华三路由器NAT配置

本文详细介绍了H3C路由器的NAT配置，包括Basic NAT（一对一转换）、NAPT（一对多转换）和Easy IP配置。还讨论了公网主动访问私网所需的NAT Server配置，以及当公网地址不属于路由器接口地址网段时的静态路由设置问题。

一、基础配置

R1：

<H3C>sys
System View: return to User View with Ctrl+Z.
[H3C]sysn R1
[R1]int g0/0
[R1-GigabitEthernet0/0]ip add 192.168.1.254 24
[R1-GigabitEthernet0/0]undo sh
[R1-GigabitEthernet0/0]int g0/1
[R1-GigabitEthernet0/1]ip add 100.1.1.1 24
[R1-GigabitEthernet0/1]undo sh
[R1-GigabitEthernet0/1]

R2：

<H3C>sys
System View: return to User View with Ctrl+Z.
[H3C]sysn R2
[R2]int g0/1
[R2-GigabitEthernet0/1]ip add 100.1.1.2 24
[R2-GigabitEthernet0/1]int g0/2
[R2-GigabitEthernet0/2]ip add 100.2.1.1 24
[R2-GigabitEthernet0/2]qu
[R2]

二、R1配置默认路由

[R1]ip route-static 0.0.0.0 0 100.1.1.2

三、Basic Nat转换（一对一转换）

R1：

[R1]acl basic 2000
[R1-acl-ipv4-basic-2000]rule 1 permit source 192.168.1.0 0.0.0.255
[R1-acl-ipv4-basic-2000]qu

[R1]nat address-group 1
[R1-address-group-1]address 100.1.1.10 100.1.1.20
[R1-address-group-1]int g0/1
[R1-GigabitEthernet0/1]nat outbound 2000 address-group 1 no-pat //静态一对一转换
[R1-GigabitEthernet0/1]qu
四、NAPT（一对多转换）

[R1]undo nat address-group 1
[R1]int g0/1
R1-GigabitEthernet0/1]undo nat outbound 2000
R1-GigabitEthernet0/1]qu
R1]nat address-group 1
R1-address-group-1]address 100.1.1.10 100.1.1.10
[R1-address-group-1]int g0/1
R1-GigabitEthernet0/1]nat outbound 2000 address-group 1 //不带no-pat表示端口转换
[R1-GigabitEthernet0/1]qu
五、Easy IP配置

[R1]int g0/1
[R1-GigabitEthernet0/1]undo nat outbound 2000
[R1-GigabitEthernet0/1]nat outbound 2000
[R1-GigabitEthernet0/1]qu
//不需要地址池。私有网络转换公网地址，就是G0/1是公网地址。

六、NAT Server

[R1]int g0/1
[R1-GigabitEthernet0/1]nat server global 100.1.1.10 inside 192.168.1.1

//为PCA绑定一个公网IP地址：100.1.1.10
[R1-GigabitEthernet0/1]nat server protocol tcp global 100.1.1.11 inside 192.168.
1.1

//绑定公网IP，为公网提供其他服务。比如FTP、WWW等
[R1-GigabitEthernet0/1]qu