H3C路由器之NAT+端口映射實戰

實踐環境就一臺H3C路由器外網接Internet，新聯通的靜態IP接入。內網直聯非網管交換機。

配置如下：

[RouterGate]display current-configuration
#
sysname RouterGate                                 //路由器的名字
cpu-usage cycle 1min
#
radius scheme system
#
domain system
#
local-user root                                          //遠程登錄的用戶名
password simple xxxxxx                          //遠程登錄的明文密碼
service-type telnet terminal
level 3                                                        //遠程登錄的權限等級（0-3）3是最高權限
#
acl number 2001                                                  //定義ACL2001（2000-2999是基本ACL）
rule 0 permit source 192.168.1.0 0.0.0.255       //ACL的0號規則允許源地址的網段訪問
#
interface Aux0
async mode flow
#
interface Ethernet0/0                                         
description LAN                                               
ip address 192.168.1.1 255.255.255.0                
#
interface Ethernet0/1                     
description ISP
ip address 218.xx.yy.34 255.255.255.252            //xx和yy處是爲此公司地址保密
nat outbound 2001                                                // 綁定的ACL2001可以訪問出去
nat server protocol tcp global 218.xx.yy.34 www inside 192.168.1.4 www    //開啓端口映

nat server protocol tcp global 218.xx.yy.34 ftp inside 192.168.1.4 ftp          ///射到.4服務器
#
interface NULL0
#
FTP server enable
#
ip route-static 0.0.0.0 0.0.0.0 218.xx.yy.33 preference 60         //默認路由

user-interface con 0
user-interface aux 0
user-interface vty 0 4                          //設置vty登錄
authentication-mode scheme
user privilege level 3                         //用戶權限
set authentication password simple xxxxxx          //明文密碼

#
return