• 冒险村物语
  • 英雄无敌3塔防
  • 驾考家园手游

nat路由地址转换

2015-06-17

nat路由地址转换
 
nat
 
lo0:2.2 r1(R2) s1/0 ---- s2/0 r1(R1) lo0 1.1 s1/0 -------- s2/0 r3  lo0 3.3
step 1...
r1:
 en
 config t
 hostname R2
 no ip domain-lookup
 lin 0
 exec-timeout 0 0
 logging syn
 exit
 int lo 0
 ip add 2.2.2.2 255.255.255.255
 exit
 int s1/0
 ip add 192.168.0.2 255.255.255.0
 no shutdown
 exit
r2
 en
 config t
 hostname R1
 no ip domain-lookup
 lin 0
 exec-timeout 0 0
 logging syn
 exit
 int lo 0
 ip add 1.1.1.1 255.255.255.255
 exit
 int s2/0
 ip add 192.168.0.1 255.255.255.0
 no shutdown
 exit
 int s1/0
 ip add 13.1.1.1 255.255.255.0
 no shutdown
 exit
r3
 en
 config t
 hostname R3
 no ip domain-lookup
 lin 0
 exec-timeout 0 0
 logging syn
 exit
 int lo 0
 ip add 3.3.3.3 255.255.255.255
 exit
 int s2/0
 ip add 13.1.1.3 255.255.255.0
 no shutdown
 exit
R1 ping 13.1.1.3
r1 ping 192.168.0.2
---------------------------------------------------------------------------
step 2
r1 
 config t
 access-list 10 permit 192.168.0.0 0.0.0.255
 end
r1 show ip access-list
r1 config t
  ip nat pool ?
  ip nat pool natpool ?
  ip nat pool natpool 13.1.1.1 ?
  ip nat pool natpool 13.1.1.1 13.1.1.1 ?    (只有13.1.1.1这个地址)/
  / ip nat pool natpool 13.1.1.1 13.1.1.2    (有两个地址)
  ip nat pool natpool 13.1.1.1 13.1.1.2 netmask /
   / ip nat pool natpool 13.1.1.1 13.1.1.2 prefix-length ?
  ip nat pool natpool 13.1.1.1 13.1.1.2 prefix-length 24
  end
r1 config t
  interface s1/0
  ip nat outside
  exit
  interface s2/0
  ip nat inside
  exit
  ip nat ?
  ip nat inside ?
  ip nat inside source ?
  ip nat inside source list ?
  ip nat inside source list 10 ?
  ip nat inside source list 10 pool ?
  ip nat inside source list 10 pool natpool
  end
r1 show ip nat ?
r1 show ip nat
------------------------------------------------------------------------------------
step 3
r2 config t
  no ip routing      (关掉让r2的路由功能)
  end
r2 show ip route
r2 config t
  ip routing         (打开r2路由功能)
  end
r2 show ip route
 
r2 config t
   no ip routing
   end
-----------------------------------------------------------------------------------
step 4
r2 ping 3.3.3.3
r2 config t
   ip default-gateway 192.168.0.1    (设定默认网关路由 ,这个需在路由器关闭路由功能下做)
   end
r2 ping 3.3.3.3
r2 debug ip packet
r2 unade all
 
r1 config t
   intface s1/0
   no ip rote-cache
   exit
r1 debug ip packet
r1 unde all
r1 show ip route
r1 config t
   ip route 3.3.3.3 255.255.255.255 s1/0 13.1.1.3
   end
r1 show ip route
r1 show run
r1 config t
   no ip route 3.3.3.3 255.255.255.255 s1/0 13.1.1.3  (因为把R3当成ISP只能写默认路由)
   end
r1 config t
   ip route 0.0.0.0 0.0.0.0.0 s1/0 13.1.1.3    (默认路由)
   end
r1 show ip route
r2 ping 3.3.3.3
r2 debug ip packet
r2 ping 3.3.3.3
r1 debug ip packet
r1 config t
   interface s1/0
   no ip route-cache
   end
r2 ping 3.3.3.3
r1 unde all
r3 debug ip packet
r3 unde all
----------------------------------------------------------------------------------
step 5
r1 show ip nat translations
r1 show run   (看地址池有多少地址)
r2 config t
   intface s1/0   
   ip add 192.168.0.3 255.255.255.0 secondary  (起辅助地址模拟另一PC )
   end
R2 ping 3.3.3.3 source 192.168.0.2 
r2 ping 3.3.3.3 source 192.168.0.3
r1 show ip nat translations
r2 conifig t
   int s1/0 
   ip add 192.168.0.4 255.255.255.0 secondary (起辅助地址再模拟一PC)
   end
r2 ping 3.3.3.3 source 192.168.0.4
   u u u u                          (这次ping不通 因为nat是一对一的地址转换)
r1 show ip nat translations   (可以看到两个地址已被占用了)
r1 clear ip nat translation *     (清空)
r1 show ip nat translations       (应该空的)
r2 ping 3.3.3.3 source 192.168.0.4
   !!!!!                         
r2 ping 3.3.3.3 source 192.168.0.3
   !!!!!
r2 ping 3.3.3.3 source 192.168.0.2
   uuuu                   (它不通没地址了)
r1 show ip nat translations
 
r1 debug ip packet
r2 debug ip packet
r3 debug ip packet
r1 clear ip nat translation *
r2 ping 3.3.3.3 source 192.168.0.2
---------------------------------------------------------------------------------------
r2 s:192.168.0.2   d 3.3.3.3
   
r1 s: 13.1.1.1      d: 3.3.3.3
ip nat inside source list 10 pool natpool
natpool: 13.1.1.1---13.1.1.2
rcvd:收到
传统的路由网中 第三层地址不会因为路由器的转发而改变
NAT 就是把一个或者多个地址转换成另一个地址
 
--------------------------------------------------------------------------------
pat
先配好IP地址
r1 show ip int bri
r2 show ip int bri
r3 show ip int bri
r2 config t
   no ip routing
   no ip default-gateway 192.168.0.1
   exit
r1 config t
   ip route 0.0.0.0 0.0.0.0 13.1.1.3
   end
r1 config t
   access-list 10 permit 192.168.0.0 0.0.0.255
   interface s2/0
   ip nat inside
   inter s1/0
   ip nat outside
   end
r1 config t
   ip nat inside source list 10 ?
   ip nat inside source list 10 interface s1/0 ?
   ip nat inside source list 10 interface s1/0 overload
   end
r3 config t
   line vty 0 4
   no login
   end
r1 telnet 3.3.3.3
trying 3.3.3.3.... open
r3>
r1#disconnect 1
closing connection to 3.3.3.3 [confirm]
r2  telnet 3.3.3.3
trying 3.3.3.3.... open
r3>
r1 show ip nat translations
r2 config t
   inter s1/0
   ip add 192.168.0.3 255.255.255.0 secondary
   end
r2 ping 3.3.3.3 source 192.168.0.3
r1 show ip nat translations
r2 config t
   int s1/0
   ip add 192.168.0.4 255.255.255.0 secondary
   ip add 192.168.0.5 255.255.255.0 secondary
   end
r2 ping 3.3.3.3 source 192.168.0.5
   !!!!!
r2 ping 3.3.3.3 source 192.168.0.4
   !!!!!
r2 ping 3.3.3.3 source 192.168.0.3 
   !!!!!
r2 ping 3.3.3.3 source 192.168.0.2
   !!!!!
r1 show ip nat translations   (注意icmp 的端口号)
r1 clear ip nat translation *
r1 show ip nat translation
r1 config t
   int s2/0
   no ip route-cache
   int s1/0
   no ip route-cache
   end
r3 debug ip packet detail
r2 telnet 3.3.3.3
r3>
r2#disconnect 1
closing connection to 3.3.3.3 [confirm]
r2 config t
   interface s1/0
   ip add 192.168.100.1 255.255.255.0 secondary   (看100网段会不会被转换)
   end
r1 show ip access-list  (不匹配下面的  是不会被转换的)
----------------------------------------------------------------------------------
静态NAT 和 端口影谢
r3 ping 192.168.0.2
   .....
r3 show ip route
 
r3 config t
   ip route 192.168.0.0 255.255.255.0 13.1.1.1
   end
r3 ping 192.168.0.2
   !!!!!
r3 config t
   no ip route 192.168.0.0 255.255.255.0 13.1.1.1     (R3是ISP怎么能有你的私网地址)
   end
r3 show ip route
r2 show run int s1/0
r2 config t
   int s1/0
   ip add 192.168.0.100 255.255.255.0 secondary
   end
r1 show ip route
r1 config t
   ip nat inside source static ?
   ip nat inside source static 192.168.0.100 ?
   ip nat inside source static 192.168.0.100 13.1.1.100       (做静态影谢)
   end
r1 show ip nat translations
r3 ping 13.1.1.100   (其实就PING 192.168.0.100)
   !!!!!
r3 debug ip packet
r2 debug ip packet
r1 debug ip packet
r3 ping 13.1.1.100
---------------------------------------------------------------------------------------
端口影谢
r2 config t
   line vty 0 4
   no login
   end
r1 show run
   config t 
   no ip nat inside source static 192.168.0.100 13.1.1.100 (删掉)
   end
r3 unde all
r1 config t
   ip nat inside source ?
   ip nat inside source static ?
   ip nat inside source static tcp ?
   ip nat inside source static tcp 192.168.0.100 ?
   ip nat inside source static tcp 192.168.0.100 23 ?
   ip nat inside source static tcp 192.168.0.100 23 13.1.1.100 ?
   ip nat inside source static tcp 192.168.0.100 23 13.1.1.100 23
   end
r3 telnet 13.1.1.100
trying 13.1.1.100...open
r2>
r1 show ip nat translations
r2 show run
r2 ping 3.3.3.3 source 192.168.0.4 (不影响别的PAT工作)
   !!!!
r1 show ip nat translations
--------------------------------------------------------------------------------
NAT 优化 注意下面的timeout时间是乱来的  具体设置要有丰厚的经验。
r2 ping 3.3.3.3 source 192.168.0.2
   !!!!
r2 ping 3.3.3.3 source 192.168.0.3
   !!!!
r2 ping 3.3.3.3 source 192.168.0.4
   !!!!
r2 ping 3.3.3.3 source 192.168.0.100
   !!!!
 
r1 unde all
r1 show ip nat translations
r1 config t
   ip nat ?
   ip nat service ?
   ip nat translations ?
   (dns-timeout  finrst-timeout:tcp3次握手  icmp-timeout:默认2秒  max-port-timeout:最   大的条目 pptp-timeout   syn-timeout tcp-timeout timeout  udp-timeout )
  
   ip nat translations dns-timeout ?
   ip nat translations dns-timeout 30
   ip nat translations max-timeout ?
   ip nat translations max-timeout 500
   ip nat translations icmp-timeout 100
   end
r1 clear ip nat translation *
r1 show ip nat translation
r1 config t
   &nside source static tcp 192.168.0.100 23 13.1.1.100 23 extendable
static endtry in use, do you want to delete child entries ? [no] y
    end
r1 show ip nat translations
r2 telnet 3.3.3.3
trying 3.3.3.3 ... open
r3>
r1 show ip nat translations
-------------------------------------------------------------------------------------
NAT 和ACL 是两个结合起来 做企业上网的问题
NAT 表 web dns pop ftp
网络做完第二步就是优化
------------------------------------------------------------------------
s=192.168.0.2 (local)   d=3.3.3.3  (seriall1/1)
tcp src=16544   dst=23 
forward:转发
tcp 4层协议是有端口号的
icmp 是没有端口号的
 
(免责声明:文章内容如涉及作品内容、版权和其它问题,请及时与我们联系,我们将在第一时间删除内容,文章内容仅供参考)

人气推荐

知识阅读

精彩推荐

  • 游戏
  • 软件
查看更多>>