NAT- network address translation is to convert a private network address (intranet) into a public address (such as the Internet), thus hiding the internally managed IP address. In this way, by using unregistered IP addresses internally and converting them into a small number of externally registered IP addresses, the cost of IP address registration is reduced and the increasingly scarce address space (namely IPV4) is saved. At the same time, it also hides the internal network structure, thus reducing the risk of internal network attacks.

NAT functions are usually integrated in routers, firewalls and separate NAT devices. Of course, most popular operating systems or other software (mainly proxy software, such as WINROUTE) also have NAT function. The NAT device (or software) maintains a state table for mapping the private IP address of the internal network to the legal IP address of the external network. Each packet is converted into the correct IP address in the NAT device (or software) and then sent to the next level. Different from ordinary routers, NAT devices actually modify the packet header, changing the source address of the internal network to the external network address of NAT devices, while ordinary routers only read the source address and destination address, and then forward the packet to the destination.

There are three types of NAT (static NAT, pooled NAT and commercial NAT). Among them, static NAT permanently maps each host in the internal network to a legal address in the external network, while NAT pool defines a series of legal addresses in the external network and maps them to the internal network through dynamic allocation, while port NAT maps the internal network address to different ports of an IP address in the external network.

/*

SMTP & lt-& gt； 25

POP3 & lt-& gt； 1 10

FTP & lt-& gt； 20,2 1

HTTP & lt-& gt； 80

Speaking of 20, I add an episode. We all know that the port corresponding to FTP should be 2 1. Why are there 20 more? In fact, when we transmit FTP files, the client first connects to the 2 1 port of the FTP server for user authentication. After successful authentication, when we want to transfer files, the server will open port 20 to transfer data files, that is, port 20 is used for real transmission, and port 2 1 is only used for FTP login authentication. When we usually download files, we will encounter the situation that the file is incomplete and cannot be downloaded successfully when the download is 99%. In fact, after downloading the file, we have to authenticate the user at port 2 1. If we download files for too long, the connection between the client and the server at port 2 1 will be considered as overtime connection by the server, which is the reason. The solution is to set the response time of port 2 1.

*/

Setting up NAT using WINDOWS 2000 Server

The powerful network function of WINDOWS 20000 SERVER family is really good. It integrates many network functions, such as DHCP, DNS, SNMP, routing and so on. To set up NAT, we only need a WINDOWS 2000 server without the help of other software.

Let's get started. Let's take the Chinese version of WINDOWS 2000 SERVER as an example. Add two network cards to the NAT server. One is connected to the internal network (such as IP: 192. 168.0.35) and the other is connected to the external network (such as IP: 88.88.88.88). Before configuration, make sure that the NAT server is connected to the internal private network and the external public network. The specific configuration is as follows:

Open "->->; Program-> management tools->; Routing and Remote Access ",a dialog box appears. There is a "server status" and a "BDWSER (local)" (not necessarily BDWSER, but your machine name) on the left, click "BDWSER (local)" and then click "operation->; Configure and Enable Routing and Remote Access ",a new dialog box will pop up. Next, a dialog box as shown in Figure 2 will appear. Select Internet Connection Server. Next,

As shown in Figure 3, select "Router with Network Address Translation (NAT) routing protocol". Next,

As shown in Figure 4, select "Use selected Internet connection->; Local connection 2 ",it should be noted here that" local connection 2 "is the external connection of the server, for example, the domain name in this example is 5imax.net and the address is 88.88.88.88; A "local connection" is a connection between a server and an internal network. Then "->" step->; Finish ",then Routing and Remote Access will start automatically, and we will wait for Routing and Remote Access to start later.

Through the above configuration, we can use NAT to forward the internal address to the external address, which is equivalent to this machine (WINDOWS 2000 SERVER) enjoying the Internet through the machine inside the NAT proxy. If the NAT server uses DHCP, then the client only needs to automatically obtain IP; If not, the client should specify IP: 192. 168.0. *, subnet mask: 255.255.0, gateway: 192. 168.0.35, DNS:202.97.224.68 (use local ISP to provide DNS server address. Next, configure the mapping from external port to internal port (as shown in figure 1, 88.88.88: 80->; 192.168.0.102: 80) for external visitors to visit/user1/254538/archives/2006/42031.html.