NAT

最新推荐文章于 2022-10-13 10:38:58 发布

jwrrrrrr

最新推荐文章于 2022-10-13 10:38:58 发布

阅读量201

点赞数

分类专栏：网络文章标签：网络路由器

版权声明：本文为博主原创文章，遵循 CC 4.0 BY-SA 版权协议，转载请附上原文出处链接和本声明。

本文链接：https://blog.csdn.net/oyyy3/article/details/119990212

版权

网络专栏收录该内容

16 篇文章 3 订阅

订阅专栏

目录

2.NAT的使用场景

1.静态NAT（一个内网地址对一个公网地址）

2.动态NAT——PAT(多个内网地址对多个公网地址）

3.Easyip（多个内网地址对一个接口）

4.静态PAT（一对一，但是外网口IP和服务映射网内网服务器的IP和服务）

一.NAT概念

NAT—— Network Address Translation。又称为网络地址转换。

1.作用

用于实现私有网络和公有网络之间的互访。

内网地址范围：

10.0.0.0——10.255.255.255

172.16.0.0——172.31.255.255

192.168.0.0——192.168.255.255

2.NAT的使用场景

没有足够的公网IP连接到Internet
当更换ISP（互联网服务提供商）需要重新编址
合并两个使用重叠地址空间的内部网络
使用单个IP地址支持基本的负载分担

3.NAT的优点

节省了公网的IP地址
能够处理编址方案重叠的情况
网络发生改变时不需要重新编址
隐藏了真正的IP地址（保证了安全）

二.拓扑图

1.静态NAT（一个内网地址对一个公网地址）

R1
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r1
[r1]user-interface console 0
[r1-ui-console0]idle-timeout 0 0
[r1-ui-console0]q
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[r1-GigabitEthernet0/0/0]undo shutdown 
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[r1-GigabitEthernet0/0/0]q
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]ip add 202.10.100.1 24
[r1-GigabitEthernet0/0/1]undo shutdown
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[r1-GigabitEthernet0/0/1]q
[r1]ip route-static 0.0.0.0 0 202.10.100.2
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]nat static global 15.0.0.10 inside 192.168.1.10 netmask
 255.255.255.255
[r1-GigabitEthernet0/0/1]display nat static 
  Static Nat Information:
  Interface  : GigabitEthernet0/0/1
    Global IP/Port     : 15.0.0.10/---- 
    Inside IP/Port     : 192.168.1.10/----
    Protocol : ----     
    VPN instance-name  : ----                            
    Acl number         : ----
    Netmask  : 255.255.255.255 
    Description : ----

  Total :    1

ISP
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys ISP	
[ISP]user-interface console 0
[ISP-ui-console0]idle-timeout 0 0
[ISP-ui-console0]q
[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip add 202.10.100.2 24
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[ISP-GigabitEthernet0/0/0]q
[ISP]ip route-static 15.0.0.10 32 202.10.100.1

测试结果PC1能ping通 PC2不行

2.动态NAT——PAT(多个内网地址对多个公网地址）

R1
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r1
[r1]user-interface console 0
[r1-ui-console0]idle-timeout 0 0
[r1-ui-console0]q
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[r1-GigabitEthernet0/0/0]undo shutdown 
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[r1-GigabitEthernet0/0/0]q
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]ip add 202.10.100.1 24
[r1-GigabitEthernet0/0/1]undo shutdown
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[r1-GigabitEthernet0/0/1]q
[r1]ip route-static 0.0.0.0 0 202.10.100.2
[r1]nat address-group 1 15.0.0.10 15.0.0.11
[r1-GigabitEthernet0/0/1]acl 2000
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1-acl-basic-2000]q
[r1]int g0/0/1	
[r1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1
[r1-GigabitEthernet0/0/1]display nat outbound 
 NAT Outbound Information:
 --------------------------------------------------------------------------
 Interface                     Acl     Address-group/IP/Interface      Type
 --------------------------------------------------------------------------
 GigabitEthernet0/0/1         2000                              1       pat
 --------------------------------------------------------------------------
  Total : 1

ISP
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys ISP	
[ISP]user-interface console 0
[ISP-ui-console0]idle-timeout 0 0
[ISP-ui-console0]q
[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip add 202.10.100.2 24
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[ISP-GigabitEthernet0/0/0]q
[ISP]ip route-static 15.0.0.0 24 202.10.100.1

测试结果PC1能ping通 PC2也能ping通

3.Easyip（多个内网地址对一个接口）

R1
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r1
[r1]user-interface console 0
[r1-ui-console0]idle-timeout 0 0
[r1-ui-console0]q
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[r1-GigabitEthernet0/0/0]undo shutdown 
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[r1-GigabitEthernet0/0/0]int g0/0/1
[r1-GigabitEthernet0/0/1]ip add 202.10.100.1 24
[r1-GigabitEthernet0/0/1]undo shutdown
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[r1-GigabitEthernet0/0/1]q
[r1]ip route-static 0.0.0.0 0 202.10.100.2
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1-acl-basic-2000]q
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]nat outbound 2000
[r1-GigabitEthernet0/0/1]display nat outbound 
 NAT Outbound Information:
 --------------------------------------------------------------------------
 Interface                     Acl     Address-group/IP/Interface      Type
 --------------------------------------------------------------------------
 GigabitEthernet0/0/1         2000                   202.10.100.1    easyip  
 --------------------------------------------------------------------------
  Total : 1

ISP
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys ISP	
[ISP]user-interface console 0
[ISP-ui-console0]idle-timeout 0 0
[ISP-ui-console0]q
[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip add 202.10.100.2 24
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[ISP-GigabitEthernet0/0/0]q
[ISP]ip route-static 15.0.0.0 24 202.10.100.1

测试结果PC1能ping通 PC2也能ping通

4.静态PAT（一对一，但是外网口IP和服务映射网内网服务器的IP和服务）

R1
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r1
[r1]user-interface console 0
[r1-ui-console0]idle-timeout 0 0
[r1-ui-console0]q
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[r1-GigabitEthernet0/0/0]undo shutdown 
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[r1-GigabitEthernet0/0/0]int g0/0/1
[r1-GigabitEthernet0/0/1]ip add 202.10.100.1 24
[r1-GigabitEthernet0/0/1]undo shutdown
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[r1-GigabitEthernet0/0/1]q
[r1]ip route-static 0.0.0.0 0 202.10.100.2
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]nat server protocol tcp global 15.0.0.10 ftp inside 192
.168.1.10 ftp 
[r1-GigabitEthernet0/0/1]display nat server

  Nat Server Information:
  Interface  : GigabitEthernet0/0/1
    Global IP/Port     : 15.0.0.10/21(ftp) 
    Inside IP/Port     : 192.168.1.10/21(ftp)
    Protocol : 6(tcp)   
    VPN instance-name  : ----                            
    Acl number         : ----
    Description : ----

  Total :    1
[r1-GigabitEthernet0/0/1]q
[r1]nat alg all enable

ISP
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys ISP	
[ISP]user-interface console 0
[ISP-ui-console0]idle-timeout 0 0
[ISP-ui-console0]q
[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip add 202.10.100.2 24
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[ISP-GigabitEthernet0/0/0]q
[ISP]ip route-static 15.0.0.10 32 202.10.100.1

服务的开启

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
复制链接

分享到 QQ

分享到新浪微博

扫一扫

专栏目录

评论

被折叠的条评论为什么被折叠?

到【灌水乐园】发言

查看更多评论

添加红包

成就一亿技术人!

hope_wisdom

发出的红包

实付元

使用余额支付

点击重新获取

扫码支付

钱包余额 0

抵扣说明：

1.余额是钱包充值的虚拟货币，按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载，可以购买VIP、付费专栏及课程。