NAT实现内网和外网互通
bash
#给路由器接口设置IP地址模拟实验环境
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]interface gigabitethernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.2.254 24
[Huawei-GigabitEthernet0/0/0]quit
[Huawei]interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 100.0.0.1 8
[Huawei-GigabitEthernet0/0/1]quit静态转换----一对一(双向通信)适用于服务器场合
bash
#给内网电脑申请一个公网IP--100.0.0.2,在路由器上配置NAT静态地址转换
[Huawei]interface gigabitethernet 0/0/1
# global表示外网,inside表示内网
[Huawei-GigabitEthernet0/0/1]nat static global 100.0.0.2 inside 192.168.2.1
# 配置结束后,通过192.168.2.1可ping通100.0.0.10Easy IP----多对一(单向通信)适用于普通办公环境
bash
# EasyIP通过ACL结合nat实现
[Huawei]acl 2000
#放行所有2.0网段的主机可以访问外网,如要放行所有设备,使用rule permit any
[Huawei-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[Huawei-acl-basic-2000]quit
[Huawei]interface gigabitether
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]display this
[V200R003C00]
#
interface GigabitEthernet0/0/1
ip address 100.0.0.1 255.0.0.0
nat static global 100.0.0.2 inside 192.168.2.1 netmask 255.255.255.255
nat static global 100.0.0.3 inside 192.168.2.2 netmask 255.255.255.255
#
return
[Huawei-GigabitEthernet0/0/1]undo nat static global 100.0.0. inside 192.168.2.2
[Huawei-GigabitEthernet0/0/1]display this
[V200R003C00]
#
interface GigabitEthernet0/0/1
ip address 100.0.0.1 255.0.0.0
#
return
[Huawei-GigabitEthernet0/0/1]nat outbound 2000 # 应用nat(easy ip方式)