Network Address Translation, is to replace the address in the IP packet header. NAT typically deployed in a network organization outlet position, and provides public network reachability upper layer protocols by replacing the IP address of the internal network IP address connectivity outlet
It specifies three paragraphs reserved Address: 10.0.0.0-10.255.255.255; 172.16.0.0-172.31.255.255; 192.168.0.0-192.168.255.255
That private internal network address = IP address
For Internet access needs of the internal network and the use of private addresses, it is necessary to deploy NAT gateways in the export position of the tissue, when the message leaves the private network into the Internet, will replace the source IP address for the public network, usually the export of equipment interfaces address. An external access request after reaching the target, the performance by the Organization initiated the export of equipment, and therefore requested a response from the server can be exported back to Internet gateway. Gateway then export destination IP address of the source host address private network, back inside.
Figure
We generally use private ip as host identity within the LAN, ip communication on the Internet as a logo using the public network
Network is divided into two parts private network and public network, NAT gateway setting in the private network to the public network routing exit position, two-way traffic must go through the NAT gateway
network access can only be initiated first by the private network side, the public can not take the initiative access to the private host;
NAT gateway access is completed in both directions two address conversion or translation, the direction, to be replaced source information, the direction information of the replacement object done;
the presence of NAT gateway remains transparent communication parties;
NAT gateway in order to achieve a two-way translation function, it is necessary to maintain an association table, the saved information session
Static NAT:
If an internal host occupies a unique public IP, this way is known as one model. In this embodiment, the upper layer protocol conversion is unnecessary as a public IP network can be uniquely corresponds to an internal host. Obviously, this approach does not make much sense to save public network IP, mainly in order to achieve some special networking requirements. For example the user wishes to hide the true internal IP host, or two overlapping IP addresses for communication networks.
Dynamic NAT:
It can be unregistered IP addresses are mapped to an address registered IP address pool. Unlike using static NAT so that you do not need to statically configure the router so that it maps each internal address to an external address, but there must be sufficient public Internet IP address, allowing the host to connect to the Internet can send and receive packets simultaneously
Dynamic NAT was in NAT Overload
Mapping multiple private address to a public network ip ip address (many) with the source port.
Also referred to as a port address Laid transducer (PAT). By using PAT (NAT overloading), just use a public network ip address, thousands of users can connect to the Internet. Its core is that the use of the port numbers to achieve the conversion of public and private networks.
At this time, the city is no longer so simple conversion ip address, because when multiple hosts appear to access the server, the information returned is not sufficient to distinguish the response should be forwarded to which internal hosts
at this time
NAT apparatus according to the transport layer information to distinguish between upper-layer protocols or other different sessions, and may want to identify the upper layer protocol conversion, such as TCP or UDP port numbers. Such NAT gateway can be connected to different internal access ports mapped to different transport layers of the same public IP, public IP realize multiplexing and demultiplexing in this way.
note:
172.18.250.6 client and server communications Baidu 202.108.22.5, 172.18.250.6 when transmission data is first converted to 219.155.6.240:1723 (arbitrary> random port 1024), and then use this data to the identity of the sender Baidu server, then Baidu server response data is sent to the gateway 219.155.6.240:1723,NAT check their association table, realize that this is their own private network packet to 172.18.250.6, and then sends this data to the client
In other words, we use the port number of the uniqueness of this step is to achieve a public network ip ip is converted to a private network. PAT (NAT overloading) the transport layer port numbers can be used to identify the host, and therefore, in theory, allows up to about 65,000 hosts share one public IP address.