F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices NAT and ALG Configuration Guide-6PW100
Table Of Contents
- Title Page
- Table of Contents
- Configuring NAT
- Overview
- Configuration guidelines
- Configuring NAT in the Web interface
- Recommended configuration procedure
- Creating an address pool
- Configuring dynamic NAT on an interface
- Creating a static address mapping
- Enabling static NAT on an interface
- Configuring an internal server
- Configuring ACL-based NAT on the internal server
- Configuring DNS mapping
- NAT configuration example
- Internal server configuration example
- Configuring NAT at the CLI
- NAT configuration task list
- Configuring static NAT
- Configuring dynamic NAT
- Configuring an internal server
- Configuring ACL-based NAT on an internal server
- Configuring DNS mapping
- Displaying and maintaining NAT
- One-to-one static NAT configuration example
- Dynamic NAT configuration example
- Common internal server configuration example
- NAT DNS mapping configuration example
- Troubleshooting NAT
- Configuring NAT-PT
- Feature and hardware compatibility
- Overview
- NAT-PT configuration task list
- Configuration prerequisites
- Enabling NAT-PT
- Configuring a NAT-PT prefix
- Configuring IPv4/IPv6 address mappings on the IPv6 side
- Configuring IPv4/IPv6 address mappings on the IPv4 side
- Setting the ToS field after NAT-PT translation
- Setting the traffic class field after NAT-PT translation
- Configuring static NAPT-PT mappings of IPv6 servers
- Displaying and maintaining NAT-PT
- NAT-PT configuration examples
- Troubleshooting NAT-PT
- NAT444
- Configuring ALG
- Support and other resources
- Index
32
[Firewall-GigabitEthernet0/2] nat server protocol tcp global 202.38.1.1 8080 inside
10.110.10.2 www
# Configure the internal SMTP server.
[Firewall-GigabitEthernet0/2] nat server protocol tcp global 202.38.1.1 smtp inside
10.110.10.4 smtp
[Firewall-GigabitEthernet0/2] quit
65BNAT DNS mapping configuration example
133BNetwork requirements
As shown in 258HFigure 29, a company provides Web and FTP services to external users, and uses internal
IP network segment 10.110.0.0/16. The IP addresses of the Web and FTP servers are 10.110.10.1/16 and
10.110.10.2/16, respectively. The company has three public addresses 202.38.1.1/24 through
202.38.1.3/24. The DNS server is at 202.38.1.4/24.
• The public IP address 202.38.1.2 is used to provide services to external users.
• External users can use the public address or domain name of internal servers to access them.
• Internal users can access the internal servers by using their domain names.
Figure 29 Network diagram
134BConfiguration procedure
# As shown in 259HFigure 29, configure the IP addresses for the interfaces. (Details not shown.)
# Enter the view of interface GigabitEthernet 0/2.
<Firewall> system-view
[Firewall] interface gigabitethernet 0/2
# Configure the internal Web server.
[Firewall-GigabitEthernet0/2] nat server protocol tcp global 202.38.1.2 inside
10.110.10.1 www
# Configure the internal FTP server.
[Firewall-GigabitEthernet0/2] nat server protocol tcp global 202.38.1.2 inside
10.110.10.2 ftp
[Firewall-GigabitEthernet0/2] quit
# Configure two DNS mapping entries: map the domain name www.server.com of the Web server to
202.38.1.2, and ftp.server.com of the FTP server to 202.38.1.2.
[Firewall] nat dns-map domain www.server.com protocol tcp ip 202.38.1.2 port www
[Firewall] nat dns-map domain ftp.server.com protocol tcp ip 202.38.1.2 port ftp
FTP server
10.110.10.2/16
Host A
10.110.10.3/16
Internet
GE0/1
10.110.10.10/16
GE0/2
202.38.1.1/24
Web server
10.110.10.1/16
DNS server
202.38.1.4/24
Host B
202.38.1.10/24
Firewall