Proxy Server and NAT technology

One. NAT

1. Why NAT is required

   When some hosts inside the private network have already been assigned local IP addresses (that is, private addresses that are used only in this private network), but now want to communicate with the host on the Internet (do not need encryption), you can use the NAT method

   
   

2. What is NAT?
   

   This approach requires the installation of NAT software on a router that has a private network connected to the Internet. A router with NAT software is called a NAT router, and it has at least one valid external global IP address. In this way, all hosts that use local addresses will be able to connect to the Internet by translating their local addresses into global IP addresses on the NAT router when communicating with the outside world.

   
   

3. Advantage
   

   (1). This way of representing more private IP addresses by using a small number of public IP addresses will help to slow down the exhaustion of the available IP address space.

   (2). Effectively avoid attacks from outside the network, hiding and protecting computers inside the network.

   A. Broadband sharing: This is the largest feature of the NAT host.

   B. Security: When a PC in NAT is online to the Internet, the IP that he displays is the public IP of the NAT host, so the client PC is of course secure, and the source CLI is not detected when the Portscan (port scan) is in progress ENT side of the PC.

   
   

4. How NAT works
   

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/80/2C/wKiom1c5y66QnYfEAADB3u3UWFI740.png "title=" none. png " alt= "Wkiom1c5y66qnyfeaadb3u3uwfi740.png"/> (1) NAT works on the network layer and Transport layer

(2) forwarding the address after the packet has been transferred

(3) Nat network address translation is bidirectional

5. Intranet-to-extranet NAT application

(1) Shared IP address and network connection, so that the intranet share a public network address to Internet access

(2) To protect the network security, by hiding the intranet IP address, so that hackers can not directly attack the intranet

6. Port mapping

(1) Nat from extranet to intranet

(2) Map the public IP address and port number to the private IP and port number of the intranet server

Two. Proxy Server

1. Concept

(1) Proxy: Also known as the network Agent, is a special network services, allowing a network terminal (typically a client) through this service and another network terminal (generally for the server) for non-direct connection. Some network devices such as gateways and routers have network proxy functions. It is generally considered that proxy services are helpful to protect the privacy or security of network terminals and prevent attacks.

(2) Proxy Server: A computer system or other type of network terminal that provides proxy services is called a proxy server.

(3) A complete proxy request process is: The client first creates a connection with the proxy server, and then requests a connection to the target server, or a specified resource (such as a file) for the target server, based on the proxy protocol used by the proxy server. In the latter case, the proxy server may download the resources of the target server to the local cache, and if the client is to obtain resources in the proxy server cache, the proxy server does not send requests to the target server, but instead returns the cached resources directly. Some proxy protocols allow the proxy server to change the client's original request and the original response of the target server to meet the requirements of the proxy protocol. Proxy server options and settings in a computer program, usually including a "firewall" that allows users to enter proxy addresses, which can obscure their network activity and allow network access bypassing Internet filtering.

2. Working principle

(1) Working in the application layer

(2) All data transfer between two networks is forwarded and controlled by the proxy server.

(3) Most proxy servers support only some applications

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/80/29/wKioL1c5zzWxU6PWAAF1TRy4fnw639.png "title=" 1.PNG " alt= "Wkiol1c5zzwxu6pwaaf1try4fnw639.png"/>

3. Proxy Server function: Proxy network users to obtain network information. The image says: It is the intermediary of the network information. The proxy server is like a large cache, which can significantly improve browsing speed and efficiency. More importantly: Proxy server (proxy) is an important security feature provided by Internet link-level gateways, and the main functions are:

2. (1). Breach of its own IP access restrictions, access to foreign sites. Education Network, the past 169 nets, etc.

4. (2). Network users can access foreign websites by proxy.

6. (3). Access to some units or groups of internal resources, such as a university FTP (provided that the proxy address within the permitted access to the resources), the use of the Education Network Address section free proxy server, you can be used to open the education network of various types of FTP download upload, as well as various types of information query sharing services.

8. (4). Break through China Telecom's IP blockade: China Telecom users have a lot of websites are restricted access, this restriction is artificial, different serve on the address of the blockade is different. Therefore, you can change a foreign proxy server to try.

10. (5). Improve access speed: Usually the proxy server is set up a large hard disk buffer, when the outside information through, but also save it to the buffer, when other users access the same information, the buffer is directly removed from the information, passed to the user, to improve access speed.

12. (6). Hide Real IP: Internet users can also hide their IP from attack by this method.

4. Agent classification: HTTP proxy, reverse proxy, socks agent, VPN agent, other agent.

Reverse Proxy

(1) Provide proxy services for extranet users to access intranet

(2) typically used only to publish intranet Web servers

(3) acting as a web buffering server to reduce the actual Web server load

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/80/2C/wKiom1c5z5fTK4oMAAEhQ7liLz4079.png "title=" 1.PNG " alt= "Wkiom1c5z5ftk4omaaehq7lilz4079.png"/>

Proxy Server and NAT technology