Overload NAT

Overload NAT 설정
Router(config)#access-list access-list number permit source [source-wildcard]
- ACL을 이용하여 변환할 내부 로컬 주소 범위 지정

Router(config)#ip nat inside source list access-list number interface overload
- ip nat inside source list 명령어를 오버로딩 될 어드레스로 사용할 인터페이스 명시

- 외부 <----outside----- Router -----inside-----> 내부

-----------------------------------------------------------------------------------------------------


Overload NAT 설정을 통해 10.1.1.0/24 네트워크에 소속된 호스트들의 인터넷 접근이 가능하게 하시오.

Router 4의 설정

Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#int fa 0/0
Router(config-if)#ip add 172.69.232.1 255.255.255.0
Router(config-if)#no sh
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Router(config-if)#exit
Router(config)#int fa 0/1
Router(config-if)#ip add 10.1.1.1 255.255.255.0
Router(config-if)#no sh
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
Router(config-if)#exit

- Overload NAT 설정 -
Router(config)#access-list 1 permit 10.1.1.0 0.0.0.255
- access-list의 그룹 넘버를 1로 정의하고 10.1.1.0 대역을 설정한다.
Router(config)#ip nat inside source list 1 interface fa0/0 overload
- ACL을 이용해서 interface fa0/0에 오버로드 시킨다. (interface fa0/0에 IP주소가 설정되어 있어 port가 자동으로 변경시킨다.)
Router(config)#int fa 0/1
Router(config-if)#ip nat inside  - interface 0/1이 내부 네트워크로 연결된 포트이다.
Router(config-if)#exit
Router(config)#int fa 0/0
Router(config-if)#ip nat outside  - interface 0/0이 외부 네트워크로 연결된 포트이다.
Router(config-if)#exit

-----------------------------------------------------------------------------------------------------

Router 5의 설정

Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#int fa 0/0
Router(config-if)#ip add 172.69.232.2 255.255.255.0
Router(config-if)#no sh
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

-----------------------------------------------------------------------------------------------------

PC8의 설정

PC>ping 172.69.232.2   - Router 5로의 연결 확인
Pinging 172.69.232.2 with 32 bytes of data:

Reply from 172.69.232.2: bytes=32 time=93ms TTL=254
Reply from 172.69.232.2: bytes=32 time=94ms TTL=254
Reply from 172.69.232.2: bytes=32 time=49ms TTL=254
Reply from 172.69.232.2: bytes=32 time=78ms TTL=254

Ping statistics for 172.69.232.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 49ms, Maximum = 94ms, Average = 78ms

--------------------------------------------------------------

PC9의 설정

PC>ping 172.69.232.2  - Router 5로의 연결 확인
Pinging 172.69.232.2 with 32 bytes of data:

Reply from 172.69.232.2: bytes=32 time=94ms TTL=254
Reply from 172.69.232.2: bytes=32 time=94ms TTL=254
Reply from 172.69.232.2: bytes=32 time=63ms TTL=254
Reply from 172.69.232.2: bytes=32 time=93ms TTL=254

Ping statistics for 172.69.232.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 63ms, Maximum = 94ms, Average = 86ms

-------------------------------------------------------------

PC10의 설정

PC>ping 172.69.232.2  - Router 5로의 연결 확인
Pinging 172.69.232.2 with 32 bytes of data:

Reply from 172.69.232.2: bytes=32 time=94ms TTL=254
Reply from 172.69.232.2: bytes=32 time=78ms TTL=254
Reply from 172.69.232.2: bytes=32 time=94ms TTL=254
Reply from 172.69.232.2: bytes=32 time=64ms TTL=254

Ping statistics for 172.69.232.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 64ms, Maximum = 94ms, Average = 82ms

-----------------------------------------------------------------------------------------------------

설정 확인 - Router 4

Router#show ip nat translations 
Pro  Inside global     Inside local       Outside local      Outside global
icmp 172.69.232.1:1    10.1.1.3:1         172.69.232.2:1     172.69.232.2:1
icmp 172.69.232.1:2    10.1.1.3:2         172.69.232.2:2     172.69.232.2:2
icmp 172.69.232.1:3    10.1.1.3:3         172.69.232.2:3     172.69.232.2:3
icmp 172.69.232.1:4    10.1.1.3:4         172.69.232.2:4     172.69.232.2:4
- 172.69.232.2  IP주소
- 1 포트번호
 
Router#show ip nat translations
Pro  Inside global     Inside local       Outside local      Outside global
icmp 172.69.232.1:1    10.1.1.3:1         172.69.232.2:1     172.69.232.2:1
icmp 172.69.232.1:2    10.1.1.3:2         172.69.232.2:2     172.69.232.2:2
icmp 172.69.232.1:3    10.1.1.3:3         172.69.232.2:3     172.69.232.2:3
icmp 172.69.232.1:4    10.1.1.3:4         172.69.232.2:4     172.69.232.2:4
icmp 172.69.232.1:1024 10.1.1.4:1         172.69.232.2:1     172.69.232.2:1024
icmp 172.69.232.1:1025 10.1.1.4:2         172.69.232.2:2     172.69.232.2:1025
icmp 172.69.232.1:1026 10.1.1.4:3         172.69.232.2:3     172.69.232.2:1026
icmp 172.69.232.1:1027 10.1.1.4:4         172.69.232.2:4     172.69.232.2:1027

Router#show ip nat translations
Pro  Inside global     Inside local       Outside local      Outside global
icmp 172.69.232.1:17   10.1.1.2:17        172.69.232.2:17    172.69.232.2:17
icmp 172.69.232.1:18   10.1.1.2:18        172.69.232.2:18    172.69.232.2:18
icmp 172.69.232.1:19   10.1.1.2:19        172.69.232.2:19    172.69.232.2:19
icmp 172.69.232.1:20   10.1.1.2:20        172.69.232.2:20    172.69.232.2:20
icmp 172.69.232.1:21   10.1.1.2:21        172.69.232.2:21    172.69.232.2:21
icmp 172.69.232.1:22   10.1.1.2:22        172.69.232.2:22    172.69.232.2:22
icmp 172.69.232.1:23   10.1.1.2:23        172.69.232.2:23    172.69.232.2:23
icmp 172.69.232.1:24   10.1.1.2:24        172.69.232.2:24    172.69.232.2:24
icmp 172.69.232.1:13   10.1.1.3:13        172.69.232.2:13    172.69.232.2:13
icmp 172.69.232.1:14   10.1.1.3:14        172.69.232.2:14    172.69.232.2:14
icmp 172.69.232.1:15   10.1.1.3:15        172.69.232.2:15    172.69.232.2:15
icmp 172.69.232.1:16   10.1.1.3:16        172.69.232.2:16    172.69.232.2:16
icmp 172.69.232.1:10   10.1.1.4:10        172.69.232.2:10    172.69.232.2:10
icmp 172.69.232.1:11   10.1.1.4:11        172.69.232.2:11    172.69.232.2:11
icmp 172.69.232.1:12   10.1.1.4:12        172.69.232.2:12    172.69.232.2:12
icmp 172.69.232.1:9    10.1.1.4:9         172.69.232.2:9     172.69.232.2:9
- 포트 번호가 자동으로 바뀌는 것을 알 수 있다.

overload-NAT.pkt