Manualshelf

3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
81828384858687888990
86 CHAPTER 6: NAT CONFIGURATION
By default, NAT ALG is enabled.
Configuring Domain
Name Mapping
If the internal network does not have the DNS server, but does have several
different internal servers (such as FTP and WWW). Internal hosts want to use
different domain names to differentiate the servers and access them. You can use
this command to match the requirements.
Perform the following configuration in system view.
Up to 16 domain name mapping entries can be defined.
Configuring Address
Translation Lifetimes
Since the Hash table used by NAT will not exist forever, the user can configure the
lifetime of the Hash table for protocols such as TCP, UDP and ICMP respectively. If
the Hash table is not used in the set time, the connection as well as the table it
uses will be outdated.
For example, the user with the IP address 10.110.10.10 sets up an external TCP
connection using port 2000, and NAT assigned corresponding address and port
for it, but in a defined time, this TCP connection is not in use, the system will
delete this connection.
Perform the following configuration in the system view.
If the nat aging-time default command is configured, the default address
translation lifetime values of the system apply.
Following are the default address translation lifetime values for different protocols:
DNS: 60 seconds
FTP control link: 7,200 seconds
FTP data link: 240 seconds
Tabl e 80 Enable NAT ALG
Operation Command
Enable NAT ALG (application
level gateway)
nat alg { dns | ftp | h323 | ils | msn | nbt | pptp | sip }
Disable NAT ALG undo nat alg { dns | ftp | h323 | ils | msn | nbt | pptp | sip }
Tabl e 81 Configure domain name mapping
Operation Command
Configure a mapping entry from a domain
name to the external IP address, port number
and protocol type
nat dns-map domain-name global-addr
global-port [ tcp | udp ]
Remove the domain name mapping entry undo nat dns-map domain-name
Tabl e 82 Configure address translation lifetime values
Operation Command
Configure address translation
lifetime values.
nat aging-time { default | { dns | ftp-ctrl | ftp-data | icmp |
pptp | tcp | tcp-fin | tcp-syn | udp } seconds }