实验目标
理解 NAT 网络地址转换的原理及功能 掌握静态 NAT 的配置,实现局域网访问互联网
实验背景
你是某公司的网络管理员,欲发布公司的 WWW 服务。现要求将内网 Web 服务器 IP地址映射为全局 IP 地址,实现外部网络可以访问公司内部 Web 服务器。
技术原理
网络地址转换 NAT(Network Address Translation),被广泛应用于各种类型 Internet 接入方式和各种类型的网络中。原因很简单,NAT 不仅完美地解决了 IP 地址不足的问题,而且还能够有效地避免来自网络外部的攻击,隐藏并保护网络内部的计算机。默认情况下,内部 IP 地址是无法被路由到外网的,内部主机 10.1.1.1 要与外部 Internet通信,IP 包到达 NAT 路由器时,IP 包头的源地址 10.1.1.1 被替换成一个合法的外网 IP,并在 NAT 转发表中保存这条记录。当外部主机发送一个应答到内网时,NAT 路由器收到后,查看当前 NAT 转换表,用 10.1.1.1 替换掉这个外网地址。NAT 将网络划分为内部网络和外部网络两部分,局域网主机利用 NAT 访问网络时,是将局域网内部的本地地址转换为全局地址(互联网合法的 IP 地址)后转发数据包;
NAT 分为两种类型:NAT(网络地址转换)和 NAPT(网络端口地址转换 IP 地址对应一个全局地址)。 静态 NAT:实现内部地址与外部地址一对一的映射。现实中,一般都用于服务器; 动态 NAT:定义一个地址池,自动映射,也是一对一的。现实中,用得比较少; NAPT:使用不同的端口来映射多个内网 IP 地址到一个指定的外网 IP 地址,多对一。
实验步骤
新建 Packet Tracer 拓扑图
(1)R1 为公司出口路由器,其与外部路由器之间通过 V.35 电缆串口连接,DCE 端连接在 R1 上,配置其时钟频率 64000; (2)配置 PC 机、服务器及路由器接口 IP 地址; (3)在各路由器上配置静态路由协议,让 PC 间能相互 Ping 通; (4)在 R1 上配置静态 NAT。 (5)在 R1 上定义内外网络接口。 (6)验证主机之间的互通性。
实验设备
PC 1 台;Server-PT 1 台;Switch_2950-24 1 台;Router-PT 2 台;直连线;交叉线;DCE串口线
Server-PT
192.168.1.2
255.255.255.0
192.168.1.1
PC0
222.0.2.2
255.255.255.0
222.0.2.1
R1
en
conf t
host R1
int fa 0/0
ip address 192.168.1.1 255.255.255.0
no shutdown
int s 2/0
ip address 222.0.1.1 255.255.255.0
no shutdown
clock rate 64000
R2
en
conf t
host R2
int s 2/0
ip address 222.0.1.2 255.255.255.0
no shut
int fa 0/0
ip address 222.0.2.1 255.255.255.0
no shutdown
R1
exit;
ip route 222.0.2.0 255.255.255.0 222.0.1.2
R2
exit
ip route 192.168.1.0 255.255.255.0 222.0.1.1
end
show ip route
PC0
CMD
ping 192.168.1.2 (success)
Web 浏览器
http://192.168.1.2 (success)
R1
int fa 0/0
ip nat inside
int s 2/0
ip nat outside
exit
ip nat inside source static 192.168.1.2 222.0.1.3
end
show ip nat translations
PC0
Web 浏览器
http://222.0.1.3 (success)
R1
show ip nat translations
实战演练
R1
Continue with configuration dialog? [yes/no]: n
Press RETURN to get started!
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#int fa 0/0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
R1(config-if)#int s 2/0
R1(config-if)#ip add 222.0.1.1 255.255.255.0
R1(config-if)#no shut
%LINK-5-CHANGED: Interface Serial2/0, changed state to down
R1(config-if)#clock rate 64000
R1(config-if)#
R2
Continue with configuration dialog? [yes/no]: n
Press RETURN to get started!
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#host R2
R2(config)#int s 2/0
R2(config-if)#ip add 222.0.1.2 255.255.255.0
R2(config-if)#no shut
%LINK-5-CHANGED: Interface Serial2/0, changed state to up
R2(config-if)#int fa 0/0
R2(config-if)#ip add 222.0.2.1 255.255.255.0
R2(config-if)#no shut
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R2(config-if)#
R1
R1(config-if)#exit
R1(config)#
R1(config)#ip route 222.0.2.0 255.255.255.0 222.0.1.2
R2
R2(config-if)#exit
R2(config)#
R2(config)#ip route 192.168.1.0 255.255.255.0 222.0.1.1
R2(config)#end
R2#
%SYS-5-CONFIG_I: Configured from console by console
R2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
S 192.168.1.0/24 [1/0] via 222.0.1.1
C 222.0.1.0/24 is directly connected, Serial2/0
C 222.0.2.0/24 is directly connected, FastEthernet0/0
R2#
PC0
CMD ping 192.168.1.2 (success)
PC>ipconfig
IP Address......................: 222.0.2.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 222.0.2.1
PC>ping 192.168.1.2
Pinging 192.168.1.2 with 32 bytes of data:
Request timed out.
Reply from 192.168.1.2: bytes=32 time=19ms TTL=126
Reply from 192.168.1.2: bytes=32 time=18ms TTL=126
Reply from 192.168.1.2: bytes=32 time=23ms TTL=126
Ping statistics for 192.168.1.2:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 23ms, Average = 20ms
PC>ping 192.168.1.2
Pinging 192.168.1.2 with 32 bytes of data:
Reply from 192.168.1.2: bytes=32 time=26ms TTL=126
Reply from 192.168.1.2: bytes=32 time=26ms TTL=126
Reply from 192.168.1.2: bytes=32 time=22ms TTL=126
Reply from 192.168.1.2: bytes=32 time=23ms TTL=126
Ping statistics for 192.168.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 22ms, Maximum = 26ms, Average = 24ms
PC>
Web 浏览器
http://192.168.1.2 (success)
R1
R1>en
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int fa 0/0
R1(config-if)#ip nat inside
R1(config-if)#int s 2/0
R1(config-if)#ip nat outside
R1(config-if)#exit
R1(config)#ip nat inside source static 192.168.1.2 222.0.1.3
R1(config)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 222.0.1.3 192.168.1.2 --- ---
R1#
PC0
Web 浏览器
http://222.0.1.3 (success)
CMD ping 222.0.1.3
PC>ipconfig
IP Address......................: 222.0.2.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 222.0.2.1
PC>ping 222.0.1.3
Pinging 222.0.1.3 with 32 bytes of data:
Reply from 222.0.1.3: bytes=32 time=21ms TTL=126
Reply from 222.0.1.3: bytes=32 time=22ms TTL=126
Reply from 222.0.1.3: bytes=32 time=23ms TTL=126
Reply from 222.0.1.3: bytes=32 time=23ms TTL=126
Ping statistics for 222.0.1.3:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 23ms, Average = 22ms
转自:https://www.linuxprobe.com/network-address-translation.html
京公网安备 11010802035086号