It is almost no longer sufficient to just have the computers in an office
hooked up to a LAN. It is almost always important to be
able to connect to other locations outside the LAN at least for things
like e-mail or web use. This implies connecting the LAN to some
wider WAN, possibly provided by the corporation or some
ISP - Internet Service Provider.
There are a variety of ways to connect a LAN to a WAN. Fortunately, these options occur at different price levels. Some quite inexpensive, others are very expensive.
One of the simplest approaches is to use a modem and a phone line just like most home users. Unfortunately, as demand grows on the LAN this has greater and greater drawbacks.
There are definitely better ways, though each have their advantages and disadvantages. Three major categories of LAN/WAN connections are
Translated Connections. The phrase translated connections refers to connecting all devices on a small LAN to the Internet through address translation. Address translation allows all computers to access a WAN through a single host computer using only one WAN link and one registered IP address. This WAN link can be a single telephone line to an ISP account or it can be much more sophisticated.
A device that implements address translation is called an NAT Host - Network Address Translation Host and sits between the LAN and WAN. It has interfaces to both networks. This device has a private IP address used within the LAN. The device also has a public IP address. This public IP address may be assigned by a DHCP - Dynamic Host Configuration Protocol server at an ISP when the connection to the WAN is made.
Address translation works by mapping the private IP address of each computer on the LAN that interacts with the WAN to a port number on the NAT Host. This information is added to the IP header of any packet that is sent out over the WAN with the IP address of the NAT Host as the source address.
For example, when a computer on the LAN opens something like a web browser and sends a request to view a URL, the NAT Host assigns a port number to the request. This is used to identify the originating source of the request. Then the host sends the request out to the ISPs web server which is likely to send it someplace else on the Internet. When the page from the requested URL is returned to the NAT Host, since the NAT Host's address is listed in the header as the source of the request. Then the NAT Host consults its address translation table, matches up the packets with the computer that originally sent the request and forwards the web page to that computer.
The following diagram gives a representation.
|For example, in the diagram above,
The following table gives some terminology and descriptions.
|Inside Local IP Address||The IP address assigned to a particular device or host on the inside of the network. This address is either going to be globally unique but obsolete, allocated by RFC 1918 or randomly picked.|
|Inside Global IP Address||A legitimate IP address, assigned by the NIC or ISP, that represents one or more inside local IP addresses to the outside world. The address was allocated from globally unique space, typically provided by the ISP.|
|Outside Global IP Address||The IP address that was assigned to a host on the outside network by its owner. The address was allocated from a globally routable address space|
|Outside Local IP Address||If the outside host is itself on another inside network this is the IP address this outside host (relative to the sender) has on its own inside network.|
|Some operating systems, such as recent versions of
Windows and Linux have built in support for address translation.
Sometimes you need to purchase software.
Proxy Servers. While proxy servers do more than provide a multi-concurrent access connection to the WAN, they can act as intermediaries between the LAN and the outside network. They can also be used to filter incoming and outgoing packets. They also make use of an address translation method, but they don't necessarily use NAT specifications.
A proxy server
As with NAT, individuals who request pages through a proxy server are invisible to the Internet. All Internet communications are done through the proxy server.
Proxy server software provides more protection and performance enhancement than stand alone NAT software does. It is also typically more difficult to set up. Software programs that combine proxy services and NAT translation are sometimes called transparent proxies.
Routed Connections. A routed connection allows each computer to participate directly on the Internet. This is unlike proxy and NAT servers where the individual computers must go through intermediary servers.
To make use of routed connections you must rely on a pretty extensive knowledge of TCP/IP addressing and you must own and be able to configure a router or some other sort of routing device. Also, every computer on the LAN must have a registered IP address. Well, not really. There are network address translation approaches that work in this setting also, but the book seems a bit outdated.
A routed connection can developed either through a router or a computer running an operating system that enables IP forwarding. This gateway to the Internet sort of device must have
Computers running on such a network must also have a default gateway configured which is the address of the routing device.
To set up a routed connection to the Internet, the TCP/IP protocol on the router is configured with
The computers on the LAN inside the routing device must be configured with