HPE FlexNetwork MSR Series Comware 7 Layer 3 - Ip Services Configuration Manuals page 190

Configuration procedure
# Specify IP addresses for the interfaces on the router. (Details not shown.)
# Configure ACL 2000, and create a rule to permit packets only from subnet 192.168.1.0/24 to be
translated.
<Router> system-view
[Router] acl basic 2000
[Router-acl-ipv4-basic-2000] rule permit source 192.168.1.0 0.0.0.255
[Router-acl-ipv4-basic-2000] quit
# Configure NAT Server on interface GigabitEthernet 2/0/2 to map the IP address of the FTP server
to a public address, allowing external users to access the internal FTP server.
[Router] interface gigabitethernet 2/0/2
[Router-GigabitEthernet2/0/2] nat server protocol tcp global 202.38.1.2 inside
192.168.1.4 ftp
# Enable outbound NAT with Easy IP on interface GigabitEthernet 2/0/2 so that NAT translates the
source addresses of the packets from internal hosts into the IP address of interface GigabitEthernet
1/0/2.
[Router-GigabitEthernet2/0/2] nat outbound 2000
[Router-GigabitEthernet2/0/2] quit
# Enable NAT hairpin on interface GigabitEthernet 2/0/1.
[Router] interface gigabitethernet 2/0/1
[Router-GigabitEthernet2/0/1] nat hairpin enable
[Router-GigabitEthernet2/0/1] quit
Verifying the configuration
# Verify that both internal and external hosts can access the internal FTP server through the public
address. (Details not shown.)
# Display all NAT configuration and statistics.
[Router]display nat all
NAT outbound information:
Totally 1 NAT outbound rules.
Interface: GigabitEthernet2/0/2
ACL: 2000
NO-PAT: N
Config status: Active
NAT internal server information:
Totally 1 internal servers.
Interface: GigabitEthernet2/0/2
Protocol: 6(TCP)
Global IP/port: 202.38.1.2/21
Local IP/port : 192.168.1.4/21
Config status : Active
NAT logging:
Log enable
Flow-begin
Flow-end
Flow-active
Address group: ---
Reversible: N
: Disabled
: Disabled
: Disabled
: Disabled
176
Port-preserved: N