R3721-F3210-F3171-HP High-End Firewalls NAT and ALG Configuration Guide-6PW101
28
<Firewall> system-view
[Firewall] interface gigabitethernet 0/2
# Configure the internal FTP server.
[Firewall-GigabitEthernet0/2] nat server protocol tcp global 202.38.1.1 21 inside
10.110.10.3 ftp
# Configure the internal Web server 1.
[Firewall-GigabitEthernet0/2] nat server protocol tcp global 202.38.1.1 80 inside
10.110.10.1 www
# Configure the internal Web server 2.
[Firewall-GigabitEthernet0/2] nat server protocol tcp global 202.38.1.1 8080 inside
10.110.10.2 www
# Configure the internal SMTP server.
[Firewall-GigabitEthernet0/2] nat server protocol tcp global 202.38.1.1 smtp inside
10.110.10.4 smtp
[Firewall-GigabitEthernet0/2] quit
# Bind the NAT service interface 5/1 with GigabitEthernet 0/2.
[Firewall] interface nat 5/1
[Firewall-NAT5/1] nat binding interface gigabitethernet 0/2
[Firewall-NAT5/1] quit
NAT DNS mapping configuration example
Network requirements
As shown in Figure 27, a company provides Web and FTP services to external users, and uses internal IP
network segment 10.110.0.0/16. The IP addresses of the Web and FTP servers are 10.110.10.1/16 and
10.110.10.2/16 respectively. The company has three public addresses 202.38.1.1/24 through
202.38.1.3/24. The DNS server is at 202.38.1.4/24.
• The public IP address 202.38.1.2 is used to provide services to external users.
• External users can use the public address or domain name of internal servers to access them.
• Internal users can access the internal servers by using their domain names.
Figure 27 Network diagram
Configuration procedure
# As shown in Figure 27, configure the IP addresses for the interfaces. (Details not shown.)
# Enter the view of interface GigabitEthernet 0/2.
FTP server
10.110.10.2/16
Host A
10.110.10.3/16
Internet
GE0/1
10.110.10.10/16
GE0/2
202.38.1.1/24
Web server
10.110.10.1/16
DNS server
202.38.1.4/24
Host B
202.38.1.10/24
Firewall