How NAT Works
Cisco IOS Network Address Translation Overview
Using NAT in Overlapping Networks
(1) Static NAT – 1 對 1 IP對照NAT轉換
譬如 IP 位址192.168.32.10 將總是對照 213.18.123.110
(2) Dynamic NAT - 同樣建立1 對 1 IP 對照,但會先使用有用的Pool,動態對照~
IP 位址 192.168.32.10 將從IP範圍 213.18.123.100 ~ 213.18.123.150 取的可用的IP 位址
(3) Overloading –未經授權的IP位址,使用不同的Port number 動態的對應到單一個已授權的 IP 位址(Public IP address) ,也是所謂的 PAT (Port Address Translation), single address NAT or port-level multiplexed NAT.
在 overloading這範例, 每個電腦使用私有的IP位址 (private IP address),使用不同的Port number 轉換成同一個IP 位址 (213.18.123.100) 
(4) Overlapping - 主要用於兩個intranet的互連,運用於兩個已有的網段內 (譬如同公司的兩個public網段)
The internal IP range (237.16.32.xx) is also a registered range used by another network. Therefore, the router is translating the addresses to avoid a potential conflict with another network. It will also translate the registered global IP addresses back to the unregistered local IP addresses when information is sent to the internal network:
NAT的幾個相關概念 (對面那邊翻譯的好奇怪,還需要整理一下):
Inside Local IP address: 指定於內部網路的主機位址址,全局唯一,但為私有地址。
Inside Global IP address: 代表一個或更多內部IP到外部世界的合法IP。
Outside Global IP address: 外部網路主機的合法IP。
Outside Local IP address: 外部網路的主機地址,看起來是內部網路的,私有地址。
NAT 範例: (動態NAT)
| (1) | ip nat pool sale_pool 192.168.1.1 192.168.2.254 prefix-length 24 ip nat pool sale_pool 192.168.2.1 192.168.3.254 prefix-length 24 ! |
| (3) | ip nat inside source list 2 pool sale_pool ip nat inside source list 3 pool acct_pool ! |
| (4) | interface Ethernet 0 ip address 10.1.1.1 255.255.255.0 ip nat inside ! |
| (5) | interface Serial 0 ip address 172.16.2.1 255.255.255.0 ip nat outside ! |
| (2) | access-list 2 permit 10.1.2.0 0.0.0.255 access-list 3 permit 10.1.3.0 0.0.0.255 |
ip nat pool sale_pool 192.168.1.1 192.168.1.254 prefix-length 24
ip nat pool acct_pool 192.168.2.1 192.168.2.254 prefix-length 24
!
ip nat inside source route-map what_is_sales_doing pool sales_pool
ip nat inside source route-map what_is_acct_doing pool acct_pool
!
interface ethernet 0
ip address 10.1.1.1 255.255.255.0
ip nat inside
!
interface serial 0
ip address 172.16.2.1 255.255.255.0
ip nat outside
!
route-map what_is_sales_doing permit 10
match ip address 2
!
route-map what_is_acct_doing permit 10
match ip address 3
access-list 2 permit 10.1.2.0 0.0.0.255
access-list 3 permit 10.1.3.0 0.0.0.255
Verifying NAT
Router# show ip nat translation
沒有留言:
張貼留言