二、配置动态NAT
动态NAT配置(1)删除案例2中的端口映射tarena-R1 (config)#no ip nat inside source static tcp 192.168.1.3 80 61.159.62.133 80(2)在R1上配置ACLtarena-R1(config)#access-list 1 permit 192.168.1.0 0.0.0.255(3)在R1上配置可转换的公网IP地址池地址池是向ISP(Internet服务提供商,如电信、联通)申请得到的,内网主机(上一步ACL中所包含的IP地址)到外网的访问,内网地址将被动态的、随机的转换为这些合法地址。tarena-R1(config)#ip nat pool natpool 61.159.62.131 61.159.62.134 netmask 255.255.255.248(4)关联ACL和公网的IP地址池tarena-R1(config)#ip nat inside source list 1 pool natpool(5)在R1上配置NAT内、外端口tarena-R1(config)#interface f0/0tarena-R1(config-if)#ip nat insidetarena-R1(config-if)#interface f0/1tarena-R1(config-if)#ip nat outside
-
PC1测试如下所示:
PC>ipconfigFastEthernet0 Connection:(default port)Link-local IPv6 Address.........: FE80::2D0:FFFF:FE45:CACCIP Address......................: 192.168.1.1Subnet Mask.....................: 255.255.255.0Default Gateway.................: 192.168.1.254PC>ping 192.168.2.1Pinging 192.168.2.1 with 32 bytes of data:Reply from 192.168.2.1: bytes=32 time=1ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Ping statistics for 192.168.2.1:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 1ms, Average = 0msPC>
-
PC2测试如下所示:
PC>ipconfigFastEthernet0 Connection:(default port)Link-local IPv6 Address.........: FE80::2D0:FFFF:FE45:CACCIP Address......................: 192.168.1.2Subnet Mask.....................: 255.255.255.0Default Gateway.................: 192.168.1.254PC>ping 192.168.2.1Pinging 192.168.2.1 with 32 bytes of data:Reply from 192.168.2.1: bytes=32 time=1ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Reply from 192.168.2.1: bytes=32 time=0ms TTL=126Ping statistics for 192.168.2.1:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 1ms, Average = 0ms
tarena-R1#show ip nat translationsPro Inside global Inside local Outside local Outside globalicmp 61.159.62.131:1362192.168.1.1:1362 192.168.2.1:1362 192.168.2.1:1362icmp 61.159.62.131:1392192.168.1.1:1392 192.168.2.1:1392 192.168.2.1:1392icmp 61.159.62.131:1393192.168.1.1:1393 192.168.2.1:1393 192.168.2.1:1393icmp 61.159.62.131:1394192.168.1.1:1394 192.168.2.1:1394 192.168.2.1:1394icmp 61.159.62.132:13 192.168.1.2:13 192.168.2.1:13 192.168.2.1:13icmp 61.159.62.132:14 192.168.1.2:14 192.168.2.1:14 192.168.2.1:14icmp 61.159.62.132:15 192.168.1.2:15 192.168.2.1:15 192.168.2.1:15icmp 61.159.62.132:16 192.168.1.2:16 192.168.2.1:16 192.168.2.1:16
长按二维码
关注更多精彩
看都看完了,不如点这里试试
原文始发于微信公众号(老五说网络):二、配置动态NAT
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论