NAT简单配置
原创
©著作权归作者所有:来自51CTO博客作者北京菜丫的原创作品,请联系作者获取转载授权,否则将追究法律责任
NAT简单配置
基础配置
#R1
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys R1
[R1]un in en
Info: Information center is disabled.
[R1]int gi0/0/0
[R1-GigabitEthernet0/0/0]ip add 12.1.1.1 24
[R1-GigabitEthernet0/0/0]int gi0/0/1
[R1-GigabitEthernet0/0/1]ip ad 192.168.1.1 24
[R1-GigabitEthernet0/0/1]q
[R1]ip route-s 0.0.0.0 0 12.1.1.2
#R2
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]int gi0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 12.1.1.2 24
[Huawei-GigabitEthernet0/0/0]int gi0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 9.9.9.1 24
[Huawei-GigabitEthernet0/0/1]int gi0/0/2
[Huawei-GigabitEthernet0/0/2]ip ad 8.8.8.1 24
[Huawei-GigabitEthernet0/0/2]q
静态NAT
[R1]int gi0/0/0
[R1-GigabitEthernet0/0/0]nat static global 12.1.1.3 inside 192.168.1.2
动态NAT
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R1-acl-basic-2000]q
[R1]nat address-group 1 12.1.1.3 12.1.1.4
[R1]int gi0/0/0
#取消刚刚的静态NAT
[R1-GigabitEthernet0/0/0]undo nat static global 12.1.1.3 inside 192.168.1.2
[R1-GigabitEthernet0/0/0]nat outbound 2000 address-group 1 no-pat
#注意:模拟器bug不支持!!!所以图暂时不贴了。真机是ok的。
#真机环境,由于这里只配置了两个公网ip。理论上只支持同时两个客户端去访问,第三个客户端去访问会不通。
NAPT
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R1-acl-basic-2000]q
[R1]nat address-group 1 12.1.1.3 12.1.1.4
[R1]int gi0/0/0
[R1-GigabitEthernet0/0/0]nat outbound 2000 address-group 1
#ip+端口映射,可以支持多个pc(不仅限于2个)去访问
Easy ip nat(基于端口)
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R1-acl-basic-2000]q
[R1]int gi0/0/0
[R1-GigabitEthernet0/0/0]undo nat outbound 2000 address-group 1
[R1-GigabitEthernet0/0/0]nat outbound 2000
NAT Server(端口映射)
[R1]int gi0/0/0
[R1-GigabitEthernet0/0/0]nat server protocol tcp global 12.1.1.5 80 inside 192.168.1.4 80
