Configuration experiment of Network address Translation between single-arm routing and extended ACL and NAT 01/16 Update SLTechnology News&Howtos

Configuration experiment of Network address Translation between single-arm routing and extended ACL and NAT

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

Configuration experiment of Network address Translation between single-arm routing and extended ACL and NAT

Environment description:

1. Using single-arm routing to realize the interconnection between C1 and C2

two。 Realize the interconnection of the whole network

3. Using the extended ACL, the host in network 192.168.10.0 is prohibited from ping the IP address of C3, and the host in network 192.168.20.0 is prohibited from accessing the web service of C3, while any other traffic is allowed.

4. Use PAT to convert the network 192.168.20.0 ax 24 to a legitimate external address 12.0.0.4 max 24 to access C3

5. Use dynamic NAT to convert the network 192.168.10.0Comp24 to a legitimate external address 12.0.0.3Unigram 24, and use NAT port mapping to enable its hosts to access the web server of C3 using port 8080 of the URL 13.0.0.3Comp24.

C3 has created the default home page index.html

Verify that each host enables the httpd service, shuts down the virtual machine's DHCP service, firewall (command is service iptables stop) and SELinux (command is setenforce 0)

Create a vlan10,vlan20 for SW and assign interfaces f1max 1 and f1max 2 to vlan10 and vlan20, respectively

Configure the rate, duplex, and Trunk links for the f1amp0 interface of SW

Configure the encapsulation structure of VLAN tags and the address of subinterfaces on R1

Verify the interconnection between C1 and C2

Assign IP addresses to all interfaces of R1, R2, and R3, and configure static routes to achieve interconnection of the entire network.

Verify the interconnection of the whole network

Configure extended ACL command on R1 to realize access control function

Verify configured access control

Set up PAT to convert the network 192.168.20.0ax 24 to a legitimate external address 12.0.0.4 max 24 to access C3

Test NAT and view the conversion process

Set up dynamic NAT to convert the network 192.168.10.0Comp24 to a legitimate external address of 12.0.0.3Comp24

Set the NAT port mapping so that its host accesses the web server of C3 using port 8080 of the URL 13.0.0.3Comp24.

The experiment is completed

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.