Common internal server configuration example – H3C Technologies H3C SecBlade FW Cards User Manual
Page 30
23
Figure 16 Network diagram for dynamic NAT III
2.
Configuration procedure
# As shown in
, configure the IP addresses for the interfaces (omitted).
# Configure address pool 1.
[Secpath] nat address-group 1 202.38.1.2 202.38.1.3
# Configure ACL 2001, permitting only users from network segment 10.110.10.0/24 to access the
Internet.
[Secpath] acl number 2001
[Secpath-acl-basic-2001] rule permit source 10.110.10.0 0.0.0.255
[Secpath-acl-basic-2001] rule deny
[Secpath-acl-basic-2001] quit
# Associate address pool 1 and ACL 2001 with the outbound interface GigabitEthernet 0/2.
•
No-PAT
[Secpath] interface gigabitethernet 0/2
[Secpath-GigabitEthernet0/2] nat outbound 2001 address-group 1 no-pat
[Secpath-GigabitEthernet0/2] quit
•
NAPT
[Secpath] interface gigabitethernet 0/2
[Secpath-GigabitEthernet0/2] nat outbound 2001 address-group 1
[Secpath-GigabitEthernet0/2] quit
Common internal server configuration example
1.
Network requirements
As shown in
, a company provides two web servers, one FTP server, and one SMTP server for
external users to access. The internal network address is 10.110.0.0/16. The internal address for the FTP
server is 10.110.10.3/16, for web server 1 is 10.110.10.1/16, for web server 2 is 10.110.10.2/16, and for
the SMTP server 10.110.10.4/16. The company has three public IP addresses ranging from
202.38.1.1/24 to 202.38.1.3/24. Specifically, the company has the following requirements:
•
External hosts can access internal servers with public address 202.38.1.1/24.
•
Port 8080 is used for web server 2.