* IP주소의 변환 NAT (Network Address Translation)
- NAT 테이블로 관리한다, 즉 사설IP하나와 공인IP하나를 매칭한다
- 내부 IP주소를 숨김으로서 보안상의 기능을 획득할 수 있다
- NAT 설정 방법
R1(config)#ip nat pool ? -> 이름 생성
WORD Pool name
R1(config)#ip nat pool apple ? -> 로컬주소 처음주소 지정
A.B.C.D Start IP address
R1(config)#ip nat pool apple 172.16.1.1 ? -> 로컬주소 마지막주소 지정
A.B.C.D End IP address
R1(config)#ip nat pool apple 172.16.1.1 172.16.1.1 ? -> 로컬주소의 네트워크마스크
netmask Specify the network mask
R1(config)#ip nat pool apple 172.16.1.1 172.16.1.1 netmask ?
A.B.C.D Network mask
R1(config)#ip nat pool apple 172.16.1.1 172.16.1.1 netmask 255.255.255.252 -> 완성
R1(config)#ip nat ?
inside Inside address translation -> 내부 주소 변환
outside Outside address translation -> 공인 주소 변환
pool Define pool of addresses
R1(config)#ip nat insi ?
source Source address translation
R1(config)#ip nat insi source ?
list Specify access list describing local addresses
static Specify static local->global mapping
R1(config)#ip nat insi source list ?
<1-199> Access list number for local addresses
WORD Access list name for local addresses
R1(config)#ip nat insi source list 1 ?
interface Specify interface for global address
pool Name pool of global addresses
R1(config)#ip nat insi source list 1 pool ?
WORD Name pool of global addresses
R1(config)#ip nat insi source list 1 pool apple ?
overload Overload an address translation
<cr>
R1(config)#ip nat insi source list 1 pool apple overload
R1(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
R1(config)#access-list 1 ?
deny Specify packets to reject
permit Specify packets to forward
remark Access list entry comment
R1(config)#access-list 1 permit ?
A.B.C.D Address to match
any Any source host
host A single host address
R1(config)#access-list 1 permit 192.168.1.0 0.0.0.255
R1(config)#int fa0/0
R1(config-if)#ip ?
access-group Specify access control for packets
address Set the IP address of an interface
hello-interval Configures IP-EIGRP hello interval
helper-address Specify a destination address for UDP broadcasts
inspect Apply inspect name
ips Create IPS rule
mtu Set IP Maximum Transmission Unit
nat NAT interface commands
ospf OSPF interface commands
split-horizon Perform split horizon
summary-address Perform address summarization
virtual-reassembly Virtual Reassembly
R1(config-if)#ip nat ?
inside Inside interface for address translation
outside Outside interface for address translation
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#int s2/0
R1(config-if)#ip nat ?
inside Inside interface for address translation
outside Outside interface for address translation
R1(config-if)#ip nat outside
R1(config-if)#
<참고>
- PAT는 공유기가 하는 것으로 하나의 공인IP로 여러개의 사설IP를 이용할 수 있게한다
- 공유기는 방화벽역할을 하고 IP를 효율적으로 사용가능하게 한다
- NAT 테이블로 관리한다, 즉 사설IP하나와 공인IP하나를 매칭한다
- 내부 IP주소를 숨김으로서 보안상의 기능을 획득할 수 있다
- NAT 설정 방법
R1(config)#ip nat pool ? -> 이름 생성
WORD Pool name
R1(config)#ip nat pool apple ? -> 로컬주소 처음주소 지정
A.B.C.D Start IP address
R1(config)#ip nat pool apple 172.16.1.1 ? -> 로컬주소 마지막주소 지정
A.B.C.D End IP address
R1(config)#ip nat pool apple 172.16.1.1 172.16.1.1 ? -> 로컬주소의 네트워크마스크
netmask Specify the network mask
R1(config)#ip nat pool apple 172.16.1.1 172.16.1.1 netmask ?
A.B.C.D Network mask
R1(config)#ip nat pool apple 172.16.1.1 172.16.1.1 netmask 255.255.255.252 -> 완성
R1(config)#ip nat ?
inside Inside address translation -> 내부 주소 변환
outside Outside address translation -> 공인 주소 변환
pool Define pool of addresses
R1(config)#ip nat insi ?
source Source address translation
R1(config)#ip nat insi source ?
list Specify access list describing local addresses
static Specify static local->global mapping
R1(config)#ip nat insi source list ?
<1-199> Access list number for local addresses
WORD Access list name for local addresses
R1(config)#ip nat insi source list 1 ?
interface Specify interface for global address
pool Name pool of global addresses
R1(config)#ip nat insi source list 1 pool ?
WORD Name pool of global addresses
R1(config)#ip nat insi source list 1 pool apple ?
overload Overload an address translation
<cr>
R1(config)#ip nat insi source list 1 pool apple overload
R1(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
R1(config)#access-list 1 ?
deny Specify packets to reject
permit Specify packets to forward
remark Access list entry comment
R1(config)#access-list 1 permit ?
A.B.C.D Address to match
any Any source host
host A single host address
R1(config)#access-list 1 permit 192.168.1.0 0.0.0.255
R1(config)#int fa0/0
R1(config-if)#ip ?
access-group Specify access control for packets
address Set the IP address of an interface
hello-interval Configures IP-EIGRP hello interval
helper-address Specify a destination address for UDP broadcasts
inspect Apply inspect name
ips Create IPS rule
mtu Set IP Maximum Transmission Unit
nat NAT interface commands
ospf OSPF interface commands
split-horizon Perform split horizon
summary-address Perform address summarization
virtual-reassembly Virtual Reassembly
R1(config-if)#ip nat ?
inside Inside interface for address translation
outside Outside interface for address translation
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#int s2/0
R1(config-if)#ip nat ?
inside Inside interface for address translation
outside Outside interface for address translation
R1(config-if)#ip nat outside
R1(config-if)#
<참고>
- PAT는 공유기가 하는 것으로 하나의 공인IP로 여러개의 사설IP를 이용할 수 있게한다
- 공유기는 방화벽역할을 하고 IP를 효율적으로 사용가능하게 한다
댓글 없음:
댓글 쓰기