实战:配置动态NAT
实战1:动态NAT
[Huawei]nat address-group 1 ?
[Huawei]nat address-group 1 12.2.2.2 12.2.2.3
[Huawei]acl 2000
[Huawei-acl-basic-2000]rule 5 permit source 192.168.0.0 0.0.0.255
[Huawei-acl-basic-2000]rule 10 deny
[Huawei-acl-basic-2000]quit
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]nat outbound 2000 address-group 1
PC抓包
PC4抓包
实战2:动态NAT+路由
AR3
<Huawei>sys
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.0.254 24
[Huawei-GigabitEthernet0/0/0]quit
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 192.168.1.1 24
[Huawei-GigabitEthernet0/0/1]quit
[Huawei]ip route-static 0.0.0.0 0 192.168.0.1
AR1
<Huawei>sys
[Huawei]ip route-static 192.168.1.0 24 192.168.0.254
[Huawei-acl-basic-2000]rule 6 permit source 192.168.1.0 0.0.0.255
测试
PC1
PC5
实战3:EASY NAT
EASY NAT属于简化版动态NAT
<Huawei>sys
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]display this
[V200R003C00]
#
interface GigabitEthernet0/0/1
ip address 12.2.2.1 255.255.255.0
nat outbound 2000 address-group 1
#
return
[Huawei-GigabitEthernet0/0/1]undo nat outbound 2000 address-group 1
[Huawei-GigabitEthernet0/0/1]quit
[Huawei]undo nat address-group 1
[Huawei-GigabitEthernet0/0/1]nat outbound 2000
测试
PC5抓包
实战4:端口映射
client1
server2
配置端口映射
AR1
<Huawei>sys
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]nat server protocol tcp global 12.2.2.8 80 inside 1
92.168.0.2 80 #-- 12.2.2.8是公网地址里面一个地址段
测试
实战5:端口映射+远程桌面
cloud1
clould2
WIN7
WINDOWS 2016
AR1
[Huawei-GigabitEthernet0/0/1]nat server protocol tcp global 12.2.2.8 4500 inside
192.168.0.110 3389
测试
WIN7 登录WIN2016
ch
查看端口映射的情况
[Huawei]display nat server interface GigabitEthernet 0/0/1
