江苏龙网

  1. 主页 > 生活百科 > >

网络地址转换 NAT 配置

NAT 配置

实验目标
理解 NAT 网络地址转换的原理及功能 掌握静态 NAT 的配置 , 实现局域网访问互联网
实验背景
你是某公司的网络管理员 , 欲发布公司的 WWW 服务 。现要求将内网 Web 服务器 IP地址映射为全局 IP 地址 , 实现外部网络可以访问公司内部 Web 服务器 。
技术原理
网络地址转换 NAT(Network Address Translation) , 被广泛应用于各种类型 Internet 接入方式和各种类型的网络中 。原因很简单 , NAT 不仅完美地解决了 IP 地址不足的问题 , 而且还能够有效地避免来自网络外部的攻击 , 隐藏并保护网络内部的计算机 。默认情况下 , 内部 IP 地址是无法被路由到外网的 , 内部主机 10.1.1.1 要与外部 Internet通信 , IP 包到达 NAT 路由器时 , IP 包头的源地址 10.1.1.1 被替换成一个合法的外网 IP , 并在 NAT 转发表中保存这条记录 。当外部主机发送一个应答到内网时 , NAT 路由器收到后 , 查看当前 NAT 转换表 , 用 10.1.1.1 替换掉这个外网地址 。NAT 将网络划分为内部网络和外部网络两部分 , 局域网主机利用 NAT 访问网络时 , 是将局域网内部的本地地址转换为全局地址(互联网合法的 IP 地址)后转发数据包;
NAT 分为两种类型:NAT(网络地址转换)和 NAPT(网络端口地址转换 IP 地址对应一个全局地址) 。静态 NAT:实现内部地址与外部地址一对一的映射 。现实中 , 一般都用于服务器; 动态 NAT:定义一个地址池 , 自动映射 , 也是一对一的 。现实中 , 用得比较少; NAPT:使用不同的端口来映射多个内网 IP 地址到一个指定的外网 IP 地址 , 多对一 。
实验步骤
新建 Packet Tracer 拓扑图

网络地址转换 NAT 配置

文章插图
【网络地址转换 NAT 配置】 
(1)R1 为公司出口路由器 , 其与外部路由器之间通过 V.35 电缆串口连接 , DCE 端连接在 R1 上 , 配置其时钟频率 64000; (2)配置 PC 机、服务器及路由器接口 IP 地址; (3)在各路由器上配置静态路由协议 , 让 PC 间能相互 Ping 通; (4)在 R1 上配置静态 NAT 。(5)在 R1 上定义内外网络接口 。(6)验证主机之间的互通性 。
实验设备
PC 1 台;Server-PT 1 台;Switch_2950-24 1 台;Router-PT 2 台;直连线;交叉线;DCE串口线Server-PT192.168.1.2255.255.255.0192.168.1.1PC0222.0.2.2255.255.255.0222.0.2.1R1enconf thost R1int fa 0/0ip address 192.168.1.1 255.255.255.0no shutdownint s 2/0ip address 222.0.1.1 255.255.255.0no shutdownclock rate 64000R2enconf thost R2int s 2/0ip address 222.0.1.2 255.255.255.0no shutint fa 0/0ip address 222.0.2.1 255.255.255.0no shutdownR1exit;ip route 222.0.2.0 255.255.255.0 222.0.1.2R2exitip route 192.168.1.0 255.255.255.0 222.0.1.1endshow ip routePC0CMDping 192.168.1.2 (success)Web 浏览器http://192.168.1.2 (success)
网络地址转换 NAT 配置

文章插图
 
R1int fa 0/0ip nat insideint s 2/0ip nat outsideexitip nat inside source static 192.168.1.2 222.0.1.3endshow ip nat translationsPC0Web 浏览器http://222.0.1.3 (success)
网络地址转换 NAT 配置

文章插图
 
R1show ip nat translations实战演练
R1Continue with configuration dialog? [yes/no]: nPress RETURN to get started!Router>enRouter#conf tEnter configuration commands, one per line.End with CNTL/Z.Router(config)#hostname R1R1(config)#int fa 0/0R1(config-if)#ip add 192.168.1.1 255.255.255.0R1(config-if)#no shutR1(config-if)#%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to upR1(config-if)#int s 2/0R1(config-if)#ip add 222.0.1.1 255.255.255.0R1(config-if)#no shut%LINK-5-CHANGED: Interface Serial2/0, changed state to downR1(config-if)#clock rate 64000R1(config-if)#R2Continue with configuration dialog? [yes/no]: nPress RETURN to get started!Router>enRouter#conf tEnter configuration commands, one per line.End with CNTL/Z.Router(config)#host R2R2(config)#int s 2/0R2(config-if)#ip add 222.0.1.2 255.255.255.0R2(config-if)#no shut%LINK-5-CHANGED: Interface Serial2/0, changed state to upR2(config-if)#int fa 0/0R2(config-if)#ip add 222.0.2.1 255.255.255.0R2(config-if)#no shut%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upR2(config-if)#R1R1(config-if)#exitR1(config)#R1(config)#ip route 222.0.2.0 255.255.255.0 222.0.1.2R2R2(config-if)#exitR2(config)#R2(config)#ip route 192.168.1.0 255.255.255.0 222.0.1.1R2(config)#endR2#%SYS-5-CONFIG_I: Configured from console by consoleR2#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not setS192.168.1.0/24 [1/0] via 222.0.1.1C222.0.1.0/24 is directly connected, Serial2/0C222.0.2.0/24 is directly connected, FastEthernet0/0R2#PC0CMDping 192.168.1.2 (success)PC>ipconfigIP Address......................: 222.0.2.2Subnet Mask.....................: 255.255.255.0Default Gateway.................: 222.0.2.1PC>ping 192.168.1.2Pinging 192.168.1.2 with 32 bytes of data:Request timed out.Reply from 192.168.1.2: bytes=32 time=19ms TTL=126Reply from 192.168.1.2: bytes=32 time=18ms TTL=126Reply from 192.168.1.2: bytes=32 time=23ms TTL=126Ping statistics for 192.168.1.2:Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),Approximate round trip times in milli-seconds:Minimum = 18ms, Maximum = 23ms, Average = 20msPC>ping 192.168.1.2Pinging 192.168.1.2 with 32 bytes of data:Reply from 192.168.1.2: bytes=32 time=26ms TTL=126Reply from 192.168.1.2: bytes=32 time=26ms TTL=126Reply from 192.168.1.2: bytes=32 time=22ms TTL=126Reply from 192.168.1.2: bytes=32 time=23ms TTL=126Ping statistics for 192.168.1.2:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 22ms, Maximum = 26ms, Average = 24msPC>Web 浏览器http://192.168.1.2 (success)R1R1>enR1#conf tEnter configuration commands, one per line.End with CNTL/Z.R1(config)#int fa 0/0R1(config-if)#ip nat insideR1(config-if)#int s 2/0R1(config-if)#ip nat outsideR1(config-if)#exitR1(config)#ip nat inside source static 192.168.1.2 222.0.1.3R1(config)#endR1#%SYS-5-CONFIG_I: Configured from console by consoleR1#show ip nat translationsProInside globalInside localOutside localOutside global---222.0.1.3192.168.1.2------R1#PC0Web 浏览器http://222.0.1.3 (success)CMD ping 222.0.1.3PC>ipconfigIP Address......................: 222.0.2.2Subnet Mask.....................: 255.255.255.0Default Gateway.................: 222.0.2.1PC>ping 222.0.1.3Pinging 222.0.1.3 with 32 bytes of data:Reply from 222.0.1.3: bytes=32 time=21ms TTL=126Reply from 222.0.1.3: bytes=32 time=22ms TTL=126Reply from 222.0.1.3: bytes=32 time=23ms TTL=126Reply from 222.0.1.3: bytes=32 time=23ms TTL=126Ping statistics for 222.0.1.3:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 21ms, Maximum = 23ms, Average = 22ms


推荐阅读


上一篇:冲泡珠兰花茶的技巧,教你九个喝茶的技巧

下一篇:吃枸杞对于减肥有效果吗,枸杞茉莉花茶的宜忌人群都有哪些