Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Internal NAT Server
Procedure
- Run system-view
The system view is displayed.
- Run interface interface-type interface-number [ .subnumber ]
The interface view or sub-interface view is displayed.
- Run either of the following commands to configure an internal
NAT server:
- nat server protocol { tcp | udp } global { global-address | current-interface | interface interface-type interface-number [ .subnumber ] } global-port [ global-port2 ] [ vrrp vrrpid ] inside host-address [ host-address2 ] [ host-port ] [ vpn-instance vpn-instance-name ] [ acl acl-number ] [ description description ]
- nat server [ protocol { protocol-number | icmp | tcp | udp } ] global { global-address | current-interface | interface interface-type interface-number [ .subnumber ] } [ vrrp vrrpid ] inside host-address [ vpn-instance vpn-instance-name ] [ acl acl-number ] [ description description ]
- When configuring an internal NAT server, ensure that global-address and host-address are different from IP addresses of ports and IP addresses in the user address pool.
- You can use the IP address of current-interface or loopback as the internal server's IP address.
- The undo nat server command does not delete mapping entries immediately. You can run the reset nat session command to delete mapping entries.
- Compared with static NAT, NAT Server translates only the IP address, but not the port number, when the private network initiatively accesses the public network.
- When you configure one-to-one NAT Server that borrows an interface IP address (no interface number is specified and the IP address is mapped to a private network address), other services enabled on the interface may become unavailable. Confirm your action before performing the configuration. If you want to enable other applications on the interface, add an ACL rule after the configuration to filter out the number of the interface on which the applications are enabled.