Setting NAT on both interfaces

If you have a subnet of ONLY servers and you would like the maximum amount of security, you may want to consider the following multi-NAT configuration.

Important Notes:

 

Originally recommended

In this scenario

NAT on Internet interface

ON

ON

NAT on internal (LAN) interface

OFF

ON

WinRoute's internal interface IP address as the default gateway for the other computers within the network

YES (a MUST)

NO (not necessary)

In other words, using WinRoute will allow you to make certain services accessible from the Internet WITHOUT a need to change the network configuration. The following example services (and many others) may be handled under the multi-NAT'd environment.

For this configuration follow the steps below:

  1. Add a computer with two interfaces to your network. One Interface (external) will link to the Internet or other public network, while the other (internal) will link to your existing network.
  2. Configure the necessary TCP/IP properties for the (external) interface connected to Internet or other public network.
  3. Configure the necessary TCP/IP properties for the (internal) interface connected to the local network.
  4. In the interface table enable NAT for both interfaces.
  5. In the port mappings settings, add a mapping for each protocol hosted by each server so that these services may pass through NAT. Refer to the port mapping section of this chapter for further explanation.

The default gateway setting in this example gives you great freedom. You may keep all your existing environments unchanged, keeping the routers and routes already established within your network.