A static NAT configuration diagram
1, configure a host address:
PC1> ip 192.168.100.10 192.168.100.1
Checking for duplicate address...
PC1 : 192.168.100.10 255.255.255.0 gateway 192.168.100.1
PC2> ip 192.168.100.20 192.168.100.1
Checking for duplicate address...
PC1 : 192.168.100.20 255.255.255.0 gateway 192.168.100.1
PC3> ip 12.0.0.12 12.0.0.1
Checking for duplicate address...
PC1 : 13.0.0.13 255.255.255.0 gateway 13.0.0.1
2, the configuration route R1
R1#conf t
R1(config)#int f0/0
R1(config-if)#ip add 192.168.100.1 255.255.255.0
R1(config-if)#no shut
R1(config)#int f0/1
R1(config-if)#ip add 12.0.0.1 255.255.255.0
R1(config-if)#no shut
3, turn off the routing function sw
no ip routing
4, configure the host address
PC1> ip 192.168.100.10 192.168.100.1
Checking for duplicate address...
PC1 : 192.168.100.10 255.255.255.0 gateway 192.168.100.1
PC2> ip 192.168.100.20 192.168.100.1
Checking for duplicate address...
PC1 : 192.168.100.20 255.255.255.0 gateway 192.168.100.1
PC3> ip 12.0.0.12 12.0.0.1
Checking for duplicate address...
PC1 : 12.0.0.12 255.255.255.0 gateway 12.0.0.1
5, interoperability test
PC1> ping 192.168.100.20
84 bytes from 192.168.100.20 icmp_seq=1 ttl=64 time=0.000 ms
84 bytes from 192.168.100.20 icmp_seq=2 ttl=64 time=0.000 ms
84 bytes from 192.168.100.20 icmp_seq=3 ttl=64 time=0.000 ms
84 bytes from 192.168.100.20 icmp_seq=4 ttl=64 time=0.000 ms
84 bytes from 192.168.100.20 icmp_seq=5 ttl=64 time=0.000 ms
PC1> ping 12.0.0.12
13.0.0.13 icmp_seq=1 timeout
13.0.0.13 icmp_seq=2 timeout
84 bytes from 12.0.0.12 icmp_seq=3 ttl=62 time=62.485 ms
84 bytes from 12.0.0.12 icmp_seq=4 ttl=62 time=69.039 ms
84 bytes from 12.0.0.12 icmp_seq=5 ttl=62 time=69.046 ms
6, configure static NAT list
R1(config)#ip nat inside source static 192.168.100.10 12.0.0.10
R1(config)#ip nat inside source static 192.168.100.20 12.0.0.20
R1(config)#int f0/0
R1(config-if)#ip nat inside
R1(config-if)#int f0/1
R1(config-if)#ip nat outside
R1(config-if)#end
R1#debug ip nat
IP NAT debugging is on
7, testing connectivity
PC1> ping 12.0.0.12
13.0.0.13 icmp_seq=1 timeout
13.0.0.13 icmp_seq=2 timeout
84 bytes from 12.0.0.12 icmp_seq=3 ttl=62 time=84.698 ms
84 bytes from 12.0.0.12 icmp_seq=4 ttl=62 time=85.265 ms
84 bytes from 12.0.0.12 icmp_seq=5 ttl=62 time=69.205 ms
*Mar 1 00:23:50.619: NAT*: s=192.168.100.10 -> 12.0.0.10,d=12.0.0.12[5464]
*Mar 1 00:23:51.831: NAT*: s=192.168.100.10->12.0.0.10, d=12.0.0.12 [5465]
#将目标地址12.0.0.10转换成192.168.100.10,这个就是静态地址转换的过程
Two, NAT static port mapping configuration
1, the experimental environment
Linux build a Web server, the LAN address of 192.168.100.100, the default port number 80. LAN gateway 192.168.100.1, map address: 192.168.100.100: 80-> 12.0.0.100:8080.
Others can only see the public IP address, private network address can not be accessed directly.
2, experimental purposes
WAN client can not directly access 100.100 address, if you want to access, then you need to do port mapping.
3, experiment Figure
4, the installation in Linux httpd service package, and open the httpd service, write test page, etc.
[root@localhost ~]# yum install httpd -y
[root@localhost ~]# vim /var/www/html/index.html //写测试网页
<h1>this is inside web</h1>
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 0
5, configure the gateway address
R1#conf t
R1(config)#int f0/0
R1(config-if)#ip add 192.168.100.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#ex
R1(config)#int f0/1
R1(config-if)#ip add 12.0.0.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#ex
6 by centos in the browser can see the test page (ping 192.168.100.100 or 127.0.0.1 will do)
7, Linux bind to VMnet1 card, network card VMnet2 to Host binding, static address
8, visit each other 192.168.100.100, is accessible at this time, but in reality is not directly accessible from other private address
9, static port mapping configuration
R1(config)# ip nat inside source static tcp 192.168.100.100 80 12.0.0.100 8080 extendable
R1(config)#int f0/0
R1(config-if)#ip nat inside
R1(config-if)#int f0/1
R1(config-if)#ip nat outsid
R1(config-if)#end
R1#debug ip nat
IP NAT debugging is on
*Mar 1 00:36:59.327: NAT*: TCP s=49160, d=8080->80
*Mar 1 00:36:59.327: NAT*: s=12.0.0.12, d=12.0.0.100->192.168.100.100 [364]
# 端口和地址都进行了转换
10, again try to use the public address access in win7, this time successfully, successful experiments!