The Implementation Of NAT Based On Distributed Firewalls

Network security is the most important problem since network is appeared. In order to protect the network security many security protocols and technologies are used, among them firewall is the most basic and important technology. But with the development of more distributed network and the advent of many new network technologies, such as extranet, telecommuting, end-to-end encryption and computation-intensive security protocols, the shortcomings of the conventional firewalls are gradually exposed. In order to eliminate the shortcomings of conventional firewalls, the concept of distributed firewalls came into being. The distributed firewalls adopts the strategy of centralism, and solves many problems of the conventional firewalls and more adapted to the development needs of the network. With the rapid expansion of the Internet, IPv4's 32-bits IP address resource has become increasingly scarce. To solve this problem, network address translation technology is widely used. The rational use of NAT technology, not only can ease t he IP address shortage problem, but also can shield the inside network, and increase network security, so NAT is an important basic functions of distributed firewalls needs to achieve.In this paper, the development background, the significance and foreign research status of the distributed firewalls are briefly described first. Then this paper specifically introduce and rescript the overall architecture of distributed firewalls and related principles and technology, and it also shows the working principles of the static NAT mode, the dynamic NAT mode and the server NAT mode. O n this basis, detailedly analyzed the demands of the three NAT modes function realization on the distributed firewalls, and according to the result of demand analysis, design and implemente a NAT function based on Distributed Firewalls using the existing principles and technology. The function of each N AT is composed of three modules, the implementation of NAT address translation, the realization of NAT address resource allocation for each security service board, and the realization of NAT flow guidance for each security service board. NAT address translation modules realize the conversion between internal and external IP address, it can save IPv4 address resources and also can hide the IP address of the inside network. NAT address resource allocation modules split the address resource into the security service board, and NAT flow guidance modules realize the function of packets flow guidance. This thesis introduces the implementation of each NAT function and key technologies used in each part and then implement it on Comvare V7 operating system.The implementation of NAT functions on distributed firewalls can adapt to the development of the Internet better, through testing, static NAT, dynamic NAT and server NAT on distributed firewalls are able to achieve prospective network address translation function.