网络端口地址转换NAPT配置
技术原理:
NAT将网络划分为内部网络和外部网络两个部分,局域网主机利用NAT访问网络时,是将局域网内部的本地地址转换成全局地址后发送数据包。
NAT分为两种类型:NAT(网络地址转换)和NAPT(网络端口地址转换IP地址对应一个全局地址)。
NAPT:使用不同的端口来映射多个内网IP地址到一个指定的外网IP地址,多对一。
NAPT采用端口多路复用方式。内部网络的所有主机均共享一个合法外部IP地址实现对Internet的访问。从而可以最大限度节约IP地址资源。同事,有可以隐藏网络内部所有主机,有效避免来自Internet的攻击。因此,目前网络中应用最多的就是端口多路复用方式。
实验步骤及拓扑图:
1.路由器之间通过V.35电缆串口连接,DCE端连接在R1上,配置时钟频率64000;
2.配置pc机、服务器及路由器接口IP地址;
3.在路由器上配置静态路由协议,让pc间能互相Ping通;
4.在R1上配置NAPT;
5.在R1上定义内外网络接口
6.验证主机之间的互通性
实验设备:
Pc2台、server-PT 1台、SWITCH2950一台;直通线、交叉线、DCE串口线。
R0配置:
Router>en
Router#config t
Enter configuration commands, one perline. End with CNTL/Z.
Router(config)#host R0
R0(config)#int fa0/0
R0(config-if)#ip address 192.168.1.1255.255.255.0
R0(config-if)#no shut
%LINK-5-CHANGED: Interface FastEthernet0/0,changed state to up
%LINEPROTO-5-UPDOWN: Line protocol onInterface FastEthernet0/0, changed state to up
R0(config-if)#exit
R0(config)#int se2/0
R0(config-if)#ip address 200.1.1.1255.255.255.0
R0(config-if)#no shut
%LINK-5-CHANGED: Interface Serial2/0,changed state to down
R0(config-if)#clock rate 64000
R0(config-if)#exit
R0(config)#
R1配置:
Router>en
Router#config t
Enter configuration commands, one perline. End with CNTL/Z.
Router(config)#host R1
R1(config)#int se2/0
R1(config-if)#ip address 200.1.1.2255.255.255.0
R1(config-if)#no shut
%LINK-5-CHANGED: Interface Serial2/0,changed state to up
R1(config-if)#exit
R1(config)#int fa0/0
%LINEPROTO-5-UPDOWN: Line protocol onInterface Serial2/0, changed state to up
R1(config-if)#ip address 200.1.2.1255.255.255.0
R1(config-if)#no shut
R1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0,changed state to up
%LINEPROTO-5-UPDOWN: Line protocol onInterface FastEthernet0/0, changed state to up
R1(config-if)#exit
R1(config)#
在R0配置静态路由:
R0(config)#ip route 200.1.2.0 255.255.255.0200.1.1.2
在R1上配置静态路由:
R1(config)#ip route 192.168.1.0255.255.255.0 200.1.1.1
测试:
Pc1:
C>ping 200.1.2.2
Pinging 200.1.2.2 with 32 bytes of data:
Reply from 200.1.2.2: bytes=32 time=12msTTL=126
Reply from 200.1.2.2: bytes=32 time=23msTTL=126
Reply from 200.1.2.2: bytes=32 time=18msTTL=126
Reply from 200.1.2.2: bytes=32 time=12msTTL=126
Ping statistics for 200.1.2.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 12ms, Maximum = 23ms, Average = 16m
Pc2测试:
PC>ping 200.1.2.2
Pinging 200.1.2.2 with 32 bytes of data:
Reply from 200.1.2.2: bytes=32 time=19msTTL=126
Reply from 200.1.2.2: bytes=32 time=16msTTL=126
Reply from 200.1.2.2: bytes=32 time=19msTTL=126
Reply from 200.1.2.2: bytes=32 time=7msTTL=126
Ping statistics for 200.1.2.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times inmilli-seconds:
Minimum = 7ms,Maximum = 19ms, Average = 15ms
在R0上配置NAPT:
R0(config)#int fa0/0
R0(config-if)#ip nat inside
R0(config-if)#exit
R0(config)#int se2/0
R0(config-if)#ip nat outside
R0(config-if)#exit
R0(config)#access-list 1 permit 192.168.1.00.0.0.255
R0(config)#ip nat pool 5ijsj 200.1.1.3200.1.1.3 netmask 255.255.255.0
R0(config)#ip nat inside source list 1 pool5ijsj overload
R0(config)#end
R0#
%SYS-5-CONFIG_I: Configured from console byconsole
R0#sh ip nat translations
R0# 无结果
Pc1 测试:
R0 查看:
R0#sh ip nat translations
Pro Inside global Insidelocal Outside local Outside global
tcp 200.1.1.3:1026 192.168.1.2:1026 200.1.2.2:80 200.1.2.2:80 一个结果
R0#
Pc2测试:
在R0上查看:
R0#sh ip nat translations
Pro Inside global Insidelocal Outside local Outside global
tcp 200.1.1.3:1026 192.168.1.2:1026 200.1.2.2:80 200.1.2.2:80
tcp 200.1.1.3:1024 192.168.1.3:1026 200.1.2.2:80 200.1.2.2:80 两个结果
R0#