NAT ÀÌ¿ëÇÑ °¡»ó ¼­¹ö

NAT¸¦ ÀÌ¿ëÇØ °¡»ó ¼­¹ö¸¦ ¾î¶»°Ô ¼³Á¤ÇÏ´ÂÁö ¼³¸íÇÑ´Ù.

Network address translation(³×Æ®¿÷ ÁÖ¼Ò º¯È¯)

IPv4¿¡¼­´Â IPÁÖ¼Ò°¡ ºÎÁ·ÇÏ°í º¸¾È»ó¿¡ ¸î°¡Áö ¹®Á¦°¡ À־, Á¡Á¡ ´õ ¸¹Àº ³×Æ®¿÷¿¡¼­ ÀÎÅͳݿ¡¼­ »ç¿ëÇÒ ¼ö ¾ø´Â »ç¼³ IP(10.0.0.0/255.0.0.0, 172.16.0.0/255.240.0.0 , 192.168.0.0/255.255.0.0)¸¦ »ç¿ëÇϰí ÀÖ´Ù. »ç¼³¸Á¿¡ Àִ ȣ½ºÆ®¿¡¼­ ÀÎÅͳݿ¡ Á¢¼ÓÀ» Çϰųª ÀÎÅͳݸÁ¿¡¼­ »ç¼³¸ÁÀÇ È£½ºÆ®¿¡ Á¢¼ÓÇϱâ À§Çؼ­ NAT(network address translation)±â´ÉÀÌ ÇÊ¿äÇÏ´Ù.

NAT´Â ƯÁ¤ÇÑ IP ÁÖ¼Ò¸¦ ÇÑ ±×·ì¿¡¼­ ´Ù¸¥ ±×·ìÀ¸·Î ¸ÅÇÎÇÏ´Â ±â´ÉÀÌ´Ù. ÁÖ¼Ò¸¦ N-to-N ÇüÅ·Π¸ÅÇÎÇÏ´Â °æ¿ì¸¦ Á¤Àû NAT¶ó Çϰí M-to-N(M>N)¸¦ µ¿Àû NAT¶ó°í ÇÑ´Ù. ³×Æ®¿÷ ÁÖ¼Ò Æ÷Æ® º¯È¯Àº ±âº» NATÀÇ È®Àå±â´ÉÀ¸·Î ¿©·¯ °¡Áö ³×Æ®¿÷ ÁÖ¼Ò¿Í TCP/UDP Æ÷Æ®¸¦ ´ÜÀÏÀÇ ³×Æ®¿÷ ÁÖ¼Ò¿Í TCP/UDP Æ÷Æ®·Î º¯È¯ÇÑ´Ù. N-to-1 ¸ÅÇÎÀ̶ó°í ÇÏ¸ç ¸®´ª½º¿¡¼­ IP ¸¶½ºÄ¿·¹À̵ùµµ ÀÌ·¯ÇÑ ¹æ½ÄÀ» ÀÌ¿ëÇÑ´Ù. NAT¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ ³»¿ëÀº rfc1631 °ú draft-rfced-info-srisuresh-05.txt¸¦ Âü°íÇϱ⠹ٶõ´Ù.

¸®´ª½º¿¡¼­ NAT¸¦ ÅëÇÑ °¡»ó ¼­¹ö´Â ³×Æ®¿÷ ÁÖ¼Ò Æ÷Æ® º¯È¯À» ÅëÇØ ¼öÇàÇÑ´Ù. ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵ù Äڵ带 ÀÌ¿ëÇϸç, ½ºÆ¼ºì Ŭ¶ô(Steven Clarke)ÀÇ Æ÷Æ® Æ÷¿öµù Äڵ带 Àç»ç¿ëÇϰí ÀÖ´Ù.

 

NAT¸¦ ÅëÇØ °¡»ó ¼­¹ö¸¦ ¾î¶»°Ô ¼öÇàÇϴ°¡?

¸ÕÀú ´ÙÀ½ ±×¸²À» º¸ÀÚ.

»ç¿ëÀÚ°¡ ¼­¹ö Ŭ·¯½ºÅÍ¿¡¼­ Á¦°øÇÏ´Â ¼­ºñ½º¿¡ Á¢±ÙÇÒ¶§, °¡»ó IP ÁÖ¼Ò(ºÎÇϺл꼭¹öÀÇ ¿ÜºÎ IP ÁÖ¼Ò)·Î ÇâÇÏ´Â ¿ä±¸ ÆÐŶÀÌ ºÎÇϺл꼭¹ö·Î °£´Ù. ºÎÇϺл꼭¹ö¿¡¼­ ÆÐŶÀÇ ¸ñÀûÁö ÁÖ¼Ò¿Í Æ÷Æ® ¹øÈ£¸¦ °Ë»çÇÑ´Ù. ±× ³»¿ëÀÌ °¡»ó ¼­¹ö ±ÔÄ¢ Å×ÀÌºí¿¡ µû¸¥ °¡»ó ¼­¹ö ¼­ºñ½º¿Í ÀÏÄ¡ÇÏ¸é ½ºÄÉÁ층 ¾Ë°í¸®Áò¿¡ µû¶ó Ŭ·¯½ºÅÍ¿¡¼­ ½ÇÁ¦ ¼­¹ö¸¦ ¼±ÅÃÇÑ´Ù. ±×¸®°í Á¢¼ÓÀÌ ÀÌ·ç¾îÁø °ÍÀ» ±â·ÏÇÏ´Â ÇØ½¬ Å×ÀÌºí¿¡ »õ·Î¿î Á¢¼ÓÀ» Ãß°¡ÇÑ´Ù. ±×·¯°í³ª¼­ ÆÐŶÀÇ ¸ñÀûÁö ÁÖ¼Ò¿Í Æ÷Æ®°¡ ¼±ÅÃÇÑ ¼­¹ö¿¡ ¸Â°Ô º¯°æµÇ°í ÆÐŶÀ» ÇØ´ç ¼­¹ö·Î Àü¼ÛÇÑ´Ù. µé¾î¿À´Â ÆÐŶÀÌ ÀÌ·¯ÇÑ Á¢¼Ó¿¡ ÇØ´çÇϰí ÇØ½¬ Å×ÀÌºí¿¡¼­ ¼±ÅÃÇÑ ¼­¹ö¸¦ ãÀ» ¼ö ÀÖÀ¸¸é ÆÐŶÀ» ÀçÀÛ¼ºÇÏ¿© ¼±ÅÃÇÑ ¼­¹ö·Î Àü¼ÛÀ» ÇÒ °ÍÀÌ´Ù. ÀÀ´äÆÐŶÀÌ µ¹¾Æ¿À¸é, ºÎÇϺл꼭¹ö´Â ÆÐŶÀÇ Ãâ¹ß ÁÖ¼Ò¿Í Æ÷Æ®¸¦ °¡»ó ¼­ºñ½º·Î º¯°æÇÑ´Ù. Á¢¼ÓÀÌ ÇØÁ¦µÇ°Å³ª ½Ã°£À» ÃʰúÇϸé, ÇØ½¬ Å×ÀÌºí¿¡¼­ ¿¬°á ±â·ÏÀ» Á¦°ÅÇÑ´Ù.

Çò°¥¸®´Â°¡? ¿¹Á¦¸¦ º¸¸é ÀÌÇØ°¡ ½¬¿ï °ÍÀÌ´Ù. ´ÙÀ½ ¿¹¸¦ º¸ÀÚ:

½ÇÁ¦ ¼­¹ö¿¡¼­´Â TCP/IP¸¦ Áö¿øÇÏ´Â ¾î¶°ÇÑ OSµµ »ç¿ëÇÒ ¼ö ÀÖÀ¸¸ç, ½ÇÁ¦ ¼­¹öÀÇ default route ´Â °¡»ó ¼­¹ö·Î ¼³Á¤ÇؾßÇÑ´Ù. (À§ ¿¹¿¡¼­´Â 172.16.0.1ÀÌ´Ù) ipfwadm ÇÁ·Î±×·¥À» ÀÌ¿ë °¡»ó ¼­¹ö¿¡¼­ ½ÇÁ¦ ¼­¹öÀÇ ÆÐŶÀ» ¹ÞÀ» ¼ö ÀÖ´Ù. À§ ¿¹¿¡¼­ ÇØ´çÇÏ´Â ¸í·ÉÀº ´ÙÀ½°ú °°´Ù:

echo "1" > /proc/sys/net/ipv4/ip_forward
ipfwadm -F -a m -S 172.16.0.0/24 -D 0.0.0.0/0

´ÙÀ½ Ç¥´Â °¡»ó ¼­¹ö¸¦ Áö¿øÇÏ´Â ¸®´ª½º ¼­¹ö¿¡¼­ »ç¿ëÇÑ ±ÔÄ¢ÀÌ´Ù.

 

Protocoll

Virtual IP Address

Port

Real IP Address

Port

Weight

TCP

202.103.106.5

80

172.16.0.2

80

1

172.16.0.3

8000

2

TCP

202.103.106.5

21

172.16.0.3

21

1

 

IP ÁÖ¼Ò 202.103.106.5 Æ÷Æ® 80À» ÇâÇÏ´Â ¸ðµç Æ®·¡ÇÈÀº ½ÇÁ¦ ÁÖ¼Ò°¡ 172.16.0.2 Æ÷Æ® 80°ú 172.16.03 Æ÷Æ® 8000·Î ºÎÇϺлêµÈ´Ù. IP ÁÖ¼Ò 202.103.106.5 Æ÷Æ® 21·Î ÇâÇÏ´Â ¸ðµç Æ®·¡ÇÈÀº ½ÇÁ¦ IP ÁÖ¼Ò 172.16.0.3 Æ÷Æ® 21·Î Æ÷Æ®-Àü¼ÛµÈ´Ù.

´ÙÀ½°ú °°ÀÌ ÆÐŶÀÌ ÀçÀÛ¼ºµÈ´Ù.

À¥¼­ºñ½º·Î µé¾î¿À´Â ÆÐŶÀº ´ÙÀ½°ú °°Àº Ãâ¹ßÁö¿Í ¸ñÀûÁö ÁÖ¼Ò¸¦ °¡Áö°í ÀÖ´Ù:

 

SOURCE

202.100.1.2:3456

DEST

202.103.106.5:80

 

ºÎÇϺл꼭¹ö¿¡¼­ ½ÇÁ¦ ¼­¹ö·Î 172.16.0.3:8000À» °í¸¥´Ù. ±×·¯¸é ÆÐŶÀº ´ÙÀ½°ú °°ÀÌ ÀçÀÛ¼ºµÇ¾î ½ÇÁ¦ ¼­¹ö·Î Àü¼ÛµÈ´Ù:

 

SOURCE

202.100.1.2:3456

DEST

172.16.0.3:8000

 

´ÙÀ½°ú °°ÀÌ ºÎÇÏºÐ»ê ¼­¹ö·Î ÀÀµìÀÌ µ¹¾Æ¿Â´Ù:

 

SOURCE

172.16.0.3:8000

DEST

202.100.1.2:3456

 

ÆÐŶÀÌ °¡»ó ¼­¹ö ÁÖ¼Ò·Î À纯°æµÇ°í Ŭ¶óÀÌ¾ðÆ®·Î ´ÙÀ½°ú °°ÀÌ Àü¼ÛµÈ´Ù:

 

SOURCE

202.103.106.5:80

DEST

202.100.1.2:3456

 

Ä¿³Î ¼³Á¤Çϱâ

¸ÕÀú Àû´çÇÑ ¹öÀüÀÇ ¸®´ª½º Ä¿³Î ¼Ò½º¸¦ ±¸ÇÑ´Ù. ±×·¯°í³ª¼­ Ä¿³Î¿¡ °¡»ó ¼­¹ö ÆÐÄ¡¸¦ Àû¿ëÇÑ´Ù. ¼¼ ¹øÂ°·Î ÃÖ¼ÒÇÑ ¿©±â¼­ ¼±ÅÃÇÑ Ä¿³Î ÄÄÆÄÀÏ ¿É¼ÇÀ» ¼±ÅÃÇß´ÂÁö È®ÀÎÇÑ´Ù.

 

Ä¿³Î ÄÄÆÄÀÏ ¿É¼Ç:

Code maturity level options --->

[*] Prompt for development and/or incomplete code/drivers

Networking options --->

[*] Network firewalls
....
[*] IP: forwarding/gatewaying
....
[*] IP: firewalling
....
[*] IP: masquerading
....
[*] IP: ipportfw masq & virtual server support

±×¸®°í ÇϳªÀÇ ½ºÄÉÁ층 ¾Ë°í¸®ÁòÀ» ¼±ÅÃÇØ¾ßÇÑ´Ù.

Virtual server scheduling algorithm
(X) WeightedRoundRobin
( ) LeastConnection
( ) WeightedLeastConnection

ÃÖÁ¾ÀûÀ¸·Î Ä¿³ÎÀ» ÄÄÆÄÀÏÇÑ´Ù. ÀûÀýÇÏ°Ô Ä¿³ÎÀÌ ÄÄÆÄÀϵǾú´Ù¸é, ½Ã½ºÅÛ Ä¿³ÎÀ» ¾÷µ¥ÀÌÆ®Çϰí ÀçºÎÆÃÇÑ´Ù.

¸¶Áö¸·À¸·Î, ippfvsadm.c ÇÁ·Î±×·¥À» ÀÌ¿ë ippfvsadm À¯Æ¿¸®Æ¼¸¦ ¸¸µç´Ù.(** ÄÄÆÄÀÏÇÑ´Ù´Â ¸»À̰ÚÁö¿ë) ±×·¯°í ippfvsadm À¯Æ¿¸®Æ¼¸¦ ÀÌ¿ë °¡»ó ¼­¹ö ±ÔÄ¢À» ¼³Á¤ÇÒ ¼ö ÀÖ´Ù. À§¿¡¼­ ¿¹Á¦¸¦ µç °æ¿ì¿¡´Â ´ÙÀ½°ú °°´Ù.

ippfvsadm -A -t 202.103.106.5:80 -R 172.16.0.2:80 -w 1

ippfvsadm -A -t 202.103.106.5:80 -R 172.16.0.3:8000 -w 2

ippfvsadm -A -t 202.103.106.5:21 -R 172.16.0.3:21

 

2.2.9 Ä¿³Î ¼³Á¤Çϱâ

Ä¿³Î ÄÄÆÄÀÏ ¿É¼Ç:

Code maturity level options --->

[*] Prompt for development and/or incomplete code/drivers

Networking options --->

[*] Network firewalls
....
[*] IP: forwarding/gatewaying
....
[*] IP: firewalling
[*] IP: always defragment (required for masquerading) (NEW)
....
[*] IP: masquerading
....
[*] IP: masquerading virtual server support (EXPERIMENTAL)(NEW)
(12) IP masquerading table size (the Nth power of 2)(NEW)
<M> IPVS: round-robin scheduling(NEW)
<M> IPVS: weighted round-robin scheduling(NEW)
<M> IPVS: weighted least-connection scheduling(NEW)
<M> IPVS: persistent client connection scheduling(NEW)

ÃÖÁ¾ÀûÀ¸·Î Ä¿³ÎÀ» ÄÄÆÄÀÏÇÑ´Ù. ÀûÀýÇÏ°Ô Ä¿³ÎÀÌ ÄÄÆÄÀϵǾú´Ù¸é, ½Ã½ºÅÛ Ä¿³ÎÀ» ¾÷µ¥ÀÌÆ®Çϰí ÀçºÎÆÃÇÑ´Ù. ¸¶Áö¸·À¸·Î cd ¸í·ÉÀ» ÀÌ¿ë, ipvsadm ¼Ò½º·Î À̵¿ÇÏ¿© "make install" À̶ó°í ¸í·ÉÀ» Ä¡¸é ipvsadm ÇÁ·Î±×·¥À» ½Ã½ºÅÛ µð·ºÅ丮¿¡ ¼³Ä¡ÇÑ´Ù.

 

ºÎÇϺл꼭¹ö¿¡¼­ ¸¶½ºÄ¿·¹À̵ù ÆÐŶÀ» Æ÷¿öµùÇϵµ·Ï ´ÙÀ½°ú °°ÀÌ ¼³Á¤ÇÑ´Ù.

echo "1" > /proc/sys/net/ipv4/ip_forward
ipchains -A forward -j MASQ -s 172.16.0.0/24 -d 0.0.0.0/0

°¡»ó ¼­ºñ½º¸¦ Ãß°¡ÇÏ°í ¿©±â¿¡ ½ºÄÉÁì·¯¸¦ ¿¬°áÇÑ´Ù.

ipvsadm -A -t202.103.106.5:80 -s  wlc    (Weight least connections scheduling)
ipvsadm -A -t202.103.106.5:21 -s  wrr    (Weght round robing scheduling )

½ÇÁ¦ ¼­¹ö¸¦ Ãß°¡ÇÏ°í Æ÷¿öµù ¹æ½ÄÀ» ¼±ÅÃÇÑ´Ù. Add real server and select forwarding method

ipvsadm -a -t 202.103.106.5:80 -R 172.16.0.2:80 -m
ipvsadm -a -t 202.103.106.5:80 -R 172.16.0.3:8000 -m -w 2
ipvsadm -a -t 202.103.106.5:21 -R 172.16.0.2:21 -m


Last updated: 1999/6/24

Created on: 1998/5/28