Introduction to NAT principle and NAT implementation in VirtualBox

Introduction to NAT principles

Nat English full name is "network address translation", the Chinese meaning is "the net addresses translates", it is an IETF (Internet Engineering Task Force, Internet Engineering Tasks Group) standard, Allows a whole organization to appear on the internet with a public IP (Internet Protocol) address. As the name implies, it is a technology that translates the internal private network address (IP address) into a legitimate network IP address.

In short, Nat is the use of internal addresses in the LAN internal network, and when the internal node to communicate with the external network, the gateway (can be understood as an exit, like a yard door) place, the internal address is replaced by the public address, so that the external public network (the Internet) normal use, NAT allows multiple computers to share an Internet connection, a feature that solves the problem of a shortage of public IP addresses. This way, you can only request a legitimate IP address, the entire local area network computer access to the Internet. At this point, Nat masks the internal network, and all intranet computers are invisible to the public network, and intranet computer users are not usually aware of the existence of Nat. As shown in 2. The internal address mentioned here refers to the private IP address assigned to the node in the internal network, which can only be used within the internal network and cannot be routed (a network technology that can be forwarded in different ways). Although the internal address can be randomly selected, the following address is usually used: 10.0.0.0~10.255.255.255,172.16.0.0~172.16.255.255, 192.168.0.0~192.168.255.255. NAT translates these reserved IP addresses that cannot be used on the Internet into legitimate IP addresses that can be used on the Internet. The global address refers to a legitimate IP address, which is the address assigned by the NIC (Network Information Center) or ISP (Network service provider), which represents one or more internal local addresses, and is a globally unified addressable address.

NAT functionality is typically integrated into routers, firewalls, ISDN routers, or separate NAT devices. For example, the Cisco router has joined this feature, the network administrator only need to set the NAT function in the router's iOS, can realize the shield to the internal network. For example, the firewall maps the internal address of the Web server 192.168.1.1 to the external address 202.96.23.11, and the external access 202.96.23.11 address is actually the access 192.168.1.1. In addition to small businesses with limited funding, this can now be achieved through software. This feature is included in Windows 98 SE, Windows 2000.

NAT technology Type

There are three types of NAT: static NAT, dynamic address Nat (pooled NAT), network address port translation napt (Port-level nat).

Where static NAT is set to be the simplest and easiest to implement, each host in the internal network is permanently mapped to a legitimate address in the external network. While dynamic address NAT defines a series of legal addresses in the external network, the dynamic allocation method is used to map to the internal network. NAPT is the mapping of an internal address to a different port on an IP address of an external network. There are pros and cons to each of the three NAT scenarios, depending on the needs.

Dynamic address Nat is simply a translation of an IP address, which assigns a temporary external IP address to each internal IP address, is primarily used for dialing, and can also be used for frequent remote joins with dynamic Nat. When a remote user joins, the dynamic address Nat is assigned to an IP address that will be released for later use when the user disconnects.

Network address port Conversion NAPT is a very familiar way of transformation. NAPT is commonly used in access devices, which can hide small and medium-sized networks behind a legitimate IP address. Unlike dynamic address NAT, NAPT maps An internal connection to a separate IP address in the external network, adding a TCP port number selected by the NAT device to the address.
When you use NAPT in the Internet, all the different streams appear to originate from the same IP address. This advantage is very useful in small offices, where multiple connections are connected via NAPT to the Internet via an IP address requested from the ISP. In fact, many Soho remote access devices support PPP-based dynamic IP addresses. In this way, the ISP does not even need to support NAPT, you can do more than one internal IP address to share an external IP address on the Internet, although this will cause a certain congestion channel, but considering the savings of ISP internet costs and ease of management characteristics, with NAPT is still very worthwhile.

NAT implementation in VirtualBox

To achieve NAT, the host generally has two network cards, a piece responsible for the external network connection, a piece of responsibility and internal network connection. But I have only one NIC on my local desktop, so I can still use NAT after installing VirtualBox.

My host is Win7 64-bit (IP is 192.168.52.238), the virtual machine is Centos7 (IP is 10.0.2.15), only one network card, we mapped the virtual machine 22 port to 4000 port, so that the host can be used via SSH to connect to the virtual machine, NAT port forwarding settings are as follows:

Once set up, use SECURECRT to log in to the virtual machine in the Win7 host:

Then execute cmd in Win7 Open the console and perform Netstat-an-b-p TCP to view the network connection condition:

It can be clearly seen that the VirtualBox program itself opened two services:

1. Start a listening service in Win7, listen for 40000 ports, and receive requests from the host to the virtual machine

2. VirtualBox itself has another service that forwards the received request to the 22 port of the virtual machine, since the netstat command from the virtual machine can be seen from a 10.0.2.2 address, so here VirtualBox itself acts as a network card, VirtualBox uses a TCP service to initiate a listen-mapped port and forwards the data to host and virtual machines, logically acting as a network card.

3, because the actual function is a TCP connection, so in principle, as long as the network can connect to the host computer can also connect to the host virtual machine, so that the host same network segment of the other machines can also access the virtual machine through 40000 ports, the actual test is true.

The contents of the first half of the blog refer to:

http://www.emule.org.cn/topic/nat/

Introduction to NAT principle and NAT implementation in VirtualBox