Shulou(Shulou.com)06/03 Report--

Overview of NAT

  NAT (Network Address Translation, Network address Translation) was proposed in 1994. When some hosts within the private network are already assigned local IP addresses (that is, private addresses used only in this private network), but now want to communicate with hosts on the Internet (without encryption), you can use the NAT method

How NAT works

With the help of NAT, when the "internal" network with private (reserved) address sends a packet through the router, the private address is translated into a legal IP address, and a local area network only needs to use a small number of IP addresses (or even one) to realize the communication requirements between all computers in the private address network and Internet.

There are three ways to realize NAT, namely, static conversion Static Nat, dynamic conversion Dynamic Nat and port multiplexing OverLoad.

  static translation: refers to the translation of private IP addresses in the internal network to public IP addresses. IP address pairs are one-to-one and are immutable. A private IP address is only translated into a public IP address. With the help of static conversion, the external network can access some specific devices (such as servers) in the internal network.

  dynamic translation: when the private IP address of the internal network is translated into a public IP address, the IP address is uncertain and random, and all private IP addresses authorized to access the Internet can be randomly translated into any specified legal IP address. That is, dynamic translation can occur as long as you specify which internal addresses can be translated and which legal addresses are used as external addresses. Dynamic translation can use multiple sets of legitimate external addresses. When the legal IP address provided by ISP is slightly less than the number of computers within the network. Dynamic conversion can be used.

  port multiplexing: (Port address Translation,PAT) refers to changing the source port of an outgoing packet and performing port translation, namely port address translation (PAT,Port Address Translation). The port multiplexing mode is adopted. All hosts in the internal network can share a legitimate external IP address to access Internet, which can maximize the saving of IP address resources. At the same time, all hosts within the network can be hidden to effectively avoid * from internet. Therefore, port multiplexing is the most widely used in the network at present.

Advantages and disadvantages of NAT (1) advantages of NAT

Save a common legal IP address

Deal with address overlap

Increase flexibility

Security.

(2) shortcomings of NAT

Delay increase

Complexity of configuration and maintenance

Some applications are not supported and can be avoided by static NAT mapping

NAT contains four types of addresses, internal local address, external local address, external global address, external global address, NAT translation entry, simple translation entry, extension translation entry, static NAT configuration case, topology diagram

1. Configure sw layer 2 switch SW#conf t SW (config) # no ip routing / / turn off routing function SW (config) # int f1amp 0 / / entry port f1/0SW (config-if) # speed 100 / / configure rate SW (config-if) # dup full / / configure full duplex mode SW (config-if) # ex2 Configure the R1 router R1#conf tR1 (config) # int f0/0R1 (config-if) # ip add 192.168.100.1 255.255.255.0R1 (config-if) # no shutR1 (config-if) # int f0 255.255.255.0R1 1 R1 (config-if) # ip add 12.0.0.1 255.255.255.0R1 (config-if) # no shutR1 (config-if) # exR1 (config) # ip route 0.0.0.0 0.0.0.0 12.0. 0.2 # # configured as default Route 3 Configure R2 router R2#conf tR2 (config) # int f0/0R2 (config-if) # ip add 12.0.0.2 255.255.255.0R2 (config-if) # no shutR2 (config-if) # int f0/1R2 (config-if) # ip add 13.0.0.1 255.255.255.0R2 (config-if) # no shutR2 (config-if) # exR2 (config) # ip route 0.0.0.0 0.0.0.0 12.0.0 .1 / / configure default route 4 Configure the ip address of the PC and test the network interoperability to configure the ip address of the PC

Test the interoperability of the whole network

5, configure NAT on R1 Enable debug function R1 (config) # ip nat inside source static 192.168.100.10 12.0.0.10R1 (config) # ip nat inside source static 192.168.100.20 12.0.20 R1 (config) # int f0/0R1 (config-if) # ip nat inside / / apply NAT to internal R1 (config) # int f0bin1 R1 (config-if) # ip nat out / / apply NAT to internal R1#debug Ip nat / / Test NAT address IP NAT debugging is on6 Test whether NAT has done address translation Check the debug results PC1 > ping 13.0.1313.0.13 icmp_seq=1 timeout13.0.0.13 icmp_seq=2 timeout84 bytes from 13.0.0.13 icmp_seq=3 ttl=62 time=41.886 ms84 bytes from 13.0.0.13 icmp_seq=4 ttl=62 time=38.922 msR1#*Mar 100: 30 icmp_seq=3 ttl=62 time=41.886 ms84 bytes from 38.259: NAT*: slots 192.168.100.10-> 12.0.0.10 Dudes 13.0.0.13 [1514] R1#*Mar 100: 30 R1#*Mar 40.259: NAT*: slots 192.168.100.10-> 12.0.0.10, dudes 13.0.0.13 [1515] R1#*Mar 100: 30 R1#*Mar 42.263: NAT*: slots 192.168.100.10-> 12.0.0.10, dudes 13.0.0.13 [1516] * Mar 100: 30 R1#*Mar 42.291: NAT*: slots 13.0.0.13 NAT*: 12.0.0.10-> 192.168.100.10 [1516] R1#*Mar 100: 30 R1#*Mar 43.307: NAT*: slots 192.168.100.10-> 12.0.0.10, dice 13.0.0.13 [1517] * Mar 100: 30 Mar 43.335: NAT*: slots 13.0.0.13, dads 12.0.0.10-> 192.168.100.10 [1517] R1#*Mar 100: 30 NAT*: 44.347: NAT*: slots 192.168.100.10-> 12.0.0.10 Dwatches 13.0.0.13 [1518] * Mar 100: 30 NAT 44.379: NAT*: slots 13.0.0.13, dudes 12.0.0.10-> 192.168.100.10 [1518] / / convert the source address swatches 192.168.100.10 to 12.0.0.10 in the outgoing direction, and convert the destination address dwatches 12.0.0.10 to 192.168.100.10 static port mapping case series topology diagram in the return direction.

In the experimental environment, a Linux as a service server and a win7 as a client of the public network, open Linux Install the web service and edit the web content [root@192] # yum install httpd-y / / install the service [root@192] # vim / var/www/html/index.html / / Edit the web page this is inside web [root@192] # systemctl start httpd / / turn on the service [root@192] # systemctl stop firewalld.service / / turn off the firewall [root@192] # setenforce 0 / / turn off enhanced security 2, and test access to the website provided by Linux

3. Bind the Nic of Linux to vmnet1 (host mode only)

4. Give the Linux server a fixed ip address [root@192 ~] # vim / etc/sysconfig/network-scripts/ifcfg-ens33 # # modify the fixed ip [root@192 ~] # service network restart # # restart the network card service

five, Configure R1 router R1#conf t # # global mode R1 (config) # int f0ap0 # # enter interface R1 (config-if) # ip add 192.168.100.1 255.255.255.0 # # configure gateway R1 (config-if) # no shut # # enable R1 (config-if) # exR1 (config) # int f0/1R1 (config-if) # ip add 12.0.0.1 255.255.255.0R1 ( Config-if) # no shutR1 (config-if) # ex6 Bind the win7 Nic to vmnet2 (host mode only) and set the fixed ip

7. Configure NAT mapping on R1 router and enable debug function R1#conf tR1 (config) # ip nat inside source static tcp 192.168.100.100 80 12.0.100 8080 extendable / / Internal port enable NAT,tcp protocol, IP address plus port, map external network address plus port After that, be sure to add an extended extendable on Interface NVI0, changed state to upR1 (config) # int f0ap0 # # enter interface f0/0R1 (config-if) # ip nat inside / / set to internal R1 (config-if) # int f0and1 # # enter interface f0/1R1 (config-if) # ip nat outside / / set to external R1 (config-if) # endR1#debug ip nat / / Test Boot Port Mapping IP NAT debugging is on8 Access the website service built by the screen Linux server by using the public network win7

9 80*Mar debug captures the process of port and address translation R1#*Mar 100: 09 80*Mar 18.395: NAT*: port and address translation process: NAT port mapping thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.