The IT Leader's Guide to Multicloud Readiness
This guide provides practical key insights and important factors to consider to make informed decisions in your multicloud journey.
Download the Guide
I was working with a customer recently to troubleshoot problems with Microsoft Lync Application Sharing and I needed to verify the source network address translation (NAT) of the Lync Edge server external interface IP addresses. The customer had a fairly typical Lync Edge server implementation: one internal DMZ zone network interface with one private IP address and one external DMZ zone network interface with three private IP address static NAT’ed to the Internet.
One way to verify source NAT is to simply open Internet Explorer, browse to www.google.com and type in “what is my ip.” This will show the translated public IP address for the primary IP address of your computer.
This works well when your computer only has a single IP address, but a lot of Internet facing servers (including Lync Edge) have multiple IP addresses associated with a single network interface.
In order to get the NAT translated IP address for each address associated to a network interface, we need a way to bind our application to a given source IP address. I am not aware of a way to make Internet Explorer do this binding, so the solution I came up with was to use a Windows port of a GNU application called wget.
First, download wget from http://users.ugent.be/~bpuype/wget. Remember where you saved the wget.exe file as we will need it later.
Next, open a command prompt and change directory to the folder where you downloaded or saved the wget.exe file.
Now, run wget with the following command, replacing <SOURCE IP ADDRESS>with the internal private IP address for which you want to test outbound source NAT.
wget -qO- –bind-address=<SOURCE IP ADDRESS> http://checkip.dyndns.com
This command tells wget to output to the screen the results of an HTTP GET request to the web page at http://checkip.dyndns.com while binding itself to the IP address specified after the –bind-address parameter.
The results of this command can be seen in the following screenshot:
You can see here that I ran the command three separate times, once for each IP address on the Lync Edge external network interface changing the –bind-address with each execution of wget. You can also see that the NAT’ed IP address changes with each wget request. This output was the expected result and showed that source NAT was working correctly.
If the private to public NAT translations yield unexpected results, you may have a problem with your NAT rules. Double check the IP address you used in the –bind-address parameter. If the –bind-address parameter is correct, double check the NAT translations in your firewall.
If you found this post useful or have a different solution for the scenario, I’d love to hear from you. Use the comments below to post your thoughts.