单接接口 做 NAT

nfshanq

一般来说做NAT的时候都是要两个物理接口的。
但是，如果条件有限有的时候只有一个物理接口，而且有不需要创建Dialer的接口的时候。
用下面的 配置来实现：
Building configuration...
Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
!
!
!
!
ip subnet-zero
!
!
!
!
interface Loopback0
ip address 172.16.2.254 255.255.255.252
ip nat inside
!
interface Ethernet0/0
ip address 172.16.1.254 255.255.255.0 secondary
ip address 221.13.145.18 255.255.255.248
ip nat outside
ip policy route-map china-glass
full-duplex
!
interface BRI0/0
no ip address
shutdown
!
interface BRI0/1
no ip address
shutdown
!
ip nat pool glass 221.13.145.19 221.13.145.20 prefix-length 29
ip nat inside source list 10 pool glass overload
ip classless
ip route 0.0.0.0 0.0.0.0 221.13.145.17
ip route 172.16.1.0 255.255.255.0 Ethernet0/0
no ip http server
!
access-list 10 permit 172.16.1.0 0.0.0.255
access-list 101 permit ip 172.16.1.0 0.0.0.255 any
access-list 101 permit ip any 221.13.145.16 0.0.0.7
route-map china-glass permit 10
match ip address 101
set interface loopback 0
!
!
line con 0
transport input none
line aux 0
line vty 0 4
!
no scheduler allocate
end
Router#sh arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.16.1.253           21   0000.b4c1.0412  ARPA   Ethernet0/0
Internet  172.16.1.254            -   0003.e396.ee40  ARPA   Ethernet0/0
Internet  221.13.145.17           7   0004.4e2d.1ffc  ARPA   Ethernet0/0
Internet  221.13.145.18           -   0003.e396.ee40  ARPA   Ethernet0/0
Router#ping 221.13.145.17
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 221.13.145.17, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Router#


本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u/1397/showart_16229.html