华为eNSP实验:NAT地址转换加端口地址映射
文章目录
- 一、实验环境
- 二、实验拓扑
- 三、实验需求
- 四、实验步骤
- PC1配置
- PC2配置
- PC3配置
- PC4配置
- Server配置
- 1,设置地址
- 2,配置Httpd服务
- LSW1三层交换机配置
- R1配置
- 静态NAT
- 动态NAT
- 端口多路复用NAT
- 端口映射
- 路由表
- R2配置
- Cloud1配置
- 五、抓包测试NAT转换
- 测试需求1
- 测试需求2
- 测试需求3
- 六、测试NAT端口映射
- 测试需求4
一、实验环境
eNSP V100R003C00SPC100版本
二、实验拓扑
三、实验需求
1,PC1通过NAT静态转换为8.8.8.8地址访问外网114.114.114.114
2,PC2和PC4通过NAT动态转换为212.0.0.0网段的地址访问外网地址114.114.114.114
3,PC3通过NAT端口多路复用访问外网地址114.114.114.114
4,外网13.0.0.2能够通过R1的端口映射访问企业网内部的httpd网页
四、实验步骤
配置PC1,PC2,PC3,PC4,Server
PC1配置
PC2配置
PC3配置
PC4配置
Server配置
1,设置地址
2,配置Httpd服务
新建一个html后缀的文本,在服务器信息中选择HttpServer的80端口,文件根目录中加入html后缀的文本。
LSW1三层交换机配置
sys
Enter system view, return user view with Ctrl+Z.
[LSW1]undo info-center enable #关闭华为信息提示
Info: Information center is disabled.
[LSW1]vlan 10
[LSW1-vlan10]vlan 20
[LSW1-vlan20]vlan 30
[LSW1-vlan30]vlan 40
[LSW1-vlan40]vlan 50 #添加vlan
[LSW1-vlan50]int g0/0/1
[LSW1-GigabitEthernet0/0/1]p l a
[LSW1-GigabitEthernet0/0/1]p d v 10
[LSW1-GigabitEthernet0/0/1]un sh
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[LSW1-GigabitEthernet0/0/1]int g0/0/2
[LSW1-GigabitEthernet0/0/2]p l a
[LSW1-GigabitEthernet0/0/2]p d v 20
[LSW1-GigabitEthernet0/0/2]un sh
Info: Interface GigabitEthernet0/0/2 is not shutdown.
[LSW1-GigabitEthernet0/0/2]int g0/0/3
[LSW1-GigabitEthernet0/0/3]p l a
[LSW1-GigabitEthernet0/0/3]p d v 30
[LSW1-GigabitEthernet0/0/3]un sh
Info: Interface GigabitEthernet0/0/3 is not shutdown.
[LSW1-GigabitEthernet0/0/3]int g0/0/4
[LSW1-GigabitEthernet0/0/4]p l a
[LSW1-GigabitEthernet0/0/4]p d v 20
[LSW1-GigabitEthernet0/0/4]un sh
Info: Interface GigabitEthernet0/0/4 is not shutdown.
[LSW1-GigabitEthernet0/0/4]int g0/0/6
[LSW1-GigabitEthernet0/0/6]p l a
[LSW1-GigabitEthernet0/0/6]p d v 50
[LSW1-GigabitEthernet0/0/6]un sh
Info: Interface GigabitEthernet0/0/6 is not shutdown.
[LSW1-GigabitEthernet0/0/6]int g0/0/5
[LSW1-GigabitEthernet0/0/5]p l a
[LSW1-GigabitEthernet0/0/5]p d v 40
[LSW1-GigabitEthernet0/0/5]un sh
Info: Interface GigabitEthernet0/0/5 is not shutdown.
[LSW1-GigabitEthernet0/0/5] #把接口加入vlan
[LSW1-GigabitEthernet0/0/5]int vlanif 10
[LSW1-Vlanif10]ip add 192.168.10.1 24
[LSW1-Vlanif10]int vlanif 20
[LSW1-Vlanif20]ip add 192.168.20.1 24
[LSW1-Vlanif20]int vlanif 30
[LSW1-Vlanif30]ip add 192.168.30.1 24
[LSW1-Vlanif30]int vlanif 40
[LSW1-Vlanif40]ip add 11.0.0.2 24
[LSW1-Vlanif40]int vlanif 50
[LSW1-Vlanif50]ip add 192.168.50.1 24 #进入虚拟接口配置IP
[LSW1-Vlanif50]q
[LSW1]ip route-static 0.0.0.0 0.0.0.0 11.0.0.1 #向上配置默认路由出去
R1配置
静态NAT
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 11.0.0.1 24
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[R1-GigabitEthernet0/0/1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 12.0.0.1 24
Dec 13 2019 10:11:23-08:00 R1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/1 has entered the UP state.
[R1-GigabitEthernet0/0/1]un sh
Info: Interface GigabitEthernet0/0/1 is not shutdown. #配置接口IP
[R1-GigabitEthernet0/0/0]q
[R1]nat static global 8.8.8.8 inside 192.168.10.10
[R1-GigabitEthernet0/0/1]nat static enable #在全局配置静态NAT,在接口声明
动态NAT
[R1]nat address-group 1 212.0.0.100 212.0.0.200
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.20.0 0.0.0.255 #在全局配置静态NAT,在接口声明
[R1-acl-basic-2000]int g0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 no-pat
端口多路复用NAT
[R1-GigabitEthernet0/0/1]q
[R1]acl 3000
R1-acl-adv-3000]rule permit ip source 192.168.30.0 0.0.0.255
[R1-acl-adv-3000]int g0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 3000
端口映射
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]nat server protocol tcp global 9.9.9.9 www inside 192.1
68.50.100 www #进入接口配置端口映射
路由表
[R1]ip route-static 0.0.0.0 0.0.0.0 12.0.0.2 #向上配置默认到外网
[R1]ip route-static 192.168.10.0 24 11.0.0.2
[R1]ip route-static 192.168.20.0 24 11.0.0.2 #向下配置静态
[R1]ip route-static 192.168.30.0 24 11.0.0.2
[R1]ip route-static 192.168.50.0 24 11.0.0.2
R2配置
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 13.0.0.1 24
[R2-GigabitEthernet0/0/0]un sh
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 12.0.0.2 24
[R2-GigabitEthernet0/0/1]un sh
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[R2-GigabitEthernet0/0/1]int loo 0 #配置环回地址测试
[R2-LoopBack0]ip add 114.114.114.114 32
[R2]ip route-static 8.8.8.8 32 12.0.0.1 #配置静态路由到NAT服务器R1
[R2]ip route-static 212.0.0.0 24 12.0.0.1
[R2]ip route-static 9.9.9.9 32 12.0.0.1
Cloud1配置
在vmware虚拟机中开一台w10虚拟机,绑定vmware的2号网卡;
设置w10虚拟机IP
五、抓包测试NAT转换
测试需求1
PC1通过8.8.8.8地址访问外网,抓包R2的g0/0/1接口
测试需求2
PC2通过212.0.0.0段落池的地址访问外网,抓包R2的g0/0/1接口
测试需求3
PC3通过12.0.0.1访问外网,抓包R2的g0/0/1接口
六、测试NAT端口映射
测试需求4
在Cloud中访问9.9.9.9网页能进入内部网页
