二、比對規則:
inside:先路由,後NAT
outside:先NAT,後路由
三、四種NAT:
ip nat inside source static 192.168.1.2 202.67.54.3
從inside進入,從outside出去的源IP位址為192.168.1.2轉換為202.67.54.3
ip nat inside destination static 192.168.1.2 202.67.54.3
從inside進入,outside出去的目的IP為192.168.1.2轉換為202.67.54.3
ip nat outside source static 192.168.1.2 202.67.54.3
從outside進入,inside出去的源IP為192.168.1.2轉換為202.67.54.3
ip nat outside destination static 192.168.1.2 202.67.54.3
從outside進入,inside出去的目的IP為192.168.1.2轉換為202.67.54.3
第一條等價于第四條,第二條等價于第三條
四、實驗現象
ip nat inside 一定是出outside才會發生轉換
ip nat outside 一定是出inside才會發生轉換
<a href="http://www.2cto.com/net/201309/244766.html" target="_blank">http://www.2cto.com/net/201309/244766.html</a>
五、實操
前提條件:保證内網路由可達。
另外在實際操作中,外網是不需要知道内網路由的。下面這是為了示範outside口的特性才在兩邊加了預設路由
<a href="https://s2.51cto.com/wyfs02/M01/95/14/wKiom1kRclqAmlqXAAB-P0KKB5E428.png-wh_500x0-wm_3-wmp_4-s_2847354325.png" target="_blank"></a>
各裝置配置:
<a href="https://s4.51cto.com/wyfs02/M02/95/0E/wKioL1kRUm6gHTFkAADKsKcAugY391.png-wh_500x0-wm_3-wmp_4-s_1881674660.png" target="_blank"></a>
R0:
Router#show running-config
Building configuration...
Current configuration : 757 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
hostname Router
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.0
ip nat outside
duplex auto
speed auto
interface FastEthernet0/1
no ip address
shutdown
interface Serial1/0
ip address 8.8.8.7 255.255.255.0
ip nat inside
clock rate 64000
interface Serial1/1
interface Serial1/2
interface Serial1/3
ip nat outside source static 1.1.1.2 2.2.2.4
ip classless
ip route 0.0.0.0 0.0.0.0 8.8.8.8
line con 0
line aux 0
line vty 0 4
login
end
R1:
Current configuration : 662 bytes
ip address 2.2.2.2 255.255.255.0
ip address 8.8.8.8 255.255.255.0
ip route 0.0.0.0 0.0.0.0 8.8.8.7
PC1:
<a href="https://s5.51cto.com/wyfs02/M00/95/0E/wKioL1kRUuTCOGQgAADKpteIgEg562.png-wh_500x0-wm_3-wmp_4-s_2286513786.png" target="_blank"></a>
但還是不明白回包流程為什麼會失敗,也許他解釋的太抽象,有了解的,請舉個小例子給我解釋下回包為什麼會失敗,不勝感激
總結:outside口禁ping 和禁telnet,因為包發出去了,但是回包不了。
<a href="http://down.51cto.com/data/2366645" target="_blank">附件:http://down.51cto.com/data/2366645</a>
本文轉自飛奔的小GUI部落格51CTO部落格,原文連結http://blog.51cto.com/9237101/1923618如需轉載請自行聯系原作者
ziwenzhou
![即将到來的 Android N 将具備這些新特性[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)