Due to the limited IP address of the public network, many ISPs use multiple intranet users to share a common IP network on the Internet through proxy and gateway routing, which limits these users to themselves. Setting up a personal website on a computer. To achieve a website on these users, the most important point is how to map the multi-user intranet IP with an IP that they only share online! Just like in a LAN or Internet cafe, although you can set up multiple servers and websites, you still have only one external IP address for the external network. How to map the IP of the external network to the corresponding internal IP address. This should be the proxy server or gateway router of the intranet. The user who uses the private IP address means that our access ISP service provider (China Telecom, China Unicom, China Netcom, China Railcom, etc.) should The services provided, because the implementation of this technology is a little difficult for them, and it is more difficult for us, first of all to get the support of the system administrator can be achieved. Because all of this must be done on the proxy server.
To achieve this, you can use the port mapping feature of Windows 2000 Server. In addition, WinRoute Pro also has such features, as well as various enterprise-level firewalls. For us ordinary users, I am afraid it is most convenient to use Windows 2000 Server.
Let's introduce NAT first. NAT (Network Address Translation) is a technology that maps an IP address domain to another IP address domain to provide transparent routing for end hosts. NAT includes static network address translation, dynamic network address translation, network address and port translation, dynamic network address and port translation, and port mapping. NAT is often used to translate private address domains to public address domains to address the lack of IP addresses. After NAT is implemented on the firewall, you can hide the internal topology of the protected network and improve the security of the network to a certain extent. If reverse NAT provides dynamic network address and port translation, load balancing and other functions can also be implemented.
The port mapping function allows a machine on the internal network to provide WWW services to the outside. This is not to transfer the real IP address directly to the host that provides the WWW service internally. If so, there are two masks, one The internal machine is not safe, because in addition to the WWW, the external network can access all the functions of the machine through the address translation function; the second is that when there are multiple machines that need to provide such services, there must be the same number of IP addresses. Conversion, so as not to save the IP address. The port mapping function maps a host's fake IP address to a true IP address. When a user accesses a port that provides a mapped port host, the server forwards the request to an internal host to provide the host with the specific service; The port mapping function also maps multiple ports of a true IP address machine to different ports on different internal machines. The port mapping function can also perform some specific proxy functions, such as proxy POP, SMTP, TELNET and other protocols. In theory, it can provide mapping of more than 60,000 ports, I am afraid we will never use it.
First, let's introduce the Internet sharing through NAT and NAT to achieve port mapping.
1. On Windows 2000 Server, enter the "Routing and Remote Access" service from the management tool, right click on the server, ->"Configure and enable routing And remote access "
2, point "Next"
3. Select "Internet Connection Server" to allow intranet hosts to access the Internet through this server. Br>
(It is best to configure NAT sharing first, so that the internal network host can access the Internet normally. Otherwise, it is a bit troublesome to configure NAT sharing after port mapping. It is not good for NAT to share.) Br>
4, select "Set a router with network address translation (NAT) routing protocol", do not select "Set Internet Connection Sharing (ICS)". (The difference between ICS and NAT is the ease of use In order to enable ICS, you only need to select a check box, and in order to enable NAT, you need more configuration tasks. In addition, the reason why ICS is used on small networks is that for internal hosts, it needs to have a fixed range of IP addresses; The communication of the network, which is limited to a single public IP address; it only allows a single internal network interface.)
5, first talk about my network situation:
Internet connection 192.200.200.3 (also an internal address, no way, the network of Tietong is not very good, the network speed is not fast, the price is expensive, my life is really bitter)
The dormitory is connected to 192.168.0.1 (the dormitory is connected There are LAN, a total of 4 computers, one of which is equipped with a Web server made by Sambar 5.1b5, the Web port is 80, and will be accessed from the external network (substituting 192.200.200.55) to access this 192.168.0.2:80. Webpage)
This NAT host has IIS 5.0 enabled and the port is 80. Port mapping is used to map port 8081 to port 80 of the internal host 192.168.0.2.
6. In the "Routing and Remote Access Server Setup Wizard" select "Internet Connection" (that is, the connection to the Internet), click "Next".
7. Select "Complete"
So far, the NAT sharing settings are complete, and the internal hosts can also access the Internet. The internal host's network settings are as follows:
The IP address range is 912.168.0.2~192.168.0.254, the subnet mask is 255.255.255.0, the gateway is 192.168.0.1, and the DNS is the address given by the ISP. Ours is 211.98.xxx.xxx
Second, use NAT to map ports
1. Add NAT protocol. Right-click "General",-""New Routing Protocol"
2. Select "Network Address Translation (NAT)" in "New Routing Protocol", click " ; OK "
3, this is in the "IP routing" "network address translation (NAT)"
4, right click " network Address Translation (NAT)", Add "New Interface"
5. Select "Internet Connection" in the "Network Address Translation (NAT) New Interface" The connection to the Internet, do not choose the wrong one)
6, in the "Network Address Translation-Internet Connection Properties" selected "Common Interface Connect to Internet", Check "Convert TCP/UDP Head (recommended) "
7. In the "Address Pool" option table, add the start and end addresses you need to provide port redirection.
Engage in all the IP addresses of the port mapping. In general, we have an IP address, so we can not use the "address pool" differences. Suppose there are 8 addresses, set as follows: After adding, it is like this:
8. In the "Special Port" option table, you need the data connection protocol you need to target (TCP or UDP protocol). For example, Web and FTP are TCP protocols. After selecting "Add"
9, "Add special port", here is the core of setting port mapping, which port of NAT host Which port is mapped to the intranet host is set here, because there is "address pool", so you can add any address in the "address pool" in the "public network address" Is "192.200.200.3", which is my address. If you have not set "address pool" in front of it, then in this option page, "in this address pool item" is not optional, you only Can choose "in this interface", that is, you only have one public IP address, which is more suitable for friends with only one IP, you can not use "address pool", why do you have to do redundant settings? If there is a problem, it is not asking for trouble. "Incoming port" is the port that someone else accesses the NAT server with public IP from outside the network. The 8080 is set here.
"Private Address and Outgoing Address" is the IP address of the internal host and the port providing the special service. Here, the port 8080 on 192.200.200.3 is mapped to port 80 on 192.168.0.2.
This is the redirection of the TCP protocol port, as the UDP orientation page is similar.
IV. Test Results
Tested the Web server on the NAT host and the Web server built on the intranet 192.168.0.2 at 192.200.200.55. The results are as follows: I’m sorry, I changed the port number in the middle, and the 8081 port on 192.200.200.3 is mapped to port 80 of 192.168.0.2.)
Today when using IIS7 found a problem with the time format, when I use the now () time function in A
one by one binding methodIn order to meet the special needs of the staff of the unit, many units hav
Problem DescriptionHow to delete arrays in LSI 8708E SAS RAID card management soft
First, after opening the IIS Manager, find the corresponding website under the website on the left s
The next four generations of IDC's transition to a two-line machine room
Security Issues for Apache+Proftpd Virtual Hosts
IIS 301 redirects to the domain name at the beginning of www
3 major errors to avoid when backing up virtual servers
The basics of the mail server are explained in detail
Vps common problems, vps and server differences
Outlook Express mail application skills two
WP8 store app provides "trial" function, still the only mobile platform
Windows 10 system deletes the useless components
Xp system boot always pops up the solution of the pci device hardware wizard window
Method for fixing common setting items to the start menu under Win10 system
Format factory how to cut video
How Linux looks at the last reboot time
How to delete the location of win7 recently visited?
Microsoft says it takes at least two weeks to adapt to Windows 8 systems