NAT Server
NAT Server
In a NAT networking scenario, servers on a private network are invisible to hosts on a public network. However, in real-world situations, a server on a private network may be required to provide services, such as WWW or FTP services, for hosts on a public network.
The following uses the network shown in Figure 2-4 as an example to describe the implementation of the NAT server function.
- Static NAT conversion is configured on the NAT device. The NAT device generates a static NAT entry and a UNR.
- A public network host sends a request for accessing a private network server, and the NAT server receives the service request.
- The NAT server searches for a NAT entry that matches the request packet's destination IP address+port number, and converts the destination IP address+port number to the private network IP address+port number recorded in the matching entry. Then, the NAT server sends the packet to the target private network server.
- After receiving a response packet from the private network, the NAT device searches the flow table based on the quintuple of the packet, converts the packet based on the table query result, and sends the packet to the public network.
The address conversion function can easily enable private network servers to provide services for public network hosts. For example, you can enable a web server 10.110.10.10 or an FTP server 10.110.10.11 to provide services for public network hosts.
The NAT internal server function can be classified as address-level and port-level internal servers based on whether both IP addresses and port numbers are translated.
- Address-level NAT for internal servers: During NAT, the IP address alone is translated, and the port number is not translated. In this mode, one public IP address is used only by one internal server.
- Port-level NAT for internal servers: During NAT, both the IP address and port number in each packet are translated. In this mode, one public IP address can be allocated to multiple internal servers, and different servers can be distinguished by port numbers.