《eNSP - NAT 实验》

eNSP

NAT实验

NAT（Network Address Translator，网络地址转换）是用于在本地网络中使用私有地址，在连接互联网时转而使用全局 IP 地址的技术。NAT实际上是为解决IPv4地址短缺而开发的技术。

 

 

NAT配置

实验6.2

FW1：

system-view

sysname USG6330-1

interface GigabitEthernet 1/0/1

ip address 10.1.2.1 255.255.255.0

quit

interface GigabitEthernet 1/0/4

ip address 40.1.1.1 255.255.255.0

quit

firewall zone trust

add interface GigabitEthernet 1/0/1

quit

firewall zone untrust

add interface GigabitEthernet 1/0/4

quit

security-policy

rule name policy_sec

source-zone trust

destination-zone untrust

action permit

quit

quit

nat address-group natpool

section 2.2.2.2 2.2.2.5

quit

nat-policy

rule name source_nat

destination-zone untrust

source-zone trust

action nat address-group natpool

quit

quit

-------------------------------------------

FW1：

security-policy

rule name bidectinal_nat

source-zone untrust

destination-zone dmz

action permit

service ftp

quit

quit

nat server ftpserver protocol tcp global 40.1.1.2 ftp inside 10.1.1.100 ftp

nat address-group natpool2

section 10.1.1.10 10.1.1.20

quit

firewall interzone dmz untrust

detect ftp

quit

nat-policy

rule name biderectinal_nat

destination-zone dmz

source-zone untrust

source-address 40.1.1.0 24

action nat address-group natpool2

quit

quit

——————————————————

 

交换机 VLAN配置

SW1:

undo ter mo

sys

sys SW1

vlan 10

vlan 20

display vlan

quit

interface Ethernet 0/0/1

port link-type access

port default vlan 10

quit

interface Ethernet 0/0/2

port link-type access

port default vlan 10

quit

interface Ethernet 0/0/4

port link-type access

port default vlan 20

display vlan

SW2:

undo ter mo

sys

sys SW2

vlan batch 10 20

display vlan

interface Ethernet 0/0/2

port link-type access

port default vlan 10

quit

interface Ethernet 0/0/3

port link-type access

port default vlan 10

quit

interface Ethernet 0/0/5

port link-type access

port default vlan 20

display vlan