How do I configure batch port mapping

When a private IP address and a range of consecutive port numbers need to be mapped to a public IP address and a range of consecutive port numbers, you can reference an ACL to complete batch port mapping configuration.

On the private network shown in the right figure, multiple consecutive ports of a server need to be open to users on the public network. The private IP address of the server is 192.168.2.2/24, its server port is in the range of 2000-4000 or 5000, and its public IP address is 202.1.22.3/24. The interconnected IP address on the carrier network is 202.1.22.10. The private IP address and ports 2000-4000 and 5000 of the internal server need to be mapped to public IP address 202.1.22.3 and corresponding ports.


Procedure



  1. Set the IP address for the interface.

    <Huawei> system view
    [Huawei] sysname Router
    [Router] vlan 100
    [Router-vlan100] quit
    [Router] interface vlanif 100
    [Router-Vlanif100] ip address 192.168.2.1 24
    [Router-Vlanif100] quit
    [Router] interface ethernet 2/0/0
    [Router-Ethernet2/0/0] port link-type access
    [Router-Ethernet2/0/0] port default vlan 100
    [Router-Ethernet2/0/0] quit
    [Router] interface GigabitEthernet 1/0/0
    [Router-GigabitEthernet1/0/0] ip address 202.1.22.4 24
    [Router-GigabitEthernet1/0/0] quit

  2. Create an ACL that matches the port numbers to be mapped.

    [Router] acl number 3001
    [Router-acl-adv-3001] rule 5 permit tcp destination-port range 2000 4000
    [Router-acl-adv-3001] rule 5 permit tcp destination-port eq 5000
    [Router-acl-adv-3001] quit

  3. Configure NAT server and reference the ACL.

    [Router] interface gigabitethernet 1/0/0
    [Router-GigabitEthernet1/0/0] nat server global 202.1.22.3 inside 192.168.2.2 acl 3001
    [Router-GigabitEthernet1/0/0] quit

  4. Configure a default route on the router, with 202.1.22.10 as the next-hop address.

    [Router] ip route-static 0.0.0.0 0.0.0.0 202.1.22.10

More information


.
Referencing an ACL to batch configure port mapping completes the mapping of consecutive port numbers and reduces the configuration workload. You do not need to run the nat server command on interfaces one by one. Additionally, to change the range of port numbers, you only need to change the ACL rules for future maintenance. One public IP address can be used for batch port mapping configuration only once. If other internal servers need to provide services for public network users, use other public IP addresses for port mapping configuration.

Scroll to top