This document discusses the first steps in connecting a site to the internet, including deciding whether servers need public access, what type of internet access is needed, whether static or dynamic IP addresses are required, bandwidth needs, and firewall and NAT requirements. Key considerations include whether servers need public access, the type of internet access, static vs dynamic IP addresses, bandwidth needs, using NAT or public IP addresses, purchasing or using an ISP router, and backup internet connections. The document also provides an overview of NAT and NAPT, explaining how NAT translates private IP addresses to public IP addresses when packets pass through the NAT device, and how NAPT uses port translation to determine which internal machine external packets are destined for.
3. First steps – deciding what you need
●
do you need any servers at your site to be
accessible from the Internet
●
do you need “always on” access or or is
occasional dial-up access adequate
●
do you need static (fixed) external IP addresses to
be allocated to your site, or can you work with
dynamically allocated addresses?
●
what Internet bandwidth will you need?
●
4. First steps – deciding what you need
●
will you use NAT or will all your internal machines
have valid public IP addresses?
●
will you buy and install your own Internet router, or
will your chosen ISP provide, install, and manage it
for you?
●
do you need a backup Internet connection in case
your primary connection fails?
●
you will need a firewall of some kind to protect you
from hackers.
5. First steps – deciding what you need
●
If you run a publicly accessible Web or e-mail
server at your site:
–you will need a static IP address for it, to be
entered in the DNS
–you will need always-on access
–you may want to locate the servers on a
“demilitarized zone” separate from your main
network, this will influence your choice of firewall
●
6. First steps – deciding what you need
●
The alternative to running your own servers is to
have them hosted elsewhere, e.g. at your ISP or at a
dedicated hosting site
●
Using your ISP’s e-mail services is more
straightforward, or at least run a backup mail server
for you
●
Your bandwidth requirements are determined by the
number of users at your site, what they do, and what
your business is
7. Network Address Translation (NAT)
– overview
●
Network Address Translation (NAT) lets you use IP
addresses (private) inside on your LAN that are different
to those visible from outside on the Internet
8. Reasons to use NAT
●
your ISP may give you only 4, 8, or 16 static
public IP addresses (some of which will be taken up
by network and broadcast addresses, your firewall
and router.)
●
you want to use the private non-routable address
ranges. These let you accommodate an internal
network of any size, and are essential for large sites
9. How NAT works
●
As a packet from the LAN passes through the NAT device,
the packet is actually modified: the NAT device translates the
internal IP address (e.g. 10.1.1.1) to an external address (e.g.
192.0.2.78).
●
10. Network Address and Port
Translation (NAPT)
●
In our example network (Figure 23.5), all packets
arriving from outside are addressed to 192.0.2.78;
how does the NAT device decide which internal
machine they are really destined for?
–It uses network port translation (NPT), also
called port address translation (PAT) or network
address and port translation (NAPT), to do this.
Gambar ulang dipapan tulis, Let’s say you’re about to connect a site (something like that in Figure 23.1) to an ISP to provide Internet access to and from your site.
Internal, eksternal
Firewall, DMZ → detail bab berikutnya
- tulis point2 kebutuhan ini ke papan tulis lagi
- web server, mail server dll, mo dikelola sendiri (publik), or hostingkan
-We defer firewall and other security issues until later chapters
Statik ip address → publik
Defer pembahasan DMZ dan firewall
- (gambar)Mengurangi beban administrsi, tipe koneksi (not always on), faster jika ISP atau hosting punya insfrastruktur yg bagus
- gambar bung, the ISP may include e-mail service as part of their standard offering, or at least run a backup mail server for you. Then, if you have a dial-up connection, mail sent to your site when you are not connected is queued at the ISP, for you to retrieve when your connection comes up.