华为静态、动态NAT地址转换及静态端口映射（华为nat端口映射配置）

华为静态、动态NAT地址转换及静态端口映射（华为nat端口映射配置）

Demo1：静态NAT地址转换

eNSP中拓扑：

SW1：

sys [Huawei]sysname SW1 [SW1]vlan batch 10 20 30 40 Info: This operation may take a few seconds. Please wait for a moment...done. [SW1]int vlanif10 [SW1-Vlanif10]ip add 192.168.10.1 24 [SW1-Vlanif10]int vlanif20 [SW1-Vlanif20]ip add 192.168.20.1 24 [SW1-Vlanif20]int vlanif30 [SW1-Vlanif30]ip add 192.168.30.1 24 [SW1-Vlanif30]int vlanif40 [SW1-Vlanif40]ip add 11.0.0.2 24 [SW1-Vlanif40]q [SW1]dis ip int b *down: administratively down ^down: standby (l): loopback (s): spoofing The number of interface that is UP in Physical is 2 The number of interface that is DOWN in Physical is 5 The number of interface that is UP in Protocol is 1 The number of interface that is DOWN in Protocol is 6 Interface IP Address/Mask Physical Protocol MEth0/0/1 unassigned down down NULL0 unassigned up up(s) Vlanif1 unassigned up down Vlanif10 192.168.10.1/24 down down Vlanif20 192.168.20.1/24 down down Vlanif30 192.168.30.1/24 down down Vlanif40 11.0.0.2/24 down down [SW1]int g0/0/1 [SW1-GigabitEthernet0/0/1]port link-type access [SW1-GigabitEthernet0/0/1]port default vlan 10 [SW1-GigabitEthernet0/0/1]int g0/0/2 [SW1-GigabitEthernet0/0/2]port link-type access [SW1-GigabitEthernet0/0/2]port default vlan 20 [SW1-GigabitEthernet0/0/2]int g0/0/3 [SW1-GigabitEthernet0/0/3]port link-type access [SW1-GigabitEthernet0/0/3]port default vlan 30 [SW1-GigabitEthernet0/0/3]int g0/0/4 [SW1-GigabitEthernet0/0/4]port link-type access [SW1-GigabitEthernet0/0/4]port default vlan 20 [SW1-GigabitEthernet0/0/4]int g0/0/5 [SW1-GigabitEthernet0/0/5]port link-type access [SW1-GigabitEthernet0/0/5]port default vlan 40 [SW1-GigabitEthernet0/0/5]dis vlan The total number of vlans is : 5 -------------------------------------------------------------------------------- U: Up; D: Down; TG: Tagged; UT: Untagged; MP: Vlan-mapping; ST: Vlan-stacking; #: ProtocolTransparent-vlan; *: Management-vlan; -------------------------------------------------------------------------------- VID Type Ports -------------------------------------------------------------------------------- 1 common UT:GE0/0/6(D) GE0/0/7(D) GE0/0/8(D) GE0/0/9(D) GE0/0/10(D) GE0/0/11(D) GE0/0/12(D) GE0/0/13(D) GE0/0/14(D) GE0/0/15(D) GE0/0/16(D) GE0/0/17(D) GE0/0/18(D) GE0/0/19(D) GE0/0/20(D) GE0/0/21(D) GE0/0/22(D) GE0/0/23(D) GE0/0/24(D) 10 common UT:GE0/0/1(U) 20 common UT:GE0/0/2(U) GE0/0/4(U) 30 common UT:GE0/0/3(U) 40 common UT:GE0/0/5(U) VID Status Property MAC-LRN Statistics Description -------------------------------------------------------------------------------- 1 enable default enable disable VLAN 0001 10 enable default enable disable VLAN 0010 20 enable default enable disable VLAN 0020 30 enable default enable disable VLAN 0030 40 enable default enable disable VLAN 0040 [SW1-GigabitEthernet0/0/5]q [SW1]dis ip int b *down: administratively down ^down: standby (l): loopback (s): spoofing The number of interface that is UP in Physical is 5 The number of interface that is DOWN in Physical is 2 The number of interface that is UP in Protocol is 5 The number of interface that is DOWN in Protocol is 2 Interface IP Address/Mask Physical Protocol MEth0/0/1 unassigned down down NULL0 unassigned up up(s) Vlanif1 unassigned down down Vlanif10 192.168.10.1/24 up up Vlanif20 192.168.20.1/24 up up Vlanif30 192.168.30.1/24 up up Vlanif40 11.0.0.2/24 up up //此时端口全部配置结束并开启 [SW1]ip route-static 0.0.0.0 0.0.0.0 11.0.0.1

R1：

sys [Huawei]sysname R1 [R1]int g0/0/0 [R1-GigabitEthernet0/0/0]ip add 11.0.0.1 24 [R1-GigabitEthernet0/0/0]un sh Info: Interface GigabitEthernet0/0/0 is not shutdown. [R1-GigabitEthernet0/0/0]q [R1]ping 11.0.0.2 PING 11.0.0.2: 56 data bytes, press CTRL_C to break Reply from 11.0.0.2: bytes=56 Sequence=1 ttl=255 time=50 ms Reply from 11.0.0.2: bytes=56 Sequence=2 ttl=255 time=20 ms Reply from 11.0.0.2: bytes=56 Sequence=3 ttl=255 time=30 ms Reply from 11.0.0.2: bytes=56 Sequence=4 ttl=255 time=20 ms Reply from 11.0.0.2: bytes=56 Sequence=5 ttl=255 time=20 ms --- 11.0.0.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 20/28/50 ms [R1]int g0/0/01 [R1-GigabitEthernet0/0/1]ip add 12.0.0.1 24 [R1-GigabitEthernet0/0/1]un sh Info: Interface GigabitEthernet0/0/1 is not shutdown. [R1-GigabitEthernet0/0/1]nat static enable [R1-GigabitEthernet0/0/1]q [R1]nat static global 8.8.8.8 inside 192.168.10.10 [R1]ip route-static 0.0.0.0 0.0.0.0 12.0.0.2 [R1]ip route-static 192.168.10.0 24 11.0.0.2 [R1]ip route-static 192.168.20.0 24 11.0.0.2 [R1]ip route-static 192.168.30.0 24 11.0.0.2

R2：

sys [Huawei]sysname R2 [R2]int g0/0/0 [R2-GigabitEthernet0/0/0]ip add 12.0.0.2 24 [R2-GigabitEthernet0/0/0]un sh Info: Interface GigabitEthernet0/0/0 is not shutdown. [R2-GigabitEthernet0/0/0]ping 12.0.0.1 PING 12.0.0.1: 56 data bytes, press CTRL_C to break Reply from 12.0.0.1: bytes=56 Sequence=1 ttl=255 time=110 ms Reply from 12.0.0.1: bytes=56 Sequence=2 ttl=255 time=30 ms Reply from 12.0.0.1: bytes=56 Sequence=3 ttl=255 time=20 ms Reply from 12.0.0.1: bytes=56 Sequence=4 ttl=255 time=20 ms Reply from 12.0.0.1: bytes=56 Sequence=5 ttl=255 time=10 ms --- 12.0.0.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 10/38/110 ms [R2-GigabitEthernet0/0/0]q [R2]int loopBack0 [R2-LoopBack0]ip add 114.114.114.114 32 [R2-LoopBack0]q [R2]ip route-static 8.8.8.8 32 12.0.0.1

验证：在PC4中ping:114.114.114.114

PC>ping 114.114.114.114 Ping 114.114.114.114: 32 data bytes, Press Ctrl_C to break From 114.114.114.114: bytes=32 seq=1 ttl=253 time=47 ms From 114.114.114.114: bytes=32 seq=2 ttl=253 time=31 ms From 114.114.114.114: bytes=32 seq=3 ttl=253 time=47 ms From 114.114.114.114: bytes=32 seq=4 ttl=253 time=31 ms From 114.114.114.114: bytes=32 seq=5 ttl=253 time=47 ms --- 114.114.114.114 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/40/47 ms

抓包软件测试地址转换：

Demo2：动态NAT：

R1：

[R1]nat address-group 1 212.0.0.100 212.0.0.200 [R1]acl 2000 [R1-acl-basic-2000]rule permit source 192.168.20.0 0.0.0.255 [R1-acl-basic-2000]rule permit source 11.0.0.0 0.0.0.255 [R1-acl-basic-2000]int g0/0/1 [R1-GigabitEthernet0/0/1]dis this [V200R003C00] # interface GigabitEthernet0/0/1 ip address 12.0.0.1 255.255.255.0 nat static global 8.8.8.8 inside 192.168.10.10 netmask 255.255.255.255 # return [R1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 no-pat [R1-GigabitEthernet0/0/1]q

R2：

[R2]ip route-static 212.0.0.0 24 12.0.0.1 //配静态

在PC2中ping:114.114.114.114：

PC>ping 114.114.114.11 Ping 114.114.114.114: 32 data bytes, Press Ctrl_C to break From 114.114.114.114: bytes=32 seq=1 ttl=253 time=31 ms From 114.114.114.114: bytes=32 seq=2 ttl=253 time=47 ms From 114.114.114.114: bytes=32 seq=3 ttl=253 time=47 ms From 114.114.114.114: bytes=32 seq=4 ttl=253 time=47 ms From 114.114.114.114: bytes=32 seq=5 ttl=253 time=62 ms --- 114.114.114.114 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/46/62 ms

此时对R2的g0/0/0口进行抓包，可以发现地址已实现动态转换：

Demo3：Easyip多个私网IP地址对应外网口公网IP地址（12.0.0.1）

R1：

[R1]acl 3000 [R1-acl-adv-3000]rule permit ip source 192.168.30.0 0.0.0.255 [R1-acl-adv-3000]q [R1]int g0/0/1 [R1-GigabitEthernet0/0/1]dis this [V200R003C00] # interface GigabitEthernet0/0/1 ip address 12.0.0.1 255.255.255.0 nat static global 8.8.8.8 inside 192.168.10.10 netmask 255.255.255.255 nat outbound 2000 address-group 1 no-pat # return [R1-GigabitEthernet0/0/1]nat outbound 3000

在PC3中ping:114.114.114.114：

PC>ping 114.114.114.114 Ping 114.114.114.114: 32 data bytes, Press Ctrl_C to break From 114.114.114.114: bytes=32 seq=1 ttl=253 time=31 ms From 114.114.114.114: bytes=32 seq=2 ttl=253 time=78 ms From 114.114.114.114: bytes=32 seq=3 ttl=253 time=31 ms From 114.114.114.114: bytes=32 seq=4 ttl=253 time=16 ms From 114.114.114.114: bytes=32 seq=5 ttl=253 time=31 ms --- 114.114.114.114 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 16/37/78 ms

此时对R2的g0/0/0口进行抓包，查询地址是否转换：

此时NAT实验成功！谢谢观看！

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。