Home Database Mysql Tutorial Two-interface Router With NAT

Two-interface Router With NAT

Jun 07, 2016 pm 03:04 PM
nat router with

2514 Router Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname horton ! enable secret 5 $1$GwRz$YS/82LXSYcgD1d5Nua9Ob1 enable password ww ! ip subne

2514 Router
  Current configuration:
  !
  version 12.0
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  !
  hostname horton
  !
  enable secret 5 $1$GwRz$YS/82LXSYcgD1d5Nua9Ob1
  enable password ww
  !
  ip subnet-zero
  !
  ip inspect name ethernetin cuseeme timeout 3600
  ip inspect name ethernetin ftp timeout 3600
  ip inspect name ethernetin h323 timeout 3600
  ip inspect name ethernetin http timeout 3600
  ip inspect name ethernetin rcmd timeout 3600
  ip inspect name ethernetin realaudio timeout 3600
  ip inspect name ethernetin smtp timeout 3600
  ip inspect name ethernetin sqlnet timeout 3600
  ip inspect name ethernetin streamworks timeout 3600
  ip inspect name ethernetin tcp timeout 3600
  ip inspect name ethernetin tftp timeout 30
  ip inspect name ethernetin udp timeout 15
  ip inspect name ethernetin vdolive timeout 3600
  
  !
  interface Ethernet0
  ip address 20.20.20.2 255.255.255.0
  ip access-group 101 in
  no ip directed-broadcast
  ip nat inside
  ip inspect ethernetin in
  !
  interface Ethernet1
  no ip address
  no ip directed-broadcast
  shutdown
  !
  interface Serial0
  ip address 150.150.150.1 255.255.255.0
  ip access-group 112 in
  no ip directed-broadcast
  ip nat outside
  clockrate 4000000
  !
  interface Serial1
  no ip address
  no ip directed-broadcast
  shutdown
  !
  ip nat pool serialzero 150.150.150.3 150.150.150.255 netmask 255.255.255.0
  ip nat inside source list 1 pool serialzero
  ip classless
  ip route 0.0.0.0 0.0.0.0 150.150.150.2
  ip route 20.30.30.0 255.255.255.0 20.20.20.1
  !
  access-list 1 permit 20.0.0.0 0.255.255.255
  access-list 101 permit tcp 20.0.0.0 0.255.255.255 any
  access-list 101 permit udp 20.0.0.0 0.255.255.255 any
  access-list 101 permit icmp 20.0.0.0 0.255.255.255 any
  access-list 112 permit icmp any 150.150.150.0 0.0.0.255 unreachable
  access-list 112 permit icmp any 150.150.150.0 0.0.0.255 echo-reply
  access-list 112 permit icmp any 150.150.150.0 0.0.0.255 packet-too-big
  access-list 112 permit icmp any 150.150.150.0 0.0.0.255 time-exceeded
  access-list 112 permit icmp any 150.150.150.0 0.0.0.255 traceroute
  access-list 112 permit icmp any 150.150.150.0 0.0.0.255 administratively-prohibited
  access-list 112 permit icmp any 150.150.150.0 0.0.0.255 echo
  access-list 112 permit tcp host 150.150.150.2 host 150.150.150.1 eq telnet
  access-list 112 deny ip 127.0.0.0 0.255.255.255 any
  access-list 112 deny ip any any
  !
  line con 0
  transport input none
  line aux 0
  line vty 0 4
  password ww
  login
  !
  end
  
  
  关于ip inspect name
  if you deny SMTP mail on the external ACL, no external SMTP servers will ever be able to make a connection to the internal SMTP server.
  
  CBAC is totally independent of access lists - CBAC is associated with ACLs because one function of CBAC is to ensure return traffic of a
  session is permitted back to the source - however don't confuse CBAC by thinking ACLs are required. If you apply an inspect list to an interface, inspection takes place, no matter what ACLs are or are not in place. However, remember that ACLs are processed first, so the ACL must allow through the appropriate traffic to be passed thru to the inspection list.
  
  I'm guessing your config would look something like this:
  
  ! Internal Interface
  Interface e0 ip inspect WEB inbound
  
  ! External Interface
  Interface e1 ip access-group 100 in
  ip inspect SMTP inbound
  
  access-list 100 permit tcp any host x.x.x.x eq smtp
  access-list 100 deny ip any any
  
  ip inspect name WEB http
  ip inspect name WEB ftp
  ip inspect name WEB smtp
  ip inspect name WEB tcp
  ip inspect name WEB udp
  
  ip inspect name SMTP smtp
  
  On your external ACL, you must have an opening to allow SMTP in - there is no way CBAC can automatically do this for you as traffic is first processed by the ACL and must pass. So once the SMTP traffic is allowed
  in, it is passed to the inspection list SMTP, which applys SMTP protocol-based inspection (and opens up any ACLs if necessary - in this
  example this function is not required).
  
  Note that in this example you could place the SMTP inspection list on the internal interface in the outbound direction as well. This is a better placement option if you had say a DMZ interface that was also
  receiving SMTP mail for the internal SMTP server, as you would only require a single inspection point (outbound on the internal interface)
  rather than inbound on the external and DMZ interfaces.
  
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Repo: How To Revive Teammates
4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

NAT Boost vs. Qos for games; which one is better? NAT Boost vs. Qos for games; which one is better? Feb 19, 2024 pm 07:00 PM

In today's situation where almost all games are online, it is not advisable to ignore the optimization of home network. Almost all routers are equipped with NATBoost and QoS features designed to enhance users' gaming experience. This article will explore the definition, advantages and disadvantages of NATBoost and QoS. NATBoost vs. Qos for games; which one is better? NATBoost, also known as Network Address Translation Boost, is a feature built into routers that improves their performance. It's especially important for gaming because it helps reduce network latency, which is the time it takes for data to be transferred between the gaming device and the server. By optimizing the data processing method within the router, NATBoost achieves faster data processing speed and lower latency, thus changing the

React Router User Guide: How to implement front-end routing control React Router User Guide: How to implement front-end routing control Sep 29, 2023 pm 05:45 PM

ReactRouter User Guide: How to Implement Front-End Routing Control With the popularity of single-page applications, front-end routing has become an important part that cannot be ignored. As the most popular routing library in the React ecosystem, ReactRouter provides rich functions and easy-to-use APIs, making the implementation of front-end routing very simple and flexible. This article will introduce how to use ReactRouter and provide some specific code examples. To install ReactRouter first, we need

Demystifying the with keyword in Python Demystifying the with keyword in Python Apr 14, 2023 am 11:31 AM

Many of us have seen this snippet over and over again in Python code: with open('Hi.text', 'w') as f: f.write("Hello, there") However, some of us Some people don't know what with is used for and why we need to use it here. In this read, you'll find out about almost any problem that can be solved with. let's start! First, let's consider what we need to do without using the with keyword. In this case we need to open the file first and try to write. Regardless of success or failure, we'd better be

The unique advantages of Vue Router Lazy-Loading routing, how to optimize page performance? The unique advantages of Vue Router Lazy-Loading routing, how to optimize page performance? Sep 15, 2023 am 10:36 AM

VueRouter is a routing management plug-in officially provided by Vue.js. It can help us implement page navigation and route switching in Vue applications. The Lazy-Loading feature is a unique advantage of VueRouter, which can greatly optimize page performance. In this article, we will introduce VueRouter’s Lazy-Loading routing feature and provide some practical code examples for optimizing page performance. Lazy-Loading means when needed

How to implement firewall NAT control analysis How to implement firewall NAT control analysis May 28, 2023 pm 01:04 PM

one. NAT classification NATNo-pat: Similar to Cisco's dynamic conversion, it only converts the source IP address and network address, but does not convert the port. It is a many-to-many conversion and cannot save public IP addresses. It uses less NAPT: (Network address and port translation ) Similar to Cisco's PAT conversion, NAPT converts the source address of the message and converts the source port. The outbound interface address: (Easy-IP) conversion method is simple, the same as NAPT, that is, converts the source address and source port. It is a multi-purpose method. One-to-one conversion SmartNAT (intelligent conversion): NAPT conversion by reserving a public network address Triplet NAT: a conversion related to the source IP address, source du port and protocol type Two, black hole routing source address conversion

How to analyze intranet, public network and NAT How to analyze intranet, public network and NAT May 22, 2023 pm 04:40 PM

When we build a weak current monitoring system, we cannot avoid dealing with IP addresses. For example, after cameras, NVRs, servers and other devices are installed, they need to be assigned IPs. Do you know this IP address? Today we will Let’s talk about what are intranet, public network and NAT address translation? 1. Definition of intranet, public network and NAT. Intranet is also called local area network. In terms of scope, intranet is a small part of the network, which generally refers to a specific environment. form a network, such as a network where multiple computers in a family are interconnected, or a large LAN in a school or company. The IPs of the intranet are generally 192.168.1.100, 192.168.0.100, 172.16.1.100&hellip

What should I do if react router does not display? What should I do if react router does not display? Dec 30, 2022 am 09:30 AM

Solution to react router not displaying: 1. Add browserRouter to the parent routing component to wrap the router; 2. Use "this.props.history.go()" to refresh the component; 3. Add "forcerefresh" to the browserrouter parameter ={true}"; 4. Write a hook function in "<Route>" and call it when leaving or entering this route.

How to implement virtual machine NAT mode to access the Internet How to implement virtual machine NAT mode to access the Internet May 20, 2023 pm 03:22 PM

When using a vmware virtual machine to learn Linux, the common problem encountered is that the host machine cannot communicate normally and the virtual machine cannot access the Internet normally. Here is a detailed configuration for easy reference later. After installing the vmware software, you must have the NAT mode to use Virtual network card VMnet8, here we take win10 as an example to return to the virtual machine settings: To use NAT mode, the vmnet8 network card here must be connected and used. Both gray ticks must be checked. Here you only need to confirm whether NAT mode is enabled. Then the network configuration of Linux is as follows: [root@zabbix~]#cat/etc/sysconfig/network-scripts/ifcf

See all articles