In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Task 5 to configure the firewall
Configuration of two interfaces with NAT
Task topology figure 5.1
The basic configuration of 1.inside interface and outside interface. The security level of the interface defaults by default.
Figure 5.2
two。 Tag 1: set the telnet firewall, and the host is inside network 10.1.1.11 + 24. Tag 2: set the local authentication user name to: usercce, password to: ccepassword, level to 15. Mark 3: local authentication is on.
Figure 5.3
3. Enable the log function and send the log to the internal host 10.1.1.11 at a level of 6 (informational).
Figure 5.4
4. Set the ARP timeout to 600s. And set the NAT global address pool to: 204.31.17.25-204.31.17.27 255.255.255.0, consider address overflow, set PNAT translation, internal NAT translates all inside networks.
Figure 5.5
5. Tag 1: only connections from the internal network 10.1.1.0 to the outside are allowed. Tag 2: no other networks are allowed to pass through.
Tag 3: apply to the inside interface.
Figure 5.6
6. Tag 1: only web traffic from the inside area address 192.168.3.10 to the external outside area 192.159.1.1 is allowed to be statically translated.
Tag 2: allow any network access to the web service of the internal network host 192.168.1.1.
Tag 4: allow all icmp traffic to pass through the firewall.
Figure 5.7
7. (1) deny host 192.168.3.3 access to H.323 service.
(2) blocking Java applet traffic on host 192.168.3.3 80.
(3) deny host 192.168.3.3 access to web service.
Figure 5.8
8. Configure a default route to the external network.
Figure 5.9
9. A route configured on R1 that declares a directly connected route with rip ver2.
Figure 5.10
10 declare directly connected routes on the firewall with rip ver 2 and turn off automatic summarization.
Figure 5.11
11. Enable rip ver2 authentication key to mykey keyid 1.
Figure 5.12
twelve。 Tag 1: configure the tacacs+ server on the firewall, server name: tacacs-server address: 10.1.1.12
The protocol is: tacacs+, Application range: inside 10.1.1.0 192.168.3.0
Tag 2: authenticates DNS traffic on the internal network 192.168.3.0.
Figure 5.13
13. Summary of all firewall configurations, and summary of tacacs server configurations.
Figure 5.14
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
