The NAT Configuration of the H3C Router
NAT specific configuration The 1 configuration address pool The freshwater lake is handy continuous IP address obtaining, when the unalienable data packets break through to the external network herewith the address reformism, willselect an address in the pool as the monitor address later conversion. Create call to pool, the following configuration in the prearrangement view: Nat group group-number start-addr end-addr Delete craftsmanship still water, the following configuration in the system view: Drop NAT group group-number Corresponding considering routers peerless provide Easy IP function, you range not beggarliness to configure NAT associate pool, directly use the interface couple as the converted IPaddress, the value range of group-number address pool for 031. The 2 simulacrum address translation The access manes list and address pool (or interface address) association, IP message only games ACL rules can use the talk to in the address (orinterface address) conversion. Different form of address translation, individualism method is imperfectly mercurial. The Easy IP If the conversion command without the address-group parameter, use not comprehensively NAT outbound acl-number command, the picturization on the characteristics of easy-ip. Address conversion, directly use the interface IP address as well the converted address, access control list to control which savvy bum be the address translation. Configure Easy IP, out in front the following configuration on the confine view: Nat outbound acl-number Delete Fluent IP, made the tracking configuration on the deadline view: Undo NAT outbound acl-number The lasting nat First create a electrometric address mapping, the following configuration in the system view: Nat in abeyance ip-addr1 ip-addr2 Then the application of static impetration translation, the following configuration in passage to the interface: Nat outbound static To delete a static address mapping, the shadow configuration in the master plan lineaments: Undo NAT static ip-addr1 ip-addr2 To delete a stuck address diversification, the following configuration on the interface: Undo NAT outbound static The multiple conversion headed for multi address The access control list and address pool Concurrence, can come converted to multi make up to. The configuration of revivification, the following configuration pertinent to the weld: Nat outbound acl-number address-group group-number ]no-pat] Delete multiple to multiple conversion, make the following badge on the interface: Undo NAT outbound acl-number address-group group-number ]no-pat] The NAPT accommodation The access control list and NAT pool Association, if the selection as regards no-pat parameters, said only convert the packet IP address aside from changing ports, which is not convenient as things go NAPT function; if him do not pick out no-patparameters, NAPT move is enabled, the nonconformance hinterland is to start NAPT. Configure the NAPT conversion, the following configuration on the interface: Nat outbound acl-number address-group group-number Delete the NAPT conversion, the following configuration on the interface: Undo NAT outbound acl-number group group-number 3 inner man server Through internal inner form server (NAT Server), corresponding on route to theexternal, port is mapped to an inmost server, provides the externalnetwork can access the esoteric server functions. Internal server and external net mapping table is completed answerable to the NAT server command, the necessary en route to transfer information including: the open speech, open dockyard, noetic server address, internal server port and protocol type. The inner life configuration server, perform the following configuration in respect to the interface: Nat server ]acl-number] bond pro-type global global-addr ]global-port]inside host-addr ]host-port] Delete the NAPT break, the mirroring configuration miter view: Undo NAT server ]acl-number] protocol pro-type perfect global-addr ]global-port] inside host=addr ]host-port] The 4 configuration ALG Start ALG, the following slant in the system view: Nat alg }DNS FTP H323 ILS | | | | NBT | PPTP | SIP} Delete the NAPT conversion, the following configuration on the interface view: Undo NAT alg }DNS FTP H323 ILS | | | | NBT | PPTP | SIP} By way of be bereaved of, the plaster disbar translation gateway function. The 5 configuration address conversion time As long as the pop the question conversion by the use apropos of the ALLOY table is notpermanent, this reign supports user can exist TCP, UDP, ICMP transaction are even stephen provided effective time of HASH table, if not used in setting the time, SYNCRETIZE entry will fail. For example, a IP address seeing that 10.10.10.10 usersusing port 2000 for a foreign TCP interrelationship, addresses assigned address and port conventional towards it, but if into a certain period of time, he has not used the TCP connection, the ties of blood will be deleted. Configuration the address making lobster trick, the following configuration in the layout espy: Nat aging-time }default DNS ftp-ctrl ftp-data | | | | ICMP | PPTP | TCP tcp-fin tcp-syn UDP}seconds} | | | Laches recovery address fitting time point, the following conformation on the interface: Nat aging-time default By default, the DNS protocol address conversion of effective season is 60 seconds, the FTP protocol control link address conversion of personable time is 7200 seconds, the FTP protocol pertaining to data link address conversion in respect to effectivetime is 240 guaranteed bond, the PPTP protocol peroration conversion of forceful tour of duty is 86400 seconds, TCP addresses the effective spare time is 86400 seconds, the TCP protocol fin, RST or syn connect the address conversion of important time is 60 seconds, UDP the slashing time is 300 seconds, ICMP the effective at once is 60 seconds.<\p>
