ÄÚÈÝ·¢²¼¸üÐÂʱ¼ä : 2026/5/7 16:33:03ÐÇÆÚÒ» ÏÂÃæÊÇÎÄÕµÄÈ«²¿ÄÚÈÝÇëÈÏÕæÔĶÁ¡£
H3C·ÓÉÆ÷NATµäÐÍÅäÖð¸ÁУ¨Ê·ÉÏ×îÏêϸ£©
ÉñÂíCCIE£¬H3CIE,HCIEµÈÍøÂ繤³ÌʦÈÕ³£ÊµÊ©ÔËά±Ø±¸£¬Ä㶮µÄ¡£ 1.11 NATµäÐÍÅäÖþÙÀý
1.11.1 ÄÚÍøÓû§Í¨¹ýNATµØÖ··ÃÎÊÍâÍø£¨¾²Ì¬µØַת»»£© 1. ×éÍøÐèÇó
ÄÚ²¿ÍøÂçÓû§10.110.10.8/24ʹÓÃÍâÍøµØÖ·202.38.1.100·ÃÎÊInternet¡£ 2. ×éÍøͼ
ͼ1-5 ¾²Ì¬µØַת»»µäÐÍÅäÖÃ×éÍøͼ
3. ÅäÖò½Öè
# °´ÕÕ×éÍøͼÅäÖø÷½Ó¿ÚµÄIPµØÖ·£¬¾ßÌåÅäÖùý³ÌÂÔ¡£
# ÅäÖÃÄÚÍøIPµØÖ·10.110.10.8µ½ÍâÍøµØÖ·202.38.1.100Ö®¼äµÄÒ»¶ÔÒ»¾²Ì¬µØַת»»Ó³Éä¡£
[Router] nat static outbound 10.110.10.8 202.38.1.100
# ʹÅäÖõľ²Ì¬µØַת»»ÔÚ½Ó¿ÚGigabitEthernet1/2ÉÏÉúЧ¡£ [Router] interface gigabitethernet 1/2
[Router-GigabitEthernet1/2] nat static enable [Router-GigabitEthernet1/2] quit 4. ÑéÖ¤ÅäÖÃ
# ÒÔÉÏÅäÖÃÍê³Éºó£¬ÄÚÍøÖ÷»ú¿ÉÒÔ·ÃÎÊÍâÍø·þÎñÆ÷¡£Í¨¹ý²é¿´ÈçÏÂÏÔʾÐÅÏ¢£¬¿ÉÒÔÑéÖ¤ÒÔÉÏÅäÖóɹ¦¡£
[Router] display nat static Static NAT mappings:
There are 1 outbound static NAT mappings. IP-to-IP:
Local IP : 10.110.10.8 Global IP : 202.38.1.100
Interfaces enabled with static NAT:
There are 1 interfaces enabled with static NAT. Interface: GigabitEthernet1/2
# ͨ¹ýÒÔÏÂÏÔʾÃüÁ¿ÉÒÔ¿´µ½Host·ÃÎÊijÍâÍø·þÎñÆ÷ʱÉú³ÉNAT»á»°ÐÅÏ¢¡£ [Router] display nat session verbose Initiator:
Source IP/port: 10.110.10.8/42496 Destination IP/port: 202.38.1.111/2048 VPN instance/VLAN ID/VLL ID: -/-/-
Protocol: ICMP(1) Responder:
Source IP/port: 202.38.1.111/42496 Destination IP/port: 202.38.1.100/0 VPN instance/VLAN ID/VLL ID: -/-/- Protocol: ICMP(1) State: ICMP_REPLY Application: INVALID
Start time: 2012-08-16 09:30:49 TTL: 27s Interface(in) : GigabitEthernet1/1 Interface(out): GigabitEthernet1/2
Initiator->Responder: 5 packets 420 bytes Responder->Initiator: 5 packets 420 bytes
Total sessions found: 1
1.11.2 ÄÚÍøÓû§Í¨¹ýNATµØÖ··ÃÎÊÍâÍø£¨µØÖ·²»Öصþ£© 1. ×éÍøÐèÇó ¡¤ ij¹«Ë¾ÄÚÍøʹÓõÄIPµØַΪ192.168.0.0/16¡£ ¡¤ ¸Ã¹«Ë¾ÓµÓÐ202.38.1.2ºÍ202.38.1.3Á½¸öÍâÍøIPµØÖ·¡£
ÐèҪʵÏÖ£¬ÄÚ²¿ÍøÂçÖÐ192.168.1.0/24Íø¶ÎµÄÓû§¿ÉÒÔ·ÃÎÊInternet£¬ÆäËüÍø¶ÎµÄÓû§²»ÄÜ·ÃÎÊInternet¡£Ê¹ÓõÄÍâÍøµØַΪ202.38.1.2ºÍ202.38.1.3¡£ 2. ×éÍøͼ
ͼ1-6 ÄÚÍøÓû§Í¨¹ýNAT·ÃÎÊÍâÍø£¨µØÖ·²»Öصþ£©
3. ÅäÖò½Öè
# °´ÕÕ×éÍøͼÅäÖø÷½Ó¿ÚµÄIPµØÖ·£¬¾ßÌåÅäÖùý³ÌÂÔ¡£
# ÅäÖõØÖ·×é0£¬°üº¬Á½¸öÍâÍøµØÖ·202.38.1.2ºÍ202.38.1.3¡£
[Router] nat address-group 0
[Router-nat-address-group-0] address 202.38.1.2 202.38.1.3 [Router-nat-address-group-0] quit
# ÅäÖÃACL 2000£¬½öÔÊÐí¶ÔÄÚ²¿ÍøÂçÖÐ192.168.1.0/24Íø¶ÎµÄÓû§±¨ÎĽøÐеØַת»»¡£ [Router] acl number 2000
[Router-acl-basic-2000] rule permit source 192.168.1.0 0.0.0.255
[Router-acl-basic-2000] quit
# ÔÚ½Ó¿ÚGigabitEthernet1/2ÉÏÅäÖóö·½Ïò¶¯Ì¬µØַת»»£¬ÔÊÐíʹÓõØÖ·×é0ÖеĵØÖ·¶ÔÆ¥ÅäACL 2000µÄ±¨ÎĽøÐÐÔ´µØַת»»£¬²¢ÔÚת»»¹ý³ÌÖÐʹÓö˿ÚÐÅÏ¢¡£ [Router] interface gigabitethernet 1/2
[Router-GigabitEthernet1/2] nat outbound 2000 address-group 0 [Router-GigabitEthernet1/2] quit 4. ÑéÖ¤ÅäÖÃ
ÒÔÉÏÅäÖÃÍê³Éºó£¬Host AÄܹ»·ÃÎÊWWW server£¬Host BºÍHost CÎÞ·¨·ÃÎÊWWW server¡£Í¨¹ý²é¿´ÈçÏÂÏÔʾÐÅÏ¢£¬¿ÉÒÔÑéÖ¤ÒÔÉÏÅäÖóɹ¦¡£ [Router] display nat all
NAT address group information: There are 1 NAT address groups.
Group Number Start Address End Address 0 202.38.1.2 202.38.1.3
NAT outbound information:
There are 1 NAT outbound rules. Interface: GigabitEthernet1/2
ACL: 2000 Address group: 0 Port-preserved: N NO-PAT: N Reversible: N
NAT logging:
Log enable : Disabled Flow-begin : Disabled Flow-end : Disabled Flow-active: Disabled
NAT mapping behavior:
Mapping mode: Address and Port-Dependent ACL : ---
NAT ALG:
DNS: Enabled FTP: Enabled H323: Enabled
ICMP-ERROR: Enabled
# ͨ¹ýÒÔÏÂÏÔʾÃüÁ¿ÉÒÔ¿´µ½Host A·ÃÎÊWWW serverʱÉú³ÉNAT»á»°ÐÅÏ¢¡£ [Router] display nat session verbose Initiator:
Source IP/port: 192.168.1.10/52992 Destination IP/port: 200.1.1.10/2048 VPN instance/VLAN ID/VLL ID: -/-/- Protocol: ICMP(1) Responder: