:36
-
@Kriz you won't be able to connect all 100 to your router 'cos it won't have more than 4 ports so one uses network switches, you probably have them already, the computers connect to a switch, many to a switch, some more could connect to another switch. a switch or switches can connect to the router which often has a modem built in and connects to the wall. sometimes the company that sells the router, sell switches as well, and if they don't they should know the kind of products you need.– barlopCommented Sep 23, 2013 at 16:38
Networks connecting to the Internet usually have a common gateway defined. This is to separate the local network from the Internet. This is usually a router or a firewall with routing capabilities.
When this is setup and active, you only use one(1) external IP (per interface) (of the 5 you have). The traffic from your internal computers in lab will have their own internal address, and pass through the gateway on their way to the Internet.
Traffic going the other way will then be NATed to the correct internal computer.
In your case, with 100 computers - do you want all of them to be directly accessed from the Internet? It's not uncommon to do this, and have that kind of solution - but ofcourse with firewall(s) infront to secure the connections going in and more avalible IP addresses for all the servers/services needed.
You can still have services on the computers accessible - but then you would have to pass through NAT.
Get hold of a simple router to do the job, and you're all done!
Use Network Address Translation (NAT Overload) on your router or gateway if you have such device. You create a pool of public addresses and allow certain subnet(s) to use these addresses using an Access Control List.
And yeah, another options is setting up a proxy server on one of the machines and come out to the internet through that one machine. But that will be a bottleneck
-
He wants to access the Internet, not to access the machines from the Internet, he doesn't need any NAT. He only needs one public IP and one router.– user127350Commented Sep 23, 2013 at 11:02
-
@Radoo Without NAT, how will the machines access the Internet? Commented Sep 23, 2013 at 11:06
-
@DavidSchwartz He doesn't need to mention any NAT, as all routers do this NAT Overload by default, it only confuses people (like me) thinking they must have a router with NAT capabilities so the computer ports get visible to the outside world, which is not the case.– user127350Commented Sep 23, 2013 at 11:12
-
2@Radoo Please stop spreading the confusion by saying things that are simply incorrect. He needs NAT. Period. (And no, not all routers do this by default. For example, my SoHo router, a Cisco 1751, does not.) Commented Sep 23, 2013 at 11:18
-
1@Radoo for goodness sake, there are dozens of articles on the internet telling you not to confuse NAT with PAT, and you still get confused when nobody even mentioned PAT. You write "a router with NAT capabilities so the computer ports" THAT IS PAT. Don't try to pontificate about what NAT is, when you are getting it wrong. It is -you- that is spreading confusion– barlopCommented Sep 23, 2013 at 11:21