150
State: TCP_ESTABLISHED
Application: FTP
Start time: 2012-08-15 14:53:29 TTL: 3597s
Initiator->Responder: 7 packets 308 bytes
Responder->Initiator: 5 packets 312 bytes
Total sessions found: 1
NAT Server for external-to-internal access through domain
name configuration example
Network requirements
As shown in Figure 67, Web server at 10.110.10.2/24 in the internal network provides services for
external users. A DNS server at 10.110.10.3/24 is used to resolve the domain name of the Web
server. The company has two public IP addresses: 202.38.1.2 and 202.38.1.3.
Configure NAT Server to allow external users to access the internal Web server by using the domain
name.
Figure 67 Network diagram
Requirements analysis
To meet the network requirements, you must perform the following tasks:
• Configure NAT Server to map the private IP address and port of the DNS server to a public
address and port. NAT Server allows the external host to access the internal DNS server for
domain name resolution.
• Enable ALG for DNS and configure outbound dynamic NAT to translate the private IP address
of the Web server in the payload of the DNS response packet into a public IP address.
Configuration procedure
# Specify IP addresses for the interfaces on the router. (Details not shown.)
# Enable NAT with ALG for DNS.
<Router> system-view
[Router] nat alg dns
# Configure ACL 2000, and create a rule to permit packets only from 10.110.10.2 to pass through.
[Router] acl basic 2000
[Router-acl-ipv4-basic-2000] rule permit source 10.110.10.2 0
[Router-acl-ipv4-basic-2000] quit
To Next Page
Loading...
Need help?
General
