H3C Routers
NAT DNS Mapping
Configuration Examples

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Contents

Introduction· 1

Prerequisites· 1

Example: Configuring NAT DNS mapping· 1

Network configuration· 1

Analysis· 2

Software versions used· 2

Procedures· 2

Verifying the configuration· 2

Configuration files· 4

Related documentation· 4

 

Introduction

The following information provides examples for configuring NAT DNS mapping on routers.

Prerequisites

This document applies to Comware 9-based routers. Procedures and information in the examples might be slightly different depending on the software or hardware version of the router.

The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.

This document assumes that you have basic knowledge of NAT.

Example: Configuring NAT DNS mapping

Network configuration

As shown in Figure 1, the internal Web server at 10.0.0.2/24 provides Web services for external users. The private network has three public addresses 172.31.123.201 to 172.31.123.203. The DNS server at 172.31.123.181 is on the public network.

Configure NAT so that both internal and external hosts can access the internal server by using their domain names.

Figure 1 Network diagram

‌

Analysis

·     Configure a NAT server mapping to map the private IP address and port of the internal server to a public address and port so that external users can access the internal server.

·     Configure NAT DNS mapping and ALG so that the public IP address of the internal server in the payload of the DNS response packet can be translated to the private IP address.

Software versions used

This configuration example was created and verified on R9141P16 of the MSR2630E-X1 device.

Procedures

# Specify IP addresses for GigabitEthernet 0/0/1 and GigabitEthernet 0/0/2.

<Router> system-view

[Router] interface gigabitethernet 0/0/2

[Router-GigabitEthernet0/0/2] ip address 172.31.123.201 24

[Router-GigabitEthernet0/0/2] quit

[Router] interface gigabitethernet 0/0/1

[Router-GigabitEthernet0/0/1] ip address 10.0.0.1 24

[Router-GigabitEthernet0/0/1] quit

# Enable NAT ALG for DNS.

[Router] nat alg dns

# Configure NAT Server to allow external hosts to access the internal Web server by using address 172.31.123.202.

[Router] interface gigabitethernet 0/0/2

[Router-GigabitEthernet0/0/2] nat server protocol tcp global 172.31.123.202 inside 10.0.0.2 http

[Router-GigabitEthernet0/0/2] nat outbound

[Router-GigabitEthernet0/0/2] quit

# Configure a NAT DNS mapping entry by mapping domain name www.server.com of the Web server to 172.31.123.202.

[Router] nat dns-map domain www.server.com protocol tcp ip 172.31.123.202 port http

[Router] quit

Verifying the configuration

# Verify that both internal and external hosts can access the internal server by using domain names. (Details not shown.)

# Display all NAT configuration and statistics.

<Router> display nat all

NAT internal server information:

  Totally 1 internal servers.

  Interface: GigabitEthernet0/0/2

    Protocol: 6(TCP)

    Global IP/port: 172.31.123.202/80

    Local  IP/port: 10.0.0.2/80

    NAT counting  : 0

    Config status : Active

 

NAT DNS mapping information:

  Totally 1 NAT DNS mappings.

  Domain name: www.server.com

  Global IP  : 172.31.123.202

  Global port: 80

  Protocol   : TCP(6)

  Config status: Active

 

NAT logging:

  Log enable          : Disabled

  Flow-begin          : Disabled

  Flow-end            : Disabled

  Flow-active         : Disabled

  Port-block-assign   : Disabled

  Port-block-withdraw : Disabled

  Alarm               : Disabled

  NO-PAT IP usage     : Disabled

 

NAT mapping behavior:

  Mapping mode: Address and Port-Dependent

  ACL         : ---

  Config status: Active

 

NAT ALG:

  DNS        : Enabled

  FTP        : Enabled

  H323       : Enabled

  ICMP-ERROR : Enabled

  ILS        : Enabled

  MGCP       : Enabled

  NBT        : Enabled

  PPTP       : Enabled

  RTSP       : Enabled

  RSH        : Enabled

  SCCP       : Enabled

  SCTP       : Enabled

  SIP        : Enabled

  SQLNET     : Enabled

  TFTP       : Enabled

  XDMCP      : Enabled

 

Static NAT load balancing:     Disabled

 

NAT link-switch recreate-session: Disabled

 

NAT configuration-for-new-connection: Disabled

 

NAT global-policy compatible-previous-version rule-type ipv4-snat-and-dnat trans

late-before-secp : Disabled

Configuration files

#

interface GigabitEthernet0/0/1

 port link-mode route

 ip address 10.0.0.1 255.255.255.0

#

interface GigabitEthernet0/0/2

 port link-mode route

 ip address 172.31.123.201 255.255.255.0

 nat outbound

 nat server protocol tcp global 172.31.123.202 80 inside 10.0.0.2 80

#

nat alg dns

nat dns-map domain www.server.com protocol tcp ip 172.31.123.202 port 80

#

Related documentation

·     NAT and IPv6 Transition Technologies Configuration Guide in H3C MSR1000[2600][3600] Routers Configuration Guides(V9)

·     NAT and IPv6 Transition Technologies Command Reference in H3C MSR1000[2600][3600] Routers Command References(V9)