Intranet port ing (peanut shell)

Answers to questions about how to create a server.

I. Role of peanut shells

First, let's take a look at the role of the peanut shell. Because the IP addresses obtained by ADSL dial-up access are different each time, the role of the peanut shell is to facilitate user access to our server (you only need to enter the domain name ), instead of entering an IP address every time (because it is impossible for us to tell the user what the current server IP address is after dialing the Internet again ).

For example, if our peanut shell passport has a domain name www.oray.net, you only need to use the passport to log on to the peanut shell client on your computer. When someone else enters www.oray.net, the public IP address of the network on which the computer is located is automatically resolved.

That is to say, the specific server needs to be configured by ourselves. Different ways of accessing the Internet have different ways of establishing a server. The following describes how to establish two common ways of accessing the Internet. (The main difference between the two Internet access methods is whether the computer used for the server can obtain the public IP address ).

2. ADSL direct dial-up Internet access (without passing through routers and other routing devices)

If you use ADSL modem to directly access the Internet through ADSL dial-up, your computer obtains the public IP address.
You can refer to the article here to build the server: http://www.oray.net/Help/Samples/Help_Samples.htm directly.

3. Share the Internet through a vro (in the LAN)

If you use a vro to access the Internet, you need to perform port ing on the vro to allow Internet computers to access your server.

Background:

1. What is a private IP address (intranet IP address )?

Private addresses, which are widely used in enterprise internal networks. Some broadband routers often use 192.168.1.1 as the default address. The private network may use random IP addresses because it is not interconnected with external networks. The reserved group address is used to avoid address confusion when accessing the public network in the future. When using a private network to access the Internet, you need to use the substantive translation (NAT) to translate the private address into a public legal address. This type of address cannot appear on the Internet.

2. Private IP address range (form ):
192.168.x.x (for example, 192.168.1.10 to 192.168.1.12)
10. x
172.16.x.x ~ 172.31.x.x

Why do servers in the LAN need port ing on routers?

First, we must be clear:

(1) In an Internet network, only public IP addresses can communicate with each other.

(2) In a LAN, private IP addresses in a CIDR block can communicate with each other. (However, public IP addresses cannot communicate with private IP addresses directly .)

(3) A Router generally has two IP addresses: one is a public IP address (used to communicate with a computer on the Internet ). One is an Intranet (private) IP address (used to communicate with computers on the Intranet ).

(4) The computer connected to the vro only obtains the Intranet (private) ip address. Only the vro can communicate with other computers on the public network.
(It cannot communicate directly with computers on the Internet)

Note (2): This is why many of my friends have asked: "Why can't my website be browsed on a LAN computer, but the Internet computer cannot be opened ?" .

Common server port numbers:
Web Server (website server): Port 80
FTP Server (File Server): port 21
Terminal Server: port 3389
Email server: port 25 (SMTP) and port 110 (POP)
VPN Server: port 1723

Instance description

Assume that there is a computer on the Internet that uses ADSL for direct dial-up access, and the obtained public IP address is 61.168.45.23 ). Then it wants to access the computer in the LAN
(192.168.1.10.

(Port ing has been completed on the vro. The specific rule is: forward all data sent to port 80 to the Intranet computer 192.168.1.10 .)

The access process is as follows:

① A public network computer (61.168.45.23) sends a request to the router (218.6.146.31), requesting access to port 80. (Similarly, if you want to access the FTP server,
Sends a request to access port 21 of the vro21 .)

② After receiving the request, the router sends the request data to the computer 192.168.1.10 in the LAN through the Intranet IP address 192.168.1.1 according to the port ing rules.

③ After receiving the request, the computer 192.168.1.10 sends the website data on its computer to the router.

④ After receiving data from the computer 192.168.1.10, the router sends the data to the computer 61.168.45.23 through the public IP address 218.6.146.31.

Next we will explain the above example by combining the peanut shells:

For example

Our peanut shell passport ABC has a domain name www.oray.net, So we log on to the peanut shell client with passport ABC on 192.168.1.10. At this time, the IP address corresponding to www.oray.net is the public IP address of the router 218.6.146.31. The specific access process is as follows:

① Users of Internet computers (61.168.45.23) Enter www.oray.net to access the website on 192.168.1.10.

② The domain name server of the peanut shell tells the computer 61.168.45.23 that the IP address corresponding to the domain name www.oray.net is 218.6.146.31.

③ The computer 61.168.45.23 sends a request to the vro (218.6.146.31), requesting access to port 80.

④ After receiving the request, the router sends the request data to the computer 192.168.1.10 in the LAN through the Intranet IP address 192.168.1.1 according to the port ing rules.

⑤ After receiving the request, the computer 192.168.1.10 sends the website data on its computer to the router.

6. After receiving data from the computer 192.168.1.10, the router sends the data to the computer 61.168.45.23 through the public IP address 218.6.146.31.

As you can see, the main process is almost the same as the original one, but the previous part is a little different and there is an additional domain name resolution process.

4. What is a port?

In network technology, the port is in English and has two interpretations:
One is physical port, such as ADSL modem, Hub, switch, router interface used to connect to other network equipment, such as RJ-45 port, SC port and so on.
The second is the logical port, which generally refers to the port in the TCP/IP protocol. The port number ranges from 0 to 65535, for example, port 80 used to browse Web Services, port 21 for the FTP service. Here we will introduce the logical port.

Port category

Logically speaking, ports have multiple classification standards. The following describes two common classifications:

1. Distribution by port number

(1) well-known ports)

A well-known port is a well-known port number ranging from 0 to 1023. These ports are usually allocated to some services. For example, port 21 is allocated to the FTP service, port 25 is allocated to the SMTP (Simple Mail Transfer Protocol) service, port 80 is allocated to the HTTP service, and port 135 is allocated to the RPC (Remote process call) service) services.

(2) dynamic ports)

The range of dynamic ports is from 1024 to 65535. These ports are generally not allocated to a service, that is, many services can use these ports. As long as the program runs to the system to request access to the network, the system can assign a port number for the program to use. For example, port 1024 is allocated to the first application to the system. After the program process is closed, the occupied port number is released.

However, dynamic ports are often used by viruses and Trojans. For example, the default connection ports of glaciers are 7626, way 2.4 is 8011, NetSpy 3.0 is 7306, and Yai is 1024.

2. Divided by protocol type

Divided by protocol type, can be divided into TCP, UDP, IP, ICMP (Internet Control Message Protocol) and other ports. The following describes TCP and UDP ports:

(1) TCP port

TCP port, that is, the transmission control protocol port, must be connected between the client and the server to provide reliable data transmission. Common include port 21 of the FTP service, port 23 of the Telnet service, port 25 of the SMTP service, and port 80 of the HTTP service.

(2) UDP port

UDP port, that is, the user data packet protocol port, does not need to establish a connection between the client and the server, security is not guaranteed. Common services include DNS Service port 53, SNMP (Simple Network Management Protocol) Service port 161, QQ port 8000 and port 4000, etc.

How can I check the port?

Tip: I am familiar with Windows systems, so I will not elaborate on other systems! Sorry!

To view the port in Windows 2000/XP/Server 2003, run the netstat command:

Click Start> Run, type cmd, and press enter to open the Command Prompt window. Type "netstat-a-n" in the command prompt. Press the Enter key to view the TCP and UDP connection port numbers and status () displayed in numbers ().

Quote:
Microsoft Windows [version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C: \ Documents ents and Settings \ Administrator> netstat-a-n

Active connections

PROTO local address foreign address State
TCP 0.0.0.0: 21 0.0.0.0: 0 listening
TCP 0.0.0.0: 25 0.0.0.0: 0 listening
TCP 0.0.0.0: 80 0.0.0.0: 0 listening
TCP 0.0.0.0: 110 0.0.0.0: 0 listening
TCP 0.0.0.0: 135 0.0.0.0: 0 listening
TCP 0.0.0.0: 143 0.0.0.0: 0 listening
TCP 0.0.0.0: 366 0.0.0.0: 0 listening
TCP 0.0.0.0: 1025 0.0.0.0: 0 listening
TCP 0.0.0.0: 1026 0.0.0.0: 0 listening
TCP 0.0.0.0: 1027 0.0.0.0: 0 listening
TCP 0.0.0.0: 1040 0.0.0.0: 0 listening
TCP 0.0.0.0: 1045 0.0.0.0: 0 listening
TCP 0.0.0.0: 1863 0.0.0.0: 0 listening
TCP 0.0.0.0: 3000 0.0.0.0: 0 listening
TCP 0.0.0.0: 3004 0.0.0.0: 0 listening
TCP 0.0.0.0: 3306 0.0.0.0: 0 listening
TCP 0.0.0.0: 3389 0.0.0.0: 0 listening
TCP 0.0.0.0: 4449 0.0.0.0: 0 listening
TCP 127.0.0.1: 3001 0.0.0.0: 0 listening
TCP 127.0.0.1: 3002 0.0.0.0: 0 listening
TCP 127.0.0.1: 3003 0.0.0.0: 0 listening
TCP 127.0.0.1: 3009 127.0.0.1: 3306 established
TCP 127.0.0.1: 3306 127.0.0.1: 3009 established
TCP 127.0.0.1: 9189 0.0.0.0: 0 listening
TCP 127.0.0.1: 23883 0.0.0.0: 0 listening
TCP 192.168.1.100: 80 59.49.233.34: 31456 established
TCP 192.168.1.100: 80 61.141.167.189: 1177 established
TCP 192.168.1.100: 80 218.56.136.208: 5285 established
TCP 192.168.1.100: 80 221.237.165.17: 1213 established
TCP 192.168.1.100: 80 222.1611.186: 4422 established
TCP 192.168.1.100: 139 0.0.0.0: 0 listening
TCP 192.168.1.100: 1038 222.47.205.27: 5050 established
TCP 192.168.1.100: 4079 219.136.252.79: 80 established
TCP 192.168.1.100: 4604 83.149.119.17: 80 close_wait
TCP 192.168.1.100: 4605 83.149.119.17: 80 close_wait
TCP 192.168.1.100: 4691 165.21.32.111: 80 fin_wait_1
TCP 192.168.1.100: 4694 165.21.32.104: 80 fin_wait_1
UDP 0.0.0.0: 161 *:*
UDP 0.0.0.0: 500 *:*
UDP 0.0.0.0: 1028 *:*
UDP 0.0.0.0: 1044 *:*
UDP 0.0.0.0: 3005 *:*
UDP 0.0.0.0: 3010 *:*
UDP 0.0.0.0: 3348 *:*
UDP 0.0.0.0: 3581 *:*
UDP 0.0.0.0: 3956 *:*
UDP 0.0.0.0: 3958 *:*
UDP 0.0.0.0: 4500 *:*
UDP 0.0.0.0: 4714 *:*
UDP 0.0.0.0: 27099 *:*
UDP 0.0.0.0: 29367 *:*
UDP 0.0.0.0: 29368 *:*
UDP 127.0.0.1: 123 *:*
UDP 127.0.0.1: 1037 *:*
UDP 127.0.0.1: 3006 *:*
UDP 127.0.0.1: 3363 *:*
UDP 127.0.0.1: 3551 *:*
UDP 127.0.0.1: 3600 *:*
UDP 127.0.0.1: 4321 *:*
UDP 192.168.1.100: 123 *:*
UDP 192.168.1.100: 137 *:*
UDP 192.168.1.100: 138 *:*
UDP 192.168.1.100: 17985 *:*
UDP 192.168.1.100: 17987 *:*

C: \ Documents ents and Settings \ Administrator>
These are the ports opened and in use by your machine!
(What are the meanings of the above parameters? Let's talk about them later. I will not talk about this much here, so that new users will not be able to accept it)

But I still need to explain this operation command because I often forget it.
Netstat command

Command Format: netstat-a-e-n-o-s

-A indicates that all active TCP connections and TCP and UDP ports listened by the computer are displayed.

-E indicates the number of bytes sent and received over the Ethernet, and the number of packets.

-N indicates that only the active TCP connection addresses and port numbers are displayed in numbers.

-O indicates that active TCP connections are displayed and the process ID (PID) of each connection is included ).

-S indicates displaying statistics of various connections by Protocol, including port numbers.

Netstat command details

Displays protocol statistics and current TCP/IP network connections.

Netstat [-A] [-E] [-N] [-O] [-S] [-P proto] [-R] [interval]

Nbsp;-A nbsp; displays all connections and listening ports.
-E displays Ethernet statistics. This may be combined with the-S
Option.
-N displays addresses and port numbers in numerical form.
-O displays the owning process ID associated with each connection.
-P proto shows connections for the Protocol specified by proto; proto
May be any of: TCP, UDP, tcpv6, or udpv6. if used with the-S
Option to display per-Protocol statistics, proto may be any:
IP, IPv6, ICMP, ICMPv6, TCP, tcpv6, UDP, or udpv6.
-R displays the routing table.
-S displays per-Protocol statistics. By default, statistics are
Shown for IP, IPv6, ICMP, ICMPv6, TCP, tcpv6, UDP, and udpv6;
The-P option may be used to specify a subset of the default.
Interval redisplays selected statistics, pausing interval seconds
Between each display. Press Ctrl + C to stop redisplaying
Statistics. If omitted, netstat will print the current
Configuration information once.

This is basically the case.

Okay, basically, you should have some port concept! Next, let's take a look at what port ing is.

1-Why ing: if you are a broadband access user such as ADSL, cable modem, or optical fiber, you want to create a game server or web server in an Internet cafe or company, and allow Internet users to access your server, then you will encounter port ing problems. (For example, your dad went to school to look for you. He came to the school gate but did not know which classroom you were in, at this time, the teacher on duty will take your father to your classroom ----> this process is like "port ing ")

2- ing: Generally, vrouters have a firewall function. Internet users can only access the WAN port of your vro (connected to the ADSL line port), but cannot access internal servers. To allow external users to access the server, you need to make a forwarding setting on the vro, that is, the port ing setting. After the user requests are sent to the vro, and can reach the game server or web server. This is port ing.
At present, all the broadband routers have port ing functions, but the names of different router manufacturers are different. Some are virtual servers and some are Nat settings...
Port ing is easy. For example, to map a web server whose IP address is 192.168.1.254, you only need to fill in the IP address 192.168.1.254 and TCP port 80 of the server to the port ing table of the vro, of course, different services have different ports. Do not change the ports to avoid conflicts. In general, you cannot find the cause of such a conflict!

3-how to check after shooting: for example, the webserver should be a port 80. In this case, first put a static page named index.htm, enter your IP address or domain name in the address bar, and press enter to see if it can be accessed normally!

5. Why should I enter my account and password after entering my domain name?

(1) the remote management function is enabled on the vromodem (or modem) and occupies port 80 of the vro. Therefore, the login window is displayed every time you enter the domain name (or the public IP address of the vro.

(2) Your Web configuration is incorrect. The default account of the Web server does not have the permission to access the site directory.

 

From: http://hi.baidu.com/langzhou/blog/item/8f4fb8a1debd2e8947106499.html/cmtid/675db11b7c4710178618bf11