One, NAT
★ What is NAT
Network Address Translation (NAT, Network Address Translation) is a access to wide area network (WAN) technology, is a kind of private (reserved) address into a lawful the I P address conversion technology, which is widely used in various types of Internet access And various types of networks. The main reason is that NAT technology replaces most private IP addresses with a small number of shared IP addresses, which can help alleviate the problem of insufficient IP addresses; at the same time, it can effectively avoid attacks from outside the network, and hide and protect the internal network. computer.
★ Classification
According to different address translation technologies, NAT can be divided into three types: static NAT (Static NAT), dynamic address NAT (Pooled NAT), network address port translation NAPT (Port-Level NAT).
★ Principle
☆ Address conversion
The basic working principle of NAT is that when the IP packet communicating between the private network host and the public network host passes through the NAT gateway, the source IP or destination IP in the IP packet is converted between the private IP and the public IP of the NAT. The NAT server has internal and external network cards, and only when data needs to be transmitted between the internal and external networks, the address translation is performed. A state table is maintained on the NAT server, called the NAT table.
☆ Connection tracking
In the above process, after receiving the response packet, the NAT Gateway needs to determine to whom to forward the data packet. At this time, if there are only a few clients in the subnet, static NAT can be used to manually specify; but if there are multiple clients in the intranet and they each access different websites, connection track is required at this time.
☆ Port conversion
Taking the above client accessing the server as an example, when there is only one client accessing the server, the NAT Gateway only needs to change the source IP or destination IP of the data packet to communicate normally. But if Client A and Client B access the Web Server at the same time, when the NAT Gateway receives the response packet, it cannot determine which client to forward the data packet to.
Second, the proxy server
★ What is a proxy server
Proxy, also known as network proxy, is a special network service that allows a network terminal (usually a client) to make an indirect connection with another network terminal (usually a server) through this service. Some network devices such as gateways and routers have network proxy functions. It is generally believed that proxy services are helpful to protect the privacy or security of network terminals and prevent attacks.
Computer systems or other types of network terminals that provide proxy services are called Proxy Servers. A complete proxy request process is: the client first establishes a connection with the proxy server, and then, according to the proxy protocol used by the proxy server, requests to establish a connection to the target server or obtain the specified resources (such as files) of the target server. In the latter case, the proxy server may download the resources of the target server to the local cache. If the resource to be obtained by the client is in the cache of the proxy server, the proxy server will not send a request to the target server, but directly Return the cached resources. Some proxy protocols allow the proxy server to change the original request of the client and the original response of the target server to meet the needs of the proxy protocol. Proxy server options and settings are usually included in computer programs, including a "firewall" that allows users to enter proxy addresses, which will cover their network activities and allow network access by bypassing Internet filtering.
★ Principle
When the client has set up the proxy server in the browser, all requests for accessing Internet sites using the browser will not be directly sent to the destination host, but first sent to the proxy server. After the proxy server receives the client's request, the proxy server will be sent to the proxy server. The server sends a request to the destination host, and receives the data returned by the destination host, stores it on the hard disk of the proxy server, and then the proxy server forwards the data requested by the client to the client.
☆当客户端A对web服务器请求时,此端提出请求时,此请求会首先发送到代理服务器.;
☆代理服务器接收到客户端请求后,会检查缓存中是否存有客户端所需要的数据;
☆如果代理服务器没有客户端A所请求的数据,它将会向WEB器提交请求;
☆WEB服务器响应请求的数据;
☆代理服务器向客户端A转发Web服务器的数据;
☆客户端B访问web服务器,向代理服务器发出请求;
☆代理服务器查找缓存记录,确认已经存在WEB服务器的相关数据;
☆代理服务器直接回应查询的信息,而不需要再去服务器进行查询,从而达到节约网络流量和提高访问的速度目的。
★常见的代理服务器及特点
☆HTTP代理
www连接请求就是采用的http协议,所以我们在浏览网页,下载数据时就是用http代理。它通常绑定在代理服务器的80、3128、8080等端口上。
☆Socks代理
采用socks协议的代理服务器是SOCKS服务器。Socks 代理与应用层代理、HTTP层代理不同,Socks 代理只是简单地传递数据包,而不必关心是何种应用协议。所以,Socks比其他应用层代理要快得多。它通常绑定在代理服务器的1080端口上。
在实际应用中SOCKS代理可以用作为:电子邮件、新闻组软件、网络传呼ICQ、网络聊天MIRC和使用代理服务器上联众打游戏等等各种游戏应用软件当中。
☆VPN代理
指在共用网络上建立专用网络的技术。称之为虚拟网的主要是整个VPN网络的任意两个结点之间的连接并没有传统专网建设所需的点到点的物理链路,而是架构在公用网络服务商ISP所提供的网络平台之上的逻辑网络。用户的数据是通过ISP在公共网络(Internet)中建立的逻辑隧道(Tunnel),即点到点的虚拟专线进行传输的。通过相应的加密和认证技术来保证用户内部网络在公网上安全传输,从而真正实现网络数据的专有性。
☆反向代理
反向代理服务器架设在服务器端,通过缓冲经常被请求的页面来缓解服务器的工作量。
☆其它
FTP代理:能够代理客户机上的FTP软件访问FTP服务器
RTSP代理:代理客户机上的Realplayer访问Real流媒体服务器
POP3代理:代理客户机上的邮件软件用POP3方式收发邮件