又成为PAT,负载等等,就是利用多个地址和一个地址的端口号码进行映射。
首先搭建试验环境:
PC1:192.168.1.2
PC2:192.168.1.3
PC3:192.168.1.4
R0路由器上:
配置:
Router>en
Router#confi t
Router(config)#host R1
R1(config)#int fa0/0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#int s0/0
R1(config-if)#ip add 222.222.222.1 255.255.255.0
R1(config-if)#clock rate 56000
R1(config-if)#no shut
R1(config-if)#int s0/1
R1(config-if)#exit
R1(config)#int fa0/0
R1(config-if)#ip nat inside
R1(config-if)#int s0/0
R1(config-if)#ip nat outside
R1(config-if)#access-list 1 permit 192.168.1.0 0.0.0.255
R1(config)# ip nat inside source list 1 interface Serial0/0 overload 映射成出口地址端口复用
R2:
Router>en
Router#confi t
Router(config)#host R2
R2(config)#int s0/1
R2(config-if)#ip add 222.222.222.2 255.255.255.0
R2(config-if)#no shut
R2(config-if)#int fa0/0
R2(config-if)#ip add 111.111.111.1 255.255.255.0
R2(config-if)#no shut
R2(config-if)#exit
R2(config)#line vty 0 4
R2(config-line)#password 12
R2(config-line)#login
R2(config-line)#exit
R2(config)#enable password 123
PC5:111.111.111.2 bbs.ipdata.cn web服务器
在R1开始开启:debug ip nat
在PC1
Ping 111.111.111.2
PC>ping 111.111.111.2
Pinging 111.111.111.2 with 32 bytes of data:
Reply from 111.111.111.2: bytes=32 time=110ms TTL=126
Reply from 111.111.111.2: bytes=32 time=125ms TTL=126
Reply from 111.111.111.2: bytes=32 time=125ms TTL=126
Reply from 111.111.111.2: bytes=32 time=125ms TTL=126
Ping statistics for 111.111.111.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 110ms, Maximum = 125ms, Average = 121ms
R1:
NAT: s=192.168.1.2->222.222.222.1, d=111.111.111.2[26]
NAT*: s=111.111.111.2, d=222.222.222.1->192.168.1.2[26]
NAT: s=192.168.1.2->222.222.222.1, d=111.111.111.2[27]
NAT*: s=111.111.111.2, d=222.222.222.1->192.168.1.2[27]
NAT: s=192.168.1.2->222.222.222.1, d=111.111.111.2[28]
NAT*: s=111.111.111.2, d=222.222.222.1->192.168.1.2[28]
NAT: s=192.168.1.2->222.222.222.1, d=111.111.111.2[29]
NAT*: s=111.111.111.2, d=222.222.222.1->192.168.1.2[29]
NAT: s=192.168.1.2->222.222.222.1, d=111.111.111.2[30]
NAT*: s=111.111.111.2, d=222.222.222.1->192.168.1.2[30]
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 222.222.222.1:13 192.168.1.2:13 111.111.111.2:13 111.111.111.2:13
icmp 222.222.222.1:14 192.168.1.2:14 111.111.111.2:14 111.111.111.2:14
icmp 222.222.222.1:15 192.168.1.2:15 111.111.111.2:15 111.111.111.2:15
icmp 222.222.222.1:16 192.168.1.2:16 111.111.111.2:16 111.111.111.2:16
在PC2
telnet 111.111.111.1
PC>telnet 111.111.111.1
Trying 111.111.111.1 ...
User Access Verification
Password:
R2>en
Password:
R2#
R2#
R1:
NAT: s=192.168.1.3->222.222.222.1, d=111.111.111.1[35]
NAT*: s=111.111.111.1, d=222.222.222.1->192.168.1.3[35]
NAT: s=192.168.1.3->222.222.222.1, d=111.111.111.1[35]
NAT*: s=111.111.111.1, d=222.222.222.1->192.168.1.3[35]
NAT: s=192.168.1.3->222.222.222.1, d=111.111.111.1[35]
R1#show ip nat tra
Pro Inside global Inside local Outside local Outside global
tcp 222.222.222.1:1025 192.168.1.2:1025 111.111.111.1:23 111.111.111.1:23
tcp 222.222.222.1:1026 192.168.1.2:1026 111.111.111.1:23 111.111.111.1:23
tcp 222.222.222.1:1027 192.168.1.2:1027 111.111.111.2:23 111.111.111.2:23
tcp 222.222.222.1:1028 192.168.1.2:1028 111.111.111.2:23 111.111.111.2:23
tcp 222.222.222.1:1029 192.168.1.3:1025 111.111.111.1:23 111.111.111.1:23
tcp 222.222.222.1:1024 192.168.1.4:1025 111.111.111.2:80 111.111.111.2:80
在PC3
访问bbs.ipdata.cn
在R1上观察:
NAT: s=192.168.1.4->222.222.222.1, d=111.111.111.2[37]
NAT*: s=111.111.111.2, d=222.222.222.1->192.168.1.4[37]
NAT: s=192.168.1.4->222.222.222.1, d=111.111.111.2[38]
NAT*: s=111.111.111.2, d=222.222.222.1->192.168.1.4[38]
NAT: s=192.168.1.4->222.222.222.1, d=111.111.111.2[38]
NAT: s=192.168.1.4->222.222.222.1, d=111.111.111.2[38]
NAT*: s=111.111.111.2, d=222.222.222.1->192.168.1.4[38]
NAT*: s=111.111.111.2, d=222.222.222.1->192.168.1.4[38]
NAT: s=192.168.1.4->222.222.222.1, d=111.111.111.2[38]
NAT: s=192.168.1.4->222.222.222.1, d=111.111.111.2[38]
NAT*: s=111.111.111.2, d=222.222.222.1->192.168.1.4[38]
NAT*: s=111.111.111.2, d=222.222.222.1->192.168.1.4[38]
NAT: s=192.168.1.4->222.222.222.1, d=111.111.111.2[38]
R1#show ip nat tra
Pro Inside global Inside local Outside local Outside global
udp 222.222.222.1:1027 192.168.1.4:1027 111.111.111.2:53 111.111.111.2:53
tcp 222.222.222.1:1024 192.168.1.4:1025 111.111.111.2:80 111.111.111.2:80
tcp 222.222.222.1:1031 192.168.1.4:1026 111.111.111.2:80 111.111.111.2:80
试验成功。