华三交换机端口映射命令配置教程
一,用固定的公网ip做映射命令
System
int dialer 0
[Quidway-Ethernet3/0] nat server protocol tcp global 200.200.200.1 外网端口 inside 192.168.1.254 内网端口
[Quidway-Ethernet3/0] nat server protocol tcp global 200.200.200.1 外网端口 inside 192.168.1.254 内网端口
【提示】
1、global后跟公网地址,inside后跟的是私网服务器地址,www和ftp可以改为端口号
2、内部用户不能使用公网地址来访问内部服务器,必须使用内网地址访问.,如
192.168.1.0/24网段的用户,不能访问https://200.200.200.1,而只能访问https://192.168.1.254
二,如果没有固定ip,对于上面命令要作修改,修改如下
system
int dialer 0
nat server pro tcp global current 内网端口 inside 192.168.1.2 外网端口
删除命令
在前面加上undo nat server pro tcp global current 内网端口 inside 192.168.1.2 外网端口
三,display nat all命令用来显示所有的地址转换的配置信息
【视图】
任意视图
【缺省级别】
1:监控级
【参数】
无
【描述】
display nat all命令用来显示所有的地址转换的配置信息。
【举例】
# 显示所有的关于地址转换的配置信息。
display nat all
NAT address-group information:
There are currently 1 nat address-group(s)
1 : from 202.110.10.10 to 202.110.10.15
NAT outbound information:
There are currently 2 nat outbound rule(s)
Ethernet1/0: acl(2001) --- NAT address-group(1) [no-pat]
Ethernet2/0: --- static
NAT server in private network information:
There are currently 1 internal server(s)
Interface:Ethernet1/0, Protocol:6(tcp),
[global] 202.110.10.10: 8080 [local] 10.110.10.10: 80(www)
NAT static information:
There are currently 2 static table(s)
GlobalAddr InsideAddr Vpn-instance
192.168.1.111 2.3.4.5 ----
4.4.4.4 3.3.3.3 ----
NAT aging-time value information:
tcp ---- aging-time value is 86400 (seconds)
udp ---- aging-time value is 300 (seconds)
icmp ---- aging-time value is 60 (seconds)
pptp ---- aging-time value is 86400 (seconds)
dns ---- aging-time value is 60 (seconds)
tcp-fin ---- aging-time value is 60 (seconds)
tcp-syn ---- aging-time value is 60 (seconds)
ftp-ctrl ---- aging-time value is 7200 (seconds)
ftp-data ---- aging-time value is 300 (seconds)
NAT log information:
log enable : enable acl 2000
flow-begin : enable
flow-active : 10(minutes)
表1-5 display nat all命令显示信息描述表
字段
描述
NAT address-group information
显示NAT地址池信息
There are currently 1 nat address-group(s)
存在1条NAT地址池信息
1 : from 202.110.10.10 to 202.110.10.15
1号地址池的IP地址范围从202.110.10.10到202.110.10.15
NAT outbound information:
显示内部地址和外部地址的转换配置信息
There are currently 2 nat outbound rule(s)
存在2条地址转换关联信息
Ethernet1/0: acl(2001) --- NAT address-group(1) [no-pat]
在Ethernet1/0配置了1个地址转换关联:ACL规则2001与地址池1关联,进行多对多方式的地址转换;[no-pat]表示不进行端口的转换
Ethernet2/0: --- static
在Ethernet1/0配置了静态地址转换
NAT server in private network information
显示内部服务器信息
There are currently 1 internal server(s)
存在1条内部服务器信息
Interface:Ethernet1/0, Protocol:6(tcp),
[global] 202.110.10.10: 8080 [local] 10.110.10.10: 80(www)
在Ethernet1/0配置了1个内部服务器:使用TCP协议;公网地址是202.110.10.10,端口号为8080;内部地址是10.110.10.10,端口号为80
NAT static information:
静态地址转换信息
There are currently 2 static table(s)
存在2条静态转换表项
GlobalAddr
外部IP地址
InsideAddr
内部IP地址
Vpn-instance
内部IP地址所属的三层VPN名
NAT aging-time value information
显示各个协议的NAT转换有效时间
tcp ---- aging-time value is 86400 (seconds)
TCP协议地址转换有效时间为86400秒
udp ---- aging-time value is 300 (seconds)
UDP协议地址转换有效时间为300秒
icmp ---- aging-time value is 60 (seconds)
ICMP协议地址转换有效时间为60秒
pptp ---- aging-time value is 86400 (seconds)
PPTP协议地址转换有效时间为86400秒
dns ---- aging-time value is 60 (seconds)
DNS协议地址转换有效时间为60秒
tcp-fin ---- aging-time value is 60 (seconds)
TCP 协议fin 或 rst连接地址转换有效时间为60秒
tcp-syn ---- aging-time value is 60 (seconds)
TCP 协议syn连接地址转换有效时间为60秒
ftp-ctrl ---- aging-time value is 7200 (seconds)
FTP协议控制链路地址转换有效时间为7200秒
ftp-data ---- aging-time value is 300 (seconds)
FTP协议数据链路地址转换有效时间300秒
NAT log information
log enable : enable acl 2000
日志使能信息,对匹配acl 2000的数据流做日志记录
flow-begin : enable
新建流使能
flow-active : 10(minutes)
活跃流的间隔时间为10分钟
四.区分路由器和防火墙
在Telnet的设备上输入以下命令:
disp ver
Copyright Notice:
All rights reserved (Feb 22 2008).
Without the owner's prior written consent, no decompiling
nor reverse-engineering shall be allowed.
Huawei Versatile Routing Platform Software
VRP software, Version 3.40, Feature 1652
Copyright (c) 1998-2008 Huawei Technologies Co., Ltd. All rights reserved.
Quidway SecPath //此处如果是SecPath,则为防火墙100F uptime is 0 week, 0 day, 3 hours, 10 minutes
CPU type: Mips IDT RC32438 266MHz
256M bytes DDR SDRAM Memory
16M bytes Flash Memory
Pcb Version:3.0
Logic Version:1.0
BootROM Version:1.17
[SLOT 0] 4FE (Hardware)3.0, (Driver)2.0, (Cpld)1.0
[SLOT 1] 3FE (Hardware)3.0, (Driver)2.0, (Cpld)1.0
dis ver
Copyright Notice:
All rights reserved (Jun 14 2005).
Without the owner's prior written consent, no decompiling
nor reverse-engineering shall be allowed.
Huawei-3Com Versatile Routing Platform Software
VRP(R) software, Version 3.40, Release RT-0011
Copyright (c) 2003-2005 Hangzhou Huawei-3Com Tech. Co.,Ltd. All rights reserved.
Copyright (c) 2000-2003 Huawei Tech. Co.,Ltd. All rights reserved.
Quidway AR28-31//此为路由器,AR28-31为路由器的型号. uptime is 0 week, 0 day, 21 hours, 13 minutes
CPU type: PowerPC 8245 300MHz
128M bytes SDRAM Memory
32M bytes Flash Memory
128K bytes NvRAM Memory
Pcb Version:1.0
Logic Version:1.0
BootROM Version:9.12
[SLOT 0] 2FE (Hardware)2.1, (Driver)2.0, (Cpld)0.0
[SLOT 2] 4E1-F (Hardware)1.0, (Driver)1.0, (Cpld)1.0
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
