NAT Technology and Proxy Server

How the Proxy server works

< Span style= "font-size:16px;font-family: ' Microsoft Jas Black ', ' Microsoft Yahei ';" >        proxy server, is an important security feature provided by Internet link-level gateways, which work primarily in the dialogue layer of the Open Systems Interconnection (OSI) model. & nbsp       In general, we use a Web browser to connect to other Internet sites directly to obtain network information, we need to send a request signal to get answers, and then the other party to send the information back in bit. The proxy server is a server between the browser and the Web server, and with it, the browser does not go directly to the Web server to retrieve the Web page but makes a request to the proxy server, which is sent to the proxy server first. The proxy server retrieves the information needed by the browser and transmits it to your browser. Moreover, most proxy servers have the function of buffering, like a large cache, it has a lot of storage space, it constantly store the new data to its native storage, if the browser requested data on its native memory already exists and is up to date, Then it will not re-fetch data from the Web server, and directly transfer the data on the memory to the user's browser, which can significantly improve the browsing speed and efficiency.

Who set up the proxy server

Because the proxy server can alleviate the pressure of bandwidth and increase the speed of access to some extent, the proxy server is generally provided

One: large-scale institutions, enterprise undertakings, educational institutions II: ISP

Functions of the Proxy service

1, connected to the Internet and the intranet as firewall (firewall): Because all the intranet users through the proxy server access to the outside world, only map to an IP address, so the outside world can not directly access to the internal network, but also set IP address filtering, Restrict external access to the intranet, in addition, two non-connected intranets can also be connected through a third-party proxy server to exchange information.
2, Save the IP cost: As mentioned above, all users only occupy one IP, so do not have to lease excessive IP address, reduce the maintenance cost of the network. In this way, the local bureau does not have a large number of machines connected to the external network can be connected to the external network through a proxy server in the intranet, greatly reduce costs. Of course there is a downside to this, as many cyber hackers hide their real IP addresses in this way and escape surveillance.
3, Improve access speed: its own bandwidth is small, through the larger bandwidth proxy and the target host connection. And usually the proxy server set a large hard disk buffer (possibly up to several gigabytes or more), when the outside information passed, but also save it to the buffer, when other users access the same information, the buffer is directly removed from the information, passed to the user, so as to achieve increased access speed

There are three types of proxy servers common on the network

1. Standard proxy buffering Server

A standard proxy buffering service is used to cache static Web pages (for example, HTML files and picture files) to a host on the local network (that is, the proxy server). When the cached page is accessed for a second time, the browser will request data directly from the local proxy server and no longer request data from the original web site. This saves valuable network bandwidth and improves access speed. However, to do this, you must explicitly indicate the IP address and port number of the proxy server on each of the internal hosts ' browsers. When the client is surfing the Internet, each time the request is sent to the proxy server, the proxy server determines whether to connect to the remote Web server to obtain the data. If there is a destination file in the local buffer, pass the file directly to the user. If not, retrieve the file first, save a buffer locally, and then send the file to the client browser.

2. Transparent proxy buffering Server

The transparent proxy buffering service and the standard Proxy server function exactly the same. However, the agent operation is transparent to the client's browser (that is, it does not need to indicate the IP and port of the proxy server). The transparent proxy server blocks network traffic and filters out HTTP (80 port) traffic that is accessed externally. If the client's request is buffered locally, the buffered data is sent directly to the user, and if there is no buffering locally, the request is made to the remote Web server, and the remaining operations are identical to the standard proxy server. For Linux operating systems, transparent proxies are implemented using Iptables or IPChains. Transparent proxies are especially useful for ISPs (Internet server providers) because there is no need to make any settings for the browser.

3. Reverse Proxy buffer Server

A reverse proxy is a proxy service that is completely different from the first two agents. Use it to reduce the load on the original Web server. The reverse proxy server takes on a static page request from the original Web server to prevent the original server from overloading. It is located between the local Web server and the Internet, handles all requests to the Web server, and prevents direct communication between the Web server and the Internet. If the page requested by the Internet user has buffering on the proxy server, the proxy server sends the buffered content directly to the user. If there is no buffering, a request is made to the Web server, the data is retrieved, and the local cache is sent to the user. This approach reduces the load on the Web server by reducing the number of requests to the Web server.

NAT Technology

Nat is the meaning of "network address Translation", which allows a whole organization to appear on the internet with a public IP address. As the name implies, it is a technology that translates the internal private network address (IP address) into a legitimate network IP address.

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/80/17/wKioL1c3xTehrzE8AADBQSUJR30832.png "title=" 0.PNG " alt= "Wkiol1c3xtehrze8aadbqsujr30832.png"/>

NAT is the use of internal addresses in the LAN internal network, when the internal node to communicate with the external network, at the gateway, the internal address is replaced by the public address, so that the external public network (the Internet) normal use.

NAT allows multiple computers to share an Internet connection, a feature that solves the problem of a shortage of public IP addresses. This way, you can only apply for a legitimate IP address, the entire local area network computer access to the Internet. At this point, Nat masks the internal network, and all intranet computers are invisible to the public network, and intranet computer users are not usually aware of the existence of Nat.

the internal address mentioned here refers to the private IP address assigned to the node in the internal network, which can only be used within the internal network and cannot be routed (a network technology that can be forwarded in different ways). Although the internal address can be randomly selected, the following address is usually used: 10.0.0.0~10.255.255.255,172.16.0.0~172.16.255.255, 192.168.0.0~192.168.255.255, addresses within the above three ranges will not be allocated on the Internet , so you may not need to apply to your ISP or registry for free use within your company or business. NAT translates these reserved IP addresses that cannot be used on the Internet into legitimate IP addresses that can be used on the Internet. The global address refers to a legitimate IP address, which is the address assigned by the NIC (Network Information Center) or ISP (Network service provider), which represents one or more internal local addresses, and is a globally unified addressable address.

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/80/1A/wKiom1c3xLnDwA8FAAEb3fcEFX8485.png "title=" 0.PNG " alt= "Wkiom1c3xlndwa8faaeb3fcefx8485.png"/>

In essence, the advent of NAT is to alleviate the problem of insufficient LP address, but in practical applications, NAT also has some derivative functions, such as hiding and protecting the computer inside the network to avoid attacks from outside the network, convenient internal network address planning, and so on.

There are three types of NAT rules

Static NAT, dynamic NAT, and Port Nat (PAT), also known as dynamic multiplexing Nat.

In fact, dynamic NAT is a special case of static Nat.

Static NAT: The private IP address of the internal network is converted to a public IP address, and theIP address pair is one- to-the-same. This one-to-one conversion between IP addresses 114.23.72.19 and 192.168.10.2 in the HQ. That is, a private IP address is only converted to a public IP address. With static NAT, you can implement external network access to some specific servers in your internal network.

Dynamic NAT: When the private IP address of the internal network is converted to a public IP address, the IP address is indeterminate and random. All private IP addresses that are authorized to access the Internet can be randomly converted to any of the specified legitimate IP addresses. That is, you can perform dynamic NAT conversions whenever you specify which internal addresses can be converted, and which legal addresses are used as external addresses. Dynamic NAT can use multiple legitimate sets of external addresses. When the ISP provides a legitimate IP address that is slightly less than the number of computers inside the network. You can use the dynamic conversion method.

PAT: Change the source port of the out-of-Office packet and port conversion, using the port multiplexing method. all hosts on the internal network can share a legitimate external IP address for access to the Internet and can save IP address resources to a minimum. At the same time, you can also hide all the hosts inside the network, effectively avoid attacks from the Internet. As a result, pat rules are currently the most applied in the network.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/80/1A/wKiom1c3yILCybaoAAJ772vVQC0297.png "title=" Network structure diagram (NAT). PNG "alt=" Wkiom1c3yilcybaoaaj772vvqc0297.png "/>

NAT functionality is typically integrated into routers, firewalls, ISDN routers, or separate NAT devices. For example, the Cisco router has joined this feature, the network administrator only need to set the NAT function in the router's iOS, can realize the shield to the internal network. For example, the firewall maps the internal address of the Web server 192.168.10.2/24 to the external address 114.23.72.19/24, and the external access 114.23.72.19/24 address is actually access 192.168.10.2/24.

< finish >

This article is from the "Zero Egg" blog, please be sure to keep this source http://lingdandan.blog.51cto.com/10697032/1773489

NAT Technology and Proxy Server