華為模拟器配置NAT外網通路内網伺服器實驗

華為模拟器配置NAT外網通路内網伺服器實驗

模拟器實驗圖檔

2022年11月8日學習筆記

LSW1交換機上劃分vlan10 20 30，PC1屬于vlan10，ftp、www屬于vlan20，連接配接出口路由器劃分vlan30，内網内裝置網絡互通，PC1主機能通路公網

路由器AR1上做NAT，外網主機可以通路内網伺服器

LSW1配置

sys
sys LSW1
vlan batch 10 20 30
int g0/0/4
port link-type access
port default vlan 10
int g0/0/1
port link-type access
port default vlan 20
int g0/0/2
port link-type access
port default vlan 20
int g0/0/3
port link-type access
port default vlan 30
q
int vlanif 10
ip add 192.168.10.254 24
q
int vlanif 20
ip add 192.168.20.254 24
q
int vlanif 30
ip add 172.16.10.2 24
q
 
ospf 1 router-id 1.1.1.1
area 0
net 192.168.10.0 0.0.0.255
net 192.168.20.0 0.0.0.255
net 172.16.10.0 0.0.0.255
q
q           

路由器R1配置

sys
sys R1
int g0/0/0
ip add 172.16.10.1 24
int g0/0/1
ip add 1.1.1.1 24

ospf 1 router-id 2.2.2.2
area 0
net 172.16.10.0 0.0.0.255
q
q

ospf 1 router-id 1.1.1.1
area 0
net 192.168.10.0 0.0.0.255
net 192.168.20.0 0.0.0.255
net 172.16.10.0 0.0.0.255
q
q

acl 2000
rule permit source 192.168.10.0 0.0.0.255
rule permit source 192.168.20.0 0.0.0.255
q
int g0/0/1
nat outbound 2000
q
ip route-static 0.0.0.0 0 1.1.1.2
ospf 1
default-route-advertise
q
int g0/0/1
nat server protocol tcp global current-interface www inside 192.168.20.20 www
y
nat server protocol tcp global current-interface ftp inside 192.168.20.10 ftp
y
q
nat alg ftp enable           

路由器R2配置

sys
sys R2
int g0/0/0
ip add 1.1.1.2 24
int g0/0/1
ip add 3.3.3.254 24
int g0/0/2
ip add 2.2.2.254 24
q           

交換機LSW2配置

sys
sys LSW2
vlan 100
q
port-group 1
group-member g0/0/1 g0/0/2
port link-type access
port default vlan 100
q           

客戶機Client2分别通路www、ftp伺服器

client2通路内網ftp伺服器

client2通路ftp伺服器

外網主機通路内網www、ftp服務

外網主機通路内網www伺服器

外網主機通路内網ftp伺服器