forum.opennet.ru - "Тематический каталог: Cisco Доступ из вне к WEB серверу за N..." (1)

форумы

помощь

поиск

регистрация

майллист

ВХОД

слежка

"Тематический каталог: Cisco Доступ из вне к WEB серверу за N..."

Форумы Разговоры, обсуждение новостей (Public)
Вариант для распечатки		Архивированная нить - только для чтения! Пред. тема \| След. тема
Изначальное сообщение		[Проследить за развитием треда]

"Тематический каталог: Cisco Доступ из вне к WEB серверу за N..."
Сообщение от auto_topic on 14-Июн-05, 14:29
Обсуждение статьи тематического каталога: Cisco Доступ из вне к WEB серверу за NAT (cisco nat) Ссылка на текст статьи: https://www.opennet.ru/base/cisco/cisco_nat.txt.html
Cообщить модератору \| Наверх \| ^

Оглавление

Cisco Доступ из вне к WEB серверу за NAT (cisco nat), Mavrichev Roman, 14:29 , 14-Июн-05, (1)

Сообщения по теме [Сортировка по времени, UBB]

1. "Cisco Доступ из вне к WEB серверу за NAT (cisco nat)"

Сообщение от Mavrichev Roman on 14-Июн-05, 14:29

!множественная трансляция адресов +проброс порта (80) на веб-сервер внутри.
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname XXX
!
enable secret 5 XXX
!
ip subnet-zero
no ip rcmd domain-lookup
no ip finger
ip name-server 212.44.131.6
ip name-server 212.44.130.6
ip accounting-threshold 4294967295
clock timezone SPb 3
clock summer-time SPb recurring last Sun Mar 2:00 last Sun Oct 2:00
!
!
controller E1 0
framing NO-CRC4
channel-group 0 timeslots 1-31
description E1-1-31-Sovintel
!
!
interface Ethernet0
ip address 192.168.1.33 255.255.255.0 secondary
ip address 192.168.0.33 255.255.255.0
ip access-group 110 in
no ip unreachables
no ip directed-broadcast
no ip proxy-arp
ip accounting output-packets
ip nat inside
ip route-cache flow
media-type 10BaseT
no cdp enable
!
interface Ethernet1
ip address 192.168.2.33 255.255.255.0
ip access-group 120 in
no ip unreachables
no ip directed-broadcast
no ip proxy-arp
ip accounting output-packets
ip nat inside
ip route-cache flow
media-type 10BaseT
no cdp enable
!
interface Serial0
bandwidth 128
ip address X.X.X.X 255.255.255.252
ip access-group 101 in
no ip unreachables
no ip directed-broadcast
no ip proxy-arp
ip nat outside
encapsulation ppp
no ip mroute-cache
no fair-queue
no cdp enable
!
interface Serial0:0
no ip address
no ip directed-broadcast
no cdp enable
!
ip nat pool REAL-IP 195.195.195.1 195.195.195.1 netmask 255.255.255.252
ip nat inside source list 2 pool REAL-IP overload
ip nat inside source static tcp 192.168.0.90 80 195.195.195.1 80 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
ip flow-export destination 192.168.0.201 9991
!
access-list 2 permit 192.168.1.90
access-list 2 permit 192.168.0.0 0.0.0.255
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 99 permit 192.168.0.201
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   tcp any 192.168.0.0 0.0.0.255 eq telnet
access-list 101 deny   udp any eq netbios-dgm any
access-list 101 deny   udp any eq netbios-ns any
access-list 101 deny   udp any eq netbios-ss any
access-list 101 deny   tcp any eq 137 any
access-list 101 deny   tcp any eq 138 any
access-list 101 deny   tcp any eq 139 any
access-list 101 permit ip any any
access-list 110 permit ip host 192.168.0.201 any
access-list 110 permit ip host 192.168.1.90 any
access-list 110 permit tcp host 192.168.0.25 any eq ftp
access-list 110 deny   tcp 192.168.0.0 0.0.0.255 any eq www
access-list 110 deny   tcp 192.168.0.0 0.0.0.255 any eq ftp
access-list 110 permit ip 192.168.0.0 0.0.0.255 any
access-list 120 deny   tcp 192.168.2.0 0.0.0.255 any eq www
access-list 120 deny   tcp 192.168.2.0 0.0.0.255 any eq ftp
access-list 120 permit ip 192.168.2.0 0.0.0.255 any
access-list 150 permit ip host 192.168.0.201 any
no cdp run
snmp-server community public RO
snmp-server host 192.168.0.201 traps version 2c public
banner motd ^C No unautorized acess allowed.^C
!
line con 0
password cisco
login local
transport input none
stopbits 1
line aux 0
line vty 0 4
access-class 99 in
exec-timeout 0 0
timeout login response 0
password cisco
login
!
ntp clock-period 17180012
ntp server 194.137.39.67
end

Cообщить модератору | Наверх | ^

Удалить

Индекс форумов | Темы | Пред. тема | След. тема

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру

1. "Cisco Доступ из вне к WEB серверу за NAT (cisco nat)"
Сообщение от Mavrichev Roman on 14-Июн-05, 14:29
!множественная трансляция адресов +проброс порта (80) на веб-сервер внутри. ! version 12.0 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname XXX ! enable secret 5 XXX ! ip subnet-zero no ip rcmd domain-lookup no ip finger ip name-server 212.44.131.6 ip name-server 212.44.130.6 ip accounting-threshold 4294967295 clock timezone SPb 3 clock summer-time SPb recurring last Sun Mar 2:00 last Sun Oct 2:00 ! ! controller E1 0 framing NO-CRC4 channel-group 0 timeslots 1-31 description E1-1-31-Sovintel ! ! interface Ethernet0 ip address 192.168.1.33 255.255.255.0 secondary ip address 192.168.0.33 255.255.255.0 ip access-group 110 in no ip unreachables no ip directed-broadcast no ip proxy-arp ip accounting output-packets ip nat inside ip route-cache flow media-type 10BaseT no cdp enable ! interface Ethernet1 ip address 192.168.2.33 255.255.255.0 ip access-group 120 in no ip unreachables no ip directed-broadcast no ip proxy-arp ip accounting output-packets ip nat inside ip route-cache flow media-type 10BaseT no cdp enable ! interface Serial0 bandwidth 128 ip address X.X.X.X 255.255.255.252 ip access-group 101 in no ip unreachables no ip directed-broadcast no ip proxy-arp ip nat outside encapsulation ppp no ip mroute-cache no fair-queue no cdp enable ! interface Serial0:0 no ip address no ip directed-broadcast no cdp enable ! ip nat pool REAL-IP 195.195.195.1 195.195.195.1 netmask 255.255.255.252 ip nat inside source list 2 pool REAL-IP overload ip nat inside source static tcp 192.168.0.90 80 195.195.195.1 80 extendable ip classless ip route 0.0.0.0 0.0.0.0 Serial0 ip flow-export destination 192.168.0.201 9991 ! access-list 2 permit 192.168.1.90 access-list 2 permit 192.168.0.0 0.0.0.255 access-list 2 permit 192.168.2.0 0.0.0.255 access-list 99 permit 192.168.0.201 access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny tcp any 192.168.0.0 0.0.0.255 eq telnet access-list 101 deny udp any eq netbios-dgm any access-list 101 deny udp any eq netbios-ns any access-list 101 deny udp any eq netbios-ss any access-list 101 deny tcp any eq 137 any access-list 101 deny tcp any eq 138 any access-list 101 deny tcp any eq 139 any access-list 101 permit ip any any access-list 110 permit ip host 192.168.0.201 any access-list 110 permit ip host 192.168.1.90 any access-list 110 permit tcp host 192.168.0.25 any eq ftp access-list 110 deny tcp 192.168.0.0 0.0.0.255 any eq www access-list 110 deny tcp 192.168.0.0 0.0.0.255 any eq ftp access-list 110 permit ip 192.168.0.0 0.0.0.255 any access-list 120 deny tcp 192.168.2.0 0.0.0.255 any eq www access-list 120 deny tcp 192.168.2.0 0.0.0.255 any eq ftp access-list 120 permit ip 192.168.2.0 0.0.0.255 any access-list 150 permit ip host 192.168.0.201 any no cdp run snmp-server community public RO snmp-server host 192.168.0.201 traps version 2c public banner motd ^C No unautorized acess allowed.^C ! line con 0 password cisco login local transport input none stopbits 1 line aux 0 line vty 0 4 access-class 99 in exec-timeout 0 0 timeout login response 0 password cisco login ! ntp clock-period 17180012 ntp server 194.137.39.67 end
Cообщить модератору \| Наверх \| ^