Network Address Translation a.k.a. NAT is a process or technique used to change IP address and TCP port numbers by an intermediate device like firewall, router, modem, etc. There are different use cases for NAT but the most popular one is to use a single WAN IP address for multiple servers and clients which is located LAN.
网络地址转换aka NAT是一种过程或技术,用于通过防火墙,路由器,调制解调器等中间设备来更改IP地址和TCP端口号。NAT有不同的用例,但是最流行的用例是使用单个WAN局域网中多个服务器和客户端的IP地址。
拓扑结构 (Topology)
NAT has the following topology in general. NAT will occur on the router where a request made from LAN will translate into WAN IP address of the router.
NAT通常具有以下拓扑。 NAT将在路由器上发生,局域网发出的请求将转换为路由器的WAN IP地址。
局域网IP地址(LAN IP Address)
LAN IP addresses are Private IP addresses which are like below.
LAN IP地址是专用IP地址,如下所示。
- 192.168.0.0 – 192.168.255.255 192.168.0.0 – 192.168.255.255
- 172.16.0.0 – 172.31.255.255 172.16.0.0 – 172.31.255.255
- 10.0.0.0 – 10.255.255.255 10.0.0.0 – 10.255.255.255
If we look your IP address with the ipconfig for Windows or ip address Linux command we will see that our IP address is inside the range of the given IP address. These LAN IP addresses cannot be used on the internet so we require a new type of IP address without changing LAN IP address.
如果使用Windows的ipconfig或Linux的ip address命令查看您的IP地址,我们将看到我们的IP地址在给定IP地址范围内。 这些LAN IP地址无法在Internet上使用,因此我们需要一种新型的IP地址,而无需更改LAN IP地址。
> ipconfig
WAN IP地址(WAN IP Address)
WAN IP addresses are named as Public IP Addresses. They are used on the internet and numbered between following addresses except for LAN IP Address
WAN IP地址被称为“公共IP地址”。 它们在Internet上使用,并且在以下地址之间进行编号(LAN IP地址除外)
- 0.0.0.1 – 255.255.255.255 0.0.0.1 – 255.255.255.255
We can check our WAN IP address in different ways but Google is the most practical ne if we have a browser what is my ip address
我们可以通过不同的方式检查WAN IP地址,但如果我们使用的是浏览器what is my ip address Google是最实用的what is my ip address
TCP和UDP端口(TCP and UDP Ports)
TCP and UDP protocols are used to the transmission of the data between hosts or clients and servers. During a NAT TCP and UDP port numbers are generally changes. As every TCP or UDP packet has a source port and destination port. These port numbers will be changed during a NAT operation.
TCP和UDP协议用于主机或客户端与服务器之间的数据传输。 在NAT期间,TCP和UDP端口号通常会更改。 由于每个TCP或UDP数据包都有一个源端口和目标端口。 这些端口号将在NAT操作期间更改。
NAT如何工作?(How NAT Works?)
Now we will look at how NAT works step by step. We will use the following topology and steps for description.
现在,我们将逐步了解NAT的工作原理。 我们将使用以下拓扑和步骤进行描述。
- First, a packet will be created by the client which resides in the LAN. The packet source and destination IP address and port numbers will be like below. 首先,将由位于局域网中的客户端创建一个数据包。 数据包的源和目标IP地址和端口号如下所示。
When the packet arrives at the router the given source IP address and port number will be changed. The source IP address will be the WAN IP address of the router. The source port number will be set by the router randomly or according to the given configuration. We can see that changed values in red boxes. The new source IP address will be
176.43.223.203and source port number will3019.当数据包到达路由器时,给定的源IP地址和端口号将被更改。 源IP地址将是路由器的WAN IP地址。 源端口号将由路由器随机设置或根据给定的配置设置。 我们可以在红色框中看到已更改的值。 新的源IP地址将为
176.43.223.203,源端口号为3019。
- This package will be redirected to the server on the internet. After the server process request and create packets for the response the source and destination IP address will be like below. 该软件包将被重定向到Internet上的服务器。 服务器处理请求并为响应创建数据包后,源IP地址和目标IP地址将如下所示。
When this packet arrives at the router it will NAT’ted or translated into the LAN and destination IP address and port number will be changed like below. The destination IP address will be
192.168.142.100and destination port number will be2019.当此数据包到达路由器时,它将被NAT化或转换为LAN,并且目标IP地址和端口号将进行如下更改。 目标IP地址为
192.168.142.100,目标端口号为2019。
NAT类型 (NAT Types)
As a popular mechanism NAT can be done in different ways for different cases.
作为一种流行的机制,可以针对不同情况以不同方式完成NAT。
- Static NAT 静态NAT
- Dynamic NAT 动态NAT
- Overloading 超载
静态NAT(Static NAT)
If we want to provide an IP address or port completely into a LAN client IP address and port permanently we need to use static NAT where the NAT configuration will be static and will not change. For example, we can serve a web page or server by NAT’ting its ports 80 or 443.
如果我们想永久地将IP地址或端口完全提供给LAN客户端IP地址和端口,则需要使用静态NAT,其中NAT配置将是静态的,并且不会更改。 例如,我们可以通过NAT端口80或443为网页或服务器提供服务。
动态NAT(Dynamic NAT)
Dynamic NAT is useful for the clients where they do not serve anything to the WAN and just use the internet. In Dynamic NAT the IP address and port will change in every request or sessions. There will be no static configuration.
动态NAT对于不向WAN提供任何服务而仅使用Internet的客户端很有用。 在动态NAT中,IP地址和端口将在每个请求或会话中更改。 将没有静态配置。
超载 (Overloading)
Overloading is used to redirect single WAN IP address port numbers into multiple IP address port numbers in statically. This is useful where there is only a single WAN IP address but we need to NAT multiple IP address and port of servers.
重载用于将单个WAN IP地址端口号静态重定向到多个IP地址端口号。 如果只有一个WAN IP地址,但是我们需要对多个IP地址和服务器端口进行NAT,这将很有用。
在Linux上iptables的NAT配置 (NAT Configuration Of iptables On Linux)
iptables is a popular Network tool used to route, NAT, block network traffic. We can enable NAT for our LAN with the following iptables configuration. We specify the eth1 for the LAN interface.
iptables是一种流行的网络工具,用于路由,NAT,阻止网络流量。 我们可以使用以下iptables配置为我们的LAN启用NAT。 我们为局域网接口指定eth1 。
$ sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE翻译自: https://www.poftut.com/what-is-nat-network-address-translation-and-how-it-works/
3274
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
