How to implement external (Internet) access to the Proxy Server

Source: kexi Studio

Due to limited public IP addresses, Many ISPs use multiple Intranet users to share the INTERNET with a public IP address through proxy and gateway routing, in this way, these users are restricted from setting up personal websites on their own computers. To implement these websites, the most important thing is, how can I map the Intranet IP addresses of multiple users to the IP address that they only share the Internet! Just like in a LAN or Internet cafe, although you can set up multiple servers and websites, you still have only one external IP address for the Internet, how to map the Internet IP address to the corresponding intranet IP address? This should be the proxy server or Gateway Router on the Intranet, for users who use private IP addresses, that is to say, this is the service that our ISP service provider (China Telecom, China Unicom, China Netcom, China tietong, etc.) should provide, because the implementation of this technology is hard for them, and it is difficult for us to do so first, with the support of the system administrator. Because all these settings must be done on the proxy server.

To achieve this, you can use the port ing function of Windows 2000 Server. In addition, Winroute Pro also has this function and various enterprise-level firewalls. For common users like us, it is most convenient to use Windows 2000 Server.

NAT (Network Address Translation) is a technology that maps an IP address domain to another IP address domain to provide transparent routing for the terminal host. NAT includes static network address translation, dynamic network address translation, network address and port translation, dynamic network address and port conversion, and port ing. NAT is often used to convert private and public address domains to solve the problem of insufficient IP addresses. After NAT is implemented on the firewall, the internal topology of the protected network can be hidden to improve the security of the network to a certain extent. If reverse NAT provides dynamic network address and port conversion, it can also implement load balancing and other functions.

The port ing function allows a machine in the internal network to provide WWW services to external hosts. This does not directly transfer the real IP address to the host that provides the WWW Service internally. If so, there are two terminals. One is that the internal machine is not secure, because apart from WWW, the external network can access all the functions of this machine through the address translation function; second, when multiple machines need to provide such services, there must be the same number of IP addresses for conversion, so as to achieve the purpose of saving IP addresses. The port ing function maps the fake IP addresses of a host into a real IP address. When a user accesses a port that provides the mapped port host, the server forwards requests to a host that provides such a specific service; the port ing function can also map multiple ports of a real IP address machine to different ports on different internal machines. The port ing function can also complete some specific proxy functions, such as proxy POP, SMTP, TELNET, and other protocols. Theoretically, more than 60 thousand port ing can be provided. I am afraid we will never end up using it.

I. The following describes how to implement port ing through NAT shared Internet access and NAT.
1. on Windows 2000 Server, go to the "Routing and Remote Access" (Routing and Remote Access) service from the management tool and right-click the Server, -"configure and enable Routing and Remote Access"
 

2. Click "Next"
3. Select "Internet connection server" to allow Intranet hosts to access the Internet through this server.
 

(It is best to configure NAT sharing so that the Intranet host can access the Internet normally. Otherwise, configuring NAT sharing After configuring port ing will be a little troublesome. Otherwise, NAT cannot be shared .)
4. Select "vro with Network Address Translation (NAT) routing protocol", and do not select "Set Internet Connection Sharing (ICS )". (the difference between ICS and NAT is that it is easy to use. To enable ICS, you only need to select a check box. To enable NAT, you need more configuration tasks, in addition, ICS is used on small networks because it requires a fixed IP address range for internal hosts and communication with external networks, it is restricted to a single public IP address; it only allows a single internal network interface .)
 

5. Let's talk about my network conditions here:
Internet connection 192.200.200.3 (it is also an internal address, no way, tietong's network is not good, the network speed is not fast, the price is expensive, my life is really bitter)
The dormitory is connected to 192.168.0.1 (the dormitory is connected to a LAN with a total of four computers, one of which is a Web server installed with Sambar 5.1b5, and the Web port is 80, access the web page on 192.168.0.2: 80 from the Internet (replaced by 192.200.200.55)

IIS 5.0 is enabled on this NAT host and port is 80. port 8081 is mapped to port 80 of the internal host 192.168.0.2 by port ing.

6. In the "route and Remote Access Server Installation Wizard", select "Internet connection" (that is, the connection to the Internet) and click "Next ".

7. Select "finish"
So far, the NAT sharing settings have been completed, and internal hosts can also access the internet. The network settings of the internal host are as follows:

The IP address range is 912.168.0.2 ~ 192.168.0.254, The subnet mask is 255.255.255.0, the gateway is 192.168.0.1, And the DNS is the IP address given by the ISP. what we get is 211.98.xxx.xxx


2. Use NAT to map ports
1. Add the NAT protocol. Right-click "General",-"New Route Selection protocol"
 

2. Select "Network Address Translation (NAT)" in "New Route Selection protocol" and click "OK"

3. In this way, an additional "Network Address Translation (NAT)" option is added to "IP Route Selection )"
4. Right-click "Network Address Translation (NAT)" and add "New Interface"
 

5. Select "Internet connection" (that is, the connection to the Internet) in "New Interface for Network Address Translation (NAT)
 

6. In "Network Address Translation-Internet Connection Properties", select "connect public interface to the Internet" and check "Switch TCP/UDP header (recommended )"

7. In the "address pool" Option List, add the starting address and ending address that you need to provide port redirection. (that is, you need to take out all the IP addresses for port ing. In general, we only have one IP address, so you don't need to talk about the difference between the "address pool.

Assume that there are eight addresses and the settings are as follows:
 

After the addition, it is like this:
 

8. In the "special port" Option List, provide the data connection protocol (TCP or UDP protocol, for example, Web and FTP are TCP Protocols) You need to direct. After selecting the protocol, click "add"

9. "add special port". This is the core of port ing. You can set the port on which the NAT host is mapped to the Intranet host, because there is an "address pool", you can add any address in the "address pool" in "Public Address". Here, "192.200.200.3" is added, that is

It is my address. If you have not set an address pool before, on this option page