F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices NAT and ALG Configuration Guide-6PW100
Table Of Contents
- Title Page
- Table of Contents
- Configuring NAT
- Overview
- Configuration guidelines
- Configuring NAT in the Web interface
- Recommended configuration procedure
- Creating an address pool
- Configuring dynamic NAT on an interface
- Creating a static address mapping
- Enabling static NAT on an interface
- Configuring an internal server
- Configuring ACL-based NAT on the internal server
- Configuring DNS mapping
- NAT configuration example
- Internal server configuration example
- Configuring NAT at the CLI
- NAT configuration task list
- Configuring static NAT
- Configuring dynamic NAT
- Configuring an internal server
- Configuring ACL-based NAT on an internal server
- Configuring DNS mapping
- Displaying and maintaining NAT
- One-to-one static NAT configuration example
- Dynamic NAT configuration example
- Common internal server configuration example
- NAT DNS mapping configuration example
- Troubleshooting NAT
- Configuring NAT-PT
- Feature and hardware compatibility
- Overview
- NAT-PT configuration task list
- Configuration prerequisites
- Enabling NAT-PT
- Configuring a NAT-PT prefix
- Configuring IPv4/IPv6 address mappings on the IPv6 side
- Configuring IPv4/IPv6 address mappings on the IPv4 side
- Setting the ToS field after NAT-PT translation
- Setting the traffic class field after NAT-PT translation
- Configuring static NAPT-PT mappings of IPv6 servers
- Displaying and maintaining NAT-PT
- NAT-PT configuration examples
- Troubleshooting NAT-PT
- NAT444
- Configuring ALG
- Support and other resources
- Index
27
Ste
p
Command
1. Enter system view. system-view
2. Enter interface view.
interface interface-type interface-number
3. Configure No-PAT by associating an ACL with an
IP address pool on the outbound interface for
translating only IP addresses.
nat outbound [ acl-number ] address-group
group-number [ vpn-instance vpn-instance-name ]
no-pat [ track vrrp virtual-router-id ]
125BConfiguring NAPT
With a specific ACL associated with an address pool or interface address, NAPT translates the source
address of a packet permitted by the ACL into an IP address of the address pool or the interface address,
with using the port information.
To configure NAPT:
Ste
p
Command
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Configure NAPT by associating an ACL with an IP
address pool on the outbound interface for
translating both IP address and port number.
nat outbound [ acl-number ] [ address-group
group-number [ vpn-instance vpn-instance-name ] ]
[ track vrrp virtual-router-id ]
58BConfiguring an internal server
To configure an internal server, you need to map an external IP address and port number to the internal
server. This is done through executing the nat server command on an interface.
Internal server configurations include external network information (external IP address global-address
and external port number global-port), internal network information (internal IP address local-address
and internal port number local-port), and internal server protocol type.
126BConfiguring a common internal server
After mapping the internal IP address/port number (local-address and local-port) of a common internal
server to an external IP address/port number (global-address and global-port), hosts in external
networks can access the server located in the internal network.
The device supports using the interface address as the external address of an internal server, which is the
Easy IP feature. If you want to specify an interface, the interface must be a loopback interface and must
already exist.
If you configure an internal server using Easy IP but do not configure an IP address for the interface, the
internal server configuration does not take effect.
To configure a common internal server (1):
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type interface-number N/A