References
https://deltaconfig.com/ip-nat-outside/
My Lab Setting
Cisco
csr1000v#sh run
Building configuration...
Current configuration : 1391 bytes
!
! Last configuration change at 08:55:23 TPE Sun Oct 2 2022 by cisco
!
version 15.5
service timestamps debug datetime localtime
service timestamps log datetime localtime
no platform punt-keepalive disable-kernel-core
platform console auto
!
hostname csr1000v
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
clock timezone TPE 8 0
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
license udi pid CSR1000V sn 9VRJUL4JW2V
license boot level ax
spanning-tree extend system-id
!
username cisco privilege 15 secret 5 $1$7wax$evNlQZGH2VorRL3bm/SRV0
!
redundancy
!
!
interface GigabitEthernet1
ip address 192.168.1.1 255.255.255.252
ip nat outside
negotiation auto
!
interface GigabitEthernet2
ip address 172.16.1.1 255.255.255.0
ip nat inside
negotiation auto
!
interface GigabitEthernet3
ip address 192.168.100.10 255.255.255.0
negotiation auto
!
!
virtual-service csr_mgmt
ip shared host-interface GigabitEthernet1
!
ip nat outside source static 10.1.1.10 10.1.2.10
ip forward-protocol nd
!
no ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.1.2
ip route 10.1.2.10 255.255.255.255 10.1.1.10
!
!
snmp-server community cisco RO
!
!
control-plane
!
!
line con 0
stopbits 1
line vty 0 4
login local
transport input ssh
!
ntp server 168.95.195.12
!
end
csr1000v# sh ip nat translations
Pro Inside global Inside local Outside local Outside global
--- --- --- 10.1.2.10 10.1.1.10
tcp 172.16.1.10:47186 172.16.1.10:47186 10.1.2.10:22 10.1.1.10:22
Total number of translations: 2
csr1000v#
VyOS
vyos@VyOS-L3:~$ show configuration commands
set interfaces ethernet eth0 address '192.168.1.1/30'
set interfaces ethernet eth0 hw-id '00:0c:29:14:49:e0'
set interfaces ethernet eth1 address '172.16.1.1/24'
set interfaces ethernet eth1 hw-id '00:0c:29:14:49:ea'
set interfaces ethernet eth2 address '192.168.100.10/24'
set interfaces ethernet eth2 hw-id '00:0c:29:14:49:f4'
set interfaces loopback lo
set nat destination rule 10 destination address '10.1.2.10'
set nat destination rule 10 inbound-interface 'eth1'
set nat destination rule 10 log 'enable'
set nat destination rule 10 translation address '10.1.1.10'
set protocols static route 0.0.0.0/0 next-hop 192.168.1.2
set service ssh port '22'
set system config-management commit-revisions '100'
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system console device ttyS0 speed '115200'
set system host-name 'VyOS-L3'
set system login user vyos authentication encrypted-password '$6$tBrkCg.1Y8NuExC$Ivwq8e7//904.UjhwRtz4/9edu6MTczLalZHJnk20fJbZZA2dhWkSo/H6yQ/GBdOST9eUJlpehJwj0COhq1Wp1'
set system login user vyos authentication plaintext-password ''
set system ntp server time1.vyos.net
set system ntp server time2.vyos.net
set system ntp server time3.vyos.net
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'
vyos@VyOS-L3:~$ show nat destination rules
Disabled rules are not shown
Codes: X - exclude rule
rule intf translation
---- ---- -----------
10 eth1 daddr 10.1.2.10 to 10.1.1.10
proto-all dport ANY
vyos@VyOS-L3:~$ show nat destination statistics
rule pkts bytes interface
---- ---- ----- ---------
10 88 5304 eth1
vyos@VyOS-L3:~$ show nat destination translations
Pre-NAT Post-NAT Prot Timeout
10.1.2.10 10.1.1.10 tcp 431978
vyos@VyOS-L3:~$ show log nat
/var/log/messages:Oct 2 01:37:51 VyOS-L3 kernel: [ 1796.299962] [NAT-DST-10] IN=eth1 OUT= MAC=00:0c:29:14:49:ea:00:0c:29:7d:d6:23:08:00 SRC=172.16.1.10 DST=10.1.2.10 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=47467 DF PROTO=ICMP TYPE=8 CODE=0 ID=4811 SEQ=1
/var/log/messages:Oct 2 01:38:23 VyOS-L3 kernel: [ 1827.865467] [NAT-DST-10] IN=eth1 OUT= MAC=00:0c:29:14:49:ea:00:0c:29:7d:d6:23:08:00 SRC=172.16.1.10 DST=10.1.2.10 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=64953 DF PROTO=TCP SPT=58076 DPT=22 WINDOW=64240 RES=0x00 SYN URGP=0
沒有留言:
張貼留言