在计算机网络中,网络地址转换(Network Address Translation或简称NAT),也叫做网络掩蔽或者IP掩蔽(IP masquerading),是一种在IP封包通过路由器或防火墙时重写源IP地址或目的IP地址的技术。这种技术被普遍使用在有多台主机但只通过一个公有IP地址访问因特网的私有网络中。根据规范,路由器是不能这样工作的,但它的确是一个方便并得到了广泛应用的技术。当然,NAT也让主机之间的通信变得复杂,导致通信效率的降低。

Network address translation (NAT) is a methodology of modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device for the purpose of remapping one IP address space into another.

流行在网络上的一种看法认为,IPv6的广泛采用将使得NAT不再需要,因为NAT只是一个处理IPv4的地址空间不足的方法。

With NAT, all communications sent to external hosts actually contain the external IP address and port information of the NAT device instead of internal host IPs or port numbers.

When a computer on the private (internal) network sends an IPv4 packet to the external network, the NAT device replaces the internal IP address in the source field of the packet header (sender's address) with the external IP address of the NAT device. PAT(Port address translation) may then assign the connection a port number from a pool of available ports, inserting this port number in the source port field (much like the post office box number), and forwards the packet to the external network. The NAT device then makes an entry in a translation table containing the internal IP address, original source port, and the translated source port. Subsequent packets from the same connection are translated to the same port number.

A packet coming from the external network is mapped to a corresponding internal IP address and port number from the translation table, replacing the external IP address and port number in the incoming packet header (similar to the translation from post office box number to street address). The packet is then forwarded over the inside network. Otherwise, if the destination port number of the incoming packet is not found in the translation table, the packet is dropped or rejected because the PAT device doesn't know where to send it.

NAT only translates IP addresses and ports of its internal hosts, hiding the true endpoint of an internal host on a private network.NAT operation is typically transparent to both the internal and external hosts.

Typically the internal host is aware of the true IP address and TCP or UDP port of the external host. Typically the NAT device may function as the default gateway for the internal host. However the external host is only aware of the public IP address for the NAT device and the particular port being used to communicate on behalf of a specific internal host.

Network | NAT的更多相关文章

  1. [daily][network] NAT原理(转)

    写在转发之前: 一直以来,我一直有一个疑惑,SNAT的时候,如果两个内网主机恰巧使用了相同的源端口号该怎么办呢? 我自己猜测的方法是改掉一个端口号,把端口一起映射(当然还有另一个设想,就是把包同时广播 ...

  2. VirtualBox双网卡搭建Linux虚拟实验环境

    VirtualBox中有如下几种网络连接方式: NAT(NAT到宿主机IP地址) NAT Network (NAT到宿主机所在的网段,即使用相同的网关和掩码) Bridged Adapter Inte ...

  3. 5540 asa 8.4 防火墙

    配置等级策略,保证outside端口可以访问inside端口 access-list 100 extended permit icmp any any access-list 100 extended ...

  4. VMware网络选项分析

    摘自资料:VMware网卡选项分析.zip 很多朋友都曾问到关于Guest和Host互联,其实这并不是一件困难的事情,只要能够理解VMware的网络模型即可,今天结合着我的虚拟机,来详细介绍一下VMw ...

  5. lvs-nat 模式-piranha

    系统: redhat 6.5 mini 机器名 ip vip gw lvs01(主lvs) 192.168.10.10(外网) 192.168.20.10(内网) 192.168.10.254 lvs ...

  6. Unified Networking Lab 安装使用IOL镜像

    Unified Networking Lab 安装使用IOL镜像 Unified Networking Lab 很久以前,在一个星系远的地方,很远的工程师们为eBay寻找二手路由器来满足家庭实验的需求 ...

  7. docker windows container的一些注意点

    1.在阿里云esc的ws2016里装docker只能使用windows container,因为官方也说了主机也是虚拟机所以不能开启Hyper-v. 2.默认使用nat模式运行network,该模式在 ...

  8. Linux之VMWare下Centos7的三种网络配置过程

    Linux之VMWare下Centos7的三种网络配置过程 环境: 虚拟软件:VMWare 14.0 客户机:windows 10 虚拟机:centos 7 VMware三种网络连接方式 Bridge ...

  9. Linux的VMWare下Centos7的三种网络配置过程(网络二)

    Linux之VMWare下Centos7的三种网络配置过程 环境:虚拟软件:VMWare 14.0客户机:windows 10虚拟机:centos 7 VMware三种网络连接方式 Bridge(桥接 ...

随机推荐

  1. [译]The Python Tutorial#5. Data Structures

    [译]The Python Tutorial#Data Structures 5.1 Data Structures 本章节详细介绍之前介绍过的一些内容,并且也会介绍一些新的内容. 5.1 More ...

  2. 这五本Python急速入门必读的书,送给正在学习Python的你!

    书籍是人类进步的阶梯,这句话从古至今都是适用的.为什么会这么说呢?书籍,它记录了人们实践的经验,这些经验有助于我们快速的学习,对于编程学习来说也不例外,今天就给大家带来了以下的书籍干货,希望能够帮助到 ...

  3. Codeforces Round #505 D. Recovering BST(区间DP)

    首先膜一发网上的题解.大佬们tql. 给你n个单调递增的数字,问是否能够把这些数字重新构成一棵二叉搜索树(BST),且所有的父亲结点和叶子结点之间的gcd > 1? 这个题场上是想暴力试试的.结 ...

  4. 关于前台jsp页面的js取值问题

    在后程序中传一个字符串到前台页面上,后台代码model.addAttribute("ccc", "cccc"); 在页面js上用下面两种方法取值 1. var ...

  5. 【Shell】使用shell打印菜单,一键安装Web应用

    问题描述: [解答] [root@A04-Test- scripts]# more menu.sh #!/bin/bash echo "1.[install lamp]" echo ...

  6. luogu3389 【模板】高斯消元法

    #include <algorithm> #include <iostream> #include <cstdio> #include <cmath> ...

  7. Markdown,后缀MD

    Markdown 算是一门新兴语言,现在 7-8 岁了吧.它设计的初衷就是让写字的人专注于写字,用纯文本简单的符号标记格式,最后再通过工具转换成鬼畜的 HTML/XHTML.如果你玩过 wikiped ...

  8. webdriver高级应用- 在ajax方式产生的浮动框中,单击选择包含某个关键字的选项

    Ajax简介: Ajax:局部刷新,原理上也是一个js,js调用服务器的远程接口刷新局部页面数据. Ajax = 异步 JavaScript 和 XML(标准通用标记语言的子集). Ajax 是一种用 ...

  9. monkey测试工具与常用的linux命令

    Monkey测试工具 说明:monkey是一个安卓自带的命令行工具,可以模拟用户向应用发起一定的伪随机事件.主要用于对app进行稳定性测试与压力测试. 实现:首先需要安装一个ADB工具,安装完之后,需 ...

  10. MySQL 8.* 账号密码管理

    修改密码: ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '你的新密码' 通过以下命令可以查看修改的账号 ...