正文
外网Telnet虚拟机,及nat配置等
小程序:扫一扫查出行【扫一扫了解最新限行尾号】
复制小程序
环境整体是使用GNS3,通过cloud真实连接到虚拟机
| cloud1 | nginx主机 |
|---|---|
| cloud2 | nginx主机https连接 |
| cloud3 | Internet测试主机 |
下面贴每个网络设备配置,特别注意,公司网关路由和Internet路由其的配置
配置这里就不解释了,主要注意下,公司网关路由的NAT配置,着实难受些
- ESW3交换机
ESW3#sh run
Building configuration...Current configuration : 2364 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname ESW3
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
memory-size iomem 5
no ip routing
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
!
--More--
*Mar 1 02:06:32.867: %SYS-5-CONFIG_I: Configured from console no ip cefe
no ip domain lookupvtp file nvram:vlan.datinterface FastEthernet1/0
switchport access vlan 3
duplex full
speed 100
!
interface FastEthernet1/1
duplex full
speed 100
!
interface FastEthernet1/2
duplex full
speed 100
!
interface FastEthernet1/3
duplex full
speed 100
!
interface FastEthernet1/4
duplex full
speed 100
!
interface FastEthernet1/5
switchport access vlan 4
duplex full
speed 100
!
interface FastEthernet1/6
duplex full
speed 100
!
interface FastEthernet1/7
duplex full
speed 100
!
interface FastEthernet1/8
duplex full
speed 100
!
interface FastEthernet1/9
duplex full
speed 100
!
interface FastEthernet1/10
switchport mode trunk
duplex full
speed 100
!
interface FastEthernet1/11
duplex full
speed 100
!
interface FastEthernet1/12
duplex full
speed 100
!
interface FastEthernet1/13
duplex full
speed 100
!
interface FastEthernet1/14
duplex full
speed 100
!
interface FastEthernet1/15
duplex full
speed 100
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan4
ip address 192.168.4.10 255.255.255.0
!
ip default-gateway 192.168.4.1
no ip http server
no ip http secure-serverline con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
password cisco
login
!
!
end
- ESW1配置
sw1#sh run
Building configuration...Current configuration : 2244 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname sw1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip routing
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
!
no ip cef
no ip domain lookupvtp file nvram:vlan.datinterface FastEthernet1/0
switchport access vlan 2
duplex full
speed 100
!
interface FastEthernet1/1
duplex full
speed 100
!
interface FastEthernet1/2
duplex full
speed 100
!
interface FastEthernet1/3
duplex full
speed 100
!
interface FastEthernet1/4
duplex full
speed 100
!
interface FastEthernet1/5
switchport access vlan 2
duplex full
speed 100
!
interface FastEthernet1/6
duplex full
speed 100
!
interface FastEthernet1/7
duplex full
speed 100
!
interface FastEthernet1/8
duplex full
speed 100
!
interface FastEthernet1/9
duplex full
speed 100
!
interface FastEthernet1/10
duplex full
speed 100
!
interface FastEthernet1/11
switchport mode trunk
duplex full
speed 100
!
interface FastEthernet1/12
duplex full
speed 100
!
interface FastEthernet1/13
duplex full
speed 100
!
interface FastEthernet1/14
duplex full
speed 100
!
interface FastEthernet1/15
duplex full
speed 100
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
no ip http server
no ip http secure-serverline con 0
exec-timeout 0 0
privilege level 15
logging synchronous
login
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
- ESW2
ESW2#sh run
Building configuration...Current configuration : 2427 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname ESW2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
!
ip cef
no ip domain lookupvtp file nvram:vlan.datinterface FastEthernet1/0
duplex full
speed 100
!
interface FastEthernet1/1
duplex full
speed 100
!
interface FastEthernet1/2
duplex full
speed 100
!
interface FastEthernet1/3
duplex full
speed 100
!
interface FastEthernet1/4
duplex full
speed 100
!
interface FastEthernet1/5
duplex full
speed 100
!
interface FastEthernet1/6
duplex full
speed 100
!
interface FastEthernet1/7
duplex full
speed 100
!
interface FastEthernet1/8
duplex full
speed 100
!
interface FastEthernet1/9
duplex full
speed 100
!
interface FastEthernet1/10
switchport mode trunk
duplex full
speed 100
!
interface FastEthernet1/11
switchport mode trunk
duplex full
speed 100
!
interface FastEthernet1/12
duplex full
speed 100
!
interface FastEthernet1/13
duplex full
speed 100
!
interface FastEthernet1/14
duplex full
speed 100
!
interface FastEthernet1/15
no switchport
ip address 10.0.0.1 255.255.255.252
duplex full
speed 100
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 192.168.2.1 255.255.255.0
!
interface Vlan3
ip address 192.168.3.1 255.255.255.0
!
interface Vlan4
ip address 192.168.4.1 255.255.255.0
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.0.0.2line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
loginend
- 公司网关路由
R1#sh run
Building configuration...Current configuration : 1534 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
!
ip cef
no ip domain lookupinterface FastEthernet0/0
ip address 10.0.0.2 255.255.255.252
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 11.0.0.1 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 11.0.0.2
ip route 192.168.2.0 255.255.255.0 10.0.0.1
ip route 192.168.3.0 255.255.255.0 10.0.0.1
ip route 192.168.4.0 255.255.255.0 10.0.0.1
!
ip nat pool dynami 207.38.18.1 207.38.18.5 netmask 255.255.255.248
ip nat inside source list 3 pool dynami
ip nat inside source list 4 interface FastEthernet1/0 overload
ip nat inside source static tcp 192.168.4.10 23 interface FastEthernet1/0 23
ip nat inside source static tcp 192.168.2.2 80 145.52.23.6 80 extendable
ip nat inside source static tcp 192.168.2.3 443 145.52.23.6 443 extendable
!
access-list 3 permit 192.168.3.0 0.0.0.255
access-list 4 permit 192.168.4.0 0.0.0.255
no cdp log mismatch duplex
!
!
control-planeline con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
- internet路由
isp#sh ru
*Mar 1 01:57:39.243: %SYS-5-CONFIG_I: Configured from console by console
isp#sh run
Building configuration...Current configuration : 947 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname isp
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
!
ip cef
no ip domain lookupinterface FastEthernet0/0
ip address 172.16.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 11.0.0.2 255.255.255.252
duplex auto
speed auto
!
no ip http server
no ip http secure-server
!
ip route 145.52.23.0 255.255.255.248 11.0.0.1
ip route 192.168.4.0 255.255.255.0 11.0.0.1
ip route 207.38.18.0 255.255.255.248 11.0.0.1no cdp log mismatch duplexline con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
