NET brief introduction

Others 2021-03-01 09:07:25 views: null

Article Directory

1. The concept of NAT

NAT (Network Address Translation) is also known as network address translation, which is used to implement mutual access between private and public networks.

2. How NAT works

●NAT is used to convert the internal network address and port number into a legal public network address and port number, and establish a session to communicate with hosts on the public network.
●Hosts outside NAT cannot actively communicate with hosts inside NAT. Hosts inside NAT If you want to communicate, you must actively communicate with an IP on the public network. The router is responsible for establishing a mapping system to realize data forwarding.

3. The function of NAT

NAT can not only solve the problem of insufficient IP addresses, but also effectively avoid intrusions from outside the network, and hide and protect the computers inside the network.
1. Broadband sharing: This is the biggest function of the NAT host.
2. Security protection: When the PC in the NAT is connected to the Internet, the IP displayed is the public IP of the NAT host, so the PC on the client side has a certain degree of security, and the outside world is performing portscan (port scan) , The PC on the source client side cannot be detected.

4. Advantages and disadvantages of NAT

Advantages: save public legal IP addresses, handle overlapping addresses, enhance flexibility, and security.
Disadvantages: increased delay, complexity of configuration and maintenance, and does not support certain applications (such as VPN)

5. Classification of NAT

5.1 Static NAT

Static NAT realizes one-to-one conversion between private network address and public network address. You need to configure as many public addresses as there are private addresses. Static NAT cannot save public network addresses, but it can hide the internal network.
When the internal network sends a message to the external network, static NAT replaces the source IP address of the message with the corresponding public network address: when the external network sends a response message to the internal network, static NAT replaces the destination address of the message with the corresponding Private network address.
The first type: global configuration static NAT
[R1]nat static global 8.8.8.8 inside 192.168.10.10 (one binding one)
[R1]int g0/0/0
interface connected to the external network
[R1-GigabitEthernet0/0/0]nat static enable
starts the nat static function on the interface

The second method; interface configuration static NAT
[R1]int g0/0/0
external network port
[R1-GigabitEthernet0/0/0] nat static global 8.8.8.8 inside 192.168.17.1

5.2 Dynamic NAT

Dynamic NAT: Multiple private network IP addresses correspond to multiple public network IP addresses, one-to-one mapping based on the address pool
1. Configure the IP address of the external network port and the internal network port

2. Define a legal IP address pool
[R1] nat address-group 1 212.0.0.100 212.0.0.200
Create a new NAT address pool named 1

3. Define the access control list
[R1]acl 2000
[R1-acl-basic-2000] rule permit source 192.168.20.0 0.0.0.255
[R1-acl-basic-2000] rule permit source 11.0.0.0 0.0.0.255 to
create an ACL, Allow data from the network segment of the source address to pass

4. Set up dynamic IP address conversion on the external network port
[R1]int g0/0/0
external network port
[R1-GigabitEthernet0/0/0] nat outbound 2000 address-group 1 no-pat
to convert the data matched by acl2000 into an address pool Address in 1 (no-pat means no port conversion, only IP conversion, the default is pat)

6、PAT

6.1PAT-Port multiplexing

PAT is also called NAPT (Network Address Port Translation), which implements the mapping between a public network address and multiple private network addresses, so it can save public network addresses. The basic principle of PAT is to convert the source IP addresses of packets with different private network addresses to the same public network address, but they are converted to different port numbers of the address, so they can still share the same address.

6.2 The role of PAT

Changing the ip address and port number of the data packet
can save a lot of public network IP addresses.

6.3 Types of PAT

Dynamic PAT, including NAPT and Easy IP (home)
static PAT, including NAT Server (used by the server)

6.3.1
NAPT NAPT: Multiple private network IP addresses correspond to fixed external network IP addresses (such as 200.1.1.10), the configuration method is similar to dynamic NAT
1. Configure the IP addresses of the external network port and the internal network port

2. Define a legal 1P address pool
[R1]nat address-group 1 200.1.1.10 200.1.1.10 ####Use a fixed IP

3. Define the access control list
[R1] acl 2000
#####Allow data with the source address of the 192.168.30.0/24 network segment to pass through
[R1-acl-adv-2000] rule permit source 192.168.30.0 0.0.0.255

4. Set 1P address translation on the external network port
[R1-acl-basic-2000]int g0/0/1 ###External network port
[R1-GigabitEtherneto/o/1]nat outbound 2000 address-group 1

6.3.2 Easy IP
EasyIp: Multiple private network IP addresses correspond to the public network IP address of the
external network port (such as 12.0.0.1) 1. Configure the IP address of the external network port and the internal network port

2. Define a legal 1P address pool.
Because of the direct experiment of the IP address of the external network port, there is no need to define the IP address pool.

3. Define the access control list
[R1]acl 3000##Allow the data whose source address is the network segment 192.168.30.0/24 to pass through
[R1-acl-adv-3000]rule permit ip source 192.168.30.0 0.0.0.255

4. Set 1P address conversion on the external network port
[R1]int go/0/1 ####External network port

[R1-GiqabitEtherneto/0/1] nat outbound 3000 #####When the source IP data matched by ac13000 arrives on this interface, it is converted to the 1P address of the interface as the source address

[R1]display nat session all ###View NAT flow table information

6.3.3
NAT Server NAT Server: port mapping, mapping the private network address port to the public network address, realizing the internal network server for external users to access
[R1]int g0/0/1
[R1-GigabitEtherneto/0/1]nat server protocol tcp global 9.9.9.9 www inside 192.168.10.100 www #### bind the private network server address and the public network address as a pair of NAT mapping binding on the interface connected to the public network

[R1-GigabitEtherneto/0/1]nat server protocol tcp qlobal current-interface 8080 inside 10.1.1.1 www #### Make a pair of NAT mapping binding between the private network server address and the external network interface on the interface connected to the public network

[R1-GiqabitEthernet0/0/1]nat server protocol tcp global current-interface 2121 inside 10.1.1.2 ftp…If the port is 21, you can directly use the keyword "ftp" instead

Enter the external network port
and type nat outbound 2000 under the interface

Guess you like

Origin blog.csdn.net/zhangyuebk/article/details/112479906
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com