4000 Router Series Layer 3 - IP Services Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

161

162

163

164

165

166

167

168

169

170

158

The number of the nat server commands that can be configured on an interface depends on the device

model. The number of internal servers that each command can define equals the difference between

global-port2 and global-port1. You can configure a maximum of 4096 internal servers on an interface.

The system allows you to configure a maximum of 1024 internal servers.

When the protocol type is not udp (protocol number 17) or tcp (protocol number 6), you can configure

only one-to-one IP address mapping.

If one of the two arguments global-port and local-port is set to 0, the other must also be 0 or remain

undefined.

The mapping between the protocol type, external address, and external port number must be unique for

an internal server on an interface.

If the IP address of an interface used by Easy IP changes and conflicts with the IP address of an internal

server not using Easy IP, the Easy IP configuration becomes invalid. If the conflicted address is modified

to an unconflicted address or the internal server configuration without Easy IP is removed, the Easy IP

configuration takes effect.

Examples

# Allow external users to access the internal Web server at 10.110.10.10 on the LAN through

http://202.110.10.10:8080.

<Sysname> system-view

[Sysname] interface ethernet 1/1

[Sysname-Ethernet1/1] nat server protocol tcp global 202.110.10.10 8080 inside

10.110.10.10 www

# Allow external users to access the internal FTP server at 10.110.10.11 in MPLS VPN vrf10 through

ftp://202.110.10.10.

[Sysname] interface ethernet 1/1

[Sysname-Ethernet1/1] nat server protocol tcp global 202.110.10.10 21 inside 10.110.10.11

vpn-instance vrf10

# Allow external hosts to ping the host at 10.110.10.12 in VPN vrf10 by using the ping 202.110.10.11

command.

<Sysname> system-view

[Sysname] interface ethernet 1/1

[Sysname-Ethernet1/1] nat server protocol icmp global 202.110.10.11 inside 10.110.10.12

vpn-instance vrf10

# Allow external hosts to access the Telnet services of internal servers at 10.110.10.1 to 10.110.10.100 in

MPLS VPN vrf10 through the public address 202.110.10.10 and port numbers from 1001 to 1100. As a

result, a user can Telnet to 202.110.10.10:1001 to access 10.110.10.1, Telnet to 202.110.10.10:1002 to

access 10.110.10.2, and so on.

<Sysname> system-view

[Sysname] interface ethernet 1/1

[Sysname-Ethernet1/1] nat server protocol tcp global 202.110.10.10 1001 1100 inside

10.110.10.1 10.110.10.100 telnet vpn-instance vrf10

Related commands

• nat server-group

• display nat all

• display nat server