NAT转换配置
NAT转换配置
配置环境:华为最新模拟器
1、要求:
现有一台防火墙和两台PC机。要求用这些设备模拟NAT转换,其中一台PC机代表一个局域网,另一台PC机代表广域网,局域网内用的是私有IP地址,广域网用的是公有IP地址,在局域网设备要访问广域网需要用NAT转换。
2、网络拓扑图:
用亿图绘图工具绘制出网络拓扑图为如图1所示:
图1:网络拓扑图
3、设备配置
(1)防火墙的配置:
[R1]sysname firewall
[firewall]
Apr 14 2014 22:24:38-08:00 firewall DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.
5.25.191.3.1 configurations have been changed. The current change number is 2, th
e change loop count is 0, and the maximum number of records is 4095.
[firewall]
[firewall]int et0/0/0
[firewall-Ethernet0/0/0]ip add
[firewall-Ethernet0/0/0]ip address 192.168.2.1 ?
[firewall-Ethernet0/0/0]ip address 192.168.2.1 ?
INTEGER<0-32> Length of IP address mask
X.X.X.X IP address mask
[firewall-Ethernet0/0/0]ip address 192.168.2.1 24
[firewall-Ethernet0/0/0]int et0/0/1
[firewall-Ethernet0/0/1]ip add
[firewall-Ethernet0/0/1]ip address 192.168.1.4 24
(2)PC1的配置:
4、未配置NAT转换的测试
(1)在PC1上ping192.168.2.1和192.168.1.1,结果如下:
(2)在PC1上ping192.168.2.1和192.168.1.4,结果如下:
5、NAT转换配置
firewall]acl number 2000
[firewall-acl-basic-2000]
firewall-acl-basic-2000]rule 10 permit sou
[firewall-acl-basic-2000]rule 10 permit source ?
X.X.X.X Address of source
any Any source
[firewall-acl-basic-2000]rule 10 permit source 192.168.2.0 ?
0 Wildcard bits : 0.0.0.0 ( a host )
X.X.X.X Wildcard of source
[firewall-acl-basic-2000]rule 10 permit source 192.168.2.0 0.0.0.255
[firewall-acl-basic-2000]
[firewall-acl-basic-2000]rule 20 deny sou
[firewall-acl-basic-2000]rule 20 deny source an
[firewall-acl-basic-2000]rule 20 deny source any
[firewall-acl-basic-2000]dis acl all
Total nonempty ACL number is 1
Basic ACL 2000, 2 rules
ACL's step is 5
rule 10 permit source 192.168.2.0 0.0.0.255 (0 times matched)
rule 20 deny (0 times matched)
[firewall-Ethernet0/0/1]nat ou
[firewall-Ethernet0/0/1]nat outbound ?
INTEGER<2000-3999> Apply basic or advanced ACL
[firewall-Ethernet0/0/1]nat outbound 2000 in
[firewall-Ethernet0/0/1]nat outbound 2000 interface ?
loopback Interface type
[firewall-Ethernet0/0/1]nat outbound 2000
6、NAT转换配置验证
