VYATTA - Lak priručnik - Proučavanje slučaja 6 - NAT

Vyatta Proučavanje slučaja 6 - NAT
Zadnje osvježenje: Mar 18 2008


Tool
Install
Ergonomy
Forum



Pojedinosti Što je Vyatta?
Prikazi_zaslona
Preduvjeti
Priručnik Vyatta-e
Vyatta & Cisco naredbe
Vyatta/Cisco/Quagga usporedba (Quagga dio)
Proučavanje slučaja 1 - Statične rute (VC 2.0)
Proučavanje slučaja 2 - OSPF jednostavno (VC 2.0)
Proučavanje slučaja 3 - OSPF napredno (VC 2.0)
Proučavanje slučaja 4 - BGP (VC 3.0)
Proučavanje slučaja 5 - VRRP (VC 2.2)
Proučavanje slučaja 6 - NAT (VC 2.0)
Proučavanje slučaja 7 - DHCP (VC 2.2)
Proučavanje slučaja 8 - IPSec (VC 2.2)
Proučavanje slučaja 9 - Paketi (VC 3.0)
Proučavanje slučaja 10 - Premoštenja (VC 3.0)
Proučavanje slučaja 11 - CDP (VC 3.0)

Croatian translation by Oliver Mucafir .



⚠️⚠️⚠️
Please check our website about
attractions in Western Switzerland !! (Please use english translation).

⚠️⚠️⚠️
Merci de consulter notre site sur les
activités à faire en Suisse romande !!


1. NAT - STATIČKI 2. PAT - STATIČKI 3. NAT - DINAMIČKI 4. NAT - MASKIRANI


1.1 NAČELNI SLUČAJ 1.2 SLIKA 1.3 POSTAVKE 1.4 PRIKAZ NAREDBI


1. NAČELNI SLUČAJ

Korištena verzijaVyatte: VC 2.0 20.veljače 2007.
Statični NAT, gdje je jedna IP addresa prevedena u drugu IP address, može se koristiti da bi se dosegnuo unutarnji web poslužitelj sa interneta.
Prednost statičnog NAT-a uspoređenog s drugim tipom NAT-a je što TCP ili UDP portovi nisu promijenjeni za vrijeme prevođenja.

U našem primjeru, postavili smo polazišni i odredišni statički NAT.


2. SLIKA

cisco vyatta case study static nat Testirane funkcionalnosti:

(klikni na web poveznicu za više pojedinosti o protokolu)

Postavke sučelja
Telnet pristup
NAT - statični
Static Routing
 
 
 
 
 
 
 
 
 


3. POSTAVKE

CISCO ROUTER 2651 IOS: 12.2(15)T17 VYATTA ROUTER VC2 Feb 20, 2007
interface FastEthernet0/0
  description Server A
  ip address 10.0.0.1 255.255.255.0
  ip nat inside
edit interfaces ethernet eth1
  set description ServerB
  set address 10.0.0.1 prefix-length 24
 
interface FastEthernet0/1
  description Vyatta
  ip address 50.0.0.2 255.255.255.0
  ip nat outside
edit interfaces ethernet eth0
  set description Cisco
  set address 50.0.0.1 prefix-length 24
 
ip route 60.0.0.0 255.255.255.240
50.0.0.1
set protocols static route 70.0.0.0/28 next-hop
50.0.0.2
ip nat inside source static 10.0.0.2
70.0.0.2

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
set service nat rule 1
edit service nat rule 1
  set type destination
  set translation-type static
  set inbound-interface eth0
  set protocols all
  set source network 0.0.0.0/0
  set destination address 60.0.0.56
  set inside-address address 10.0.0.2

set service nat rule 2
edit service nat rule 2
  set type source
  set translation-type static
  set outbound-interface eth0
  set protocols all
  set source address 10.0.0.2
  set destination network 0.0.0.0/0
  set outside-address address 60.0.0.2
line vty 0 4
  no login
set service telnet
 
enable secret password
 
edit system login user vyatta
  set authentification plaintext-password password


4. PRIKAZ NAREDBI

vyatta@vyatta>show nat rules

vyatta output show nat rules

vyatta@vyatta>show nat statistics

vyatta output show nat statistics

vyatta:~#tcpdump -v -p icmp
(naredbu mora izvršiti root korisnik u naredbenom retku)

vyatta output tcpdump

Router#show ip nat translations

Cisco output show ip nat translations

Router#show ip nat statistics

Cisco output show ip nat statistics

Router#debug ip nat
Router#terminal monitor

Cisco output debug ip nat

END TO END PROVJERE POVEZIVOSTI:

Od web poslužitelja A:
c:\>tracert 60.0.0.2

windows tracert

Od web poslužiteljaB:
c:\>tracert 70.0.0.2

windows tracert

Vrh stranice


2.1 NAČELAN SLUČAJ 2.2 SLIKA 2.3 POSTAVKE 2.4 PRIKAZ NAREDBI


1. NAČELAN SLUČAJ

Statički PAT (Port Address Translation) je gdje su IP addresa i layer 4 (TCP/UDP) port prevedeni u jednu IP addresu i jedan layer 4 port.
Može se koristiti za doseg unutrašnjeg file poslužitelja s interneta.

U našem primjeru, postavili smo statičan odredišni PAT.


2. SLIKA

Vyatta Cisco case study static pat Testirane funkcionalnosti:

(kliknite na web poveznicu za više pojedinosti o protokolu)

Postavke sučelja
Telnet pristup
PAT - statični
Static Routing
 
 
 
 
 
 
 
 
 


3. POSTAVKE

CISCO ROUTER 2651 IOS: 12.2(15)T17 VYATTA ROUTER VC2 Feb 20, 2007
interface FastEthernet0/0
  description Server A
  ip address 10.0.0.1 255.255.255.0
  ip nat inside
edit interfaces ethernet eth1
  set description ServerB
  set address 10.0.0.1 prefix-length 24
 
interface FastEthernet0/1
  description Vyatta
  ip address 50.0.0.2 255.255.255.0
  ip nat outside
edit interfaces ethernet eth0
  set description Cisco
  set address 50.0.0.1 prefix-length 24
 
ip route 60.0.0.0 255.255.255.240
50.0.0.1
set protocols static route 70.0.0.0/28 next-hop
50.0.0.2
ip nat inside source static
tcp 10.0.0.2 21 70.0.0.2 21
 
 
 
 
 
 
 
 
set service nat rule 1
edit service nat rule 1
  set type destination
  set translation-type static
  set inbound-interface eth0
  set protocols tcp
  set source network 0.0.0.0/0
  set destination address 60.0.0.2
  set destination port-name ftp
  set inside-address address 10.0.0.2
line vty 0 4
  no login
set service telnet
 
enable secret password
 
edit system login user vyatta
  set authentification plaintext-password password


4. PRIKAZ NAREDBI

vyatta@vyatta>show nat rules

vyatta output show nat rules

vyatta@vyatta>show nat statistics

vyatta output show nat statistics

vyatta:~#tcpdump port 21
(naredbu mora izvršiti root korisnik u naredbenom retku)

vyatta output tcpdump

Router#show ip nat translations

cisco output show ip nat translations

Router#show ip nat statistics

cisco output show ip nat statistics

Router#debug ip nat
Router#terminal monitor

cisco output debug ip nat

Vrh stranice


3.1 NAČELAN SLUČAJ 3.2 SLIKA 3.3 POSTAVKE 3.4 PRIKAZ NAREDBI


1. NAČELAN SLUČAJ

Dinamički NAT je kada je IP adresa, član jedne grupe prevedena u IP adresu, koja je pak član druge grupe adresa.
Može se koristiti kada želite povezati dvije mreže imajući isti IP raspon.

U našem primjeru, uređujemo dinamički source NAT.


2. SLIKA

Cisco vyatta case study dynamic nat Testirane funkcionalnosti:

(klikni na web poveznicu za više pojedinosti o protokolu)

Postavke sučelja
Telnet pristup
NAT - dinamički
Static Routing
 
 
 
 
 
 
 
 
 


3. POSTAVKE

CISCO ROUTER 2651 IOS: 12.2(15)T17 VYATTA ROUTER VC2 Feb 20, 2007
interface FastEthernet0/0
  description Server A
  ip address 10.0.0.1 255.255.255.0
  ip nat inside
edit interfaces ethernet eth1
  set description ServerB
  set address 10.0.0.1 prefix-length 24
 
interface FastEthernet0/1
  description Vyatta
  ip address 50.0.0.2 255.255.255.0
  ip nat outside
edit interfaces ethernet eth0
  set description Cisco
  set address 50.0.0.1 prefix-length 24
 
ip route 60.0.0.0 255.255.255.240
50.0.0.1
set protocols static route 70.0.0.0/28 next-hop
50.0.0.2
ip nat pool nat-pool 70.0.0.0 70.0.0.15
netmask 255.255.255.240
ip nat inside source list 1 pool nat-pool
access-list 1 permit 10.0.0.0 0.0.0.255
 
 
 
 
 
set service nat rule 1
edit service nat rule 1
  set type source
  set translation-type dynamic
  set outbound-interface eth0
  set protocols all
  set source network 10.0.0.0/24
  set destination network 0.0.0.0/0
  set outside-address address 60.0.0.0/28
line vty 0 4
  no login
set service telnet
 
enable secret password
 
edit system login user vyatta
  set authentification plaintext-password password


4. PRIKAZ NAREDBI

vyatta@vyatta>show nat rules

vyatta output show nat rules

vyatta@vyatta>show nat statistics

vyatta output show nat statistics

vyatta:~#tcpdump -v
(naredbu mora izvršiti root korisnik u naredbenom retku)

vyatta output tcpdump

Router#show ip nat translations

cisco output show ip nat translations

Router#show ip nat statistics

cisco output show ip nat statistics

Router#debug ip nat
Router#terminal monitor

cisco output debug ip nat

END TO END PROVJERA POVEZIVOSTI:

S Radne površine A:
c:\>tracert 50.0.0.1

windows tracert

S radne površine B:
c:\>tracert 50.0.0.2

windows tracert

Vrh stranice


4.1 NAČELAN SLUČAJ 4.2 SLIKA 4.3 POSTAVKE 4.4 PRIKAZ NAREDBI


1. NAČELAN SLUČAJ

Maskirani NAT je gdje su izvorne IP adrese unutar grupe adresa prevedene u jednu jedinstvenu IP adresu.

Obično se koristi za grupu korisnika koji imaju privatne IP adrese i koji traže pristup internetu.


2. SLIKA

cisco vyatta case study nat masquerade overloading Testirane funkcionalnosti:

(klikni na web poveznicu za više pojedinosti o protokolu)

Postavke sučelja
Telnet pristup
NAT - maskirani
Static Routing
 
 
 
 
 
 
 
 
 


3. POSTAVKE

CISCO ROUTER 2651 IOS: 12.2(15)T17 VYATTA ROUTER VC2 Feb 20, 2007
interface FastEthernet0/0
  description Server A
  ip address 10.0.0.1 255.255.255.0
  ip nat inside
edit interfaces ethernet eth1
  set description ServerB
  set address 10.0.0.1 prefix-length 24
 
interface FastEthernet0/1
  description Vyatta
  ip address 50.0.0.2 255.255.255.0
  ip nat outside
edit interfaces ethernet eth0
  set description Cisco
  set address 50.0.0.1 prefix-length 24
 
ip route 60.0.0.0 255.255.255.240
50.0.0.1
set protocols static route 70.0.0.0/28 next-hop
50.0.0.2
ip nat inside source list 1 interface
FastEthernet0/1 overload
access-list 1 permit 10.0.0.0 0.0.0.255
 
 
 
 
 
set service nat rule 1
edit service nat rule 1
  set type source
  set translation-type masquerade
  set inbound-interface eth0
  set protocols all
  set source network 10.0.0.0/24
  set destination address 0.0.0.0/0
line vty 0 4
  no login
set service telnet
 
enable secret password
 
edit system login user vyatta
  set authentification plaintext-password password


4. PRIKAZ NAREDBI

vyatta@vyatta>show nat rules

vyatta output show nat rules

vyatta@vyatta>show nat statistics

vyatta output show nat statistics

vyatta:~#tcpdump -v
(naredbu mora izvršiti root korisnik u naredbenom retku)

vyatta output tcpdump

Router#show ip nat translations
(telnet s Radne površine A prema Vyatti)

cisco output show ip nat translations

Router#show ip nat statistics

cisco output show ip nat statistics

Router#debug ip nat
Router#terminal monitor

cisco output debug ip nat

END TO END PROVJERE POVEZIVOSTI:

S Radne površine A:
c:\>tracert 50.0.0.1

tracert windows

S Radne površine B:
c:\>tracert 50.0.0.2

tracert windows

Vrh stranice