1: Technical background
• IPv4
addresses have been exhausted.
•
LAN users generally use private
IPv4
addresses (not routable), how to access the public network (both need to deploy nat to access the public network)
• How do
servers
using private
IPv4
addresses in the local area
network provide services to the public network?
•
How do I achieve the
need to hide the
IP of the
internal network from the outside
, and the specific server of the internal network needs to provide external services?
2: Public IP address and private IP address
Public address:
•
Public network address refers to an address that can be used on the
Internet
. To ensure that the entire
Internet
in the
IP
uniqueness, public addresses by the address of the IANA
(
Internet Assigned Number The Authority
is responsible for allocating) the international organizations. If you need a network device using the public network address, it is necessary to ISP
(
Internet
Service Provider
) or registration center application.
Private address:
•
In order to meet the needs of some laboratories, companies or other organizations that are independent
of the private network outside the
Internet
, RFCA (
Requests For Comment
)
1918
reserves
three
IP
address segments
for private use . Private addresses cannot be assigned on the Internet
, so they can be used freely without applying
3:NAT(network address translator)
The main principle of NAT
(
Network Address Translator
) is to
automatically replace the source address or destination address in the packet header by parsing the
IP
packet header to achieve the purpose of private network users
accessing the public network
through the private network IP . The process of converting private network
IP
to public network IP
is transparent to users.
4: Advantages and disadvantages of NAT:
| advantage |
Disadvantages |
| Save IP address space |
Increase the forwarding delay (NAT processing is required) |
| Solve the problem of overlapping IP addresses (different intranets can have the same IP address) |
Loss of end-to-end addressing capabilities (intranet cannot directly access public network) |
| Increase the flexibility of connecting to the Internet |
Some applications do not support NAT |
| When the network changes, reduce the trouble of changing the IP re-addressing |
Need a certain amount of memory space to support dynamic storage of NAT entries |
| Hide internal addresses from the outside to increase network security |
Need to consume a certain amount of CPU resources for NAT operation |
5: NAT type:
Static (indicating that manual setting is required) one-to-one mapping (static NAT can not save public network addresses, but can play the role of hiding the internal network) There are two kinds of IP to IP mapping, and one is IP + port mapping.
One-to-one mapping based on address pool (no-pat means no port conversion but IP conversion) is a dynamic mapping.
The many-to-one mapping (PAT) based on the address pool is to convert both IP and port numbers
In this way, multiple private IPs can be mapped to a public IP. In fact, these private IPs are mapped to different ports of a public IP address, and these rare IPs are distinguished by port numbers. This alleviates the shortage of IPv4 addresses.
net server:
• NAT Server
is the most commonly used
NAT
based on destination address
. When a server is deployed on the intranet, its real
IP is a private network address, but public network users can only access the server through a public network address. At this time, you can configure the NAT Server to enable the device to access public network users to the public network The packets of the address are automatically forwarded to the intranet server.
• The NAT Server
function allows internal servers to be accessed by external networks. When users on the external network access the internal server, NAT
translates the destination address of the request message into the private address of the internal server. For internal server response packets, NAT
will also automatically convert the source address (private network address) of the response packet to a public network address.
easyıp
The IP address plan of the internal and external network and the egress router OR is shown in the figure:
Now PCs on the 192.168.1.0/24 network segment all need to access the external network. Now I hope that the internal network can use the public network IP of the GE0 / 0/1 port of the router to access the public network in Easy IP mode. It is to use its different port numbers for different mappings.
Internal server mapping (net server)
Now the intranet server needs to provide Web services to the outside world. The applied public network address is 200.1.1.100. Now the internal network server's TCP80 port should be mapped to the 200.1.1.100 TCP 8080 port to make the external network accessible
Configuration method
Excerpt from: Huawei Teaching Video
