NAT配置

NAT配置

一、實驗目的

1、靜態的NAT配置

2、動態的NAT配置

3、 PAT配置

二、實驗拓撲

三、實驗步驟

R1的基本配置

conf t

no ip domain-look

int f1/0

ip add 10.1.1.1 255.255.255.0

no sh

int f0/0

ip add 192.168.1.1 255.255.255.0

no sh

exit

R2的基本配置

conf t

no ip domain-look

int f0/0

ip add 192.168.1.2 255.255.255.0

no sh

int f1/0

ip add 172.16.1.1 255.255.255.0

no sh

exit

1. 靜態NAT配置

ip nat inside source static 10.1.1.2 192.168.1.10

ip nat inside source static 10.1.1.3 192.168.1.20

int f1/0

ip nat inside

int f0/0

ip nat outside

ip nat inside source static 172.16.1.2 192.168.1.30

ip nat inside source static 172.16.1.3 192.168.1.40

int f1/0

ip nat inside

int f0/0

ip nat outside

驗證:

VPCS 1 >ping 192.168.1.2

192.168.1.2 icmp_seq=1 timeout

192.168.1.2 icmp_seq=2 time=110.000 ms

192.168.1.2 icmp_seq=3 time=62.000 ms

192.168.1.2 icmp_seq=4 time=47.000 ms

192.168.1.2 icmp_seq=5 time=62.000 ms

Router#sh ip nat translations

Pro Inside global Inside local Outside local Outside global

icmp 192.168.1.10:24510 10.1.1.2:24510 192.168.1.2:24510 192.168.1.2:24510

icmp 192.168.1.10:24766 10.1.1.2:24766 192.168.1.2:24766 192.168.1.2:24766

icmp 192.168.1.10:25022 10.1.1.2:25022 192.168.1.2:25022 192.168.1.2:25022

icmp 192.168.1.10:25278 10.1.1.2:25278 192.168.1.2:25278 192.168.1.2:25278

icmp 192.168.1.10:25534 10.1.1.2:25534 192.168.1.2:25534 192.168.1.2:25534

icmp 192.168.1.10:25790 10.1.1.2:25790 192.168.1.2:25790 192.168.1.2:25790

--- 192.168.1.10 10.1.1.2 --- ---

--- 192.168.1.20 10.1.1.3 --- ---

從上可以看出內網已經可以和外網通信了。

2. 動態NAT配置

conf t

access-list 1 permit 10.1.1.0 0.0.0.255

ip nat pool AAA 192.168.1.100 192.168.1.150 netmask 255.255.255.0

ip nat inside source list 1 pool AAA

int f1/0

ip nat inside

int f0/0

ip nat outside

conf t

access-list 1 permit 172.16.1.0 0.0.0.255

ip nat pool BBB 192.168.1.151 192.168.1.200 netmask 255.255.255.0

ip nat inside source list 1 pool BBB

int f1/0

ip nat inside

int f0/0

ip nat outside

驗證：

VPCS 1 >ping 192.168.1.2

192.168.1.2 icmp_seq=1 timeout

192.168.1.2 icmp_seq=2 time=125.000 ms

192.168.1.2 icmp_seq=3 time=125.000 ms

192.168.1.2 icmp_seq=4 time=47.000 ms

192.168.1.2 icmp_seq=5 time=125.000 ms

Router#sh ip nat translations

Pro Inside global Inside local Outside local Outside global

icmp 192.168.1.100:50368 10.1.1.2:50368 192.168.1.2:50368 192.168.1.2:50368

icmp 192.168.1.100:50624 10.1.1.2:50624 192.168.1.2:50624 192.168.1.2:50624

icmp 192.168.1.100:50880 10.1.1.2:50880 192.168.1.2:50880 192.168.1.2:50880

icmp 192.168.1.100:51136 10.1.1.2:51136 192.168.1.2:51136 192.168.1.2:51136

icmp 192.168.1.100:51392 10.1.1.2:51392 192.168.1.2:51392 192.168.1.2:51392

icmp 192.168.1.100:51648 10.1.1.2:51648 192.168.1.2:51648 192.168.1.2:51648

--- 192.168.1.100 10.1.1.2 --- ---

Router#sh ip nat translations

Pro Inside global Inside local Outside local Outside global

--- 192.168.1.100 10.1.1.2 --- ---

icmp 192.168.1.101:10180 10.1.1.3:10180 192.168.1.2:10180 192.168.1.2:10180

icmp 192.168.1.101:10436 10.1.1.3:10436 192.168.1.2:10436 192.168.1.2:10436

icmp 192.168.1.101:10692 10.1.1.3:10692 192.168.1.2:10692 192.168.1.2:10692

icmp 192.168.1.101:10948 10.1.1.3:10948 192.168.1.2:10948 192.168.1.2:10948

icmp 192.168.1.101:11204 10.1.1.3:11204 192.168.1.2:11204 192.168.1.2:11204

icmp 192.168.1.101:11460 10.1.1.3:11460 192.168.1.2:11460 192.168.1.2:11460

--- 192.168.1.101 10.1.1.3 --- ---

Router#

從上面可以看到內網已經從地址池中動態的選擇了外網IP（默認是從小往大）

3. PAT配置

conf t

access-list 1 permit 10.1.1.0 0.0.0.255

ip nat pool ABC 192.168.1.20 192.168.1.20 netmask 255.255.255.0 定義地址池

ip nat inside source list 1 pool ABC overload

int f1/0

ip nat inside

int f0/0

ip nat outside

end

conf t

access-list 1 permit 172.16.1.0 0.0.0.255

ip nat inside source list 1 int f0/0 overload 定義接口

int f1/0

ip nat inside

int f0/0

ip nat outside

end

驗證：

VPCS 1 >ping 192.168.1.2

192.168.1.2 icmp_seq=1 time=172.000 ms

192.168.1.2 icmp_seq=2 time=62.000 ms

192.168.1.2 icmp_seq=3 time=94.000 ms

192.168.1.2 icmp_seq=4 time=78.000 ms

192.168.1.2 icmp_seq=5 time=62.000 ms

VPCS 2 >ping 192.168.1.2

192.168.1.2 icmp_seq=1 time=125.000 ms

192.168.1.2 icmp_seq=2 time=93.000 ms

192.168.1.2 icmp_seq=3 time=94.000 ms

192.168.1.2 icmp_seq=4 time=62.000 ms

192.168.1.2 icmp_seq=5 time=93.000 ms

VPCS 3 >ping 192.168.1.1

192.168.1.1 icmp_seq=1 time=141.000 ms

192.168.1.1 icmp_seq=2 time=47.000 ms

192.168.1.1 icmp_seq=3 time=78.000 ms

192.168.1.1 icmp_seq=4 time=78.000 ms

192.168.1.1 icmp_seq=5 time=62.000 ms

VPCS 4 >ping 192.168.1.1

192.168.1.1 icmp_seq=1 time=110.000 ms

192.168.1.1 icmp_seq=2 time=94.000 ms

192.168.1.1 icmp_seq=3 time=62.000 ms

192.168.1.1 icmp_seq=4 time=78.000 ms

192.168.1.1 icmp_seq=5 time=125.000 ms

Router#sh ip nat translations（R1）

Pro Inside global Inside local Outside local Outside global

icmp 192.168.1.20:7625 10.1.1.2:7625 192.168.1.2:7625 192.168.1.2:7625

icmp 192.168.1.20:7881 10.1.1.2:7881 192.168.1.2:7881 192.168.1.2:7881

icmp 192.168.1.20:8137 10.1.1.2:8137 192.168.1.2:8137 192.168.1.2:8137

icmp 192.168.1.20:8393 10.1.1.2:8393 192.168.1.2:8393 192.168.1.2:8393

icmp 192.168.1.20:8649 10.1.1.2:8649 192.168.1.2:8649 192.168.1.2:8649

icmp 192.168.1.20:8905 10.1.1.2:8905 192.168.1.2:8905 192.168.1.2:8905

icmp 192.168.1.20:10185 10.1.1.3:10185 192.168.1.2:10185 192.168.1.2:10185

icmp 192.168.1.20:10697 10.1.1.3:10697 192.168.1.2:10697 192.168.1.2:10697

icmp 192.168.1.20:10953 10.1.1.3:10953 192.168.1.2:10953 192.168.1.2:10953

icmp 192.168.1.20:11209 10.1.1.3:11209 192.168.1.2:11209 192.168.1.2:11209

icmp 192.168.1.20:11465 10.1.1.3:11465 192.168.1.2:11465 192.168.1.2:11465

icmp 192.168.1.20:11721 10.1.1.3:11721 192.168.1.2:11721 192.168.1.2:11721

Router#sh ip nat translations（R2）

Pro Inside global Inside local Outside local Outside global

icmp 192.168.1.2:13001 172.16.1.2:13001 192.168.1.1:13001 192.168.1.1:13001

icmp 192.168.1.2:13257 172.16.1.2:13257 192.168.1.1:13257 192.168.1.1:13257

icmp 192.168.1.2:13769 172.16.1.2:13769 192.168.1.1:13769 192.168.1.1:13769

icmp 192.168.1.2:14025 172.16.1.2:14025 192.168.1.1:14025 192.168.1.1:14025

icmp 192.168.1.2:14281 172.16.1.2:14281 192.168.1.1:14281 192.168.1.1:14281

icmp 192.168.1.2:14537 172.16.1.2:14537 192.168.1.1:14537 192.168.1.1:14537

icmp 192.168.1.2:15817 172.16.1.3:15817 192.168.1.1:15817 192.168.1.1:15817

icmp 192.168.1.2:16073 172.16.1.3:16073 192.168.1.1:16073 192.168.1.1:16073

icmp 192.168.1.2:16329 172.16.1.3:16329 192.168.1.1:16329 192.168.1.1:16329

icmp 192.168.1.2:16585 172.16.1.3:16585 192.168.1.1:16585 192.168.1.1:16585

icmp 192.168.1.2:16841 172.16.1.3:16841 192.168.1.1:16841 192.168.1.1:16841

icmp 192.168.1.2:17097 172.16.1.3:17097 192.168.1.1:17097 192.168.1.1:17097

從實驗結果可以看出PAT配置的靈活性即多個主機共用一個公網IP，用端口號來識別

四、實驗總結

三種方法都到達了地址轉換，其中應用最多的還是PAT 。

NAT的工作原理：
　　　當內部網絡中的一臺主機想傳輸數據到外部網絡時，它先將數據包傳輸到NAT路由器上，路由器檢查數據包的報頭，獲取該數據包的源IP信息，並從它的NAT映射表中找出與該IP匹配的轉換條目，用所選用的內部全局地址（全球唯一的IP地址）來替換內部局部地址，並轉發數據包。
　　　當外部網絡對內部主機進行應答時，數據包被送到NAT路由器上，路由器接收到目的地址爲內部全局地址的數據包後，它將用內部全局地址通過NAT映射表查找出內部局部地址，然後將數據包的目的地址替換成內部局部地址，並將數據包轉發到內部主機。

Android啓動過程-萬字長文(Android14)

這種嵌套字典類型的數據，我想把它讀取到df裏，如何操作？

【SQL進階】CASE語句的使用

微調真的能讓LLM學到新東西嗎:引入新知識可能讓模型產生更多的幻覺

iNeuOS工業互聯網操作系統，增加電力IEC104協議

微服務實踐k8s&dapr開發部署實驗（3）訂閱發佈

kbgressdb之數據結構V0.2

OSPF路由協議中的鄰居與鄰接的區別

OSPF協議工作原理

配置OSPF動態路由協議的身份驗證

經典網絡問題問與答

遠程控制

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結