How to: Allow internet access (use external NAT or Windows connection sharing) |
In case of other NAT software NetCom do not modify any packets, but pass packets to rules and if packet allowed - sended to stack or to NIC. All NAT handling makes external NAT software (Windows ICS for example):
For example you'r network topology and configuration equal to represented on this diagram:
• | Network: 192.168.0.0 |
• | Subnet mask: 255.255.255.0 |
• | Server internal address: 192.168.0.1 |
• | Server external address: 207.46.130.108 |
If you want to allow access to the Intenet for workstations with addresses 192.168.0.12 and 192.168.0.14, do the following:
(NAT must be installed and enabled on computer with NetCom).
1. ALLOW ALL
Create rule to allow all network traffic from all to all - (it must be always last item in rules list):
Packet action equal to Allow
2. DENY EXTERNAL
Create rule with denied access for all from internal to external network (it must be always pre-last item in rules list):
Packet action equal to Deny
Protocols equal to Any IP
Source IP NOT in range 192.168.0.0 - 192.168.0.255
Destination IP in range 192.168.0.0 - 192.168.0.255
3. ALLOW BROADCASTS
Create rule with allowed IP broadcasts (it must be always first item in rules list):
Packet action equal to Allow
Protocols equal to Any IP
Destination IP equal to 255.255.255.255
4. 192.168.0.12
Create rule with allowed access for 192.168.0.12 from internal to external network:
Packet action equal to Allow
Protocols equal to Any IP
Source IP NOT in range 192.168.0.0 - 192.168.0.255
Destination IP equal to 192.168.0.12
5. 192.168.0.14
Create rule with allowed access for 192.168.0.14 from internal to external network:
Packet action equal to Allow
Protocols equal to Any IP
Source IP NOT in range 192.168.0.0 - 192.168.0.255
Destination IP equal to 192.168.0.14
6. CHANGE RULES ORDER
You must change order of rules to this:
1. ALLOW BROADCASTS - needed for normal network work;
2. 192.168.0.12 - allow access to Internet;
3. 192.168.0.14 - allow access to Internet;
4. DENY EXTERNAL - deny other external traffic;
5. ALLOW ALL - needed for normal work of Internet connection and local network.
7. ENABLE FILTERING
Select both adapters for filtering (internal and external). |
At this moment filtering started. |
That's all... |
NOTE: |
On client computers address of DNS-server must be defined! |