动态NAT,抓包-Debug The Life
2019年05月05日
原文
R3配置
[V200R003C00] # sysname Router # board add 0/4 8FE1GE # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone Indian Standard Time minus 05:13:20 clock daylight-saving-time Day Light Saving Time repeating 12:32 9-1 12:32 11-23 00:00 2005 2005 # drop illegal-mac alarm # vlan batch 100 200 # set cpu-usage threshold 80 restore 75 # acl number 2000 rule 5 permit source 192.168.20.0 0.0.0.255 acl number 2001 rule 5 permit source 10.0.0.0 0.0.0.255 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # nat address-group 1 202.169.10.100 202.169.10.200 nat address-group 2 202.169.10.80 202.169.10.83 # interface Vlanif100 ip address 192.168.20.1 255.255.255.0 # interface Vlanif200 ip address 10.0.0.1 255.255.255.0 # interface Ethernet4/0/0 port link-type access port default vlan 100 # interface Ethernet4/0/1 port link-type access port default vlan 200 # interface Ethernet4/0/2 # interface Ethernet4/0/3 # interface Ethernet4/0/4 # interface Ethernet4/0/5 # interface Ethernet4/0/6 # interface Ethernet4/0/7 # interface GigabitEthernet0/0/0 ip address 202.169.10.1 255.255.255.0 nat outbound 2000 address-group 1 no-pat nat outbound 2001 address-group 2 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 # interface GigabitEthernet4/0/0 # interface NULL0 # ip route-static 0.0.0.0 0.0.0.0 202.169.10.2 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
R4配置
[V200R003C00] # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone Indian Standard Time minus 05:13:20 clock daylight-saving-time Day Light Saving Time repeating 12:32 9-1 12:32 11-23 00:00 2005 2005 # drop illegal-mac alarm # set cpu-usage threshold 80 restore 75 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 202.169.10.2 255.255.255.0 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 # interface NULL0 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
在R3上查看NAT信息
dis nat address-group verbose
在R3的g 0/0/0口抓包,会发现NAT地址经过了正常的转换了
1)在PC1上ping 202.169.10.2,同时发现转换的公网IP地址是变化的
2)在PC2上ping 202.169.10.2,同时发现转换的公网IP地址是不化的
- 先只ping一个包
- 长ping,一直都是202.169.10.82这个地址
