The principle of Internet sharing in LAN

In the implementation of LAN sharing, whether through hardware devices such as routers to the Internet, or with Windows Internet Connection Sharing, or using gateway software, Proxy Server software and other Internet, they are the same principle.

The TCP/IP protocol provides for three types of LAN reserved IP addresses, these three address segments are: 10.x.x.x, 172.16. x.x, 192.168. x.x (x between 0~255, note that the network number part cannot be full 0 or all 1) when it is actually available. These IP addresses can be used within a local area network, but it is obviously not feasible to connect to the Internet directly with such an intranet address.

To this end, when the internal machine connected with the external machine, it is necessary to first through a legitimate extranet address of the host to the IP address of the network into a legitimate extranet IP address, this is the Net address translation (network addresses translation), referred to as Nat.

Using NAT technology allows one or more legitimate IP addresses to access the Internet, which saves legitimate IP addresses on the Internet, and, on the other hand, can hide the real IP address of an intranet host through address translation, thereby improving the security of the network.

For example, a computer or device connected to the extranet, through fixed or dynamic access to a legitimate IP address, such as 219.254.38.180, it also needs to have a network internal address such as 192.168.0.1, used to act as a gateway to other computers. If a computer inside the LAN IP address is 192.168.0.2:4000 (4000 is its port number), want to access a host on the Internet, 192.168.0.2:4000 request to the host 192.168.0.1, the host to convert this IP address to 219.254.3 8.18:9,000. Then the request is made to that host on the Internet with the IP address of port number 9000, The response data stream is passed back to the host 219.254.38.180:9000, the host receives the data, it looks for the internal IP address associated with the 9000 port number, and when it finds out that it is 192.168.0.2:4000, it passes the data to the 192.168.0.2:4000, so that the IP address conversion is done.

From the above process can be seen, if it is a computer to act as a gateway, intranet, extranet two addresses will need two network cards, respectively, connected intranet and extranet. But in fact, when this computer is connected to the extranet through a switch or router, it does not necessarily have to be a dual NIC, but a single NIC can also implement a gateway. This needs to use the Gateway class software single card functions (such as sygate, etc.), they will be virtual out of a network card to connect and act as a gateway. However, the actual data flow or from a network card through the network card load is larger.