Shulou(Shulou.com)06/03 Report--

Read this document to describe in detail the objectives of the NAT configuration lab for network address translation

Understand the principle and function of NAT network address translation

Master the configuration of static NAT to realize LAN access to the Internet

Experimental background

You are the network administrator of a company and want to release the company's WWW service. Now it is required to map the IP address of the intranet Web server to the global IP address, so that the external network can access the company's internal Web server.

Technical principle

Network address Translation NAT (Network Address Translation) is widely used in various types of Internet access methods and various types of networks. The reason is simple: NAT not only perfectly solves the problem of insufficient IP addresses, but also effectively avoids attacks from outside the network, hides and protects computers inside the network. By default, the internal IP address cannot be routed to the external network. The internal host 10.1.1.1 communicates with the external Internet. When the IP packet arrives at the NAT router, the source address of the IP packet header 10.1.1.1 is replaced with a legitimate extranet IP, and the record is kept in the NAT forwarding table. When the external host sends a reply to the internal network, the NAT router receives it, looks at the current NAT translation table, and replaces the external network address with 10.1.1.1. NAT divides the network into two parts: the internal network and the external network. When a LAN host accesses the network using NAT, it translates the local address inside the LAN into a global address (the legal IP address of the Internet) and forwards the data packet.

There are two types of NAT: NAT (Network address Translation) and NAPT (Network Port address Translation IP address corresponds to a global address).

Static NAT: implements one-to-one mapping between internal and external addresses. In reality, it is generally used for servers.

Dynamic NAT: defines an address pool, automatically maps, and is also one-to-one. In reality, it is used less.

NAPT: use different ports to map multiple private network IP addresses to a specified public network IP address, many-to-one.

Experimental procedure

Create a new Packet Tracer topology diagram

(1) R1 is the company's export router, which is connected with the external router through V.35 cable serial port, and the DCE terminal is connected to R1 with a clock rate of 64000.

(2) configure the IP address of PC machine, server and router interface

(3) configure static routing protocols on each router so that PC can communicate with each other through Ping

(4) configure static NAT on R1.

(5) define internal and external network interfaces on R1.

(6) verify the interoperability between hosts.

Experimental equipment PC 1; Server-PT 1; Switch_2950-24 1; Router-PT 2; direct connection; cross line DCE serial line Server-PT192.168.1.2255.255.255.0192.168.1.1PC0222.0.2.2255.255.255.0222.0.2.1R1enconf thost R1int fa 0/0ip address 192.168.1.1 255.255.255.0no shutdownint s 2/0ip address 222.0.1.1 255.255.255.0no shutdownclock rate 64000R2enconf thost R2int s 2/0ip address 222.0.1.2 255.255.255.0no shutint fa 0/0ip address 222.0.2.1 255.255.255.0no shutdownR1exit Ip route 222.0.2.0 255.255.255.0 222.0.1.2R2exitip route 192.168.1.0 255.255.255.0 222.0.1.1endshow ip routePC0CMDping 192.168.1.2 (success) Web browser http://192.168.1.2 (success)

R1int fa 0/0ip nat insideint s 2/0ip nat outsideexitip nat inside source static 192.168.1.2 222.0.1.3endshow ip nat translationsPC0Web browser http://222.0.1.3 (success)

R1show ip nat translations actual combat exercise R1Continue with configuration dialog? [yes/no]: nPress RETURN to get stardling Router > enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router (config) # hostname R1R1 (config) # int fa 0/0R1 (config-if) # ip add 192.168.1.1 255.255.255.0R1 (config-if) # no shutR1 (config-if) #% LINK-5-CHANGED: Interface FastEthernet0/0, changed state to upR1 (config-if) # int s 2/0R1 (config-if) # ip add 222.0.1.1 255.255.255.0R1 (config-if) # no shut%LINK-5-CHANGED: Interface Serial2/0 Changed state to downR1 (config-if) # clock rate 64000R1 (config-if) # R2Continue with configuration dialog? [yes/no]: nPress RETURN to get stardling Router > enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router (config) # host R2R2 (config) # int s 2/0R2 (config-if) # ip add 222.0.1.2 255.255.255.0R2 (config-if) # no shut%LINK-5-CHANGED: Interface Serial2/0, changed state to upR2 (config-if) # int fa 0/0R2 (config-if) # ip add 222.0.2.1 255.255.255.0R2 (config-if) # no shut%LINK-5-CHANGED: Interface FastEthernet0/0 Changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0 Changed state to upR2 (config-if) # R1R1 (config-if) # exitR1 (config) # R1 (config) # ip route 222.0.2.0 255.255.255.0 222.0.1.2R2R2 (config-if) # exitR2 (config) # R2 (config) # ip route 192.168.1.0 255.255.255.0 222.0.1.1R2 (config) # endR2#%SYS-5-CONFIG_I: Configured from console by consoleR2#show ip routeCodes: C-connected, S-static, I-IGRP, R-RIP M-mobile, B-BGP D-EIGRP, EX-EIGRP external, O-OSPF, IA-OSPF inter area N1-OSPF NSSA external type 1, N2-OSPF NSSA external type 2 E1-OSPF external type 1, E2-OSPF external type 2, E-EGP I-IS-IS, L1-IS-IS level-1, L2-IS-IS level-2, ia-IS-IS inter area *-candidate default, U-per-user static route O-ODR P-periodic downloaded static routeGateway of last resort is not setS 192.168.1.0 via 222.0.1.1C 222.0.1.0 is directly connected 24 is directly connected, Serial2/0C 222.0.2.0 is directly connected FastEthernet0/0R2#PC0CMD ping 192.168.1.2 (success) PC > ipconfigIP Address..: 222.0.2.2Subnet Mask.: 255.255.255.0Default Gateway.: 222.0.2.1PC > ping 192.168.1.2Pinging 192.168.1.2 with 32 Bytes of data:Request timed out.Reply from 192.168.1.2: bytes=32 time=19ms TTL=126Reply from 192.168.1.2: bytes=32 time=18ms TTL=126Reply from 192.168.1.2: bytes=32 time=23ms TTL=126Ping statistics for 192.168.1.2: Packets: Sent = 4 Received = 3, Lost = 1 (25% loss), Approximate round trip times in milli-seconds: Minimum = 18ms, Maximum = 23ms, Average = 20msPC > ping 192.168.1.2Pinging 192.168.1.2 with 32 bytes of data:Reply from 192.168.1.2: bytes=32 time=26ms TTL=126Reply from 192.168.1.2: bytes=32 time=26ms TTL=126Reply from 192.168.1.2: bytes=32 time=22ms TTL=126Reply from 192.168.1.2: bytes=32 time=23ms TTL=126Ping statistics for 192.168.1.2: Packets: Sent = 4, Received = 4 Lost = 0 (0 loss), Approximate round trip times in milli-seconds: Minimum = 22ms, Maximum = 26ms, Average = 24msPC > Web browser http://192.168.1.2 (success) R1R1 > enR1#conf tEnter configuration commands, one per line. End with CNTL/Z.R1 (config) # int fa 0/0R1 (config-if) # ip nat insideR1 (config-if) # int s 2/0R1 (config-if) # ip nat outsideR1 (config-if) # exitR1 (config) # ip nat inside source static 192.168.1.2 222.0.1.3R1 (config) # endR1#%SYS-5-CONFIG_I: Configured from console by consoleR1#show ip nat translationsPro Inside global Inside local Outside local Outside global--- 222 .0.1.3 192.168.1.2-R1#PC0Web browser http://222.0.1.3 (success) CMD ping 222.0.1.3PC > ipconfigIP Address..: 222.0.2.2Subnet Mask.: 255. 255.255.0Default Gateway.: 222.0.2.1PC > ping 222.0.1.3Pinging 222.0.1.3 with 32 bytes of data:Reply from 222.0.1.3: bytes=32 time=21ms TTL=126Reply from 222.0.1.3: bytes=32 time=22ms TTL=126Reply from 222.0.1.3: bytes=32 time=23ms TTL=126Reply from 222.0.1.3: bytes=32 time=23ms TTL=126Ping statistics for 222.0.1.3: Packets: Sent = 4 Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 21ms, Maximum = 23ms, Average = 22ms

Original address of this article: https://www.linuxprobe.com/network-address-translation.html

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.