Configure NAT on the AR router to allow internal hosts to access internal servers using a domain name

If no intranet DNS servers are used and DNS domain names need to be used to access internal servers on an enterprise network, internal users have to send packets carrying DNS domain names to access a DNS server on a public network. A Huawei AR router allows internal and external users to access internal servers through domain names by configuring the NAT server and DNS mapping. The web server uses internal IP address and port 8080. The web server has a public address of and domain name of The configuration is as follows:

1. Assign IP addresses to interfaces on the router.
[Huawei] interface Ethernet0/0/0
[Huawei-Ethernet0/0/0] ip address 24
[Huawei-Ethernet0/0/0] quit
[Huawei] interface GigabitEthernet2/0/0
[Huawei-GigabitEthernet2/0/0] ip address 24
[Huawei-GigabitEthernet2/0/0] quit
2. Configure a default route and specify the next hop address as
[Huawei] ip route-static
3. Configure the NAT server and outbound NAT in Easy IP mode on GE2/0/0.
[Huawei] acl number 2000
[Huawei-acl-basic-2000] rule 5 permit source
[Huawei-acl-basic-2000] quit
[Huawei] interface GigabitEthernet2/0/0
[Huawei-GigabitEthernet2/0/0] nat server protocol tcp global www inside 8080
[Huawei-GigabitEthernet2/0/0] nat outbound 2000
[Huawei-GigabitEthernet2/0/0] quit
4. Enable NAT ALG for DNS and DNS mapping.
[Huawei] nat alg dns enable
[Huawei] nat dns-map 80 tcp
[Huawei] quit

Scroll to top