本文详细介绍了H3C路由器的NAT配置,包括Basic NAT(一对一转换)、NAPT(一对多转换)和Easy IP配置。还讨论了公网主动访问私网所需的NAT Server配置,以及当公网地址不属于路由器接口地址网段时的静态路由设置问题。
一、基础配置
R1:
<H3C>sys
System View: return to User View with Ctrl+Z.
H3Csysn R1
R1int g0/0
R1-GigabitEthernet0/0ip add 192.168.1.254 24
R1-GigabitEthernet0/0undo sh
R1-GigabitEthernet0/0int g0/1
R1-GigabitEthernet0/1ip add 100.1.1.1 24
R1-GigabitEthernet0/1undo sh
R1-GigabitEthernet0/1
R2:
<H3C>sys
System View: return to User View with Ctrl+Z.
H3Csysn R2
R2int g0/1
R2-GigabitEthernet0/1ip add 100.1.1.2 24
R2-GigabitEthernet0/1int g0/2
R2-GigabitEthernet0/2ip add 100.2.1.1 24
R2-GigabitEthernet0/2qu
R2
二、R1配置默认路由
R1ip route-static 0.0.0.0 0 100.1.1.2
三、Basic Nat转换(一对一转换)
R1:
R1acl basic 2000
R1-acl-ipv4-basic-2000rule 1 permit source 192.168.1.0 0.0.0.255
R1-acl-ipv4-basic-2000qu
R1nat address-group 1
R1-address-group-1address 100.1.1.10 100.1.1.20
R1-address-group-1int g0/1
R1-GigabitEthernet0/1nat outbound 2000 address-group 1 no-pat //静态一对一转换
R1-GigabitEthernet0/1qu
四、NAPT(一对多转换)
R1undo nat address-group 1
R1int g0/1
R1-GigabitEthernet0/1]undo nat outbound 2000
R1-GigabitEthernet0/1]qu
R1]nat address-group 1
R1-address-group-1]address 100.1.1.10 100.1.1.10
R1-address-group-1int g0/1
R1-GigabitEthernet0/1]nat outbound 2000 address-group 1 //不带no-pat表示端口转换
R1-GigabitEthernet0/1qu
五、Easy IP配置
R1int g0/1
R1-GigabitEthernet0/1undo nat outbound 2000
R1-GigabitEthernet0/1nat outbound 2000
R1-GigabitEthernet0/1qu
//不需要地址池。私有网络转换公网地址,就是G0/1是公网地址。
六、NAT Server
R1int g0/1
R1-GigabitEthernet0/1nat server global 100.1.1.10 inside 192.168.1.1
//为PCA绑定一个公网IP地址:100.1.1.10
R1-GigabitEthernet0/1nat server protocol tcp global 100.1.1.11 inside 192.168.
1.1
//绑定公网IP,为公网提供其他服务。比如FTP、WWW等
R1-GigabitEthernet0/1qu