In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
1. Configure pc and server address by connecting devices according to the topology
2. Basic configuration of firewall
Interface address
Interface GigabitEthernet0/0/0
Alias GE0/MGMT
Ip address 192.168.1.254 255.255.255.0
Interface GigabitEthernet0/0/1
Ip address 192.168.2.254 255.255.255.0
Interface GigabitEthernet0/0/2
Ip address 200.1.1.1 255.255.255.0
Interface is added to the area
Firewall zone trust
Add interface GigabitEthernet0/0/0
Firewall zone untrust
Add interface GigabitEthernet0/0/2
Firewall zone dmz
Add interface GigabitEthernet0/0/1
Requirement three
Release the ICMP traffic first.
Policy interzone trust untrust outbound
Policy 1
Action permit
Policy service service-set icmp
Create an address pool
[SRG] nat address-group 0 pool1 200.100.100.1 200.100.100.10
Create a NAT policy
[SRG] nat-policy interzone trust untrust outbound
[SRG-nat-policy-interzone-trust-untrust-outbound] policy 1
[SRG-nat-policy-interzone-trust-untrust-outbound-1]
Policy source any
[SRG-nat-policy-interzone-trust-untrust-outbound-1] policy destination any
[SRG-nat-policy-interzone-trust-untrust-outbound-1] action source-nat
[SRG-nat-policy-interzone-trust-untrust-outbound-1] address-group pool1 [SRG-nat-policy-interzone-trust-untrust-outbound-1] q
[SRG] ip roue-static 0.0.0.0 0.0.0.0 200.1.1.2
Enable the packet capture function on the firewall interface
Use the router to ping-c 1 200.100.100.1
See the effect of grabbing the bag
Indicates that the route forms a routing loop
Address pool route summary
200.100.100.00000001
200.100.100.00001010
200.100.100.0/28
Do black hole routing on the firewall
Ip route-static 100.1.1.0 28 NULL 0
Enable the packet capture function on the firewall interface
Use the router to ping-c 1 200.100.100.1
(the target address on the picture should be 200.100.100.1, and I used 100.1.1.1 in my experiment)
Loop elimination
Easy-ip configuration
[SRG-nat-policy-interzone-trust-untrust-outbound-1] undo address-group
[SRG-nat-policy-interzone-trust-untrust-outbound-1] easy-ip g0/0/2
Check the session state after ping traffic goes out.
[SRG] display firewall session table
You can see that all map 200.1.1.1 exit interfaces
Http://edu.51cto.com/lecturer/1025688.html on the home page of my course
Add group learning discussion: 32307012
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
