静态NAT
1、普通映射ip nat inside source static local-ip global-ip
2、指定端口映射ip nat inside source static tcp local-ip 80 global-ip 8080
ip nat inside
ip nat outside
show ip nat translations
动态NAT
ip nat pool name start-ip end-ip netmask 255.255.255.0
access-list access-list-number permit [source] [source-wildcard]
ip nat inside source list access-list-number pool name
ip nat inside
ip nat outside
PAT
access-list acess-list-number permit [source] [source-wildcard]
ip nat inside source list access-list-number interface s0/0 overload
ip nat inside
ip nat outside
show run int s0/1 查看接口详细信息
PC(config)#no ip routing
PC(config)#int f0/0
PC(config-if)#ip add 192.168.1.1 255.255.255.0
PC(config-if)#no shut
PC(config-if)#exit
PC#ping 202.101.100.30 ----未配置NAT之前,无法ping通
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.101.100.30, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
PC#ping 202.101.100.30 --------配了NAT之后可以ping通
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.101.100.30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/104/172 ms
server(config)#no ip routing
server(config)#int f0/0
server(config-if)#ip add 192.168.1.100 255.255.255.0
server(config-if)#no shut
server(config-if)#exit
server(config)#ip default-gateway 192.168.1.254
server#show ip route
Default gateway is 192.168.1.254
Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty
server#ping 202.101.100.30 -----配置NAT后可以访问外网
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.101.100.30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/280/1064 ms
server(config)#line vty 0 4
server(config-line)#pass
server(config-line)#password 123
server(config-line)#login
server(config-line)#exit
R4(config)#int s0/0
R4(config-if)#ip add 202.101.100.30 255.255.224.0
R4(config-if)#no shut
R4(config-if)#exit
R4#ping 192.168.1.1 ----未配置NAT之前无法访问内网
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R4#telnet 202.101.100.1 ---配置静态NAT后外网可以通过访问202.101.100.1来访问内网
Trying 202.101.100.1 ... Open
User Access Verification
Password:
server>exit
[Connection to 202.101.100.1 closed by foreign host]
R4#telnet 202.101.100.1 -----指定端口映射以后地址后不加端口无法访问
Trying 202.101.100.1 ... Open
Password required, but none set
[Connection to 202.101.100.1 closed by foreign host]
R4#telnet 202.101.100.1 8080 -----指定端口映射以后加端口才能访问
Trying 202.101.100.1, 8080 ... Open
User Access Verification
Password:
server>exit
[Connection to 202.101.100.1 closed by foreign host]
R3(config)#int s1/0
R3(config-if)#ip add 202.101.100.1 255.255.224.0
R3(config-if)#no shut
R3(config-if)#exit
R3(config)#int f0/0
R3(config-if)#ip add 192.168.1.254 255.255.255.0
R3(config-if)#no shut
R3(config-if)#exit
R3(config)#access-list 1 permit 192.168.1.0 0.0.0.255 ---配置PAT(端口复用NAT)
R3(config)#ip nat inside source list 1 s1/0 ov
R3(config)#ip nat inside source list 1 interface s1/0 overload
R3(config)#int s1/0
R3(config-if)#ip nat outside
R3(config-if)#int f0/0
R3(config-if)#ip nat inside
R3#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 202.101.100.1:1 192.168.1.1:1 202.101.100.30:1 202.101.100.30:1
icmp 202.101.100.1:0 192.168.1.100:0 202.101.100.30:0 202.101.100.30:0
R3(config)#ip nat inside source static 192.168.1.100 202.101.100.1 ---此静态NAT所有端口映射暴露给外网不安全
R3(config)#no ip nat inside source static 192.168.1.100 202.101.100.1
Static entry in use, do you want to delete child entries? [no]: y
R3(config)#ip nat inside source static tcp 192.168.1.100 23 202.101.100.1 8080 ---指定端口映射