Configuring the Internal Server Function

The internal server function can be configured on a private network so that external users can access the server through a NAT device.

Usage Scenario

NAT can be configured to allow users on a private network to access public network services, while hiding the structure of the private network and devices on the private network. In this case, a user on an external network cannot communicate with a private network user.

To address this problem, the internal server function can be configured on the private network. The internal server function enables a NAT device to translate a public IP address into a private IP address based on either of the following entries:
  • A static mapping entry that contains a private IP address, a private port number, a public IP address, and a public port number
  • A static mapping entry that contains a private IP address and a public IP address

Pre-configuration Tasks

Before configuring the internal server function, complete the following tasks:
  • Configure basic NAT functions.
  • Configure NAT for traffic.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run nat instance instance-name [ id id ]

    The NAT instance view is displayed.

  3. (Optional) Run nat server-mode enable

    The address-level NAT server mode is enabled.

    User entries are set up during user access to the NAT server. By default, the public IP addresses of user entries are obtained from the NAT address pool. After the address-level NAT server mode is enabled, the public IP addresses of user entries are not obtained from the NAT address pool in address-level NAT server mode (configured using the nat server global command). However, in port-based NAT server mode (configured using the nat server protocol command), the public IP addresses of user entries are stilled obtained from the NAT address pool.

  4. Run either of the following commands to configure an internal server:

    • If each internal server is assigned a specific IP address, run the nat server global global-address [ vpn-instance vpn-instance-name ] inside inside-address [ vpn-instance vpn-instance-name ] command to configure an internal server.

    • If multiple internal servers are assigned the same IP address, run the nat server protocol { tcp | udp | protocol-number } global global-address [ global-protocol | global-port ] [ vpn-instance global-vpn-instance-name ] inside inside-address [ host-protocol | inside-port ] [ vpn-instance inside-vpn-instance-name ] command to configure an internal server that runs a specific protocol.

    • To save public IP addresses and allow an internal NAT server to reuse interface addresses, run the nat server protocol { tcp | udp | protocol-number }global unnumbered interface { interface-name | interface-type interface-number } [ global-protocol | global-port ] [ vpn-instance global-vpn-instance-name ] inside inside-address [ host-protocol | inside-port ] [ vpn-instance inside-vpn-instance-name ] command to create a reusing relationship between the internal NAT server and interface address.

  5. Run commit

    The configuration is committed.

    • If the nat server-mode enable command is not run, the public IP address of the address-level internal server must differ from an assigned public IP address in the NAT address pool.
    • If the nat server-mode enable command is not run, the NAT address pool must be configured in the NAT instance when you configure an address-level internal server.
    • The NAT address pool must be configured in the NAT instance when you configure a port-level internal server.

Verifying the Configuration

  • Run the display nat server-map [ dynamic | static ] [ ip ip-address | port port-number | vpn-instance vpn-instance-name | slot slot-id ] * command to check server-map entry information about an internal server.
Parent Topic: NAT Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >