3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide
NAT Configuration 85
Configuring Internal
Server
By configuring internal server, the related external address and port can be
mapped into the internal server, thus enabling the function of external network
accessing the internal server.
The mapping table for internal server and external network is configured by the
nat server command.
The information user needs to provide includes external address, external port,
internal server address, internal server port and the protocol type of the service.
Perform the following configuration in the interface view.
n
■ While either of global-port and inside-port is defined as "any", the other one
must either be defined as "any" or not be defined.
■ TFTP is a special protocol; therefore, make sure you configure the
corresponding nat outbound command on the internal TFTP server when you
configure NAT Server for the TFTP server.
Enabling NAT ALG Perform the following configuration in system view.
Tab le 77 Configure NAPT
Operation Command
Add association for access control list and
address pool
nat outbound acl-number [ address-group
group-number ]
Delete association for access control list and
address pool
undo nat outbound acl-number [
address-group group-number ]
Tab le 78 Configure Overlap Address
Operation Command
Configure the mapping from the
overlap address pool to the
temporary address pool
nat overlapaddress number overlappool-startaddress
temppool-startaddress { pool-length pool-length |
address-mask mask }
Remove the mapping from the
overlap address pool to the
temporary address pool
undo nat overlapaddress number
Tab le 79 Configure internal server
Operation Command
Add an internal server
nat server [ acl-number ] protocol pro-type global
global-addr [ global-port ] inside host-addr [ host-port ]
nat server [ acl-number ] protocol pro-type global
global-addr global-port 1 global-port2 inside host-addr1
host-addr2 host-port
Delete an internal server
undo nat server [ acl-number ] protocol pro-type global
global-addr [ global-port ] inside host-addr [ host-port ]
undo nat server [ acl-number ] protocol pro-type global
global-addr global-port1 global-port2 inside host-addr1
host-addr2 host-port