Nat With Dns Mapping Configuration Example - HPE FlexNetwork HSR6800 Configuration Manual
Comware 7 layer 3, ip services
Hide thumbs
Also See for FlexNetwork HSR6800:
- Security command reference (538 pages) ,
- Configuration manual (482 pages) ,
- Command reference manual (153 pages)
Table of Contents
Advertisement
NAT with DNS mapping configuration example
Network requirements
As shown in
provide services for external user. The company has three public addresses 202.38.1.1 through
202.38.1.3. The DNS server at 202.38.1.4 is on the external network.
Configure NAT so that:
•
The public IP address 202.38.1.2 is used by external users to access the Web and FTP servers.
•
External users can use the public address or domain name of internal servers to access them.
•
Internal users can access the internal servers by using their domain names.
Figure 67 Network diagram
10.110.10.2/16
Web server
Host A
10.110.10.3/16
Requirements analysis
To meet the network requirements, perform the following tasks:
•
Configure NAT Server by mapping the public IP addresses and port numbers of the internal
servers to a public address and port numbers so that external users can access the internal
servers.
•
Configure NAT with DNS mapping and ALG so that the public IP address of the internal server
in the payload of the DNS response packet can be translated to the private IP address.
Configuration procedure
# Specify IP addresses for the interfaces on the router. (Details not shown.)
# Enable NAT with ALG for DNS.
<Router> system-view
[Router] nat alg dns
# Enter interface view of GigabitEthernet 2/1/2.
[Router] interface gigabitethernet 2/1/2
# Configure NAT Server to allow external hosts to access the internal Web server by using the
address 202.38.1.2.
[Router-GigabitEthernet2/1/2] nat server protocol tcp global 202.38.1.2 inside
10.110.10.1 http
# Configure NAT Server to allow external hosts to access the internal FTP server by using the
address 202.38.1.2.
[Router-GigabitEthernet2/1/2] nat server protocol tcp global 202.38.1.2 inside
10.110.10.2 ftp
# Enable outbound NAT with Easy IP on interface GigabitEthernet 2/1/2.
[Router-GigabitEthernet2/1/2] nat outbound
Figure
67, the internal Web server at 10.110.10.1/16 and FTP server at 10.110.10.2/16
10.110.10.2/16
FTP server
GE2/1/1
10.110.10.10/16
GE2/1/2
202.38.1.1/24
Internet
Router
162
202.38.1.4/24
DNS server
Host B
202.38.1.10/24
Advertisement
Table of Contents
Troubleshooting
