With the development of Internet technology, the precious network address allocation to private network has been regarded as a waste of precious virtual real estate. Therefore, the network address translation (NAT) standard appears, that is, to leave some IP addresses for the private network to reuse. This article will tell you in detail how to properly apply the network address translation NAT technology.
I. The definition of NAT technology
Nat English full name is Network address translation, which is called the Network addresses translation, which is an IETF standard that allows an organization to appear on the internet as an address. NAT converts the address of each LAN node to an IP address, and vice versa. It can also be applied to the firewall technology, the individual IP address hidden from the outside world, so that the outside can not directly access the internal network equipment, it also helps the network can exceed the limit of address, reasonable arrangement of the network of public Internet address and private IP address use.
Second, the basic principles and types of NAT technology
1. Basic principles of NAT technology
NAT technology can help to solve the problem of headache IP address shortage, and can make the internal and external network isolation, provide a certain network security. It solves the problem by using an internal address in the internal network and translating the internal address into a legitimate IP address over the Internet using NAT, in particular by replacing the address domain within the IP packet with a legitimate IP address. NAT features are often integrated into routers, firewalls, ISDN routers, or individual NAT devices. The NAT device maintains a state table that maps illegal IP addresses to legitimate IP addresses. Each packet is translated into the correct IP address in the NAT device, and is sent down to the next level, which means that the processor has a certain burden. But for the average network, the burden is negligible.
2, the type of NAT technology
There are three types of NAT (static NAT), dynamic address Nat (pooled NAT), network address port conversion napt (Port-level NAT). One of the simplest and easiest implementations of static NAT is that each host in the internal network is permanently mapped to a legitimate address in the external network. Dynamic address Nat is a series of legal addresses defined in the external network, and the dynamic allocation method is used to map to the internal network. NAPT maps the internal address to a different port on an IP address of the external network. According to different needs, the three NAT schemes have their own advantages and disadvantages.
Dynamic address Nat simply converts an IP address, assigning a temporary external IP address for each internal IP address, mainly for dialing, and dynamic NAT for frequent remote connections. When a remote user joins, the dynamic address Nat is assigned to an IP address, and the IP address is released for later use when the user disconnects.
The network address port conversion napt (Network adress translation) is one of the most familiar conversion methods. NAPT is commonly used in access devices, which can hide small and medium networks behind a legitimate IP address. Unlike a dynamic address NAT, NAPT maps An internal connection to a separate IP address on the external network, plus a TCP port number selected by the NAT device on the address.
When you use NAPT on the Internet, all the different TCP and UDP traffic flows seem to originate from the same IP address. This advantage is very useful in small offices by connecting multiple connections via NAPT to the Internet through an IP address requested from an ISP. In fact, many Soho remote access devices support dynamic IP addresses based on PPP. In this way, the ISP does not even need to support NAPT, you can do multiple internal IP address sharing an external IP address on the Internet, although this will lead to a certain channel congestion, but given the savings of ISP Internet cost and easy management characteristics, with NAPT is still very worthwhile.
Iii. using NAT technology in the Internet
NAT technology allows all the machines in your area network to go out via a server line to the Internet, and only one IP to register that server is enough. Before NAT technology, we had to install SOCKD on the server, and all clients had to support SOCKD to go through the sockd of the server. The biggest problem with this approach is that usually only telnet/ftp/www-browser support SOCKD, other programs are not available, and the use of SOCKD is slightly slower. So we use the Network address translation NAT technology so that the client does not need to make any changes, just need to set the gateway to the server, and all the programs (such as Kali/kahn, etc.) can be used. The simplest NAT device has two network connections: a connection to the Internet, and a connection to a private network. A host that uses private IP addresses (sometimes referred to as Network 10 addresses, and addresses used to leave a dedicated 10.0.0.0 address) on a private network is connected to the Internet by sending packets directly to the NAT device. Unlike ordinary routers, different NAT devices actually modify the header to change the source address of the private network to the Internet address of the NAT device, while the normal router reads the source address and destination address only before forwarding the packet to the destination.