防火墙初始化配置
outside:
en
conf t
inter f0/0
no sh
ip add 200.0.0.1 255.255.255.0
no sh
ip route 0.0.0.0 0.0.0.0 200.0.0.254
end
dmz:
en
conf t
inter f0/0
no sh
ip add 172.168.0.1 255.255.255.0no sh
ip route 0.0.0.0 0.0.0.0 172.16.0.254
inside:
en
conf t
int f0/0
no sh
ip add 192.168.0.1 255.255.255.0
exit
route 0.0.0.0 0.0.0.0 192.168.0.254
end
pix:
conf t
interface e1
no sh
nameif inside
ip add 192.168.0.254 255.255.255.0
int e0
no sh
nameif outside
ip add 200.0.0.254 255.255.255.0
no sh
interface e2
nameif dmz
security-level 50
ip add 172.16.0.254 255.255.255.0
outside:
line vty 0 15
no login
privilege level 15
end
inside:
telnet 200.0.0.1
可以登录
ping 200.0.0.1 不通,没状态
pix:
access-list 1 permit icmp host 200.0.0.1 host 192.168.0.1
access-list 1 in interface outside
inside:
ping 200.0.0.1 通
pix:
clear configure access-list
clear config access-group
做nat配置
nat (inside) 1 192.168.0.0 255.255.255.0
global outside) 1 interface
inside:
telnet 200.0.0.1
连接上
outside:
who
静态映射配置
pix:
static (dmz,outside) 200.0.0.253 172.16.0.1
dmz:
line vty 0 15
no login
privilege level 15
outside:
telnet 200.0.0.253
不会通
pix:
access-list 1 permit tcp host 200.0.0.1 host 200.0.0.253 eq 23
access-group 1
outside:
telnet 200.0.0.253
通
inside:
telnet 192.168.0.254
默认情况下防火墙不允许telnet,写telnet让其可以通
pix:
telnet 0 0 inside
inside:
telnet 192.168.0.254
show sessions
可以通
浙公网安备 33010602011771号