Switch and Router Technology-35-NAT to PAT

PAT：多对一转换

(端口多路复用)The most common way in business.源地址转换、NAT代理上网

目的：

It is mainly to convert multiple addresses of the internal network into one of the external networkIP地址,Convert the ports together,从而进行区分

例如：192.168.1.2：5252-6423.54.99:6625 According to the port to distinguish which address is on the Internet

Put multiple addresses on the intranet,Convert to the interface address of the router's external network

端口映射（服务器映射）

A service of a server on the intranet（The service will use the protocol egTCP there will be ports）,Map to a certain external networkIP地址的某个端口,The external network can access the services of the internal server

192.168.1.100:80----------23.34.56.100:80

注意点：

Because the port of the intranet identifies the service type of the server, it cannot be changed,映射出去的外网端口可以更改,但是会影响外网客户端访问时的端口号.If the mapped external network port is not80,例如8088,At this time, when the external network client accesses the internal network server,访问的是映射出去的ip地址和端口号 8088 http://23.34.56.100:8088

It is used when the intranet server provides services to the outside world.目的地址转换.

PAT实验

实验一：PATuse the public networkIP

搭建拓扑,划分网段,配置IP和网关,PC2只配IP

第一步：Define internal and external network interfaces on the router

Router(config)#int g0/0

Router(config-if)#ip nat inside

Router(config-if)#exit

Router(config)#int g0/1

Router(config-if)#ip nat outside

Router(config-if)#exit

Router(config)#

第二步：Standards are used to define the scope of the intranetACL

Router(config)#access-list 11 permit any

第三步：定义外网（公网地址范围）

//外网只有一个ip地址,All beginning and endingip一样

Router(config)#ip nat pool pat 23.34.56.80 23.34.56.80 netmask 255.255.255.0

第四步：应用：因为使用的是PAT,All endings addedoverload Portable port translation

Router(config)#ip nat inside source list 11 pool pat overload

All hosts canping通

查看NAT转换表

实验二：PATIt uses the public network address of the router interface

Delete the original configuration before the experiment

Router(config)#no ip nat inside source list 11 pool pat overload

Router(config)#no ip nat pool pat 23.34.56.80 23.34.56.80 netmask

第一步：定义内网范围

Router(config)#access-list 13 permit any

第二步：应用

Router(config)#ip nat ?

inside Inside address translation

outside Outside address translation

pool Define pool of addresses

Router(config)#ip nat inside ?

source Source address translation

Router(config)#ip nat inside source ?

list Specify access list describing local addresses

static Specify static local->global mapping

Router(config)#ip nat inside source list 13 ?

interface Specify interface for global address

pool Name pool of global addresses

Router(config)#ip nat inside source list 13 interface ?

Ethernet IEEE 802.3

FastEthernet FastEthernet IEEE 802.3

GigabitEthernet GigabitEthernet IEEE 802.3z

Serial Serial

//The router's external network interface directly referenced,There is no need to configure an external network address,直接引用

Router(config)#ip nat inside source list 13 interface g0/1 overload

Router(config)#

查看转换表

The public network address becomes the routerg0/1接口的ip地址

端口映射

配置;

http协议是基于tcp的80端口

PC2Want to access the intranet serverweb服务,Then analyze the flow,It needs to go through the routerg0/1口,那么将23.34.56.78的80端口映射到192.168.1.100的80端口

路由器配置命令

Router(config)#ip nat inside source ?

  list    Specify access list describing local addresses

  static  Specify static local->global mapping

Router(config)#ip nat inside source static ?

  A.B.C.D  Inside local IP address

  tcp      Transmission Control Protocol

  udp      User Datagram Protocol

Router(config)#ip nat inside source static tcp ?

  A.B.C.D  Inside local IP address

Router(config)#ip nat inside source static tcp 192.168.1.100 ?

  <1-65535>  Local UDP/TCP port

Router(config)#ip nat inside source static tcp 192.168.1.100 80 ?

  A.B.C.D  Inside global IP address

Router(config)#ip nat inside source static tcp 192.168.1.100 80 23.34.56.90 ?

  <1-65535>  Global UDP/TCP port

Router(config)#ip nat inside source static tcp 192.168.1.100 80 23.34.56.78 80

总结：

Router(config)#ip nat inside source static （协议tcp/udp）内网地址 端口号 外网地址 端口号

静态转换NAT  1对1 An internal network address is converted to an external network address,form a permanent correspondence,According to the external network address,Locate the intranet address,可以实现内网访问外网,也可以实现外网访问内网.

动态转换NAT  多对多 An internal network address is converted to an external network address,form a permanent correspondence,When the number of hosts on the internal network exceeds that of the external networkIP地址个数时,It is not possible to achieve simultaneous Internet access for all hosts.dynamic correspondence,The internal network address cannot be locked based on the external network address,只能实现内网访问外网

端口多路复用PAT  多对一转换,又叫（源地址转换、NAT代理上网）内网多个IPThe address is converted to an external network address、（外网接口地址）Use different port numbers to differentiate,A dynamic correspondence is also formed,只能实现内网访问外网.

端口映射（服务器映射）目的地址转换

A server on the intranet（a service on the server）Map to a certain external networkIP地址的某个端口.形成的是一个·Permanent correspondence.However, only the external network can access the internal network server,It is not possible to access the external network from the internal network,访问外网时,The mapped ports are random.