H3C MSR 2600 Configuration Manual page 157

Figure 58 Network diagram
Configuration considerations
This is a typical NAT hairpin application in C/S mode.
Configure NAT Server on the interface that connects the external network to make sure an external
•
host can access the internal FTP server by using a NAT address.
Enable NAT hairpin on the interface that connects the internal network to make sure internal hosts
•
can access the internal FTP server by using a NAT address. The destination address is translated by
matching the NAT Server configuration. The source address is translated by matching outbound
dynamic or static NAT configuration on the interface where NAT Server is configured. In this
example, the source address is translated by matching outbound dynamic NAT.
Configuration procedure
# Specify IP addresses for the interfaces. (Details not shown.)
# Configure ACL 2000, and create a rule to permit packets only from segment 192.168.1.0/24 to be
translated.
<Router> system-view
[Router] acl number 2000
[Router-acl-basic-2000] rule permit source 192.168.1.0 0.0.0.255
[Router-acl-basic-2000] quit
# Configure NAT Server on interface GigabitEthernet 1/2 to map the IP address of the FTP server to a
NAT address, allowing external users to access the internal FTP server.
[Router] interface gigabitethernet 1/2
[Router-GigabitEthernet1/2] nat server protocol tcp global 202.38.1.2 inside 192.168.1.4
ftp
# Enable outbound NAT with Easy IP on interface GigabitEthernet 1/2 so that NAT translates the source
addresses of the packets from internal hosts into the IP address of interface GigabitEthernet 1/2.
[Router-GigabitEthernet1/2] nat outbound 2000
[Router-GigabitEthernet1/2] quit
# Enable NAT hairpin on interface GigabitEthernet 1/1.
[Router] interface gigabitethernet 1/1
[Router-GigabitEthernet1/1] nat hairpin enable
[Router-GigabitEthernet1/1] quit
142