IP mapping principle

IP mapping principle

Due to the limited number of public network IP address, many ISPs are using a number of intranet users through the proxy and gateway routing shared a public network IP on the Internet, which limits the users on their own computer set up personal website, to achieve in these users to set up a website, the most critical point is that How to map the intranet IP of multi-user and the IP that they only share the Internet.

Let's start by introducing Nat,nat (Network address translation) is a way to map an IP address domain to another IP address domain technology, thereby providing a transparent route for the terminal host. NAT includes static network address translation, dynamic network address translation, network address and port conversion, dynamic network address and port conversion, port mapping and so on. NAT is often used to convert private address domains to public address domains to address the lack of IP addresses.

After NAT is implemented on the firewall, the internal topological structure of the protected network can be hidden and the security of the network is improved to some extent. If the reverse NAT provides dynamic network address and port conversion function, it can also achieve load balancing functions.

In the TCP/IP protocol, we need to know two kinds of IP addresses, one is the public network IP address that can directly access the Internet, the other is the private IP address that we use most when we build the LAN. such as 192.168.1.2 IP address, this address is a private address, it is not unique in the global network, can be used in any one place in the global network, and the public network IP address in the global network is the only, mainly to identify the role of different networks. 　　In the Internet, it is because of such a public network IP address, our communication can be achieved. However, because the current public network is mainly used IPV4,IP address resources are increasingly depleted, we can not apply to a network in a number of direct communication on the Internet, the public IP address. At this point, we use NAT technology, which converts private addresses in the local area network, such as 192.168.1.2, to IP addresses that can be used on the Internet. To achieve the purpose of accessing the Internet. Currently ADSL is commonly used in the NAT technology of the PAT (port address translation) technology, which maps the internal address to the router WAN port on a global unique public network IP address, At the same time, add a TCP or UDP port number selected by the router to the address.

My computer's IP address is 192.168.1.88, and the router's WAN (WAN) port automatically detects a public network IP address assigned to it by Guangzhou Telecom, such as 121.33.117.131. When my computer is powered on and connected to the router, the router assigns a port number to my connection, such as 1444 assigned to me. When I want to open the page, my computer sends a packet to the router default gateway 192.168.1.1, when this packet arrives at the router, the router will perform the process of dismantling the packet, extracting the header source IP address of the packet 192.168.1.88 : 1444, the router by viewing the NAT table, the packet's head source IP address to 121.33.117.131:1444, and the 56.23.5.2:80 (WWW access port number 80) for the destination address to send packets to the destination network server, the server to make back to the timely To 56.23.5.2:80 as the source IP address, 121.33.117.131:1444 for the destination address packets sent to the router, the router to check the NAT table, find 121.33.117.131:1444 corresponding internal address 192.168.1.88 : 1444, so the packets sent back by the server are delivered to my computer, not to other hosts on the local area network (LAN). Public network server only know the IP address for 121.33.117.131 router in communication with it, do not know that my computer is in communication with it, which is good for the protection of the host in the LAN.

a specific process for requesting and responding:

After the above can be seen, the entire router through DHCP assigned IP to the LAN host (or manually set), however, these IP is intranet IP, can not directly access the extranet. In WAN settings, after using PPPoE for dialing, the ISP returns a dynamic IP address to router, which is used by the LAN host to communicate with the outside world.
NAT is the only way to enable us to share ADSL Internet.
Specific implementation process:


The location and operation of NAT box

When a packet leaves company Router, Nat Box,nat box converts the packet IP source address to the real IP address: 198.60.42.12; typically NAT Box is integrated into the Router.
When the answer packet is sent back (such as an HTTP request Web server reply), and its destination address is 198.60.42.12, how does Nat box know where to use that address and forward it to that host?
The actual implementation of NAT: Nowadays most IP packets carry either TCP NET or UDP net, and both headers contain a 16-bit source port and target port. In TCP, for example, these 16-bit ports indicate where a TCP connection starts and ends.
When a process wants to make a TCP connection to another remote process, it binds to a TCP port that is not already in use by the local machine, which is the source port, telling the TCP code that all incoming packets belonging to this TCP connection should be sent to the process. At the same time, the initiating process provides a target port indicating the process by which the packet is sent to the remote machine. 0~1023 are reserved ports for some well-known services, we are familiar with the 80-port (WEB), 21-Port (FTP).
In this way, each outgoing TCP message contains a source port and a destination port. NAT uses the source port to troubleshoot host mapping problems.

Send grouping: Whenever an outgoing packet enters Nat box, the source address is replaced by a real IP address, and the TCP's source port is replaced by the index value, which points to one of the 65536 table entries in the Address Translation table of NAT box. Nat Box then calculates the checksum of the IP header and TCP headers for the update packet.

Receive grouping: When a packet arrives at the NAT box from the ISP, Nat is extracted from the TCP header into the destination port (that is, send the packet's source port), use it to find the corresponding table entries from the NAT box map, remove the internal IP address and the original TCP port of the table entry, and insert them into the group. The checksum of the IP headers and TCP headers in the update group is then recalculated, and the packet is forwarded to the Intranet, and then the network IP address is used to route normally.


Summary: This type of router features a simple, built-in DHCP server and NAT conversion functionality, but not a routing configuration feature.

Although the internal address can be randomly selected, the following address is usually used: 10.0.0.0~10.255.255.255,172.16.0.0~172.16.255.255,192.168.0.0~192.168.255.255. NAT translates these reserved IP addresses that are not available on the Internet to legitimate IP addresses that can be used on the Internet. The global address, refers to the legitimate IP address, which is assigned by the NIC (Network Information Center) or ISP (Network service provider) address, external representative of one or more internal local addresses, is a globally unified addressable address.