2024-08-30 18:08:31 +08:00
|
|
|
|
# 静态NAT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 网段 | 网络地址 | 可用主机地址 | 广播地址 | 子网掩码 |
|
|
|
|
|
|
| ------------- | --------- | --------------------- | --------- | --------------- |
|
|
|
|
|
|
| 100.1.1.0 /29 | 100.1.1.0 | 100.1.1.1 - 100.1.1.6 | 100.1.1.7 | 255.255.255.248 |
|
|
|
|
|
|
|
|
|
|
|
|
### 一、IP & Routing
|
|
|
|
|
|
|
|
|
|
|
|
- **PC**
|
|
|
|
|
|
|
|
|
|
|
|
- **AR1**
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
[AR1]int g0/0/0
|
|
|
|
|
|
[AR1-GigabitEthernet0/0/0]ip add 192.168.1.254 24
|
|
|
|
|
|
[AR1-GigabitEthernet0/0/0]int g0/0/1
|
|
|
|
|
|
[AR1-GigabitEthernet0/0/1]ip add 100.1.1.1 29
|
|
|
|
|
|
[AR1]ip route-static 0.0.0.0 0 100.1.1.2
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
- **IPX-dx**
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
[ISP-dx]int g0/0/0
|
|
|
|
|
|
[ISP-dx-GigabitEthernet0/0/0]ip add 100.1.1.2 29
|
|
|
|
|
|
[ISP-dx-GigabitEthernet0/0/0]int g0/0/1
|
|
|
|
|
|
[ISP-dx-GigabitEthernet0/0/1]ip add 200.1.1.254 24
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
### 二、静态NAT
|
|
|
|
|
|
|
|
|
|
|
|
- **AR1**
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
[AR1]int g0/0/1
|
|
|
|
|
|
[AR1-GigabitEthernet0/0/1]nat static global 100.1.1.3 inside 192.168.1.1 //让PC1可以访问公网
|
|
|
|
|
|
[AR1-GigabitEthernet0/0/1]nat static global 100.1.1.4 inside 192.168.1.2 //让PC2可以访问公网
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
*注释*
|
|
|
|
|
|
|
|
|
|
|
|
- `[AR1-GigabitEthernet0/0/1]nat static global 100.1.1.3 inside 192.168.1.1`
|
|
|
|
|
|
|
|
|
|
|
|
> 这个命令的作用是在接口 `GigabitEthernet0/0/1` 上创建一个静态NAT映射。`global` 关键字后面的 `100.1.1.3` 是公有地址,而 `inside` 关键字后面的 `192.168.1.1` 是私有地址。这意味着来自私有网络 `192.168.1.1` 的流量将被映射到公有地址 `100.1.1.3`。
|
|
|
|
|
|
|
|
|
|
|
|
> 这样配置后,任何发送到 `100.1.1.3` 的外部流量都会被路由器转发到内部的 `192.168.1.1` 地址。这是实现内部网络与外部网络通信的一种方式,特别是当内部网络使用非路由地址(如RFC 1918地址)时。
|
|
|
|
|
|
|
|
|
|
|
|
### 三、连通性测试
|
|
|
|
|
|
|
|
|
|
|
|
- **私网PC PING 公网Server**
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
PC1>ping 200.1.1.1
|
|
|
|
|
|
|
|
|
|
|
|
Ping 200.1.1.1: 32 data bytes, Press Ctrl_C to break
|
|
|
|
|
|
From 200.1.1.1: bytes=32 seq=1 ttl=253 time=47 ms
|
|
|
|
|
|
From 200.1.1.1: bytes=32 seq=2 ttl=253 time=47 ms
|
|
|
|
|
|
From 200.1.1.1: bytes=32 seq=3 ttl=253 time=62 ms
|
|
|
|
|
|
From 200.1.1.1: bytes=32 seq=4 ttl=253 time=63 ms
|
|
|
|
|
|
From 200.1.1.1: bytes=32 seq=5 ttl=253 time=62 ms
|
|
|
|
|
|
|
|
|
|
|
|
--- 200.1.1.1 ping statistics ---
|
|
|
|
|
|
5 packet(s) transmitted
|
|
|
|
|
|
5 packet(s) received
|
|
|
|
|
|
0.00% packet loss
|
|
|
|
|
|
round-trip min/avg/max = 47/56/63 ms
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
PC2>ping 200.1.1.1
|
|
|
|
|
|
|
|
|
|
|
|
Ping 200.1.1.1: 32 data bytes, Press Ctrl_C to break
|
|
|
|
|
|
From 200.1.1.1: bytes=32 seq=1 ttl=253 time=31 ms
|
|
|
|
|
|
From 200.1.1.1: bytes=32 seq=2 ttl=253 time=47 ms
|
|
|
|
|
|
From 200.1.1.1: bytes=32 seq=3 ttl=253 time=62 ms
|
|
|
|
|
|
From 200.1.1.1: bytes=32 seq=4 ttl=253 time=47 ms
|
|
|
|
|
|
From 200.1.1.1: bytes=32 seq=5 ttl=253 time=63 ms
|
|
|
|
|
|
|
|
|
|
|
|
--- 200.1.1.1 ping statistics ---
|
|
|
|
|
|
5 packet(s) transmitted
|
|
|
|
|
|
5 packet(s) received
|
|
|
|
|
|
0.00% packet loss
|
|
|
|
|
|
round-trip min/avg/max = 31/50/63 ms
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
2024-08-31 11:59:16 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*预习*
|
|
|
|
|
|
|
|
|
|
|
|
|
