153
Total sessions found: 1
Bidirectional NAT for external-to-internal NAT Server access
through domain name configuration example
Network requirements
As shown in
, an intranet uses the subnet 192.168.1.0/24. The Web server at
192.168.1.2/24 provides Web services for external users and the DNS server at 192.168.1.3/24
resolves the domain name of the Web server. The company has 3 public addresses 202.38.1.2,
202.38.1.3, and 202.38.1.4.
Configure NAT to allow external host at 192.168.1.2 in the external network to use the domain name
to access the internal Web server.
Figure 68 Network diagram
Requirements analysis
To meet the network requirements, you must perform the following tasks:
•
Configure NAT Server to map the private IP address and port of the DNS server to a public IP
address and port. NAT Server allows the external host to access the internal DNS server for
domain name resolution.
•
Configure outbound dynamic NAT and enable ALG for DNS. The Web server's IP address is the
same as the external host's IP address. NAT with ALG can translate the Web server's private
address in the payload of the DNS response packet to a dynamically assigned public address.
•
Configure inbound dynamic NAT. The external host's IP address is the same as the Web
server's IP address. Inbound dynamic NAT can translate the external host's IP address into a
dynamically assigned public address.
•
Add a static route to the public IP address of the external host with GigabitEthernet 2/0/2 as the
output interface.
Configuration procedure
# Specify IP addresses for the interfaces on the router. (Details not shown.)
# Enable NAT with ALG for DNS.
<Router> system-view
[Router] nat alg dns
# Configure ACL 2000, and create a rule to permit packets only from subnet 192.168.1.0/24 to pass
through.
[Router] acl basic 2000