NAT双向地址转换-阿里云开发者社区

开发者社区> 云计算> 正文
登录阅读全文

NAT双向地址转换

简介:

我们通常在做NAT的时候无非是做内部地址NAT,或PAT,或端口映射;很少需要将目的地址也进行转换,下面的实验将对源、目的地址都进行转换。


 
NAT可以再两个方向上隐藏地址, 例如下面例子中
  • R1认为R5的IP地址是55.55.55.5,实际是10.0.0.5
  • R5认为R1的IP地址是44.44.44.1,实际是10.0.0.1

 
【实验拓扑】

 

【实验要求】


 
将R1的源地址10.0.0.1 转换为 44.44.44.1;
将R1的目的地址为55.55.55.5的转换为10.0.0.5;

 
【实验配置】

 
R4:
interface Ethernet 0/0
ip nat inside
!
interface Serial 0/1
ip nat outside
!
interface Serial 0/0.1
ip nat outside
ip nat inside source static 10.0.0.1 44.44.44.1
ip nat outside source static 10.0.0.5 55.55.55.5
!
ip route 55.55.55.0 255.255.255.0 150.1.5.5

 
R5
interface loopback10
ip add 10.0.0.5 255.255.255.0
!
ip route 44.44.44.0 255.255.255.0 150.1.4.4

 

 
【实验验证】
R4#deb ip nat detailed
IP NAT detailed debugging is on
R5#debug ip icmp
ICMP packet debugging is on
R1#ping 55.55.55.5 repeat 100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 55.55.55.5, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 32/33/64 ms
R4#
NAT*: i: icmp (10.0.0.1, 16) -> (55.55.55.5, 16) [358]
NAT*: s=10.0.0.1->44.44.44.1, d=55.55.55.5 [358]
NAT*: s=44.44.44.1, d=55.55.55.5->10.0.0.5 [358]
NAT*: o: icmp (10.0.0.5, 16) -> (44.44.44.1, 16) [358]
NAT*: s=10.0.0.5->55.55.55.5, d=44.44.44.1 [358]
NAT*: s=55.55.55.5, d=44.44.44.1->10.0.0.1 [358]
NAT*: i: icmp (10.0.0.1, 16) -> (55.55.55.5, 16) [359]
NAT*: s=10.0.0.1->44.44.44.1, d=55.55.55.5 [359]
NAT*: s=44.44.44.1, d=55.55.55.5->10.0.0.5 [359]
NAT*: o: icmp (10.0.0.5, 16) -> (44.44.44.1, 16) [359]
NAT*: s=10.0.0.5->55.55.55.5, d=44.44.44.1 [359]
NAT*: s=55.55.55.5, d=44.44.44.1->10.0.0.1 [359]
NAT*: i: icmp (10.0.0.1, 16) -> (55.55.55.5, 16) [360]
NAT*: s=10.0.0.1->44.44.44.1, d=55.55.55.5 [360]
NAT*: s=44.44.44.1, d=55.55.55.5->10.0.0.5 [360]
NAT*: o: icmp (10.0.0.5, 16) -> (44.44.44.1, 16) [360]
R5#
*Mar 18 22:04:41.426: ICMP: echo reply sent, src 10.0.0.5, dst 44.44.44.1
*Mar 18 22:04:41.458: ICMP: echo reply sent, src 10.0.0.5, dst 44.44.44.1
*Mar 18 22:04:41.494: ICMP: echo reply sent, src 10.0.0.5, dst 44.44.44.1
*Mar 18 22:04:41.530: ICMP: echo reply sent, src 10.0.0.5, dst 44.44.44.1
*Mar 18 22:04:41.562: ICMP: echo reply sent, src 10.0.0.5, dst 44.44.44.1
*Mar 18 22:04:41.602: ICMP: echo reply sent, src 10.0.0.5, dst 44.44.44.1
*Mar 18 22:04:41.634: ICMP: echo reply sent, src 10.0.0.5, dst 44.44.44.1
*Mar 18 22:04:41.670: ICMP: echo reply sent, src 10.0.0.5, dst 44.44.44.1
*Mar 18 22:04:41.706: ICMP: echo reply sent, src 10.0.0.5, dst 44.44.44.1
*Mar 18 22:04:41.738: ICMP: echo reply sent, src 10.0.0.5, dst 44.44.44.1

 

总结:
内部本地(IL,Inside Local)--分配给内部设备的地址,这些地址不会对外公布。
内部全局(IG,Inside Global)--通过这个地址,外部可以知道内部的设备
外部全局(OG,Outside Golbal)--分配给外部设备的地址。这些地址不会向内部公布。
外部本地(OL,Outside Local)--通过这个地址,内部可以知道外部设备。

本文转自zcm8483 51CTO博客,原文链接:http://blog.51cto.com/haolun/993053

版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。

分享: