Namuhla sizofunda i-PAT (Port Address Translation), ubuchwepheshe bokuhumusha amakheli e-IP kusetshenziswa izimbobo, kanye ne-NAT (Network Address Translation), ubuchwepheshe bokuhumusha amakheli e-IP wamaphakethe ezokuthutha. I-PAT iyindaba ekhethekile ye-NAT. Sizohlanganisa izihloko ezintathu:
- amakheli e-IP ayimfihlo, noma angaphakathi (i-intranethi, endawo) kanye namakheli e-IP omphakathi, noma angaphandle;
- I-NAT ne-PAT;
- Ukucushwa kwe-NAT/PAT.
Ake siqale ngamakheli angaphakathi e-Private IP. Siyazi ukuthi zihlukaniswe izigaba ezintathu: A, B kanye no-C.
Amakheli Angaphakathi Ekilasi A athatha ibanga lamashumi ukusuka ku-10.0.0.0 kuye ku-10.255.255.255, futhi amakheli angaphandle athatha uhla olusuka ku-1.0.0.0 kuye ku-9 futhi lusuka ku-255.255.255 ukuya ku-11.0.0.0.
Amakheli ekilasi B angaphakathi athatha ibanga ukusuka ku-172.16.0.0 kuya ku-172.31.255.255, futhi amakheli angaphandle asuka ku-128.0.0.0 kuya ku-172.15.255.255 futhi asuka ku-172.32.0.0 kuya ku-191.255.255.255.
Amakheli ekilasi langaphakathi C athatha uhla olusuka ku-192.168.0.0 kuya ku-192.168.255.255, futhi amakheli angaphandle asukela ku-192.0.0 kuya ku-192.167.255.255 futhi asuka ku-192.169.0.0 kuya ku-223.255.255.255.
Amakheli Ekilasi A ngu-/8, Ikilasi B ngu-/12 kanti Ikilasi C lingu-/16. Ngakho-ke, amakheli e-IP angaphandle nawangaphakathi amakilasi ahlukene athatha amabanga ahlukene.
Sixoxile izikhathi ezimbalwa ngokuthi uyini umehluko phakathi kwamakheli e-IP ayimfihlo nawesidlangalaleni. Ngokuvamile, uma sinomzila kanye neqembu lamakheli e-IP angaphakathi, lapho bezama ukufinyelela i-Inthanethi, i-router ibaguqulela kumakheli e-IP angaphandle. Amakheli angaphakathi asetshenziswa ngokukhethekile kumanethiwekhi endawo, hhayi ku-inthanethi.
Uma ngibuka amapharamitha enethiwekhi yekhompyutha yami ngisebenzisa ulayini womyalo, ngizobona ikheli lami le-IP langaphakathi le-LAN 192.168.1.103.
Ukuze uthole ikheli lakho le-IP lomphakathi, ungasebenzisa isevisi ye-inthanethi efana nokuthi "Iyini i-IP yami?" Njengoba ubona, ikheli langaphandle lekhompyutha 78.100.196.163 lihlukile ekhelini langaphakathi.
Kuzo zonke izimo, ikhompuyutha yami ibonakala ku-inthanethi ngekheli layo le-IP langaphandle. Ngakho, ikheli langaphakathi lekhompyutha yami lithi 192.168.1.103, kanti elangaphandle lithi 78.100.196.163. Ikheli langaphakathi lisetshenziselwa ukuxhumana kwendawo kuphela, awukwazi ukufinyelela ku-inthanethi ngalo, ngenxa yalokhu udinga ikheli le-IP lomphakathi. Ungakhumbula ukuthi kungani ukuhlukaniswa kwaba amakheli ayimfihlo nawasesidlangalaleni kwenziwa ngokubuyekeza isifundo sevidiyo sosuku lwesi-3.
Ake sibheke ukuthi iyini i-NAT. Kunezinhlobo ezintathu ze-NAT: i-static, i-dynamic kanye "nokulayishwa ngokweqile" i-NAT, noma i-PAT.
I-Cisco inamagama angu-4 achaza i-NAT. Njengoba ngishilo, i-NAT iyindlela yokuguqula amakheli angaphakathi abe awangaphandle. Uma idivayisi exhunywe ku-inthanethi ithola iphakethe kwenye idivayisi kunethiwekhi yendawo, izovele ilahle leli phakethe, njengoba ifomethi yekheli langaphakathi ingafani nefomethi yamakheli asetshenziswa ku-inthanethi yomhlaba wonke. Ngakho-ke, idivayisi kufanele ithole ikheli le-IP lomphakathi ukuze ifinyelele ku-inthanethi.
Ngakho-ke, igama lokuqala lithi Inside Local, okusho ikheli lasesizindeni se-inthanethi lomsingathi kunethiwekhi yendawo yangaphakathi. Ngamagama alula, leli yikheli lomthombo eliyinhloko lohlobo 192.168.1.10. Itemu lesibili, Inside Global, ikheli le-IP lomsingathi wasendaweni elibonakala ngaphansi kwalo kunethiwekhi yangaphandle. Esimweni sethu, leli ikheli le-IP lechweba langaphandle le-router 200.124.22.10.
Singasho ukuthi I-Inside Local ikheli le-IP eliyimfihlo, futhi I-Inside Global ikheli le-IP lomphakathi. Khumbula ukuthi igama elithi Inside lisho umthombo wethrafikhi, kanti i-Outside isho indawo yethrafikhi. Ngaphandle Kwasendaweni ikheli le-IP lomsingathi kunethiwekhi yangaphandle, lapho libonakala khona kunethiwekhi yangaphakathi. Kalula nje, leli yikheli lomamukeli elibonakala kunethiwekhi yangaphakathi. Isibonelo salelo kheli ikheli le-IP 200.124.22.100 ledivayisi etholakala ku-inthanethi.
Ngaphandle kwe-Global ikheli le-IP lomsingathi njengoba libonakala kunethiwekhi yangaphandle. Ezimweni eziningi, amakheli angaphandle kwendawo kanye nangaphandle komhlaba abukeka ngendlela efanayo ngoba ngisho nangemva kokuhumusha, ikheli le-IP lendawo libonakala emthonjeni njengoba lalinjalo ngaphambi kokuhumusha.
Ake sibheke ukuthi iyini i-NAT emile. I-STAtic NAT isho ukuhumusha okukodwa kuya koyedwa kwamakheli e-IP angaphakathi kuya kwawangaphandle, noma ukuhumusha komuntu ngamunye. Uma amadivayisi athumela ithrafikhi ku-inthanethi, amakheli awo Angaphakathi Kwasendaweni ahunyushwa kumakheli Angaphakathi Kwehlabathi.
Kunamadivayisi angu-3 kunethiwekhi yethu yendawo, futhi lapho exhumeke ku-inthanethi, ngayinye ithola ikheli layo langaphakathi kwe-Global. Lawa makheli anikezwe ngokwezibalo emithonjeni yethrafikhi. Umgomo wokukodwa nowodwa usho ukuthi uma kunamadivayisi ayi-100 kunethiwekhi yendawo, bathola amakheli angaphandle ayi-100.
I-NAT yazalelwa ukulondoloza i-inthanethi, eyayiphelelwa amakheli e-IP omphakathi. Ngenxa ye-NAT, izinkampani eziningi namanethiwekhi amaningi angaba nekheli le-IP elivamile langaphandle, lapho amakheli endawo amadivaysi azoguqulwa khona lapho ufinyelela i-inthanethi. Ungasho ukuthi kuleli cala le-NAT emile akukho ukugcinwa enanini lamakheli, ngoba amakhompiyutha asendaweni ayikhulu anikezwe amakheli angaphandle ayikhulu, futhi uzobe ulungile ngokuphelele. Kodwa-ke, i-NAT emile isenezinzuzo eziningi.
Isibonelo, sineseva enekheli le-IP langaphakathi elingu-192.168.1.100. Uma noma iyiphi idivayisi evela ku-inthanethi ifuna ukuxhumana nayo, ayikwazi ukwenza kanjalo isebenzisa ikheli lendawo okuyiwa kuyo yangaphakathi, ngoba lokhu idinga ukusebenzisa ikheli leseva yangaphandle 200.124.22.3. Uma irutha yakho ilungiselelwe nge-NAT emile, yonke ithrafikhi eqondiswe ku-200.124.22.3 idluliselwa ngokuzenzakalelayo ku-192.168.1.100. Lokhu kunikeza ukufinyelela kwangaphandle kumadivayisi enethiwekhi yendawo, kulokhu kuseva yewebhu yenkampani, okungase kudingeke kwezinye izimo.
Ake sicabangele i-NAT enamandla. Ifana kakhulu ne-static, kodwa ayinikezi amakheli angaphandle angunaphakade kudivayisi ngayinye yasendaweni. Isibonelo, sinamadivayisi asendaweni angu-3 namakheli angaphandle angu-2 kuphela. Uma idivayisi yesibili ifuna ukufinyelela ku-inthanethi, izonikezwa ikheli le-IP lamahhala lokuqala. Uma iseva yewebhu ifuna ukungena ku-inthanethi ngemva kwayo, irutha izoyabela ikheli langaphandle lesibili elitholakalayo. Uma ngemva kwalokhu idivayisi yokuqala ifuna ukuxhuma kunethiwekhi yangaphandle, ngeke ibe khona ikheli le-IP elitholakalayo, futhi umzila uzolahla iphakethe layo.
Singase sibe namakhulu amadivayisi anamakheli e-IP angaphakathi, futhi idivayisi ngayinye yalawa ingafinyelela i-inthanethi. Kodwa njengoba singenaso isabelo esimile samakheli angaphandle, amathuluzi angaphezu kwama-2 kwayikhulu azokwazi ukufinyelela i-inthanethi ngesikhathi esifanayo, ngoba sinamakheli angaphandle amabili kuphela anikezwe amandla.
Amadivayisi e-Cisco anesikhathi esimisiwe sokuhumusha ikheli, esishintsha ngokuzenzakalelayo sibe amahora angama-24. Ingashintshwa ibe yimizuzu engu-1,2,3, 10, ibe nganoma yisiphi isikhathi osithandayo. Ngemva kwalesi sikhathi, amakheli angaphandle ayakhululwa futhi abuyiselwe ngokuzenzakalelayo endaweni yamakheli. Uma ngalesi sikhathi idivayisi yokuqala ifuna ukufinyelela ku-inthanethi futhi noma yiliphi ikheli langaphandle liyatholakala, khona-ke lizolithola. Irutha iqukethe ithebula le-NAT elibuyekezwa ngamandla, futhi kuze kuphele isikhathi sokuhumusha, ikheli elinikeziwe ligcinwa idivayisi. Kalula nje, i-NAT eguquguqukayo isebenza ngomgomo othi "oza kuqala, wanikezwa kuqala."
Ake sibheke ukuthi iyini i-NAT egcwele kakhulu, noma i-PAT. Lolu uhlobo oluvame kakhulu lwe-NAT. Kungaba namadivaysi amaningi kunethiwekhi yakho yasekhaya - i-PC, i-smartphone, ikhompuyutha ephathekayo, ithebhulethi, futhi wonke axhumeka kumzila onekheli le-IP langaphandle elilodwa. Ngakho-ke, i-PAT ivumela amadivayisi amaningi anamakheli e-IP angaphakathi ukuthi afinyelele i-inthanethi ngesikhathi esisodwa ngaphansi kwekheli le-IP langaphandle elilodwa. Lokhu kungenzeka ngenxa yokuthi ikheli le-IP eliyimfihlo ngalinye, langaphakathi lisebenzisa inombolo yembobo ethile ngesikhathi seseshini yokuxhumana.
Ake sicabange ukuthi sinekheli elilodwa lomphakathi 200.124.22.1 kanye nemishini eminingi yasendaweni. Ngakho-ke, lapho ufinyelela ku-inthanethi, bonke laba basokhaya bazothola ikheli elifanayo 200.124.22.1. Okuwukuphela kwento ezobahlukanisa komunye nomunye inombolo yechweba.
Uma ukhumbula ingxoxo yesendlalelo sezokuthutha, uyazi ukuthi isendlalelo sezokuthutha siqukethe izinombolo zembobo, nenombolo yembobo yomthombo iyinombolo engahleliwe.
Ake sicabange ukuthi kukhona umsingathi kunethiwekhi yangaphandle enekheli le-IP 200.124.22.10, elixhunywe ku-inthanethi. Uma ikhompuyutha 192.168.1.11 ifuna ukuxhumana nekhompyutha 200.124.22.10, izodala imbobo yomthombo engahleliwe 51772. Kulokhu, imbobo okuyiwa kuyo yekhompuyutha yenethiwekhi yangaphandle izoba ngu-80.
Lapho irutha ithola iphakethe lekhompyutha lendawo eliqondiswe kunethiwekhi yangaphandle, izohumusha ikheli layo Langaphakathi Lendawo iye ekhelini langaphakathi le-Inside Global 200.124.22.1 futhi inikeze inombolo yembobo ethi 23556. Iphakethe lizofinyelela kukhompyutha 200.124.22.10, futhi kuzodingeka thumela emuva impendulo ngokwenqubo yokuxhawula, kulokhu, indawo okuyiwa kuyo kuzoba yikheli elithi 200.124.22.1 kanye ne-port 23556.
Irutha inetafula lokuhumusha le-NAT, ngakho-ke lapho ithola iphakethe kukhompyutha yangaphandle, izonquma ikheli Langaphakathi Lendawo elihambisana nekheli langaphakathi le-Global ngokuthi 192.168.1.11: 51772 bese idlulisela iphakethe kuyo. Ngemuva kwalokhu, ukuxhumana phakathi kwamakhompyutha womabili kungabhekwa njengokusunguliwe.
Ngesikhathi esifanayo, ungase ube namadivayisi ayikhulu asebenzisa ikheli elifanayo 200.124.22.1 ukuxhumana, kodwa izinombolo ze-port ezahlukene, ukuze bonke bakwazi ukufinyelela i-Inthanethi ngesikhathi esifanayo. Yingakho i-PAT iyindlela yokusakaza ethandwa kangaka.
Ake sibheke ukusetha i-NAT emile. Kunoma iyiphi inethiwekhi, okokuqala, kuyadingeka ukunquma i-interfaces okokufaka nokuphumayo. Umdwebo ubonisa umzila lapho ithrafikhi idluliselwa khona ukusuka ku-port G0/0 kuya ku-port G0/1, okungukuthi, ukusuka kunethiwekhi yangaphakathi kuya kunethiwekhi yangaphandle. Ngakho-ke sine-interface yokufaka ye-192.168.1.1 kanye ne-interface yokuphuma kwe-200.124.22.1.
Ukuze ulungiselele i-NAT, siya kusixhumi esibonakalayo se-G0/0 futhi sisethe imingcele ip addres 192.168.1.1 255.255.255.0 futhi sibonise ukuthi lesi sikhombimsebenzisi esokufaka kusetshenziswa umyalo we-ip nat wangaphakathi.
Ngendlela efanayo, silungiselela i-NAT kusixhumi esibonakalayo se-G0/1, sicacisa ikheli le-ip 200.124.22.1, i-subnet mask 255.255.255.0 kanye ne-ip nat ngaphandle. Khumbula ukuthi ukuhumusha okuguquguqukayo kwe-NAT kuhlala kwenziwa kusukela kokokufakayo kuya kusixhumi esibonakalayo okukhiphayo, kusuka ngaphakathi kuya ngaphandle. Ngokwemvelo, ku-NAT eguquguqukayo, impendulo ifika kusixhumi esibonakalayo sokufaka ngokusebenzisa isixhumi esibonakalayo esikhiphayo, kodwa lapho ithrafikhi iqaliswa, isiqondiso sokuphuma siyaqaliswa. Esimeni se-NAT emile, ukuqaliswa kwethrafikhi kungenzeka kunoma iyiphi indlela - ngaphandle noma ngaphandle.
Okulandelayo, sidinga ukwakha ithebula le-NAT elimile, lapho ikheli lendawo ngalinye lihambisana nekheli lomhlaba elihlukile. Esimweni sethu, kukhona amadivayisi angu-3, ββngakho ithebula lizoqukatha amarekhodi angu-3, ββabonisa ikheli le-IP Yangaphakathi Yasendaweni yomthombo, eliguqulelwa kukheli Langaphakathi Lomhlaba Wonke: ip nat ngaphakathi kwe-static 192.168.1.10 200.124.22.1.
Ngakho, ku-NAT emile, ubhala mathupha ukuhumusha kwekheli ngalinye lendawo yokusingatha. Manje ngizoya ku-Packet Tracer futhi ngenze izilungiselelo ezichazwe ngenhla.
Phezulu sineseva engu-192.168.1.100, ngezansi ikhompyutha 192.168.1.10 futhi ngezansi kukhona ikhompyutha 192.168.1.11. I-Port G0/0 ye-Router0 inekheli lasesizindeni se-inthanethi elingu-192.168.1.1, futhi i-port G0/1 inekheli le-IP elingu-200.124.22.1. βEfwiniβ elimele i-inthanethi, ngibeke i-Router1, engabela kuyo ikheli le-IP 200.124.22.10.
Ngingena kuzilungiselelo ze-Router1 bese ngithayipha umyalo we-debug ip icmp. Manje, uma i-ping ifinyelela kuleyo divayisi, kuzovela umlayezo wokulungisa iphutha efasiteleni lezilungiselelo obonisa ukuthi iphakethe liyini.
Ake siqale ukusetha i-router0 router. Ngingena kumodi yezilungiselelo zomhlaba wonke futhi ngishayele isixhumi esibonakalayo se-G0/0. Okulandelayo, ngifaka umyalo wangaphakathi we-ip nat, bese ngiya kusixhumi esibonakalayo se-g0/1 bese ngifaka umyalo we-ip nat wangaphandle. Ngakho, ngabela okokufaka nokuphumayo kwe-router. Manje ngidinga ukulungiselela mathupha amakheli e-IP, okungukuthi, ukudlulisa imigqa esuka etafuleni elingenhla iye kuzilungiselelo:
Ip nat ngaphakathi komthombo static 192.168.1.10 200.124.22.1
Ip nat ngaphakathi komthombo static 192.168.1.11 200.124.22.2
Ip nat ngaphakathi komthombo static 192.168.1.100 200.124.22.3
Manje ngizofaka i-Router1 kusuka kumishini yethu ngayinye futhi ngibone ukuthi yimaphi amakheli e-IP ethola imibukiso ye-ping. Ukwenza lokhu, ngibeka iwindi le-CLI elivuliwe lerutha ye-R1 ngakwesokudla kwesikrini ukuze ngibone imilayezo yokususa iphutha. Manje ngiya kutheminali yomugqa womyalo we-PC0 bese ngifaka ikheli 200.124.22.10. Ngemva kwalokhu, umlayezo uyavela efasiteleni ukuthi i-ping itholwe ekhelini le-IP 200.124.22.1. Lokhu kusho ukuthi ikheli le-IP lekhompuyutha yendawo 192.168.1.10 lihunyushelwe ekhelini lomhlaba jikelele elithi 200.124.22.1.
Ngenza okufanayo ngekhompyutha yendawo elandelayo futhi ngibone ukuthi ikheli layo lihunyushwe ku-200.124.22.2. Bese ngifaka i-ping iseva futhi ngibone ikheli 200.124.22.3.
Ngakho-ke, lapho ithrafikhi evela kudivayisi yenethiwekhi yendawo ifinyelela kumzila lapho i-NAT emile icushwa khona, irutha, ngokuhambisana nethebula, iguqula ikheli le-IP lendawo libe elomhlaba wonke futhi ithumele ithrafikhi kunethiwekhi yangaphandle. Ukuhlola ithebula le-NAT, ngifaka umyalo wokuhumusha ip nat.
Manje singakwazi ukubuka zonke izinguquko ezenziwa i-router. Ikholomu yokuqala ethi Inside Global iqukethe ikheli ledivayisi ngaphambi kokusakaza, okungukuthi, ikheli lapho idivayisi ibonakala ngaphansi kwayo kunethiwekhi yangaphandle, ilandelwa Ikheli Langaphakathi Lendawo, okungukuthi, ikheli ledivayisi kunethiwekhi yendawo. Ikholomu yesithathu ibonisa ikheli Langaphandle Lendawo futhi ikholomu yesine ibonisa ikheli Langaphandle Lomhlaba, womabili afanayo ngoba asihumushi ikheli lasesizindeni se-inthanethi lendawo okuyiwa kuyo. Njengoba ubona, ngemva kwemizuzwana embalwa ithebula liyasulwa ngoba i-Packet Tracer ibe nesethi yesikhathi sokuvala i-ping emfushane.
Ngingakwazi ukufaka iseva ku-1 kusuka ku-router R200.124.22.3, futhi uma ngibuyela emuva kuzilungiselelo ze-router, ngiyabona ukuthi ithebula liphinde ligcwaliswe ngemigqa emine ye-ping nekheli elihunyushwe ngokuthi 192.168.1.100.
Njengoba ngishilo, ngisho noma isikhathi sokuvala sokuhumusha siqalisiwe, uma ithrafikhi iqaliswa kusukela kumthombo wangaphandle, indlela ye-NAT yenziwa isebenze ngokuzenzakalelayo. Lokhu kwenzeka kuphela uma usebenzisa i-NAT emile.
Manje ake sibheke ukuthi i-NAT enamandla isebenza kanjani. Esibonelweni sethu, kunamakheli omphakathi angu-2 emishini emithathu yenethiwekhi yendawo, kodwa kungase kube amashumi noma amakhulu abasingathi abanjalo abayimfihlo. Ngesikhathi esifanayo, amadivaysi ama-2 kuphela angafinyelela i-inthanethi ngesikhathi esifanayo. Ake sicabangele ukuthi yini, ngaphezu kwalokho, umehluko phakathi kwe-NAT emile nenamandla.
Njengasendabeni yangaphambilini, okokuqala udinga ukunquma i-interfaces okokufaka nokuphumayo kwe-router. Okulandelayo, sakha uhlobo lohlu lokufinyelela, kodwa lena akuyona i-ACL efanayo ebesikhulume ngayo esifundweni esandulele. Lolu hlu lokufinyelela lusetshenziselwa ukukhomba ithrafikhi esifuna ukuyiguqula. Lapha igama elisha elithi "ithrafikhi ethokozisayo" noma "ithrafikhi ethokozisayo" ivela. Lena ithrafikhi onentshisekelo kuyo ngesizathu esithile, futhi uma leyo thrafikhi ifana nemibandela yohlu lokufinyelela, ingena ngaphansi kwe-NAT futhi iyahunyushwa. Leli gama lisebenza kuthrafikhi ezimweni eziningi, isibonelo, endabeni ye-VPN, "okuthakazelisayo" ithrafikhi ezodlula emhubheni we-VPN.
Kufanele sidale i-ACL ekhomba ithrafikhi enentshisekelo, kithina lena ithrafikhi yayo yonke inethiwekhi ye-192.168.1.0, okuhambisana nayo imaski yembuyiselo engu-0.0.0.255.
Bese kufanele sakhe iphuli ye-NAT, lapho sisebenzisa khona umyalo othi ip nat pool <pool name> futhi sicacise iqoqo lamakheli e-IP 200.124.22.1 200.124.22.2. Lokhu kusho ukuthi sihlinzeka ngamakheli amabili e-IP angaphandle kuphela. Okulandelayo, umyalo usebenzisa igama elingukhiye le-netmask bese ufaka imaski ye-subnet 255.255.255.252. I-octet yokugcina yemaski (255 - inombolo yamakheli echibi - 1), ngakho-ke uma unamakheli angu-254 echibini, khona-ke imaski ye-subnet izoba ngu-255.255.255.0. Lesi isilungiselelo esibaluleke kakhulu, ngakho qiniseka ukuthi ufaka inani elilungile le-netmask lapho usetha i-NAT eguquguqukayo.
Okulandelayo sisebenzisa umyalo oqala indlela ye-NAT: ip nat ngaphakathi kohlu lomthombo 1 ichibi le-NWKING, lapho i-NWKING kuyigama lechibi, futhi uhlu 1 lusho inombolo ye-ACL 1. Khumbula - ukuze lo myalo usebenze, kufanele uqale udale i-pool yamakheli aguqukayo kanye nohlu lokufinyelela.
Ngakho-ke, ngaphansi kwezimo zethu, idivayisi yokuqala efuna ukufinyelela ku-intanethi izokwazi ukwenza lokhu, idivayisi yesibili izokwazi ukwenza kanjalo, kodwa okwesithathu kuzomele ilinde kuze kube yilapho elinye lamakheli echibi likhululekile. Ukusetha i-NAT eguquguqukayo kuhlanganisa izinyathelo ezi-4: ukucacisa okokufaka nokukhiphayo, ukuhlonza ithrafikhi "ethakazelisayo", ukudala iphuli ye-NAT kanye nokucushwa kwangempela.
Manje sizodlulela ku-Packet Tracer futhi sizame ukumisa i-NAT enamandla. Okokuqala kufanele sisuse izilungiselelo ze-NAT ezimile, lapho sifaka khona imiyalo ngokulandelana:
akukho Ip nat ngaphakathi komthombo static 192.168.1.10 200.124.22.1
akukho Ip nat ngaphakathi komthombo static 192.168.1.11 200.124.22.2
akukho Ip nat ngaphakathi komthombo static 192.168.1.100 200.124.22.3.
Okulandelayo, ngidala uhlu lokufinyelela Uhlu 1 lwayo yonke inethiwekhi ngomyalo wokufinyelela-uhlu 1 imvume 192.168.1.0 0.0.0.255 futhi ngakha iphuli ye-NAT ngisebenzisa umyalo ip nat pool NWKING 200.124.22.1 200.124.22.2 netmask.255.255.255.252. Kulo myalo, ngibalule igama lechibi, amakheli afakwe kulo, kanye ne-netmask.
Bese ngicacisa ukuthi iyiphi i-NAT - yangaphakathi noma yangaphandle, kanye nomthombo lapho i-NAT kufanele idonse khona ulwazi, esimweni sethu luhlu, usebenzisa umyalo ip nat ngaphakathi kohlu lomthombo 1. Ngemva kwalokhu, uhlelo luzokutshela ukuthi zidinga ichibi lonke noma isixhumi esibonakalayo esithile. Ngikhetha i-pool ngoba sinekheli langaphandle elingaphezu kwe-1. Uma ukhetha isixhumi esibonakalayo, uzodinga ukucacisa imbobo enekheli elithile le-IP. Efomini lokugcina, umyalo uzobukeka kanje: ip nat inside source list 1 pool NWKING. Okwamanje leli chibi liqukethe amakheli amabili 200.124.22.1 200.124.22.2, kodwa ungawashintsha ngokukhululekile noma wengeze amakheli amasha angahlotshaniswa nesixhumi esibonakalayo esithile.
Kufanele uqinisekise ukuthi ithebula lakho lomzila libuyekeziwe ukuze noma yimaphi kulawa makheli asesizindeni se-inthanethi echibini kufanele ahanjiswe kule divayisi, ngaphandle kwalokho ngeke uthole ithrafikhi ebuyayo. Ukuqinisekisa ukuthi izilungiselelo ziyasebenza, sizophinda inqubo yokufaka irutha yefu, esiyenzele i-NAT emile. Ngizovula iwindi le-Router 1 ukuze ngikwazi ukubona imilayezo yemodi yokususa iphutha futhi ngiyi-ping kusuka kudivayisi ngayinye kwezingu-3.
Siyabona ukuthi wonke amakheli omthombo okuvela kuwo amaphakethe e-ping ahambisana nezilungiselelo. Ngesikhathi esifanayo, i-ping esuka ku-PC0 yekhompyutha ayisebenzi ngoba ayinalo ikheli langaphandle lamahhala elanele. Uma ungena kuzilungiselelo Zomzila 1, ungabona ukuthi amakheli e-pool 200.124.22.1 kanye no-200.124.22.2 ayasebenza okwamanje. Manje ngizocisha ukusakaza, futhi uzobona ukuthi imigqa inyamalala kanjani ngamunye ngamunye. Ngiphinde ngifake i-PC0 futhi njengoba ubona, yonke into iyasebenza manje ngoba ikwazile ukuthola ikheli langaphandle lamahhala 200.124.22.1.
Ngingalisula kanjani ithebula le-NAT futhi ngihlehlise ukuhunyushwa kwekheli elinikeziwe? Iya kuzilungiselelo zomzila we-Router0 bese uthayipha umyalo sula ip nat translation * ngenkanyezi ekugcineni komugqa. Uma manje sibheka isimo sokuhumusha sisebenzisa umyalo wokuhumusha we-ip nat, isistimu izosinika umugqa ongenalutho.
Ukuze ubuke izibalo ze-NAT, sebenzisa umyalo wezibalo ze-ip nat.
Lona umyalo owusizo kakhulu okuvumela ukuthi uthole ingqikithi yenani lezinguqulo eziguquguqukayo, ezimile nezithuthukisiwe ze-NAT/PAT. Ungabona ukuthi ngu-0 ngoba sisule idatha yokusakaza ngomyalo odlule. Lokhu kubonisa izixhumanisi zokufaka nokuphumayo, inani lamahithi aphumelele nokungaphumeleli kanye nokuguqulwa okuphuthelwe (inombolo yokwehluleka kungenxa yokuntuleka kwekheli langaphandle lamahhala lomsingathi wangaphakathi), igama lohlu lokufinyelela kanye nephuli.
Manje sizodlulela ohlotsheni oludume kakhulu lokuhumusha ikheli le-IP - i-NAT ethuthukisiwe, noma i-PAT. Ukuze ulungiselele i-PAT, udinga ukulandela izinyathelo ezifanayo zokumisa i-NAT eguquguqukayo: nquma okokufaka nokuphumayo kwe-router, khomba ithrafikhi βethakaselayo,β udale ichibi le-NAT, futhi ulungiselele i-PAT. Singakha iqoqo elifanayo lamakheli amaningi njengasesimeni sangaphambilini, kodwa lokhu akudingekile ngoba i-PAT isebenzisa ikheli langaphandle elifanayo ngaso sonke isikhathi. Umehluko kuphela phakathi kokumisa i-NAT eguquguqukayo ne-PAT igama elingukhiye lokulayisha ngokweqile eliqeda umyalo wokugcina wokucushwa. Ngemva kokufaka leli gama, i-NAT enamandla ishintsha ngokuzenzakalelayo ibe yi-PAT.
Futhi, usebenzisa ikheli elilodwa kuphela endaweni yokubhukuda ye-NWKING, isibonelo 200.124.22.1, kodwa licacise kabili njengekheli langaphandle lokuqala nelokuphetha nge-netmask engu-255.255.255.0. Ungakwenza kalula ngokusebenzisa ipharamitha yesixhumi esibonakalayo somthombo kanye nekheli eligxilile elithi 1 lokusebenzelana kwe-G200.124.22.1/200.124.22.1 esikhundleni se-ip nat 255.255.255.0 pool NWKING 200.124.22.1 0 netmask 1 ulayini. Kulokhu, wonke amakheli endawo lapho ufinyelela i-inthanethi azoguqulelwa kuleli kheli le-IP.
Ungakwazi futhi ukusebenzisa noma yiliphi elinye ikheli le-IP echibini, elingahambisani ne-interface ethile ebonakalayo. Kodwa-ke, kulokhu, kufanele uqinisekise ukuthi wonke amarutha akunethiwekhi angadlulisela ukubuyisela ithrafikhi kudivayisi oyikhethayo. Okubi kwe-NAT ukuthi ayikwazi ukusetshenziselwa ikheli ngasemaphethelweni, ngoba ngesikhathi iphakethe lokubuyisela libuyela kudivayisi yendawo, ikheli layo le-IP eliguqukayo le-NAT lingase libe nesikhathi sokushintsha. Okusho ukuthi, kufanele uqiniseke ukuthi ikheli le-IP elikhethiwe lizohlala litholakala sonke isikhathi seseshini yokuxhumana.
Ake sibheke lokhu nge-Packet Tracer. Okokuqala kufanele ngikhiphe i-NAT eguquguqukayo ngomyalo othi no-Ip nat ngaphakathi kohlu lomthombo 1 NWKING futhi ngikhiphe iphuli ye-NAT ngomyalo othi no Ip nat pool NWKING 200.124.22.1 200.124.22.2 netmask 225.255.255.252.
Bese kufanele ngidale i-PAT pool ngomyalo othi Ip nat pool NWKING 200.124.22.2 200.124.22.2 netmask 225.255.255.255. Kulokhu ngisebenzisa ikheli lasesizindeni se-inthanethi okungelona elodivayisi ephathekayo ngoba idivayisi ephathekayo inekheli elithi 200.124.22.1 futhi ngifuna ukusebenzisa 200.124.22.2. Esimeni sethu siyasebenza ngoba sinenethiwekhi yendawo.
Okulandelayo, ngimisa i-PAT ngomyalo othi Ip nat ngaphakathi kohlu lomthombo 1 ichibi eligcwele i-NWKING. Ngemva kokufaka lo myalo, ukuhunyushwa kwekheli le-PAT kuyasebenza. Ukuhlola ukuthi ukusetha kulungile, ngiya kumadivaysi ethu, iseva namakhompyutha amabili, kanye ne-ping PC0 Router1 ku-200.124.22.10 kusuka kukhompyutha. Efasiteleni lezilungiselelo zomzila, ungabona imigqa yokususa iphutha ebonisa ukuthi umthombo we-ping, njengoba besilindele, ikheli le-IP 200.124.22.2. I-ping ethunyelwe yikhompyutha PC1 kanye neseva Server0 ivela ekhelini elifanayo.
Ake sibone ukuthi kwenzekani kuthebula lokuguqulwa le-Router0. Ungabona ukuthi konke ukuhumusha kuphumelele, idivayisi ngayinye inikezwe imbobo yayo, futhi wonke amakheli endawo ahlotshaniswa ne-Router1 ngekheli lasesizindeni se-intanethi 200.124.22.2.
Ngisebenzisa umyalo wezibalo ze-ip nat ukubuka izibalo ze-PAT.
Siyabona ukuthi inani eliphelele lokuguqulwa, noma ukuhumusha kwekheli, ngu-12, sibona izici ze-pool nolunye ulwazi.
Manje ngizokwenza okunye - ngizofaka umyalo Ip nat ngaphakathi kohlu lomthombo 1 isixhumi esibonakalayo se-gigabit Ethernet g0/1 overload. Uma ngabe u-ping i-router kusuka ku-PC0, uzobona ukuthi iphakethe livela ekhelini elithi 200.124.22.1, okungukuthi, livela esibonakalayo esibonakalayo! Lena indlela elula: uma ungafuni ukudala ichibi, okuyinto evame ukwenzeka lapho usebenzisa imizila ekhaya, ungasebenzisa ikheli le-IP le-interface ebonakalayo ye-router njengekheli langaphandle le-NAT. Lena yindlela ikheli lakho lesikhungo esiyimfihlo senethiwekhi yomphakathi elivame ukuhunyushwa ngayo.
Namuhla sifunde isihloko esibaluleke kakhulu, ngakho-ke udinga ukusijwayeza. Sebenzisa i-Packet Tracer ukuhlola ulwazi lwakho lwethiyori ngokumelene nezinkinga ezisebenzayo ze-NAT kanye ne-PAT. Sesifike esiphethweni sokufunda izihloko ze-ICND1 - ukuhlolwa kokuqala kwesifundo se-CCNA, ngakho-ke cishe ngizonikela ngesifundo sevidiyo esilandelayo ukuze ngifingqe imiphumela.
Siyabonga ngokuhlala nathi. Uyazithanda izindatshana zethu? Ufuna ukubona okuqukethwe okuthakaselayo okwengeziwe? Sisekele ngokufaka i-oda noma ngokuncoma kubangani, Isaphulelo sika-30% sabasebenzisi be-Habr ku-analogue ehlukile yamaseva eleveli yokungena, esungulwe yithi ngenxa yakho: (itholakala nge-RAID1 kanye ne-RAID10, kufika kuma-cores angu-24 kuze kufike ku-40GB DDR4).
I-Dell R730xd ishibhile izikhathi ezi-2? Lapha kuphela eNetherlands! I-Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - isuka ku-$99! Funda mayelana
Source: www.habr.com