NAT原理、配置

2023-12-31 20:20:16

NAT原理、配置
NAT原理、配置
要求:根据需求实现内网访问外网
NAT确保数据包返回
边界路由连接公网与私网使用NAT实现私有地址与公有地址转换
内网为私有IP,外网为公有IP
公司内网访问外网的边界路由设备配置

配置PC与服务器IP地址及网关、掩码
配置交换机:
sys
[Huawei]sys sw
[sw]vlan 10
[sw-vlan10]q
[sw]port-group group-member g0/0/1 g0/0/2 ^
[sw-port-group]port link-type acc
[sw-GigabitEthernet0/0/1]port link-type acc
[sw-GigabitEthernet0/0/2]port link-type acc
[sw-port-group]por de vl 10
[sw-GigabitEthernet0/0/1]por de vl 10
[sw-GigabitEthernet0/0/2]por de vl 10
配置R-N:
[R-N]int g0/0/0
[R-N-GigabitEthernet0/0/0]ip address 10.1.1.254 24
[R-N]int g0/0/1
[R-N-GigabitEthernet0/0/1]ip address 110.1.1.2 24
[R-N-GigabitEthernet0/0/1]nat static global 110.1.1.3 inside 10.1.1.1
[R-N]ip route-static 200.1.1.0 24 110.1.1.2
[R-N]

NAT
[R-N]int g0/0/1
[R-N-GigabitEthernet0/0/1]nat static global 110.1.1.3 inside 10.1.1.1
[R-N]int g0/0/1
[R-N-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 no-pat

NAT(PAT)
[R-N]acl 2000
[R-N-acl-basic-2000]rule 10 permit source 10.1.1.1 0
[R-N-acl-basic-2000]rule 20 permit source 10.1.1.2 0
[R-N]nat address-group 1 110.1.1.3 110.1.1.4
[R-N]int g0/0/1
[R-N-GigabitEthernet0/0/1]nat outbound 2000 address-group 1
[R-N-GigabitEthernet0/0/1]

NAT(Easy IP)
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1

配置R-W:
un t m
sys
[Huawei]sys R-W
[R-W]int g0/0/1
[R-W-GigabitEthernet0/0/1]ip address 110.1.1.2 24
[R-W-GigabitEthernet0/0/1]int g0/0/0
[R-W-GigabitEthernet0/0/0]ip address 200.1.1.254 24
[R-W-GigabitEthernet0/0/0]

需求:

  1. 公司内不很多vlan
  2. 仅仅允许vlan 10 中的主机上网
  3. 但是vlan 10 中的PC-1 不允许PC-1 10.1.1.1
    NAT原理、配置

[R-N]acl 2000
[R-N-acl-basic-2000]rule 10 permit ip source 10.1.1.0 0.0.0.255 destination 200.1.1.1 0
[R-N-acl-basic-2000]dis th
[V200R003C00]

acl number 2000
rule 5 deny ip source 10.1.1.1 0 destination 200.1.1.1 0
rule 10 permit ip source 10.1.1.0 0.0.0.255 destination 200.1.1.1 0

return
[R-N-acl-basic-2000]q
[R-N]int g0/0/1
[R-N-GigabitEthernet0/0/1]nat outbound 2000

NAT原理、配置

[R-N]int g0/0/1
[R-N-GigabitEthernet0/0/1]nat server protocol tcp global 110.1.1.88 80 inside 10.1.1.88 80

使用外网路由器远程内网交换机的NAT配置
[R-N]int g0/0/1
[R-N-GigabitEthernet0/0/1]nat server protocol tcp global 110.1.1.88 2019 inside 10.1.1.33 telnet

telnet 110.1.1.88 2019
Press CTRL_] to quit telnet mode
Trying 110.1.1.88 …
Connected to 110.1.1.88 …

Login authentication

Password:
Info: The max number of VTY users is 5, and the number
of current VTY users on line is 1.
The current login time is 2019-07-11 16:36:24.
sys
Enter system view, return user view with Ctrl+Z.
[sw]

上一篇:软件过程管理


下一篇:模板集(更新中)