Network address translation nat

introduce ：

IPv4 The address is in danger of running out

NAT Means to pass through Private network address Convert to Public network address , So as to hide IP Address .
Install on the router connecting the private network to the Internet NAT Software （NAT Router ）, At least one global IP Address
All hosts using private addresses communicate with the outside world , Need to convert private addresses to global addresses IP Address

function ：

①NAT Make a large number of internal private addresses share a small number of global addresses IP Come and connect with the Internet . Because the private network can be reused , So section Save a lot of address consumption
② foreign The network structure is hidden , Reduce the risk of internal network attack

principle ：

Suppose a host using a private address communicates with a host using a global address ：

1. NAT Routers from all over the world IP Assign a temporary global address to the host in the address pool IP Address 172.38.1.5, And will IP The source address of the datagram modify For this global IP Address
2. The correspondence between private address and global address （ mapping ） Recorded in the NAT Conversion table in
3. after forward The packet , At this time, the source address and destination address of the datagram are all global IP
4. When a host on the Internet sends a datagram back ,NAT The router received the message IP The datagram , stay NAT Conversion table To find , Change the destination address to the corresponding private address , And send it to the corresponding host ; At this time, the source address of the datagram is the global address of the Internet host , The destination address is a private address

Be careful ：
Ordinary routers only work at the network layer , and NAT The router needs to check the port number of the transport layer

ask ： Can the communication between the intranet host and the extranet host be initiated by the extranet first ？

You can't ！ If the external network host sends datagrams ,NAT After the router receives the datagram , stay NAT The corresponding record of global address and private address cannot be found in the translation table ！ The datagram cannot be forwarded to the intranet host