Network | NAT

在计算机网络中,网络地址转换(Network Address Translation或简称NAT),也叫做网络掩蔽或者IP掩蔽(IP
masquerading),是一种在IP封包通过路由器或防火墙时重写源IP地址或目的IP地址的技术。这种技术被普遍使用在有多台主机但只通过一个公有IP地址访问因特网的私有网络中。根据规范,路由器是不能这样工作的,但它的确是一个方便并得到了广泛应用的技术。当然,NAT也让主机之间的通信变得复杂,导致通信效率的降低。

Network address translation (NAT) is a methodology of modifying
network address information in Internet Protocol (IP) datagram packet
headers while they are in transit across a traffic routing device for the
purpose of remapping one IP address space into another.

流行在网络上的一种看法认为,IPv6的广泛采用将使得NAT不再需要,因为NAT只是一个处理IPv4的地址空间不足的方法。

With NAT, all communications sent to external hosts actually contain the external IP address and port information of
the NAT device instead of internal host IPs or port numbers.

When a computer on the private (internal) network sends an IPv4 packet to the
external network, the NAT device
replaces the internal IP address in
the source field of the packet header (sender‘s address) with the external IP
address of the NAT device. PAT(Port address translation) may then assign
the connection a port number from a pool of available ports, inserting
this port number in the source port field (much like the post office box
number), and forwards the packet to the external network. The NAT device then
makes an entry in a translation table
containing the internal IP address, original source port, and the translated
source port. Subsequent packets from the same connection are translated
to the same port number.

A packet coming from the external network is mapped to a corresponding
internal IP address and port number from the translation table, replacing
the external IP address and port number in the incoming packet header
(similar to the translation from post office box number to street address). The
packet is then forwarded over the inside network. Otherwise, if the destination
port number of the incoming packet is not found in the translation table, the
packet is dropped or rejected because the PAT device doesn‘t know where to send
it.

NAT only translates IP addresses and ports of its internal hosts, hiding the
true endpoint of an internal host on a private network.NAT operation is
typically transparent to both the internal and external hosts.

Typically the internal host is aware of the true IP address and TCP or UDP
port of the external host. Typically the NAT device may function as the
default gateway for the internal host. However the external host is only
aware of the public IP address for the NAT device and the particular port being
used to communicate on behalf of a specific internal host.

时间: 2024-10-11 22:12:57

Network | NAT的相关文章

[daily][network] NAT原理(转)

写在转发之前: 一直以来,我一直有一个疑惑,SNAT的时候,如果两个内网主机恰巧使用了相同的源端口号该怎么办呢? 我自己猜测的方法是改掉一个端口号,把端口一起映射(当然还有另一个设想,就是把包同时广播给两个主机,但这会引发安全问题,给黑客留下方便,pass).然后问题来了,如果某一种特定的服务,双方约定了各自的端口号,对端服务会检查源端口又该怎么办呢? 在这篇文章中提及了这个问题,并给出了我解答,他的解答是,这是NAT存在的固有缺陷.所以一个成熟的开发者,要考虑这个世界上好多人都没有公网IP,要

Ovirt实现虚拟机通过NAT上网

环境说明 OS: CentOS Linux release 7.1.1503 (Core) Ovirt-engine: ovirt-engine-3.5.3.1-1.el7 VDSM: vdsm-4.16.20-0.el7 GuestOS: CentOS release 6.5 (Final) 硬件说明: 单网卡且只有一个IP:10.10.19.100(可连接外网) 附:此主机同时充当engine和node角色 1. 安装Centos7-mini并update(省略) 2. 安装和配置ovirt

5540 asa 8.4 防火墙

配置等级策略,保证outside端口可以访问inside端口 access-list 100 extended permit icmp any any access-list 100 extended permit ip any any access-group 100 in interface outside 做PAT: object network nat subnet 192.168.1.0 255.255.255.0 nat (inside,ouside) dynamic interfa

sonicwall防火墙快速上网配置

Sonicwall 防火墙快速安装手册 深圳市兴瑞得科技有限公司2014-07-07 将本机网卡地址配置为192.168.168.16x(192.168.168.168除外).子网掩码为:255.255.255.0  .网关.DNS电信202.96.134.133 使用交叉线连接防火墙的x0口. 打开IE浏览器,在地址栏中输入:http://192.168.168.168回车 输入防火墙的默认用户名admin .密码password. 点击"system-->time"进入设置系

asterisk(sip.conf)的详细说明

介绍 extensions.conf中使用sip设备的语法是SIP/devicename,devicename名在下一节中说明. 如果用户在Internet上,可以使用SIP/[email protected]形式,同时不要忘记打开DNS SRV功能. 如果定义了一个SIP代理,可以使用SIP/proxyhostname/user或者SIP/[email protected]形式,proxyhostname的定义在下面的章节说明. 2.        在CLI中的查询命令: u      sip

防火墙内外网隔离实例

防火墙内外网隔离实例 1: Linux firewall allow intranet workstation (windows8) to access internet2: Workstation(windows8) get ip from Linux DHCP server. 条件 1: Computer with internet access2: WMware workstation 9.0.3: CentOS 6.4(firewall server).4: CentOS 6.4(DHC

初识kvm之kvm环境配置

1.BIOS准备 在BIOS中启用Intel VT(或AMD-V)虚拟化硬件扩展 2.系统准备 2.1系统安装 CentOS6.5x86_64 minimal customize now → virtualization 全选 2.2网络配置 #vi /etc/sysconfig/network-scripts/ifcfg-eth0 ONBOOT=yes #service network restart 3.KVM环境配置 3.1查看是否支持虚拟化 #egrep 'vmx|svm' --colo

通过piranha搭建lvs高可用集群

piranha是Redhat提供一个基于web的lvs配置软件,通过piranha可以省去手工配置lvs的繁琐工作.同时,piranha也可以单独提供集群功能,例如,可以通过piranha激活Director Server的备用主机.这里利用piranha来配置Director Server的双机热备功能. 1.安装与配置piranha 下载piranha的rpm包,在主备Director Server上进行安装 rpm -ivh piranha-* 安装好piranha后,使用rpm -ql

lvs-nat 模式-piranha

系统: redhat 6.5 mini 机器名 ip vip gw lvs01(主lvs) 192.168.10.10(外网) 192.168.20.10(内网) 192.168.10.254 lvs02(备lvs) 192.168.20.10(外网) 192.168.20.20(内网) 192.168.10.254 rs01 (web) 192.168.20.100 192.168.20.254 192.168.20.254 rs02 (web) 192.168.20.200 192.168.