Shulou(Shulou.com)06/01 Report--

Network address Translation (NAT) structure:

NAT outlines how NAT works in the context of address translation:

Network Address Translation, network address translation

NAT implementation method:

1. Static conversion (Static Translation)

two。 Dynamic conversion (Dynamic Translation)

3. Port Multiplexing (Port Address Translation,PAT)

NAT terminology and translation table NAT contains four types of addresses

1. Inside local address: source IP=192.168.1.2

two。 External local address: destination IP=203.52.23.55

3. Inside global address: source IP=125.25.65.3

4. Outside global address: destination IP=203.51.23.55

The process of accessing an external server: first query the routing table and then view the NAT table for conversion

The process of packet return: first query the NAT table for conversion before viewing the routing table

Translation entries for NAT:

1. Simple conversion entry: convert only IP

two。 Extended translation entry: translates both IP and port port

Static and dynamic transformations of the working process of the NAT implementation method:

A private network address translates to a public network I address

PAT: multiple private network addresses are translated into one public network address, which is identified by port.

The same IP is converted, distinguished by port

Advantages of NAT addresses:

1. Alleviate the shortage of IP address resources

two。 Security: the real address of the visitor cannot be seen because it will be disguised as a public network address

3. Deal with address overlap

4. Increase flexibility

Disadvantages of NAT:

1. Delay increase

two。 Complexity of configuration and maintenance

3. Some applications are not supported and can be avoided by static NAT mapping

Virtual private network requires that both ends of fixed IP couplet IP cannot be changed, and traversing NAT devices will be configured at this time.

NAT configuration steps

1. Interface IP address configuration

two。 Use access control lists to define which internal hosts can do NAT

3. Decide which public address, static or address pool to use

Router (config) # ip nat pool pool-name star-ip {netmask netmask | prefix-length prefix-length} [type rotary]

4. Specify address translation mapping

Router (config) # ip nat inside source static local-ip global-ip [extendable] router (config) # ip nat inside source static access-list-number pool pool-name [overload]

5. Enable NAT on internal and external port

Static NAT configuration statically translates the internal network address 192.168.100.2 / 192.168.100.3 to a legitimate external address 61.159.62.131 / 61.159.62.132 in order to access or be accessed by the external network

Set the IP address of the external port: router (config) # interface FastEthernet 0/0router (config-if) # ip address 61.159.62.130 255.255.255.248router (config-if) # no shut set the IP address of the internal port: router (config) # interface FastEthernet 1/0router (config-if) # ip address 192.168.100.1 255.255.255.0router (config-if) # no shut establish static address translation: router (config) # ip nat inside source Static 192.168.100.2 61.159.62.130router (config) # ip nat inside source static 192.168.100.3 61.159.62.131 enable NAT:router (config) # inerface FastEthernet 0/0router (config) # ip nat outsiderouter (config) # interface FastEthernet 1/0router (config) # ip nat inside on internal and external ports configure a default route: router (config) # ip router 0.0.0.0 0.0.0.0 61.159.62.129Demo1: static NAT

Sw:sw#conf tsw (config) # no ip routingsw (config) # int f1/0sw (config-if) # speed 100sw (config-if) # dup full sw (config-if) # exR2:R2#conf tR2 (config) # int f0/0R2 (config-if) # ip add 12.0.0.2 255.255.255.0R2 (config-if) # no shutR2 (config-if) # int fR2 (config-if) # int f0zard 1 R2 (config-if) # ip add 13.0.0 .1 255.255.255.0R2 (config-if) # no shutR2 (config-if) # exR2 (config) # ip route 0.0.0.0 0.0.0.0 12.0.0.1R1:R1#conf tR1 (config) # int f0/0R1 (config-if) # ip add 192.168.100.1 255.255.255.0R1 (config-if) # no shutR1 (config) # int f0/1R1 (config-if) # ip add 12.0.0.1 255.255 .255.0R1 (config-if) # no shutR1 (config-if) # exR1 (config) # ip route 0.0.0.0 0.0.0.0 12.0.0.2 configure host address: PC1 > ip 192.168.100.10 192.168.100.1Checking for duplicate address...PC1: 192.168.100.10 255.255.255.0 gateway 192.168.100.1PC2 > ip 192.168.100.20 192.168.100.1Checking for duplicate address... PC1: 192.168.100.20 255.255.255.0 gateway 192.168.100.1PC3 > ip 13.0.0.13 13.0.0.1Checking for duplicate address...PC1: 13.0.0.13 255.255.255.0 gateway 13.0.0.1 Test Network Interconnection: PC1 > ping 192.168.100.2084 bytes from 192.168.100.20 icmp_seq=1 ttl=64 time=0.000 ms84 bytes from 192.168.100.20 icmp_seq=2 ttl=64 time=0.000 ms84 bytes From 192.168.100.20 icmp_seq=3 ttl=64 time=0.000 ms84 bytes from 192.168.100.20 icmp_seq=4 ttl=64 time=0.000 ms84 bytes from 192.168.100.20 icmp_seq=5 ttl=64 time=0.000 msPC1 > ping 13.0.13 13.0.13 icmp_seq=1 timeout13.0.0.13 icmp_seq=2 timeout84 bytes from 13.0.0.13 icmp_seq=3 ttl=62 time=62.485 ms84 bytes from 13.0.13 icmp_seq=4 ttl=62 time=69.039 ms84 bytes from 13.0 .0.13 icmp_seq=5 ttl=62 time=69.046 msNAT address translation configuration: R1 (config) # ip nat inside source static 192.168.100.10 12.0.0.10R1 (config) # ip nat inside source static 192.168.100.10 12.0.0.20R1 (config) # int f0/0R1 (config-if) # ip nat insideR1 (config-if) # int f0/1R1 (config-if) # ip nat outsideR1 (config-if) # endR1#debug ip nat IP NAT debugging is on Test whether NAT address translation is performed: PC1 > ping 13.0.0.1313.0.13 icmp_seq=1 timeout13.0.0.13 icmp_seq=2 timeout84 bytes from 13.0.0.13 icmp_seq=3 ttl=62 time=84.698 ms84 bytes from 13.0.0.13 icmp_seq=4 ttl=62 time=85.265 ms84 bytes from 13.0.0.13 icmp_seq=5 ttl=62 time=69.205 ms*Mar 100VV 23V 50.619: NAT*: slots 13.0.0.13 Mar 12.0.0.10-> 192.168.100.10 [5464] * 192.168.100.10 [192.168.100.10] / / convert the destination address 12.0.0.10 to 192.168.100.10 This is the process of static address translation Demo2:NAT static port mapping

A Web server built by Linux. The LAN address is 192.168.100.100, and the default port is port 80.

Gateway of LAN 192.168.100.1

Clients on the WAN cannot access the 100.100 address directly, and port mapping is required if they want to access it.

Mapping address: 192.168.100.100Rose 80muri-> 12.0.0.100Rose 8080

Others can only see your public network I address, but the private network address cannot be accessed directly.

Win7, as the client CentOS7 of the wide area network, does the following operations as the Web server: [root@localhost ~] # yum install httpd-y [root@localhost ~] # vim / var/www/html/index.html / / write the test web page this is inside web [root@localhost ~] # systemctl start httpd [root@localhost ~] # systemctl stop firewalld.service [root@localhost ~] # setenforce 0 you can see the contents of the web page file we wrote through CentOS7's Firefox self-test:

The binding port is VMnet1 Set the fixed IP to 100.100: [root@localhost ~] # vim / etc/sysconfig/network-scripts/ifcfg-ens33 change dhcp to static, press o at the last line to insert IPADDR=192.168.100.100NETMASK=255.255.255.0GATEWAY=192.168.100.1wq to save exit [root@localhost ~] # service network restartRestarting network (via systemctl): [OK] [root@localhost ~] # ifconfigens33: flags=4163 mtu 1500 inet 192.168 .100.100 netmask 255.255.255.0 broadcast 192.168.100.255 configuration Gateway address: R1#conf tR1 (config) # int f0/0R1 (config-if) # ip add 192.168.100.1 255.255.255.0R1 (config-if) # no shutR1 (config-if) # exR1 (config) # int f0R1R1 (config-if) # ip add 12.0.0.1 255.255.255.0R1 (config-if) # no shutR1 (config-if) # exwin7 binds the network card VMnet2 Configure fixed IP at the same time:

Access to the other party 192.168.100.100 is accessible at this time, but it is not possible to access the other party's private address directly:

NAT address translation configuration: R1 (config) # ip nat inside source static tcp 192.168.100.100 80 12.0.100 8080 extendable R1 (config) # int f0/0R1 (config-if) # ip nat insideR1 (config-if) # int f0/1R1 (config-if) # ip nat outsidR1 (config-if) # endR1#debug ip natIP NAT debugging is on*Mar 100: 36RV 59.327: NAT*: TCP slots 49160, dumb80-> 80*Mar 100: 36RV 59.327: NAT*: slots 12.0.0.12 Dwatches 12.0.0.100-> 192.168.100.100 [364] / both ports and addresses have been translated and tried again to access win7 using public network addresses. It can be successful at this time, and the experiment is successful!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.