Dynamic NAT444 configuration example
Network requirements
As shown in Figure 68, a company uses private IP address on network 192.168.0.0/16 and public IP addresses 202.38.1.2 and 202.38.1.3. Configure dynamic NAT444 to the following requirements:
Only users on subnet 192.168.1.0/24 can use public IP addresses 202.38.1.2 and 202.38.1.3 to access the Internet.
The port range for the public IP addresses is 1024 to 65535.
The port block size is 300.
If the ports in the assigned port block are all used, extend another port block for users.
Figure 68: Network diagram
Configuration procedure
# Specify IP addresses for the interfaces on the router. (Details not shown.)
# Create public address group 0.
<Router> system-view [Router] nat address-group 0
# Add the public IP addresses 202.38.1.2 and 202.38.1.3 to the NAT address group.
[Router-address-group-0] address 202.38.1.2 202.38.1.3
# Configure the port range as 1024 to 65535.
[Router-address-group-0] port-range 1024 65535
# Set the port block size to 300 and the extended port block number to 1.
[Router-address-group-0] port-block block-size 300 extended-block-number 1 [Router-address-group-0] quit
# Configure an ACL to identify packets from subnet 192.168.1.0/24.
[Router] acl basic 2000 [Router-acl-ipv4-basic-2000] rule permit source 192.168.1.0 0.0.0.255 [Router-acl-ipv4-basic-2000] quit
# Configure outbound NAT444 on interface GigabitEthernet 1/0/2.
[Router] interface gigabitethernet 1/0/2 [Router-GigabitEthernet1/0/2] nat outbound 2000 address-group 0
Verifying the configuration
# Verify that Host A can access external servers, but Host B and Host C cannot. (Details not shown.)
# Display all NAT configuration and statistics.
[Router] display nat all NAT address group information: Totally 1 NAT address groups. Address group 0: Port range: 1024-65535 Port block size: 300 Extended block number: 1 Address information: Start address End address 202.38.1.2 202.38.1.3 NAT outbound information: Totally 1 NAT outbound rules. Interface: GigabitEthernet1/0/2 ACL: 2000 Address group ID: 0 Port-preserved: N NO-PAT: N Reversible: N Config status: Active NAT logging: Log enable : Disabled Flow-begin : Disabled Flow-end : Disabled Flow-active : Disabled Port-block-assign : Disabled Port-block-withdraw : Disabled Alarm : Disabled NAT mapping behavior: Mapping mode : Address and Port-Dependent ACL : --- Config status: Active NAT ALG: DNS : Enabled FTP : Enabled H323 : Enabled ICMP-ERROR : Enabled ILS : Enabled MGCP : Enabled NBT : Enabled PPTP : Enabled RSH : Enabled RTSP : Enabled SCCP : Enabled SIP : Enabled SQLNET : Enabled TFTP : Enabled XDMCP : Enabled
# Display NAT statistics.
[Router] display nat statistics Total session entries: 0 Total EIM entries: 0 Total inbound NO-PAT entries: 0 Total outbound NO-PAT entries: 0 Total static port block entries: 0 Total dynamic port block entries: 430 Active static port block entries: 0 Active dynamic port block entries: 1