Share an Internet Connection by Using Network Address Translation (NAT)

  • Article

Applies To: Windows Server 2008, Windows Server 2008 R2

If you want to connect a computer directly to the Internet, then you must have a routable, public IP address from the Internet Assigned Numbers Authority (IANA) issued by your local Internet Service Provider (ISP). IANA allocates public addresses and guarantees them to be globally unique on the Internet.

The limited and ever-decreasing availability of public IPv4 addresses is one of the most compelling problems facing the Internet. The long-term solution to the problem of address depletion is the development of IPv6. Until the long-term IPv6 solution is widely in use, however, other methods help ensure that IPv4 addresses remain available.

Network address translation (NAT), originally defined in RFC 1631 (https://go.microsoft.com/fwlink/?linkid=160991) and extended in RFC 3022 (https://go.microsoft.com/fwlink/?linkid=160992), was developed explicitly to provide a method that enabled multiple organizations to each use private IPv4 addresses simultaneously on their networks, thus substantially decreasing the demand for new public IPv4 addresses. The private addresses are “translated” to a single public IP address assigned by the ISP. NAT does not apply to, or is usable with IPv6.

RFC 1918 (https://go.microsoft.com/fwlink/?linkid=160993) describes three ranges of IPv4 addresses reserved by IANA for use in private networks. These private address ranges are:

  • 10.0.0.0/8 (10.0.0.0 through 10.255.255.255)

  • 172.16.0.0/12 (172.16.0.0 through 172.32.255.255)

  • 192.168.0.0/16 (192.168.0.0 through 192.168.255.255)

IANA has designated these addresses as non-routable, that is, networks that use these addresses cannot directly connect to the Internet (or other public network) through a router. Instead, they need to use a NAT-enabled router so that these non-routable addresses can be translated into public addresses for routing over the Internet. For an example of how NAT translates the addresses and port numbers between the private and public networks, see VPN and NAT Example in this guide.

All interfaces connected to a private network with a RRAS NAT-enabled router are assigned private IP addresses, including the NAT-enabled router itself, which has a private address on its private interface and one or more public addresses on at least one public interface (demand-dial connection or LAN adapter). The NAT-enabled router is the device through which a private network computer sends a request out to a public network and through which a response is received.