Configuring NAT Server and NAT Outbound on Huawei Routers for Internal and External Access

The network topology consists of a router with a WAN interface connected to the ISP (public IP 219.146.84.42) and an internal LAN interface (IP 192.168.2.1) that connects to a server at 192.168.2.12.

Requirements:

Internal LAN users should access the server by browsing to the WAN IP (219.146.84.42) on port 80.

External users should access the server by browsing to the WAN IP on port 8089.

Solution:

Because the internal users and the server are on the same subnet, NAT server and NAT outbound must be configured on the LAN interface. The router must run version V200R003C01 or later.

Configuration steps (note the spaces in the interface specifications):

[Huawei]int GigabitEthernet0/0/2

[Huawei-GigabitEthernet0/0/2]nat server protocol tcp global interface g 0/0/1 80 inside 192.168.2.12 80

[Huawei-GigabitEthernet0/0/2]nat outbound 3000

[Huawei]acl 3000

[Huawei-acl-adv-3000]rule 5 permit ip source 192.168.2.0 0.0.0.255 destination 219.146.84.42 0

Ensure the destination in the ACL rule is the public IP address, not a private one.

Configure the WAN interface:

[Huawei]int GigabitEthernet0/0/1

[Huawei-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 8089 inside 192.168.2.12 www

When configuring the global parameter for the external port, use current-interface and avoid well‑known ports that may be blocked by the ISP.

After applying these settings, internal users can reach the server via the WAN IP on port 80, and external users can reach it via port 8089.