华为模拟器配置NAT外网访问内网服务器实验
模拟器实验图片
2022年11月8日学习笔记
LSW1交换机上划分vlan10 20 30,PC1属于vlan10,ftp、www属于vlan20,连接出口路由器划分vlan30,内网内设备网络互通,PC1主机能访问公网
路由器AR1上做NAT,外网主机可以访问内网服务器
LSW1配置
sys
sys LSW1
vlan batch 10 20 30
int g0/0/4
port link-type access
port default vlan 10
int g0/0/1
port link-type access
port default vlan 20
int g0/0/2
port link-type access
port default vlan 20
int g0/0/3
port link-type access
port default vlan 30
q
int vlanif 10
ip add 192.168.10.254 24
q
int vlanif 20
ip add 192.168.20.254 24
q
int vlanif 30
ip add 172.16.10.2 24
q
ospf 1 router-id 1.1.1.1
area 0
net 192.168.10.0 0.0.0.255
net 192.168.20.0 0.0.0.255
net 172.16.10.0 0.0.0.255
q
q
路由器R1配置
sys
sys R1
int g0/0/0
ip add 172.16.10.1 24
int g0/0/1
ip add 1.1.1.1 24
ospf 1 router-id 2.2.2.2
area 0
net 172.16.10.0 0.0.0.255
q
q
ospf 1 router-id 1.1.1.1
area 0
net 192.168.10.0 0.0.0.255
net 192.168.20.0 0.0.0.255
net 172.16.10.0 0.0.0.255
q
q
acl 2000
rule permit source 192.168.10.0 0.0.0.255
rule permit source 192.168.20.0 0.0.0.255
q
int g0/0/1
nat outbound 2000
q
ip route-static 0.0.0.0 0 1.1.1.2
ospf 1
default-route-advertise
q
int g0/0/1
nat server protocol tcp global current-interface www inside 192.168.20.20 www
y
nat server protocol tcp global current-interface ftp inside 192.168.20.10 ftp
y
q
nat alg ftp enable
路由器R2配置
sys
sys R2
int g0/0/0
ip add 1.1.1.2 24
int g0/0/1
ip add 3.3.3.254 24
int g0/0/2
ip add 2.2.2.254 24
q
交换机LSW2配置
sys
sys LSW2
vlan 100
q
port-group 1
group-member g0/0/1 g0/0/2
port link-type access
port default vlan 100
q
客户机Client2分别访问www、ftp服务器
client2访问内网ftp服务器
client2访问ftp服务器
外网主机访问内网www、ftp服务
外网主机访问内网www服务器
外网主机访问内网ftp服务器