>> Netopia >> Support >> International Broadband Equipment Support >> Eircom 3300 Series Support Page >> IEQG_015
Disabling Network Address Translation (NAT) IEQG_015

There are circumstances where computers or other devices, such as a firewall or a VPN server, for example, may need to use a public IP address. If NAT is enabled, these devices or applications may not function as intended. This quick guide will show you how to disable NAT and use public IP's on the LAN.

IMPORTANT----PLEASE NOTE: Disabling NAT has very distinct ramifications, not the least of which is that you will expose each node on your network to the internet. In this mode the Netopia is providing NO firewall protection as is afforded by NAT. Please take appropriate precautions to prevent unauthorized intrusion into your network. You should also confirm with your ISP that the internal IP addressing scheme that will be used in this mode is "legal" and appropriate for your circumstances.

This document is written primarily from the standpoint of disabling NAT and using public IP addresses on the LAN. However, if you are currently using routable IP's on your LAN and wish to enable NAT, this document will still be useful. Just replace the public/routable IP's with private/nonroutable IP's in the applicable network scheme, and "Check" (enable) the NAT checkbox instead of "unchecking" it as referenced in the instructions below.

Related documents: Address Forwarding  |  Port Forwarding  |  Software Hosting
Firmware Reference v7.2 (and later) -- Netopia 3300 Series

Browse into the Netopia's web interface at http://192.168.1.254 (if using the default IP setting). If your network has a different IP addressing scheme, modify this accordingly.

Once logged in, click on the Expert Mode link in the left-hand side menu (if that link is visible). In the Expert Mode Confirmation screen click on Ok to continue. This menu bar will be visible at the top of your screen if you are in Expert Mode.

Before you start

Remember to click the button to save any entries. Hitting the back button without clicking will undo any changes.

Once you have completed your configuration, click on the symbol in your upper right hand corner to validate the changes. Then click on Save and Restart.

The Netopia Web GUI Home Page in Expert Mode (Firmware v7.2 and later)

Background
When configured to use Network Address Translation, the Netopia will "hide" the workstations on your LAN from access by others on the internet. For this purpose, and to have available an "infinite" supply of IP addresses, The National Internet Commission (NIC) defines private, or unroutable address spaces, as the following:

  • 10.x.x.x
  • 172.16.x.x-172.31.x.x
  • 192.168.x.x

If the ISP has provided you with one public IP address, either statically or dynamically, and you will have more than one computer on the internet simultaneously, then you must implement NAT. By default, your Netopia router has NAT enabled and uses the 192.168.1.254 addressing scheme. If the router has been provided by the ISP and was preconfigured, they will advise you of the nature of the IP addressing.

Even if you have a larger block, or subnet, of IP addresses being routed to you by the ISP, NAT will still be used in most cases. As there are numerous ways to use NAT in conjunction with your individual network requirements, we recommend that you read some of the other documentation included in this same section of Quick Guides. All have been written with practical examples and screen shots to assist you in understanding this process.

Configuration
  1. Click on Configure in the upper Menu bar.
  2. Click on the LAN link.
  3. In the box titled Other LAN Options:

    1. Click on DHCP Server.
    2. Set Server Mode to Off or, if you wish to use DHCP with your public IP's, change the IP address pool to conform to the block that the ISP is routing to you and leave the Server Mode set to Server.
    3. If you leave the DHCP set to Server, it must conform to the LAN IP addressing parameters. Otherwise, the changes will not validate to save the configuration.
    4. Click on the Submit button.

  4. In the upper menu bar, click on Configure.
  5. Again, click on the LAN link.
    1. Enable Interface should be "checked".
    2. Enter the IP address you will be using as the router's LAN, or ethernet, address. This will be one of the public IP's being routed to you by the ISP. (IF NAT is disabled)
    3. Enter the correct IP Netmask.
    4. Set Restrictions to None.
    5. Click on the Submit button.

  6. Click on the Configure link in the upper Menu bar.
  7. Click on the WAN link.
    1. Click on the VCC1 link in the WAN IP Interfaces box.
    2. "Uncheck" the Address Mapping (NAT) checkbox.
    3. Assuming that your internet connection is working, and the ISP has not changed those parameters, no further changes should be necessary here.
    4. Click on the Submit button.

  8. Click on Home in the upper menu bar.
  9. Once you have input all appropriate information, click on the symbol in your upper right hand corner to validate the changes.
  10. Click on Save and Restart.
  11. At this point the router will reboot and when it comes back up it will be configured to use your public IP addresses.

    12. The Validation passed! and Ready to "Save and Restart"

Conclusion
You've now disabled the NAT feature in your Netopia gateway. These settings must be made in accordance with the IP addresses supplied by your ISP. To browse (or telnet) back into the router locally you will need to change the IP address of your computer to conform to the public IP subnet you've configured as the router's LAN IP address.
CAUTION: Don't forget to take adequate precautions to protect the integrity of your internal network from unauthorized intrusion.

Related Links
Getting Started; TCP/IP Properties
Installing a Feature Key for the 3300 Series
Copyright © 2003-2005 Netopia, Inc. All rights reserved.