Packet Tracer 5.2實驗(十四) 網絡地址轉換NAT配置

一、實驗目標

• 理解NAT網絡地址轉換的原理及功能；
• 掌握靜態NAT的配置，實現局域網訪問互聯網；

二、實驗背景

公司欲發布WWW服務，現要求將內網Web服務器IP地址映射為全局IP地址，實現外部網絡可訪問公司內部Web服務器。

三、技術原理

• 網絡地址轉換NAT（Network Address Translation），被廣泛應用於各種類型Internet接入方式和各種類型的網絡中。原因很簡單，NAT不僅完美解決了IP地址不足的問題，而且還能夠有效地避免來自網絡外部的攻擊，隱藏並保護網絡內部的計算機。
• 默認情況下，內部IP地址是無法被路由到外網的，內部主機10.1.1.1要與外部internet通信，IP包到達NAT路由器時，IP包頭的源地址10.1.1.1被替換成一個合法的外網IP，並在NAT轉換表中保存這條記錄。當外部主機發送一個應答到內網時，NAT路由器收到后，查看當前NAT轉換表，用10.1.1.1替換掉這個外網地址。
• NAT將網絡划分為內部網絡和外部網絡兩部分，局域網主機利用NAT訪問網絡時，是將局域網內部的本地地址轉換為全局地址（互聯網合法的IP地址）后轉發數據包。
• NAT分為兩種類型：NAT（網絡地址轉換）和NAPT（網絡端口地址轉換IP地址對應一個全局地址）。
• 靜態NAT：實現內部地址與外部地址一對一的映射。現實中，一般都用於服務器；
• 動態NAT：定義一個地址池，自動映射，也是一對一的。現實中，用得比較少；
• NAPT：使用不同的端口來映射多個內網IP地址到一個指定的外網IP地址，多對一。

四、實驗步驟

實驗拓撲

1、R1為公司出口路由器，其與外部路由之間通過V.35電纜串口連接，DCE端連接在R2上，配置其時鍾頻率為64000；

2、配置PC機、服務器及路由器接口IP地址；

3、在各路由器上配置靜態路由協議，讓PC間能相互ping通；

4、在R1上配置靜態NAT；

5、在R1上定義內外部網絡接口；

6、驗證主機之間的互通性。

R1:

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname R1
R1(config)#int fa0/0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#no shut

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R1(config-if)#exit
R1(config)#int s2/0
R1(config-if)#ip add 222.0.1.1 255.255.255.0
R1(config-if)#no shut

%LINK-5-CHANGED: Interface Serial2/0, changed state to down
R1(config-if)#
%LINK-5-CHANGED: Interface Serial2/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to up
R1(config-if)#
R1(config-if)#
R1(config-if)#exit
R1(config)#ip route 222.0.2.0 255.255.255.0 222.0.1.2                       //配置到222.0.2.0網段的靜態路由
R1(config)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.1.0/24 is directly connected, FastEthernet0/0
C    222.0.1.0/24 is directly connected, Serial2/0
S    222.0.2.0/24 [1/0] via 222.0.1.2
R1#
R1#
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int fa0/0
R1(config-if)#?
  arp                Set arp type (arpa, probe, snap) or timeout
  bandwidth          Set bandwidth informational parameter
  cdp                CDP interface subcommands
  crypto             Encryption/Decryption commands
  custom-queue-list  Assign a custom queue list to an interface
  delay              Specify interface throughput delay
  description        Interface specific description
  duplex             Configure duplex operation.
  exit               Exit from interface configuration mode
  fair-queue         Enable Fair Queuing on an Interface
  hold-queue         Set hold queue depth
  ip                 Interface Internet Protocol config commands
  mac-address        Manually set interface MAC address
  mtu                Set the interface Maximum Transmission Unit (MTU)
  no                 Negate a command or set its defaults
  priority-group     Assign a priority group to an interface
  service-policy     Configure QoS Service Policy
  shutdown           Shutdown the selected interface
  speed              Configure speed operation.
  tx-ring-limit      Configure PA level transmit ring limit
  zone-member        Apply zone name
R1(config-if)#ip ?
  access-group        Specify access control for packets
  address             Set the IP address of an interface
  hello-interval      Configures IP-EIGRP hello interval
  helper-address      Specify a destination address for UDP broadcasts
  inspect             Apply inspect name
  ips                 Create IPS rule
  mtu                 Set IP Maximum Transmission Unit
  nat                 NAT interface commands
  ospf                OSPF interface commands
  split-horizon       Perform split horizon
  summary-address     Perform address summarization
  virtual-reassembly  Virtual Reassembly
R1(config-if)#ip nat ?
  inside   Inside interface for address translation
  outside  Outside interface for address translation
R1(config-if)#ip nat inside ?
  <cr>
R1(config-if)#ip nat inside 
R1(config-if)#exit
R1(config)#int s2/0
R1(config-if)#ip nat outside ?
  <cr>
R1(config-if)#ip nat outside 
R1(config-if)#exit
R1(config)#
R1#
R1#
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip ?
  access-list       Named access-list
  default-network   Flags networks as candidates for default routes
  dhcp              Configure DHCP server and relay parameters
  domain            IP DNS Resolver
  domain-lookup     Enable IP Domain Name System hostname translation
  domain-name       Define the default domain name
  forward-protocol  Controls forwarding of physical and directed IP broadcasts
  host              Add an entry to the ip hostname table
  name-server       Specify address of name server to use
  nat               NAT configuration commands
  route             Establish static routes
  tcp               Global TCP parameters
R1(config)#ip nat ?
  inside   Inside address translation
  outside  Outside address translation
  pool     Define pool of addresses
R1(config)#ip nat inside ?
  source  Source address translation
R1(config)#ip nat inside source ?
  list    Specify access list describing local addresses
  static  Specify static local->global mapping
R1(config)#ip nat inside source static ?
  A.B.C.D  Inside local IP address
  tcp      Transmission Control Protocol
  udp      User Datagram Protocol
R1(config)#ip nat inside source static 192.168.1.2 ?
  A.B.C.D  Inside global IP address
R1(config)#ip nat inside source static 192.168.1.2 222.0.1.3 ?
  <cr>
R1(config)#ip nat inside source static 192.168.1.2 222.0.1.3                //配置內網到外網的靜態NAT映射
R1(config)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#show ip nat ?
  statistics    Translation statistics
  translations  Translation entries
R1#show ip nat translations 
Pro  Inside global     Inside local       Outside local      Outside global
---  222.0.1.3         192.168.1.2        ---                ---

R1#
R1#show ip nat translations 
Pro  Inside global     Inside local       Outside local      Outside global
---  222.0.1.3         192.168.1.2        ---                ---
tcp 222.0.1.3:80       192.168.1.2:80     222.0.2.2:1025     222.0.2.2:1025

R1#
R1#show running-config 
Building configuration...

Current configuration : 753 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
...
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet1/0
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Serial2/0
 ip address 222.0.1.1 255.255.255.0
 ip nat outside
!
interface Serial3/0
 no ip address
 shutdown
!
interface FastEthernet4/0
 no ip address
 shutdown
!
interface FastEthernet5/0
 no ip address
 shutdown
!
ip nat inside source static 192.168.1.2 222.0.1.3 
ip classless
ip route 222.0.2.0 255.255.255.0 222.0.1.2 
!
...
!
line con 0
line vty 0 4
 login
!
!
!
end


R1#

R2:

Router>
Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname R2
R2(config)#int fa0/0
R2(config-if)#ip add 222.0.2.1 255.255.255.0
R2(config-if)#no shut

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R2(config-if)#exit
R2(config)#int s2/0
R2(config-if)#ip add 222.0.1.2 255.255.255.0
R2(config-if)#no shut

%LINK-5-CHANGED: Interface Serial2/0, changed state to up
R2(config-if)#clock rate 64000
R2(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to up
R2(config-if)#
R2(config-if)#
R2(config-if)#exit
R2(config)#ip route 192.168.1.0 255.255.255.0 222.0.1.1
R2(config)#end
R2#
%SYS-5-CONFIG_I: Configured from console by console
R2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

S    192.168.1.0/24 [1/0] via 222.0.1.1
C    222.0.1.0/24 is directly connected, Serial2/0
C    222.0.2.0/24 is directly connected, FastEthernet0/0
R2#

PC1:

Packet Tracer PC Command Line 1.0
PC>ipconfig

IP Address......................: 222.0.2.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 222.0.2.1

PC>ping 192.168.1.2

Pinging 192.168.1.2 with 32 bytes of data:

Request timed out.
Reply from 192.168.1.2: bytes=32 time=19ms TTL=126
Reply from 192.168.1.2: bytes=32 time=17ms TTL=126
Reply from 192.168.1.2: bytes=32 time=15ms TTL=126

Ping statistics for 192.168.1.2:
    Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 19ms, Average = 17ms

PC>

PC1-WEB：