A yau za mu yi nazarin PAT (Port Address Translation), fasahar fassara adiresoshin IP ta amfani da tashoshin jiragen ruwa, da kuma NAT (Network Address Translation), fasahar fassara adiresoshin IP na fakitin wucewa. PAT lamari ne na musamman na NAT. Za mu tattauna batutuwa guda uku:
- adiresoshin IP masu zaman kansu, ko na ciki (intranet, gida) adiresoshin IP da jama'a, ko adiresoshin IP na waje;
- NAT da PAT;
- Tsarin NAT/PAT.
Bari mu fara da adiresoshin IP masu zaman kansu. Mun san cewa sun kasu kashi uku: A, B da C.
Adireshin aji A na ciki sun mamaye kewayon goma daga 10.0.0.0 zuwa 10.255.255.255, kuma adiresoshin waje sun mamaye kewayon daga 1.0.0.0 zuwa 9 kuma daga 255.255.255 zuwa 11.0.0.0.
Adireshin aji na B na ciki sun mamaye kewayon daga 172.16.0.0 zuwa 172.31.255.255, kuma adiresoshin waje suna daga 128.0.0.0 zuwa 172.15.255.255 kuma daga 172.32.0.0 zuwa 191.255.255.255.
Adireshin C na ciki sun mamaye kewayon daga 192.168.0.0 zuwa 192.168.255.255, kuma adiresoshin waje suna daga 192.0.0 zuwa 192.167.255.255 kuma daga 192.169.0.0 zuwa 223.255.255.255.
Adireshin Class A sune /8, Class B shine /12 kuma Class C shine /16. Don haka, adiresoshin IP na waje da na ciki na aji daban-daban sun mamaye jeri daban-daban.
Mun tattauna sau da yawa menene bambanci tsakanin adiresoshin IP masu zaman kansu da na jama'a. Gabaɗaya, idan muna da na'ura mai ba da hanya tsakanin hanyoyin sadarwa da rukunin adiresoshin IP na ciki, lokacin da suke ƙoƙarin shiga Intanet, mai ba da hanya tsakanin hanyoyin sadarwa yana canza su zuwa adiresoshin IP na waje. Ana amfani da adiresoshin ciki na musamman akan cibiyoyin sadarwa na gida, ba akan Intanet ba.
Idan na duba sigogin cibiyar sadarwar kwamfuta ta ta amfani da layin umarni, zan ga adireshin IP na LAN na ciki 192.168.1.103.
Domin gano adireshin IP na jama'a, zaku iya amfani da sabis na Intanet kamar "Mene ne IP na?" Kamar yadda kake gani, adireshin waje na kwamfutar 78.100.196.163 ya bambanta da adireshin ciki.
A kowane hali, kwamfutata tana bayyane akan Intanet daidai ta adireshin IP na waje. Don haka, adireshin ciki na kwamfutata shine 192.168.1.103, kuma adireshin waje shine 78.100.196.163. Adireshin ciki ana amfani dashi kawai don sadarwar gida, ba za ku iya shiga Intanet da shi ba, don wannan kuna buƙatar adireshin IP na jama'a. Kuna iya tuna dalilin da ya sa aka rarraba zuwa adiresoshin sirri da na jama'a ta hanyar yin bitar koyarwar bidiyo Day 3.
Bari mu kalli menene NAT. Akwai nau'ikan NAT guda uku: a tsaye, mai ƙarfi da “overloaded” NAT, ko PAT.
Cisco yana da sharuɗɗan 4 waɗanda ke bayyana NAT. Kamar yadda na ce, NAT wata hanya ce ta juyar da adiresoshin ciki zuwa na waje. Idan na'urar da ke da alaƙa da Intanet ta karɓi fakiti daga wata na'ura a cibiyar sadarwar gida, kawai za ta watsar da wannan fakitin, tunda tsarin adireshin cikin gida bai dace da tsarin adiresoshin da ake amfani da su a Intanet ɗin duniya ba. Don haka, dole ne na'urar ta sami adireshin IP na jama'a don shiga Intanet.
Don haka, kalmar farko ita ce Inside Local, ma'ana adireshin IP na mai watsa shiri akan hanyar sadarwar gida ta ciki. A cikin sauƙi, wannan shine farkon adireshin tushen nau'in 192.168.1.10. Kalma ta biyu, Inside Global, ita ce adireshin IP na mai gida wanda a ƙarƙashinsa ake iya gani akan hanyar sadarwar waje. A cikin yanayinmu, wannan shine adireshin IP na tashar waje na mai ba da hanya tsakanin hanyoyin sadarwa 200.124.22.10.
Za mu iya cewa Ciki Gida adireshin IP ne mai zaman kansa, kuma Inside Global adireshin IP ne na jama'a. Ka tuna cewa kalmar Ciki tana nufin tushen zirga-zirgar ababen hawa, kuma a waje yana nufin inda zirga-zirgar ke tafiya. A waje na gida shine adireshin IP na mai watsa shiri akan hanyar sadarwar waje, wanda a ƙarƙashinsa ake iya gani zuwa cibiyar sadarwar ciki. A taƙaice, wannan shine adireshin mai karɓa wanda ake iya gani daga cibiyar sadarwa ta ciki. Misalin irin wannan adireshin shine adireshin IP 200.124.22.100 na na'urar da ke Intanet.
A wajen Duniya akwai adireshin IP na mai watsa shiri kamar yadda ake iya gani akan hanyar sadarwar waje. A mafi yawan lokuta, adiresoshin waje na gida da waje suna kama da juna domin ko da bayan fassarar, adireshin IP ɗin da ake nufi yana bayyane ga tushen kamar yadda yake kafin fassarar.
Bari mu kalli menene NAT a tsaye. A tsaye NAT yana nufin fassarar ɗaya zuwa ɗaya na adiresoshin IP na ciki zuwa na waje, ko fassarar ɗaya zuwa ɗaya. Lokacin da na'urori ke aika zirga-zirga zuwa Intanet, ana fassara adiresoshinsu na cikin gida zuwa cikin adiresoshin Ciki na Duniya.
Akwai na'urori guda 3 akan hanyar sadarwar mu, kuma idan sun shiga kan layi, kowannensu yana samun adireshinsa na Inside Global. Waɗannan adiresoshin an sanya su a tsaye ga hanyoyin zirga-zirga. Ka'idar daya-da-daya tana nufin cewa idan akwai na'urori 100 akan hanyar sadarwar gida, suna karɓar adiresoshin waje 100.
An haifi NAT don adana Intanet, wanda ke ƙarewa da adiresoshin IP na jama'a. Godiya ga NAT, kamfanoni da yawa da cibiyoyin sadarwa da yawa na iya samun adireshin IP guda ɗaya na waje ɗaya, wanda za a canza adireshin gida na na'urori yayin shiga Intanet. Kuna iya cewa a cikin wannan yanayin na NAT na tsaye babu ajiya a cikin adadin adireshi, tunda an sanya kwamfutocin gida ɗari ɗari na waje adiresoshin, kuma za ku kasance daidai. Koyaya, a tsaye NAT har yanzu yana da fa'idodi da yawa.
Misali, muna da sabar mai adireshin IP na ciki na 192.168.1.100. Idan kowace na'ura daga Intanet tana son tuntuɓar ta, ba za ta iya yin hakan ta amfani da adireshin inda ake nufi ba, don haka yana buƙatar amfani da adireshin uwar garken waje 200.124.22.3. Idan an saita na'ura mai ba da hanya tsakanin hanyoyin sadarwa tare da tsayayyen NAT, duk zirga-zirgar da aka yiwa magana zuwa 200.124.22.3 ana tura su ta atomatik zuwa 192.168.1.100. Wannan yana ba da damar waje zuwa na'urorin sadarwar gida, a wannan yanayin zuwa sabar gidan yanar gizon kamfanin, wanda zai iya zama dole a wasu lokuta.
Bari mu yi la'akari da NAT mai ƙarfi. Yana kama da na tsaye, amma baya sanya adiresoshin waje na dindindin ga kowace na'ura ta gida. Misali, muna da na'urorin gida guda 3 da adireshi na waje guda 2 kawai. Idan na'ura ta biyu tana son shiga Intanet, za a sanya mata adireshin IP na farko na kyauta. Idan uwar garken gidan yanar gizo yana son shiga Intanet bayansa, na'ura mai ba da hanya tsakanin hanyoyin sadarwa zai sanya masa adireshin waje na biyu samuwa. Idan bayan wannan na'urar ta farko tana son haɗi zuwa cibiyar sadarwar waje, ba za a sami adireshin IP da ake da shi ba, kuma na'ura mai ba da hanya tsakanin hanyoyin sadarwa zai watsar da fakitinsa.
Wataƙila muna da ɗaruruwan na'urori masu adiresoshin IP na ciki, kuma kowane ɗayan waɗannan na'urori na iya shiga Intanet. Amma tunda ba mu da madaidaicin adireshi na waje, na'urori sama da 2 cikin ɗari ba za su iya shiga Intanet a lokaci guda ba, saboda muna da adiresoshin waje guda biyu kawai da aka ba mu.
Na'urorin Cisco suna da ƙayyadadden lokacin fassarar adireshi, wanda ba zai iya wuce awa 24 ba. Ana iya canza shi zuwa minti 1,2,3, 10, zuwa kowane lokaci da kuke so. Bayan wannan lokacin, ana fitar da adiresoshin waje kuma a mayar da su kai tsaye zuwa wurin ajiyar adireshi. Idan a wannan lokacin na'urar ta farko tana son shiga Intanet kuma kowane adireshin waje yana samuwa, to za ta karɓi shi. Na'ura mai ba da hanya tsakanin hanyoyin sadarwa tana ƙunshe da tebur na NAT wanda aka sabunta shi sosai, kuma har sai lokacin fassarar ya ƙare, na'urar tana riƙe adireshin da aka sanya. A taƙaice, NAT mai ƙarfi tana aiki akan ƙa'idar "farko zuwa farko, fara hidima."
Bari mu kalli menene NAT, ko PAT, ya yi yawa. Wannan shine mafi yawan nau'in NAT. Za a iya samun na'urori da yawa akan hanyar sadarwar gida - PC, smartphone, kwamfutar tafi-da-gidanka, kwamfutar hannu, kuma duk suna haɗi zuwa na'ura mai ba da hanya tsakanin hanyoyin sadarwa wanda ke da adireshin IP na waje ɗaya. Don haka, PAT yana ba da damar na'urori masu yawa tare da adiresoshin IP na ciki don shiga Intanet lokaci guda a ƙarƙashin adireshin IP na waje ɗaya. Wannan yana yiwuwa saboda gaskiyar cewa kowane mai zaman kansa, adireshin IP na ciki yana amfani da takamaiman lambar tashar jiragen ruwa yayin zaman sadarwa.
Bari mu ɗauka muna da adireshin jama'a guda ɗaya 200.124.22.1 da na'urorin gida da yawa. Don haka, lokacin shiga Intanet, duk waɗannan runduna za su sami adireshin iri ɗaya 200.124.22.1. Abinda zai bambanta su da juna shine lambar tashar jiragen ruwa.
Idan kun tuna tattaunawar layin jigilar kayayyaki, kun san cewa layin jigilar kayayyaki ya ƙunshi lambobin tashar jiragen ruwa, tare da lambar tashar tashar ta zama lambar bazuwar.
Bari mu ɗauka cewa akwai mai watsa shiri a kan hanyar sadarwa ta waje tare da adireshin IP 200.124.22.10, wanda aka haɗa da Intanet. Idan kwamfutar 192.168.1.11 tana son sadarwa tare da kwamfutar 200.124.22.10, za ta haifar da tashar tashar tashar jiragen ruwa ta 51772.
Lokacin da na'ura mai ba da hanya tsakanin hanyoyin sadarwa ya karɓi fakitin kwamfuta na gida wanda aka tura zuwa cibiyar sadarwar waje, zai fassara Inside Local address zuwa adireshin Inside Global 200.124.22.1 kuma ya sanya lambar tashar tashar jiragen ruwa 23556. Fakitin zai kai kwamfuta 200.124.22.10, kuma dole ne ta mayar da martani bisa ga tsarin musafaha, a wannan yanayin, wurin da za a aika zai zama adireshin 200.124.22.1 da tashar jiragen ruwa 23556.
Na'ura mai ba da hanya tsakanin hanyoyin sadarwa tana da tebur na fassarar NAT, don haka idan ya karɓi fakiti daga kwamfuta ta waje, zai ƙayyade Inside Local address daidai da adireshin Inside Global kamar 192.168.1.11: 51772 kuma ya tura fakitin zuwa gare shi. Bayan haka, ana iya la'akari da haɗin kai tsakanin kwamfutocin biyu.
A lokaci guda, kuna iya samun na'urori ɗari masu amfani da adireshin iri ɗaya 200.124.22.1 don sadarwa, amma lambobi daban-daban na tashar jiragen ruwa, ta yadda duk zasu iya shiga Intanet a lokaci guda. Wannan shine dalilin da ya sa PAT ya zama sanannen hanyar watsa shirye-shirye.
Bari mu dubi kafa NAT a tsaye. Ga kowace hanyar sadarwa, da farko, ya zama dole don ƙayyade hanyoyin shigarwa da fitarwa. Jadawalin yana nuna na'ura mai ba da hanya tsakanin hanyoyin sadarwa ta hanyar da ake watsa zirga-zirga daga tashar jiragen ruwa G0/0 zuwa tashar jiragen ruwa G0/1, wato daga cibiyar sadarwa ta ciki zuwa cibiyar sadarwar waje. Don haka muna da hanyar shigar da bayanai na 192.168.1.1 da 200.124.22.1.
Don saita NAT, za mu je G0/0 interface kuma mu saita sigogi ip adireshi 192.168.1.1 255.255.255.0 kuma muna nuna cewa wannan ƙirar ita ce shigarwa ta amfani da ip nat cikin umarnin.
Hakazalika, muna saita NAT akan kayan sarrafawa G0/1, yana ƙayyade adireshin IP 200.124.22.1, subnet mask 255.255.255.0 da ip nat waje. Ka tuna cewa fassarar NAT mai ƙarfi koyaushe ana yin ta daga shigarwa zuwa ƙirar fitarwa, daga ciki zuwa waje. A dabi'a, don NAT mai ƙarfi, amsa tana zuwa ga hanyar shigar da bayanai ta hanyar abin da ake fitarwa, amma lokacin da aka fara zirga-zirgar zirga-zirgar, ita ce hanyar fita. A cikin yanayin NAT na tsaye, ƙaddamar da zirga-zirga na iya faruwa ta kowace hanya - ciki ko waje.
Na gaba, muna buƙatar ƙirƙirar tebur na NAT, inda kowane adireshin gida ya dace da wani adireshin duniya daban. A cikin yanayinmu, akwai na'urori 3, don haka teburin zai ƙunshi bayanan 3, waɗanda ke nuna Ciki na IP address na tushen, wanda aka canza zuwa adireshin Inside Global: ip nat inside static 192.168.1.10 200.124.22.1.
Don haka, a cikin NAT na tsaye, kuna rubuta fassarar kowane adireshin gida da hannu. Yanzu zan je Packet Tracer kuma in yi saitunan da aka bayyana a sama.
A saman muna da uwar garken 192.168.1.100, a ƙasa akwai kwamfuta 192.168.1.10 kuma a ƙasa akwai kwamfuta 192.168.1.11. Port G0/0 na Router0 yana da adireshin IP na 192.168.1.1, kuma tashar jiragen ruwa G0/1 tana da adireshin IP na 200.124.22.1. A cikin "girgije" da ke wakiltar Intanet, na sanya Router1, wanda na sanya adireshin IP 200.124.22.10.
Na shiga cikin saitunan Router1 kuma in rubuta umarnin debug ip icmp. Yanzu, da zarar ping ɗin ya isa waccan na'urar, saƙon kuskure zai bayyana a cikin taga saitunan yana nuna menene fakitin.
Bari mu fara kafa na'ura mai ba da hanya tsakanin hanyoyin sadarwa na Router0. Na shiga yanayin saiti na duniya kuma in kira G0/0 interface. Na gaba, na shigar da ip nat cikin umarnin, sannan je zuwa wurin dubawar g0/1 kuma shigar da umarnin ip nat a waje. Don haka, na sanya hanyoyin shigarwa da fitarwa na na'ura mai ba da hanya tsakanin hanyoyin sadarwa. Yanzu ina buƙatar saita adiresoshin IP da hannu, wato, canja wurin layin daga teburin da ke sama zuwa saitunan:
Ip nat ciki tushen a tsaye 192.168.1.10 200.124.22.1
Ip nat ciki tushen a tsaye 192.168.1.11 200.124.22.2
Ip nat ciki tushen a tsaye 192.168.1.100 200.124.22.3
Yanzu zan ping Router1 daga kowane na'urorin mu kuma ga abin da adiresoshin IP ɗin da ping ɗin yake karɓa yake nunawa. Don yin wannan, na sanya taga CLI mai buɗewa na R1 na'ura mai ba da hanya tsakanin hanyoyin sadarwa a gefen dama na allon don ganin saƙonnin kuskure. Yanzu na je tashar layin umarni na PC0 kuma in buga adireshin 200.124.22.10. Bayan wannan, saƙo yana bayyana a cikin taga cewa an karɓi ping daga adireshin IP 200.124.22.1. Wannan yana nufin cewa an fassara adireshin IP na kwamfuta na gida 192.168.1.10 zuwa adireshin duniya 200.124.22.1.
Ina yin haka tare da kwamfutar gida ta gaba kuma na ga an fassara adireshinta zuwa 200.124.22.2. Sa'an nan na ping uwar garke kuma duba adireshin 200.124.22.3.
Don haka, lokacin da zirga-zirga daga na'urar cibiyar sadarwar gida ta isa na'ura mai ba da hanya tsakanin hanyoyin sadarwa wacce aka saita NAT a tsaye, na'ura mai ba da hanya tsakanin hanyoyin sadarwa, daidai da tebur, tana canza adireshin IP na gida zuwa na duniya kuma yana aika zirga-zirga zuwa cibiyar sadarwar waje. Don duba teburin NAT, na shigar da umarnin fassarar ip nat show.
Yanzu za mu iya duba duk canje-canje da na'ura mai ba da hanya tsakanin hanyoyin sadarwa ke yi. Rukunin farko na Inside Global yana dauke da adireshin na'urar kafin watsa shirye-shiryen, wato adireshin da na'urar ke iya gani daga cibiyar sadarwar waje, sai kuma adireshin Inside Local, wato adireshin na'urar da ke cikin gida. Shafi na uku yana nuna adireshin waje na waje kuma shafi na huɗu yana nuna Adireshin Duniya na Waje, dukansu iri ɗaya ne saboda ba mu fassara adireshin IP ɗin da ake nufi ba. Kamar yadda kuke gani, bayan ƴan daƙiƙa kaɗan teburin ya share saboda Packet Tracer yana da ɗan gajeren lokacin ping.
Zan iya ping uwar garken a 1 daga na'ura mai ba da hanya tsakanin hanyoyin sadarwa R200.124.22.3, kuma idan na koma zuwa saitunan na'ura mai ba da hanya tsakanin hanyoyin sadarwa, zan iya ganin cewa teburin ya sake cika da layin ping guda huɗu tare da adireshin da aka fassara 192.168.1.100.
Kamar yadda na fada, ko da an kunna lokacin fassarar, lokacin da aka fara zirga-zirga daga wani waje, tsarin NAT yana kunna ta atomatik. Wannan yana faruwa ne kawai lokacin amfani da NAT na tsaye.
Yanzu bari mu kalli yadda NAT mai ƙarfi ke aiki. A cikin misalinmu, akwai adiresoshin jama'a guda 2 don na'urorin cibiyar sadarwar gida guda uku, amma ana iya samun dubun ko ɗaruruwan irin waɗannan masu zaman kansu. A lokaci guda, na'urori 2 ne kawai ke iya shiga Intanet a lokaci guda. Bari mu yi la'akari da menene, ƙari, shine bambanci tsakanin a tsaye da mai ƙarfi NAT.
Kamar yadda yake a cikin yanayin da ya gabata, da farko kuna buƙatar tantance hanyoyin shigarwa da fitarwa na na'ura mai ba da hanya tsakanin hanyoyin sadarwa. Na gaba, mun ƙirƙiri nau'in lissafin shiga, amma wannan ba shine ACL ɗin da muka yi magana game da shi a darasin da ya gabata ba. Ana amfani da wannan lissafin shiga don gano zirga-zirgar da muke so mu canza. Anan sabon kalmar "hanyoyi masu ban sha'awa" ko "hanyoyi masu ban sha'awa" ya bayyana. Wannan zirga-zirgar zirga-zirga ce da kuke sha'awar saboda wasu dalilai, kuma lokacin da zirga-zirgar ta yi daidai da yanayin lissafin shiga, yana zuwa ƙarƙashin NAT kuma ana fassara shi. Wannan kalmar ta shafi zirga-zirga a yawancin lokuta, misali, a cikin yanayin VPN, "mai ban sha'awa" shine zirga-zirgar da za ta ratsa ta hanyar VPN.
Dole ne mu ƙirƙiri ACL wanda ke gano zirga-zirga mai ban sha'awa, a cikin yanayinmu wannan shi ne zirga-zirgar duk hanyar sadarwar 192.168.1.0, tare da abin da aka ƙayyade abin rufe fuska na 0.0.0.255.
Sa'an nan kuma dole ne mu ƙirƙiri wani tafkin NAT, wanda muke amfani da umarnin ip nat pool <pool name> kuma mu ƙayyade tafkin adireshin IP 200.124.22.1 200.124.22.2. Wannan yana nufin cewa muna samar da adiresoshin IP na waje guda biyu kawai. Na gaba, umarnin yana amfani da mahimmin kalmar netmask kuma yana shigar da abin rufe fuska na subnet 255.255.255.252. Ƙarshen octet na abin rufe fuska shine (255 - adadin adiresoshin tafkin - 1), don haka idan kuna da adiresoshin 254 a cikin tafkin, to, abin rufe fuska zai zama 255.255.255.0. Wannan saiti ne mai mahimmanci, don haka tabbatar da shigar da madaidaicin ƙimar netmask lokacin saita NAT mai ƙarfi.
Bayan haka muna amfani da umarnin da ke fara tsarin NAT: ip nat inside source list 1 pool NWKING, inda NWKING shine sunan tafkin, sai lissafin 1 yana nufin ACL lamba 1. Ka tuna - domin wannan umarni ya yi aiki, dole ne ka fara ƙirƙirar wurin waha mai ƙarfi da jerin hanyoyin shiga.
Don haka, a cikin yanayinmu, na'urar farko da ke son shiga Intanet za ta iya yin hakan, na'ura ta biyu kuma za ta iya yin hakan, amma na uku zai jira har sai ɗaya daga cikin adiresoshin tafkin ya zama kyauta. Ƙaddamar da NAT mai ƙarfi ya ƙunshi matakai 4: ƙayyade shigarwar shigarwa da fitarwa, gano zirga-zirgar "sha'awa", ƙirƙirar tafkin NAT da ainihin tsari.
Yanzu za mu matsa zuwa Packet Tracer kuma muyi ƙoƙarin daidaita NAT mai ƙarfi. Da farko dole ne mu cire saitunan NAT na tsaye, waɗanda muke shigar da umarni a jere:
babu Ip nat ciki tushen a tsaye 192.168.1.10 200.124.22.1
babu Ip nat ciki tushen a tsaye 192.168.1.11 200.124.22.2
babu Ip nat ciki tushen tushe 192.168.1.100 200.124.22.3.
Na gaba, Na ƙirƙiri jerin hanyoyin shiga 1 don duk hanyar sadarwa tare da lissafin damar-umarni 1 izini 192.168.1.0 0.0.0.255 da ƙirƙirar tafkin NAT ta amfani da umarnin ip nat pool NWKING 200.124.22.1 200.124.22.2 netmask 255.255.255.252. A cikin wannan umarni, na ƙayyade sunan tafkin, adiresoshin da aka haɗa a ciki, da netmask.
Daga nan sai in tantance wane NAT ne - na ciki ko na waje, da kuma tushen da NAT ya kamata ya zana bayanai daga gare ta, a cikin yanayinmu shine list, ta amfani da umurnin ip nat inside source list 1. Bayan haka, tsarin zai nuna maka ko ka yana buƙatar cikakken tafkin ko takamaiman keɓancewa. Na zabi wurin ruwa saboda muna da adireshi sama da 1 na waje. Idan kun zaɓi dubawa, kuna buƙatar saka tashar jiragen ruwa tare da takamaiman adireshin IP. A cikin tsari na ƙarshe, umarnin zai yi kama da haka: ip nat inside source list 1 pool NWKING. A halin yanzu wannan tafkin ya ƙunshi adiresoshin guda biyu 200.124.22.1 200.124.22.2, amma kuna iya canza su kyauta ko ƙara sabbin adiresoshin da ba su da alaƙa da takamaiman ƙayyadaddun bayanai.
Dole ne ku tabbatar da cewa an sabunta tebur ɗin ku ta yadda kowane ɗayan waɗannan adiresoshin IP a cikin tafkin dole ne a tura shi zuwa wannan na'urar, in ba haka ba ba za ku karɓi zirga-zirgar dawowa ba. Don tabbatar da saitunan suna aiki, za mu sake maimaita hanyar yin ping na'ura mai ba da hanya tsakanin hanyoyin sadarwa, wanda muka yi don a tsaye NAT. Zan buɗe taga na'ura mai ba da hanya tsakanin hanyoyin sadarwa 1 don ganin saƙon yanayin gyara kuskure da ping shi daga kowace na'urori 3.
Mun ga cewa duk adiresoshin tushen wanda fakitin ping suka fito daidai da saitunan. Hakanan, ping daga PC0 na kwamfuta baya aiki saboda bashi da isasshen adireshi na waje kyauta. Idan kun shiga cikin saitunan na'ura mai ba da hanya tsakanin hanyoyin sadarwa 1, zaku iya ganin cewa adireshin tafkin 200.124.22.1 da 200.124.22.2 suna aiki a halin yanzu. Yanzu zan kashe watsa shirye-shiryen, kuma za ku ga yadda layukan ke ɓacewa ɗaya bayan ɗaya. Na sake ping PC0 kuma kamar yadda kuke gani, komai yana aiki yanzu saboda ya sami damar samun adireshin waje na kyauta 200.124.22.1.
Ta yaya zan iya share teburin NAT kuma in soke fassarar adireshin da aka bayar? Je zuwa saitunan na'ura mai ba da hanya tsakanin hanyoyin sadarwa na Router0 kuma rubuta umarnin share fassarar ip nat * tare da alamar alama a ƙarshen layin. Idan yanzu muka kalli matsayin fassarar ta amfani da umarnin fassarar ip nat show, tsarin zai ba mu layin mara komai.
Don duba kididdigar NAT, yi amfani da umarnin kididdiga na show ip nat.
Wannan umarni ne mai fa'ida wanda ke ba ku damar gano jimillar adadin fassarori masu ƙarfi, a tsaye da ci-gaban fassarar NAT/PAT. Kuna iya ganin cewa 0 ne saboda mun share bayanan watsa shirye-shirye tare da umarnin da ya gabata. Wannan yana nuna ma'amalar shigarwa da fitarwa, adadin nasara da rashin nasara hits da rasa juzu'i (yawan gazawar saboda rashin adireshi na waje kyauta ga mai masaukin gida), sunan jerin shiga da tafkin.
Yanzu za mu matsa zuwa mafi mashahuri nau'in fassarar adireshin IP - NAT mai ci gaba, ko PAT. Don saita PAT, kuna buƙatar bin matakai iri ɗaya don daidaita NAT mai ƙarfi: ƙayyade shigarwar na'ura mai ba da hanya tsakanin hanyoyin sadarwa da mu'amalar fitarwa, gano zirga-zirgar "sha'awa", ƙirƙirar tafkin NAT, da saita PAT. Za mu iya ƙirƙirar tafkin guda ɗaya na adiresoshin da yawa kamar yadda a cikin yanayin da ya gabata, amma wannan ba lallai ba ne saboda PAT yana amfani da adireshin waje iri ɗaya koyaushe. Bambancin kawai tsakanin daidaita NAT mai ƙarfi da PAT shine maɓalli mai yawa wanda ke ƙare umarnin daidaitawa na ƙarshe. Bayan shigar da wannan kalmar, NAT mai ƙarfi ta juya ta atomatik zuwa PAT.
Hakanan, kuna amfani da adireshi ɗaya kawai a cikin tafkin NWKING, misali 200.124.22.1, amma saka shi sau biyu azaman farkon da ƙarshen adireshin waje tare da netmask na 255.255.255.0. Kuna iya yin shi cikin sauƙi ta amfani da madaidaicin madaidaicin tushe da adireshi 1 na G200.124.22.1/200.124.22.1 interface maimakon ip nat 255.255.255.0 pool NWKING 200.124.22.1 0 netmask 1 line. A wannan yanayin, duk adiresoshin gida lokacin shiga Intanet za a canza su zuwa wannan adireshin IP.
Hakanan zaka iya amfani da duk wani adireshin IP a cikin tafkin, wanda ba lallai ba ne ya dace da takamaiman keɓancewar jiki. Koyaya, a wannan yanayin, dole ne ku tabbatar da cewa duk masu amfani da hanyar sadarwa na iya tura hanyar dawowa zuwa na'urar da kuka zaɓa. Rashin amfanin NAT shine ba za a iya amfani da shi don yin magana daga ƙarshe zuwa ƙarshe ba, saboda lokacin da fakitin dawowar ya koma na'urar gida, adireshin IP na NAT mai ƙarfi na iya samun lokacin canzawa. Wato, dole ne ku tabbata cewa adireshin IP ɗin da aka zaɓa zai kasance yana nan har tsawon lokacin zaman sadarwar.
Bari mu kalli wannan ta hanyar Packet Tracer. Da farko dole in cire NAT mai ƙarfi tare da umarnin babu Ip nat cikin jerin tushen tushen 1 NWKING kuma cire tafkin NAT tare da umarnin babu Ip nat pool NWKING 200.124.22.1 200.124.22.2 netmask 225.255.255.252.
Sa'an nan kuma dole in haifar da PAT pool tare da umurnin Ip nat pool NWKING 200.124.22.2 200.124.22.2 netmask 225.255.255.255. A wannan lokacin ina amfani da adireshin IP wanda ba na na'urar jiki ba saboda na'urar ta jiki tana da adireshin 200.124.22.1 kuma ina so in yi amfani da 200.124.22.2. A cikin yanayinmu yana aiki saboda muna da hanyar sadarwa ta gida.
Na gaba, na saita PAT tare da umarnin Ip nat a cikin jerin tushen 1 pool NWKING overload. Bayan shigar da wannan umarni, ana kunna fassarar adireshin PAT. Don bincika saitin daidai ne, na je zuwa na'urorin mu, uwar garken da kwamfutoci biyu, da ping PC0 Router1 a 200.124.22.10 daga kwamfutar. A cikin taga saitin na'ura mai ba da hanya tsakanin hanyoyin sadarwa, zaku iya ganin layin gyara kuskure wanda ke nuna cewa tushen ping, kamar yadda muke tsammani, shine adireshin IP 200.124.22.2. ping ɗin da kwamfuta PC1 da uwar garken Server0 suka aika ya fito daga adireshin ɗaya.
Bari mu ga abin da ke faruwa a teburin fassarar Router0. Kuna iya ganin cewa duk fassarorin sun yi nasara, kowace na'ura an ba su tashar jiragen ruwa, kuma duk adiresoshin gida suna da alaƙa da Router1 ta wurin tafkin IP address 200.124.22.2.
Ina amfani da umarnin kididdigar show ip nat don duba kididdigar PAT.
Mun ga cewa jimlar yawan juzu'i, ko fassarar adireshi, shine 12, muna ganin halayen tafkin da sauran bayanai.
Yanzu zan yi wani abu dabam - Zan shigar da umarnin Ip nat cikin jerin tushen 1 interface gigabit Ethernet g0/1 obalodi. Idan kun kunna na'ura mai ba da hanya tsakanin hanyoyin sadarwa daga PC0, za ku ga cewa fakitin ya fito daga adireshin 200.124.22.1, wato, daga mahallin zahiri! Wannan hanya ce mafi sauƙi: idan ba kwa son ƙirƙirar tafkin, wanda galibi yakan faru lokacin amfani da masu amfani da gida, to, zaku iya amfani da adireshin IP na mahaɗin jiki na na'ura mai ba da hanya tsakanin hanyoyin sadarwa azaman adireshin NAT na waje. Wannan shine yadda ake yawan fassara adireshin gidan yanar gizon ku na jama'a.
A yau mun koyi wani batu mai mahimmanci, don haka kuna buƙatar aiwatar da shi. Yi amfani da Fakiti Tracer don gwada ilimin ka'idar ku akan ingantaccen NAT da matsalolin daidaitawar PAT. Mun zo ƙarshen nazarin batutuwan ICND1 - jarrabawar farko na kwas ɗin CCNA, don haka tabbas zan ba da darasi na bidiyo na gaba don taƙaita sakamakon.
Na gode da kasancewa tare da mu. Kuna son labaran mu? Kuna son ganin ƙarin abun ciki mai ban sha'awa? Goyon bayan mu ta hanyar ba da oda ko ba da shawara ga abokai, Rangwamen 30% ga masu amfani da Habr akan keɓaɓɓen analogue na sabar matakin shigarwa, wanda mu muka ƙirƙira muku: (akwai tare da RAID1 da RAID10, har zuwa 24 cores kuma har zuwa 40GB DDR4).
Dell R730xd sau 2 mai rahusa? Nan kawai a cikin Netherlands! Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - daga $99! Karanta game da
source: www.habr.com