Load sharing NAT Server configuration example
Network requirements
As shown in Figure 65, three FTP servers are in the intranet to provide FTP services for external users. Configure NAT so that these external users use the address 202.38.1.1/16 to access the servers and the three FTP servers implement load sharing.
Figure 65: Network diagram
Configuration procedure
# Specify IP addresses for the interfaces on the router. (Details not shown.)
# Create NAT Server group 0, and add members to the group.
<Router> system-view [Router] nat server-group 0 [Router-nat-server-group-0] inside ip 10.110.10.1 port 21 [Router-nat-server-group-0] inside ip 10.110.10.2 port 21 [Router-nat-server-group-0] inside ip 10.110.10.3 port 21 [Router-nat-server-group-0] quit
# Associate NAT Server group 0 with GigabitEthernet 1/0/2 so that servers in the server group can provide FTP services.
[Router] interface gigabitethernet 1/0/2 [Router-GigabitEthernet1/0/2] nat server protocol tcp global 202.38.1.1 ftp inside server-group 0
Verifying the configuration
# Verify that external hosts can access the internal FTP server group. (Details not shown.)
# Display all NAT configuration and statistics.
[Router] display nat all NAT server group information: Totally 1 NAT server groups. Group Number Inside IP Port Weight 0 10.110.10.1 21 100 10.110.10.2 21 100 10.110.10.3 21 100 NAT internal server information: Totally 1 internal servers. Interface: GigabitEthernet1/0/2 Protocol: 6(TCP) Global IP/port: 202.38.1.1/21 Local IP/port : server group 0 10.110.10.1/21 (Connections: 1) 10.110.10.2/21 (Connections: 2) 10.110.10.3/21 (Connections: 2) Config status : Active NAT logging: Log enable : Disabled Flow-begin : Disabled Flow-end : Disabled Flow-active : Disabled Port-block-assign : Disabled Port-block-withdraw : Disabled Alarm : Disabled NAT mapping behavior: Mapping mode : Address and Port-Dependent ACL : --- Config status: Active NAT ALG: DNS : Enabled FTP : Enabled H323 : Enabled ICMP-ERROR : Enabled ILS : Enabled MGCP : Enabled NBT : Enabled PPTP : Enabled RSH : Enabled RTSP : Enabled SCCP : Enabled SIP : Enabled SQLNET : Enabled TFTP : Enabled XDMCP : Enabled
# Display NAT session information generated when external hosts access an internal FTP server.
[Router] display nat session verbose Initiator: Source IP/port: 202.38.1.25/53957 Destination IP/port: 202.38.1.1/21 DS-Lite tunnel peer: - VPN instance/VLAN ID/Inline ID: -/-/- Protocol: TCP(6) Inbound interface: GigabitEthernet1/0/2 Responder: Source IP/port: 10.110.10.3/21 Destination IP/port: 202.38.1.25/53957 DS-Lite tunnel peer: - VPN instance/VLAN ID/Inline ID: -/-/- Protocol: TCP(6) Inbound interface: GigabitEthernet1/0/1 State: TCP_ESTABLISHED Application: FTP Start time: 2012-08-16 11:06:07 TTL: 26s Initiator->Responder: 1 packets 60 bytes Responder->Initiator: 2 packets 120 bytes Total sessions found: 5