|
Lesson 1
Determining IP Addressing Requirements
2-9
When the destination server receives the request, it processes it in the
normal manner
and generates its reply datagram. However, because the sender’s address in
the request
datagram contained the NAT router’s registered address, the destination
server
addresses the reply datagram to the NAT router, and routers can forward it
in the nor-
mal manner. When the NAT router receives the reply from the server, it
modifies the
datagram again, substituting the client’s unregistered address for the
destination
address in the datagram, and forwards the packet to the client on the
private network.
The NAT router’s processes are invisible to the client and the server. The
client has gen-
erated a request and sent it to a server, and it eventually receives a reply
from that
server. The server receives a request from the NAT router and transmits its
reply to the
same router. Both the client and the server have functioned normally,
unaware of the
NAT router’s intervention. More importantly, the client computer remains
invisible to
the Internet and is protected from most types of unauthorized access.
Microsoft Windows Server 2003 can function as a router, and it contains a
NAT imple-
mentation as part of the Routing and Remote Access service (RRAS). Because
the NAT
router functions are invisible to the unregistered computer, users can
access the Inter-
net with any client application. The one thing you can’t do with a standard
NAT imple-
mentation is run an Internet server. This is because the client must
initiate the client/
server transaction, and a client computer on the Internet has no way of
contacting the
server running on an unregistered computer first.
Tip
Some NAT implementations enable you to assign registered IP addresses to
specific
unregistered computers on the private network. This ability allows you to
use an unregistered
computer to establish a presence on the Internet without compromising the
security of the
unregistered computer. All the incoming client traffic is actually going to
the NAT router, which
relays it to the server on the unregistered network.
Using Proxy Servers
A proxy server is similar to a NAT router in that it functions as an
intermediary between
client computers on a private network and servers on the Internet. Unlike
NAT, how-
ever, a proxy server is an independent software product that runs at the
application
layer and is not incorporated into a router. When an unregistered client
wants to send
a request to an Internet server, the computer forwards the request datagram
to a proxy
server instead. The proxy server sends an identical request to the
destination server,
receives a reply, and relays the results back to the client. For the proxy
server to com-
municate with Internet servers, it must have a registered IP address.
Unlike NAT routers, proxy servers do not process all TCP/IP traffic. Proxy
servers only
work with specific client applications, and you must configure the clients
themselves to
send their messages to the proxy server instead of to the actual
destination, using an
|
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)