4.1 NAT-地址转换. 1
4.1.1 用出接口地址做Easy nat 1
4.1.2 地址池方式做nat 2
4.1.3 ISDN拨号做nat上网. 3
4.1.4 一个以太口也做nat转换. 4
4.1.5 对外提供ftp,www等服务. 5
4.1 NAT-地址转换
4.1.1 用出接口地址做Easy nat
【Router】
|
当前路由器提示视图 |
依次输入的配置命令,重要的命令红色突出显示 |
简单说明 |
|
|
! |
适用版本vrp1.74及1.44 |
|
[Router] |
acl 1 match-order auto |
|
|
[Router-acl1] |
rule normal permit source 10.0.0.0 0.0.0.255 |
|
|
[Router-acl1] |
rule normal deny source any |
|
|
|
! |
|
|
[Router] |
interface Ethernet0 |
|
|
[Router-Ethernet0] |
ip address 10.0.0.1 255.255.255.0 |
|
|
|
! |
|
|
[Router] |
interface Ethernet1 |
|
|
[Router-Ethernet1] |
ip address 202.1.1.1 255.255.255.0 |
|
|
[Router-Ethernet1] |
nat outbound 1 interface |
|
|
|
! |
|
|
[Router] |
ip route-static 0.0.0.0 0.0.0.0 202.1.1.2 preference 60 |
|
|
[Router] |
! |
|
|
[Router] |
return |
|
4.1.2 地址池方式做nat
【Router】
|
当前路由器提示视图 |
依次输入的配置命令,重要的命令红色突出显示 |
简单说明 |
|
|
! |
适用版本vrp1.74及1.44 |
|
[Router] |
nat address-group 1 202.1.1.1 202.1.1.6 pool1 |
|
|
|
! |
|
|
[Router] |
acl 101 acl 1 match-order auto |
|
|
[Router-acl1] |
rule normal permit source 10.0.0.0 0.0.0.255 |
|
|
[Router-acl1] |
rule normal deny source any |
|
|
|
! |
|
|
[Router] |
interface Ethernet0 |
|
|
[Router-Ethernet0] |
ip address 10.0.0.1 255.255.255.0 |
|
|
|
! |
|
|
[Router] |
interface Ethernet1 |
|
|
[Router-Ethernet1] |
ip address 202.1.1.1 255.255.255.0 |
|
|
[Router-Ethernet1] |
nat outbound 1 pool pool1 |
|
|
|
! |
|
|
[Router] |
ip route-static 0.0.0.0 0.0.0.0 202.1.1.2 preference 60 |
|
|
|
! |
|
|
|
return |
|
4.1.3 ISDN拨号做nat上网
【Router】
|
当前路由器提示视图 |
依次输入的配置命令,重要的命令红色突出显示 |
简单说明 |
|
|
! |
适用版本vrp1.74及1.44 |
|
[Router] |
dialer-rule 1 ip permit |
|
|
[Router] |
! |
|
|
|
acl 1 match-order auto |
|
|
[Router-acl1] |
rule normal permit source 10.0.0.0 0.0.0.255 |
|
|
[Router-acl1] |
rule normal deny source any |
|
|
|
! |
|
|
内网的以太口地址根据实际情况来配置 | ||
|
[Router] |
interface Ethernet0 |
|
|
[Router-Ethernet0] |
ip address 10.0.0.1 255.255.255.0 |
|
|
[Router-Ethernet0] |
! |
|
|
[Router-Serial0] |
interface Bri0 |
|
|
[Router-Bri0] |
link-protocol ppp |
|
|
[Router-Bri0] |
ppp mp |
使能128K两B拨号 |
|
[Router-Bri0] |
ppp pap local-user 16900 password simple 16900 |
|
|
[Router-Bri0] |
ip address ppp-negotiate |
|
|
[Router-Bri0] |
dialer enable-circular |
ISDN拔号不用配置dialer enable-legacy,如果是灵活DDR拔号,还应配置undo dialer enable-legacy |
|
[Router-Bri0] |
dialer-group 1 |
|
|
[Router-Bri0] |
dialer number 16900 |
|
|
[Router-Bri0] |
nat outbound 1 interface |
|
|
|
! |
|
|
[Router] |
ip route-static 0.0.0.0 0.0.0.0 bri 0 preference 60 |
使用isdn-bri拨号 |
|
[Router] |
! |
|
|
[Router] |
return |
|
4.1.4 一个以太口也做nat转换
【Router】
|
当前路由器提示视图 |
依次输入的配置命令,重要的命令红色突出显示 |
简单说明 |
|
|
! |
适用版本vrp1.74及1.44 |
|
[Router] |
acl 101 match-order auto |
|
|
[Router-acl101] |
rule normal deny ip source 10.0.0.0 0.0.0.255 destination 10.0.0.1 0.0.0.0 |
|
|
[Router-acl101] |
rule normal permit source 10.0.0.0 0.0.0.255 |
|
|
[Router-acl101] |
rule normal deny source any |
|
|
|
! |
|
|
[Router] |
interface Ethernet0 |
|
|
[Router-Ethernet0] |
ip address 10.0.0.1 255.255.255.0 |
|
|
|
! |
|
|
[Router] |
interface Ethernet0 |
|
|
[Router-Ethernet0] |
ip address 202.1.1.1 255.255.255.0 |
|
|
[Router-Ethernet0] |
ip address 10.0.0.1 255.255.255.0 sub |
|
|
[Router-Ethernet0] |
nat outbound 101 interface |
|
|
|
! |
|
|
[Router] |
ip route-static 0.0.0.0 0.0.0.0 202.1.1.2 preference 60 |
|
|
[Router] |
! |
|
|
[Router] |
return |
|
说明:上例不推荐使用。
4.1.5 对外提供ftp,www等服务
以www服务为例,除了3.1.1和3.1.2的配置,公网接口需要增加如下配置:
[Router-Ethernet1]nat server global 202.1.1.2 www inside 10.0.0.2 www tcp
注意:如果需要其他用户可以ping通内部对外提供服务的服务器,必须增加如下配置:
[Router-Ethernet1]nat server global 202.1.1.2 any inside 10.0.0.2 any icmp
注意:内部用户不能使用公网地址来访问内部服务器,必须使用内网地址访问.
如上例子:10.0.0.0/24网段的用户,不能访问http://202.1.1.2,而只能访问http://10.0.0.2
更多内容请看网络管理实用手册、网络故障手册、网络组网专题专题,或进入讨论组讨论。
相关专题
- 什么是网络协议? (445次浏览)
- 网络协议初入门 (252次浏览)
- 三大协议NetBEUI和 IPX/SPX TCP/IP (141次浏览)
- 路由器原理及常用的路由协议、路由算法 (135次浏览)
- RIP路由协议快速入门(1) (91次浏览)
- RIP路由协议快速入门 (91次浏览)
- 协议分析工具学习TCP/IP(二) (83次浏览)
- UDP协议简介 (63次浏览)
- 虚拟专用网(VPN)的原理和组建(3) -协议篇 (57次浏览)
- RIP协议 (55次浏览)
