ＮＡＴ

2008-02-15 15:05:44

　标签：PAT　　　[推送到技术圈]

　　　　　　　　　　　　　　　PAT 端口重定向

１.实验拓扑

２.实验目的

　２.１　按拓扑图的要求正确连接设备

　　　２.２　创立　ＰＡＴ　完成以下任务

　　　　　在路由器Ｒ１配置，将内部主机192.168.1.0/24网段的地址映射为202.115.103.10

完成配置ＰＡＴ的基本操作，并进行验证．

３.详细步骤

step 1　配置相应的接口　ＩＰ

　　pc1 配置如下：
（注：是用路由器代替PC机的）
Router(config)#ho pc1
pc1(config)#no ip routing　　／／关闭路由
pc1(config)#
pc1(config)#int f0/0
pc1(config-if)#ip add 192.168.1.3 255.255.255.0
pc1(config-if)#no shut
pc1(config-if)#end
pc1#
*Mar 1 00:02:24.575: %SYS-5-CONFIG_I: Configured from console by console
*Mar 1 00:02:25.223: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0/0, changed state to up

pc2配置如下
（注：是用路由器代替PC机的）
Router(config)#ho pc2
pc2(config)#no ip routing　／／关闭路由
pc2(config)#int f0/0
pc2(config-if)#ip add 192.168.1.2 255.255.255.0
pc2(config-if)#no shut
pc2(config-if)#exit
pc2(config)#
*Mar 1 00:02:53.959: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state t
o up
*Mar 1 00:02:54.959: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0/0, changed state to up
pc2(config)#exit
pc2#
*Mar 1 00:03:04.295: %SYS-5-CONFIG_I: Configured from console by console

R1配置如下：
Router>enable
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ho R1
R1(config)#int f0/0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#
*Mar 1 00:09:01.199: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state t
o up
*Mar 1 00:09:02.199: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0/0, changed state to up
R1(config)#int s1/0
R1(config-if)#ip add 202.115.103.2 255.255.255.0
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#

sw配置如下：

Router#
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ho sw
sw(config)#int range f0/0 - 15
sw(config-if-range)#no shut
sw(config-if-range)#end
sw#
*Mar 1 00:02:54.667: %SYS-5-CONFIG_I: Configured from console by console
sw#

ISP配置如下：

（注　：　公网IP用一台路由器代替）

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ho ISP
ISP(config)#int s1/0
ISP(config-if)#ip add 202.115.103.1 255.255.255.0
ISP(config-if)#no shut
ISP(config-if)#exit
ISP(config)#
*Mar 1 00:12:31.803: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
*Mar 1 00:12:32.803: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0,
changed state to up

step2 在Ｒ１和ＩＳＰ　配置ＲＩＰ协议使全网互通

　R1配置如下：

R1(config)#router rip
R1(config-router)#net 192.168.1.0
R1(config-router)#net 202.115.103.0
R1(config-router)#exit
R1(config)#

ISP配置如下：

ISP(config)#router rip
ISP(config-router)#net 202.115.103.0
ISP(config-router)#exit
ISP(config)#end
ISP#show
*Mar 1 00:13:34.487: %SYS-5-CONFIG_I: Configured from console by consoleip rou
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 202.115.103.0/24 is directly connected, Serial1/0
R 192.168.1.0/24 [120/1] via 202.115.103.2, 00:00:02, Serial1/0
ISP#

验证：pc1

pc1#ping 192.168.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 180/546/1392 ms
pc1#ping 202.115.103.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.115.103.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 88/416/1532 ms

验证：pc2

pc2#ping 202.115.103.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.115.103.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 348/548/1224 ms

setp 3 在Ｒ１上设置ＰＡＴ

定义内部访问列表
R1(config)#access-list 1 permit 192.168.1.0 0.0.0.255
定义合法IP地址池
R1(config)#ip nat pool benet 202.115.103.10 202.115.103.10 netmask 255.255.255.0
设置复用动态IP地址转换
R1(config)#ip nat inside source list 1 pool benet overload
R1(config)#
在内部和外部端口上启用NAT
R1(config)#int f0/0
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#
R1(config-if)#ip nat outside
R1(config-if)#exit
R1(config)#exit
R1#
跟踪NAT的操作，显示数据包：
R1#debug ip nat
IP NAT debugging is on

pc1#ping 202.115.103.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.115.103.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 84/331/932 ms
R1#
*Mar 1 00:26:30.523: NAT*: s=192.168.1.3->202.115.103.10, d=202.115.103.1 [10]
*Mar 1 00:26:30.523: %SYS-2-MALLOCFAIL: Memory allocation of 65536 bytes failed

*Mar 1 00:26:30.899: NAT*: s=202.115.103.1, d=202.115.103.10->192.168.1.3 [10]
*Mar 1 00:26:31.031: NAT*: s=192.168.1.3->202.115.103.10, d=202.115.103.1 [11]
*Mar 1 00:26:31.211: NAT*: s=202.115.103.1, d=202.115.103.10->192.168.1.3 [11]
*Mar 1 00:26:31.267: NAT*: s=192.168.1.3->202.115.103.10, d=202.115.103.1 [12]
*Mar 1 00:26:31.343: NAT*: s=202.115.103.1, d=202.115.103.10->192.168.1.3 [12]
*Mar 1 00:26:31.375: NAT*: s=192.168.1.3->202.115.103.10, d=202.115.103.1 [13]
*Mar 1 00:26:31.431: NAT*: s=202.115.103.1, d=202.115.103.10->192.168.1.3 [13]
*Mar 1 00:26:31.471: NAT*: s=192.168.1.3->202.115.103.10, d=202.115.103.1 [14]
*Mar 1 00:26:31.599: NAT*: s=202.115.103.1, d=202.115.103.10->192.168.1.3 [14]

pc2#ping 202.115.103.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.115.103.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 84/261/360 ms
*Mar 1 00:26:39.315: NAT*: s=192.168.1.2->202.115.103.10, d=202.115.103.1 [5]
*Mar 1 00:26:39.435: NAT*: s=202.115.103.1, d=202.115.103.10->192.168.1.2 [5]
*Mar 1 00:26:39.559: NAT*: s=192.168.1.2->202.115.103.10, d=202.115.103.1 [6]
*Mar 1 00:26:39.639: NAT*: s=202.115.103.1, d=202.115.103.10->192.168.1.2 [6]
*Mar 1 00:26:39.699: NAT*: s=192.168.1.2->202.115.103.10, d=202.115.103.1 [7]
*Mar 1 00:26:39.755: NAT*: s=202.115.103.1, d=202.115.103.10->192.168.1.2 [7]
*Mar 1 00:26:39.779: NAT*: s=192.168.1.2->202.115.103.10, d=202.115.103.1 [8]
*Mar 1 00:26:39.847: NAT*: s=202.115.103.1, d=202.115.103.10->192.168.1.2 [8]
*Mar 1 00:26:39.983: NAT*: s=192.168.1.2->202.115.103.10, d=202.115.103.1 [9]
*Mar 1 00:26:40.019: NAT*: s=202.115.103.1, d=202.115.103.10->192.168.1.2 [9]

本文出自 “Dongwei→工作室” 博客，请务必保留此出处http://dongwei.blog.51cto.com/319848/62137

上一篇 S2 ATEN CISCO　　下一篇 OSPF 单域配置

类别：未分类 ┆ 技术圈() ┆ 阅读() ┆ 评论() ┆推送到技术圈 ┆返回首页

相关文章

文章评论

[匿名]pure

2008-02-15 15:30:30

长知识了。

htyzboy

2008-02-19 21:13:59

非常之感谢！！！！！！！！！！！

intelibm

2008-03-16 23:46:30

不错文章，正在学习相关的内容，给予我很大帮助。。谢。

昵称：
验证码：		点击图片可刷新验证码　　博客过2级，无需填写验证码
内容：