其他分享
首页 > 其他分享> > ns nat rule

ns nat rule

作者:互联网

ns nat rule

 

NAT实现方式:

NAT的实现方式有三种,即静态转换(Static Nat)动态转换(Dynamic Nat)端口多路复用(OverLoad)

 

影响netscaler做NAT的参数主要分为以下8类:

 

使用调试工具进行抓包,并保存为兼容tcpdump格式。

> start nstrace -tcpdump ENABLED -link ENABLED -size 0
 Done
> 
> stop nstrace
 Done
> 

 

RNAT:
	Support: Static-SNAT / Dynamic-SNAT(default)
	Flow: 192.168.11.201(inside_ClientIP) <---> 192.168.30.191(outside_DestIP)
	192.168.11.201(inside_ClientIP) ---> 192.168.30.191(outside_DestIP)
	192.168.10.41(NATIP_SNIP) ---> 192.168.30.191(outside_DestIP) # Dynamic-SNAT
	192.168.30.191(outside_DestIP) ---> 192.168.10.41(NATIP_SNIP)
	192.168.30.191(outside_DestIP) ---> 192.168.11.201(inside_ClientIP)

INAT:
	Support: Static-DNAT(default)
	Flow: 192.168.30.201(outside_ClientIP) <---> 192.168.10.141(NAT_PublicIP)
	192.168.30.201(outside_ClientIP) ---> 192.168.10.141(NAT_PublicIP)
	192.168.11.1(inside_SNIP) ---> 192.168.11.61(NAT_PrivateIP) # Static-DNAT
	192.168.11.61(NAT_PrivateIP) ---> 192.168.11.1(inside_SNIP)
	192.168.10.141(NAT_PublicIP) ---> 192.168.30.201(outside_ClientIP)
	
IP-Mode: (lb_vsrv)
	Support: Static-SNAT-DNAT / Dynamic-SNAT-DNAT(default)
	Flow: 192.168.30.201(outside_ClientIP) <---> 192.168.10.106(inside_VIP)
	192.168.30.201(outside_ClientIP) ---> 192.168.10.106(inside_VIP)
	192.168.11.1(inside_SNIP) ---> 192.168.11.61(inside_ServerIP) # Dynamic-SNAT-DNAT
	192.168.11.61(inside_ServerIP) ---> 192.168.11.1(inside_SNIP)
	192.168.10.106(inside_VIP) ---> 192.168.30.201(outside_ClientIP)
	
netProfile:
	priority: lb_vsrv < service
	Support: Static-SNAT / Dynamic-SNAT(default)
	Flow: 192.168.30.201(outside_ClientIP) <---> 192.168.10.106(inside_VIP)
	192.168.30.201(outside_ClientIP) ---> 192.168.10.106(inside_VIP)
	192.168.11.3(netProfile_SNIP) ---> 192.168.11.61(inside_ServerIP) # Dynamic-SNAT
	192.168.11.61(inside_ServerIP) ---> 192.168.11.3(netProfile_SNIP)
	192.168.10.106(inside_VIP) ---> 192.168.30.201(outside_ClientIP)
	
USIP:
	Support: Static-SNAT(default)
# CLI: set service svc_xxx -usip YES -useproxyport YES Flow: 192.168.30.201(outside_ClientIP) <---> 192.168.10.106(inside_VIP) 192.168.30.201(outside_ClientIP) ---> 192.168.10.106(inside_VIP) 192.168.30.201(outside_ClientIP) ---> 192.168.11.61(inside_ServerIP) # Static-SNAT(default) 192.168.11.61(inside_ServerIP) ---> 192.168.30.201(outside_ClientIP) 192.168.10.106(inside_VIP) ---> 192.168.30.201(outside_ClientIP) # 一旦启用USIP,所有基于源地址替换的操作全部禁用,不管是默认用SNIP轮训还是指定NetProfile都不生效。 MAC-Mode: (lb_vsrv) Support: Dynamic-SNAT(固定目的IP) Flow: 192.168.30.201(outside_ClientIP) <---> 192.168.10.149(inside_VIP) 192.168.30.201(outside_ClientIP) ---> 192.168.10.149(inside_VIP) 192.168.30.201(outside_ClientIP) ---> 192.168.10.149(inside_VIP) # Dynamic-SNAT(固定目的IP) 192.168.10.51(outside_ServerIP) ---> 192.168.30.201(outside_ClientIP) # 典型使用方式:在三角传输(DSR)传输模式中 , 虚拟服务器需要设置为MAC-Mode,对应的服务设置USIP,并在服务器上设置non-arping interface。 Service port=* : (lb_vsrv_VIP:* + ServerIP:*) Support: Dynamic-PNAT(目的端口不变) Flow: 192.168.30.201:xxxx(outside_ClientIP) <---> 192.168.10.106:zzzz(inside_VIP) 192.168.30.201:xxxx(outside_ClientIP) ---> 192.168.10.106:zzzz(inside_VIP) 192.168.11.1:yyyy(inside_SNIP) ---> 192.168.11.61:zzzz(inside_ServerIP) # Dynamic-PNAT(目的端口不变) 192.168.11.61:zzzz(inside_ServerIP) ---> 192.168.11.1:yyyy(inside_SNIP) 192.168.10.106:zzzz(inside_VIP) ---> 192.168.30.201:xxxx(outside_ClientIP) Service use proxy port : # CLI: set service svc_xxx -usip YES -useproxyport NO Support: Dynamic-PNAT(源端口不变) Flow: 192.168.30.201:xxxx(outside_ClientIP) <---> 192.168.10.106:zzzz(inside_VIP) 192.168.30.201:xxxx(outside_ClientIP) ---> 192.168.10.106:zzzz(inside_VIP) 192.168.30.201:xxxx(outside_ClientIP) ---> 192.168.11.61:yyyy(inside_ServerIP) # Dynamic-PNAT(源端口不变) 192.168.11.61:yyyy(inside_ServerIP) ---> 192.168.30.201:xxxx(outside_ClientIP) 192.168.10.106:zzzz(inside_VIP) ---> 192.168.30.201:xxxx(outside_ClientIP) Notice: SNIP priority: (uint32)IPv4_SNIP_1 > (uint32)IPv4_SNIP_2



 

 

方式 默认方式 可调整方式
RNAT Static-SNAT / Dynamic-SNAT(default) Static-PNAT / Dynamic-PNAT
INAT Static-DNAT(default) Static-PNAT
IP-Mode: (lb_vsrv) Static-SNAT-DNAT / Dynamic-SNAT-DNAT(default) Static-PNAT / Dynamic-PNAT
netProfile Static-SNAT / Dynamic-SNAT(default) Static-PNAT / Dynamic-PNAT
USIP Static-SNAT(default) Static-PNAT
MAC-Mode: (lb_vsrv) Dynamic-SNAT(固定目的IP)  
Service port=* : (lb_vsrv_VIP:* + ServerIP:*) Dynamic-PNAT(目的端口不变)  
Service use proxy port Dynamic-PNAT(源端口不变) Static-PNAT / Dynamic-PNAT

 

============ End

 

标签:inside,Dynamic,30.201,192.168,outside,rule,nat,ClientIP,ns
来源: https://www.cnblogs.com/lsgxeva/p/10863497.html