Load sharing NAT Server configuration example
Network requirements
As shown in Figure 65, three FTP servers are in the intranet to provide FTP services for external users. Configure NAT so that these external users use the address 202.38.1.1/16 to access the servers and the three FTP servers implement load sharing.
Figure 65: Network diagram
Configuration procedure
# Specify IP addresses for the interfaces on the router. (Details not shown.)
# Create NAT Server group 0, and add members to the group.
<Router> system-view [Router] nat server-group 0 [Router-nat-server-group-0] inside ip 10.110.10.1 port 21 [Router-nat-server-group-0] inside ip 10.110.10.2 port 21 [Router-nat-server-group-0] inside ip 10.110.10.3 port 21 [Router-nat-server-group-0] quit
# Associate NAT Server group 0 with GigabitEthernet 1/0/2 so that servers in the server group can provide FTP services.
[Router] interface gigabitethernet 1/0/2 [Router-GigabitEthernet1/0/2] nat server protocol tcp global 202.38.1.1 ftp inside server-group 0
Verifying the configuration
# Verify that external hosts can access the internal FTP server group. (Details not shown.)
# Display all NAT configuration and statistics.
[Router] display nat all
NAT server group information:
Totally 1 NAT server groups.
Group Number Inside IP Port Weight
0 10.110.10.1 21 100
10.110.10.2 21 100
10.110.10.3 21 100
NAT internal server information:
Totally 1 internal servers.
Interface: GigabitEthernet1/0/2
Protocol: 6(TCP)
Global IP/port: 202.38.1.1/21
Local IP/port : server group 0
10.110.10.1/21 (Connections: 1)
10.110.10.2/21 (Connections: 2)
10.110.10.3/21 (Connections: 2)
Config status : Active
NAT logging:
Log enable : Disabled
Flow-begin : Disabled
Flow-end : Disabled
Flow-active : Disabled
Port-block-assign : Disabled
Port-block-withdraw : Disabled
Alarm : Disabled
NAT mapping behavior:
Mapping mode : Address and Port-Dependent
ACL : ---
Config status: Active
NAT ALG:
DNS : Enabled
FTP : Enabled
H323 : Enabled
ICMP-ERROR : Enabled
ILS : Enabled
MGCP : Enabled
NBT : Enabled
PPTP : Enabled
RSH : Enabled
RTSP : Enabled
SCCP : Enabled
SIP : Enabled
SQLNET : Enabled
TFTP : Enabled
XDMCP : Enabled
# Display NAT session information generated when external hosts access an internal FTP server.
[Router] display nat session verbose Initiator: Source IP/port: 202.38.1.25/53957 Destination IP/port: 202.38.1.1/21 DS-Lite tunnel peer: - VPN instance/VLAN ID/Inline ID: -/-/- Protocol: TCP(6) Inbound interface: GigabitEthernet1/0/2 Responder: Source IP/port: 10.110.10.3/21 Destination IP/port: 202.38.1.25/53957 DS-Lite tunnel peer: - VPN instance/VLAN ID/Inline ID: -/-/- Protocol: TCP(6) Inbound interface: GigabitEthernet1/0/1 State: TCP_ESTABLISHED Application: FTP Start time: 2012-08-16 11:06:07 TTL: 26s Initiator->Responder: 1 packets 60 bytes Responder->Initiator: 2 packets 120 bytes Total sessions found: 5