需求如下: CISCO2621路由器需要做NAT地址转换 内网是192.168.1.0 192.168.2.0 两个网段上网 外口是218.98.0.1 NAT地址是外口地址 配置: interface Fastethernet 0/0 ip address 218.98.0.1 255.255.255.0 ip nat outside interface fastethernet 0/1 ip address 192.168.1.1 255.255.254.0 ip nat inside ip nat pool aaa 218.98.0.1 218.98.0.1 netmask 255.255.255.0 ip nat inside source list 1 pool aaa access-list 1 permit 192.168.1.0 0.0.1.255 ip nat pool office 192.168.3.123 192.168.3.123 netmask 255.255.255.0 ip nat inside source list 1 pool office access-list 1 permit 192.168.3.0 0.0.0.255
port mapped
ip nat inside source static tcp 172.16.1.1 80 192.168.1.3 500 extendable
show ip nat translation
Router#show ip nat translation
例 5.3. 2911 NAT
interface GigabitEthernet0/1 description Default-Shenzhen-IPLC-Hongkong-WAN ip address 192.168.1.254 255.255.255.0 ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface FastEthernet0/0/0 description Office-1 ip address 192.168.40.254 255.255.255.240 ip nat inside ip virtual-reassembly in duplex auto speed auto ! interface FastEthernet0/0/1 description Office-2 ip address 192.168.50.254 255.255.255.128 ip nat inside ip nat enable ip virtual-reassembly in duplex auto speed auto ! ip nat inside source list 100 interface GigabitEthernet0/1 overload ip route 0.0.0.0 0.0.0.0 192.168.1.1 ! access-list 100 permit ip any any
access-list extended
ip nat inside source list nat interface FastEthernet0/0/0 overload ip route 0.0.0.0 0.0.0.0 192.168.1.1 ! ip access-list extended nat permit ip any any ip nat inside source list pat interface FastEthernet0/0/1 overload ! ip access-list extended pat permit ip 192.168.1.0 0.0.0.255 any
ena conf t ip nat inside source static 192.168.1.4 200.200.200.200 int f0/0 ip nat outside no shut int f0/1 ip nat inside no shut
至少做两条NAT,因为FTP有两个端口,20,21,一个数据,一个指令 端口映射: ip nat inside source static tcp 192.168.1.4 21 200.200.200.200 21 ip nat inside source static tcp 192.168.1.4 20 200.200.200.200 20 在外网的接口(你的f0/0)上配置 Router(config-if)#ip nat outside(只能有一个出接口) 在内网的接口(你的f0/1)上配置 Router(config-if)#ip nat inside(可以有多个进接口)
cisco上做端口映射,要求192.168.0.180:8000和192.168.0.181:8000分别映射外网202.122.111.66的3000和3002端口 其他192.168.0.0/24的主机可以上网,具体配置
int fa0/0 ip nat inside int fa0/1 ip nat outside 全局模式: access-list 10 permit any ip nat inside source list 10 interface fa0/1 overload 端口映射: ip nat inside source static tcp 192.168.0.180 8000 interface fa0/1 3000 ip nat inside source static tcp 192.168.0.181 8000 interface fa0/1 3002 interface fa0/1是外网的端口
原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。
