nat server protocol global inside
Function
The nat server protocol global inside command configures a protocol for an internal server in a simplified NAT instance.
The undo nat server protocol global inside command deletes a protocol for an internal server in a simplified NAT instance.
By default, no protocol is specified for an internal server.
This command is supported only on the NetEngine 8000 F1A.
Format
nat server protocol { tcp | udp | protocol-number } global global-address [ global-protocol ] [ vpn-instance vpn-instance-name ] inside host-address [ host-protocol ] [ vpn-instance vpn-instance-name ] [ redirect ip-addr { inbound | outbound } ]
undo nat server protocol { tcp | udp | protocol-number } global global-address [ global-protocol ] [ vpn-instance vpn-instance-name ] inside host-address [ host-protocol ] [ vpn-instance vpn-instance-name ] [ redirect ip-addr { inbound | outbound } ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| tcp |
Indicates that an internal server runs TCP. |
- |
| udp |
Indicates that an internal server runs UDP. |
- |
| protocol-number |
Specifies a protocol number. |
The value is an integer ranging from 1 to 255. |
| global global-address |
Specifies the external IP address of the server. |
The value is in dotted decimal notation. |
| global-protocol |
Specifies the protocol that an internal server runs to communicate with an external device. For example, the protocol can be PoP2, PoP3, or SMTP.
|
The value is a string of 1 to 31 case-sensitive characters. It cannot contain spaces. |
| vpn-instance vpn-instance-name |
Specifies the name of a VPN instance to which an internal server belongs. |
The value is a string of 1 to 31 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
| inside host-address |
Specifies the private IP address of an internal server. |
The value is in dotted decimal notation. |
| host-protocol |
Specifies the protocol that an internal server runs. For example, the protocol can be PoP2, PoP3, or SMTP.
|
The value is a string of 1 to 31 case-sensitive characters. It cannot contain spaces. |
| redirect ip-addr |
Specifies a redirected next-hop IP address. If traffic passing through a server has a conflicting next-hop IP address, configure this parameter so that the traffic is redirected to a specified next-hop IP address. |
The value is in dotted decimal notation. |
| inbound |
Redirects user-to-network packets to a next hop. |
- |
| outbound |
Redirects user-to-network packets to a next hop. |
- |
Usage Guidelines
Usage Scenario
NAT can be configured to allow users on a private network to access public network services, while hiding the structure of the private network and devices on the private network. In this case, a user on an external network cannot communicate with a private network user.
To address this problem, the internal server function can be configured on the private network. The internal server function enables a NAT device to translate a public IP address into a private IP address based on either of the following entries:- A static mapping entry that contains a private IP address, a private port number, a public IP address, and a public port number
- A static mapping entry that contains a private IP address and a public IP address If each internal server is assigned multiple public IP addresses, run the nat server protocol command to configure protocols used by an internal server.
Example
<HUAWEI> system-view [~HUAWEI] nat instance nat1 id 1 simple-configuration [*HUAWEI-nat-instance-nat1] commit [~HUAWEI-nat-instance-nat1] quit [~HUAWEI] nat server protocol tcp global 192.168.12.12 ftp inside 10.12.12.12 ftp