1818 CHAPTER 96: NAT C ONFIGURATIONConfiguring InternalServerIntroduction to InternalServerTo configure an internal server, you need to map an external IP address and port tothe internal server. This is done through the nat server command.Internal server configurations include: external IP address, external port, internalserver IP address, internal server port, and internal server protocol type.If an internal server belongs to an MPLS VPN instance, you should specify thevpn-instance-name argument. With this argument not provided, the internalserver is considered belonging to a private network.Configuring an InternalServerFollow the following steps to configure an internal server:c CAUTION: Depending on device models, you may use an interface address of adevice as the public address of the internal server, namely, Easy IP. Note that thisinterface must be an existing loopback interface configured with an IP address;otherwise, the configurations to the internal server do not take effect.Configuring NAT LogIntroduction to NAT Log NAT log is a type of system information generated by the NAT gateway during theIP address translation. NAT log contains such information as the packet’s source IPaddress, source port address, destination IP address, destination port address,translated source IP address, translated source port address and other useroperations. The log only traces operations of private network users in accessing anexternal network, not those in the opposite direction.As multiple private users share one public IP address when accessing an externalnetwork through a NAT gateway, it is hard to identify each of the users. The logEnable NAPT and associate an ACL with anIP address pool to translate both IP addressand port number.nat outbound acl-numberaddress-groupgroup-numberRequiredTo do... Use the command... RemarksTo do... Use the command... RemarksEnter system view system-view -Enter interface view interface interface-type interface-number -Configure an internalservernat server [ vpn-instance vpn-instance-name ]protocol pro-type global { global-address |interface { interface-type interface-number } |current-interface } [ global-port ] insidehost-address [ host-port ]Use eithercommandnat server [ vpn-instance vpn-instance-name ]protocol pro-type global { global-address |interface { interface-type interface-number } |current-interface } global-port1 global-port2 insidehost-address1 host-address2 host-port