NAT - waxa uu yahay waxan? NAT Setup

Cinwaanka Network Translation (NAT) waa hab ka mid ah reordering hal meel kale ku beddelo macluumaadka cinwaanka network in IP ah (Internet Protocol). In uu yahay, madax baakadda waa la bedelay ee wakhtiga ay ku sugan tahay gaadiidka iyada oo qalab wadada ku. Habkani waxaa markii hore loo isticmaalaa in la isugeeyey xog gaadiidka ee IP-shabakadaha, ciidankii kasta oo aan renumbering. Waxa uu noqday aalad caan ah oo muhiim u ah ilaalinta iyo qaybinta meel caalamiga ah ee cinwaanka in shuruudaha Nusqaan cinwaanada IPv4.

NAT - waxa uu yahay waxan?

Isticmaalka asalka ah ee cinwaanka shabakada turjumidda waa in khariidada cinwaanka kasta oo ka mid ah cinwaanka meel cinwaan baahisey in meel bannaan oo kale. Tusaale ahaan, waxaa lagama maarmaan ah haddii bixiyaha adeegga Internet in uu is beddelay, iyo user ah ma awoodo inuu si cad ku dhawaaqo wadada cusub shabakadda. Under xaaladaha daaqa caalamka IP-address technology NAT meel dhow waxaa sii kordheysa loo isticmaalay tan iyo 1990-dabayaaqadii lala IP-encryption (taas oo ah habka gaadiidka dhowr IP-cinwaanada at meel isku mid ah). Hannaanku wuxuu la fuliyo in qalab wadada isticmaala loox turjumaad stateful in uu soo bandhigo cinwaanada "qarsoon" in mid ka mid ah IP-address, iyo u gudbin doonaa xilka IP-xirmooyin in wax soo saarka ah. Sidaas darteed, waxay muujiyeen ka soo baxay qalab wadada ku. In dambe isgaarsiinta channel jawaabaha waxaa lagu soo bandhigaa in il IP-address ah oo isticmaalaya xeerar la kaydiyaa loox tarjumaadda. miiska turjumaad Rules, markeeda, bariyeelay muddo gaaban haddii baabuurta cusub uusan cusbooneysiin ay xaaladda ka dib. Tani waa hab ay aasaasiga ah ee NAT. Waxaa taas micnaheedu?

Habkani wuxuu kuu ogolaanayaa inaad isgaadhsiin dhex router kaliya marka xiriir la sameeyo si network ah lo, sida waxay abuurtaa miiska turjumaad. Tusaale ahaan, browser web gudahood shabakadda a isticmaali kartaa goobta dibadda, laakiin, haddii aan dibadda ku rakiban, ma furi karaan khayraadka a, u taagan dhexdeeda. Si kastaba ha ahaatee, qalabka NAT ugu maanta u ogolaan maamulka shabakad reserved galo miiska turjumaad loo isticmaalo si joogta ah a. Habkaani waxaa badanaa loo NAT ama dekedda sida guurto ah soo gudbiyo, oo waxay u saamaxdaa gaadiidka asal ahaan in ay network "ka baxsan" si ay u gaaraan ciidankii caga in shabakad Windows XP.

Sababo la caanka ah ee habkan waxaa loo isticmaalaa si loo ilaaliyo IPv4 meel cinwaanka, muddada NAT (tani waa waxa si dhab ah - kor ku xusan), waxa uu noqday ku dhawaad dhigmin Habka encryption ah.

Maxaa yeelay, NAT badala macluumaadka cinwaanka ah ee IP baakadka, waxa ay leedahay saamaynta xun tayada xiriir internet ah, oo u baahan fiiro dhow yahay inuu si faahfaahsan of hirgelintiisa.

Hababka Isticmaalka NAT kala duwan yihiin midba midka kale in ay dhaqanka gaar ahaan xaaladaha kala duwan ee ku lug leh saameynta on baabuurta network.

Basic NAT

Nooca ugu fudud ee Network Address Translation (NAT) waxay bixisaa baahin ah IP-cinwaanada "mid-ka-mid ah." RFC 2663 waa nooca ugu weyn ee daayey. In isbedelka noocan ah oo kaliya IP-address iyo dalbatay IP-madax. Noocyada ugu muhiimsan ee turjumidda waxaa loo isticmaali karaa in lagu xiro labada IP-shabakadaha kuwaas oo aynan ka qabashada.

NAT - waa in xira "fool-ka-badan"?

Noocyo Most of NAT khariidada karaa ciidammada kala duwan ee gaarka loo leeyahay in hal IP-address si cad loo qoondeeyey. In qaabeynta caadiga ah, network degaanka ah wuxuu isticmaalayaa mid ka mid ah loo qoondeeyey cinwaanada IP-subnet "gaarka ah" (RFC 1918). router The on network in uu leeyahay cinwaan gaar ah in meel bannaan oo this.

router ayaa sidoo kale isku xira Internetka la isticmaalayo a cinwaanada "dadweynaha" qoondeeyey aad ISP. Sida gaadiidka maraa ka network degaanka cinwaanka Internet ah isha ugu of baakadda kasta oo loo tarjumay on Daqsi ka cinwaanada gaarka ah si ay dadweynaha. router The raadka xogta aasaasiga ah oo ku saabsan xiriir kasta oo firfircoon (gaar ahaan cinwaanka Ahaado iyo dekedda). Marka jawaabta uu ka yimaado isaga, uu isticmaalo xogta la xidhiidha in lagu kaydiyo inta lagu guda jiro wajiga outbound si loo ogaado cinwaan gaarka ah ee network gudaha taas oo in reply soo diri.

Faa'iidada of this ka shaqeynayaan waa ay u adeegto sida xal wax ku ool ah si ay daal soo aaddan ee IPv4 cinwaanka bannaan. Xitaa shabakadaha ballaaran ayaa loogu xidhi karaa internetka iyada oo mid ka mid IP-address.

All xirmooyin datagram in shabakado ku salaysan IP leeyihiin 2 IP-address - ka il iyo Noqosho. Caadi ahaan, baakidhka gudbaynaa network gaarka loo leeyahay si network dadweynaha, uu yeelan doono cinwaan il baakidhka ah, la beddelo inta lagu jiro kala-guurka ee ka soo shabakad dadweynaha in ay dib u gaar ah. febwari adag More sidoo kale waa u suurtoobaan.

Features

function NAT laga yaabaa in qaar ka mid ah sifooyinka gaarka ah. Si looga fogaado dhibaato waa sida loo turjumo ee baakadaha ku soo laabtay baahan beddelka ay sii. Inta badan gaadiidka Internet maraa TCP hab maamuuska iyo UDP, iyo lambarada dekedda ayaa la bedelay si isku dhafan ee IP-cinwaanka iyo lambarka dekedda jihada dambe bilaabo inuu la baa'bin xogta.

Protocols aan ku salaysan TCP ama UDP, waxay u baahan yihiin habab kala duwan oo ka mid ah turjumidda. Control Protocol Message Internet (ICMP), sida caadiga ah, dareen rabid ah xogta lagu kala qaado ee leh xiriirka ah ee hadda jira. Taas macnaheedu waa in ay la soo bandhigay waa in la isticmaalayo IP-address isku mid ah iyo tirada hore dhigay.

Maxaa habboon in aan ka fiirsanayn?

Configuring NAT on router uusan waxba u siin suurtagalnimada ee xidhiidhada "darafkiisa ilaa darafka." Sidaa darteed, router, kuwaas oo aan ka qayb qaadan kartaa qaar ka mid ah hab maamuuska Internet. Adeegyada u baahan bilow ah ee TCP-xirnaanta ka network dibadda ama dadka isticmaala aan hab maamuuska laga yaabaa in la heli karin. Haddii router ee NAT uusan dadaal badan si uu u taageero hab-sida ka dhigin, xirmooyin soo socda ma gaadhi karto ay u socdeenna. Qaar ka mid ah hab-qaadi karta mid turjumaad u dhexeeya ka qayb ciidammadu ( "mode dadban» FTP, tusaale ahaan), mararka qaarkood iyadoo la kaashanayo albaab codsiga, laakiin xidhiidh la dhiso marka ay labada nidaam kala Internetka la isticmaalayo NAT. Isticmaalka NAT sidoo kale adkaynaysaa maamuuska sida "tunneling", sida IPsec ah, maxaa yeelay waxa ay badala qiyamka ee madax ka, kaas oo la macaamilaan daacadnimada u eegista codsiga.

Dhibaatadu waxa ay hadda

Xarunta "darafkiisa si loo soo afjaro" waa mabda'a aasaasiga ah ee Internet-ka, ee hadda jira tan iyo dhinaca horumarinta. xaaladda ay ku sugan shabakadda waxay muujinaysaa in NAT waa xadgudub ku ah mabda'a this. Khubaro waxaa jira walaac daran ka qabo isticmaalka baahsan ee IPv6-in cinwaanka shabakada turjumaad, iyo kiciyo dhibaatada sida si fiican u la baabi'iyo.

Sabatoo ah qaabka raaxaystaan miisas baahin stateful router NAT, qalabka network gudaha lumin IP-xidhiidh, sida caadiga ah, muddo aad u gaaban gudahood. ka xaqiiqda ah Marka laga reebo in NAT ah in router sida, innaba ku illoobi kartaa xaqiiqda. Tani waxay si dhab ah u yaraynaysaa wakhtiga hawlgalka aaladaha is haysta in shaqeeyaan on baytariyada iyo accumulators ah.

scalability

Waxaa intaa dheer, marka la isticmaalayo NAT dabagal dekedaha kaliya in dhaqso ah u dhammaan karaa codsiyada gudaha isticmaalaya xidhiidhada badan isku mar ah (tusaale ahaan, ku HTTP-codsiyada boggaga web leh tiro badan oo ah walxo gundhig). dhibaatadan loo yarayn karaa by la socodka caga IP-address ee intaa dheer in dekedda ah (sidaas oo kale qof dekedda maxaliga ah u qaybsan yahay ciidammadu more fog).

dhibaatooyin qaar ka mid ah

Tan iyo dhammaan cinwaanada gudaha ismidab qariyey sidii dadweynaha, ciidammada dibadda noqdo wax aan macquul aheyn in la bilaabo xidhiidhka la leh a Guntin gudaha gaar ah oo aan u qaabeynta kasta oo gaar ah oo ku saabsan brannmur (taas oo ah in la isugeeyey xiriir si dekedda gaar ah). Codsiyada sida IP-taleefoonka, video shirarka, iyo adeegyada waxay leeyihiin si ay u isticmaalaan farsamooyinka traversal NAT si caadi ah u shaqayn.

cinwaanka noqo oo turjumaad dekedda (Rapt) ogolaanaya ciidanka, ka-IP address dhabta ah oo kala duwan waqti ka waqti, si ay u sii heli karaa sida server leh go'an IP-address of network guriga. Mabda ', waa in ay u ogolaadaan sameynta server si ay u ilaaliyaan xidhiidhka ka. In kasta oo xaqiiqda ah in tani ma aha xal kaamil ah dhibaatada, waxa ay noqon kartaa qalab kale oo faa'iido leh ee arsenal ee maamulka shabakada si ay u xaliyaan dhibaatada, sida reserved NAT on router ah.

Cinwaanka Port Translation (PAT)

fulinta Cisco Rapt waa Port Address Translation (PAT), taasi oo muujinaysa dhowr IP-address gaarka ah sida mid ka mid ah dadweynaha. cinwaanada Multiple la soo bandhigi karaa sida cinwaanka ah, maxaa yeelay, mid kasta oo iyaga ka mid ah waxaa lagula socdaa by tirada dekedda. PAT isticmaalaa tiro il gaar ah dekedda on IP caalamiga ah ee gudaha, in la kala saaro jihada of kala iibsiga data. lambarada Kuwanu waa abyoonayaasha 16-bit. Total cinwaanada gudaha in loo tarjumi karaa galay mid ka mid ah barxadda dibadda, aragti ahaan ay gaari karaan 65536. Tirada dhabta ah ee dekadaha kaas oo hal IP-address la magacaabin, wuxuu ku saabsan yahay 4000. Sida caadiga ah, PAT isku dayo in uu badbaadiyo dekedda il "asalka ah" ku. Haddii ay tahay in la isticmaalo, Address Port Translation ku meelaynayaa tirada ugu horeysay ee la heli karo dekedda laga bilaabo bilowga ah ee kooxaha ka soo jeedaan - 0-511, 512-1023, ama 1024-65535. Marka ma yihiin dekedaha more la heli karo iyo waxaa jira in ka badan hal dibadda IP-address, PAT ku dhaqaaqdo in ay soo socda si la isugu dayo in la aqoonsado dekedda isha. Nidaamkan wuxuu soconayaa ilaa ay jiraan xogta mar dambe ma la heli karaa.

Bandhigay cinwaanada iyo dekedda Cisco fuliyo adeeg isku daraa cinwaanka dekedda xirmooyin IPv6 tunneling xogta turjumaad badan aabooyinka IPv4. Dhab ahaantii, ka duwan aan rasmi ahayn CarrierGrade NAT iyo DS-Lite, taas oo ay taageertaa IP-address turjumaad / dekedda (iyo, Sidaa darteed, oo ay taageerayaan goob NAT). Sidaas darteed, waxaa iska ilaalisaa in dhibaatooyinka ee rakibaadda iyo dayactirka xidhiidhka ka, iyo sidoo kale waxay bixisaa qaab kala guurka, waayo, IPv6 geeyo.

hababka turjumaad

Waxaa jira dhowr siyaabood si ay u hirgeliyaan tarjumaadda cinwaanka shabakada iyo dekedda. In codsiyada qaar ka mid ah, hab maamuuska in codsiyada isticmaalaan si ay ula IP-cinwaanada shaqeeyaan, ka hawlgala shabakad Windows XP, waa in aad u qeexaan cinwaanka dibadda NAT (taas waxaa loo isticmaalaa marka la gaaro dhamaadka kale ee xidhiidhka), iyo, weliba, waxa inta badan loo baahan yahay inaad wax ka barato oo u kala saar nooca gudbinta. Sida caadiga ah taas waxa laga sameeyaa, sababtoo ah waa la jecel yahay in la dhiso channel ah xidhiidhka tooska ah (ama badbaadin gudbinta aan guraynin xogta iyada oo loo marayo server ama si loo wanaajiyo kartida) u dhexeeya labada macaamiisha, labadaas arrimood oo waa qofka NAT.

Ujeedada this, (sida reserved NAT) ee 2003 horumariyo RFC gaar ah maamuuska 3489 Traversal Simple ee UDP bixiyaa iyada oo loo marayo NATS. Maanta waa huriye, sababtoo ah hababka kuwaas oo maalmahan ku filnayn in ay si sax ah loo qiimeeyo shaqada ee hindisooyin badan. hababka cusub ayaa la jaangooyay RFC 5389 maamuuska, kaas oo waxaa la sameeyey bishii October 2008. faahfaahinta Tan waxaa hadda loo yaqaan SessionTraversal iyo waa utility ah NAT ah.

Abuuritaanka-xiriir laba dhinac ah

baakadda kasta waxa ku jira TCP iyo UDP IP-il cinwaanka iyo lambarka dekedda, iyo sidoo kale isku dekedda Ahaado.

Waayo, adeegyada bulshada sida a server e-mail functional, tiro dekedda waa muhiim. Tusaale ahaan, dekedda 80 waxaa xiran software ah, server web, iyo 25 - in mail server SMTP ah. IP-address dadweynaha server ee waa sidoo kale ee muhiimka ah, sida cinwaanka boostada ama lambarka taleefanka. Labada argument ahaan waa rasmi ah la garanayo oo dhan qanjidhada in u socdaan in ay ku xidhmaan.

Private IP-cinwaanada ay leeyihiin ahmiyad kaliya ee shabakadaha maxalliga ah, halkaas oo ay ku waxaa loo isticmaalaa, iyo sidoo kale dekedaha ciidankii. Dekedaha yihiin dhamaadka gaar ah la xidhiidha dhibic on ciidanka, si xidhiidh dhex mara NAT ah oo ay taageerayaan ku khariidaynta dekedda isu geynta iyo IP-cinwaanada.

PAT (Port AddressTranslation) lagu xaliyo khilaafaadka ka imaan karto inta u dhaxaysa laba ciidammada kala duwan iyadoo la isticmaalayo tiro isku mid ah ilaha dekedda in la dhiso xiriir gaar ah waqti isku mid ah.