网络安全学习--NAT

最新推荐文章于 2022-12-15 15:58:39 发布

丢爸

最新推荐文章于 2022-12-15 15:58:39 发布

阅读量833

点赞数

分类专栏：网络安全文章标签：网络网络安全

本文链接：https://blog.csdn.net/xuwenpeng/article/details/122008092

版权

网络安全专栏收录该内容

26 篇文章 7 订阅

订阅专栏

NAT

NAT(Network Address Translations)网络地址转换
IPV4地址不够用了
IP地址分为公网IP和私有IP
- 公网上不允许出现私有IP
- 私网IP可以重复在内网使用
NAT实现公私有IP地址的转换，一般在路由器或防火墙上完成，不建议在三层交换机上配置。

私有IP地址范围

10.0.0.0/8
172.16.0.0/16-172.31.0.0/16(172.16开头至172.31开头)
192.168.0.0/16(192.168开头的)

NAT分类

静态NAT：1对1映射，（静态PAT，端口映射）
动态NAT
PAT(端口地址转换)Port Address Translations,也叫端口复用技术

NAT定义

定义内外网端口
- 内网到外网：转换源IP
- 外网到内网：转换目标IP
NAT地址转换表

NAT命令

定义内网端口

interface fa0/0
ip nat inside
exit

定义外网端口

interface fa0/1
ip nat outside
exit

配置PAT

#定义内部地址池
access-list 1 permit 192.168.0.0 0.0.255.255
#做PAT动态映射
ip nat inside source list 1 int fa0/1 overload
#配置静态端口转换
ip nat inside source static tcp 192.168.1.3 80 100.1.1.2 80

实验一

实验文件下载
在这里插入图片描述

#------------------Router0配置
Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# interface fa0/0
Router(config-if)#ip addr 192.168.1.254 255.255.255.0
Router(config-if)#no shutdown

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

Router(config-if)#exit
Router(config)#interface fa0/1
Router(config-if)#ip addr 100.1.1.1 255.255.255.0
Router(config-if)#no shutdown

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

Router(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

Router(config-if)#exit
Router(config)#interface fa0/0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#interface fa0/1
Router(config-if)#ip nat outside
Router(config-if)#exit
Router(config)#access-list 1 permit 192.168.1.0 0.0.0.255
Router(config)#ip nat inside source list 1 int fa0/1 overload
Router(config)#ip route 0.0.0.0 0.0.0.0 100.1.1.2
Router(config)#ip nat inside source static tcp 192.168.1.3 80 100.1.1.1 80
Router(config)#
#查看nat转换表
Router(config)#do show ip nat translations
Pro  Inside global     Inside local       Outside local      Outside global
icmp 100.1.1.1:37      192.168.1.1:37     200.1.1.1:37       200.1.1.1:37
icmp 100.1.1.1:38      192.168.1.1:38     200.1.1.1:38       200.1.1.1:38
icmp 100.1.1.1:39      192.168.1.1:39     200.1.1.1:39       200.1.1.1:39
icmp 100.1.1.1:40      192.168.1.1:40     200.1.1.1:40       200.1.1.1:40
tcp 100.1.1.1:80       192.168.1.3:80     ---                ---
tcp 100.1.1.1:80       192.168.1.3:80     200.1.1.1:1030     200.1.1.1:1030
#------------------Router0配置
#------------------Router1配置
Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#interface fa0/1
Router(config-if)#ip addr 100.1.1.2 255.255.255.0
Router(config-if)#no shutdown

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

Router(config-if)#exit
Router(config)#interface fa0/0
Router(config-if)#ip addr 150.1.1.1 255.255.255.0
Router(config-if)#no shutdown

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

Router(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

Router(config-if)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     100.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       100.1.1.0/24 is directly connected, FastEthernet0/1
L       100.1.1.2/32 is directly connected, FastEthernet0/1
     150.1.0.0/16 is variably subnetted, 2 subnets, 2 masks
C       150.1.1.0/24 is directly connected, FastEthernet0/0
L       150.1.1.1/32 is directly connected, FastEthernet0/0

Router(config-if)#ip route 200.1.1.0 255.255.255.0 150.1.1.2
Router(config)#
#------------------Router1配置
#------------------Router2配置
Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#interface fa0/0
Router(config-if)#ip addr 150.1.1.2 255.255.255.0
Router(config-if)#no shutdown

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

Router(config-if)#exit
Router(config)#interface fa0/1
Router(config-if)#ip addr 200.1.1.1 255.255.255.0
Router(config-if)#no shutdown

Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

Router(config-if)#no ip addr 200.1.1.1 255.255.255.0
Router(config-if)#ip addr 200.1.1.254 255.255.255.0
Router(config-if)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     150.1.0.0/16 is variably subnetted, 2 subnets, 2 masks
C       150.1.1.0/24 is directly connected, FastEthernet0/0
L       150.1.1.2/32 is directly connected, FastEthernet0/0
     200.1.1.0/24 is variably subnetted, 2 subnets, 2 masks
C       200.1.1.0/24 is directly connected, FastEthernet0/1
L       200.1.1.254/32 is directly connected, FastEthernet0/1

Router(config-if)#exit
Router(config)#ip route 100.1.1.0 255.255.255.0 150.1.1.1
Router(config)#no ip route 100.1.1.0 255.255.255.0 150.1.1.1
Router(config)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     150.1.0.0/16 is variably subnetted, 2 subnets, 2 masks
C       150.1.1.0/24 is directly connected, FastEthernet0/0
L       150.1.1.2/32 is directly connected, FastEthernet0/0
     200.1.1.0/24 is variably subnetted, 2 subnets, 2 masks
C       200.1.1.0/24 is directly connected, FastEthernet0/1
L       200.1.1.254/32 is directly connected, FastEthernet0/1

Router(config)#ip route 0.0.0.0 0.0.0.0 150.1.1.1
Router(config)#

#------------------Router2配置