项目十四 网络地址转换NAT配置.docx
《项目十四 网络地址转换NAT配置.docx》由会员分享,可在线阅读,更多相关《项目十四 网络地址转换NAT配置.docx(11页珍藏版)》请在冰豆网上搜索。
项目十四网络地址转换NAT配置
项目十四网络地址转换NAT配置
一、实验目标
理解NAT网络地址转换的原理及功能;
掌握静态NAT的配置,实现局域网访问互联网;
二、实验背景
公司欲发布WWW服务,现要求将内网Web服务器IP地址映射为全局IP地址,实现外部网络可访问公司内部Web服务器。
三、技术原理
网络地址转换NAT(NetworkAddressTranslation),被广泛应用于各种类型Internet接入方式和各种类型的网络中。
原因很简单,NAT不仅完美解决了IP地址不足的问题,而且还能够有效地避免来自网络外部的攻击,隐藏并保护网络内部的计算机。
默认情况下,内部IP地址是无法被路由到外网的,内部主机10.1.1.1要与外部internet通信,IP包到达NAT路由器时,IP包头的源地址10.1.1.1被替换成一个合法的外网IP,并在NAT转换表中保存这条记录。
当外部主机发送一个应答到内网时,NAT路由器收到后,查看当前NAT转换表,用10.1.1.1替换掉这个外网地址。
NAT将网络划分为内部网络和外部网络两部分,局域网主机利用NAT访问网络时,是将局域网内部的本地地址转换为全局地址(互联网合法的IP地址)后转发数据包。
NAT分为两种类型:
NAT(网络地址转换)和NAPT(网络端口地址转换IP地址对应一个全局地址)。
静态NAT:
实现内部地址与外部地址一对一的映射。
现实中,一般都用于服务器;
动态NAT:
定义一个地址池,自动映射,也是一对一的。
现实中,用得比较少;
NAPT:
使用不同的端口来映射多个内网IP地址到一个指定的外网IP地址,多对一。
四、实验步骤
实验拓扑
1、R1为公司出口路由器,其与外部路由之间通过V.35电缆串口连接,DCE端连接在R2上,配置其时钟频率为64000;
2、配置PC机、服务器及路由器接口IP地址;
3、在各路由器上配置静态路由协议,让PC间能相互ping通;
4、在R1上配置静态NAT;
5、在R1上定义内外部网络接口;
6、验证主机之间的互通性。
R1:
Router>en
Router#conft
Enterconfigurationcommands,oneperline. EndwithCNTL/Z.
Router(config)#hostnameR1
R1(config)#intfa0/0
R1(config-if)#ipadd192.168.1.1255.255.255.0
R1(config-if)#noshut
%LINK-5-CHANGED:
InterfaceFastEthernet0/0,changedstatetoup
%LINEPROTO-5-UPDOWN:
LineprotocolonInterfaceFastEthernet0/0,changedstatetoup
R1(config-if)#exit
R1(config)#ints2/0
R1(config-if)#ipadd222.0.1.1255.255.255.0
R1(config-if)#noshut
%LINK-5-CHANGED:
InterfaceSerial2/0,changedstatetodown
R1(config-if)#
%LINK-5-CHANGED:
InterfaceSerial2/0,changedstatetoup
%LINEPROTO-5-UPDOWN:
LineprotocolonInterfaceSerial2/0,changedstatetoup
R1(config-if)#
R1(config-if)#
R1(config-if)#exit
R1(config)#iproute222.0.2.0255.255.255.0222.0.1.2//配置到222.0.2.0网段的静态路由
R1(config)#end
R1#
%SYS-5-CONFIG_I:
Configuredfromconsolebyconsole
R1#showiproute
Codes:
C-connected,S-static,I-IGRP,R-RIP,M-mobile,B-BGP
D-EIGRP,EX-EIGRPexternal,O-OSPF,IA-OSPFinterarea
N1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2
E1-OSPFexternaltype1,E2-OSPFexternaltype2,E-EGP
i-IS-IS,L1-IS-ISlevel-1,L2-IS-ISlevel-2,ia-IS-ISinterarea
*-candidatedefault,U-per-userstaticroute,o-ODR
P-periodicdownloadedstaticroute
Gatewayoflastresortisnotset
C 192.168.1.0/24isdirectlyconnected,FastEthernet0/0
C 222.0.1.0/24isdirectlyconnected,Serial2/0
S 222.0.2.0/24[1/0]via222.0.1.2
R1#conft
Enterconfigurationcommands,oneperline. EndwithCNTL/Z.
R1(config)#intfa0/0
R1(config-if)#?
arp Setarptype(arpa,probe,snap)ortimeout
bandwidth Setbandwidthinformationalparameter
cdp CDPinterfacesubcommands
crypto Encryption/Decryptioncommands
custom-queue-list Assignacustomqueuelisttoaninterface
delay Specifyinterfacethroughputdelay
description Interfacespecificdescription
duplex Configureduplexoperation.
exit Exitfrominterfaceconfigurationmode
fair-queue EnableFairQueuingonanInterface
hold-queue Setholdqueuedepth
ip InterfaceInternetProtocolconfigcommands
mac-address ManuallysetinterfaceMACaddress
mtu SettheinterfaceMaximumTransmissionUnit(MTU)
no Negateacommandorsetitsdefaults
priority-group Assignaprioritygrouptoaninterface
service-policy ConfigureQoSServicePolicy
shutdown Shutdowntheselectedinterface
speed Configurespeedoperation.
tx-ring-limit ConfigurePAleveltransmitringlimit
zone-member Applyzonename
R1(config-if)#ip?
access-group Specifyaccesscontrolforpackets
address SettheIPaddressofaninterface
hello-interval ConfiguresIP-EIGRPhellointerval
helper-address SpecifyadestinationaddressforUDPbroadcasts
inspect Applyinspectname
ips CreateIPSrule
mtu SetIPMaximumTransmissionUnit
nat NATinterfacecommands
ospf OSPFinterfacecommands
split-horizon Performsplithorizon
summary-address Performaddresssummarization
virtual-reassembly VirtualReassembly
R1(config-if)#ipnat?
inside Insideinterfaceforaddresstranslation
outside Outsideinterfaceforaddresstranslation
R1(config-if)#ipnatinside?
R1(config-if)#ipnatinside
R1(config-if)#exit
R1(config)#ints2/0
R1(config-if)#ipnatoutside?
R1(config-if)#ipnatoutside
R1(config-if)#exit
R1(config)#
R1#
R1#
R1#conft
Enterconfigurationcommands,oneperline. EndwithCNTL/Z.
R1(config)#ip?
access-list Namedaccess-list
default-network Flagsnetworksascandidatesfordefaultroutes
dhcp ConfigureDHCPserverandrelayparameters
domain IPDNSResolver
domain-lookup EnableIPDomainNameSystemhostnametranslation
domain-name Definethedefaultdomainname
forward-protocol ControlsforwardingofphysicalanddirectedIPbroadcasts
host Addanentrytotheiphostnametable
name-server Specifyaddressofnameservertouse
nat NATconfigurationcommands
route Establishstaticroutes
tcp GlobalTCPparameters
R1(config)#ipnat?
inside Insideaddresstranslation
outside Outsideaddresstranslation
pool Definepoolofaddresses
R1(config)#ipnatinside?
source Sourceaddresstranslation
R1(config)#ipnatinsidesource?
list Specifyaccesslistdescribinglocaladdresses
static Specifystaticlocal->globalmapping
R1(config)#ipnatinsidesourcestatic?
A.B.C.D InsidelocalIPaddress
tcp TransmissionControlProtocol
udp UserDatagramProtocol
R1(config)#ipnatinsidesourcestatic192.168.1.2?
A.B.C.D InsideglobalIPaddress
R1(config)#ipnatinsidesourcestatic192.168.1.2222.0.1.3?
R1(config)#ipnatinsidesourcestatic192.168.1.2222.0.1.3//配置内网到外网的静态NAT映射
R1(config)#end
R1#
%SYS-5-CONFIG_I:
Configuredfromconsolebyconsole
R1#showipnat?
statistics Translationstatistics
translations Translationentries
R1#showipnattranslations
Pro Insideglobal Insidelocal Outsidelocal Outsideglobal
--- 222.0.1.3 192.168.1.2 --- ---
R1#
R1#showipnattranslations
Pro Insideglobal Insidelocal Outsidelocal Outsideglobal
--- 222.0.1.3 192.168.1.2 --- ---
tcp222.0.1.3:
80 192.168.1.2:
80 222.0.2.2:
1025 222.0.2.2:
1025
R1#showrunning-config
Buildingconfiguration...
Currentconfiguration:
753bytes
!
version12.2
noservicetimestampslogdatetimemsec
noservicetimestampsdebugdatetimemsec
noservicepassword-encryption
!
hostnameR1
!
...
!
interfaceFastEthernet0/0
ipaddress192.168.1.1255.255.255.0
ipnatinside
duplexauto
speedauto
!
interfaceFastEthernet1/0
noipaddress
duplexauto
speedauto
shutdown
!
interfaceSerial2/0
ipaddress222.0.1.1255.255.255.0
ipnatoutside
!
interfaceSerial3/0
noipaddress
shutdown
!
interfaceFastEthernet4/0
noipaddress
shutdown
!
interfaceFastEthernet5/0
noipaddress
shutdown
!
ipnatinsidesourcestatic192.168.1.2222.0.1.3
ipclassless
iproute222.0.2.0255.255.255.0222.0.1.2
!
...
!
linecon0
linevty04
login
!
!
!
end
R2:
Router>
Router>en
Router#conft
Enterconfigurationcommands,oneperline.EndwithCNTL/Z.
Router(config)#hostnameR2
R2(config)#intfa0/0
R2(config-if)#ipadd222.0.2.1255.255.255.0
R2(config-if)#noshut
%LINK-5-CHANGED:
InterfaceFastEthernet0/0,changedstatetoup
%LINEPROTO-5-UPDOWN:
LineprotocolonInterfaceFastEthernet0/0,changedstatetoup
R2(config-if)#exit
R2(config)#ints2/0
R2(config-if)#ipadd222.0.1.2255.255.255.0
R2(config-if)#noshut
%LINK-5-CHANGED:
InterfaceSerial2/0,changedstatetoup
R2(config-if)#clockrate64000
R2(config-if)#
%LINEPROTO-5-UPDOWN:
LineprotocolonInterfaceSerial2/0,changedstatetoup
R2(config-if)#
R2(config-if)#
R2(config-if)#exit
R2(config)#iproute192.168.1.0255.255.255.0222.0.1.1
R2(config)#end
%SYS-5-CONFIG_I:
Configuredfromconsolebyconsole
R2#showiproute
Codes:
C-connected,S-static,I-IGRP,R-RIP,M-mobile,B-BGP
D-EIGRP,EX-EIGRPexternal,O-OSPF,IA-OSPFinterarea
N1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2
E1-OSPFexternaltype1,E2-OSPFexternaltype2,E-EGP
i-IS-IS,L1-IS-ISlevel-1,L2-IS-ISlevel-2,ia-IS-ISinterarea
*-candidatedefault,U-per-userstaticroute,o-ODR
P-periodicdownloadedstaticroute
Gatewayoflastresortisnotset
S192.168.1.0/24[1/0]via222.0.1.1
C222.0.1.0/24isdirectlyconnected,Serial2/0
C222.0.2.0/24isdirectlyconnected,FastEthernet0/0
PC1:
PacketTracerPCCommandLine1.0
PC>ipconfig
IPAddress......................:
222.0.2.2
SubnetMask.....................:
255.255.255.0
DefaultGateway.................:
222.0.2.1
PC>ping192.168.1.2
Pinging192.168.1.2with32bytesofdata:
Requesttimedout.
Replyfrom192.168.1.2:
bytes=32time=19msTTL=126
Replyfrom192.168.1.2:
bytes=32time=17msTTL=126
Replyfrom192.168.1.2:
bytes=32time=15msTTL=126
Pingstatisticsfor192.168.1.2:
Packets:
Sent=4,Received=3,Lost=1(25%loss),
Approximateroundtriptimesinmilli-seconds:
Minimum=15ms,Maximum=19ms,Average=17ms
PC>
PC1-WEB:
升级会员 