Proxy server and network address translation NAT

One. Proxy Server

1. Basic concepts of Proxy Server

Proxy Server is a transit point of network information, which is simply the agent between personal network and Internet service provider, which is responsible for forwarding legitimate network information and controlling and registering the forwarding.

When using a Web browser to browse the network information, if you use a proxy server, the browser is not directly to the Web server to retrieve the Web page, but instead makes a request to the proxy server, the proxy server to retrieve the information required by the browser.

The current use of the Internet is a typical client/server structure, when the user's local computer with the Internet connection through the local computer client program such as a browser or software download tool to make requests, the remote server will receive the request after the corresponding service.

2. The role of the agent

The proxy server is between the client and the server, for the remote server, the proxy server is the client, it presents various service requests to the server, for the client, the proxy server is the server, he provides the corresponding service to the client. That is, the client's request to access the Internet is not directly to the remote server, but to the proxy server, the proxy server, the prime Minister of the remote server to make the corresponding request, receive the data provided by the remote server and save to their hard disk, and then use the data to provide the client with the corresponding services.

Proxy Server

(Proxy

Server)

Is the intermediary agency between the personal network and the Internet service provider, which is responsible for forwarding legitimate

Network information, and to control and register the forwarding

3. Benefits of using the Service Broker

For customers who use a proxy server:

1> can speed up the browsing of the network: the proxy server accepts data from the remote service and saves it on its own hard disk. If many people use this proxy server at the same time, all of their requests to the Internet site will go through this proxy server. When someone has visited a site, the content of the site is saved to the proxy server hard disk. The next time someone accesses it, it gets directly from the proxy server without connecting to the remote server again. Therefore, you can save bandwidth and improve access speed.

2> saves IP overhead: When using a proxy server, all users use only one IP, so there is no need to lease too many IP addresses and reduce network maintenance costs.

3> can be used as a firewall: Proxy server can protect the security of local area network, it appears that only proxy server is visible, other local area network users are invisible. The proxy server is a barrier to the security of the local area network. In addition, through the proxy server, the user can make IP address filtering settings. Restrict external access to the intranet. The same proxy server can also be used to restrict the blocking of IP addresses and prevent users from accessing certain Web pages.

4> user-friendly management: through which users can set user authentication and user accounting. Users are not authorized to access the Internet through a proxy server when they are billed. And the user's access time, access to the location, information flow statistics.

5> can improve access speed: Usually the proxy server is set up a large hard disk buffer, when the outside information through, save it to the buffer, when other users access the same information, directly from the buffer to improve access speed.

Two. Network Address translation NAT

1. About Network Address translation NAT

Network address translation Nat was proposed in 1994, which requires the installation of NAT software on routers connected to the Internet by private networks. A router with NAT software is called a NAT router, and he has at least one valid external global IP address so that all hosts using local addresses can communicate with the outside world by translating their local addresses into global IP addresses on the NAT router to connect to the Internet.

2. How network address Translation works

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/80/12/wKioL1c20bHhkeWMAANvdhjTi_0819.png "title=" network. PNG "width=" "height=" 259 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:600PX;HEIGHT:259PX; "alt=" Wkiol1c20bhhkewmaanvdhjti_0819.png "/>

In the figure, the IP addresses of all hosts in the private network 192.168.0.0 are local IP address 192.168.x.x. The NAT router in the figure has a global IP address of 172.38.1.5.

The 1> NAT router receives an IP datagram from host a dedicated internal to Internet Host B: The source IP address is 192.168.0.3 and the destination IP address is 213.18.2.4.

The 2> NAT router translates the IP datagram's source IP address into a new source IP address (that is, the NAT router's global IP address) and forwards it to B.

3> Host B receives an IP datagram and sends a reply to a, It is not known that A's private address is 192.168.0.3, but rather to Nat route, Nat Route received B sent to the number of time, in the IP address translation, through the NAT address translation table can be sent to the IP address of 192.168.0.3 host.

3. Network Address translation function

NAT can not only solve the problem of insufficient LP address, but also can effectively avoid attacks from outside the network, hiding and protecting the computer inside the network.

1> Broadband Sharing: This is the largest feature of the NAT host.

2> security: When the PC in NAT is online to the Internet, the IP that he displays is the public IP of the NAT host, so the PC of the client side has a certain degree of security, while the outside world is in the Portscan (port scan), it detects To the source client side of the PC.

4. Network Address Translation NAT implementation method

There are three ways to implement NAT, namely static translation of the statically NAT, dynamic translation of the dynamically Nat, and Port multiplexing overload.

Static Conversion refers to the conversion of the private IP address of the internal network to a public IP address, the IP address pair is one-to-one, is immutable, a private IP address is only converted to a public IP address. With static transformations, external networks can access certain devices (such as servers) in the internal network.

dynamic conversion When the private IP address of the internal network is converted to a public IP address, the IP address is indeterminate and random, and all private IP addresses that are authorized to access the Internet can be randomly converted to any of the specified legitimate IP addresses. That is, you can convert dynamically whenever you specify which internal addresses can be converted, and which legal addresses are used as external addresses. Dynamic transformations can use multiple legitimate sets of external addresses. When isp

Port Multiplexing ( Port Address Translation,pat) refers to the change of an out-of-Office packet source port address translation host You can share a legitimate external IP address to access the Internet, thereby minimizing IP address resources. At the same time, you can hide all the host

And most proxy servers have buffering capabilities,

It's like a

A big

Cache

, it keeps the newly acquired data packet on its native storage, if the data requested by the browser is in its native

already exists and is up-to-date on the memory

Then it will not be re-

Web

Server fetch data,

And the number on the memory directly

To the user's browser, which can significantly improve browsing speed and efficiency. Besides, there are

SOCKS

Proxy Server, which

The principle is similar.

This article is from the "Output Diamond pattern" blog, so be sure to keep this source http://10541571.blog.51cto.com/10531571/1773328

Proxy server and network address translation NAT