华为实验配置 RIP NAT ACL
1.拓扑
2.要求
配置RIP
配置NAT
配置ACL
配置NAT server
3.步骤:
(1)按图配置IP,rip宣告
![在这里插入图片描述](https://img-blog.csdnimg.cn/20200925191651744.png#pic_center
RIP:
R1:
rip
version 2
network 192.168.1.0
network 192.168.2.0
R2
rip
version 2
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
R3
rip
version 2
network 192.168.4.0
network 192.168.5.0
(2)配置NAT
- 创建访问编号3000
acl 3000 - 拒绝192.168.1.20访问192.168.3.10ftp和网站
[Huawei-acl-adv-3000]rule 5 deny tcp source 192.168.1.20 0.0.0.0destination192.168.3.10 0.0.0.0 destination-port eq ftp
[Huawei-acl-adv-3000]rule 5 deny tcp source 192.168.1.20 0.0.0.0destination192.168.3.10 0.0.0.0 destination-port eq www - 应用到接口:
Huawei]interface GigabitEthernet 0/0/1
Huawei-GigabitEthernet0/0/1]traffic-filter inbound acl 3000 - 验证:
(3)配置ACL
5. 创建acl和需要转换的流量
[Huawei]acl 2000
[Huawei-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
6. 创建地址池:
[Huawei]nat address-group 1 192.168.2.10 192.168.2.15
3.将访问控制列表映射到地址池
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 no-pat
7. 验证:
(4)配置NAT server
- 将内网服务器192.168.1.10的·ftp的端口映射到192.168.3.10的端口上
[Huawei]interface GigabitEthernet 0/0/1 //进接口
[Huawei-GigabitEthernet0/0/1]nat server protocol tcp global 192.168.2.10 ftp ins
ide 192.168.1.10 ftp // 端口映射