本文详细介绍了H3C路由器的NAT配置包括Basic NAT一对一转换、NAPT一对多转换和Easy IP配置。还讨论了公网主动访问私网所需的NAT Server配置以及当公网地址不属于路由器接口地址网段时的静态路由设置问题。一、基础配置R1H3CsysSystem View: return to User View with CtrlZ.[H3C]sysn R1[R1]int g0/0[R1-GigabitEthernet0/0]ip add 192.168.1.254 24[R1-GigabitEthernet0/0]undo sh[R1-GigabitEthernet0/0]int g0/1[R1-GigabitEthernet0/1]ip add 100.1.1.1 24[R1-GigabitEthernet0/1]undo sh[R1-GigabitEthernet0/1]R2H3CsysSystem View: return to User View with CtrlZ.[H3C]sysn R2[R2]int g0/1[R2-GigabitEthernet0/1]ip add 100.1.1.2 24[R2-GigabitEthernet0/1]int g0/2[R2-GigabitEthernet0/2]ip add 100.2.1.1 24[R2-GigabitEthernet0/2]qu[R2]二、R1配置默认路由[R1]ip route-static 0.0.0.0 0 100.1.1.2三、Basic Nat转换一对一转换R1[R1]acl basic 2000[R1-acl-ipv4-basic-2000]rule 1 permit source 192.168.1.0 0.0.0.255[R1-acl-ipv4-basic-2000]qu[R1]nat address-group 1[R1-address-group-1]address 100.1.1.10 100.1.1.20[R1-address-group-1]int g0/1[R1-GigabitEthernet0/1]nat outbound 2000 address-group 1 no-pat //静态一对一转换[R1-GigabitEthernet0/1]qu四、NAPT一对多转换[R1]undo nat address-group 1[R1]int g0/1R1-GigabitEthernet0/1]undo nat outbound 2000R1-GigabitEthernet0/1]quR1]nat address-group 1R1-address-group-1]address 100.1.1.10 100.1.1.10[R1-address-group-1]int g0/1R1-GigabitEthernet0/1]nat outbound 2000 address-group 1 //不带no-pat表示端口转换[R1-GigabitEthernet0/1]qu五、Easy IP配置[R1]int g0/1[R1-GigabitEthernet0/1]undo nat outbound 2000[R1-GigabitEthernet0/1]nat outbound 2000[R1-GigabitEthernet0/1]qu//不需要地址池。私有网络转换公网地址就是G0/1是公网地址。六、NAT Server[R1]int g0/1[R1-GigabitEthernet0/1]nat server global 100.1.1.10 inside 192.168.1.1//为PCA绑定一个公网IP地址100.1.1.10[R1-GigabitEthernet0/1]nat server protocol tcp global 100.1.1.11 inside 192.168.1.1//绑定公网IP为公网提供其他服务。比如FTP、WWW等[R1-GigabitEthernet0/1]qu