Shulou(Shulou.com)06/01 Report--

NAT (Network address Translation) translates the private IP address of the internal network into the only public network IP address in the world. So that the internal network can be connected to the Internet and other external networks, and is widely used in various types of Internet access methods and various types of networks.

NAT also has its advantages and disadvantages in practical application. The advantage is that it can save limited public network IP addresses, deal with address overlap, enhance the flexibility of the network, the most important thing is that it can hide its own real address, avoid malicious network *, and strengthen the security of the network. Things are always two-sided, there are advantages and disadvantages, the configuration of NAT in the router virtually increases the workload of the router, resulting in an increase in network delay, configuration and maintenance workload is also relatively large.

There are three ways to implement NAT, namely, static translation Static Nat, dynamic conversion Dynamic Nat and port multiplexing OverLoad.

Static translation: refers to the translation of private IP addresses of the internal network to public IP addresses, and the IP address pair is one-to-one.

Dynamic translation: when the private IP address of the internal network is translated into a public IP address, the IP address is a custom pool of legal IP addresses, and all private IP addresses authorized to access the Internet can be randomly translated into any specified legal IP address. In other words, dynamic translation can be carried out as long as the internal translation address is specified and the external legal address is available for translation.

Port multiplexing: refers to changing the source port of outbound packets and port translation, that is, port address translation, using port multiplexing. All hosts in the internal network can share a legitimate external IP address to access Internet, which can maximize the saving of IP address resources. At the same time, all hosts within the network can be hidden to effectively avoid * from internet. Therefore, port multiplexing is the most widely used in the network at present.

This experiment includes five experiments, which are static address translation, static extended address translation (port mapping), dynamic address translation, port address translation (PAT (fixed external network address)), dynamic address translation (reuse router external interface address).

The static address translation experiment is ready to draw the topology diagram on the GNS3 software. The Secure CRT software connects remotely.

The experiment begins.

The first step is to address the router port to ensure the smooth flow of the simulated network.

Configuration of static address translation in global mode

Ip nat inside source static 192.168.100.10 12.0.0.2 / / performs static address translation, translating fixed internal network addresses to fixed public network addresses

Enable NAT,inside,outside on internal and external ports. How to choose the port, on the router, the port close to the limiting party is the inside port, then the other interface is the outside port.

test

Open the nat test and use VPCS to capture the data in the mutual ping,CRT software between PCs.

Debug ip nat / / in # (entered in privileged mode) to enable nat testing

Port mapping experiment is going to use GNS3 software to draw the topology diagram needed for the experiment to prepare a linux virtual machine and a windows 7 virtual machine.

The experiment begins.

First of all, adjust the network settings to ensure that the virtual machine Windows7 and Linux can ping each other, and turn on the httpd service of linux.

Configure port mapping in global mode

Ip nat inside source static tcp 192.168.175.106 80 12.0.0.2 8080 extendable

Enable NAT on the internal and external ports, turn on the test, and use the translated address to visit the website again.

Implementation preparation for dynamic address translation

Use GNS3 software to draw the network topology diagram needed for the experiment, and configure it at the same time to achieve the smoothness of the simulated network.

Define access control list access-list 1 permit 192.168.10.0 0.0.0.255 / create a standard access control list with list number 1 define legal IP address pool ip nat pool test 12.0.0.6 12.0.0.8 netmask 255.255.255.0 / define a legitimate address pool named test to implement network address translation ip nat inside source list 1 pool test

4 enable NAT on internal and external ports

test

The experiment of PAT fixed external network address is going to draw the network topology diagram needed by the experiment in GNS3 software, and set up the previous stage to realize network interworking.

The lab begins to define the access control list access-list 1 permit 192.168.10.0 0.0.0.255 defining a legitimate IP address pool ip nat pool test1 12.0.0.8 12.0.0.8 netmask 255.255.255.0 to implement network address translation ip nat inside source list 1 pool test1 overload enables NAT on internal and external ports and enables testing.

The experiment of external interface address of PAT multiplex router is prepared to draw the network topology diagram needed by the experiment in GNS3 software, and set up the previous stage to realize network interworking.

The lab begins to define the internal access list access-list 1 permit 192.168.10.0 0.0.0.255 to set the multiplexing dynamic IP address translation ip nat inside source list 1 interface fastEthernet 0bin1 overload to enable NAT on the internal and external ports, and to enable testing.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.