Configure NAT on the AR router to allow internal hosts to access internal servers using a domain name

If no intranet DNS servers are used and DNS domain names need to be used to access internal servers on an enterprise network, internal users have to send packets carrying DNS domain names to access a DNS server on a public network. A Huawei AR router allows internal and external users to access internal servers through domain names by configuring the NAT server and DNS mapping. The web server uses internal IP address 192.168.0.100/24 and port 8080. The web server has a public address of 202.10.1.3/24 and domain name of www.TestNat.com. The configuration is as follows:

1. Assign IP addresses to interfaces on the router.
[Huawei] interface Ethernet0/0/0
[Huawei-Ethernet0/0/0] ip address 192.168.0.1 24
[Huawei-Ethernet0/0/0] quit
[Huawei] interface GigabitEthernet2/0/0
[Huawei-GigabitEthernet2/0/0] ip address 202.10.1.2 24
[Huawei-GigabitEthernet2/0/0] quit
2. Configure a default route and specify the next hop address as 202.10.1.1.
[Huawei] ip route-static 0.0.0.0 0.0.0.0 202.10.1.1
3. Configure the NAT server and outbound NAT in Easy IP mode on GE2/0/0.
[Huawei] acl number 2000
[Huawei-acl-basic-2000] rule 5 permit source 192.168.0.0 0.0.0.255
[Huawei-acl-basic-2000] quit
[Huawei] interface GigabitEthernet2/0/0
[Huawei-GigabitEthernet2/0/0] nat server protocol tcp global 202.10.1.3 www inside 192.168.0.100 8080
[Huawei-GigabitEthernet2/0/0] nat outbound 2000
[Huawei-GigabitEthernet2/0/0] quit
4. Enable NAT ALG for DNS and DNS mapping.
[Huawei] nat alg dns enable
[Huawei] nat dns-map www.testnat.com 202.10.1.3 80 tcp
[Huawei] quit

Scroll to top