H3C MSR 系列路由器 Web配置指导(V5)-R2311-V1.06-NAT配置
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
目录
1 NAT配置 ············································································································································ 1-1
1.1 概述 ·················································································································································· 1-1
1.2 配置NAT ··········································································································································· 1-1
1.2.1 配置概述 ································································································································ 1-1
1.2.2 配置动态地址转换 ·················································································································· 1-2
1.2.3 DMZ主机································································································································· 1-4
1.2.4 配置内部服务器······················································································································ 1-5
1.2.5 使能应用层协议检测 ·············································································································· 1-7
1.2.6 配置连接数限制······················································································································ 1-8
1.3 NAT典型配置举例 ····························································································································· 1-8
1.3.1 私网访问公网典型配置举例 ··································································································· 1-8
1.3.2 内部服务器典型配置举例 ····································································································· 1-10
1 NAT配置
Web页面提供的NAT配置功能如下:
•配置动态地址转换
•配置DMZ主机
•配置内部服务器
•配置应用层协议检测功能
•配置连接数限制功能
1.1 概述
NAT(Network Address Translation,网络地址转换)是将IP数据报报头中的IP地址转换为另一个IP地址的过程。在实际应用中,NAT主要用于实现私有网络访问公共网络的功能。这种通过使用少量的公有IP地址代表较多的私有IP地址的方式,将有助于减缓可用IP地址空间的枯竭。
关于NAT的详细介绍请参见《H3C MSR系列路由器配置指导(V5)》,“三层技术-IP业务配置指导”中的“NAT”。
1.2 配置NAT
1.2.1 配置概述
NAT配置的推荐步骤如表1-1所示。
表1-1NAT配置步骤
步骤配置任务说明
1 1.2.
2 配置动态地址转换二者必选其一
按照内部网络与外部网络间地址映射关系的产生方式,可以将地址
转换分为动态地址转换和静态地址转换两类:
•动态地址转换:外部网络和内部网络间的地址映射关系由报文动
态决定。适用于内部网络有大量用户需要访问外部网络的需求
•静态地址转换:外部网络和内部网络间的地址映射关系在配置中
确定。Web页面支持DMZ主机配置
1.2.3 DMZ主机
步骤配置任务说明
2 1.2.4 配置内部服务器必选
通过配置内部服务器,可以将相应的外部地址和端口映射到内部服务器的私有地址和端口上,从而使外部网络用户能够访问内部服务器
3 1.2.5 使能应用层协议检测可选
使能指定协议类型的NAT应用层协议检测功能
缺省情况下,各协议的NAT应用层协议检测功能均处于使能状态
4 1.2.6 配置连接数限制
可选
配置基于源IP地址对连接的数量进行限制
1.2.2 配置动态地址转换
在导航栏中选择“NAT配置 > NAT配置”,默认进入“动态地址转换”页签的页面,如图1-1所示。