Network Address Translation (NAT)
NAT Overview
NAT concepts and implementation
NAT works: Network Address Translation
NAT implementations:
Static Transfer
Dynamic conversion
Port Multiplexing
NAT, the term conversion table
The process of accessing an external server: first check the routing table and then view the NAT table to convert
Packet back process: first check the NAT table to convert and then routing table
NAT address contains four categories
Internal local address
Outside local address
Inside global address
External global address
NAT translation entries
Simple translation entry
extended translation entry
The advantages and disadvantages of NAT
NAT advantage
Save public IP addresses legitimate
Processing addresses overlap
Increased flexibility
Security
NAT shortcomings
Delay increases
The complexity of configuration and maintenance
Some applications are not supported, can be avoided by a static NAT mapping
NAT implementation of the work process
NAT feature
Configuration of NAT
NAT configuration steps
1, interface IP address configuration
2, using access control lists define those hosts do NAT
3, decided to adopt what public address, static address pool
Router(config)#ip nat pool pool-name star-ip end-ip {netmask netmask | prefix-length prefix-length} [type rotary]
4, specify the address translation mapping
Router(config)#ip nat inside source static local-ip global-ip [extendable]
Router(config)#ip nat inside source list access-list-number pool pool-name [overload]
5, enable NAT on the internal and external ports
Static NAT configuration examples
The network address 192.168.100.2 / 192.168.100.3 Static converted to a valid external address 61.159.62.131 / 61.159.62.132, in order to access the external network or external network access
Set the external IP address of the port:
router(config)#interface FastEthernet 0/0
router(config-if)#ip address 61.159.62.130 255.255.255.248
router(config-if)#no shut
Set the internal IP address of the port:
router(config)#interface FastEthernet 1/0
router(config-if)#ip address 192.168.100.1 255.255.255.0
router(config-if)#no shut
Create a static address translation:
router(config)#ip nat inside source static 192.168.100.2 61.159.62.130
router(config)#ip nat inside source static 192.168.100.3 61.159.62.131
Enable NAT on internal and external ports:
router(config)#inerface FastEthernet 0/0
router(config)#ip nat outside
router(config)#interface FastEthernet 1/0
router(config)#ip nat inside
Configure a default route :
router(config)#ip router 0.0.0.0 0.0.0.0 61.159.62.129
Lab: Configuring Static NAT
Experimental topology
R2 Interface Configuration
输入以下命令:
conf t
int f0/0
ip add 12.0.0.2 255.255.255.0
no shut
int f0/1
ip add 13.0.0.1 255.255.255.0
no shut
ex
ip route 0.0.0.0 0.0.0.0 12.0.0.1
sw接口配置
输入以下命令:
conf t
no ip routing
int f1/2
speed 100
dup full
ex
R1接口配置
输入以下命令:
conf t
int f0/0
ip add 192.168.100.1 255.255.255.0
no shut
int f0/1
ip add 12.0.0.1 255.255.255.0
no shut
ex
ip route 0.0.0.0 0.0.0.0 12.0.0.2
配置PC机地址
分别输入以下命令:
PC1> ip 192.168.100.10 192.168.100.1
PC2> ip 192.168.100.20 192.168.100.1
PC3> ip 13.0.0.2 13.0.0.1
测试全网是否互通
输入以下命令:
PC1> ping 192.168.100.20
PC1> ping 13.0.0.2
静态NAT地址转换配置
输入以下命令:
ip nat inside source static 192.168.100.10 12.0.0.10
ip nat inside source static 192.168.100.10 12.0.0.20
int f0/0
ip nat inside
int f0/1
ip nat outside
end
debug ip nat
测试NAT地址转换配置结果
实验:NAT静态端口映射
实验需求:
Linux搭建的一台Web服务器,局域网地址为192.168.100.100,默认端口为80端口
局域网的网关192.168.100.1
广域网的客户机无法直接访问100.100地址,如果想访问的话就需要做端口映射
映射地址:192.168.100.100:80—>12.0.0.100:8080
win7作为广域网的客户端
CentOS 7做为Web服务器
实验拓扑图
在CentOS7的终端做以下配置
yum install httpd -y
vim /var/www/html/index.html
<h1>this is inside web</h1>
systemctl start httpd
systemctl stop firewalld.service
setenforce 0
Enter a local address, site of the self-test
Binding of CentOS7 VMnet1 card and configure fixed ip192.168.100.100
vim / etc / sysconfig / network- scripts / ifcfg-ens33
the dhcp line 4 to static
the IPADDR = 192.168.100.100
NETMASK = 255.255.255.0
the GATEWAY = 192.168.100.1
The win10 binding VMnet2 card and configure fixed ip12.0.0.12
Configure the router gateway address
conf t
int f0/0
ip add 192.168.100.1 255.255.255.0
no shut
ex
int f0/1
ip add 12.0.0.1 255.255.255.0
no shut
ex
Static NAT NAT Configuration
ip nat inside source static tcp 192.168.100.100 80 12.0.0.100 8080 extendable
int f0/0
ip nat inside
int f0/1
ip nat outsid
end
debug ip nat
Try again using a public address to access the win10, this time successfully, and debug can crawl into the address conversion process