Shulou(Shulou.com)06/03 Report--

NAT Overview background of 1.NAT

NAT (Network Address Translation, Network address Translation), the NAT method can be used when some hosts within the private network have been assigned local IP addresses (that is, private addresses used only in this private network), but now want to communicate with hosts on the Internet (without encryption).

How 2.NAT works

With the help of NAT, when an "internal" network with a private address sends a packet through a router, the private address is translated into a legal IP address, and a local area network only needs to use a small number of IP addresses to realize the communication requirements between all computers in the private address network and Internet.

NAT will automatically modify the source IP address and destination IP address of IP messages, and Ip address verification will be completed automatically during NAT processing. Some applications embed the source IP address into the data part of the IP message, so the data part of the message needs to be modified at the same time to match the modified source IP address in the IP header. Otherwise, applications that embed IP addresses in the message data section will not work properly.

Advantages and disadvantages of 3.NAT

(1) the advantages of NAT

Save a common legal IP address

Deal with address overlap

Increase flexibility

Security.

(2) shortcomings of NAT

Delay increase

Complexity of configuration and maintenance

Some applications are not supported and can be avoided by static NAT mapping

The implementation of 4.NAT

1. Static conversion

It refers to the translation of the private IP address of the internal network to the public IP address. The IP address pair is one-to-one and is immutable. A private IP address is only translated into a public IP address. With the help of static conversion, the external network can access some specific devices (such as servers) in the internal network.

two。 Dynamic conversion

It means that when the private IP address of the internal network is translated into a public IP address, the IP address is uncertain and random, and all private IP addresses authorized to access the Internet can be randomly translated into any specified legal IP address. That is, dynamic translation can occur as long as you specify which internal addresses can be translated and which legal addresses are used as external addresses. Dynamic translation can use multiple sets of legitimate external addresses. When the legal IP address provided by ISP is slightly less than the number of computers within the network. Dynamic conversion can be used.

3. Port Multiplexing (PAT)

It refers to changing the source port of outbound packets and performing port translation, that is, port address translation adopts port multiplexing. All hosts in the internal network can share a legitimate external IP address to access Internet, which can maximize the saving of IP address resources. At the same time, all hosts within the network can be hidden to effectively avoid interference from internet.

5.NAT contains four types of addresses, internal, external, local, internal, global, external, global, 6. Translation entries for NAT simple translation entries ip extension translation entries ip and port (port) static NAT case columns demonstrate topology diagram

Step 1: configure SW switch SW#conf t SW (config) # no ip routing / / turn off routing function SW (config) # int f1bin0 / / entry port f1/0SW (config-if) # speed 100 / / configure rate SW (config-if) # dup full / / configure full duplex mode SW (config-if) # ex step 2: configure R2 router R2#conf tR2 (config) # int f0 / 0R2 (config-if) # ip add 12.0.0.2 255.255.255.0R2 (config-if) # no shutR2 (config-if) # int f0/1R2 (config-if) # ip add 13.0.0.1 255.255.255.0R2 (config-if) # no shutR2 (config-if) # exR2 (config) # ip route 0.0.0.0 0.0.0.0 12.0.0.1 / / configure default routing step 3: configure Set R1 router R1#conf tR1 (config) # int f0/0R1 (config-if) # ip add 192.168.100.1 255.255.255.0R1 (config-if) # no shutR1 (config-if) # int f0Uniplic1R1 (config-if) # ip add 12.0.0.1 255.255.255.0R1 (config-if) # no shutR1 (config-if) # exR1 (config) # ip route 0.0.0.0 0.0.0.0 12.0.0 Step 4: configure the client ip address And test the interoperability of the whole network

1. Configure client IP address

PC1 > ip 192.168.100.10 192.168.100.1Checking for duplicate address...PC1: 192.168.100.10 255.255.255.0 gateway 192.168.100.1PC2 > ip 192.168.100.20 192.168.100.1Checking for duplicate address...PC1: 192.168.100.20 255.255.255.0 gateway 192.168.100.1PC3 > ip 13.0.0.13 13.0.0.1Checking for duplicate address...PC1: 13.0.0. 13 255.255.255.0 gateway 13.0.0.1

two。 Test interoperability

PC1 > ping 13.0.0.1313.0.13 icmp_seq=1 timeout13.0.0.13 icmp_seq=2 timeout84 bytes from 13.0.0.13 icmp_seq=3 ttl=62 time=45.879 ms84 bytes from 13.0.0.13 icmp_seq=4 ttl=62 time=37.925 ms84 bytes from 13.0.0.13 icmp_seq=5 ttl=62 time=38.894 msPC1 > ping 192.168.100.2084 bytes from 192.168.100.20 icmp_seq=1 ttl=64 time=0.000 ms84 bytes from 192.168.100.20 icmp_seq=2 ttl=64 time=0. 000 ms84 bytes from 192.168.100.20 icmp_seq=3 ttl=64 time=0.000 ms84 bytes from 192.168.100.20 icmp_seq=4 ttl=64 time=0.000 ms84 bytes from 192.168.100.20 icmp_seq=5 ttl=64 time=0.069 ms step 5: configure NAT on the R1 router And turn on the debug function R1 (config) # ip nat inside source static 192.168.100.10 12.0.0.10R1 (config) # ip nat inside source static 192.168.100.20 12.0.20 R1 (config) # int f0/0R1 (config-if) # ip nat inside / / apply NAT to internal R1 (config) # int f0bin1 R1 (config-if) # ip nat out / / apply NAT to internal rotations Debug ip nat / / Test NAT address IP NAT debugging is on step 6: test NAT address translation And use the debug function PC1 > ping 13.0.1313.0.13 icmp_seq=1 timeout13.0.0.13 icmp_seq=2 timeout84 bytes from 13.0.0.13 icmp_seq=3 ttl=62 time=41.886 ms84 bytes from 13.0.0.13 icmp_seq=4 ttl=62 time=38.922 msR1#*Mar 100: 30 icmp_seq=3 ttl=62 time=41.886 ms84 bytes from 38.259: NAT*: slots 192.168.100.10-> 12.0.0.10 Dudes 13.0.0.13 [1514] R1#*Mar 100: 30 R1#*Mar 40.259: NAT*: slots 192.168.100.10-> 12.0.0.10, dudes 13.0.0.13 [1515] R1#*Mar 100: 30 R1#*Mar 42.263: NAT*: slots 192.168.100.10-> 12.0.0.10, dudes 13.0.0.13 [1516] * Mar 100: 30 R1#*Mar 42.291: NAT*: slots 13.0.0.13 NAT*: 12.0.0.10-> 192.168.100.10 [1516] R1#*Mar 100: 30 R1#*Mar 43.307: NAT*: slots 192.168.100.10-> 12.0.0.10, dice 13.0.0.13 [1517] * Mar 100: 30 Mar 43.335: NAT*: slots 13.0.0.13, dads 12.0.0.10-> 192.168.100.10 [1517] R1#*Mar 100: 30 NAT*: 44.347: NAT*: slots 192.168.100.10-> 12.0.0.10 Dwatches 13.0.0.13 [1518] * Mar 100: 30 NAT 44.379: NAT*: slots 13.0.0.13, dudes 12.0.0.10-> 192.168.100.10 [1518] / / convert the source address swatches 192.168.100.10 to 12.0.0.10 in the outgoing direction, and convert the destination address dumb12.0.0.10 to 192.168.100.10 static NAT port mapping column to demonstrate the topology diagram in the outgoing direction.

Environmental requirements:

One Linux virtual machine (CentOS 7) as a service server in the local area network

A Windows virtual machine (win 7) as a client on the public network

Step 1: open the Linux virtual machine and install and set up the service when the network is connected

[root@192 ~] # yum install httpd-y / / installation service

[root@192 ~] # vim / var/www/html/index.html / / Edit the survey web page

This is inside web

[root@192 ~] # systemctl start httpd / / enable the service

[root@192 ~] # systemctl stop firewalld.service / / turn off the firewall

[root@192 ~] # setenforce 0 / / turn off enhanced security features

Step 2: test whether the website has been set up successfully

Step 3: bind the network card of the Linux virtual machine to VMnet1 (host mode only) and set a static ip address

1. Bind the network card

two。 Set static ip

Root@192 ~] # vim / etc/sysconfig/network-scripts/ifcfg-ens33TYPE=EthernetPROXY_METHOD=noneBROWSER_ONLY=noBOOTPROTO=static DEFROUTE=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_FAILURE_FATAL=noIPV6_ADDR_GEN_MODE=stable-privacyNAME=ens33UUID=88cf4975-29b8-4041-9cb0-456a56d1fddbDEVICE=ens33ONBOOT=yesIPADDR=192.168.100.100 NETMASK=255.255.255.0GATWAY=192.168.100.1 [root@192 ~] # service network start Starting network (via systemctl): [confirm] step 4: Configure R1 router R1#conf tR1 (config) # int f0/0R1 (config-if) # ip add 192.168.100.1 255.255.255.0R1 (config-if) # no shutR1 (config-if) # exR1 (config) # int f0/1R1 (config-if) # ip add 12.0.0.1 255.255.255.0R1 (config-if) # no shutR1 (config-if) # ex step 5: bind the network card of win 7 virtual machine to VMnet2 (host mode only) And set a static ip address

1. Bind the network card

two。 Set static ip

Step 6: configure NAT mapping on the R1 router and enable the debug function

1. Check the service port number of Linux first.

[root@192 ~] # netstat-ntap | grep 80tcp6 0 0: 80: * LISTEN 2659/httpd

two。 Set the NAT mapping relationship on the router

R1 (config) # ip nat inside source static tcp 192.168.100.100 80 12.0.100 8080 extendableR1 (config) # int f0bin0R1 (config-if) # ip nat inR1 (config-if) # int f0/1R1 (config-if) # ip nat outR1 (config-if) # endR1#debug ip natIP NAT debugging is on step 7: use the win 7 virtual machine Simulate the public network host to access the services built by the private network Linux server

R1#*Mar 100: 09 80*Mar 18.395: NAT*: slots 12.0.0.100-> 192.168.100.100 [192.168.100.100] / / the process of fetching to a port and address translation

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.