http://www.cnblogs.com/yangwenhai/p/4969663.html
Introduction to NAT Principles
The full English name of NAT is "Network Address Translation", which means "Network Address Translation" in Chinese. It is an IETF (Internet Engineering Task Force, Internet Engineering Task Force) standard that allows a whole organization to appear as a public IP (Internet Protocol) address on the Internet. As the name suggests, it is a technology that translates internal private network addresses (IP addresses) into legitimate network IP addresses. As shown in the figure:
Simply put, NAT is to use the internal address in the internal network of the local area network, and when the internal node wants to communicate with the external network, at the gateway (which can be understood as the exit, for example, like the door of the yard), the internal The address is replaced with a public address, so that it can be used normally on the external public network (internet). NAT can enable multiple computers to share the Internet connection. This function solves the problem of the shortage of public IP addresses. In this way, you can only apply for a legal IP address, and connect the computers in the entire local area network to the Internet. At this time, NAT shields the internal network, all internal network computers are invisible to the public network, and internal network computer users are usually unaware of the existence of NAT. as shown in picture 2. The internal address mentioned here refers to the private IP address assigned to the node in the internal network. This address can only be used in the internal network and cannot be routed (a network technology that can implement different path forwarding). Although the internal addresses can be randomly selected, the following addresses are usually used: 10.0.0.0~10.255.255.255, 172.16.0.0~172.16.255.255, 192.168.0.0~192.168.255.255. NAT translates these reserved IP addresses that cannot be used on the Internet into legitimate IP addresses that can be used on the Internet. The global address refers to a legal IP address. It is an address assigned by a NIC (Network Information Center) or an ISP (Internet Service Provider). It represents one or more internal local addresses to the outside world, and is a globally unified addressable address. address.
NAT functionality is usually integrated into routers, firewalls, ISDN routers, or separate NAT devices. For example, this function has been added to Cisco routers. The network administrator only needs to set the NAT function in the IOS of the router to shield the internal network. Another example is that the firewall maps the internal address 192.168.1.1 of the WEB Server to the external address 202.96.23.11, and external access to the 202.96.23.11 address is actually access to 192.168.1.1. In addition, for small businesses with limited funds, this function can now be achieved through software. Windows 98 SE, Windows 2000 include this feature.
NAT technology type
There are three types of NAT: static NAT (Static NAT), dynamic address NAT (Pooled NAT), network address port translation NAPT (Port-Level NAT).
Among them, static NAT is the simplest and easiest to implement. Each host in the internal network is permanently mapped to a legal address in the external network. On the other hand, dynamic address NAT defines a series of legal addresses in the external network and maps them to the internal network by dynamically assigning them. NAPT maps internal addresses to different ports of an IP address on the external network. According to different needs, the three NAT schemes have their own advantages and disadvantages.
Dynamic address NAT just translates IP addresses. It assigns a temporary external IP address to each internal IP address. It is mainly used for dial-up. Dynamic NAT can also be used for frequent remote connections. When the remote user is connected, the dynamic address NAT will assign him an IP address. When the user disconnects, the IP address will be released and reserved for future use.
NAPT (Network Address Port Translation) is a conversion method that people are familiar with. NAPT is widely used in access equipment, it can hide small and medium-sized networks behind a legitimate IP address. NAPT differs from dynamic address NAT in that it maps internal connections to a separate IP address on the external network and adds a TCP port number selected by the NAT device to that address.
When using NAPT on the Internet, all the different traffic appears to originate from the same IP address. This advantage is very practical in small offices, where multiple connections are connected to the Internet through NAPT by applying an IP address from the ISP. In fact, many SOHO remote access devices support PPP-based dynamic IP addresses. In this way, the ISP does not even need to support NAPT, so that multiple internal IP addresses can share one external IP address to access the Internet. Although this will lead to certain congestion of the channel, considering the cost savings of ISP Internet access and the characteristics of easy management, using NAPT is still worth it.
NAT implementation in virtualbox
要实现NAT,主机一般有两块网卡,一块负责外网连接,一块负责和内部网路连接。但是在我本地台式机只有一块网卡,安装virtualbox后照样能使用NAT,这是为什么呢?
我的宿主机是win7 64位(ip为192.168.52.238),虚拟机为centos7(ip为 10.0.2.15),只有一块网卡,我们将虚拟机的22端口映射到4000端口,这样就可以在宿主机里用通过ssh连接到虚拟机, NAT端口转发设置如下:
设置好了之后,在win7宿主机里使用securecrt登陆虚拟机:
然后在在win7里执行cmd打开控制台,执行 netstat -an -b -p tcp 查看网络连接情况:
可以清楚的看到,virtualbox 程序本身开了两个服务:
1、在win7里启一个监听服务,监听40000端口,接收从宿主机发往虚拟机的请求
2、virtualbox本身有另一个服务将收到的请求转发给虚拟机的22端口,因为从虚拟机的netstat命令可以看出是从一个10.0.2.2的地址连接过来的,所以这里virtualbox本身充当了一个网 卡的作用,virtualbox用启动一个tcp服务进行listen映射的端口,并将数据进行宿主机和虚拟机的转发,逻辑上起到了一个网卡的作用。
3、因为实际起作用的是一个tcp连接,所以原则上只要网络上能连接到宿主机也就能连接到宿主机上的虚拟机,这样与宿主机同一个网段的其他机器也可以通过40000端口访问虚拟机,实际测试也确实是这样。
该博客前半部分的内容引用了:
http://www.emule.org.cn/topic/nat/