F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices NAT and ALG Configuration Guide-6PW100
Table Of Contents
- Title Page
- Table of Contents
- Configuring NAT
- Overview
- Configuration guidelines
- Configuring NAT in the Web interface
- Recommended configuration procedure
- Creating an address pool
- Configuring dynamic NAT on an interface
- Creating a static address mapping
- Enabling static NAT on an interface
- Configuring an internal server
- Configuring ACL-based NAT on the internal server
- Configuring DNS mapping
- NAT configuration example
- Internal server configuration example
- Configuring NAT at the CLI
- NAT configuration task list
- Configuring static NAT
- Configuring dynamic NAT
- Configuring an internal server
- Configuring ACL-based NAT on an internal server
- Configuring DNS mapping
- Displaying and maintaining NAT
- One-to-one static NAT configuration example
- Dynamic NAT configuration example
- Common internal server configuration example
- NAT DNS mapping configuration example
- Troubleshooting NAT
- Configuring NAT-PT
- Feature and hardware compatibility
- Overview
- NAT-PT configuration task list
- Configuration prerequisites
- Enabling NAT-PT
- Configuring a NAT-PT prefix
- Configuring IPv4/IPv6 address mappings on the IPv6 side
- Configuring IPv4/IPv6 address mappings on the IPv4 side
- Setting the ToS field after NAT-PT translation
- Setting the traffic class field after NAT-PT translation
- Configuring static NAPT-PT mappings of IPv6 servers
- Displaying and maintaining NAT-PT
- NAT-PT configuration examples
- Troubleshooting NAT-PT
- NAT444
- Configuring ALG
- Support and other resources
- Index
31
# Associate address pool 1 and ACL 2001 with the outbound interface GigabitEthernet 0/2.
• No-PAT
[Firewall] interface gigabitethernet 0/2
[Firewall-GigabitEthernet0/2] nat outbound 2001 address-group 1 no-pat
[Firewall-GigabitEthernet0/2] quit
• NAPT
[Firewall] interface gigabitethernet 0/2
[Firewall-GigabitEthernet0/2] nat outbound 2001 address-group 1
[Firewall-GigabitEthernet0/2] quit
64BCommon internal server configuration example
131BNetwork requirements
As shown in 256HFigure 28, a company provides two Web servers, one FTP server, and one SMTP server for
external users to access. The internal network address is 10.110.0.0/16. The internal address for the FTP
server is 10.110.10.3/16, for Web server 1 is 10.110.10.1/16, for Web server 2 is 10.110.10.2/16, and
for the SMTP server is 10.110.10.4/16. The company has three public IP addresses ranging from
202.38.1.1/24 to 202.38.1.3/24. Specifically, the company has the following requirements:
• External hosts can access internal servers with public address 202.38.1.1/24.
• Port 8080 is used for Web server 2.
Figure 28 Network diagram
132BConfiguration procedure
# As shown in 257HFigure 28, configure the IP addresses for the interfaces. (Details not shown.)
# Enter interface GigabitEthernet 0/2 view.
<Firewall> system-view
[Firewall] interface gigabitethernet 0/2
# Configure the internal FTP server.
[Firewall-GigabitEthernet0/2] nat server protocol tcp global 202.38.1.1 21 inside
10.110.10.3 ftp
# Configure the internal Web server 1.
[Firewall-GigabitEthernet0/2] nat server protocol tcp global 202.38.1.1 80 inside
10.110.10.1 www
# Configure the internal Web server 2.
FTP server
10.110.10.3/16
Web server 1
10.110.10.1/16
Web server 2
10.110.10.2/16
SMTP server
10.110.10.4/16
Host
Internet
GE0/1
10.110.10.10/16
GE0/2
202.38.1.1/24
Firewall