本文详细介绍了H3C路由器的NAT配置,包括Basic NAT(一对一转换)、NAPT(一对多转换)和Easy IP配置。还讨论了公网主动访问私网所需的NAT Server配置,以及当公网地址不属于路由器接口地址网段时的静态路由设置问题。
一、基础配置
R1:
<H3C>sys
System View: return to User View with Ctrl+Z.
H3C\]sysn R1 \[R1\]int g0/0 \[R1-GigabitEthernet0/0\]ip add 192.168.1.254 24 \[R1-GigabitEthernet0/0\]undo sh \[R1-GigabitEthernet0/0\]int g0/1 \[R1-GigabitEthernet0/1\]ip add 100.1.1.1 24 \[R1-GigabitEthernet0/1\]undo sh \[R1-GigabitEthernet0/1
R2:
<H3C>sys
System View: return to User View with Ctrl+Z.
H3C\]sysn R2 \[R2\]int g0/1 \[R2-GigabitEthernet0/1\]ip add 100.1.1.2 24 \[R2-GigabitEthernet0/1\]int g0/2 \[R2-GigabitEthernet0/2\]ip add 100.2.1.1 24 \[R2-GigabitEthernet0/2\]qu \[R2
二、R1配置默认路由
R1\]ip route-static 0.0.0.0 0 100.1.1.2 三、Basic Nat转换(一对一转换) R1: \[R1\]acl basic 2000 \[R1-acl-ipv4-basic-2000\]rule 1 permit source 192.168.1.0 0.0.0.255 \[R1-acl-ipv4-basic-2000\]qu \[R1\]nat address-group 1 \[R1-address-group-1\]address 100.1.1.10 100.1.1.20 \[R1-address-group-1\]int g0/1 \[R1-GigabitEthernet0/1\]nat outbound 2000 address-group 1 no-pat //静态一对一转换 \[R1-GigabitEthernet0/1\]qu 四、NAPT(一对多转换) \[R1\]undo nat address-group 1 \[R1\]int g0/1 R1-GigabitEthernet0/1\]undo nat outbound 2000 R1-GigabitEthernet0/1\]qu R1\]nat address-group 1 R1-address-group-1\]address 100.1.1.10 100.1.1.10 \[R1-address-group-1\]int g0/1 R1-GigabitEthernet0/1\]nat outbound 2000 address-group 1 //不带no-pat表示端口转换 \[R1-GigabitEthernet0/1\]qu 五、Easy IP配置 \[R1\]int g0/1 \[R1-GigabitEthernet0/1\]undo nat outbound 2000 \[R1-GigabitEthernet0/1\]nat outbound 2000 \[R1-GigabitEthernet0/1\]qu //不需要地址池。私有网络转换公网地址,就是G0/1是公网地址。 六、NAT Server \[R1\]int g0/1 \[R1-GigabitEthernet0/1\]nat server global 100.1.1.10 inside 192.168.1.1 //为PCA绑定一个公网IP地址:100.1.1.10 \[R1-GigabitEthernet0/1\]nat server protocol tcp global 100.1.1.11 inside 192.168. 1.1 //绑定公网IP,为公网提供其他服务。比如FTP、WWW等 \[R1-GigabitEthernet0/1\]qu