地址池方式NAT地址转换CREATEDATE\@"yyyy-MM-dd"\*MERGEFORMAT2009-05-31第页,共NUMPAGES\*Arabic\*MERGEFORMAT3页地址池方式NAT地址转换192.0.0.1/24G0/0G0/0RTARTBSWBSWA192.0.0.2/24202.0.1.1/24202.0.0.1/24功能需求及组网说明S1/0S1/0PCB（FTP）PCDPCCPCA202.0.1.3/24202.0.1.2/24202.0.0.3/24202.0.0.2/24『配置环境参数』路由器RTA模拟整个企业网，用另一台路由器RTB模拟外部网；RTA与SWA相连，RTB与SWB相连;RTA与RTB通过串口互连；PCB为企业网内FTP服务器；路由器与主机IP地址如上图所示。『组网需求』学习配置地址转换功能，灵活设计防火墙；使用地址池方转换，转换时可以任意从地址池中选取一个地址进行转换；允许PCA访问外部网络，允许内部服务器PCB访问外部网络，禁止所有包通过；允许特定外部主机PCC访问内部服务器PCB，禁止其他外部用户访问内部服务器。数据配置步骤【RTA路由器配置】<RTA><RTA>system-view[RTA]interfaceGigabitEthernet0/0[RTA-GigabitEthernet0/0]ipaddress202.0.0.124[RTA-GigabitEthernet0/0]quit[RTA]interfaceSerial1/0[RTA-Serial1/0]ipaddress192.0.0.124[RTA-Serial1/0]quit[RTA]firewallenable//启动防火墙功能[RTA]firewalldefaultpermit[RTA]nataddress-group0192.0.0.3192.0.0.67[RTA]aclnumber3000match-orderauto[RTA-acl-adv-3000]rule0permitipsource202.0.0.20[RTA-acl-adv-3000]rule1permitipsource202.0.0.30[RTA-acl-adv-3000]rule2denyip[RTA-acl-adv-3000]rule3denytcpsource202.0.0.30destination202.0.1.30[RTA-acl-adv-3000]quit[RTA]aclnumber3001match-orderauto[RTA-acl-adv-3001]rule0permitipsource202.0.1.20destination192.0.0.10[RTA-acl-adv-3001]rule1denyipdestination192.0.0.10[RTA-acl-adv-3001]quit[RTA]interfaceGigabitEthernet0/0[RTA-GigabitEthernet0/0]firewallpacket-filter3000inbound[RTA-GigabitEthernet0/0]quit[RTA]interfaceSerial1/0[RTA-Serial1/0]firewallpacket-filter3001inbound[RTA-Serial1/0]natoutbound3000address-group0[RTA-Serial1/0]natserverprotocoltcpglobal192.0.0.1ftpinside202.0.0.3ftp[RTA-Serial1/0][RTA]rip//启动路由协议[RTA-rip-1]network192.0.0.0[RTA-rip-1]network202.0.0.0[RTA-rip-1]quit[RTA]【RTB路由器配置】<RTB><RTB>system-view[RTB]interfaceGigabitEthernet0/0[RTB-GigabitEthernet0/0]ipaddress202.0.1.124[RTB-GigabitEthernet0/0]quit[RTB]interfaceSerial1/0[RTB-Serial1/0]ipaddress192.0.0.224[RTB-Serial1/0]quit[RTB]rip[RTB-rip-1]network202.0.1.0[RTB-rip-