Shulou(Shulou.com)06/03 Report--

NAT implementation of NAT address Translation

Static conversion (Static Translation)

Dynamic conversion (Dynamic Translation)

Port Multiplexing (Port Address Translation,PAT)

NAT conversion process

Note:

Private →, public network, public network, →, private network, first look up the routing table, then query the NAT table to convert to the public network address, first query the NAT table translation, and then look up the routing table.

The source and destination IP in the LAN are (internal | external) local addresses

The source and destination IP in the public network are (internal | external) global addresses

Translation entries for NAT

Simple translation entry: for IP addresses only

Extended translation entries: for IP address, port

The advantages and disadvantages of NAT translation can save the delay caused by public legal IP addresses, effectively handle address overlap configuration and maintenance more complex enhanced flexibility does not support some applications (can be avoided by static NAT mapping) security (others can not see your real address, you can not see other people's public addresses) * static NAT configuration steps

Set the external port IP address

Router (config) # interface FastEthernet 0ram 0 / / enter the external port Router (config-if) # ip address *. * *. / / set the external IP address and subnet mask

Set the internal port IP address

Router (config) # interface FastEthernet 1amp 0 / / enter the internal port Router (config-if) # ip address *. * *. / / set the internal IP address and subnet mask

Establish static address translation

Router (config) # ip nat inside source static *. * *. / / establish an address translation. The first is an internal address, and the latter is a translated address.

Enable NAT on internal and external port

Router (config) # interface FastEthernet 1amp 0 / / enter the internal port Router (config) # ip nat inside / / internally enable Router (config) # interface FastEthernet 0 / / enter the external port Router (config) # ip nat outside / / externally enable NAT port mapping

Configure internal and external port IP

​ configuration method is the same as static NAT

Establish NAT port mapping relationship

Router (config) # ip nat inside source static protocol local-ip UDP/TCP-port global-ip UDP/TCP-port [extendable]

Example:

Router (config) # ip nat inside source static tcp 192.168.100.2 80 8.8.8.8 8080 extendable

The command line means that the web service provided by port 80 of the 192.168.100.2 host in the internal network is mapped to port 8080 of 8.8.8.8 in the external network, and the external network can only access the web service by accessing port 8080 of the public address 8.8.8.8.

Dynamic NAT configuration steps

Configure internal and external port IP

​ configuration method is the same as static NAT

Define access control lists-standard ACL, extended ACL, named ACL

Router (config) # access-list 1 permit 192.168.100.0 0.0.0.255 / / allow all hosts in this network segment to pass through

Define a legitimate IP address pool

Router (config) # ip nat pool test 61.159.62.2 61.159.62.10 netmask 255.255.255.0 / / define the address pool from 61.159.62.2 to 61.159.62.10

Implement network address translation

Router (config) # ip nat inside source list 1 pool test

Enable NAT on internal and external port

Router (config) # interface FastEthernet 1ramp 0 / / enter the internal port Router (config) # ip nat inside / / internally enable Router (config) # interface FastEthernet 0bin0 / / enter the external port Router (config) # ip nat outside / / external enable PAT configuration step 1, you need to define a pool of IP addresses to specify

Configure internal and external port IP

​ configuration method is the same as static NAT

Define access control lists

Router (config) # access-list 1 permit 192.168.100.0 0.0.0.255 / / allow 100 network segments to pass through

Define a legitimate IP address pool

Router (config) # ip nat pool onlyone 12.0.0.10 12.0.10 netmask 255.255.255.0 / / defines a unique IP address as the outside global address

Implement network address translation

Router (config) # ip nat inside source list 1 pool onlyone overload / / call ACL to implement the conversion

Enable NAT on internal and external port

​ configuration method is equivalent to static NAT

Second, do not define the IP address pool to specify

Configure internal and external port IP

​ configuration method is the same as static NAT

Define access control lists

Router (config) # access-list 1 permit 192.168.100.0 0.0.0.255 / / allow 100 network segments to pass through

Define a legitimate IP address pool

​ this method directly uses the outside interface address as the outside global address, so the IP address pool is no longer defined.

Implement network address translation

Router (config) # ip nat inside source list 1 interface FastEthernet 0swap 0 overload / / call the external interface address for translation

Enable NAT on internal and external port

​ configuration method is equivalent to static NAT

The above is the theoretical knowledge about NAT address translation. The next article will be an experimental operation, please look forward to it. to be continued

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.