NAT SERVER:
配置NAT SERVER,通过公网对私网的一 一映射,实现公网可以访问内网:[RTA]int e0/0
[RTA-Ethernet0/0]ip add 10.0.0.254 24
[RTA-Ethernet0/0]undo shutdown
[RTA-Ethernet0/1]int e0/1
[RTA-Ethernet0/1]ip add 198.76.28.1 24
[RTA-Ethernet0/1]undo shutdown
[RTA]rip
[RTA-rip-1]ver 2
[RTA-rip-1]undo summ
[RTA-rip-1]undo summary
[RTA-rip-1]network 198.76.28.0
[RTA]int e0/0
[RTA-Ethernet0/0]ip add 198.76.28.2 24
[RTA-Ethernet0/0]undo shutdown
[RTA-Ethernet0/1]int e0/1
[RTA-Ethernet0/1]ip add 198.76.29.1 24
[RTA-Ethernet0/1]undo shutdown
[RTA]rip
[RTA-rip-1]ver 2
[RTA-rip-1]undo summ
[RTA-rip-1]undo summary
[RTA-rip-1]network 198.76.28.0
[RTA-rip-1]network 198.76.29.0
PCA:10.0.0.1 255.255.255.0 GT:10.0.0.254
PCB:10.0.0.2 255.255.255.0 GT:10.0.0.254
SERVER:198.76.29.4 255.255.255.0 GT:198.76.29.1
此时公网网络已经正常访问,但是公网却无法访问内部私有网络,当私网有某种服务需要发布时就无法实现,此时就用到了NAT SERVER:
RTA]int e0/1
[RTA-Ethernet0/1]nat server protocol icmp global 198.76.28.10 inside 10.0.0.1 匹配公网对应的私网地址和所使用的协议。
此时访问映射的公网地址已经成功:
[RTB]ping -a 198.76.29.4 198.76.28.10
PING 198.76.28.10: 56 data bytes, press CTRL_C to break
Reply from 198.76.28.10: bytes=56 Sequence=1 ttl=127 time=24 ms
Reply from 198.76.28.10: bytes=56 Sequence=2 ttl=127 time=10 ms
Reply from 198.76.28.10: bytes=56 Sequence=3 ttl=127 time=10 ms
Reply from 198.76.28.10: bytes=56 Sequence=4 ttl=127 time=1 ms
Reply from 198.76.28.10: bytes=56 Sequence=5 ttl=127 time=20 ms
--- 198.76.28.10 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/13/24 ms
[RTA]disp nat server
NAT server in private network information:
There are currently 1 internal server(s)
Interface:Ethernet0/0/0, Protocol:1(icmp),
[global] 198.76.28.10: ---- [local] 10.0.0.1: ----可以看到通过198.76.28.10 映射10.0.0.1私网地址。
此时的私网地址10.0.0.1也是可以成功访问公网的:
C:\Documents and Settings\xiaofei>ping 198.76.29.4
Pinging 198.76.29.4 with 32 bytes of data:
Reply from 198.76.29.4: bytes=32 time=7ms TTL=254
Reply from 198.76.29.4: bytes=32 time=16ms TTL=254
Reply from 198.76.29.4: bytes=32 time=1ms TTL=254
Reply from 198.76.29.4: bytes=32 time=16ms TTL=254
Ping statistics for 198.76.29.4:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 16ms, Average = 10ms
当公网想要访问内部的私有服务时,同样使用NAT SERVER ,比如FTP,www,DNS等:
RTA]int e0/1
[RTA-Ethernet0/1]nat server protocol tcp global 198.76.28.10 ftp inside 10.0.0.1 ftp
[RTA-Ethernet0/1]nat server protocol tcp global 198.76.28.10 www inside 10.0.0.1 www
[RTA-Ethernet0/1]nat server protocol udp global 198.76.28.10 dns inside 10.0.0.1 dns