Hello, everyone!
Today, I'd like to summarize the Nat technical knowledge. Have you ever thought about how a LAN composed of so many computers can be connected to the Internet to ensure that we can obtain resources from the Internet at any time?
Just as we have to have a sender and a recipient address to send and receive courier, the prerequisite for communication on the network is that each computer has a unique IP address that lets the other computer know where to send the data.
IP resources (especially IPv4 resources) are insufficient. Each computer has its own public IP address. Or did it happen in other ways? This will come to the main role of today's study NAT.
Definition
Network address translation (NAT) is a technology that translates private addresses into valid IP addresses. NAT not only solves the problem of insufficient IP addresses, but also prevents attacks from outside the network and protects computers on the LAN.
Manner
1. Static NAT: The private IP address and the specified public IP address set are fixed and cannot be changed.
2. Dynamic NAT: The private IP address and the specified public IP address are dynamically converted. The IP address may be different each time the service is started.
3. Overload NAT: port multiplexing, the most common NAT mode, and minimum requirements for public IP addresses
Overload NAT
Do devices on different networks need only public IP addresses to communicate with each other?
In fact, this is an unnecessary proposition: A public IP address must be used for communication. However, only the public IP address cannot communicate (generally it depends on the communication definition. For a simple ping operation, only an IP address is fine. In this example, the communication refers to the tasks such as accessing the browsers). In addition, a port number is also required, therefore, a complete communication address consists of an IP address and a port number.
What is the port number?
We think of the computer as a villa with several houses - bedroom, kitchen, toilet, etc. The IP address will give us access to the villa, but what are you doing here? Download video resources? So you're going to the studio, you want to play online games? Please go to the entertainment hall. Different tasks (programs) are performed in different houses (ports).
On a computer, these ports are invisible soft ports. Generally, a maximum of 65535 ports can be enabled on a computer.
Example
The following uses an example to show how a computer in a LAN communicates with the Internet through the Overload NAT technology.
As shown in the preceding figure, computer A and computer B are in the same LAN. Both computers have private IP addresses. The IP address of computer A is 192.168.1.100 and that of computer B is 192.168.1.101. There is a NAT server on the LAN with two network adapters, the IP address of one network adapter is in the private IP network segment (192.168.1.1), and the IP address of the second network adapter is in the public IP address (122.195.93.76). The two computers have a program running on ports 1111 and 6666 respectively. To connect to huawei.com, perform the following steps:
1. Computer A broadcasts a message on the LAN. The message contains SIP+Port (source IP address: 192.168.1.100:1111)+DIP (destination IP address: 27.152.132.30; default HTTP port 80). The NAT server responds to the data message.
a. Computer B broadcasts a message on the LAN. The message contains SIP+Port (source IP address: 192.168.1.101:6666)+DIP (destination IP address: 27.152.132.30; default HTTP port 80). The NAT server responds to the data message.
2. Port 80 of the NAT server listens to the message of A and performs a wave of NAT translation. The NAT server changes the source IP address of the data packet to its public IP address and randomly uses an idle port (2222). The destination address remains unchanged, the SNAT process is recorded in the table: 192.168.1.100:1111 -> 122.195.93.76:2222.
b. The NAT server listens to the message of B through port 80 and performs a wave of NAT. The server changes the source IP address of the data packet to its public IP address and randomly uses an idle port (3333) without changing the destination address, record the SNAT process in the table: 192.168.1.100:1111 -> 122.195.93.76:3333
3. huawei.com successfully receives the message from the NAT server, in which the address of user A has been translated.
c.huawei.com successfully receives the message from the NAT server for NAT-translated user B.
4. After performing the operation based on the data, huawei.com returns a message containing the source IP address + port:27.152.132.30:80, destination IP address + port (122.195.93.76:2222), and data.
d.huawei.com returns a message containing the source IP address + port:27.152.132.30:80, destination IP address + port: 122.195.93.76:333, and data.
5. After receiving the message, the NAT server queries the NAT address translation table and finds that the private IP address of the LAN corresponding to 122.195.93.76:222 is 192.168.1.100:1111. Then, the NAT server performs NAT again and translates 122.195.93.76:2222 to 192.168.1.100:1111, reforward
e. After receiving the message, the NAT server queries the NAT address translation table and finds that the private IP address of the LAN corresponding to 122.195.93.76:3333 is 192.168.1.100:6666. The NAT server performs NAT again and translates 122.195.93.76:3333 to 192.168.1.100:6666, reforward
6. User A receives the message from huawei.com.
f. User B receives the message from huawei.com.
After reading the above, do you understand NAT technology?
Welcome to leave a message below.
We study together.
Thank you!
