No relevant resource is found in the selected language.
Enterprise
Worldwide
Huawei Global - English
Support Documentation
NE20E-S V800R011C10 Configuration Guide - IPv6 Transition 02
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring NAT and an Internal FTP Server

Example for Configuring NAT and an Internal FTP Server

This section provides an example for configuring NAT device performs the NAT function to help PCs within an enterprise network access the Internet. The enterprise network provides FTP services for users on the Internet.

Networking Requirements

In Figure 2-9, NAT-Device performs the NAT function to help PCs within an enterprise network access the Internet. The enterprise network provides FTP services for users on the Internet.

NAT-Device uses GE 0/2/0 to connect to the enterprise network and GE 0/2/1 to the Internet. The network segment IP address assigned to the enterprise is 192.168.0.0/16. An FTP server with IP address 192.168.10.10/24 provides FTP services for hosts on the Internet. Five public IP addresses of 11.1.1.101/24 through 11.1.1.105/24 are assigned to the enterprise. The peer device connected to NAT-Device is assigned an IP address of 1.1.1.2.

Figure 2-9 shows IP addresses of interfaces. The configuration requirements are as follows:
  • PCs only on the network segment of 192.168.10.0/24 can access the Internet.
  • PCs on the Internet can access the server inside the enterprise network.
Figure 2-9 Configuring NAT and an internal server

Interfaces 1 and 2 in this example represent GE 0/2/0 and GE 0/2/1, respectively.



Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure basic NAT functions.
  2. Configure an internal server.
  3. Enable the FTP ALG function.
  4. Configure a NAT distribution policy.
  5. Apply the NAT distribution policy.
  6. Configure static routes.

Data Preparation

To complete the configuration, you need the following data:

  • NAT instance name (nat1) and index (1)
  • NAT-Device's NAT address pool name (address-group1), address pool number (1), a range of public IP addresses (11.1.1.102 through 11.1.1.105)
  • ACL number (3001)
  • Name (GE 0/2/1) and IP address (1.1.1.1/24) of an interface to which a NAT distribution policy is applied
  • Internal server's private IP address (192.168.10.10) and public IP address (11.1.1.101)

Procedure

  1. Configure basic NAT functions.
    1. Create a NAT instance named nat1.

      <HUAWEI> system-view
[~HUAWEI] sysname NAT-Device
[*HUAWEI] commit
[~NAT-Device] nat instance nat1 id 1 simple-configuration
[*NAT-Device-nat-instance-nat1] commit
[~NAT-Device-nat-instance-nat1] quit

    2. Configure a NAT address pool and specify a range of IP addresses 11.1.1.102 through 11.1.1.105 in the pool.

      [~NAT-Device] nat address-group address-group1 group-id 1 11.1.1.102 11.1.1.105
[*NAT-Device] commit

  2. Configure an internal server with a private IP address of 192.168.10.10 and a public IP address of 11.1.1.101.

    [*NAT-Device] nat server global 11.1.1.101 inside 192.168.10.10
[*NAT-Device] commit

  3. Enable the FTP ALG function.

    [~NAT-Device] nat instance nat1
[~NAT-Device-nat-instance-nat1] nat alg ftp  
[*NAT-Device-nat-instance-nat1] commit 
[~NAT-Device-nat-instance-nat1] quit

  4. Configure a NAT distribution policy. Configure an ACL numbered 3001, an ACL rule numbered 1, and an ACL-based traffic classification rule to allow hosts only with a network segment address of 192.168.10.0/24 to access the Internet.

    [~NAT-Device] acl 3001
[*NAT-Device-acl4-advance-3001] rule 1 permit ip source 192.168.10.0 0.0.0.255
[*NAT-Device-acl4-advance-3001] commit
[~NAT-Device-acl4-advance-3001] quit

  5. Apply the NAT distribution policy. Apply the ACL-based traffic classification rule to the view of the outbound interface named GE 0/2/1.

    [~NAT-Device] interface gigabitEthernet 0/2/1
[~NAT-Device-GigabitEthernet0/2/1] ip address 1.1.1.1 24
[*NAT-Device-GigabitEthernet0/2/1] nat bind acl 3001 instance nat1
[*NAT-Device-GigabitEthernet0/2/1] commit
[~NAT-Device-GigabitEthernet0/2/1] quit

  6. Configure a default route as a static route and set the next hop address of the default route to 1.1.1.2.

    [~NAT-Device] ip route-static 0.0.0.0 0.0.0.0 1.1.1.2
[*NAT-Device] commit

  7. Verify the configuration.

    # Run the display nat server-map command to view server-map entries of all users.

    [~NAT-Device] display nat server-map
This operation will take a few minutes. Press 'Ctrl+C' to break ...              
Slot: 9 
Total number:  2.
  NAT Instance: nat1                                                                                                                  
  Protocol:ANY, VPN:--->-                                                                                                           
  Server:192.168.10.10[11.1.1.101]->ANY                                                                                                  
  Tag:0x0, TTL:-, Left-Time:-                                                                                                       
  CPE IP:192.168.10.10                                                                                                                  
                                                                                                                                    
  NAT Instance: nat1                                                                                                                  
  Protocol:ANY, VPN:--->-                                                                                                           
  Server reverse:ANY->11.1.1.101[192.168.10.10]                                                                                          
  Tag:0x0, TTL:-, Left-Time:-                                                                                                       
  CPE IP:192.168.10.10

NAT-Device Configuration File

# 
sysname NAT-Device 
# 
nat instance nat1 id 1             
#
nat address-group address-group1 group-id 1 11.1.1.102 11.1.1.105
#
nat server global 11.1.1.101 inside 192.168.10.10      
# 
nat instance nat1
 nat alg ftp
#
acl number 3001 
 rule 1 permit ip source 192.168.10.0 0.0.0.255
# 
interface GigabitEthernet 0/2/1 
 undo shutdown 
 ip address 1.1.1.1 255.255.255.0 
 nat bind acl 3001 instance nat1 
#
ip route-static 0.0.0.0 0.0.0.0 1.1.1.2
#
return
Download
Updated: 2020-02-07

Document ID: EDOC1100125510

Views: 29286

Downloads: 18

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next
Huawei e+ App Huawei e+

Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :