1. On the Internet backbone, everyone uses the public IP address to identify that they know this IP address, so they can directly locate the connection. 2. There are two types of IP addresses, IPV4 and IPV6; Only IPV4 will have intranet penetration. 3. Given the number of IPV4, it is impossible for all devices to identify their own unique IP addresses on the trunk.
4. So I think of a way to connect all the devices in a region and connect them with the devices in other regions on the trunk road, share only one public IP address to identify myself externally, and assign some sufficient private addresses (NAT5) internally. In addition to the physical ports, there are also software-level ports between the devices. To generate a connection, you must have a port for you to transmit data.
6. So NAT has done such a thing: private IP+port “–” public IP+port to achieve the Internet access of a certain intranet machine. 7. When there is no public IP within the scope of your operation, you cannot achieve the intranet penetration you want. In fact, as long as you can access the Internet, you must have a public IP externally, but you can’t operate it! For example, local area network and metropolitan area network.
8. The essence of intranet penetration is to make articles on the public IP or port, so as to achieve customized access. 9. For example, use other public IP: a: need a machine A (physical machine and virtual machine can both) that can operate and have public IP. b: need to do it.
Port mapping/forwarding allows the local LAN machine and machine A to establish a connection, so as to achieve the intranet penetration of c: nat123, peanut shell, frp, as long as they are similar, they are all in this mode: use other operable public network ip for forwarding d: the advantage of this mode is that the access end can directly access with the domain name or address without installing any other auxiliary client
f: The disadvantage is that machine A may need to be purchased separately and pay the corresponding broadband fee, such as peanut shell. Its own server is machine A, which provides you with such a service. The cheap bandwidth is also small and the speed is also slow. By passing you a domain name resolution 10. Connect directly after knowing the port: a: Generally, the port converted from NAT is random, but you need to know, All kinds of software we play on mobile phones or computers can communicate with their own servers in both directions.
b: The reason is that when they communicate, they obtain each other’s public IP+port (some apps are fixed domain names) c: no matter whether it is a p2p connection or VPN, as long as it is similar, it is this mode d: it must install and use auxiliary clients at both ends (which can be understood as obtaining the address of the other party to connect to each other, and even encryption to improve security)
f: The difficulty of this mode is to establish the initial connection. There are many ways, which are referred to as drilling and traversing g for short. The disadvantage is that: both ends must be installed with auxiliary clients to achieve 11. IPv6 does not have the problem of intranet penetration, because the terminal device obtains almost all IPV6 addresses that can be accessed directly. Therefore, my own server uses IPV4 forwarding penetration+IPV6; It is used when IPV6 cannot be accessed (access devices must also support IPV6).
IPV4 access. 12. For the public IPV4 address that can be operated by itself, the simplest way is to log in the peanut shell account in the corresponding router to resolve the domain name, and then map the intranet host on the port.