扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
4.1 NAT-地址转换
【Router】
当前路由器提示视图 |
依次输入的配置命令,重要的命令红色突出显示 |
简单说明 |
! |
适用版本vrp1.74及1.44 | |
[Router] |
acl 1 match-order auto |
|
[Router-acl1] |
rule normal permit source 10.0.0.0 0.0.0.255 |
|
[Router-acl1] |
rule normal deny source any |
|
! |
||
[Router] |
interface Ethernet0 |
|
[Router-Ethernet0] |
ip address 10.0.0.1 255.255.255.0 |
|
! |
||
[Router] |
interface Ethernet1 |
|
[Router-Ethernet1] |
ip address 202.1.1.1 255.255.255.0 |
|
[Router-Ethernet1] |
nat outbound 1 interface |
|
! |
||
[Router] |
ip route-static 0.0.0.0 0.0.0.0 202.1.1.2 preference 60 |
|
[Router] |
! |
|
[Router] |
return |
【Router】
当前路由器提示视图 |
依次输入的配置命令,重要的命令红色突出显示 |
简单说明 |
! |
适用版本vrp1.74及1.44 | |
[Router] |
nat address-group 1 202.1.1.1 202.1.1.6 pool1 |
|
! |
||
[Router] |
acl 101 acl 1 match-order auto |
|
[Router-acl1] |
rule normal permit source 10.0.0.0 0.0.0.255 |
|
[Router-acl1] |
rule normal deny source any |
|
! |
||
[Router] |
interface Ethernet0 |
|
[Router-Ethernet0] |
ip address 10.0.0.1 255.255.255.0 |
|
! |
||
[Router] |
interface Ethernet1 |
|
[Router-Ethernet1] |
ip address 202.1.1.1 255.255.255.0 |
|
[Router-Ethernet1] |
nat outbound 1 pool pool1 |
|
! |
||
[Router] |
ip route-static 0.0.0.0 0.0.0.0 202.1.1.2 preference 60 |
|
! |
||
return |
【Router】
当前路由器提示视图 |
依次输入的配置命令,重要的命令红色突出显示 |
简单说明 |
! |
适用版本vrp1.74及1.44 | |
[Router] |
dialer-rule 1 ip permit |
|
[Router] |
! |
|
acl 1 match-order auto |
||
[Router-acl1] |
rule normal permit source 10.0.0.0 0.0.0.255 |
|
[Router-acl1] |
rule normal deny source any |
|
! |
||
内网的以太口地址根据实际情况来配置 | ||
[Router] |
interface Ethernet0 |
|
[Router-Ethernet0] |
ip address 10.0.0.1 255.255.255.0 |
|
[Router-Ethernet0] |
! |
|
[Router-Serial0] |
interface Bri0 |
|
[Router-Bri0] |
link-protocol ppp |
|
[Router-Bri0] |
ppp mp |
使能128K两B拨号 |
[Router-Bri0] |
ppp pap local-user 16900 password simple 16900 |
|
[Router-Bri0] |
ip address ppp-negotiate |
|
[Router-Bri0] |
dialer enable-circular |
ISDN拔号不用配置dialer enable-legacy,如果是灵活DDR拔号,还应配置undo dialer enable-legacy |
[Router-Bri0] |
dialer-group 1 |
|
[Router-Bri0] |
dialer number 16900 |
|
[Router-Bri0] |
nat outbound 1 interface |
|
! |
||
[Router] |
ip route-static 0.0.0.0 0.0.0.0 bri 0 preference 60 |
使用isdn-bri拨号 |
[Router] |
! |
|
[Router] |
return |
【Router】
当前路由器提示视图 |
依次输入的配置命令,重要的命令红色突出显示 |
简单说明 |
! |
适用版本vrp1.74及1.44 | |
[Router] |
acl 101 match-order auto |
|
[Router-acl101] |
rule normal deny ip source 10.0.0.0 0.0.0.255 destination 10.0.0.1 0.0.0.0 |
|
[Router-acl101] |
rule normal permit source 10.0.0.0 0.0.0.255 |
|
[Router-acl101] |
rule normal deny source any |
|
! |
||
[Router] |
interface Ethernet0 |
|
[Router-Ethernet0] |
ip address 10.0.0.1 255.255.255.0 |
|
! |
||
[Router] |
interface Ethernet0 |
|
[Router-Ethernet0] |
ip address 202.1.1.1 255.255.255.0 |
|
[Router-Ethernet0] |
ip address 10.0.0.1 255.255.255.0 sub |
|
[Router-Ethernet0] |
nat outbound 101 interface |
|
! |
||
[Router] |
ip route-static 0.0.0.0 0.0.0.0 202.1.1.2 preference 60 |
|
[Router] |
! |
|
[Router] |
return |
说明:上例不推荐使用。
以www服务为例,除了3.1.1和3.1.2的配置,公网接口需要增加如下配置:[Router-Ethernet1]nat server global 202.1.1.2 www inside 10.0.0.2 www tcp注意:如果需要其他用户可以ping通内部对外提供服务的服务器,必须增加如下配置:[Router-Ethernet1]nat server global 202.1.1.2 any inside 10.0.0.2 any icmp注意:内部用户不能使用公网地址来访问内部服务器,必须使用内网地址访问.如上例子:10.0.0.0/24网段的用户,不能访问202.1.1.2,而只能访问10.0.0.2
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。