NAT實驗組-靜態+端口映射
靜態NAT
拓撲圖如下:
實驗步驟
1、設置sw三層交換機
sw#conf t
Enter configuration commands, one per line. End with CNTL/Z.
sw(config)#no ip routing //關閉路由功能
sw(config)#2、設置路由R1
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int f0/0
R1(config-if)#ip add 192.168.10.1 255.255.255.0 //僅設定IP地址與子網掩碼
R1(config-if)#no shut
*Mar 1 00:03:21.575: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 00:03:22.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R1(config-if)#int f 0/1
R1(config-if)#ip add 8.0.0.1 255.0.0.0 //僅設定IP地址與字網掩碼
R1(config-if)#no shut
*Mar 1 00:03:42.443: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Mar 1 00:03:43.443: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
R1(config-if)#ex
R1(config)#ip route 0.0.0.0 0.0.0.0 8.0.0.2 //設置默認路由
R1(config)#do show ip route //查看路由表
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 8.0.0.2 to network 0.0.0.0
C 192.168.10.0/24 is directly connected, FastEthernet0/0
C 8.0.0.0/8 is directly connected, FastEthernet0/1
S* 0.0.0.0/0 [1/0] via 8.0.0.2
R1(config)#3、設置路由R2
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int f 0/1
R2(config-if)#ip add 8.0.0.2 255.0.0.0 //僅設定IP地址與子網掩碼
R2(config-if)#no shut
R2(config-if)#int f 0/0
R2(config-if)#
*Mar 1 00:05:13.815: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Mar 1 00:05:14.815: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
R2(config-if)#ip add 192.168.200.1 255.255.255.0 //僅設定IP地址與字網掩碼
R2(config-if)#no shut
R2(config-if)#
*Mar 1 00:05:40.643: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 00:05:41.643: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R2(config-if)#ex
R2(config)#ip route 192.168.10.0 255.255.255.0 8.0.0.1 //設置靜態路由
R2(config)#do show ip route //查看路由表
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
S 192.168.10.0/24 [1/0] via 8.0.0.1
C 192.168.200.0/24 is directly connected, FastEthernet0/0
C 8.0.0.0/8 is directly connected, FastEthernet0/1
R2(config)#4、設定三臺PC機
PC1
PC1>
PC1> ip 192.168.10.10 192.168.10.1
Checking for duplicate address...
PC1 : 192.168.10.10 255.255.255.0 gateway 192.168.10.1
PC1>PC2
PC2>
PC2> ip 192.168.10.20 192.168.10.1
Checking for duplicate address...
PC1 : 192.168.10.20 255.255.255.0 gateway 192.168.10.1
PC2> PC3
PC3>
PC3> ip 192.168.200.20 192.168.200.1
Checking for duplicate address...
PC1 : 192.168.200.20 255.255.255.0 gateway 192.168.200.1
PC3> 此時,整個實驗結構已完成,已經可以做到全網互通,參考如下:(如不能聯通,請自行檢查)
爲滿足實驗目的,接下來將進行靜態NAT的設置
在R1上設置靜態NAT
R1(config)#ip nat source static 192.168.10.10 8.8.8.8 //靜態NAT1
*Mar 1 00:13:12.995: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up
R1(config)#ip nat source static 192.168.10.20 8.8.8.10 //靜態NAT2
R1(config)#int f 0/0
R1(config-if)#ip nat inside //啓用外部NAT
R1(config-if)#int f 0/1
R1(config-if)#ip nat outside //啓用內部NAT
R1(config-if)#實驗完成\~\~\~\~\~
靜態NAT-端口映射
拓撲圖如下:
實驗步驟
1、設置Linux服務器
將端口進行綁定,綁定在VMnet1上,並設置靜態IP
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
改dhcp爲static
在末行按o在下行插入
IPADDR=192.168.100.100
NETMASK=255.255.255.0
GATEWAY=192.168.100.1
[root@localhost ~]# service network restart
Restarting network (via systemctl): [ 確定 ]
[root@localhost ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.100 netmask 255.255.255.0 broadcast 192.168.100.255安裝http服務並自定義首頁
[root@localhost ~]# yum install httpd -y
[root@localhost ~]# vim /var/www/html/index.html //寫測試網頁
<h1>this is inside web</h1>
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 02、設置路由R1
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int f 0/0
R1(config-if)#ip add 192.168.10.1 255.255.255.0 //僅設置IP地址和子網掩碼
R1(config-if)#no shut
*Mar 1 00:00:44.895: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 00:00:45.895: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R1(config-if)#int f 0/1
R1(config-if)#ip add 8.0.0.1 255.0.0.0 //僅設置IP地址和子網掩碼
R1(config-if)#no shut
R1(config-if)#ex
*Mar 1 00:01:03.159: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Mar 1 00:01:04.159: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
R1(config-if)#ex
R1(config)#3、設置Host2主機
綁定VMnet2,並設置靜態IP
此時,通過在瀏覽器在輸入192.168.100.100,即可訪問對方網頁
爲了滿足實驗要求,下面將進行端口映射
R1
R1(config)#ip nat inside source static tcp 192.168.100.100 80 12.0.0.100 8080 extendable R1(config)#int f0/0
R1(config-if)#ip nat inside
R1(config-if)#int f0/1
R1(config-if)#ip nat outsid
R1(config-if)#end
R1#debug ip nat
IP NAT debugging is on
*Mar 1 00:36:59.327: NAT*: TCP s=49160, d=8080->80
*Mar 1 00:36:59.327: NAT*: s=12.0.0.12, d=12.0.0.100->192.168.100.100 [364]
//端口和地址都進行了轉換驗證結果
使用Host2主機再次進行訪問,輸入http://12.0.0.100:8080同樣可以訪問。
