F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices NAT and ALG Configuration Guide-6PW100
Table Of Contents
- Title Page
- Table of Contents
- Configuring NAT
- Overview
- Configuration guidelines
- Configuring NAT in the Web interface
- Recommended configuration procedure
- Creating an address pool
- Configuring dynamic NAT on an interface
- Creating a static address mapping
- Enabling static NAT on an interface
- Configuring an internal server
- Configuring ACL-based NAT on the internal server
- Configuring DNS mapping
- NAT configuration example
- Internal server configuration example
- Configuring NAT at the CLI
- NAT configuration task list
- Configuring static NAT
- Configuring dynamic NAT
- Configuring an internal server
- Configuring ACL-based NAT on an internal server
- Configuring DNS mapping
- Displaying and maintaining NAT
- One-to-one static NAT configuration example
- Dynamic NAT configuration example
- Common internal server configuration example
- NAT DNS mapping configuration example
- Troubleshooting NAT
- Configuring NAT-PT
- Feature and hardware compatibility
- Overview
- NAT-PT configuration task list
- Configuration prerequisites
- Enabling NAT-PT
- Configuring a NAT-PT prefix
- Configuring IPv4/IPv6 address mappings on the IPv6 side
- Configuring IPv4/IPv6 address mappings on the IPv4 side
- Setting the ToS field after NAT-PT translation
- Setting the traffic class field after NAT-PT translation
- Configuring static NAPT-PT mappings of IPv6 servers
- Displaying and maintaining NAT-PT
- NAT-PT configuration examples
- Troubleshooting NAT-PT
- NAT444
- Configuring ALG
- Support and other resources
- Index
42
Ste
p
Command
Remarks
2. Set the Traffic Class field
in IPv6 packets translated
from IPv4 packets to 0.
natpt turn-off traffic-class
By default, the value of the Traffic Class field of
IPv6 packets is the same as that of the ToS field
in corresponding IPv4 packets.
21B
Configuring static NAPT-PT mappings of IPv6
servers
Generally, a server such as the FTP server, Web server, or Telnet server on an IPv6 network provides
services for IPv6 hosts only. To allow IPv4 hosts to access the IPv6 server, you can specify a static NAPT-PT
mapping between the IPv6 address plus the port number and the IPv4 address plus the port number of
the IPv6 server.
Upon receiving an access request to an IPv6 server from an IPv4 host, the NAT-PT device checks the
destination address and port number of the packet against the static address/port mapping of the IPv6
server. If they match, the device translates the source IPv4 address of the packet into the corresponding
IPv6 address according to the IPv4/IPv6 address mapping on the IPv4 side, and translates the
destination IPv4 address and port number in the request to the corresponding IPv6 address and port
number according to the static address/port mapping of the IPv6 server.
When you configure a static address/port mapping of an IPv6 server, specify the following:
• Protocol type—The type of the transport layer protocol used by the server. It can be TCP or UDP.
• IPv4 address and port number of the server—Used by IPv4 hosts to access the server.
• IPv6 address and port number of the server.
To configure a static NAPT-PT mapping for an IPv6 server:
Ste
p
Command
1. Enter system view.
system-view
2. Configure a static address and port
number mapping for an IPv6 server.
natpt v4bound static v6server protocol protocol-type
ipv4-address ipv4-port-number ipv6-address ipv6-port-number
22B
Displaying and maintaining NAT-PT
Task Command
Remarks
Display all NAT-PT configuration
information.
display natpt all [ | { begin | exclude |
include } regular-expression ]
Available in any view.
Display NAT-PT address pool
configuration information.
display natpt address-group [ | { begin
| exclude | include }
regular-expression ]
Available in any view.
Display the static and dynamic NAT-PT
address mappings.
display natpt address-mapping [ |
{ begin | exclude | include }
regular-expression ]
Available in any view.
Display NAT-PT statistics information.
display natpt statistics [ | { begin |
exclude | include } regular-expression ]
Available in any view.