Dynamic NAT (Network Address Translation) is a method of configuring a server to provide multiple internal users with access to external networks and devices. It operates by mapping an internal IP address from one user's computer to an external, public IP address. This allows each user on the network to have unique access while still functioning under the same private IP address range.

To configure Dynamic NAT on a server in Hong Kong, you will need:

- A static public IP address assigned by the ISP

- An internet connection or router that supports port forwarding

- Software such as iptables or ufw for firewall configuration

After these prerequisites are set up, you can then configure Dynamic NAT using commands specific to your operating system. The general steps would involve setting up port forwarding rules between your internal network and the outside world, configuring the firewall settings so traffic from different sources is routed correctly, and enabling the dynamic translation feature for incoming requests from outside of your local area network. Once this setup is complete, all incoming requests should be automatically routed through your public ipaddress assigned by your ISP provider in Hong Kong

- 網(wǎng)絡(luò)地址轉(zhuǎn)換（Network Address Translation，NAT）是一種實(shí)現(xiàn)IPv4的地址重用技術(shù)。NAT服務(wù)器作為內(nèi)部網(wǎng)絡(luò)與外部互聯(lián)網(wǎng)之間的隱形門戶，將來自Internet上發(fā)往內(nèi)部地址的數(shù)據(jù)封包進(jìn)行定向傳遞、修改其中相應(yīng)字段內(nèi)容以便正常傳回到互聯(lián)內(nèi)部之后又能識(shí)別出原來的位置。

### 2. 介紹TCP/UDP協(xié)議

- TCP(Transmission Control Protocol)是面向連接的協(xié)議，保證數(shù)據(jù)能夠以正常方式傳遞。它使用三個(gè)標(biāo)志位ack,syn,fin來進(jìn)行流量控制。

UDP(User Datagram Protocol)不需要打開端口并不需要長時(shí)間保留連 接 也不要特意發(fā)ACK 否則就浪 費(fèi) 有 限 的 資 源 ；而是直 接 利用IP地址+端口對(duì)數(shù) 一次性 可 靠 那怕 有 些 抓包 會(huì)馬上 ‘time out‘.

### 思路

我們只需要把`nat內(nèi)部服務(wù)器`的網(wǎng)絡(luò)數(shù)據(jù)包發(fā)往外部，即啟用Nat端口轉(zhuǎn)發(fā)即可。

```shell

iptables -t nat -A PREROUTING -d intranet_ip/32 -p tcp --dport 8080 -j DNAT --to-destination extranet_ip:80 #將intranet_ip:8080 端口映射到extranet_ip:80端口 進(jìn)行外網(wǎng)訪問

iptables -I FORWARD 1 -s intranet_ip/32 ! –d extranet_ip/32 -i eth0 -j ACCEPT #允許從intanet 發(fā)送到外部的流量通過 （eth0為內(nèi)網(wǎng)地址所對(duì)應(yīng)的物理網(wǎng)卡）

```