NAT

最新推荐文章于 2024-10-31 21:42:19 发布

jwrrrrrr

最新推荐文章于 2024-10-31 21:42:19 发布

阅读量243

点赞数

分类专栏：网络文章标签：网络路由器

本文链接：https://blog.youkuaiyun.com/oyyy3/article/details/119990212

版权

网络专栏收录该内容

16 篇文章

订阅专栏

1.静态NAT（一个内网地址对一个公网地址）

2.动态NAT——PAT(多个内网地址对多个公网地址）

3.Easyip（多个内网地址对一个接口）

4.静态PAT（一对一，但是外网口IP和服务映射网内网服务器的IP和服务）

一.NAT概念

NAT—— Network Address Translation。又称为网络地址转换。

1.作用

用于实现私有网络和公有网络之间的互访。

内网地址范围：

10.0.0.0——10.255.255.255

172.16.0.0——172.31.255.255

192.168.0.0——192.168.255.255

2.NAT的使用场景

没有足够的公网IP连接到Internet
当更换ISP（互联网服务提供商）需要重新编址
合并两个使用重叠地址空间的内部网络
使用单个IP地址支持基本的负载分担

3.NAT的优点

节省了公网的IP地址
能够处理编址方案重叠的情况
网络发生改变时不需要重新编址
隐藏了真正的IP地址（保证了安全）

二.拓扑图

1.静态NAT（一个内网地址对一个公网地址）

R1
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r1
[r1]user-interface console 0
[r1-ui-console0]idle-timeout 0 0
[r1-ui-console0]q
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[r1-GigabitEthernet0/0/0]undo shutdown 
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[r1-GigabitEthernet0/0/0]q
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]ip add 202.10.100.1 24
[r1-GigabitEthernet0/0/1]undo shutdown
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[r1-GigabitEthernet0/0/1]q
[r1]ip route-static 0.0.0.0 0 202.10.100.2
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]nat static global 15.0.0.10 inside 192.168.1.10 netmask
 255.255.255.255
[r1-GigabitEthernet0/0/1]display nat static 
  Static Nat Information:
  Interface  : GigabitEthernet0/0/1
    Global IP/Port     : 15.0.0.10/---- 
    Inside IP/Port     : 192.168.1.10/----
    Protocol : ----     
    VPN instance-name  : ----                            
    Acl number         : ----
    Netmask  : 255.255.255.255 
    Description : ----

  Total :    1

ISP
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys ISP	
[ISP]user-interface console 0
[ISP-ui-console0]idle-timeout 0 0
[ISP-ui-console0]q
[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip add 202.10.100.2 24
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[ISP-GigabitEthernet0/0/0]q
[ISP]ip route-static 15.0.0.10 32 202.10.100.1

测试结果PC1能ping通 PC2不行

2.动态NAT——PAT(多个内网地址对多个公网地址）

R1
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r1
[r1]user-interface console 0
[r1-ui-console0]idle-timeout 0 0
[r1-ui-console0]q
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[r1-GigabitEthernet0/0/0]undo shutdown 
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[r1-GigabitEthernet0/0/0]q
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]ip add 202.10.100.1 24
[r1-GigabitEthernet0/0/1]undo shutdown
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[r1-GigabitEthernet0/0/1]q
[r1]ip route-static 0.0.0.0 0 202.10.100.2
[r1]nat address-group 1 15.0.0.10 15.0.0.11
[r1-GigabitEthernet0/0/1]acl 2000
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1-acl-basic-2000]q
[r1]int g0/0/1	
[r1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1
[r1-GigabitEthernet0/0/1]display nat outbound 
 NAT Outbound Information:
 --------------------------------------------------------------------------
 Interface                     Acl     Address-group/IP/Interface      Type
 --------------------------------------------------------------------------
 GigabitEthernet0/0/1         2000                              1       pat
 --------------------------------------------------------------------------
  Total : 1

ISP
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys ISP	
[ISP]user-interface console 0
[ISP-ui-console0]idle-timeout 0 0
[ISP-ui-console0]q
[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip add 202.10.100.2 24
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[ISP-GigabitEthernet0/0/0]q
[ISP]ip route-static 15.0.0.0 24 202.10.100.1

测试结果PC1能ping通 PC2也能ping通

3.Easyip（多个内网地址对一个接口）

R1
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r1
[r1]user-interface console 0
[r1-ui-console0]idle-timeout 0 0
[r1-ui-console0]q
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[r1-GigabitEthernet0/0/0]undo shutdown 
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[r1-GigabitEthernet0/0/0]int g0/0/1
[r1-GigabitEthernet0/0/1]ip add 202.10.100.1 24
[r1-GigabitEthernet0/0/1]undo shutdown
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[r1-GigabitEthernet0/0/1]q
[r1]ip route-static 0.0.0.0 0 202.10.100.2
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1-acl-basic-2000]q
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]nat outbound 2000
[r1-GigabitEthernet0/0/1]display nat outbound 
 NAT Outbound Information:
 --------------------------------------------------------------------------
 Interface                     Acl     Address-group/IP/Interface      Type
 --------------------------------------------------------------------------
 GigabitEthernet0/0/1         2000                   202.10.100.1    easyip  
 --------------------------------------------------------------------------
  Total : 1

ISP
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys ISP	
[ISP]user-interface console 0
[ISP-ui-console0]idle-timeout 0 0
[ISP-ui-console0]q
[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip add 202.10.100.2 24
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[ISP-GigabitEthernet0/0/0]q
[ISP]ip route-static 15.0.0.0 24 202.10.100.1

测试结果PC1能ping通 PC2也能ping通

4.静态PAT（一对一，但是外网口IP和服务映射网内网服务器的IP和服务）

R1
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r1
[r1]user-interface console 0
[r1-ui-console0]idle-timeout 0 0
[r1-ui-console0]q
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[r1-GigabitEthernet0/0/0]undo shutdown 
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[r1-GigabitEthernet0/0/0]int g0/0/1
[r1-GigabitEthernet0/0/1]ip add 202.10.100.1 24
[r1-GigabitEthernet0/0/1]undo shutdown
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[r1-GigabitEthernet0/0/1]q
[r1]ip route-static 0.0.0.0 0 202.10.100.2
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]nat server protocol tcp global 15.0.0.10 ftp inside 192
.168.1.10 ftp 
[r1-GigabitEthernet0/0/1]display nat server

  Nat Server Information:
  Interface  : GigabitEthernet0/0/1
    Global IP/Port     : 15.0.0.10/21(ftp) 
    Inside IP/Port     : 192.168.1.10/21(ftp)
    Protocol : 6(tcp)   
    VPN instance-name  : ----                            
    Acl number         : ----
    Description : ----

  Total :    1
[r1-GigabitEthernet0/0/1]q
[r1]nat alg all enable

ISP
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys ISP	
[ISP]user-interface console 0
[ISP-ui-console0]idle-timeout 0 0
[ISP-ui-console0]q
[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip add 202.10.100.2 24
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[ISP-GigabitEthernet0/0/0]q
[ISP]ip route-static 15.0.0.10 32 202.10.100.1

服务的开启