Manualshelf

3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
281282283284285286287288289290
NAT Configuration Commands 287
Two address translation associations are configured at GigabitEthernet0/0.1: ACL
2011 is associated with address pool 1 and one-to-one address translation is
performed; and ACL 2022 is associated with address pool 2, and one-to-one
address translation is performed.
GgiabitEthernet0/0.1 is configured with 2 internal servers: the www server of
http://202.119.11.3:8080, whose internal address is 5.5.5.5; and the ftp server of
ftp://202.119.11.3:2121, whose internal address is 5.5.5.5.
# Display NAT information.
<SW8800> display nat session
There are currently 40001 NAT sessions:
Protocol GlobalAddr Port InsideAddr Port DestAddr Port
- 192.168.100.10 --- 192.168.1.5 --- --- ---
status: NOPAT, TTL: 00:04:00, Left: 00:04:00
6 192.168.100.10 1024 192.168.1.5 1024 192.168.100.1 1025
status: NOPAT, TTL: 00:01:00, Left: 00:00:59
6 192.168.100.10 2048 192.168.1.5 2048 192.168.100.1 2049
status: NOPAT, TTL: 00:01:00, Left: 00:01:00
6 192.168.100.10 1025 192.168.1.5 1025 192.168.100.1 1026
status: NOPAT, TTL: 00:01:00, Left: 00:00:59
n
In No-PAT address translation, when you use the display nat session command
to display NAT entries, you can see that multiple No-PAT entries correspond to
multiple connection translations initiated by each internal network address, as
shown above. This ensures that only the connections initiated from the internal
network to the external network will be translated and no connection initiated
from the external network will be translated, thereby enhancing network security.
nat address-group Syntax
nat address-group group-number start-addr end-addr
undo nat address-group group-number
View
System view
Parameter
group-number: Address pool number, an integer ranging from 0 to 31.
start-addr: Starting IP address in the address pool.
end-addr: Ending IP address in the address pool.
Description
Use the nat address-group command to configure an address pool.
Use the undo nat address-group command to delete an IP address pool.
Address pool indicates the cluster of some outside IP addresses. If start-addr and
end-addr are the same, it means that there is only one address.