N in, Figure 18 – H3C Technologies H3C SecBlade FW Cards User Manual

25

Figure 18 Network diagram for NAT DNS mapping

2.

Configuration procedure

# As shown in

Figure 18

, configure the IP addresses for the interfaces (omitted).

# Enter the view of interface GigabitEthernet 0/2.

<Secpath> system-view

[Secpath] interface gigabitethernet 0/2

# Configure the internal web server.

[Secpath-GigabitEthernet0/2] nat server protocol tcp global 202.38.1.2 inside 10.110.10.1

www

# Configure the internal FTP server.

[Secpath-GigabitEthernet0/2] nat server protocol tcp global 202.38.1.2 inside 10.110.10.2

ftp

[Secpath-GigabitEthernet0/2] quit

# Configure two DNS mapping entries: map the domain name www.server.com of the web server to
202.38.1.2, and ftp.server.com of the FTP server to 202.38.1.2.

[Secpath] nat dns-map domain www.server.com protocol tcp ip 202.38.1.2 port www

[Secpath] nat dns-map domain ftp.server.com protocol tcp ip 202.38.1.2 port ftp

[Secpath] quit

3.

Verification

# After completing the configurations, display the DNS mapping configuration information.

<Secpath> display nat dns-map

NAT DNS mapping information:

There are currently 2 NAT DNS mapping(s)

Domain-name: www.server.com

Global-IP : 202.38.1.2

Global-port: 80(www)

Protocol : 6(TCP)

Domain-name: ftp.server.com

Global-IP : 202.38.1.2

Global-port: 21(ftp)

Protocol : 6(TCP)

Host A and Host B can use the domain name www.server.com to access the web server, and use
ftp.server.com to access the FTP server.

FTP server

10.110.10.2/16

Host A

10.110.10.3/16

Internet

GE0/1

10.110.10.10/16

GE0/2
202.38.1.1/24

Web server

10.110.10.1/16

DNS server

202.38.1.4/24

Host B

202.38.1.10/24

SecPath