Exporting Nat Logs To The Information Center - H3C S9500 Series Operation Manual

Operation Manual – L3+NAT
H3C S9500 Series Routing Switches
[Switch-Vlan-interface10] nat server protocol tcp global 202.38.160.100 ftp
inside 10.110.10.1 ftp
# Configure the internal WWW server 1.
[Switch-Vlan-interface10] nat server protocol tcp global 202.38.160.100 www
inside 10.110.10.2 www
# Configure the internal WWW server 2.
[Switch-Vlan-interface10] nat server protocol tcp global 202.38.160.100 8080
inside 10.110.10.3 www
# Configure the internal SMTP server.
[Switch-Vlan-interface10] nat server protocol tcp global 202.38.160.100 smtp
inside 10.110.10.4 smtp
[Switch-Vlan-interface10] quit
# Enable the connection-limit function.
[[Switch] connection-limit enable
# Configure a connection-limit policy and rules.
[Switch] connection-limit policy 1
[Switch-connection-limit-policy-1] limit mode amount
[Switch-connection-limit-policy-1] limit 1 source 10.110.10.1 amount 1000
[Switch-connection-limit-policy-1] quit
# Bind the connection-limit policy with the NAT module.
[Switch] nat connection-limit-policy 1

1.10.2 Exporting NAT Logs to the Information Center

I. Network requirements
A host in the private network accesses Device B in the public network through
Device A, which is enabled with NAT;
Device A sends NAT logs to the information center in the form of system logs;
You can view the records on the information center to supervise the private
network users.
1-21
Chapter 1 NAT Configuration