R0106-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V7)
147
<Router> system-view
[Router] acl number 2000
[Router-acl-basic-2000] rule permit source 192.168.1.0 0.0.0.255
[Router-acl-basic-2000] quit
# Configure NAT Server on interface GigabitEthernet 2/1/2 to map the IP address of the FTP server to
a NAT address, allowing external users to access the internal FTP server.
[Router] interface gigabitethernet 2/1/2
[Router-GigabitEthernet2/1/2] nat server protocol tcp global 202.38.1.2 inside
192.168.1.4 ftp
# Enable outbound NAT with Easy IP on interface GigabitEthernet 2/1/2 so that NAT translates the
source addresses of the packets from internal hosts into the IP address of interface GigabitEthernet
2/1/2.
[Router-GigabitEthernet2/1/2] nat outbound 2000
[Router-GigabitEthernet2/1/2] quit
# Enable NAT hairpin on interface GigabitEthernet 2/1/1.
[Router] interface gigabitethernet 2/1/1
[Router-GigabitEthernet2/1/1] nat hairpin enable
[Router-GigabitEthernet2/1/1] quit
Verifying the configuration
# Verify that both internal and external hosts can access the internal FTP server through the external
address. (Details not shown.)
# Display all NAT configuration and statistics.
[Router]display nat all
NAT outbound information:
There are 1 NAT outbound rules.
Interface: GigabitEthernet2/1/2
ACL: 2000 Address group: --- Port-preserved: N
NO-PAT: N Reversible: N
NAT internal server information:
There are 1 internal servers.
Interface: GigabitEthernet2/1/2
Protocol: 6(TCP)
Global IP/port: 202.38.1.2/21
Local IP/port: 192.168.1.4/21
NAT logging:
Log enable : Disabled
Flow-begin : Disabled
Flow-end : Disabled
Flow-active : Disabled
Port-block-assign : Disabled
Port-block-withdraw : Disabled
Alarm : Disabled
NAT hairpinning:
There are 1 interfaces enabled with NAT hairpinning.
Interface: GigabitEthernet2/1/1