Function of allowing a server to access the Internet using the public IP address in NAT server mode

21

When this function is used, the device can translate the private IP address of an intranet server to a public IP address, so that the server can use the public IP address to access the Internet.
When this function is not used, the device cannot translate the private IP address to the public IP address, so that the server is prohibited to positively initiate a connection to the Internet.
Considering the security, this function should be disabled if there is no requirement for positive server access to the Internet.

Other related questions:
Whether an address in the NAT address pool can be configured as a public IP address for NAT Server
Yes.

How to configure an AR to allow only one public IP address to access intranet servers
To configure an AR to allow only one public IP address to access intranet servers, configure an ACL when you configure a NAT server.
For example, you can perform the following configurations to allow only public address 1.1.1.1 to access the intranet server (public address 2.1.1.1 and private address 10.1.1.22):
Configure an ACL to permit the source IP address 1.1.1.1.
acl number 2005
 rule 5 permit source 1.1.1.1 0 
Configure a NAT server and bind the ACL.
interface GigabitEthernet0/0/3
 nat server protocol tcp global 2.1.1.1 ftp inside 10.1.1.22 ftp acl 2005                                                            

Configure NAT on the AR to permit Internet access and allow external users to access internal servers
Huawei AR routers support outbound NAT and NAT server to allow the intranet users to access the Internet and external users to access internal servers. The figure on the right page shows the networking diagram. Eth2/0/0 on the router connects to the internal network and its intranet IP address is 192.168.20.1/24. GE3/0/0 on the router connects to the external network and its extranet IP address is 202.169.10.1/24. The internal server has an internal IP address 192.168.20.2/24 and an external IP address 202.169.10.5. The internal host with the IP address 192.168.20.3/24 wants to access the internal server. The configuration details are as follows: 1. Configure IP addresses for interfaces on the router. [Huawei] vlan 100 [Huawei-vlan100] quit [Huawei] interface vlanif 100 [Huawei-Vlanif100] ip address 192.168.20.1 24 [Huawei-Vlanif100] quit [Huawei] interface ethernet 2/0/0 [Huawei-Ethernet2/0/0] port link-type access [Huawei-Ethernet2/0/0] port default vlan 100 [Huawei-Ethernet2/0/0] quit [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] ip address 202.169.10.1 24 [Huawei-GigabitEthernet3/0/0] quit 2. Configure a default route with next-hop address 202.169.10.2 on the router. [Huawei] ip route-static 0.0.0.0 0.0.0.0 202.169.10.2 3. Configure outbound NAT in Easy IP mode to allow internal users to access external networks. [Huawei] acl 2000 [Huawei-acl-basic-2000] rule 5 permit source 192.168.20.0 0.0.0.255 [Huawei-acl-basic-2000] quit [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] nat outbound 2000 4. Configure the NAT server to allow external users to access the internal servers. [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.5 www inside 192.168.20.2 8080 [Huawei-GigabitEthernet3/0/0] quit Note: The command that configures the NAT server function takes effect on Layer 3 interfaces, excluding Loopback and NULL interfaces.

An internal user cannot access the internal server through the public address
An intranet user cannot use a public address to access an intranet server. Use the following method: 1. Check whether services on the intranet NAT server are running properly. 2. Check whether the NAT server is configured correctly. 3. Check the connection between the external host and NAT server and the configurations of the connected interfaces. 4. Check that the intranet NAT server is configured with the correct gateway address or route.

What is the difference between the Static NAT and NAT Server on AR router?
The difference between NAT Server and NAT Static configuration is: NAT Server to access the Internet from intranet, only do address replace, but NAT Static for network address; active access outside the network will also replace the address and port number.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top