NAT网络地址转换服务
文章目录
- NAT网络地址转换服务
- 一、题目要求
- 二、题目分析
- 三、拓扑结构
- 四、基础配置
- 五、测试验证
一、题目要求
1.私网地址使用192.168.1.0/24进行子网划分
2.Telnet Server设备启动Telnet服务
3.isp设备仅配置IP地址
4.PC6,PC7,PC8均可以访问PC9
5.内网互通
6.client-1可以telnet Telnet服务器,而client-2不可以
二、题目分析
1.在私网中,可划分为3个网段,4为最接近的2次方幂,划分为以下网段:
192.168.1.00 000000/26–192.168.1.0/26
192.168.1.01 000000/26–192.168.1.64/26
192.168.1.10 000000/26–192.168.1.128/26
192.168.1.11 000000/26–192.168.1.192/26–备用
2.Telnet Server设备启动Telnet服务后,由R7进行端口映射Telnet服务器;
3.ISP仅配置IP地址,因此对于client-1和client-2对Telnet Server的访问,由R7来进行访问控制;
4.PC6,PC7,PC8通过R7 的NAPT服务访问PC9。
三、拓扑结构
四、基础配置
PC6:
PC7:
PC9:
AR6:
#配置IP
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 192.168.1.1 26
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 192.168.1.65 26
[Huawei-GigabitEthernet0/0/1]q
#路由表
[Huawei]ip route-static 0.0.0.0 0 192.168.1.66
AR7:
#配置IP
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 192.168.1.66 26
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 192.168.1.129 26
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip add 34.0.0.1 24
#路由表
[Huawei]ip route-static 192.168.1.0 255.255.255.192 192.168.1.65
#NAPT EazyIP
[Huawei]acl 2000
[Huawei-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[Huawei-acl-basic-2000]int g0/0/2
[Huawei-GigabitEthernet0/0/2]nat outbound 2000
#端口映射
[Huawei-GigabitEthernet0/0/2]nat server protocol tcp global current-interface 10000 inside 192.168.1.3 23
#阻止client-2的telnet访问
[Huawei-acl-adv-3000]rule deny tcp source 35.0.0.4 0 destination-port eq 10000
isp:
#配置IP
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 34.0.0.2 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 35.0.0.1 24
#路由表
[Huawei]ip route-static 192.168.1.0 24 34.0.0.1
Telnet Server:
#配置IP
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 192.168.1.3 26
#路由表
[Huawei]ip route-static 0.0.0.0 0 192.168.1.1
#配置telnet
[Huawei]telnet server enable
[Huawei]user-interface vty 0 4
[Huawei-ui-vty0-4]authentication-mode aaa
[Huawei-ui-vty0-4]q
[Huawei]aaa
[Huawei-aaa]local-user xatu password cipher 123456 privilege level 15
[Huawei-aaa]local-user xatu service-type telnet
client-1:
#配置IP
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 35.0.0.2 24
#路由表
[Huawei]ip route-static 0.0.0.0 0 35.0.0.1
client-2:
#配置IP
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 35.0.0.4 24
#路由表
[Huawei]ip route-static 0.0.0.0 0 35.0.0.1
五、测试验证
1.内网互通且可以访问PC9
PC6pingPC9,pingPC7
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fe4a:13d3
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.1.2
Subnet mask.......................: 255.255.255.192
Gateway...........................: 192.168.1.1
Physical address..................: 54-89-98-4A-13-D3
DNS server........................:
PC>ping 35.0.0.3
Ping 35.0.0.3: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 35.0.0.3: bytes=32 seq=2 ttl=125 time=78 ms
From 35.0.0.3: bytes=32 seq=3 ttl=125 time=63 ms
From 35.0.0.3: bytes=32 seq=4 ttl=125 time=78 ms
From 35.0.0.3: bytes=32 seq=5 ttl=125 time=78 ms
--- 35.0.0.3 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 0/74/78 ms
PC>ping 192.168.1.130
Ping 192.168.1.130: 32 data bytes, Press Ctrl_C to break
From 192.168.1.130: bytes=32 seq=1 ttl=126 time=78 ms
From 192.168.1.130: bytes=32 seq=2 ttl=126 time=78 ms
From 192.168.1.130: bytes=32 seq=3 ttl=126 time=63 ms
From 192.168.1.130: bytes=32 seq=4 ttl=126 time=47 ms
From 192.168.1.130: bytes=32 seq=5 ttl=126 time=47 ms
--- 192.168.1.130 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 47/62/78 ms
2.6.client-1可以telnet Telnet服务器,而client-2不可以
3.在PC6pingPC9时,对R7的0/0/2进行抓包,发现私网的Ip被转换为了公网IP
