Problem 1: Difference between Intranet and extranet IP addresses
The internal IP address is also an external IP address, but this IP address is set as a private IP address by the Internet and cannot be forwarded by the central router and border router. The following IP address segments are classified as private IP addresses
Class A: 10.0.0.0 to 10.255.255.255 Class B: 172.16.0.0 to 172.31.255.255 Class C: 192.168.0.0 to 192.168.255.255Copy the code
Question 2: What is a central router and what is a border router
This is about to pull far, first of all, the first network IP is classified, category by the network number, and then by the host to distinguish different categories, finally found that manage the points too difficult, so a border router, the purpose is to share the network, I of the central router only the number corresponding to the network traffic are forwarded to the corresponding boundary router, Then the border router will locate the target host
Question 3: What are network numbers and host numbers
To baidu
Q4: my IP address is 192.168.0.1. It is a private IP and I can connect to the Internet
So this question, first of all, goes back to a long time ago, when nobody had a private IP address, everybody had a public IP address, and then they could communicate with each other, but they had a limited number of IP addresses, and if this were going to happen some people would have to share IP addresses, but how do they share IP addresses to tell which computer traffic was coming from, At this time the use of private IP and the use of NAT network address translation technology to solve
Question 5: What is NAT
NAT is network address translation (NAT), which translates a group of private IP addresses into public IP addresses for Internet access
Q6: A private IP address corresponds to a public IP address, so there is no saving IP address
Yes, this did not reduce the use of IP addresses, hence NAPT
Question 7: What is NAPT
NAPT is very simple, in the network address translation, I convert each private IP request to the public IP plus port, so that one IP multi-purpose, so that the router needs to read TCP/UDP port information, the router needs to build a network address translation table, Private IP: port -> Public IP: port -> Extranet IP: port. Finally: Private IP: port -> External IP: port. The connection process is as follows
- The client initiates a connection to connect to an external IP address
- NAT routing enables the client TO access the Internet through the CLIENT IP address and the port randomly generated by the NAT route
- The NAT router then forwards the extranet data to the internal IP address
One of the problems with this connection is that
- Only the Intranet can connect to the Internet, but the Internet cannot connect to the Intranet
- Some problems application layer protocols, such as FTP, FTP data transfer and control is separate connection, keep the validation control connection and command and control, when you want to get or upload some data, you need to establish a data connection, at this time of (active mode) for safety use send IP and port control connection to the FTP server know, However, there is a problem here, the IP and port you send are in the application layer protocol packet, so FTP records the IP and address of the Intranet, then FTP sends the data connection to shake hands, it will find that the connection is not connected, in order to solve this problem, ALG gateway emerged to deal with the application layer protocol problem. For example, the IP and port you send to FTP are parsed and translated into NAT IP and port, corresponding to the port you connect to NAT when the data is connected. The specific connection diagram is as follows
Two modes of FTP data connection
- In active mode, the client sends the IP address and port, and the server actively establishes the connection
- Passive warcraft, sent by the server port, the client actively initiate the connection, passive mode to prevent firewall interception
ALG agreement
ALG role is specific to the content of the application layer protocol parse transformation, to cooperate with the NAT address translation to use, because all Intranet address will be converted, so in the application layer protocol packets sent in Intranet IP and port need to be converted into NAT IP and port, and then let you connect with transformation of IP and port to play
reference
- Baike.baidu.com/item/nat/32…
- Blog.csdn.net/xiaoshengqd…
- Blog.csdn.net/gui951753/a…
- Baike.baidu.com/item/ALG gateway /…
- TCP/IP Edition 5 -5.6 NAT
- Wireshark network analysis so simple – ftp201206011369543image001747033976650. JPG