配置 外网为 10.30.1.1/30 内网:192.168.1.100 DMZ : 172.16.1.100 放火墙 (10.30.0.2-10.30.1.10/28)
首先进入PIXDOS 命令如下:
en
con f
int e0
nameif outside
security 0
int e1
nameif inside
security 100
int e2
nameif dmz
security 50
查看: sh nameif
int e0
ip address 10.30.1.1 255255.255.252
speed auto
no shut
int e1
ip address 192.168.1.100 255.255.255.0
speed 100
no shut
int e2
ip address 172.16.1.100 255.255.255.0
speed 100
no shut
查看是否通信: ping 172.16.1.100
ping 192.168.1.100
ping 10.30.1.1
global (outside) 1 10.30.1.2-10.30.1.10 netmask 255.255.255.240
nat (inside) 1 0 0
查看路由表: sh route
route outside 0 0 10.30.1.1 1
查看路由表: sh route
static (inside,dmz) 172.16.1.0 198.168.1.0
static (dmz,outside) 10.30.1.1 172.16.1.100
static (dmz,inside)10.30.1.1 172.16.1.101
access-list 100 permit tcp hpst 10.30.1.1 eq www any
access-list 100 permit tcp hpst 10.30.1.1 eq ftp any
access-list 102 deny tcp any any eq 135
access-list 102 deny tcp any any eq 136
access-list 102 deny tcp any any eq 137
access-list 102 deny tcp any any eq 138
access-list 102 deny tcp any any eq 139
access-list 102deny tcp any any eq 445
access-list 102 deny tcp any any eq 539
access-list 102 deny tcp any any eq 4444
access-list 102 deny udp any any eq 135
access-list 102 deny tcp any any eq 136
access-list 102 deny tcp any any eq 137
access-list 102 deny tcp any any eq 138
access-list 102 deny tcp any any eq 139
access-group 102 in infterface outside
access-group 100in infterface outside
扫一扫
720
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
