Shulou(Shulou.com)06/01 Report--

Network address Translation (NAT)

NAT belongs to access wide area network (WAN) technology, which is a translation technology that converts private (reserved) addresses into public (legal) IP addresses. It is widely used in various types of Internet access methods and various types of networks. The reason is simple: NAT not only perfectly solves the problem of insufficient lP addresses, but also effectively avoids xxx from outside the network, hides and protects computers inside the network.

Basic Network address Translation (Basic NAT) is a technique that maps one set of IP addresses to another set of IP addresses, which is transparent to end users. Network address Port Translation (NAPT) is a method of translating a group network address and its corresponding TCP/UDP port into a single network address and its corresponding TCP/UDP port. These two operations, traditional NAT, provide a mechanism to connect internal realms with only private addresses to external realms with globally unique registered addresses.

Due to the reason of confidentiality or the illegality of IP in the external network, the internal IP address of the network can not be used in the external network, so there is a need for IP address translation. The topology of networks other than local area networks can be changed in a variety of ways: companies change suppliers, reorganize company backbone networks, or suppliers merge or break up partnerships. Once the external topology changes, the address allocation of the local network must also change to reflect the external changes. By centralizing these changes in a single address translation router, LAN users do not need to be aware of these changes. Basic address translation allows hosts to access the external network transparently from the internal network and to access selected local hosts from the outside. This configuration is suitable for an organization whose network is mainly used for internal services and sometimes for external access.

There is a limitation in using this conversion method, that is, requests and responses for the session must be sent through the same NAT router. Installing NAT on the border router ensures this process, the border router is unique in the domain, and all passing IP packets either come from or arrive in this domain. In addition, multiple NAT devices can be used to ensure this process.

The NAT solution has its shortcomings, which is only supplemented by enhanced network state, while ignoring the end-to-end importance of IP addresses. As a result, the end-to-end IP network-level security guaranteed by IPSec cannot be applied to end hosts due to the presence of NAT devices. The advantage of this approach is that you can install NAT directly without changing the host or router.

There are three ways to implement NAT, namely, static translation Static Nat, dynamic conversion Dynamic Nat and port multiplexing OverLoad.

Static translation refers to the translation of private IP addresses in the internal network to public IP addresses. IP address pairs are one-to-one and are immutable, and a private IP address is only translated into a public IP address. With the help of static conversion, the external network can access some specific devices (such as servers) in the internal network.

Dynamic translation means that when the private IP address of the internal network is translated into a public IP address, the IP address is uncertain and random, and all private IP addresses authorized to access the Internet can be randomly translated into any specified legal IP address. That is, dynamic translation can occur as long as you specify which internal addresses can be translated and which legal addresses are used as external addresses. Dynamic translation can use multiple sets of legitimate external addresses. When the legal IP address provided by ISP is slightly less than the number of computers within the network. Dynamic conversion can be used.

Port multiplexing (Port address Translation,PAT) refers to changing the source port of outbound packets and performing port translation, namely port address translation (PAT,Port Address Translation). The port multiplexing mode is adopted. All hosts in the internal network can share a legitimate external IP address to access Internet, which can maximize the saving of IP address resources. At the same time, all hosts within the network can be hidden to effectively avoid xxx from internet. Therefore, port multiplexing is the most widely used in the network at present.

Let's do an experiment here to learn and discuss NAT technology together.

First, static conversion.

Then dynamic NAT

The previous configuration of the IP address remains the same, so an additional ACL access control list is required.

Configure ACL to enable the 192.168.1.0 network segment to pass through the router

Note: if there is a logical subinterface, you also need to set it.

Port Multiplexing again (Port address Translation,PAT)

So far, the whole experiment is successful.

If there is anything wrong in this, please correct it.

Thank you for reading and watching.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.