NAT的基本概念:
NAT是一个IETF标准,NAT是一种把内部私有网络地址转换成合法的外部公有网络地址技术
动态NAT配置示例:
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 192.168.1.254 255.255.255.0
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 64.1.1.1 255.255.255.0
[Huawei-GigabitEthernet0/0/1]q
[Huawei]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
64.1.1.0/24 Direct 0 0 D 64.1.1.1 GigabitEthernet
0/0/1
64.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
64.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/24 Direct 0 0 D 192.168.1.254 GigabitEthernet
0/0/0
192.168.1.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
可见可以到64.1.1.1 不能到64.1.1.10 (数据回不去)
[Huawei-acl-basic-neiwang]rule permit source 192.168.0.0 0.0.255.255
[Huawei]nat address-group 1 64.1.1.2 64.1.1.6
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]n
[Huawei-GigabitEthernet0/0/1]nat o
[Huawei-GigabitEthernet0/0/1]dis acl all
Total quantity of nonempty ACL number is 1
Basic ACL neiwang 2999, 1 rule
Acl's step is 5
rule 5 permit source 192.168.0.0 0.0.255.255
[Huawei-GigabitEthernet0/0/1]nat outbound 2999 address-group 1
Error: Can not apply the same acl to a different address-group in the same inte
rface.
[Huawei-GigabitEthernet0/0/1]nat outbound 2999 address-group 1
[Huawei-GigabitEthernet0/0/1]q
546
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
