Namhlanje siza kufunda i-PAT (i-Port Address Translation), iteknoloji yokuguqulela iidilesi ze-IP usebenzisa amachweba, kunye ne-NAT (I-Network Address Translation), iteknoloji yokuguqulela iidilesi ze-IP zeepakethi zokuhamba. I-PAT yimeko ekhethekileyo ye-NAT. Siza kugubungela imixholo emithathu:
β yabucala, okanye yangaphakathi (i-intranet, yendawo) iidilesi ze-IP kunye noluntu, okanye idilesi ye-IP yangaphandle;
- i-NAT kunye ne-PAT;
β Ulungelelwaniso lweNAT/PAT.
Masiqale ngeedilesi zangaphakathi ze-IP zaBucala. Siyazi ukuba zahlulahlulwe zaba ziindidi ezintathu: A, B noC.
Iidilesi zeKlasi A zangaphakathi zithatha uluhlu lwamashumi ukusuka kwi-10.0.0.0 ukuya kwi-10.255.255.255, kwaye iidilesi zangaphandle zithatha uluhlu olusuka kwi-1.0.0.0 ukuya kwi-9 kwaye ukusuka kwi-255.255.255 ukuya kwi-11.0.0.0.
Iidilesi zeklasi zangaphakathi zithatha uluhlu olusuka kwi-172.16.0.0 ukuya kwi-172.31.255.255, kunye needilesi zangaphandle ukusuka kwi-128.0.0.0 ukuya kwi-172.15.255.255 kwaye ukusuka kwi-172.32.0.0 ukuya kwi-191.255.255.255.
Iidilesi zeklasi zangaphakathi zithatha uluhlu ukusuka kwi-192.168.0.0 ukuya kwi-192.168.255.255, kunye needilesi zangaphandle zivela kwi-192.0.0 ukuya kwi-192.167.255.255 kwaye ukusuka kwi-192.169.0.0 ukuya kwi-223.255.255.255.
Iidilesi zeKlasi A yilezi /8, iKlasi B yi/12 kunye noKlasi C ngu/16. Ke, iidilesi ze-IP zangaphandle kunye nezangaphakathi zeeklasi ezahlukeneyo zihlala kwiindidi ezahlukeneyo.
Siye saxoxa izihlandlo ezininzi ukuba yintoni umahluko phakathi kweedilesi ze-IP zabucala kunye nezoluntu. Ngokubanzi, ukuba sinomzila kunye neqela leedilesi ze-IP zangaphakathi, xa bezama ukufikelela kwi-Intanethi, i-router iyayiguqulela kwiidilesi ze-IP zangaphandle. Iidilesi zangaphakathi zisetyenziswa kuphela kuthungelwano lwasekhaya, hayi kwi-Intanethi.
Ukuba ndibona iparameters zenethiwekhi yekhompyuter yam ndisebenzisa umgca womyalelo, ndiza kubona idilesi yam yangaphakathi ye-LAN IP 192.168.1.103.
Ukuze ufumane idilesi yakho ye-IP yoluntu, ungasebenzisa inkonzo ye-Intanethi efana "Yintoni i-IP yam?" Njengoko ubona, idilesi yangaphandle yekhompyutha 78.100.196.163 ihluke kwidilesi yayo yangaphakathi.
Kuzo zonke iimeko, ikhompyuter yam ibonakala kwi-Intanethi ngokuchanekileyo ngedilesi ye-IP yangaphandle. Ngoko, idilesi yangaphakathi yekhompyutheni yam 192.168.1.103, kwaye yangaphandle yi-78.100.196.163. Idilesi yangaphakathi isetyenziselwa kuphela unxibelelwano lwendawo, awukwazi ukufikelela kwi-Intanethi ngayo, kuba oku udinga idilesi ye-IP yoluntu. Ungakhumbula ukuba kutheni ulwahlulo kwiidilesi zabucala kunye nekawonke-wonke lwenziwa ngokuphonononga isifundo sevidiyo ngoSuku lwesi-3.
Makhe sijonge ukuba yintoni i-NAT. Kukho iintlobo ezintathu ze-NAT: i-static, i-dynamic kunye "ne-overloaded" ye-NAT, okanye i-PAT.
I-Cisco inamagama ama-4 achaza i-NAT. Njengoko benditshilo, i-NAT yindlela yokuguqula iidilesi zangaphakathi zibe zezangaphandle. Ukuba isixhobo esiqhagamshelwe kwi-Intanethi sifumana ipakethi kwesinye isixhobo kwinethiwekhi yendawo, siya kuyilahla ngokulula le pakethi, kuba ifomathi yedilesi yangaphakathi ayihambelani nefomathi yeedilesi ezisetyenziswa kwi-Intanethi yehlabathi. Ke ngoko, isixhobo kufuneka sifumane idilesi ye-IP yoluntu ukufikelela kwi-Intanethi.
Ke, ixesha lokuqala lingaphakathi kwiNdawo yeNdawo, okuthetha idilesi ye-IP yenginginya kuthungelwano lwangaphakathi lwangaphakathi. Ngamagama alula, le yidilesi yomthombo oyintloko wohlobo 192.168.1.10. Ixesha lesibini, Ngaphakathi kweGlobal, yidilesi ye-IP yenginginya yendawo apho ibonakala khona kwinethiwekhi yangaphandle. Kwimeko yethu, le yidilesi ye-IP ye-port yangaphandle ye-router 200.124.22.10.
Sinokuthi Ngaphakathi kwiNdawo yidilesi ye-IP yabucala, kwaye Ngaphakathi kweGlobal yidilesi ye-IP yoluntu. Khumbula ukuba igama elithi Ngaphakathi libhekisa kwimvelaphi yetrafikhi, kwaye Ngaphandle ibhekisa kwindawo ekusingwa kuyo itrafikhi. Ngaphandle kweNdawo yidilesi ye-IP yomninimzi kumnatha wangaphandle, phantsi kwayo ibonakala kwinethiwekhi yangaphakathi. Ukubeka nje, le yidilesi yomamkeli ebonakalayo kwinethiwekhi yangaphakathi. Umzekelo wedilesi enjalo yidilesi ye-IP 200.124.22.100 yesixhobo esibekwe kwi-Intanethi.
Ngaphandle kweGlobal yidilesi ye-IP yomamkeli njengoko ibonakala kuthungelwano lwangaphandle. Kwiimeko ezininzi, Ngaphandle kweNdawo kunye needilesi zaNgaphandle zeGlobal zikhangeleka zifana kuba nasemva koguqulo, idilesi ye-IP yendawo ekuyiwa kuyo ibonakala kumthombo njengoko ibinjalo ngaphambi kokuguqulelwa.
Makhe sijonge ukuba yintoni NAT engatshintshiyo. I-Static NAT ithetha inguqulelo enye-to-enye yeedilesi ze-IP zangaphakathi ukuya zangaphandle, okanye inguqulelo enye-to-one. Xa izixhobo zithumela itrafikhi kwi-Intanethi, iidilesi zabo Ngaphakathi kweNdawo ziguqulelwa kwiidilesi zeGlobal Ngaphakathi.
Kukho izixhobo ezi-3 kwinethiwekhi yethu yasekhaya, kwaye xa zingena kwi-intanethi, nganye kuzo ifumana idilesi yayo Ngaphakathi kweGlobal. Ezi dilesi zibekwa ngokwezibalo kwimithombo yendlela. Umgaqo-omnye uthetha ukuba kukho izixhobo ze-100 kwinethiwekhi yendawo, zifumana iidilesi ze-100 zangaphandle.
I-NAT yazalelwa ukugcina i-Intanethi, eyayiphelelwa ziidilesi zikawonke-wonke ze-IP. Ndiyabulela kwi-NAT, iinkampani ezininzi kunye neenethiwekhi ezininzi zinokuba nedilesi ye-IP yangaphandle eqhelekileyo, apho iidilesi zendawo yezixhobo ziya kuguqulwa xa zifikelela kwi-Intanethi. Unokuthi kule meko ye-static ye-NAT akukho kugcinwa kwinani leedilesi, kuba iikhomputha ezilikhulu zasekhaya zabelwe ikhulu leedilesi zangaphandle, kwaye uya kuba ulungile ngokupheleleyo. Nangona kunjalo, i-static NAT iseneenzuzo ezininzi.
Ngokomzekelo, sinomncedisi onedilesi ye-IP yangaphakathi ye-192.168.1.100. Ukuba nasiphi na isixhobo esivela kwi-Intanethi sifuna ukuqhagamshelana nayo, ayinakwenza oko isebenzisa idilesi yendawo yokufikela yangaphakathi, kuba oku kufuneka isebenzise idilesi yeseva yangaphandle 200.124.22.3. Ukuba i-router yakho iqwalaselwe nge-static NAT, yonke i-traffic ebhekiswe kwi-200.124.22.3 ithunyelwa ngokuzenzekelayo kwi-192.168.1.100. Oku kunika ukufikelela kwangaphandle kwizixhobo zenethiwekhi zendawo, kule meko kwi-server yewebhu yenkampani, enokuthi iyimfuneko kwezinye iimeko.
Makhe siqwalasele i-NAT eguqukayo. Ifana kakhulu ne-static, kodwa ayinikezeli iidilesi zangaphandle ezisisigxina kwisixhobo sobulali ngasinye. Ngokomzekelo, sinezixhobo ezi-3 zendawo kunye needilesi zangaphandle ezi-2 kuphela. Ukuba isixhobo sesibini sifuna ukufikelela kwi-Intanethi, siya kunikwa idilesi yokuqala ye-IP yasimahla. Ukuba umncedisi wewebhu ufuna ukufikelela kwi-Intanethi emva kwayo, i-router iya kumnika idilesi yesibini ekhoyo yangaphandle. Ukuba emva kwesi sixhobo sokuqala sifuna ukuxhuma kwinethiwekhi yangaphandle, akuyi kuba nedilesi ye-IP ekhoyo kuyo, kwaye i-router iya kulahla ipakethi yayo.
Sisenokuba namakhulu ezixhobo ezineedilesi ze-IP zangaphakathi, kwaye isixhobo ngasinye kwezi sinokufikelela kwi-Intanethi. Kodwa ekubeni singenaso isabelo esimileyo seedilesi zangaphandle, akukho zixhobo ezingaphezu kwe-2 kwikhulu ziya kukwazi ukufikelela kwi-Intanethi ngexesha elinye, kuba sineedilesi ezimbini zangaphandle ezabelwe ngamandla.
Izixhobo zeCisco zinexesha elimiselweyo lokuguqulela idilesi, engagqibekanga ukuya kwiiyure ezingama-24. Ingatshintshwa ibe yi-1,2,3, 10 imizuzu ukuya kulo naliphi na ixesha olithandayo. Emva kwesi sihlandlo, iidilesi zangaphandle zikhululwa kwaye zibuyiselwa ngokuzenzekelayo kwi-pool pool. Ukuba kulo mzuzu isixhobo sokuqala sifuna ukufikelela kwi-Intanethi kwaye nayiphi na idilesi yangaphandle ikhona, ngoko iya kuyifumana. I-router iqulethe itafile ye-NAT ehlaziywa ngamandla, kwaye de kube ixesha lokuguqulela liphelile, idilesi eyabelwe igcinwa sisixhobo. Ngamafutshane, i-NAT eguqukayo isebenza kumgaqo "wokuqala uze kuqala, unikezelwe kuqala."
Makhe sijonge ukuba yintoni i-NAT egcwele kakhulu, okanye i-PAT, yintoni. Olu lolona hlobo luqhelekileyo lwe-NAT. Kunokubakho izixhobo ezininzi kwinethiwekhi yakho yasekhaya - iPC, i-smartphone, ilaptop, ithebhulethi, kwaye zonke ziqhagamshela kwi-router enedilesi enye ye-IP yangaphandle. Ke, i-PAT ivumela izixhobo ezininzi ezineedilesi ze-IP zangaphakathi ukuba zifikelele ngaxeshanye kwi-Intanethi phantsi kwedilesi enye ye-IP yangaphandle. Oku kunokwenzeka ngenxa yokuba idilesi nganye yangasese, yangaphakathi ye-IP isebenzisa inombolo ethile ye-port ngexesha leseshoni yonxibelelwano.
Masicinge ukuba sinedilesi yoluntu enye 200.124.22.1 kunye nezixhobo ezininzi zasekhaya. Ngoko, xa ufikelela kwi-Intanethi, zonke ezi ndwendwe ziya kufumana idilesi efanayo 200.124.22.1. Ekuphela kwento eya kubahlula omnye komnye yinombolo yezibuko.
Ukuba ukhumbula ingxoxo yoluhlu lwezothutho, uyazi ukuba umaleko wezothutho uqulethe amanani e-port, kunye nenombolo ye-port yomthombo ibe yinombolo engahleliweyo.
Makhe sicinge ukuba kukho inginginya kwinethiwekhi yangaphandle enedilesi ye-IP 200.124.22.10, eqhagamshelwe kwi-Intanethi. Ukuba ikhompyutha 192.168.1.11 ifuna ukunxibelelana nekhompyutha 200.124.22.10, iya kudala i-random source port 51772. Kule meko, i-port ye-port ye-external network computer iya kuba yi-80.
Xa i-router ifumana ipakethe yekhompyuter yendawo eqondiswe kwinethiwekhi yangaphandle, iya kuguqulela idilesi yayo yangaphakathi yendawo kwidilesi ye-Inside Global 200.124.22.1 kwaye inike inombolo ye-port 23556. Ipakethi iya kufikelela kwikhompyutheni ye-200.124.22.10, kwaye kuya kufuneka thumela umva impendulo ngokwenkqubo yokuxhawula izandla, kule meko, indawo oya kuyo iya kuba yidilesi 200.124.22.1 kunye ne-port 23556.
I-router inetafile yokuguqulela ye-NAT, ngoko ke xa ifumana ipakethe kwikhompyutheni yangaphandle, iya kugqiba idilesi yangaphakathi yeNdawo ehambelana nedilesi ye-Inside Global njenge-192.168.1.11: 51772 kwaye idlulisele ipakethe kuyo. Emva koku, uxhulumaniso phakathi kweekhomputha ezimbini lunokuqwalaselwa njengesekiweyo.
Ngexesha elifanayo, unokuba nekhulu lezixhobo usebenzisa idilesi efanayo 200.124.22.1 ukunxibelelana, kodwa amanani ahlukeneyo e-port, ngoko bonke banokufikelela kwi-Intanethi ngexesha elinye. Kungenxa yoko le nto i-PAT iyindlela ethandwayo yosasazo.
Makhe sijonge ukuseta i-NAT engatshintshiyo. Kuyo nayiphi na inethiwekhi, okokuqala, kuyimfuneko ukumisela igalelo kunye nojongano oluphumayo. Umzobo ubonisa i-router apho i-traffic idluliselwa kwi-port G0 / 0 ukuya kwi-port G0 / 1, oko kukuthi, ukusuka kwinethiwekhi yangaphakathi ukuya kwinethiwekhi yangaphandle. Ngoko sinonxibelelwano lwe-input interface ye-192.168.1.1 kunye ne-interface yokuphuma kwe-200.124.22.1.
Ukuqwalasela i-NAT, siya kwi-interface ye-G0/0 kwaye sisete i-parameters ip addres 192.168.1.1 255.255.255.0 kwaye ibonise ukuba olu jongano luyigalelo usebenzisa i-ip nat ngaphakathi komyalelo.
Ngendlela efanayo, silungiselela i-NAT kwi-interface ye-G0 / 1 yokuphuma, ichaza idilesi ye-ip 200.124.22.1, i-subnet mask 255.255.255.0 kunye ne-ip nat ngaphandle. Khumbula ukuba uguqulelo oluguquguqukayo lwe-NAT luhlala lusenziwa ukusuka kwigalelo ukuya kujongano oluphumayo, ukusuka ngaphakathi ukuya ngaphandle. Ngokwendalo, kwi-NAT eguquguqukayo, impendulo iza kujongano lwegalelo ngokusebenzisa ujongano oluphumayo, kodwa xa itrafikhi iqalisiwe, yindlela ephumayo eya kuthi ibangelwe. Kwimeko ye-NAT engatshintshiyo, ukuqaliswa kwe-traffic kunokwenzeka nakweliphi na icala - ngaphakathi okanye ngaphandle.
Okulandelayo, kufuneka senze itafile ye-NAT engatshintshiyo, apho idilesi nganye yendawo ihambelana nedilesi eyahlukileyo yehlabathi. Kwimeko yethu, kukho izixhobo ezi-3, ngoko itheyibhile iya kuba neerekhodi ze-3, ezibonisa idilesi ye-IP yangaphakathi yeNdawo yomthombo, eguqulelwa kwidilesi ye-Inside Global: ip nat ngaphakathi kwe-static 192.168.1.10 200.124.22.1.
Ke, kwi-NAT engatshintshiyo, ubhala ngesandla uguqulelo kwidilesi yenginginya nganye yendawo. Ngoku ndiya kuPacket Tracer kwaye ndenze izicwangciso ezichazwe ngasentla.
Phezulu sinomncedisi we-192.168.1.100, ngezantsi kukho ikhompyutha 192.168.1.10 kwaye ezantsi kakhulu kukho ikhompyutha 192.168.1.11. I-Port G0/0 ye-Router0 inedilesi ye-IP ye-192.168.1.1, kunye ne-port G0/1 inedilesi ye-IP ye-200.124.22.1. Kwi "lifu" elimele i-Intanethi, ndibeke i-Router1, apho ndanikezela idilesi ye-IP 200.124.22.10.
Ndingena kuseto lwe-Router1 kwaye ndichwetheze i-ip icmp yomyalelo. Ngoku, nje ukuba i-ping ifikelele kweso sixhobo, umyalezo wokulungisa iimpazamo uza kuvela kwifestile yesethingi ebonisa ukuba yintoni ipakethi.
Masiqalise ukuseta i-router0 router. Ndingena kwimowudi yokusetwa kwehlabathi kwaye ndifowunele ujongano lwe-G0/0. Okulandelayo, ndifaka ip nat ngaphakathi komyalelo, emva koko ndiye kujongano lwe-g0/1 kwaye ndingenise ip nat ngaphandle komyalelo. Ngaloo ndlela, ndabela igalelo kunye nojongano oluphumayo lwe-router. Ngoku ndifuna ukuqwalasela ngesandla iidilesi ze-IP, oko kukuthi, ukudlulisa imigca esuka kwitafile engentla iye kwizicwangciso:
Ip nat ngaphakathi kumthombo static 192.168.1.10 200.124.22.1
Ip nat ngaphakathi kumthombo static 192.168.1.11 200.124.22.2
Ip nat ngaphakathi kumthombo static 192.168.1.100 200.124.22.3
Ngoku ndiza kubethelela i-Router1 kwisixhobo sethu ngasinye kwaye ndibone ukuba yeyiphi idilesi ye-IP efumana imiboniso. Ukwenza oku, ndibeka ifestile ye-CLI evulekileyo ye-router ye-R1 kwicala lasekunene lesikrini ukuze ndibone imiyalezo yokucoca. Ngoku ndiya kwi-terminal yomgca we-PC0 kunye ne-ping idilesi 200.124.22.10. Emva koku, umyalezo uvela kwifestile ukuba i-ping ifunyenwe kwidilesi ye-IP 200.124.22.1. Oku kuthetha ukuba idilesi ye-IP yekhompyutha yendawo 192.168.1.10 iguqulelwe kwidilesi yehlabathi 200.124.22.1.
Ndenza okufanayo kunye nekhompyutheni yendawo elandelayo kwaye ndibone ukuba idilesi yayo iguqulelwe kwi-200.124.22.2. Emva koko ndifakela umncedisi kwaye ndibone idilesi 200.124.22.3.
Ngaloo ndlela, xa i-traffic esuka kwisixhobo senethiwekhi yendawo ifikelela kwi-router apho i-NAT ye-static iqulunqwe khona, i-router, ngokuhambelana netafile, iguqulela idilesi ye-IP yendawo kwilizwe jikelele kwaye ithumela i-traffic kwinethiwekhi yangaphandle. Ukujonga itheyibhile ye-NAT, ndifaka umyalelo wokuguqulela ip nat.
Ngoku sinokujonga zonke iinguqu ezenziwa yi-router. Ikholamu yokuqala Ngaphakathi kweGlobal iqulethe idilesi yesixhobo phambi kosasazo, oko kukuthi, idilesi apho isixhobo sibonakala phantsi kuthungelwano lwangaphandle, ilandelwa yidilesi yeNdawo yangaPhakathi, oko kukuthi, idilesi yesixhobo kuthungelwano lobulali. Ikholamu yesithathu ibonisa idilesi yangaphandle yeNdawo kunye nekholamu yesine ibonisa idilesi ye-Global yangaphandle, zombini ziyafana kuba asiguquleli idilesi ye-IP yendawo. Njengoko ubona, emva kwemizuzwana embalwa itafile isusiwe ngenxa yokuba iPacket Tracer yayinexesha elifutshane lokuvala i-ping.
Ndiyakwazi ukubethelela umncedisi kwi-1 ukusuka kwi-router R200.124.22.3, kwaye ukuba ndibuyela kwisethingi ye-router, ndiyabona ukuba itafile iphinda izaliswe imigca emine ye-ping kunye nedilesi yendawo yokuguqulela 192.168.1.100.
Njengoko benditshilo, nokuba ixesha lokuguqulela liqalisiwe, xa itrafikhi iqalwa kumthombo wangaphandle, indlela ye-NAT iyasebenza ngokuzenzekelayo. Oku kwenzeka kuphela xa usebenzisa i-NAT engatshintshiyo.
Ngoku makhe sijonge indlela esebenza ngayo i-NAT. Kumzekelo wethu, kukho iidilesi zoluntu ezi-2 zezixhobo ezintathu zothungelwano lwasekhaya, kodwa kusenokubakho amashumi okanye amakhulu eenginginya ezinjalo zabucala. Kwangaxeshanye, zizixhobo ezi-2 kuphela ezinokungena kwi-Intanethi ngaxeshanye. Makhe siqwalasele ukuba yintoni, ukongeza, umahluko phakathi kwe-NAT engatshintshiyo kunye neguqukayo.
Njengakwimeko yangaphambili, kufuneka uqale uqonde igalelo kunye nojongano oluphumayo lwe-router. Okulandelayo, senza uhlobo lofikelelo uluhlu, kodwa oku akufani ACL ukuba sathetha kwisifundo sangaphambili. Olu luhlu lokufikelela lusetyenziselwa ukuchonga i-traffic esifuna ukuyiguqula. Apha igama elitsha elithi "itrafikhi enomdla" okanye "itrafikhi enomdla" ibonakala. Le yitrafikhi onomdla kuyo ngenxa yesizathu esithile, kwaye xa loo traffic ihambelana neemeko zoluhlu lokufikelela, ifika phantsi kwe-NAT kwaye iguqulelwe. Eli gama lisebenza kwi-traffic kwiimeko ezininzi, umzekelo, kwimeko ye-VPN, "umdla" yi-traffic eya kudlula kwi-tunnel ye-VPN.
Kufuneka senze i-ACL echonga i-traffic enomdla, kwimeko yethu le yi-traffic yenethiwekhi yonke ye-192.168.1.0, kunye ne-mask yokubuya ye-0.0.0.255 ichazwe.
Emva koko kufuneka senze i-NAT pool, apho sisebenzisa khona umyalelo we-ip nat pool <igama le-pool> kwaye ucacise i-pool yeedilesi ze-IP 200.124.22.1 200.124.22.2. Oku kuthetha ukuba sinikezela ngeedilesi ezimbini ze-IP zangaphandle kuphela. Emva koko, umyalelo usebenzisa igama elingundoqo le-netmask kwaye ufaka i-subnet mask 255.255.255.252. I-octet yokugqibela yemaski (255 - inani leedilesi ze-pool - 1), ngoko ke ukuba uneedilesi ezingama-254 echibini, ke i-subnet mask iya kuba yi-255.255.255.0. Olu luseto olubaluleke kakhulu, ke qiniseka ukuba ungenisa ixabiso elichanekileyo le-netmask xa ucwangcisa i-NAT eguqukayo.
Okulandelayo sisebenzisa umyalelo oqalisa inkqubo ye-NAT: ip nat ngaphakathi kuluhlu lomthombo 1 ichibi le-NWKING, apho i-NWKING iligama lechibi, kwaye uluhlu 1 luthetha inombolo ye-ACL 1. Khumbula - ukuze lo myalelo usebenze, kufuneka uqale udale i-pool yedilesi eguquguqukayo kunye noluhlu lokufikelela.
Ngoko ke, phantsi kweemeko zethu, isixhobo sokuqala esifuna ukufikelela kwi-Intanethi siya kukwazi ukwenza oku, isixhobo sesibini siya kukwazi ukwenza njalo, kodwa okwesithathu kuya kufuneka silinde kude kube enye yeedilesi ze-pool ikhululekile. Ukumisela i-NAT eguquguqukayo iquka amanyathelo e-4: ukugqiba igalelo kunye nojongano oluphumayo, ukuchonga i-traffic "enomdla", ukudala i-NAT pool kunye noqwalaselo lwangempela.
Ngoku siya kudlulela kwi-Packet Tracer kwaye sizame ukuqwalasela i-NAT eguquguqukayo. Okokuqala kufuneka sisuse useto olungatshintshiyo lwe-NAT, apho sifaka khona imiyalelo ngokulandelelana:
akukho Ip nat ngaphakathi kumthombo static 192.168.1.10 200.124.22.1
akukho Ip nat ngaphakathi kumthombo static 192.168.1.11 200.124.22.2
akukho Ip nat ngaphakathi umthombo static 192.168.1.100 200.124.22.3.
Okulandelayo, ndenza uluhlu lofikelelo Uluhlu 1 kuthungelwano lulonke ngomyalelo wofikelelo-uluhlu 1 imvume 192.168.1.0 0.0.0.255 kwaye dala i-NAT pool usebenzisa umyalelo ip nat pool NWKING 200.124.22.1 200.124.22.2 netmask 255.255.255.252. Kulo myalelo, ndichaze igama le-pool, iidilesi ezibandakanyiweyo kuyo, kunye ne-netmask.
Emva koko ndichaza ukuba yiyiphi i-NAT - yangaphakathi okanye yangaphandle, kunye nomthombo apho i-NAT kufuneka ikhuphe ulwazi, kwimeko yethu luluhlu, usebenzisa i-ip nat ngaphakathi kuluhlu lomthombo 1. Emva koku, inkqubo iya kukukhuthaza ukuba idinga ichibi elipheleleyo okanye ujongano oluthile . Ndikhetha i-pool kuba sinedilesi yangaphandle engaphezu kwe-1. Ukuba ukhetha ujongano, kuya kufuneka uchaze izibuko ngedilesi ethile ye-IP. Kwimo yokugqibela, umyalelo uya kujongeka ngolu hlobo: ip nat ngaphakathi kuluhlu lomthombo 1 ichibi NWKING. Okwangoku eli chibi liqukethe iidilesi ezimbini 200.124.22.1 200.124.22.2, kodwa unokuzitshintsha ngokukhululekileyo okanye ungeze iidilesi ezintsha ezingadibanisi nojongano oluthile.
Kufuneka uqinisekise ukuba itafile yakho yomzila ihlaziywa ukuze nayiphi na idilesi ye-IP echibini kufuneka ihanjiswe kwesi sixhobo, ngaphandle koko awuyi kufumana i-traffic yokubuyisela. Ukuqinisekisa ukuba useto luyasebenza, siya kuphinda inkqubo ye-pinging ye-router yelifu, esiyenzele i-NAT engatshintshiyo. Ndiza kuvula ifestile ye-Router 1 ukuze ndibone imiyalezo yemowudi yolungiso kwaye ndiyibethe kwisixhobo ngasinye kwezi-3.
Siyabona ukuba zonke iidilesi zomthombo apho iipakethi zeping zifika zihambelana noseto. Kwangaxeshanye, i-ping esuka kwiPC0 yekhompyuter ayisebenzi kuba ayinayo idilesi yangaphandle yasimahla. Ukuba ungena kwizicwangciso ze-Router 1, unokubona ukuba iidilesi ze-pool 200.124.22.1 kunye ne-200.124.22.2 zisetyenziswa ngoku. Ngoku ndiza kulucima usasazo, kwaye uya kubona indlela imigca enyamalala ngayo nganye nganye. I-ping PC0 kwakhona kwaye njengoko ubona, yonke into isebenza ngoku kuba ikwazile ukufumana idilesi yangaphandle yamahhala 200.124.22.1.
Ndingayicima njani itafile yeNAT kwaye ndihlehlise idilesi endiyinikiweyo? Yiya kuseto lwe-Router0 umzila kwaye uchwetheze umyalelo ocacileyo we-ip nat translation * nge asterisk ekupheleni komgca. Ukuba ngoku sijonga ubume bokuguqulela sisebenzisa umyalelo wokuguqulela ip nat, inkqubo iya kusinika umgca ongenanto.
Ukujonga izibalo zeNAT, sebenzisa bonisa ip nat izibalo umyalelo.
Lo ngumyalelo oluncedo kakhulu okuvumela ukuba ufumane inani elipheleleyo leenguqulelo eziguqukayo, ezimileyo neziqhubela phambili zeNAT/PAT. Uyabona ukuba ngu-0 kuba sicime idatha yosasazo ngomyalelo wangaphambili. Oku kubonisa ujongano lwegalelo kunye nemveliso, inani lokubethelwa okuphumelelayo kunye nokungaphumeleli kunye nokuphosa ukuguqulwa (inani lokungaphumeleli ngenxa yokungabikho kwedilesi yangaphandle yamahhala yomnini wangaphakathi), igama loluhlu lokufikelela kunye ne-pool.
Ngoku siza kudlulela kolona hlobo ludumileyo lwenguqulelo yedilesi ye-IP-i-NAT ephucukileyo, okanye i-PAT. Ukuqwalasela i-PAT, kufuneka ulandele amanyathelo afanayo nokuqwalasela i-NAT eguquguqukayo: misela i-router's input kunye ne-interfaces yemveliso, chonga i-traffic "enomdla", yenza i-NAT pool, kwaye uqwalasele i-PAT. Singenza ichibi elifanayo leedilesi ezininzi njengakwimeko yangaphambili, kodwa oku akuyomfuneko kuba iPAT isebenzisa idilesi yangaphandle efanayo ngalo lonke ixesha. Umahluko kuphela phakathi kokuqwalasela i-NAT eguqukayo kunye ne-PAT ligama elingundoqo eligqithisayo eliphelisa umyalelo wokugqibela woqwalaselo. Emva kokufaka eli gama, i-NAT eguqukayo ijikela kwi-PAT ngokuzenzekelayo.
Kwakhona, usebenzisa idilesi enye kuphela kwi-NWKING pool, umzekelo 200.124.22.1, kodwa yicacise kabini njengesiqalo kunye nesiphelo sedilesi yangaphandle kunye ne-netmask ye-255.255.255.0. Ungayenza lula ngokusebenzisa iparameter yojongano lwemvelaphi kunye nedilesi esisigxina 1 yojongano lwe G200.124.22.1/200.124.22.1 endaweni ye ip nat 255.255.255.0 ichibi NWKING 200.124.22.1 0 netmask 1 umgca. Kule meko, zonke iidilesi zendawo xa ufikelela kwi-Intanethi ziya kuguqulwa kule dilesi ye-IP.
Ungasebenzisa nayiphi na enye idilesi ye-IP echibini, engahambelaniyo nojongano oluthile lomzimba. Nangona kunjalo, kule meko, kufuneka uqinisekise ukuba zonke iirutha kwinethiwekhi zinokuthumela ukubuyisela itrafikhi kwisixhobo osikhethileyo. Ukungalungi kwe-NAT kukuba ayinakusetyenziselwa idilesi yokuphela ukuya ekupheleni, kuba ngexesha lokubuyisela ipakethi ibuyela kwisixhobo sendawo, idilesi yayo ye-NAT ye-IP eguquguqukayo ingaba nexesha lokutshintsha. Oko kukuthi, kufuneka uqiniseke ukuba idilesi ye-IP ekhethiweyo iya kuhlala ikhona kulo lonke ixesha leseshoni yonxibelelwano.
Makhe sijonge oku ngePacket Tracer. Kuqala kufuneka ndisuse i-NAT eguqukayo ngomyalelo othi akukho Ip nat ngaphakathi kuluhlu lomthombo 1 NWKING kwaye ndisuse ichibi le-NAT ngomyalelo othi no Ip nat pool NWKING 200.124.22.1 200.124.22.2 netmask 225.255.255.252.
Emva koko kufuneka ndenze ichibi le-PAT ngomyalelo Ip nat pool NWKING 200.124.22.2 200.124.22.2 netmask 225.255.255.255. Ngeli xesha ndisebenzisa idilesi ye-IP engeyoyesixhobo somzimba kuba isixhobo esibonakalayo sinedilesi ye-200.124.22.1 kwaye ndifuna ukusebenzisa i-200.124.22.2. Kwimeko yethu isebenza kuba sinothungelwano lwendawo.
Okulandelayo, ndiqwalasela i-PAT ngomyalelo we-Ip nat ngaphakathi koluhlu lomthombo 1 ichibi eli-0 lokulayisha ngaphezulu kwe-NWKING. Emva kokufaka lo myalelo, ukuguqulelwa kwedilesi ye-PAT kuyasebenza. Ukujonga ukuba ukuseta kuchanekile, ndiya kwizixhobo zethu, iseva kunye neekhompyuter ezimbini, kunye ne-ping PC1 Router200.124.22.10 kwi-200.124.22.2 ukusuka kwikhompyuter. Kwifestile yezicwangciso ze-router, unokubona imigca ye-debug ebonisa ukuba umthombo we-ping, njengoko besilindele, yidilesi ye-IP 1. I-ping ethunyelwe yiPC0 yekhompyuter kunye neseva yesevaXNUMX ivela kwidilesi enye.
Makhe sibone ukuba kwenzeka ntoni kwitheyibhile yokuguqulela ye-Router0. Uyakwazi ukubona ukuba zonke iinguqulelo ziphumelele, isixhobo ngasinye sabelwe izibuko laso, kwaye zonke iidilesi zendawo zinxulunyaniswa ne-Router1 ngedilesi ye-IP yepool 200.124.22.2.
Ndisebenzisa umyalelo wezibalo ze-ip nat ukujonga iinkcukacha-manani ze-PAT.
Siyabona ukuba inani elipheleleyo lokuguqulwa, okanye ukuguqulelwa kwedilesi, yi-12, sibona iimpawu ze-pool kunye nolunye ulwazi.
Ngoku ndiza kwenza enye into-ndizakufaka umyalelo we-Ip nat ngaphakathi kuluhlu lomthombo 1 ujongano lwegigabit Ethernet g0/1 overload. Ukuba emva koko u-ping i-router esuka kwi-PC0, uya kubona ukuba ipakethi ivela kwidilesi 200.124.22.1, oko kukuthi, kwi-interface ebonakalayo! Le yindlela elula: ukuba awufuni ukwenza i-pool, edla ngokuphindaphindiweyo xa usebenzisa ii-routers zasekhaya, ngoko ungasebenzisa idilesi ye-IP ye-interface ye-router ye-interface ebonakalayo njengedilesi ye-NAT yangaphandle. Le yindlela idilesi yakho yomamkeli wabucala yenethiwekhi yoluntu ehlala iguqulelwa.
Namhlanje sifunde isihloko esibaluleke kakhulu, ngoko ke kufuneka uqhelisele. Sebenzisa iPacket Tracer ukuvavanya ulwazi lwakho lwethiyori ngokuchasene ne-NAT ebonakalayo kunye neengxaki zoqwalaselo lwe-PAT. Sifike esiphelweni sokufunda izihloko ze-ICND1 - uviwo lokuqala lwekhosi ye-CCNA, ngoko ke mhlawumbi ndiya kuzinikela isifundo esilandelayo sevidiyo ukushwankathela iziphumo.
Enkosi ngokuhlala nathi. Ngaba uyawathanda amanqaku ethu? Ngaba ufuna ukubona umxholo onomdla ngakumbi? Sixhase ngokufaka iodolo okanye ngokucebisa abahlobo, I-30% isaphulelo kubasebenzisi beHabr kwi-analogue ekhethekileyo yeeseva zomgangatho wokungena, eyenzelwe wena: (ifumaneka nge-RAID1 kunye ne-RAID10, ukuya kuthi ga kwi-24 cores kunye ne-40GB DDR4).
I-Dell R730xd 2 amaxesha aphantsi? Kuphela apha eNetherlands! Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - ukusuka $99! Funda malunga
umthombo: www.habr.com