H3C MSR 2600 Configuration Manual page 160

Configuration procedure
# Specify IP addresses for the interfaces. (Details not shown.)
# Configure ACL 2000, and create a rule to permit packets only from segment 192.168.1.0/24 to be
translated.
<Router> system-view
[Router] acl number 2000
[Router-acl-basic-2000] rule permit source 192.168.1.0 0.0.0.255
[Router-acl-basic-2000] quit
# Configure outbound dynamic PAT with Easy IP on interface GigabitEthernet 1/2. The IP address of
GigabitEthernet 1/2 is used as the NAT address for the source address translation of the packets from
internal to external.
[Router] interface gigabitethernet 1/2
[Router-GigabitEthernet1/2] nat outbound 2000
[Router-GigabitEthernet1/2] quit
# Configure the Endpoint-Independent Mapping mode for PAT. For packets with the same source address
and port number and permitted by ACL 2000, the source address and port number are translated to the
same external address and port number.
[Router] nat mapping-behavior endpoint-independent acl 2000
# Enable NAT hairpin on interface GigabitEthernet 1/1.
[Router] interface gigabitethernet 1/1
[Router-GigabitEthernet1/1] nat hairpin enable
[Router-GigabitEthernet1/1] quit
Verifying the configuration
After completing the configuration, Host A, Host B, and Host C can access each other after they register
their IP addresses and port numbers to the external server.
# Display all NAT configuration and statistics.
[Router] display nat all
NAT outbound information:
There are 1 NAT outbound rules.
Interface: GigabitEthernet1/2
ACL: 2000
NO-PAT: N
NAT logging:
Log enable : Disabled
Flow-begin : Disabled
Flow-end
Flow-active: Disabled
NAT hairpinning:
There are 1 interfaces enabled with NAT hairpinning.
Interface: GigabitEthernet1/1
NAT mapping behavior:
Mapping mode: Endpoint-Independent
ACL
Address group: ---
Reversible: N
: Disabled
: 2000
Port-preserved: N
145