地址packettracer网络地址转换nat配置实验

网络地址时间:2021-03-03 阅读:()

网络地址转换NAT配置

一、实验目标

?理解NAT网络地址转换的原理及功能

? 掌握静态NAT的配置实现局域网访问互联网

二、实验背景

公司欲发布WWW服务现要求将内网Web服务器IP地址映射为全局IP地址实现外部网络可访问公司内部W eb服务器。

三、技术原理

? 网络地址转换NAT Network Address Tran slation 被广泛应用于各种类型 In ternet接入方式和各种类型的网络中。原因很简单 NAT不仅完美解决了I P地址不足的问

题而且还能够有效地避免来自网络外部的攻击 隐藏并保护网络内部的计算机。

? 默认情况下 内部IP地址是无法被路由到外网的 内部主机10.1.1.1要与外部in ternet通信 I P包到达NAT路由器时 I P包头的源地址10.1.1.1被替换成一个合法的外网I P,并在NAT转换表中保存这条记录。当外部主机发送一个应答到内网时 NAT路由器收到后查看当前 NAT转换表用10.1.1.1替换掉这个外网地址。

? NAT将网络划分为内部网络和外部网络两部分局域网主机利用 NAT访问网络时是将局域网内部的本地地址转换为全局地址 互联网合法的IP地址后转发数据包。? NAT分为两种类型 NAT 网络地址转换和NAP T 网络端口地址转换IP地址对

应一个全局地址 。

?静态NAT:实现内部地址与外部地址一对一的映射。现实中一般都用于服务器

?动态NAT:定义一个地址池 自动映射也是一对一的。现实中用得比较少

?NAP T:使用不同的端口来映射多个内网 IP地址到一个指定的外网IP地址多对一。

四、实验步骤

实验拓扑

1、 R 1为公司出口路由器其与外部路由之间通过 V.35电缆串口连接 DCE端连接在R2上配置其时钟频率为64000

2、配置P C机、服务器及路由器接口 IP地址

3、在各路由器上配置静态路由协议让 P C间能相互p ing通

4、在R 1上配置静态NAT;

5、在R1上定义内外部网络接口

6、验证主机之间的互通性。

R1:

Rout er>en

Router#conf t

Enter configuration commands,one p er line End with CNTL/Z

Router(config)#hostname R 1

R 1(config)#int faO/O

R1(config-if)#ip add 192168 1 12552552550

R1(config-if)#no shut

%LINK-5-CHANGED: Interface FastEthernetO/O,changed st ate to up

%LINEPROTO-5-UPDOWN:Line protocol on Interface FastEthernetO/O,changed state to up

R1(config-if)#exit

R1(config)#int s2/0

R1(config-if)#ip add 22201 12552552550

R1(config-if)#no shut

%LINK-5-CHANGED: Interface Serial2/0,changed state to down

Rl(config-if)#

%LINK-5-CHANGED: Interface Serial2/0,changed state to up

%LINEPR0T0-5-UPD0WN:Line protocol on Interface Seria 12/0, changed state to up

R1(config-if)#

R1(config-if)#exit

R1(config)#ip route 2220202552552550222012 //配置到222020网段的静态路由

R1(config)#end

R1#

%SYS-5-CONFIG_l:Configured from console by console

R1#show ip route

Codes:

C-connect ed,S- static, I - IGRP,R-RIP,M-mobile,B—B GP

D-EIGRP,EX-EIGRP external,O-O SPF, IA-O SPF inter area

N1 -OSPF NSSA external type 1,N2-OSPF NSSA external type 2 E1 -OSPF external type 1,E2-OSPF external type 2,E—EGP i - IS-IS,L1 - IS-IS level-1,L2- IS-IS level-2, ia- IS-ISint er area

* -candidat e default,U-p er-us er static rout e,o-ODR

P-p eriodic downloaded static route

Gateway of last resort is not set

C 192168 10/24 is directly connected,FastEthernet0/0

C 222010/24 is directly connected,S erial2/0

S 222020/24[1/0]via222012

R1#

R1#conft

Enter configuration commands,one p er line End with CNTL/Z

R 1(confi g)#int fa0/0

R1(config-if)#?arp Setarp type(arpa,probe, snap)ortimeoutbandwidth Set bandwidth informational parametercdp CDP interface subcommandscrypto Encryption/Decryption commandscustom-queue-list Assign a custom queue list to an interfacedelay Specify interface throughput delaydescription Interface specific descriptionduplex Configure duplexoperationexit Exit frominterface configuration mode

fair-queue EnableFairQueuingonanInterfacehold-queue Setholdqueuedepthip Interface Internet Protocol config commandsmac-address Manually set interface MAC addressmtu Set theinterfaceMaximumTransmissionUnit (MTU)no Negateacommandorset itsdefaultspriority-group Assign a priority group to an interfaceservice-policy Configure QoS Service Policyshutdown Shutdown the selected interfacespeed Configure speed operationtx-ring-limit Configure PA level transmit ring limitzone-member Apply zone name

R1(config-if)#ipaccess-group Specify access control for packetsaddress Set theIP address of aninterfacehello-interval Configures IP-EIGRP hello intervalhelper-address Specify a destination address for UDP broadcastsinspect Apply inspectnameips CreateIPSrulemtu Set IP MaximumTransmissionUnitnat NAT interface commandsospf OSPF interface commandssplit-horizon Perform split horizonsummary-address Perform address summarizationvirtual-reassembly Virtual Reassembly

R1(config-if)#ip nat?inside Inside interface for address translationoutside Outside interface for addr es s translation

R1(config-if)#ip nat inside?

<cr>

R1(config-if)#ip nat inside

R1(config-if)#exit

R1(config)#int s2/0

R1(config-if)#ip nat outside?

<cr>

R1(config-if)#ip nat outside

R1(config-if)#exit

R1(config)#

R1#

R1#conft

Enter configuration commands,one p er line End with CNTL/Z

R1(config)#ip?access-list Named access-list

default-network Flags networks as candidates for default routesdhcp ConfigureDHCP serverandrelay parametersdomain IP DNSResolverdomain-lookup Enable IP Domain Name System hostname translationdomain-name Definethedefault domainnameforward-protocol Controls forwarding of physical and directed IP broadcastshost Addanentrytotheiphostnametablename-server Specify address of name serverto usenat NAT configuration commandsroute Establish static routestcp GlobalTCP parameters

R1(config)#ip natinside Inside address translationoutside Outside address translationpool Definepoolof addresses

R1(config)#ip nat inside?source Source address translation

R1(config)#ip nat inside source?list Specify access list describing local addresses static Specify staticlocal->glob al mapp ing

R1(config)#ip nat inside source static?

A B C D Inside local IP addresstcp Transmission Control Protocoludp UserDatagramProtocol

R1(config)#ip nat inside source static 192168 12?

A B C D Inside global IP address

R1(config)#ip nat inside source static 192168 1222201 3<cr>

R1(config)#ip nat inside source static 192168 1222201 3 R1(config)#end

R1# //配置内网到外网的静态 NAT映射%SYS-5-CONFIG_l:Configured from console by console

R1#show ip nat?statistics Translation statisticstranslations Translation entries

R1#show ip nat translations

ProInsideglobalInside local Outsidelocal

--- 22201 3 192168 12 ---

R1#

R1#show ip nat translations

Pro Insideglobal Insidelocal Outsidelocal Outsideglobal

---22201 3 192168 12tcp 22201 3:80 192168 12:80 222022:1025 222022:1025

R1#

R1#show running-config

Buildin g confi guration

Current configur ation:753 bytes

!version 122no service timestamps log datetime msecno service timestamp s debug datetime msecno service p as sword-encryption

!hostname R1 interface FastEthernetO/Oip address 192168 1 12552552550ip nat insidedup lex aut ospeed auto

!int erface F ast Ethernet 1/0no ip addres sdup lex aut ospeed autoshut down

!int erface Seri al2/0ip address 22201 12552552550ip nat outside

!int erface Seri al3/0no ip addres sshut down

!int erface F ast Ethernet4/0no ip addres sshut down

!int erface F ast Ethernet 5/0no ip addres sshut down

ip nat inside source static 192168 1222201 3ip classlessip route 2220202552552550222012 line con 0line vty 04login

!en d

R1#

R2:

Rout er>

Rout er>en

Router#conf t

Enter configuration commands,one p er line End with CNTL/Z

Router(config)#hostname R2

R2(confi g)#int fa0/0

R2(config-if)#ip add 2220212552552550

R2(confi g-if)#no shut

%LINK-5-CHANGED: Interface FastEthernet0/0,changed state to up

%LINEPROTO-5-UPDOWN:Line protocol on Interface FastEthernet0/0,changed state to upR2(config-if)#exit

R2(config)#int s2/0

R2(config-if)#ip add 2220122552552550

R2(confi g-if)#no shut

%LINK-5-CHANGED: Interface Serial2/0,chan ged state to up

R2(config-if)#clock rate 64000

R2(config-if)#

%LINEPROTO-5-UPDOWN:Line protocol on Interface Seria 12/0, changed state to upR2(config-if)#

R2(config-if)#

R2(config-if)#exit

R2(config)#ip route 192168 10255255255022201 1

R2(confi g)#end

R2#

%SYS-5-C0NFIG_l:Configured from console by console

R2#show ip route

Codes:C-connected, S- static, I - IGRP,R-RIP,M-mobile,B-BGPD-EIGRP,EX-EIGRP external,O-O SPF, IA-O SPF inter areaN1 -OSPF NSSA external type 1,N2-OSPF NSSA external type 2E1 -OSPF external typ e 1,E2-OSPF external typ e 2,E-EGPi - IS-IS,L1 - IS-IS level-1,L2- IS-IS level-2, ia- IS-IS inter area

* -candidat e default,U-p er-us er static rout e,o-ODR

P-p eriodic downloaded static route

Gateway of last resort is not set

S 192168 10/24[1/0]via22201 1

C 222010/24 is directly connected,Serial2/0

C 222020/24 is directly connected,FastEthernet0/0

R2#

PC1:

Packet Tracer PC Command Line 10

PC>ip config

IP Address :222022

Subnet M ask :2552552550