华为路由器映射端口

解决方案
V200R009以前版本 通过ACL方式配置实现  
eg:映射15000-19000连续端口

```
[Huawei]acl 3001           //创建高级ACL     
[Huawei-acl-adv-3001]rule 5 permit tcp destination-port range 15000 19000        //匹配端口15000-19000
[Huawei-acl-adv-3001]quit        //退出
[Huawei]int GigabitEthernet 0/0/2            //进入接口
[Huawei-GigabitEthernet0/0/2]nat server global current-interface inside 192.168.5.100 acl 3001        //应用ACL

```

V200R009版本开始可以通过如下命令配置实现：
（AR2220E-S是V200R009）
```
[Huawei]int GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]nat static protocol tcp global current-interface 9000 inside 172.16.6.2 9000 netmask 255.255.255.255 //映射单个IP
[Huawei-GigabiEthernet0/0/0] net static protocol tcp global interface GigabitEthernet0/0/1 9000 inside 17.16.6.2 9000 netmask 255.255.255.255
[Huawei-GigabitEthernet0/0/1]nat static protocol tcp global current-interface 9000 9100 inside 172.16.6.2 9000 9100 netmask 255.255.255.255       //映射多个
[Huawei-GigabiEthernet0/0/0] net static protocol tcp global interface GigabitEthernet0/0/1 9000 9100 inside 17.16.6.2 9000 9100 netmask 255.255.255.255
```
注意事项：
V200R009以前版本，公网接口下如果映射的公网地址是同一个，nat server只能配置一条，后配置的会覆盖前面的配置
V200R009版本开始，配置了批量端口映射后 还可以配置其它的端口映射

##实现内网使用外网IP访问方式：
```
acl number 3322        //创建高级ACL匹配规则
[Huawei-acl-dev-3322] rule 5 permit ip source 172.16.0.0 0.0.255.255 destination 172.16.0.0 0.0.255.255   //匹配源地址跟目标地址
interface GigabitEthernet 0/0/0  //进入内网接口
[interface GigabitEthernet 0/0/0] nat outbound 3322        //应用acl 
```

##内网设备互访案例
```
[Huawei] acl 3000                                   
[Huawei-acl-adv-3000] rule permit ip source 10.9.0.0 0.0.255.255 destination 10.38.160.0 0.0.0.255     //匹配允许内网互访的数据流               
[Huawei] traffic classifier c1                       
[Huawei-classifier-c1] if-match acl  3000            
[Huawei-classifier-c1] quit                          
[Huawei] traffic behavior b1                         
[Huawei-behavior-b1] permit
[Huawei-behavior-b1] quit

[Huawei] acl 3001                                  
[Huawei-acl-adv-3001] rule permit ip source 10.9.0.0 0.0.255.255   //匹配做策略路由的网段
[Huawei] traffic classifier c2                       
[Huawei-classifier-c2] if-match acl  3001           
[Huawei-classifier-c2] quit                          
[Huawei] traffic behavior b2                        
[Huawei-behavior-b2] redirect ip-nexthop 111.1.1.1   
[Huawei-behavior-b2] quit

[Huawei] traffic policy p1                           
[Huawei-trafficpolicy-p1] classifier c1 behavior b1  //先调用允许内网互访的
[Huawei-trafficpolicy-p1] classifier c2 behavior b2   //再调用做策略路由的

[Huawei] interface ethernet 0/0/2
[Huawei-Ethernet0/0/2] traffic-policy p1 inbound     
[Huawei-Ethernet0/0/2] quit
```

回复 / 取消回复