Clients, Secure Email
And A Web Server

This is the ultimate setup for an organization that doesn't offer Internet services to the outside world. In this package, we provide:

Unlimited Client Access
To The Internet

Our NAT devices give your client applications full access to the riches of the Internet. Unlike the usual methods, all of your clients appear to have the exact same IP Address, making your network a mystery to the Internet Bad Guy (IGB). Another benefit is the elimination of the need to publish names by way of the Domain Name Service (DNS) to make picky "anonymous" FTP sites happy. You publish a single IP Address and name, and everyone can use FTP.

Use of RFC 1597
IP Addresses

There is no need for you to register IP Addresses. In fact, if you're not an Internet Service Provider, you shouldn't use registered addresses. Your ISP will loan some addresses to you for the outside to see, but you'll use IP Addresses from RFC 1597 inside your Enterprise.

The NAT device will translate your actual internal IP Addresses to the apparent ones that your ISP loaned you. The outside world will have no idea of your internal network or its structure.

No External Access
To Your Mail Server

Your internal mail server does not accept connections from the outside. It doesn't need to, because our Ultimate Mail Service accepts them for it. When your mail server wants to fetch your email, it opens a tightly-authenticated connection to our Ultimate Mail Server and retrieves your email through an encrypted channel. Nobody will be probing your mail server for security problems, and the NATs will make sure of it.

Secure Email Exchange
With Other Domains

Other domains that contract for Ultimate Mail Service may exchange email with your domain without any mail travelling the net in the clear. All communication between the UMS and the internal mail servers is encrypted for complete privacy. As the standards evolve, Network Safety will deliver encrypted email to your client application. When we can do this, your email NEVER crosses the net in the clear.

NAT-Mapped Access
To Your Web Server

Our NetNAT listens on your single external IP Address for incoming Web requests, and redirects them to a server on the inside. That server should be configured to run on a non-standard port, with the NetNAT re-mapping the connections from port 80 (on the outside) to the non-standard port on the inside. This lets you run two Web server processes on your Web server, one on 80 for your internal users, and another on a non-standard port for your external audience. For example, 

   Name    Actual Address and Port      Apparent Address and Port
  ------  -------------------------    ---------------------------
   ser12     192.168.16.12   8000         204.116.73.1     80
   ser12     192.168.16.12     80
This shows a server, "ser12," on the "actual" IP Address 192.168.16.12, with two Web server processes running. One server is on the standard port of 80, the other on a non-standard port of 8000. The NetNAT, however, is listening on the outside on the apparent address of 204.116.73.1 on port 80, and is redirecting any traffic to the server on port 8000 on ser12. Which server you get on the default port depends on where you are.

If no other services are defined to the NetNAT, there will be no possibility of any other service request entering your network from the outside.

This page was last modified on 30 September, 1995.

This information is proprietary to Network Safety. Network Safety, WebElite, DialNAT and NetNAT are trademarks of Network Safety. For information on our products and services, please contact our sales department.

This page was prepared using WebElite, our professional editor for the Web.