Nat principle? How does the proxy server work?

NAT (network address translation)

1 Concepts

NAT (network address translation) belongs to the Access Wide area network (WAN) technology, which transforms the private address into a legitimate IP address, which is widely used in various types of Internet access and various types of networks. The reason is simple, Nat not only solves the problem of LP address insufficiency, but also can effectively avoid attacks from outside the network, hiding and protecting the computer inside the network.

2 principle

Client Service end 650) this.width=650; "title=" QQ pictures 2016 0723112709.png "alt=" Wkiol1es5kezlu6kaadplor6_nu844.png "src=" http://s5.51cto.com/wyfs02/M02/84/85/ Wkiol1es5kezlu6kaadplor6_nu844.png "/>

sequence 1:Suppose a computer A (192.168.1.100) on the client side of the LAN opens the Internet Explorer,when the internet Explorer program runs, it will open the 1111 of the machine. Port (This port is random, the system is generated dynamically), and then to browse Sina home page, in the Address bar inputhttp://www.sina.com.cn/,That is, accesshttp://www.sina.com.cn/(12.130.132.30：80), at this time the computer a sends a packet to the intranet (local area network), which not only has data (browse the Web), but also includes the source address and destination address. Both the source address and destination address are made up of IP and port numbers, where the source address is: 192.168.1.100:1111; the destination address is: 12.130.132.30 : 80. Packets are broadcast, and other computers on the LAN can receive but will not respond, but as nat servers (in this case, 192.168.1.1 ) receives this packet and responds.

< Span lang= "en-us" xml:lang= "en-us" to sequence numbers 2 and 3: nat Server will change the source address (192.168.1.100:1111) of the packet to 122.195.93.74 : 2222, then send this packet to the destination address according to the destination address in the packet 12.130.132.30 : 80-Sina website (Web server), This process is NAT and the destination address is the same.

(Note: The port that Internet Explorer opens and the map port of the NAT server are randomly generated, but once the two correspond to the mapping of the one by one, it will not be used by other programs.) This one-map relationship will persist without interrupting the browser program, and if you open another page, you will create a new mapping relationship.

Sequence 4:Sina website (Web server)-12.130.132.30: 80-Port Running program after receiving this packet, processing analysis learned that the site to copy the contents of a page and then sent toNAT Server< Span style= "font-family: ' Times New Roman ';" >, the package data is sent, the packet also has the source address and the destination address, the source address 12.130.132.30 : 80 : 2222 ).

ordinal 5: When the NAT server receives the packet, the destination address is from the 122.195.93.74 12.130.132.30 : 80

< Span lang= "en-us" xml:lang= "en-US" > nat server modifies the destination address, it sends the packet to the intranet, At this point, the client runs the IE browser program will receive its required external network data, processing can be displayed on the client's display on the Sina page.

The above process completes the intranet computer through the NAT server and the external network device of a complete communication. The whole process of NAT server changed two times the address, the intranet computer sends the packet process, the NAT will change the source address, the destination address has been unchanged, the external network computer sends the packet, the NAT will change the destination address, the source address has been unchanged.

Proxy Server

Principle

There are many kinds of proxy servers, in general there are http,ftp,socks () agent three, which is divided into transparent proxy and opaque proxy. Where transparent proxy is usually the gateway, is the hardware.
When the machine is online through a proxy server. The communication is divided two times, first the machine and the proxy server communication, then the proxy server and the destination address communication.
When the machine communicates with the proxy server, the destination IP is the IP of the proxy server. Proxy server and destination address communication, the source IP is the proxy server IP, when the external data is the same, in the intranet, the IP data appears, all the intranet and proxy server IP. Therefore, from the IP header is not visible any communication with the outside information. Can only be seen from the data.

Nat principle? How does the proxy server work?