Verifying the configuration, Troubleshooting nat, Symptom 1 – H3C Technologies H3C SecPath F1000-E User Manual

30

[SecPath] interface gigabitethernet 0/2

# Configure the internal Web server.

[SecPath-GigabitEthernet0/2] nat server protocol tcp global 202.38.1.2 inside 10.110.10.1

www

# Configure the internal FTP server.

[SecPath-GigabitEthernet0/2] nat server protocol tcp global 202.38.1.2 inside 10.110.10.2

ftp

[SecPath-GigabitEthernet0/2] quit

# Configure two DNS mapping entries: map the domain name www.server.com of the Web server to
202.38.1.2, and ftp.server.com of the FTP server to 202.38.1.2.

[SecPath] nat dns-map domain www.server.com protocol tcp ip 202.38.1.2 port www

[SecPath] nat dns-map domain ftp.server.com protocol tcp ip 202.38.1.2 port ftp

[SecPath] quit

Verifying the configuration

# Display the DNS mapping configuration information.

display nat dns-map

NAT DNS mapping information:

There are currently 2 NAT DNS mapping(s)

Domain-name: www.server.com

Global-IP : 202.38.1.2

Global-port: 80(www)

Protocol : 6(TCP)

Domain-name: ftp.server.com

Global-IP : 202.38.1.2

Global-port: 21(ftp)

Protocol : 6(TCP)

Host A and Host B can use the domain name www.server.com to access the Web server, and use
ftp.server.com to access the FTP server.

Troubleshooting NAT

Symptom 1

Abnormal translation of IP addresses

Solution

1.

Enable debugging for NAT. Try to locate the problem based on the debugging display.

2.

Use other commands, if necessary, to further identify the problem.

3.

Pay special attention to the source address after the address translation and make sure that this
address is the address that you intend to change. If not, there may be an address pool bug.

4.

Make sure a route is available between the destination network and the address pool segment.