本文介绍了NAT的三种模式:静态地址转换、动态地址转换和端口多路复用,并通过实例探讨了在NAT和路由并存时,NAT与路由的优先级问题。在路由器收到数据包时,会先查FIB表,根据路由信息决定转发,如果接口配置有NAT,则执行NAT转换后再转发。
NAT模式常见有三种
1. 类型一:静态地址转换
2. 类型二:动态地址转换
3. 类型三: 端口多路复用
静态地址转换
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.252
ip nat inside
ip virtual-reassembly
half-duplex
!
interface Ethernet0/1
ip address 1.1.1.1 255.255.255.252
ip nat outside
ip virtual-reassembly
half-duplex
!
static 192.168.1.1 1.1.1.1
R1#
接口配置完毕,NAT配置完毕,指定内外口。
测试联通
R1#ping 1.1.1.2 source 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/14/20 ms
R1#
静态端口映射
R1(config)#do show run | s nat
ip nat inside
ip nat outside
ip nat inside source static tcp 192.168.1.1 1921 interface Ethernet0/0 1921
ip nat inside source static 192.168.1.1 1.1.1.1
R1(config)#
动态地址转换
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.252
ip nat inside
ip virtual-reassembly
half-duplex
!
interface Ethernet0/1
ip address 1.1.1.1 255.255.255.252
ip nat outside
ip virtual-reassembly
half-duplex
!
ip nat pool NATPOOL 1.1.1.1 1.1.1.1 netmask 255.255.255.252
!
access-list 1 permit 0.0.0.0 255.255.255.252
查看NAT session
R1#ping 1.1.1.2 source e 0/1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/19/24 ms
R1#show ip nat s
R1#show ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
Ethernet0/1
Inside interfaces:
Ethernet0/0
Hits: 30 Misses: 0
CEF Translated packets: 15, CEF Punted packets: 0
Expired translations: 3
Dynamic mappings:
Appl doors: 0
Normal doors: 0
Queued Packets: 0
R1#
端口多路复用
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.252
ip nat inside
ip virtual-reassembly
half-duplex
!
interface Ethernet0/1
ip address 1.1.1.1 255.255.255.252
ip nat outside
ip virtual-reassembly
half-duplex
!
ip nat inside source list 10 interface Ethernet0/1 overload
!
access-list 10 permit any
测试一下
R1(config)#
R1(config)#do ping 1.1.1.2 sou e 0/1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/14/24 ms
R1(config)#do show ip nat s
Total active translations: 1 (0 static, 1 dynamic; 1 extended)
Outside interfaces:
Ethernet0/1
Inside interfaces:
Ethernet0/0
Hits: 40 Misses: 0
CEF Translated packets: 20, CEF Punted packets: 0
Expired translations: 3
Dynamic mappings:
-- Inside Source
[Id: 2] access-list 10 interface Ethernet0/0 refcount 1
Appl doors: 0
Normal doors: 0
Queued Packets: 0
R1(config)#
另外,研究下,在NAT和路由同时存在的时候,即在此拓扑中,R1有出去的默认路由,而R2也有192.168.0.0/30 的回执路由,NAT和未NAT都可以
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
