Nat - chii ichi? Nat Setup

Network Address Translation (Nat) ndiyo nzira reordering imwe kero nzvimbo mumwe nokuchinja mashoko pomumbure kero iri IP (Internet Protocol). Iyo packet headers vanochinjwa panguva vari dzaifanoiswa kubudikidza hwokutiparadza mudziyo. Nzira iyi pakutanga kushandiswa Redirect motokari nyore muna IP-network, mugamuchiri mumwe nomumwe pasina renumbering. Akava akakurumbira uye chinokosha chishandiso kuchengetedza uye kuparadzira yose kero nzvimbo iri mamiriro ezvinhu kuperevedza IPv4 kero.

Nat - chii ichi?

Kushandiswa samambure kero shanduro chepakutanga ndiko kunonyora kero mumwe kubva kero nzvimbo runoenzanirana kero mune dzimwe nzvimbo. Somuenzaniso, zvakafanira kana Indaneti webasa Provider yachinja, uye inodzidzisa haasi kukwanisa paruzhinji kuzivisa itsva nzira kune zvakarukwa. Pasi ezvinhu foreseeable yose kuparadzwa IP-kero nzvimbo Nat zvemichina iri kuramba kushandiswa kubva mukupera kuma1990 pachiimbwa IP-encryption (unova nzira yokufambisa wandei IP-kero nenguva nzvimbo). mashandiro iri rakatangwa muna imwe hwokutiparadza zano kuti anoshandisa shanduro pamatafura stateful kuratidza "zvakavanzika" kero imwe IP-kero, uye oripfuudza zvekubuda IP-omumasherufu kuti goho. Nokudaro, Vanoratidzwa achibva hwokutiparadza mudziyo. In neizvi dzezvokukurukurirana mugero mhinduro anonyorwa ari panobva IP-kero kushandisa mitemo mumabhatiri mushanduro pamatafura. Mitemo tafura rokushandura, akavapindurawo, vaibvisa pashure pfupi kana motokari itsva hakuiti dzifambirane mamiriro ayo. Ndiro huru mashandiro ose Nat. Chiri kuti zvinorevei?

Nzira iyi inobvumira kuti kukurukura kubudikidza router chete kana akwirwe chinoitwa nomunhu encrypted network, sezvo pave tafura rokushandura. Somuenzaniso, imwe dandemutande Browser mukati pomumbure angatsvaka nzvimbo kunze, asi, kana asina ndakagadza kunze, hachigoni akavhura zvekuvaka, akaiswa mairi. Kunyange zvakadaro, vazhinji Nat mano nhasi vanobvumira munhu Mudzviti Network kuti kugadzira tafura rokushandura kupinda kushandiswa zvachose. Nyaya iyi iri kazhinji kunzi kunofambira mberi Nat kana chengarava vorega, uye rinobvumira motokari rwupi mu "kunze" pomumbure kusvika kuenda hondo iri encrypted Network.

Nokuda vakawanda nzira iyi inoshandiswa achengetedze IPv4 kero nzvimbo, iyo Nat izwi (Izvi ndizvo chaizvo - pamusoro), yava kutoita kufanana ne encryption nzira.

Nekuti Nat alters kero mashoko ari IP-packet, ane zvakakomba chokuita kunaka mukana wokushandisa Indaneti, uye kunoda tikanyatsoteerera zvakadzama vayo Implementation.

Nzira Uchishandisa Nat vakasiyana mumwe kwavo mamwe maitiro akasiyana nyaya zvazvinoita Network motokari.

Basic Nat

Nyore mhando Network Address Translation (Nat) inopa kutepfenyurwa kuti IP-kero "mumwe-to-mumwe." RFC 2663 Nde mhando Mukutepfenyura. In ichi mhando yokuchinja chete IP-kero uye checksum IP-Header. The Mhando chikuru shanduro zvingashandiswa kubatanidza vaviri IP-network zviri sawirirana kugadzirisa.

Nat - ari kuti unobva "mumwe-to-zhinji"?

nemarudzi vakawanda Nat anogona kuronga akawanda private wehondo chete akasarudzwa pachena IP-kero. In randinenge configuration, imwe munharaunda richikurukura anoshandisa mumwe akasarudzwa "voga" IP-subnet kero (RFC 1918). The router pamusoro pomumbure ane kero oga nzvimbo iyi.

The router zvakare richibatanidza kuti Internet uchishandisa kero "yavose" raakapiwa ISP yenyu. Sezvo motokari inopfuura kubva yomunharaunda pomumbure kuti Internet Kero kunobva nomumwe packet rinoshandurwa pamusoro nhunzi kubva private kero nevoruzhinji. The router inocherechedza anokosha Data pamusoro nomumwe basa kubatana (kunyanya kuenda kero uye chiteshi). Kana mhinduro anouya shure kwaari, iye anoshandisa kubatana Data kuti anochengeterwa panguva outbound chokutambudzika yokuziva private Kero womukati rezvebonde uko kutumira mhinduro.

Mumwe mukana functionality ichi ndechokuti anoshumira inoshanda kugadzirisa raiva nechokuita kuneta pamusoro IPv4 kero nzvimbo. Kunyange network huru inogona paIndaneti kuburikidza imwe IP-kero.

All omumasherufu datagram flow IP-yakavakirwa vane 2 IP-kero - kunobva uye rwendo. Kazhinji, omumasherufu vanopfuura kubva private pomumbure kuruzhinji network, vachava kwaibva kero omumasherufu, kuchinja panguva kuchinja kubva kuruzhinji samambure yepachivande musana. More configurations kunzwisisa uyewo zvinobvira.

Features

Nat basa angava kurimwewo zvinhu. Kuti udzivise matambudziko ari sei kushandura vakadzoka Mabhokisi zvinoda zvimwe dzavo okunatsiridza. Ruzhinji Internet motokari anoenda kuburikidza protocols TCP uye UDP, uye chengarava nhamba vanochinjwa kuti wemishonga IP-kero uye chiteshi nhamba iri neizvi mirayiridzo anotanga kuti vakanyora mamiriro ayo mashoko.

Protocols dzisina kwakavakirwa TCP kana UDP, zvinoda nzira dzakasiyana kushandurwa. Control Message Protocol Internet (ICMP), sezvo mutemo, correlates kuti zvitange mashoko ane huripo kubatana. Izvi zvinoreva kuti vanofanira kuratidzwa kushandisa chete IP-kero uye nhamba wakaiswa pakutanga.

Ndinofanira kufunga?

Configuring Nat pamusoro router risingatauri kumupa mukana kubatana "kubvira kumugumo kumugumo." Saka, routers izvi havagoni kubatanidzwa dzimwe Internet protocols. Services kuti zvinoda mharuro TCP-kubatana kubva kwokunze rezvebonde kana vanoshandisa pasina protocols kungava isina. Kana Nat router hakuiti nesimba zvikuru kutsigira protocols zvakadaro, kuuya omumasherufu havagoni kusvika kwavaienda. Vamwe protocols anobvumawo imwe shanduro pakati pokuita wehondo ( "pusa muoti» ftp, somuenzaniso), dzimwe nguva tichibatsirwa chikumbiro resuwo, asi kubatana chinosimbiswa apo vose hurongwa vanoparadzaniswa Indaneti uchishandisa Nat. Uchishandisa Nat zvakare zvinoomesa vakadaro "tunneling" protocols, dzakadai IPsec, nokuti achinje tsika dziri Header, iyo anosangana kudzokorora chikumbiro kuvimbika.

Dambudziko razvino

Remubatanidzwa "kubvira kumucheto kusvikira kumucheto" nderei musimboti Indaneti, raivapo kubva kwayo kukura. Mamiriro nemambure chinoratidza kuti Nat kutyora musimboti ichi. Vanachiremba kune zvakakomba nezvemhosva kushandiswa kwakapararira IPv6-mumidziyo kero rokushandura, uye anosimudza dambudziko sei kuti zvinobudirira kuhupedza.

Nokuda ephemeral hunhu matafura stateful kutepfenyurwa Nat routers, dzomunyika rezvebonde mano nahwo IP-kubatana, ave mutemo, mukati pfupi yenguva. Kunze kwokuti kwakadaro Nat ari router, haugoni kukanganwa chokwadi ichi. Izvi zvakakanganisa chaizvo akazoita uchishandisa nguva tsindirana namano kuti ushande mabhatiri uye accumulators.

scalability

Uyezve, kana uchishandisa Nat yakawana chete zvengarava anogona kukurumidza kwezvinoshandiswa dzakawanda mafomu vachishandisa akawanda mawa kwokubatana (somuenzaniso, HTTP-nekukumbirira pawebsite pamwe vakawanda midzi zvinhu). dambudziko iri zvinogona mitigated kuburikidza vachiongorora ndekwaunogumira IP-kero kuwedzera chiteshi chengarava (Saka mumwe dzomunharaunda chiteshi inokamukana zvikuru kure wehondo).

zvimwe zvinetso

Sezvo zvose zvemukati kero yakazonyorwa somunhu voruzhinji, zvimwewo wehondo zvisisakwanisiki kutanga rinobatanidza yakananga womukati raiva pedyo nebundu pasina chinokosha configuration pamusoro firewall (ndiko kuti Redirect kubatana chairo chengarava). Mafomu akadai IP-nvidia, mavhidhiyo conferencing, uye mabasa aya kushandisa Nat traversal mitoo ishande zvakanaka.

Return kero uye chiteshi shanduro (akanyatsoteya) anobvumira hondo, chaiye IP-kero izvo dzinosiyana nguva nenguva, kuti tirambe iripo somunhu Server aine wakaiswa IP-Kero musha Network. Pfungwa, chinofanira kubvumira nokugadza servers kuramba kubatana. Pasinei chokwadi kuti ichi hachisi mhinduro yakakwana dambudziko, izvozvo zvinogona kuva mumwe ari zvombo hwoMutungamiriri pomumbure inobatsira kugadzirisa dambudziko, sei kugadzira Nat pamusoro router.

Port Address Translation (Pat)

Cisco akanyatsoteya Implementation iri Port Address Translation (Pat), izvo zvinoratidza wandei private IP-kero somumwe veruzhinji. Multiple kero zvinogona kuratidzwa sezvo kukero, nokuti mumwe nomumwe wavo kuongororwa maererano chiteshi nhamba. Pat anoshandisa rakasiyana bhuku chiteshi chengarava nhamba mukati yose IP, kusiyanisa nhungamiro date chinja. nhamba ava 16-ikakuruma integers. Total dzakawanda kero kuti ringashandurwa muimba imwe rokunze, anogona hunonzi kusvika 65536. The chaiyo nhamba zvengarava icho rimwe IP-kero anogona kupiwa, anenge 4000. Kazhinji, Pat anoedza kuchengetedza kunobva chengarava "yepakutanga". Kana watova kushandiswa, Port Address Translation ibasa yokutanga iripo chiteshi nhamba kubvira pakutanga nhengo mapoka - 0-511, 512-1023, kana 1024-65535. Kana hapana zvakawanda zvinowanikwa zviteshi uye kune vanopfuura kwokunze IP-kero, kuti Pat inofamba unotevera kuedza kuziva kunobva pachiteshi. Izvi panoberekwa hakuchina data available.

Hunoratidza kero uye chiteshi Cisco chinozoiswa basa kuti anosanganisa chengarava kero rokushandura Data tunneling IPv6 omumasherufu pamusoro IPv4 intranet. Kutaura zvazviri, zvisina nzira CarrierGrade Nat uye DS-Lite, kunotsigira IP-kero shanduro / chengarava (uye, naizvozvo, vakatsigira Nat pakuvira). Saka haambotauri zvinetso chokugadza dzigadziridzwe kubatana, uye rinopawo Kuchinja nomazviri IPv6 nekutumirwa kwemauto.

shanduro nzira

Pane nzira dzakawanda kushandisa shanduro mambure kero uye pachiteshi. Mune dzimwe zvikumbiro, ivo protocols kuti chikumbira vanoshandisa kushanda IP-kero, kushanda mune encrypted network, unofanira havatsananguri kwokunze kero Nat (iro rinoshandiswa pana mumwe mugumo kubatana), uye, zvakare, kazhinji zvakakodzera kudzidza uye patsanura mhando hutachiwana. Kazhinji izvi zvinoitwa nokuti zvinodiwa kuti pave zvakananga kukurukurirana mugero (kana kuponesa risina kumiswa kupararira mashoko kuburikidza Server kana kuvandudza mabasa) pakati mbiri nemakasitoma, zvose izvo vari munhu Nat.

Nokuti chinangwa ichi, (sei kugadzira Nat) muna 2003 vakava rinokosha dzakati RFC 3489 Simple Traversal pamusoro UDP achishandisa NATS. Nhasi zviri zvisingachashandi, nekuti nzira iyi mazuva ano havakwanisi kuti zvakanaka kuongorora basa mano mazhinji. Nzira itsva dzave kwezvipimo ari RFC 5389 dzakati, iyo yakatanga muna October 2008. Specification iyi yava kuzivikanwa SessionTraversal uye ari utility nokuda Nat.

Kutanga dzichikurukura

Mumwe packet rine TCP uye UDP IP-tsime kero uye chiteshi nhamba, uyewo Coordonatele ari kuenda pachiteshi.

Nokuti vakadaro pachena mabasa sezvo kushanda mae-mail servers, chiteshi chengarava nhamba kunokosha. Somuenzaniso, chiteshi 80 zvakabatana software, padandemutande Server, uye 25 - kuna SMTP tsamba Server. ku-server kuti ruzhinji IP-kero kunokoshawo, kufanana kero kana nhamba dzorunhare. Vaviri parameters izvi zvinofanira kuva zvechokwadi rizivikanwe nodes zvose kuti kuenda kubatanidza.

Private IP-kero vane kukosha bedzi omunzvimbo network, apo vari kushandiswa, uyewo hondo zvengarava. Zvengarava nevamwe magumo pfungwa youtsvene pamusoro pehondo, saka kubatana kuburikidza Nat rinotsigirwa yaisanganisa chiteshi Mapping uye IP-kero.

Pat (Port AddressTranslation) inotsidza mumwoyo nokurwisana ingamuka pakati maviri akasiyana wehondo vachishandisa bhuku iroro chengarava nhamba kumisa nemamwe kubatana panguva imwe chete.