Shulou(Shulou.com)06/02 Report--

Experimental environment

1. A Linux server in the topology diagram

2. Two PCs as clients (Win10,Win10-2)

Experimental purpose

1. Only Win10-1 is allowed to access Linux's Web services, and access to other services is prohibited

2. Win10-1 accesses Win10-2 host

Experimental procedure

1. Install ftp service and http service on Linux system

[root@localhost ~] # yum install httpd-y [root@localhost ~] # yum install vsftpd-y

2. After installing the service, enter the network card configuration, configure a static IP, and then restart the network card.

[root@localhost html] # vim / etc/sysconfig/network-scripts/ifcfg-ens33 / / configure the network card [root@localhost ~] # service network restart / / restart the network card

3. Bind the network card next, Linux bind the VMnet2 network card, Win10-1 bind VMnet1,Win10-2 bind VMnet3

4. Open two Win10 and configure fixed IP respectively.

Turn off Win10's firewall so as not to affect the lab

5. For the experiment, you need to create two files in / html and / ftp

[root@localhost ~] # cd / var/www/html/ [root@localhost html] # ls [root@localhost html] # vim index.html

[root@localhost html] # systemctl start httpd / / start the http service [root@localhost html] # systemctl stop firewalld.service / / disable the firewall [root@localhost html] # setenforce 0 / / disable the enhanced security feature [root@localhost html] # systemctl start vsftpd / / start the ftp service [root@localhost html] # echo "this is ftp" > ftp.txt / / write content in ftp

6. Enter the configuration in the RI router and configure the interface with ip address

7. Check the interoperability between hosts after configuration

At this point, both Win10-1 and Win10-2 can access ftp and web services on the server side.

8. Enter the capital R1 for configuration to achieve the purpose of the experiment.

Access-list 100 permit tcp host 192.168.1.2 host 192.168.100.100 eq www// allows the host of 192.168.1.10 to access the web service of the 192.168.100.100 server (web belongs to the tcp protocol) access-list 100 deny ip host 192.168.1.2 host 192.168.100.100 / deny the host of 192.168.1.10 any access address of the 192.168.100.100 server What service (ip stands for any service agreement) access-list 100 permit ip host 192.168.1.2 192.168.2.0 0.0.255shock / allow the host of 192.168.1.10 to access the host int f0max 0 / / enter the f0Uniq0 interface ip access-group 100 in / / acl is applied to the f0UB0 interface experimental results

Win10-1 can still access Web services

It is also possible to ping the Win10-2 host, but cannot access the ftp service

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.