Nat Server For External-To-Internal Access Through Domain Name - H3C MSR 2600 Configuration Manual
Layer 3
Hide thumbs
Also See for MSR 2600:
- Installation manual (64 pages) ,
- Probe command reference (28 pages) ,
- Manual (45 pages)
Table of Contents
Advertisement
Interface(out): GigabitEthernet1/1
Initiator->Responder:
Responder->Initiator:
Total sessions found: 1
NAT Server for external-to-internal access through domain
name
Network requirements
As shown in
external users. A DNS server at 10.1 10.10.3/24 is used to resolve the domain name of the Web server.
The company has two public IP addresses: 202.38.1.2 and 202.38.1.3.
Configure NAT Server to allow external users to access the internal Web server by using the domain
name.
Figure 56 Network diagram
Configuration considerations
To make sure the external host can access the internal DNS server, configure the NAT Server feature
•
to map the internal IP address and port of the DNS server to an external address and port.
Enable DNS with ALG and configure outbound dynamic NAT to translate the internal IP address of
•
the Web server in the payload of the DNS response packet to an external IP address.
Configuration procedure
# Specify IP addresses for the interfaces. (Details not shown.)
# Enable NAT with ALG and with DNS.
<Router> system-view
[Router] nat alg dns
# Configure ACL 2000, and create a rule to permit packets only from 10.1 10.10.2 to pass through.
[Router] acl number 2000
[Router-acl-basic-2000] rule permit source 10.110.10.2 0
[Router-acl-basic-2000] quit
# Create address group 1.
[Router] nat address-group 1
Figure
56, Web server at 0.1 10.10.2/24 in the internal network provides services for
7 packets
308 bytes
5 packets
312 bytes
136
- Quick Links:
- Command Conventions
- Configuring Ip Addressing
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
