Routing NAT (Introduction, Static NAT, Dynamic NAT, NATServer, NAPT, Easy-ip, NAT address mapping table)

Mobile 2023-08-06 16:33:32 views: null

4.1.0 Routing NAT (Introduction, Static NAT, Dynamic NAT, NATServer, NAPT, Easy-ip, NAT address mapping table)

Table of contents

Introduction

In order to effectively save public network IPv4 addresses and provide certain network security capabilities, NAT network address translation technology was born.

NAT (Network Address Translation) mainly converts private addresses into public addresses .

Advantages of NAT :

  • It can alleviate the shortage of public network addresses.
  • Solve the problem of IP address space conflict or overlap.
  • Network scalability is higher and local control is easier.
  • Intranet structures become invisible, increasing security.

NAT disadvantages :

  • Because of the address mapping, there will be a problem of forwarding delay when there are too many network translations.
  • End-to-end addressing becomes difficult, because after NAT address translation is equivalent to changing the face, it is difficult to find someone.
  • For some applications, NAT cannot be supported.
  • The entries generated by NAT will occupy the memory space of the device.
  • The performance requirements of devices performing NAT address translation are high.

NAT address mapping table

There are mainly four address information, and the address translation core of NAT is in these four addresses.

内部本地地址(Inside Local)——本地私网地址

内部全局地址(Inside Global)——私网转换成的公网地址

外部本地地址(Outside Local)——公网转换成的私网地址

外部全局地址(Outside Global)——外部公网地址

In order to facilitate understanding, the corresponding addresses are corresponded through the following two experiments:

insert image description here

# 内网1中的PC1访问外网202.1.2.2的时候,转换成外网接口地址。
由于ENSP中使用dis nat mapping table all 查看地址映射表会卡顿甚至无法使用,所以用文字进行表示:
【AR1映射表】
内部本地地址:192.168.1.10:随机端口
内部全局地址:202.1.2.1:随机端口
外部本地地址:202.1.2.2:随机端口 or 空 【因为对于AR1来说,AR2内网地址是不知道的,所以可为空】
外部全局地址:202.1.2.2:随机端口
【AR2映射表】
内部本地地址:192.168.2.10:随机端口
内部全局地址:202.1.2.2:随机端口
外部本地地址:202.1.2.1:随机端口 or 空
外部全局地址:202.1.2.1:随机端口

# AR2上将Server1中的80端口 映射成公网地址202.1.2.1:80,实现内网1的PC访问202.1.2.2:80时能够访问到Server1的网页。

【AR1映射表】
内部本地地址:192.168.1.10:随机端口
内部全局地址:202.1.2.1:随机端口
外部本地地址:202.1.2.2:80 or 空
外部全局地址:202.1.2.2:80
【AR2映射表】
内部本地地址:192.168.2.10:80
内部全局地址:202.1.2.2:80
外部本地地址:202.1.2.1:随机端口 or 空
外部全局地址:202.1.2.1:随机端口

Static NAT

Introduction

One-to-one mapping between private address and public network address, regardless of whether the host is online or not, the address mapping still exists.

The two-way access between internal and external networks can be realized, because the mapping table in static NAT is fixed.

Static NAT can 私网地址映射成公网地址and can be achieved 公网地址映射成私网地址.

This NAT mode is a waste of public network addresses, and can only realize the mapping between a private network and a public network address.

Operation case

Configuring static NAT will perform one-to-one mapping between public network address and private network address, that is, public network address=private network address , private network address=public network address .

insert image description here

AR1:
interface GigabitEthernet0/0/0
 ip address 202.1.2.1 255.255.255.0 
 nat static global 202.1.2.10 inside 192.168.1.10 netmask 255.255.255.255
 nat static enable


AR2:
interface GigabitEthernet0/0/0
 ip address 202.1.2.2 255.255.255.0 
 nat static global 202.1.2.20 inside 192.168.2.10 netmask 255.255.255.255
 nat static enable
 
现象:
Client1可以通过202.1.2.20访问Server1的服务
Server1可以通过访问202.1.2.10访问到Client1

Dynamic NAT

Introduction

To avoid address waste, create an address pool. When the private network address needs to access the external network, an address is taken from the address pool and is temporarily mapped one-to-one with the private address.

When the internal host accesses the external network, the address is marked as In Use, and the reclaimed address is marked as Not Use when not in use.

This NAT mode cannot realize two-way access between internal and external networks, because the mapping table in dynamic NAT changes dynamically.

And when the demand for access is high, some users may not be able to obtain a public network address to access the external network due to insufficient address pool supply.

Operation case

There is a bug when configuring dynamic NAT in ENSP.

Private network client access will directly consume all external network addresses (even if there are many public network addresses in the address pool, a private network device will be used up by itself)

insert image description here

AR1:
# 创建地址池0
[AR1]nat address-group 0 202.1.2.5 202.1.2.7

# 创建匹配列表,当识别为内网1主机时才进行NAT地址转换
[AR1]acl 2000
[AR1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255

# 配置动态NAT,设置匹配列表,设置地址池0,no-pat表示不进行端口转换(否则就是NAPT模式了)
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]nat outbound 2000 address-group 0 no-pat

NAT Server

Introduction

Realize that the internal network server is accessed by external network users, and perform a port mapping operation between the private network address and the external network address .

For example: Make a mapping between the internal network 192.168.2.10:80 and the external network address 202.1.2.2:80, when other hosts on the external network access 202.1.2.2:80, they will access the internal network 192.168.2.10:80 server

Operation case

insert image description here

AR1:
interface GigabitEthernet0/0/0
 ip address 202.1.2.1 255.255.255.0 
 nat static global 202.1.2.5 inside 192.168.1.10 netmask 255.255.255.255
 nat static enable

AR2:
interface GigabitEthernet0/0/0
 ip address 202.1.2.2 255.255.255.0 
 # 将192.168.2.10:80与当前接口的8888端口映射
 nat server protocol tcp global current-interface 8888 inside 192.168.2.10 www

insert image description here

NPT

Introduction

Similar to dynamic NAT , the difference is that when a private network address accesses the external network, it is converted into a public network address for 随机端口access.

For example: 192.168.1.1 uses 202.1.2.5:12345 in the address pool to exchange visits with other addresses on the external network when accessing the external network.

Operation case

insert image description here

AR1:
# 创建地址池0
[AR1]nat address-group 0 202.1.2.5 202.1.2.7

# 创建匹配列表,当识别为内网1主机时才进行NAT地址转换
[AR1]acl 2000
[AR1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255

# 配置NAPT,设置匹配列表,设置地址池0,不添加no-pat则为NAPT模式
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]nat outbound 2000 address-group 0

Easy-ip

Introduction

Converting the private network address to a random port of the public network interface is a common way for small networks to access the external network from the internal network.

Operation case

insert image description here

AR1:
[AR1]acl 2000
[AR1-acl-basic-2000]rule permit source 192.168.1.10 0 
[AR1-acl-basic-2000]q
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]nat outbound 2000 

AR2:
interface GigabitEthernet0/0/0
 ip address 202.1.2.2 255.255.255.0 
 nat server protocol tcp global current-interface 8888 inside 192.168.2.10 www
#

Guess you like

Origin blog.csdn.net/qq_45443704/article/details/128514964
NAT
Recommended
Ranking
Linux关机和重启详解(shutdown、halt、poweroff、reboot、init)
Netty work notes 0007---NIO's three core component relationships
Knife4j tutorial
2021.10.29,内容:什么时候用接口和抽象类
How to solve the problem that changing the memory frequency causes the computer to become unusable?
SpringMVC Tutorial - Controller
linux learning skills -Linux 25 transport Vega paid special privileges and facl extension
Financial quarterly report evaluation report data automatic generation 1.0
Agile Development Series - The Values of Agile Development
scrapy achieve browsercookie Middleware
Daily
More
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)

Code World

© 2018 codetd.com