I am going to make the assumption that you wish to remain a full
Windows network, and not introduce a Unix machine in the mix.
I am also going to assume that you will be using the latest versions
of the OS, Windows 2000 for the servers and Windows XP for the
If either of these assumptions are incorrect, please ask for a
clarification and I will update the answer.
Now, the basic technology you will need to have one external IP
address and many internal reserved addresses (the 10-dot network
addresses) is called Network Address Translation (NAT).
NAT is a standard feature of Windows 2000 Server's Routing and Remote
Access Service (RRAS) and Win2K Professional's Internet Connection
Sharing (ICS) component that lets an Internet-connected host act as an
Internet gateway for internal LAN clients. NAT translates clients'
internal network IP addresses into the appropriate address on the
NAT-enabled gateway device and protects internal client IP addresses
by making them inaccessible to Internet hosts.
You are correct in thinking you will need a machine with two network
cards, one connected to the outside, and one connected to the inside.
You can enable NAT from the Routing and Remote Access window on Win2K.
Full details of the exact process are available from the article
"Windows 2000's Network Address Translation" by Zubair Alexander as
published in the February, 2000 issue of Windows and .Net Magazine,
and available here:
On the workstations, you will simply need to have the 'Obtain an IP
Address Dynamically' selected in the TCP/IP configuration dialog.
This will cause the workstations to dynamically search your internal
network for a DHCP server (the NAT server) and get an IP address from
there. Or, you can manually assign the IP addresses to each
workstation in the same control panel.
Directions and screen shots for this under Windows XP are found in the
article, 'Windows XP Network Protocols', published by
Regarding the subnet mask, you generally leave that blank if using
DHCP to obtain addresses for the workstations; the DHCP server (the
NAT server) will assign that along with the IP address. Subnetting is
generally only used in much larger networks to group and divide
network segments for logical management. You can read up on
subnetting at these resources:
LearnToSubnet.com, a free lecture based presentation of IP addresses
Also, SubnetOnline.com has a printed tutorail about IP addressing and
subnetting, along with great calculators to help figure subnets.
Again, tho, I reinforce the notion that you do not need to worry about
subnetting for smaller networks - less than 254 machines will only
occupy one class-C subnet.
I hope this has answered your question; if you need further
information, please post a clarification request.
windows 2000 nat
windows XP network setup
how to subnet
Understanding NAT, Sean Daily in Windows & .Net Magazine, August 14,
Clarification of Answer by
07 Apr 2003 08:49 PDT
Ok - we're going to have to go back and forth on this a bit. Please
ask for clarification of this answer to answer my questions.
First, are you getting any errors or other indications that anything
is wrong when you attempt to connect to the internet via the
Second, are you able to connect to the internet via the NAT server?
Third, does the workstation obtain an IP address in the range you
specified? What are the settings shown by IPConfig or winipcfg? if
you attemt to release and renew the IP address on the workstation with
IPConfig or winipcfg, what messages or errors do you get?
Fourth, are you able to connect via the network from the workstation
to any other shared resources on your internal network, like file
shares? An easy test is to share out a folder on the NAT server with
full access permissions and see if you can map that folder from the
workstation. I would suggest trying this with the NAT server
disconneced from the Internet.
Fifth, are you able to ping the NAT server from the workstation?
Bring up a command prompt and type 'ping 192.168.0.1 '. What is the
Thank you for the answers to these questions. This will help to
narrow down the nature of the problem.