526互联

30、NAT网络地址转换

发布时间 2023-08-21 17:53:26作者: 五杀摇滚小拉夫
网络地址技术NAT的主要功能是实现内网访问外网,实现IP地址的转换。NAT一般部署在出口防火墙或者路由器中,可以更加安全的访问Internet,同时可以保护私有网络信息不被直接暴露在公网中,是一种主要解决IP地址短缺的技术。NAT转换技术包括静态、动态以及地址端口转换NAPT三种方式。
NAT地址转换主要解决IPv4地址资源短缺枯竭制约网络发展的原因,IPv6技术可以解决IP地址匮乏的问题,但是大多数网络设备以及服务应用还是基于IPv4技术。
NAT网络地址转换就是将私网地址转换为公网地址。

实践项目,通过NAT地址转换技术,实现私网地址能够访问互联网。当采用静态、动态两种NAT地址转换模式,可以实现私网地址访问互联网的需求。但是不能节约公网地址,一般不采用。端口转换NAPT(Easy Ip),可以实现一个公网地址对应个人私网地址,因为进行了端口转换。

1、NAT转换基本配置拓扑

 2、依次配置PC1、PC2、Server1、Server2、PC3的ip地址

3、①、sw1的基本配置

 测试 sw1ping PC1 通的

②、AR1的基本配置

<Huawei>
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR1
[AR1]un in en
Info: Information center is disabled.
[AR1]interface GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0]ip address 10.1.10.3 24
[AR1-GigabitEthernet0/0/0]quit
[AR1]interface GigabitEthernet 0/0/1
[AR1-GigabitEthernet0/0/1]ip address 60.200.32.1 24
[AR1-GigabitEthernet0/0/1]quit
[AR1]interface GigabitEthernet 0/0/2
[AR1-GigabitEthernet0/0/2]ip address 192.168.9.254 24
[AR1-GigabitEthernet0/0/2]quit
[AR1]ip route-static 0.0.0.0 0 60.200.32.2
[AR1]quit
<AR1>save
The current configuration will be written to the device.
Are you sure to continue?[Y/N]Y
Info: Please input the file name ( *.cfg, *.zip ) [vrpcfg.zip]:
Now saving the current configuration to the slot 17.
Save the configuration successfully.
<AR1>
<AR1>sys

③、AR2的基本配置

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR2
[AR2]un in en
Info: Information center is disabled.
[AR2]interface GigabitEthernet 0/0/0
[AR2-GigabitEthernet0/0/0]ip address 60.200.32.2 24
[AR2-GigabitEthernet0/0/0]quit
[AR2]interface GigabitEthernet 0/0/1
[AR2-GigabitEthernet0/0/1]ip address 192.168.19.254 24
[AR2-GigabitEthernet0/0/1]quit
[AR2]interface GigabitEthernet 0/0/2
[AR2-GigabitEthernet0/0/2]ip address 172.99.0.254 24
[AR2-GigabitEthernet0/0/2]quit
[AR2]quit
<AR2>save
The current configuration will be written to the device.
Are you sure to continue?[Y/N]Y
Info: Please input the file name ( *.cfg, *.zip ) [vrpcfg.zip]:
Now saving the current configuration to the slot 17.
Save the configuration successfully.
<AR2>

 待补充,配置PC1 ping Server2 发现不通,配置无效待检查