Configuration Examples

NAT32 Version 2 uses a Packet Classifier to gather additional information about packets prior to routing. Its IP Router then uses this information to make complex routing decisions that allow many different network configurations to be implemented. Several of those configurations are described below.

One Network, One or Two Gateways

Configuration A

The above configuration consists of a private network (192.168.178.0) behind two external routers, each of which has its own connection to the Internet. For example, each router might use a DSL, Cable or 4G/LTE/5G Internet connection, and each such connection will generally have different connection characteristics. The two routers are directly connected and have the IP addresses 192.168.178.1 and 192.168.178.2 respectively.

NAT32 can run on any desired private machine on the 192.168.178.0 network.

Configuration consists of selecting the computer's network interface and then specifying that it is an Internet-connected interface. In the subsequent Interface Configuration dialog box, the two gateway addresses (192.168.178.1 and 192.168.178.2) should be entered. When NAT32 then runs, all Windows traffic will be intercepted and forwarded to either Router 1 or Router 2 in accordance with the selected Gateway Selection Algorithm. In addition, all DNS requests will be intercepted by NAT32's DNS Resolver and forwarded to Router 1 or Router 2. In addition, the DNS Resolver can protect user's machines from unwanted content.

It is also possible to specify that only specific machines are to use a particular gateway. This is done via the route alt command.

The following configuration steps should be carried out:

  1. Configure the Windows TCP/IP protocol on the NAT32 machine to use a fixed IP address on the 192.168.178.0 network, and then set both the default gateway address and the DNS address to 192.168.178.1. Set the second DNS address to 192.168.178.2.

  2. Turn off the DHCP Server functionality in both external routers and then enable the NAT32 DHCP Server functionality on the NAT32 Internet interface (see DHCPD for details).

  3. Reconfigure each of the other private machines either by rebooting them or running the commands ipconfig /release followed by ipconfig /renew in a Windows Console.

  4. A GUI interface to these (and other) features is available here.

Two Networks, One or Two Gateways

Configuration B

The above configuration consists of a private network (192.168.178.0) behind two external routers, and just the NAT32 machine (192.168.178.32) on that network. The other private machines connect to a second private network (192.168.1.0) to which the NAT32 machine connects via a second network adapter. That adapter should be configured under Windows to use a fixed IP address on the 192.168.1.0 network. No gateway or DNS address need be specified. When NAT32 runs, its DHCP Server will be enabled by default, and all of the private 192.168.1.x machines will be configured correctly.

This configuration has the advantage that the private machines on the 192.168.1.0 network are isolated from the Internet and protected by two external firewalls: the external router(s) and the NAT32 router. All private machines then enjoy enhanced performance and protection that only external firewalls can offer.

Double-NAT Avoidance

Per default, NAT32 performs address translation for traffic to/from private networks. This means that two levels of network address translation are being done: first by NAT32 and then again by the external routers. This "double-NAT" issue can cause problems for some applications running on the private computers.

The issue can be avoided if the external routers have the following capabilities:

Many DSL routers (such as all FritzBox models from AVM in Germany) have the required capabilities and the command rmode p on will set a "routing only" mode that turns off NAT32's network address translation feature.

SEE ALSO

Download, ReadMe, Configuration, Reconfiguration, Routing Mode
[Edit] [Back]