NAT基础知识
● NAT简介
NAT(Network Address Translation)的功能,就是指在一个网络内部,根据需要可以随意自定义的IP地址,而不需要经过申请。在网络内部,各计算机间通过内部的IP地址进行通讯。而当内部的计算机要与外部internet网络进行通讯时,具有NAT功能的设备(比如:路由器)负责将其内部的IP地址转换为合法的IP地址(即经过申请的IP地址)进行通信。
● NAT 的应用环境:
情况1:一个企业不想让外部网络用户知道自己的网络内部结构,可以通过NAT将内部网络与外部Internet 隔离开,则外部用户根本不知道通过NAT设置的内部IP地址。
CISCO NAT经典基础配置
● 全部采用端口:ISP分配的IP202.99.160.129
interface fastethernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
in nat inside
no shutdown
interface fastethernet0/1
ip address 192.168.2..1 255.255.255.0
duplex auto
speed auto
in nat outside
no shutdown
ip nat pool OnlyYou 202.99.160.130 202.99.160.130 netmask 255.255.255.252
//OnlyYou代表地址池的名称。 2个202.99.160.130是代表只用一个ip做转换后ip.
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
ip nat inside source list1 pool OnlyYou overload
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
in nat inside
no shutdown
interface fastethernet0/1
ip address 192.168.2..1 255.255.255.0
duplex auto
speed auto
in nat outside
no shutdown
ip nat pool OnlyYou 202.99.160.130 202.99.160.130 netmask 255.255.255.252
//OnlyYou代表地址池的名称。 2个202.99.160.130是代表只用一个ip做转换后ip.
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
ip nat inside source list1 pool OnlyYou overload
● 动态地址转换+端口:ISP分配的IP 有:202.99.160.130~190 255.255.255.192
Interface fastethernet0/1
Ip address 192.168.1.1 255.255.255.0
Ip address 192.168.2.1 255.255.255.0 secondary
Duplex auto
Speed auto
Ip nat inside
No shutdown
Interface serial 0/0
Ip address 202.99.160.129 255.255.255.192
Duplex auto
Speed auto
Ip nat outside
No shutdwon
Ip nat pool OutPort 202.99.160.190 202.99.160.190 netmask 255.255.255.192
Ip nat pool OutPool 202.99.160.130 202.99.160.190 netmask 255.255.255.192
Ip nat inside source list1 pool OutPort //192.168.1.0段主机全部转成202.99.160.190
Ip nat inside source list2 pool OutPool
//出于访问ftp站点等考虑:192.168.2.0和192.168.3.0段主机全部
//转成202.99.160.130到202.99.160.189中的所有地址。
Access-list1 permit 192.168.1.0 0.0.0.255
Access-list2 permit 192.168.2.0 0.0.0.255
Access-list2 permit 192.168.3.0 0.0.0.255
Ip address 192.168.1.1 255.255.255.0
Ip address 192.168.2.1 255.255.255.0 secondary
Duplex auto
Speed auto
Ip nat inside
No shutdown
Interface serial 0/0
Ip address 202.99.160.129 255.255.255.192
Duplex auto
Speed auto
Ip nat outside
No shutdwon
Ip nat pool OutPort 202.99.160.190 202.99.160.190 netmask 255.255.255.192
Ip nat pool OutPool 202.99.160.130 202.99.160.190 netmask 255.255.255.192
Ip nat inside source list1 pool OutPort //192.168.1.0段主机全部转成202.99.160.190
Ip nat inside source list2 pool OutPool
//出于访问ftp站点等考虑:192.168.2.0和192.168.3.0段主机全部
//转成202.99.160.130到202.99.160.189中的所有地址。
Access-list1 permit 192.168.1.0 0.0.0.255
Access-list2 permit 192.168.2.0 0.0.0.255
Access-list2 permit 192.168.3.0 0.0.0.255
● 静态地址转换:ISP分配的IP地址是:211.82.220.80~211.82.220.87、211.82.220.81 255.255.255.248。要求Intranet上的Web.E-mail.Ftp.Media可以被外部访问。
Interface fastethernet0/0
Ip address 192.168.1.1 255.255.255.0
Duplex auto
Speed auto
Ip nat inside
No shutdown
Ip address 192.168.1.1 255.255.255.0
Duplex auto
Speed auto
Ip nat inside
No shutdown
Interface fastethernet0/1
Ip address 211.82.220.81 255.255.255.248
Speed auto
Duplex auto
Ip nat outside
No shutdown
Ip address 211.82.220.81 255.255.255.248
Speed auto
Duplex auto
Ip nat outside
No shutdown
Ip nat pool Outpool 211.82.220.86 211.82.20.86 netmask 255.255.255.248
Access-list 1 permit 192.168.1.2 0.0.0.255
Access-list 1 permit 192.168.1.3 0.0.0.255
Access-list 1 permit 192.168.1.4 0.0.0.255
Access-list 1 permit 192.168.1.5 0.0.0.255
Ip nat inside source list1 pool Outpool overload
Ip nat inside source static 192.168.1.2 211.82.220.82
Ip nat inside source static 192.168.1.3 211.82.220.83
Ip nat inside source static 192.168.1.4 211.82.220.84
Ip nat inside source static 192.168.1.5 211.82.220.85
Access-list 1 permit 192.168.1.2 0.0.0.255
Access-list 1 permit 192.168.1.3 0.0.0.255
Access-list 1 permit 192.168.1.4 0.0.0.255
Access-list 1 permit 192.168.1.5 0.0.0.255
Ip nat inside source list1 pool Outpool overload
Ip nat inside source static 192.168.1.2 211.82.220.82
Ip nat inside source static 192.168.1.3 211.82.220.83
Ip nat inside source static 192.168.1.4 211.82.220.84
Ip nat inside source static 192.168.1.5 211.82.220.85
● NAT映射:如果ISP提供的IP地址比较多还可以,但如果不是的时候(如就两个时),一个用于内网地址转换,另一个用于对外网提供服务。ISP提供的内网上网IP。
Interface ethernet0
Ip address 192.168.1.1 255.255.255.0
Duplex auto
Speed auto
Ip nat inside
No shutdown
Interface fastethernet0/0
Ip address 211.82.220.129 255.255.255.248
Duplex auto
Speed auto
Ip nat outside
No shutdown
Access-list 1 permit 192.168.1.0 0.0.0.255
Ip nat pool Everybody 211.82.220.130 211.82.220.130 network 255.255.255.252
Ip nat inside source list1 pool Everybody overload
Ip nat inside source static tcp 192.168.1.2 80 202.99.220.130 80
Ip nat inside source static tcp 192.168.1.3 21 202.99.220.130 21
Ip nat inside source static tcp 192.168.1.4 25 202.99.220.130 25
Ip nat inside source static tcp 192.168.1.5 110 202.99.220.130 110
Ip address 192.168.1.1 255.255.255.0
Duplex auto
Speed auto
Ip nat inside
No shutdown
Interface fastethernet0/0
Ip address 211.82.220.129 255.255.255.248
Duplex auto
Speed auto
Ip nat outside
No shutdown
Access-list 1 permit 192.168.1.0 0.0.0.255
Ip nat pool Everybody 211.82.220.130 211.82.220.130 network 255.255.255.252
Ip nat inside source list1 pool Everybody overload
Ip nat inside source static tcp 192.168.1.2 80 202.99.220.130 80
Ip nat inside source static tcp 192.168.1.3 21 202.99.220.130 21
Ip nat inside source static tcp 192.168.1.4 25 202.99.220.130 25
Ip nat inside source static tcp 192.168.1.5 110 202.99.220.130 110
● 利用地址转换实现负载均衡:当有如象腾讯公司似的多服务器时,使用路由器实现负载平衡,可以使它们有平等的访问机会.
Interface fastethernet0/1
Ip address 192.168.1.1 255.255.255.0
Duplex auto
Speed auto
Ip nat inside
No shutdown
Interface fastethernet0/0
Ip address 202.110.198.81 255.2555.255.248
Duplex auto
Speed auto
Ip nat outside
Access-list 1 permit 202.110.198.82
Access-list 2 permit 202.110.198.83
Access-list 3 permit 192.168.1.0 0.0.0.255
Ip nat pool Webser 192.168.1.2 192.168.1.3 255.255.255.248 type rotary
Ip nat pool Ftpser 192.168.1.4 192.168.1.5 255.255.255.248 type rotary
Ip nat pool normal 202.110.198.84 202.110.198.84 netmask 255.255.255.248
Ip nat inside destination list 1 pool Webser
Ip nat inside destination list 2 pool Ftpser
Ip address 192.168.1.1 255.255.255.0
Duplex auto
Speed auto
Ip nat inside
No shutdown
Interface fastethernet0/0
Ip address 202.110.198.81 255.2555.255.248
Duplex auto
Speed auto
Ip nat outside
Access-list 1 permit 202.110.198.82
Access-list 2 permit 202.110.198.83
Access-list 3 permit 192.168.1.0 0.0.0.255
Ip nat pool Webser 192.168.1.2 192.168.1.3 255.255.255.248 type rotary
Ip nat pool Ftpser 192.168.1.4 192.168.1.5 255.255.255.248 type rotary
Ip nat pool normal 202.110.198.84 202.110.198.84 netmask 255.255.255.248
Ip nat inside destination list 1 pool Webser
Ip nat inside destination list 2 pool Ftpser
职场 NAT 休闲
0
收藏
上一篇:Active Directory... 下一篇:NAT与PAT的区别
推荐专栏更多
网络安全入门到实战,让SQLmap子弹飞一会儿
9本网络安全实战书籍精华
共23章 | simeon2005
¥51.00 828人订阅
订 阅
Web网站安全评估分析及防御
企业级网安运维
共30章 | simeon2005
¥51.00 407人订阅
订 阅
负载均衡高手炼成记
高并发架构之路
共15章 | sery
¥51.00 506人订阅
订 阅
猜你喜欢
我的友情链接 IP Camera 基带传输视频监控及网络传输视频监控相关技术解答 Java线程:线程的调度-休眠 我们不得不面对的中年职场危机 职场终极密籍--记我的职业生涯 用光影魔术手制作一寸照片(8张一寸) 我的IT职场生涯: 毕业4年,月薪过万 Linux关闭休眠和屏保模式 年薪从0到10万-我的IT职场经验总结 Windows7删除休眠文件hiberfil.sys节省大量C盘空间 致IT同仁 — IT人士常犯的17个职场错误 “跳槽加薪”现象,无奈的职场规则 通过关键字获取漏洞平台最新漏洞信息 11月10日直播:EVE-NG模拟器入门和老司机心得分享,你来不来? 网工2.0 - 给你一次逆袭的机会 python-dnspod:批量添加域名、解析记录和修改解析记录等 H3C室外无线AP(WA4320X)胖瘦切换设置方法 网络运维 - 你与真相就差一层窗户纸 F5负载均衡上使用iRule 来选择SNAT pool 高校智能DNS解析技术总结分析
扫一扫,领取大礼包
0
分享
xiaoyu888
Ctrl+Enter 发布
发布
取消