PT 实验(十四) 网络地址转换NAT配置
PT 实验(十四) 网络地址转换NAT配置
一、实验目标
●理解NAT网络地址转换的原理及功能;
●掌握静态NAT的配置,实现局域网访问互联网;
二、实验背景
公司欲发布WWW服务,现要求将内网Web服务器IP地址映射为全局IP地址,实现外部网络可访问公司内部Web服务器。
三、技术原理
●网络地址转换NAT(Network Address Translation),被广泛应用于各种类型Internet接入方式和各种
类型的网络中。原因很简单,NAT不仅完美解决了IP地址不足的问题,而且还能够有效地避免来自网络外部的攻击,隐藏并保护网络内部的计算机。
●默认情况下,内部IP地址是无法被路由到外网的,内部主机10.1.1.1要与外部internet通信,IP
包到达NAT路由器时,IP包头的源地址10.1.1.1被替换成一个合法的外网IP,并在NAT转换表中保存这条记录。当外部主机发送一个应答到内网时,NAT路由器收到后,查看当前NAT转换表,用10.1.1.1替换掉这个外网地址。
●NAT将网络划分为内部网络和外部网络两部分,局域网主机利用NAT访问网络时,是将局域网内
部的本地地址转换为全局地址(互联网合法的IP地址)后转发数据包。
●NAT分为两种类型:NAT(网络地址转换)和NAPT(网络端口地址转换IP地址对应一个全局地址)。
●静态NAT:实现内部地址与外部地址一对一的映射。现实中,一般都用于服务器;
●动态NAT:定义一个地址池,自动映射,也是一对一的。现实中,用得比较少;
●NAPT:使用不同的端口来映射多个内网IP地址到一个指定的外网IP地址,多对一。
四、实验步骤
实验拓扑
1、R1为公司出口路由器,其与外部路由之间通过V.35电缆串口连接,DCE端连接在R2上,配置其时钟频率为64000;
2、配置PC机、服务器及路由器接口IP地址;
3、在各路由器上配置静态路由协议,让PC间能相互ping通;
4、在R1上配置静态NAT;
5、在R1上定义内外部网络接口;
6、验证主机之间的互通性。
R1:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#int fa0/0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#no shut
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up R1(config-if)#exit
R1(config)#int s0/0
R1(config-if)#ip add 222.0.1.1 255.255.255.0
R1(config-if)#no shut
%LINK-5-CHANGED: Interface Serial0/0, changed state to down
R1(config-if)#
%LINK-5-CHANGED: Interface Serial0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up R1(config-if)#
R1(config-if)#exit
R1(config)#ip route 222.0.2.0 255.255.255.0 222.0.1.2 //配置到222.0.2.0网段的静态路由R1(config)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.1.0/24 is directly connected, FastEthernet0/0
C 222.0.1.0/24 is directly connected, Serial0/0
S 222.0.2.0/24 [1/0] via 222.0.1.2
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int fa0/0
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#int s0/0
R1(config-if)#ip nat outside
R1(config-if)#exit
R1(config)#
R1#
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip nat inside source static 192.168.1.2 222.0.1.3 //配置内网到外网的静态NAT映射R1(config)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 222.0.1.3 192.168.1.2 --- ---
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 222.0.1.3 192.168.1.2 --- ---
tcp 222.0.1.3:80 192.168.1.2:80 222.0.2.2:1025 222.0.2.2:1025
R1#show running-config
Building configuration...
Current configuration : 753 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
hostname R1
!
...
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0
ip address 222.0.1.1 255.255.255.0
ip nat outside
!
interface Serial3/0
no ip address
shutdown
!
interface FastEthernet4/0
no ip address
shutdown
!
interface FastEthernet5/0
no ip address
shutdown
!
ip nat inside source static 192.168.1.2 222.0.1.3 ip classless
ip route 222.0.2.0 255.255.255.0 222.0.1.2
!
...
!
line con 0
line vty 0 4
login
!
!
end
R1#
R2:
Router>
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R2
R2(config)#int fa0/0
R2(config-if)#ip add 222.0.2.1 255.255.255.0
R2(config-if)#no shut
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up R2(config-if)#exit
R2(config)#int s0/0
R2(config-if)#ip add 222.0.1.2 255.255.255.0
R2(config-if)#no shut
%LINK-5-CHANGED: Interface Serial0/0, changed state to up
R2(config-if)#clock rate 64000
R2(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up R2(config-if)#
R2(config-if)#
R2(config-if)#exit
R2(config)#ip route 192.168.1.0 255.255.255.0 222.0.1.1
R2(config)#end
R2#
%SYS-5-CONFIG_I: Configured from console by console
R2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
S 192.168.1.0/24 [1/0] via 222.0.1.1
C 222.0.1.0/24 is directly connected, Serial0/0
C 222.0.2.0/24 is directly connected, FastEthernet0/0
R2#
五、验证
PC1:
Packet Tracer PC Command Line 1.0
PC>ipconfig
IP Address......................: 222.0.2.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 222.0.2.1
PC>ping 192.168.1.2
Pinging 192.168.1.2 with 32 bytes of data:
Request timed out.
Reply from 192.168.1.2: bytes=32 time=19ms TTL=126
Reply from 192.168.1.2: bytes=32 time=17ms TTL=126
Reply from 192.168.1.2: bytes=32 time=15ms TTL=126
Ping statistics for 192.168.1.2:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss), Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 19ms, Average = 17ms PC>
PC1-WEB: