5.2. Application Layer Protocols with Embedded Network Information
来源:互联网 发布:centos 设置ip地址 编辑:程序博客网 时间:2024/05/01 08:51
5.2. Application Layer Protocols with Embedded Network Information
Network address translation is beautifully invisible when it works, but has adverse effects on some protocols. Some network applications, e.g., FTP, SNMP, H323, LDAP, IRC, make use of embedded IP information in the application layer protocol or data stream. Since the 2.0.x kernel series (which is not covered here), linux has supported modules which inspect and manipulate packet contents on particular types of packets when used with NAT or masquerading.
FTP is the classic example. Within the FTP control channel (usually established to destination port tcp/21) the client and the server exchange IP address and port information. If the network address translation device doesn't manipulate this data, the FTP server will not be able to contact the client to provide the data.
Passive mode FTP provides the possibility for a network layer which requires only outbound TCP connections. This results in a more NAT friendly and firewall friendly protocol, because the connections are initiated from the client.
Not only are there network applications which break when NAT is involved but also network layer protocols. IPSec is a standards-based network-layer security protocol commonly used in VPNs and IPv6 networks. There are many different ways to use IPSec, but, when used in AH (Authentication Header) mode, NAT will break IPSec functionality.
This underscores the importance of determining if NAT is the best solution for the problem. There are kernel modules to help handle many (though not all) of the application layer protocol when using NAT, but some protocols, such as IPSec in AH mode simply cannot be used with NAT.
- 5.2. Application Layer Protocols with Embedded Network Information
- TCP/IP Network Layer Protocols
- Application Layer ISO OSI Functionality and Protocols
- [Network]Application Layer
- Managing Client Network Protocols with WMI Provider
- Managing Server Network Protocols with WMI Provider
- NLRI(Network Layer Reachability Information)
- Network layers and protocols
- Guide to IP Layer Network Administration with Linux
- [Network]Network Layer
- Compiling Your Application with the Microsoft Layer for Unicode
- embedded system network setup
- Information-Centric Network
- cordova network-information插件
- Optical Network Control: Architecture, Protocols, and Standards
- protlib - Easily implement binary network protocols
- Protocols in different layers of a network
- NeL Network Layer 1
- stringutils.split string.split
- php学习笔记(8):PHP函数和自定义函数
- 2009年度中国互联网网站流量排行榜(前20 )(依据ALEXA官方统计)
- Chapter 5. Network Address Translation (NAT)
- 5.1. Rationale for and Introduction to NAT
- 5.2. Application Layer Protocols with Embedded Network Information
- 5.3. Stateless NAT with iproute2
- An In-Depth Look into the Win32 Portable Executable File Format
- 今天是最后一天
- 5.4. Stateless NAT and Packet Filtering
- 5.5. Destination NAT with netfilter (DNAT)
- 5.6. Port Address Translation (PAT) from Userspace
- rename命令的简单使用
- upper protocol——MGCP