华为路由器的NAT配置?

2024-11-01 17:28:10
推荐回答(3个)
回答1:

华为路由器 NAT及DHCP配置实例
sysname HUAWEI-AR28-11
#
nat address-group 1 125.95.190.3 125.95.190.3
nat static 192.168.100.254 125.95.190.6
nat static 192.168.100.252 125.95.190.5
nat aging-time tcp 360
#
radius scheme system
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
#
dhcp server ip-pool 1
network 192.168.1.0 mask 255.255.255.0
gateway-list 192.168.1.1
dns-list 202.96.128.86 202.96.128.166 202.96.128.143
#
dhcp server ip-pool 2
network 192.168.2.0 mask 255.255.255.0
gateway-list 192.168.2.1
dns-list 202.96.128.86 202.96.128.166 202.96.128.143
#
dhcp server ip-pool 3
network 192.168.3.0 mask 255.255.255.0
gateway-list 192.168.3.1
dns-list 202.96.128.86 202.96.128.166 202.96.128.143
#
dhcp server ip-pool 4
network 192.168.4.0 mask 255.255.255.0
gateway-list 192.168.4.1
dns-list 202.96.128.86 202.96.128.166 202.96.128.143
#
dhcp server ip-pool 5
network 192.168.5.0 mask 255.255.255.0
gateway-list 192.168.5.1
dns-list 202.96.128.86 202.96.128.166 202.96.128.143
#
dhcp server ip-pool 6
network 192.168.6.0 mask 255.255.255.0
gateway-list 192.168.6.1
dns-list 202.96.128.86 202.96.128.166 202.96.128.143
#
dhcp server ip-pool 7
network 192.168.7.0 mask 255.255.255.0
gateway-list 192.168.7.1
dns-list 202.96.128.86 202.96.128.166 202.96.128.143
#
acl number 2500
rule 0 permit source 192.168.0.0 0.0.255.255
#
acl number 3900
rule 0 deny tcp destination-port eq 8
rule 1 deny tcp destination-port eq 135
rule 2 deny tcp destination-port eq 139
rule 3 deny tcp destination-port eq 445
rule 4 deny tcp destination-port eq exec
rule 5 deny tcp destination-port eq 64444
rule 6 deny tcp destination-port eq 8080
rule 7 deny udp destination-port eq 135
rule 8 deny udp destination-port eq 445
rule 9 deny udp destination-port eq 3500
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 125.95.190.2 255.255.255.248
nat outbound static
nat outbound 2500 address-group 1
#
interface Ethernet0/1
description line to HUAWEI-S3928
ip address 192.168.8.2 255.255.255.0
#
interface Serial0/0
clock DTECLK1
link-protocol ppp
ip address dhcp-alloc
#
interface NULL0
#
dhcp server forbidden-ip 192.168.100.252
dhcp server forbidden-ip 192.168.100.254
#
ip route-static 0.0.0.0 0.0.0.0 125.95.190.1 preference 60
ip route-static 192.168.1.0 255.255.255.0 192.168.8.1 preference 60
ip route-static 192.168.2.0 255.255.255.0 192.168.8.1 preference 60
ip route-static 192.168.3.0 255.255.255.0 192.168.8.1 preference 60
ip route-static 192.168.4.0 255.255.255.0 192.168.8.1 preference 60
ip route-static 192.168.5.0 255.255.255.0 192.168.8.1 preference 60
ip route-static 192.168.6.0 255.255.255.0 192.168.8.1 preference 60
ip route-static 192.168.7.0 255.255.255.0 192.168.8.1 preference 60
ip route-static 192.168.100.0 255.255.255.0 192.168.8.1 preference 60
#
user-interface con 0
user-interface aux 0
set authentication password cipher V_$D$4N:*#F/$ATR*`+,;!!!
idle-timeout 2 0
user-interface vty 0 4
user privilege level 3
set authentication password cipher V_$D$4N:*#F/$ATR*`+,;!!!
idle-timeout 2 0
#
return
具体最好咨询厂家

回答2:

华为路由器NAT配置

华为的这个路由器,在指定outside 和inside的端口有一点不一样,

Quidway#show run

Now create configuration...

Current configuration

!

version 1.66

enable password ,Y@JM,UXNZL0XaLTV.U4*!!!

access-list normal 100 permit ip 10.0.0.0 0.255.255.255 any

!

interface Aux0

async mode interactive

encapsulation ppp

!

interface Ethernet0 #inside port#

speed auto

duplex auto

no loopback

ip address 10.0.0.2 255.255.255.0

!

interface Ethernet1 #outside port#

speed auto

duplex auto

no loopback

ip address 192.168.0.198 255.255.255.0

nat inside 100 interface #通过这个命令帮定访问列表和地址池在外部端口上#

!

interface Serial0

encapsulation ppp

!

exit

ip route 0.0.0.0 0.0.0.0 192.168.0.254 preference 60

!

end

Quidway#

NAT的配置任务列表如下:

1. 配置地址池

2. 配置访问控制列表和地址池的关联

3. 配置访问控制列表和接口的关联(EASY IP特性)

4. 配置内部服务器

增加一个内部服务器

nat serverglobal global-addr [ global-port] inside inside-addr inside-port protocol

例子: 202.38.160.101-103为公网IP

设置内部FTP服务器

Quidway(config-if-Serial0)# nat server global 202.38.160.101 inside 10.110.10.1 ftp tcp

!设置内部WWW服务器1

Quidway(config-if-Serial0)# nat server global 202.38.160.102 inside 10.110.10.2 www tcp

!设置内部WWW服务器2

Quidway(config-if-Serial0)# nat server global 202.38.160.102 8080 inside 10.110.10.3 www tcp

!设置内部SNMP服务器

Quidway(config-if-Serial0)# nat server global 202.38.160.103 inside 10.110.10.4 snmp udp

5. 配置地址转换的有效时间

回答3:

楼上给的配置信息要么是思科的。要么就是老版本的。最起码现在华为都用display不用show了。呵呵。楼主你留个邮箱给我。我这有配置指南发给你。收到后你采纳我的回答就好了。呵呵。如果还有更多想要的配置信息。联系我。我发给你。