{"id":404,"date":"2025-02-06T01:45:34","date_gmt":"2025-02-06T01:45:34","guid":{"rendered":"https:\/\/replicounts.org\/network\/detailed-technical-breakdown-of-nat-network-address-translation-in-proxy-networks\/"},"modified":"2025-02-06T01:45:34","modified_gmt":"2025-02-06T01:45:34","slug":"detailed-technical-breakdown-of-nat-network-address-translation-in-proxy-networks","status":"publish","type":"post","link":"https:\/\/replicounts.org\/vi\/network\/detailed-technical-breakdown-of-nat-network-address-translation-in-proxy-networks\/","title":{"rendered":"Ph\u00e2n t\u00edch k\u1ef9 thu\u1eadt chi ti\u1ebft v\u1ec1 NAT (D\u1ecbch \u0111\u1ecba ch\u1ec9 m\u1ea1ng) trong m\u1ea1ng Proxy"},"content":{"rendered":"

NAT (Network Address Translation) l\u00e0 g\u00ec?<\/h2>\n

D\u1ecbch \u0111\u1ecba ch\u1ec9 m\u1ea1ng (NAT)<\/strong> l\u00e0 m\u1ed9t ph\u01b0\u01a1ng ph\u00e1p \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng trong m\u1ea1ng cho ph\u00e9p s\u1eeda \u0111\u1ed5i th\u00f4ng tin \u0111\u1ecba ch\u1ec9 IP trong ti\u00eau \u0111\u1ec1 g\u00f3i IP trong khi ch\u00fang \u0111ang truy\u1ec1n qua thi\u1ebft b\u1ecb \u0111\u1ecbnh tuy\u1ebfn l\u01b0u l\u01b0\u1ee3ng. NAT ch\u1ee7 y\u1ebfu \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng cho hai m\u1ee5c \u0111\u00edch ch\u00ednh:<\/p>\n

    \n
  1. \n

    B\u1ea3o t\u1ed3n \u0111\u1ecba ch\u1ec9 IP<\/strong>: NAT cho ph\u00e9p nhi\u1ec1u thi\u1ebft b\u1ecb tr\u00ean m\u1ea1ng c\u1ee5c b\u1ed9 chia s\u1ebb m\u1ed9t \u0111\u1ecba ch\u1ec9 IP c\u00f4ng c\u1ed9ng duy nh\u1ea5t. \u0110i\u1ec1u n\u00e0y \u0111\u1eb7c bi\u1ec7t h\u1eefu \u00edch khi t\u00ednh kh\u1ea3 d\u1ee5ng h\u1ea1n ch\u1ebf c\u1ee7a \u0111\u1ecba ch\u1ec9 IPv4.<\/p>\n<\/li>\n

  2. \n

    B\u1ea3o v\u1ec7<\/strong>: B\u1eb1ng c\u00e1ch \u1ea9n \u0111\u1ecba ch\u1ec9 IP n\u1ed9i b\u1ed9, NAT c\u00f3 th\u1ec3 cung c\u1ea5p m\u1ed9t l\u1edbp b\u1ea3o m\u1eadt. M\u00e1y ch\u1ee7 b\u00ean ngo\u00e0i kh\u00f4ng th\u1ec3 truy c\u1eadp tr\u1ef1c ti\u1ebfp v\u00e0o c\u00e1c thi\u1ebft b\u1ecb n\u1ed9i b\u1ed9.<\/p>\n<\/li>\n<\/ol>\n

    Ho\u1ea1t \u0111\u1ed9ng k\u1ef9 thu\u1eadt c\u1ee7a NAT<\/h3>\n

    NAT ho\u1ea1t \u0111\u1ed9ng \u1edf l\u1edbp m\u1ea1ng (L\u1edbp 3) c\u1ee7a m\u00f4 h\u00ecnh OSI. Sau \u0111\u00e2y l\u00e0 c\u00e1ch th\u1ee9c ho\u1ea1t \u0111\u1ed9ng c\u1ee7a n\u00f3:<\/p>\n

      \n
    • \n

      Qu\u00e1 tr\u00ecnh d\u1ecbch thu\u1eadt<\/strong>: Khi m\u1ed9t g\u00f3i tin t\u1eeb m\u1ed9t \u0111\u1ecba ch\u1ec9 IP ri\u00eang (v\u00ed d\u1ee5: 192.168.1.2) \u0111\u01b0\u1ee3c g\u1eedi \u0111\u1ebfn internet, thi\u1ebft b\u1ecb NAT s\u1ebd d\u1ecbch \u0111\u1ecba ch\u1ec9 IP ri\u00eang sang \u0111\u1ecba ch\u1ec9 IP c\u00f4ng c\u1ed9ng (v\u00ed d\u1ee5: 203.0.113.5). Thi\u1ebft b\u1ecb NAT s\u1ebd l\u01b0u m\u1ed9t b\u1ea3ng d\u1ecbch \u0111\u1ec3 theo d\u00f5i \u0111\u1ecba ch\u1ec9 IP n\u1ed9i b\u1ed9 n\u00e0o t\u01b0\u01a1ng \u1ee9ng v\u1edbi \u0111\u1ecba ch\u1ec9 IP b\u00ean ngo\u00e0i n\u00e0o.<\/p>\n<\/li>\n

    • \n

      D\u1ecbch ng\u01b0\u1ee3c<\/strong>:Khi m\u1ed9t g\u00f3i ph\u1ea3n h\u1ed3i quay tr\u1edf l\u1ea1i thi\u1ebft b\u1ecb NAT, n\u00f3 s\u1ebd s\u1eed d\u1ee5ng th\u00f4ng tin t\u1eeb b\u1ea3ng d\u1ecbch \u0111\u1ec3 thay th\u1ebf \u0111\u1ecba ch\u1ec9 IP c\u00f4ng c\u1ed9ng b\u1eb1ng \u0111\u1ecba ch\u1ec9 IP ri\u00eang th\u00edch h\u1ee3p tr\u01b0\u1edbc khi chuy\u1ec3n ti\u1ebfp \u0111\u1ebfn thi\u1ebft b\u1ecb n\u1ed9i b\u1ed9 d\u1ef1 \u0111\u1ecbnh.<\/p>\n<\/li>\n<\/ul>\n

      C\u00e1c lo\u1ea1i NAT<\/h3>\n
        \n
      1. \n

        NAT t\u0129nh<\/strong>: \u00c1nh x\u1ea1 m\u1ed9t \u0111\u1ecba ch\u1ec9 IP ri\u00eang t\u01b0 th\u00e0nh m\u1ed9t \u0111\u1ecba ch\u1ec9 IP c\u00f4ng c\u1ed9ng. \u0110i\u1ec1u n\u00e0y h\u1eefu \u00edch cho c\u00e1c d\u1ecbch v\u1ee5 l\u01b0u tr\u1eef c\u1ea7n m\u1ed9t IP nh\u1ea5t qu\u00e1n.<\/p>\n<\/li>\n

      2. \n

        NAT \u0111\u1ed9ng<\/strong>: \u00c1nh x\u1ea1 \u0111\u1ecba ch\u1ec9 IP ri\u00eang t\u01b0 th\u00e0nh \u0111\u1ecba ch\u1ec9 IP c\u00f4ng c\u1ed9ng t\u1eeb m\u1ed9t nh\u00f3m \u0111\u1ecba ch\u1ec9 c\u00f4ng c\u1ed9ng. N\u00f3 g\u00e1n m\u1ed9t \u0111\u1ecba ch\u1ec9 kh\u1ea3 d\u1ee5ng m\u1ed9t c\u00e1ch \u0111\u1ed9ng.<\/p>\n<\/li>\n

      3. \n

        PAT (D\u1ecbch \u0111\u1ecba ch\u1ec9 c\u1ed5ng)<\/strong>: C\u00f2n \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 qu\u00e1 t\u1ea3i NAT, cho ph\u00e9p nhi\u1ec1u thi\u1ebft b\u1ecb chia s\u1ebb m\u1ed9t \u0111\u1ecba ch\u1ec9 IP c\u00f4ng c\u1ed9ng duy nh\u1ea5t b\u1eb1ng c\u00e1ch ph\u00e2n bi\u1ec7t c\u00e1c thi\u1ebft b\u1ecb th\u00f4ng qua s\u1ed1 c\u1ed5ng. \u0110\u00e2y l\u00e0 h\u00ecnh th\u1ee9c NAT ph\u1ed5 bi\u1ebfn nh\u1ea5t \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng trong m\u1ea1ng gia \u0111\u00ecnh.<\/p>\n<\/li>\n<\/ol>\n

        T\u01b0\u01a1ng t\u00e1c v\u1edbi Proxy v\u00e0 M\u1ea1ng<\/h2>\n

        Proxy v\u00e0 NAT<\/h3>\n

        Proxy \u0111\u00f3ng vai tr\u00f2 l\u00e0 trung gian cho c\u00e1c y\u00eau c\u1ea7u t\u1eeb m\u00e1y kh\u00e1ch t\u00ecm ki\u1ebfm t\u00e0i nguy\u00ean t\u1eeb c\u00e1c m\u00e1y ch\u1ee7 kh\u00e1c. Khi proxy \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng k\u1ebft h\u1ee3p v\u1edbi NAT, c\u00e1c t\u01b0\u01a1ng t\u00e1c sau s\u1ebd x\u1ea3y ra:<\/p>\n

          \n
        • \n

          Vai tr\u00f2 m\u00e1y ch\u1ee7 proxy<\/strong>: M\u1ed9t m\u00e1y kh\u00e1ch g\u1eedi y\u00eau c\u1ea7u \u0111\u1ebfn m\u00e1y ch\u1ee7 proxy, sau \u0111\u00f3 m\u00e1y ch\u1ee7 proxy chuy\u1ec3n ti\u1ebfp y\u00eau c\u1ea7u \u0111\u00f3 \u0111\u1ebfn m\u00e1y ch\u1ee7 \u0111\u00edch. M\u00e1y ch\u1ee7 proxy c\u0169ng c\u00f3 th\u1ec3 c\u00f3 kh\u1ea3 n\u0103ng NAT ri\u00eang, tr\u1eebu t\u01b0\u1ee3ng h\u00f3a th\u00eam \u0111\u1ecba ch\u1ec9 IP c\u1ee7a m\u00e1y kh\u00e1ch.<\/p>\n<\/li>\n

        • \n

          C\u1ea5u h\u00ecnh NAT<\/strong>: Khi NAT \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh tr\u00ean m\u1ea1ng, c\u00e1c y\u00eau c\u1ea7u t\u1eeb m\u00e1y kh\u00e1ch \u0111\u01b0\u1ee3c g\u1eedi \u0111\u1ebfn m\u00e1y ch\u1ee7 proxy, sau \u0111\u00f3 th\u1ef1c hi\u1ec7n NAT \u0111\u1ec3 giao ti\u1ebfp v\u1edbi m\u1ea1ng b\u00ean ngo\u00e0i. Proxy x\u1eed l\u00fd c\u00e1c ph\u1ea3n h\u1ed3i v\u00e0 c\u0169ng c\u00f3 th\u1ec3 th\u1ef1c hi\u1ec7n c\u00e1c ch\u1ee9c n\u0103ng b\u1ed5 sung nh\u01b0 l\u01b0u tr\u1eef \u0111\u1ec7m, l\u1ecdc ho\u1eb7c ghi nh\u1eadt k\u00fd.<\/p>\n<\/li>\n<\/ul>\n

          C\u00e1c tham s\u1ed1 ho\u1eb7c \u0111\u1ecbnh d\u1ea1ng ch\u00ednh<\/h3>\n
            \n
          1. \n

            B\u1ea3ng d\u1ecbch<\/strong>: Duy tr\u00ec \u00e1nh x\u1ea1 c\u1ee7a c\u00e1c \u0111\u1ecba ch\u1ec9 IP n\u1ed9i b\u1ed9 v\u00e0 b\u00ean ngo\u00e0i c\u0169ng nh\u01b0 c\u00e1c c\u1ed5ng t\u01b0\u01a1ng \u1ee9ng c\u1ee7a ch\u00fang.<\/p>\n<\/li>\n

          2. \n

            Gi\u00e1 tr\u1ecb th\u1eddi gian ch\u1edd<\/strong>: X\u00e1c \u0111\u1ecbnh th\u1eddi gian c\u00e1c m\u1ee5c NAT \u0111\u01b0\u1ee3c l\u01b0u gi\u1eef trong b\u1ea3ng d\u1ecbch tr\u01b0\u1edbc khi ch\u00fang h\u1ebft h\u1ea1n.<\/p>\n<\/li>\n

          3. \n

            Lo\u1ea1i giao th\u1ee9c<\/strong>: NAT c\u00f3 th\u1ec3 x\u1eed l\u00fd nhi\u1ec1u giao th\u1ee9c kh\u00e1c nhau v\u00e0 th\u01b0\u1eddng y\u00eau c\u1ea7u c\u1ea5u h\u00ecnh c\u1ee5 th\u1ec3 cho c\u00e1c giao th\u1ee9c nh\u01b0 FTP, c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng nhi\u1ec1u k\u1ebft n\u1ed1i.<\/p>\n<\/li>\n

          4. \n

            Qu\u00e1 t\u1ea3i<\/strong>:Trong PAT, nhi\u1ec1u b\u1ea3n d\u1ecbch c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n b\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng c\u00f9ng m\u1ed9t IP c\u00f4ng c\u1ed9ng nh\u01b0ng s\u1ed1 c\u1ed5ng kh\u00e1c nhau.<\/p>\n<\/li>\n

          5. \n

            C\u00e1c lo\u1ea1i NAT<\/strong>:<\/p>\n<\/li>\n

          6. NAT h\u00ecnh n\u00f3n \u0111\u1ea7y \u0111\u1ee7<\/strong><\/li>\n
          7. NAT h\u00ecnh n\u00f3n h\u1ea1n ch\u1ebf<\/strong><\/li>\n
          8. C\u1ed5ng h\u1ea1n ch\u1ebf Cone NAT<\/strong><\/li>\n
          9. NAT \u0111\u1ed1i x\u1ee9ng<\/strong><\/li>\n<\/ol>\n

            V\u00ed d\u1ee5 c\u01a1 b\u1ea3n v\u1ec1 NAT v\u1edbi gi\u1ea3i th\u00edch k\u1ef9 thu\u1eadt<\/h2>\n

            K\u1ecbch b\u1ea3n<\/h3>\n

            H\u00e3y t\u01b0\u1edfng t\u01b0\u1ee3ng m\u1ed9t m\u1ea1ng gia \u0111\u00ecnh c\u00f3 ba thi\u1ebft b\u1ecb:<\/p>\n

              \n
            • Thi\u1ebft b\u1ecb A: 192.168.1.2<\/li>\n
            • Thi\u1ebft b\u1ecb B: 192.168.1.3<\/li>\n
            • Thi\u1ebft b\u1ecb C: 192.168.1.4<\/li>\n<\/ul>\n

              B\u1ed9 \u0111\u1ecbnh tuy\u1ebfn gia \u0111\u00ecnh c\u00f3 \u0111\u1ecba ch\u1ec9 IP c\u00f4ng c\u1ed9ng l\u00e0 203.0.113.5.<\/p>\n

              C\u00e1c b\u01b0\u1edbc ho\u1ea1t \u0111\u1ed9ng c\u1ee7a NAT<\/h3>\n
                \n
              1. \n

                Y\u00eau c\u1ea7u g\u1eedi \u0111i<\/strong>: Thi\u1ebft b\u1ecb A mu\u1ed1n truy c\u1eadp m\u00e1y ch\u1ee7 web t\u1ea1i 198.51.100.10. Thi\u1ebft b\u1ecb n\u00e0y t\u1ea1o m\u1ed9t g\u00f3i tin c\u00f3 IP ngu\u1ed3n l\u00e0 192.168.1.2 v\u00e0 g\u1eedi \u0111\u1ebfn b\u1ed9 \u0111\u1ecbnh tuy\u1ebfn.<\/p>\n<\/li>\n

              2. \n

                B\u1ea3n d\u1ecbch NAT<\/strong>:<\/p>\n<\/li>\n

              3. B\u1ed9 \u0111\u1ecbnh tuy\u1ebfn nh\u1eadn g\u00f3i tin v\u00e0 ki\u1ec3m tra b\u1ea3ng NAT c\u1ee7a n\u00f3.<\/li>\n
              4. N\u00f3 th\u1ea5y r\u1eb1ng 192.168.1.2 \u0111ang y\u00eau c\u1ea7u k\u1ebft n\u1ed1i b\u00ean ngo\u00e0i.<\/li>\n
              5. N\u00f3 thay \u0111\u1ed5i \u0111\u1ecba ch\u1ec9 IP ngu\u1ed3n th\u00e0nh 203.0.113.5 v\u00e0 c\u0169ng c\u00f3 th\u1ec3 thay \u0111\u1ed5i c\u1ed5ng ngu\u1ed3n t\u1eeb 12345 th\u00e0nh 54321.<\/li>\n
              6. \n

                Sau \u0111\u00f3, b\u1ed9 \u0111\u1ecbnh tuy\u1ebfn s\u1ebd g\u1eedi g\u00f3i tin \u0111\u00e3 s\u1eeda \u0111\u1ed5i t\u1edbi 198.51.100.10.<\/p>\n<\/li>\n

              7. \n

                Ph\u1ea3n h\u1ed3i t\u1eeb m\u00e1y ch\u1ee7<\/strong>: M\u00e1y ch\u1ee7 web t\u1ea1i 198.51.100.10 ph\u1ea3n h\u1ed3i t\u1edbi IP c\u00f4ng c\u1ed9ng 203.0.113.5 v\u1edbi c\u1ed5ng \u0111\u00edch 54321.<\/p>\n<\/li>\n

              8. \n

                NAT \u0111\u1ea3o ng\u01b0\u1ee3c<\/strong>:<\/p>\n<\/li>\n

              9. B\u1ed9 \u0111\u1ecbnh tuy\u1ebfn nh\u1eadn \u0111\u01b0\u1ee3c g\u00f3i ph\u1ea3n h\u1ed3i v\u00e0 ki\u1ec3m tra b\u1ea3ng NAT c\u1ee7a n\u00f3.<\/li>\n
              10. N\u00f3 th\u1ea5y r\u1eb1ng 203.0.113.5:54321 t\u01b0\u01a1ng \u1ee9ng v\u1edbi 192.168.1.2:12345.<\/li>\n
              11. B\u1ed9 \u0111\u1ecbnh tuy\u1ebfn s\u1eeda \u0111\u1ed5i g\u00f3i tin, thay \u0111\u1ed5i IP \u0111\u00edch t\u1eeb 203.0.113.5 tr\u1edf l\u1ea1i 192.168.1.2 v\u00e0 chuy\u1ec3n ti\u1ebfp \u0111\u1ebfn Thi\u1ebft b\u1ecb A.<\/li>\n<\/ol>\n

                B\u1ea3n t\u00f3m t\u1eaft<\/h3>\n

                NAT l\u00e0 c\u00f4ng ngh\u1ec7 quan tr\u1ecdng trong m\u1ea1ng hi\u1ec7n \u0111\u1ea1i, \u0111\u1eb7c bi\u1ec7t l\u00e0 trong b\u1ed1i c\u1ea3nh m\u1ea1ng proxy. B\u1eb1ng c\u00e1ch qu\u1ea3n l\u00fd hi\u1ec7u qu\u1ea3 vi\u1ec7c s\u1eed d\u1ee5ng \u0111\u1ecba ch\u1ec9 IP v\u00e0 cung c\u1ea5p m\u1ed9t l\u1edbp b\u1ea3o m\u1eadt, n\u00f3 cho ph\u00e9p giao ti\u1ebfp li\u1ec1n m\u1ea1ch gi\u1eefa c\u00e1c m\u1ea1ng n\u1ed9i b\u1ed9 v\u00e0 internet b\u00ean ngo\u00e0i \u0111\u1ed3ng th\u1eddi t\u01b0\u01a1ng t\u00e1c hi\u1ec7u qu\u1ea3 v\u1edbi c\u00e1c m\u00e1y ch\u1ee7 proxy \u0111\u1ec3 n\u00e2ng cao ch\u1ee9c n\u0103ng v\u00e0 hi\u1ec7u su\u1ea5t.<\/p>","protected":false},"excerpt":{"rendered":"

                What is NAT (Network Address Translation)? Network Address Translation (NAT) is a method used in networking that enables the modification of the IP address information in the IP packet headers while they are in transit across a traffic routing device. NAT is primarily used for two main purposes: IP Address Conservation: NAT allows multiple devices […]<\/p>\n","protected":false},"author":1,"featured_media":405,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[17],"tags":[21,53,86,22,84,85,19,88,89,87],"class_list":["post-404","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-network","tag-cybersecurity","tag-firewall","tag-ip-addressing","tag-ipv4","tag-nat","tag-network-address-translation","tag-networking","tag-private-networks","tag-public-ip","tag-routers"],"acf":[],"_links":{"self":[{"href":"https:\/\/replicounts.org\/vi\/wp-json\/wp\/v2\/posts\/404","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/replicounts.org\/vi\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/replicounts.org\/vi\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/replicounts.org\/vi\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/replicounts.org\/vi\/wp-json\/wp\/v2\/comments?post=404"}],"version-history":[{"count":0,"href":"https:\/\/replicounts.org\/vi\/wp-json\/wp\/v2\/posts\/404\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/replicounts.org\/vi\/wp-json\/wp\/v2\/media\/405"}],"wp:attachment":[{"href":"https:\/\/replicounts.org\/vi\/wp-json\/wp\/v2\/media?parent=404"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/replicounts.org\/vi\/wp-json\/wp\/v2\/categories?post=404"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/replicounts.org\/vi\/wp-json\/wp\/v2\/tags?post=404"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}