Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ NAT (network address translation) Realization     - Articles do not resolve after opening under Ubuntu WordPress setting a fixed link (Server)

- Linux prohibit non-WHEEL user su command Detail (Linux)

- Linux cron job (Linux)

- JITwatch installation under Linux (Linux)

- Linux System Getting Started Tutorial: Linux file permissions brief description (Linux)

- Linux argument references and command substitution (Linux)

- New experience Budgie (Budgerigar) desktop environment (Linux)

- apt-get install openstack pkg Troubleshooting (Linux)

- Redhat Close SELinux correct step (Linux)

- Android development environment to build under Fedora 13 (Linux)

- Install Ruby on Rails in Ubuntu 15.04 in (Linux)

- ActiveMQ5.10.2 version configuration JMX (Linux)

- The several technical presentation Raid under Linux (Linux)

- Java deserialization test (Programming)

- How to configure security services under Linux (Linux)

- RealVNC Server 5.2.3 Installation and Configuration In Fedora (Server)

- To install OwnCloud 7.0.4 under Ubuntu (Linux)

- phpinfo (): like phpinfo as a Python script (Programming)

- To change CentOS7 runlevel (Linux)

- Android in the coordinate system and a method to obtain the coordinates (Programming)

 
         
  NAT (network address translation) Realization
     
  Add Date : 2018-11-21      
         
         
         
  NAT's basic description:

Network Address Translation (NAT, Network Address Translation) genus access to wide area network (WAN) technology, is a kind of private (reserved) address into a legitimate IP address conversion technology, which is widely used in various types of Internet access and various types of networks. The reason is simple, NAT is not only the perfect solution to the problem lP address deficiencies, but also can effectively prevent attacks from outside the network, hide and protect the internal network computer.

By means of NAT, private (reserved) address "internal" network to send data packets, private addresses are converted into legal IP address through a router, a LAN IP address only a small amount (or even one) can be realized private address communication needs within the network all the computers and the Internet.

NAT will automatically modify the IP packets based on source IP address and destination IP address, Ip address check is done automatically in the NAT process. Some applications will source IP address embedded in the data portion of an IP packet, so also need to part of the data packets to be modified to match the IP header has been modified source IP address. Otherwise, data packets are embedded application IP address will not work.

Three kinds of NAT implementations:

NAT implementations, there are three, namely, a static converter Static Nat, dynamic conversion Dynamic Nat and port multiplexer OverLoad.

Static Transfer refers to the private IP address of the internal network is converted to a public IP address, IP address is one to one, immutable, a private IP address can only be converted to a public IP address. By means of a static converter that can achieve external network access to internal network specific devices (such as servers).

Dynamic conversion refers to the private IP address of the internal network to a public IP address, IP address is uncertain, random, all the private IP addresses are authorized to access the Internet can be converted to any randomly assigned legal IP addresses. That is, as long as the internal address specified which can be converted, and what legal address when used as an external address can be dynamically converted. Dynamic conversion can use multiple external legal address set. When the legitimate IP address provided by your ISP slightly less than the number of computers within the network. It can be used to convert a dynamic way.

Port Multiplexing (Port address Translation, PAT) refers to the change outgoing packet's source port and port translation, the port address translation (PAT, Port Address Translation). Port using multiplexing. All internal hosts can share a legitimate external IP address for access to the Internet, which can maximize the saving IP address resources. At the same time, but also to hide all hosts within the network, effectively prevent attacks from the internet. Therefore, it is the most widely used is the port multiplexing network.

I. static NAT implementations

Suppose lP addresses internal LAN use is 192.168.0.1 ~ 192.168.0.254, the router on the LAN side (which is the default gateway) IP address 192.168.0.1, a subnet mask of 255.255.255.0. Legitimate IP address range of the network is assigned 61.159.62.128 ~ 61.159.62.135, router WAN IP address 61.159.62.129, subnet mask of 255.255.255.248 can be used to convert a range of IP addresses 61.159.62.130 ~ 61.159. 62.134. Requirements of internal URLs 192.168.0.2 ~ 192.168.0.6 are converted into legitimate IP address 61.159.62.130 ~ 61.159.62.134.
>>> First, set the external port.
interface serial 0
ip address 61.159.62.129 255.255.255.248
ip nat outside
>>> The second step, set the internal port.
interface ethernet 0
ip address 192.168.0.1 255.255.255.0
ip nat inside
>>> The third step, between the internal and external legal address local establish a static address translation.
ip nat inside source static internal local address of the internal legal address.
Example:
ip nat inside source static 192.168.0.2 61.159.62.130 // will be converted to the internal network address 192.168.0.2 legitimate IP address 61.159.62.130
ip nat inside source static 192.168.0.3 61.159.62.131 // will be converted to the internal network address 192.168.0.3 legitimate IP address 61.159.62.131
ip nat inside source static 192.168.0.4 61.159.62.132 // will be converted to the internal network address 192.168.0.4 legitimate IP address 61.159.62.132
ip nat inside source static 192.168.0.5 61.159.62.133 // will be converted to the internal network address 192.168.0.5 legitimate IP address 61.159.62.133
ip nat inside source static 192.168.0.6 61.159.62.134 // will be converted to the internal network address 192.168.0.6 legitimate IP address 61.159.62.134
Thus, the static NAT configured.


II. Realization of dynamic address translation

Suppose the internal network IP addresses used for the 172.16.100.1 ~ 172.16.100.254, router LAN port (which is the default gateway) IP address 172.16.100.1, subnet mask of 255.255.255.0. Legitimate IP address range of the network is assigned 61.159.62.128 ~ 61.159.62.191, router WAN IP address 61.159.62.129, subnet mask of 255.255.255.192, can be used to convert a range of IP addresses 61.159.62.130 ~ 61.159 .62.190. Requirements of internal URLs 172.16.100.1 ~ 172.16.100.254 dynamic conversion as a legitimate IP address 61.159.62.130 ~ 61.159.62.190.
>>> First, set the external port.
Set the external port command syntax is as follows:
ip nat outside
Example:
interface serial 0 // into the serial port serial 0
ip address 61.159.62.129 255.255.255.192// its IP address as 61.159.62.129, subnet mask of 255.255.255.192
ip nat outside // serial port serial 0 is set to the external network port
Note that you can define multiple external ports.
>>> The second step, set the internal port.
Setting the internal interface command syntax is as follows:
ip nat inside
Example:
interface ethernet 0 // Ethernet port Ethernet 0
ip address 172.16.100.1 255.255.255.0 // its IP address as 172.16.100.1, subnet mask of 255.255.255.0
ip nat inside // set the Ethernet 0 network interface.
Note that you can define multiple internal ports.

>>> The third step is to define the legitimate IP address pool.
Define the legal IP address pool command syntax is as follows:
ip nat pool name start IP address pool address End IP Address Subnet Mask
Wherein the address pool names can be arbitrarily set.
Example:
ip nat pool chinanet 61.159.62.130 61.159.62.190 netmask 255.255.255.192 // specified address pool name chinanet, IP address range 61.159.62.130 ~ 61.159.62.190, subnet mask of 255.255.255.192. It should be noted that, even if the mask is 255.255.255.0, also the starting IP address and ending IP address to the IP address pool to be limiting.
Or ip nat pool test 61.159.62.130 61.159.62.190 prefix-length 26
Note that if there is more than one legitimate IP address ranges can be added separately. For example, if there is still a legitimate IP address range "211.82.216.1 ~ 211.82.216.254", so, you can then issue the following command to add it to the pool.
ip nat pool cernet 211.82.216.1 211.82.216.254 netmask 255.255.255.0
Or
ip nat pool test 211.82.216.1 211.82.216.254 prefix-length 24
>>> The fourth step is to define the access list to access the internal network of the Internet allows.
Define internal access-list command syntax is as follows:
access-list permit source address wildcard label (where the label is an integer of 1 to 99.)
access-list 1 permit 172.16.100.0 0.0.0.255 // allow access to the Internet network segment 172.16.100.0 ~ 172.16.100.255, wildcard 0.0.0.255. Note that, in here is the reverse mask, instead of a subnet mask. Relations between anti mask with the subnet mask is: wildcard + subnet mask = 255.255.255.255. For example, a subnet mask of 255.255.0.0, the wildcard 0.0.255.255; subnet mask of 255.0.0.0, then the wildcard 0.255.255.255; subnet mask 255.252.0.0, the anti-mask code 0.3.255.255; subnet mask of 255.255.255.192, wildcard 0.0.0.63.
Also, if you want to convert to multiple IP addresses legitimate IP addresses, you can add multiple access list. For example, when wishing 172.16.98.0 ~ 172.16.98.255 and 172.16.99.0 ~ 172.16.99.255 converted into legitimate IP address, should add the following command:
access-list2 permit 172.16.98.0 0.0.0.255
access-list3 permit 172.16.99.0 0.0.0.255
>>> Fifth step, network address translation.
In the global settings mode, the fourth step is a list of internal local address specified by the access-list with the third step is to specify the legitimate IP address pool address translation. The command syntax is as follows:
ip nat inside source list access list number pool internal legal address pool name
Example:
ip nat inside source list 1 pool chinanet
If there are multiple internal access list, can all add to achieve network address translation, such as
ip nat inside source list 2 pool chinanet
ip nat inside source list 3 pool chinanet
If there are multiple address pools, also can all add to increase the legal address range, such as
ip nat inside source list 1 pool cernet
ip nat inside source list 2 pool cernet
ip nat inside source list 3 pool cernet
Thus, the dynamic address translation set.

III. Port multiplexing dynamic address translation (PAT)

IP addresses for internal network use 10.100.100.1 ~ 10.100.100.254, router LAN port (which is the default gateway) IP address 10.100.100.1, subnet mask of 255.255.255.0. Legal range of IP addresses assigned to the network 202.99.160.0 ~ 202.99.160.3, router WAN IP address 202.99.160.1, subnet mask of 255.255.255.252, can be used to convert the IP address of 202.99.160.2. Requirements of internal URLs 10.100.100.1 ~ 10.100.100.254 converted into legitimate IP address 202.99.160.2.

>>> First, set the external port.

interface serial 0

ip address 202.99.160.1 255.255.255.252

ip nat outside

>>> The second step, set the internal port.

interface ethernet 0

ip address 10.100.100.1 255.255.255.0

ip nat inside

>>> The third step is to define the legitimate IP address pool.

ip nat pool onlyone 202.99.160.2 202.99.160.2 netmask 255.255.255.252

// Specify the address of the buffer pool name for onlyone, IP address range 202.99.160.2, subnet mask of 255.255.255.252. Since in this case there is only one IP address is available, the starting IP address and ending IP addresses are 202.99.160.2. If you have multiple IP addresses, you should type the beginning and ending of each IP address.

>>> The fourth step is to define internal access columns.

access-list 1 permit 10.100.100.0 0.0.0.255

Allow access Internetr segments of 10.100.100.0 ~ 10.100.100.255, subnet mask of 255.255.255.0. Note that, in the opposite order as the subnet mask here with the usual written, that is 0.0.0.255.

>>> Fifth step, set multiplexing dynamic address translation.

In the global settings mode, set between the local address and the internal IP address of the internal legal establishment multiplexing dynamic address translation. The command syntax is as follows:

ip nat inside source list access list number pool internal legal address pool name overload

Example:

ip nat inside source list1 pool onlyone overload // to port multiplexing mode, the access list 1 private IP address into legitimate IP address onlyone IP address pool defined.

Note: overload is a complex dynamic address translation of key words.

So far, the port multiplexing dynamic address translation is complete.

You can also write:

ip nat inside source list 1 interface serial 0 overload
     
         
         
         
  More:      
 
- Ubuntu install snmp packets Unlinked OID in IPATM-IPMC-MIB: marsMIB (Linux)
- To install Jetty server configuration in detail (Server)
- Installation of Python2.7.10 under CentOS 6.4 (Linux)
- Usage logs Python library (Programming)
- How to display a dialog Bash Shell script (Programming)
- Linux / Windows setup is complete port range (Linux)
- BackTrack (BT3, BT4) Linux installation tutorial (Linux)
- Linux argument references and command substitution (Linux)
- Hard disk encryption to protect data security (Linux)
- CentOS 6/7 Series Docker Installation (Linux)
- Oracle Linux 5.9 configuration Xmanager (Linux)
- CentOS 6.4 Telecom ADSL dial-up network configuration (Linux)
- WordPress plug-ins installed in Ubuntu, enter the subject of FTP and not create directory problem (Server)
- grep, egrep and regular expressions (Linux)
- Standardized UNIX command-line tool (Linux)
- Add local search to your Android app (Programming)
- GoldenGate update is missing (Database)
- How to install and configure a VNC server on CentOS 7.0 (Server)
- The Linux kernel and AVL tree in red-black tree (Programming)
- Oracle 11g creates virtual private directory RMAN-06004 ORA-00942 error handling (Database)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.