首页 专题 - 实验 - 软件 - 管理 - 布线 - 方案 - 配置 - 问题 - 协议 - 下载 - 交换 - 路由 - 无线 - 安全 - 认证 - Cisco - 华为 - 网吧 - ADSL
‹‹ 上一主题 | 下一主题 ››
发新话题
您是本帖第1092位浏览者 打印

[求助] 单位10M光纤上网,请教怎样用eudemon100做NAT?

kingblue

学徒工

Rank: 1

帖子
精华
0 
积分
52 
IP地址
14 个 
1# 发表于 2008-6-10 19:55 只看该作者

单位10M光纤上网,请教怎样用eudemon100做NAT?

电信10M上网光纤,有固定的IP地址,需要怎样配置E100?请高手指教!
菜鸟提问,最好有中文解说。

TOP

guxu

学徒工

Rank: 1

帖子
精华
0 
积分
23 
IP地址
7 个 
2# 发表于 2008-6-11 17:47 只看该作者
nat address-group xx.xx.xx.50 xx.xx.xx.62 pool2           xx10M的公网IP,做地址池
    firewall enable
   
    aaa-enable
    aaa accounting-scheme optional
   
  !
  
  acl 2000 match-order auto
    rule normal permit source 192.168.52.0 0.0.0.192
   
    rule normal deny source any
!
acl 3000 match-order auto
rule  deny icmp source any destination any
rule  deny tcp source any destination any destination-port eq 1068
rule  deny tcp source any destination any destination-port eq 5800
rule  deny tcp source any destination any destination-port eq 5900
rule  deny tcp source any destination any destination-port eq 10080
rule  deny tcp source any destination any destination-port eq 455
rule  deny udp source any destination any destination-port eq 455
rule  deny tcp source any destination any destination-port eq 3208
rule  deny tcp source any destination any destination-port eq 1871
rule  deny tcp source any destination any destination-port eq 4510
rule  deny udp source any destination any destination-port eq 4334
rule  deny tcp source any destination any destination-port eq 4331
rule  deny tcp source any destination any destination-port eq 4557
rule  deny udp source any destination any destination-port eq 1434
rule  deny tcp source any destination any destination-port eq 445
rule  deny tcp source any destination any destination-port eq 5554
rule  deny tcp source any destination any destination-port eq 9995
rule  deny tcp source any destination any destination-port eq 9996
rule  deny tcp source any destination any destination-port eq 135
rule  deny udp source any destination any destination-port eq 135
rule  deny udp source any destination any destination-port eq netbios-ns
rule  deny udp source any destination any destination-port eq netbios-dgm
rule  deny tcp source any destination any destination-port eq 139
rule  deny udp source any destination any destination-port eq 139
rule  deny tcp source any destination any destination-port eq 445
rule  deny udp source any destination any destination-port eq 445
rule  deny udp source any destination any destination-port eq 593
rule  deny tcp source any destination any destination-port eq 593
rule  deny udp source any destination any destination-port eq 69
rule  deny tcp source any destination any destination-port eq 4444
rule  deny ip source 220.181.28.0 0.0.0.255 destination any
rule  deny tcp source any destination 61.129.33.151 0.0.0.0
rule  deny tcp source any destination 222.191.251.195 0.0.0.0
rule  deny tcp source any destination 61.152.108.56 0.0.0.0
rule  deny tcp source any destination 218.15.33.144 0.0.0.0
rule  deny tcp source any destination 221.238.193.5 0.0.0.0
rule  deny tcp source any destination 218.83.153.2 0.0.0.0
rule  deny tcp source any destination 218.83.153.7 0.0.0.0
rule  deny tcp source any destination 61.172.193.4 0.0.0.0
rule  deny tcp source any destination 202.101.42.96 0.0.0.0
rule  deny tcp source any destination 202.103.9.83 0.0.0.0
rule  deny tcp source any destination 61.129.77.135 0.0.0.0
rule  deny tcp source any destination 61.129.77.239 0.0.0.0
rule  deny tcp source any destination 218.5.72.119 0.0.0.0
rule  deny tcp source any destination 218.92.50.23 0.0.0.0
rule  deny tcp source any destination 218.92.50.27 0.0.0.0
rule  deny tcp source any destination 218.93.124.228 0.0.0.0
rule  deny tcp source any destination 61.242.169.40 0.0.0.0
rule  deny tcp source any destination 202.107.209.113 0.0.0.0
rule  deny tcp source any destination 222.77.177.163 0.0.0.0
rule  deny ip source any destination 220.181.28.0 0.0.0.255
rule  deny icmp source any destination any

!


acl 4000
  
  interface Aux0
    async mode flow
    link-protocol ppp
  !
  interface Ethernet0
    tcp mss 1024
    ip address 192.168.52.62 255.255.255.0    内网
    firewall packet-filter 3000 outbound
    mac-filter 4000 outbound
  !
  
  interface Ethernet1
    tcp mss 1024
  ip address xx.xx.xx.xx 255.255.255.240      xx外网,地址池中的一个
    nat outbound 2000 address-group pool2
    firewall packet-filter 3000 inbound
    mac-filter 4000 inbound
  !

  
  quit
  ip route-static 0.0.0.0 0.0.0.0 xx.xx.xx.xx preference 60    xx外网的网关向线路商要

  !
  return

TOP

kingblue

学徒工

Rank: 1

帖子
精华
0 
积分
52 
IP地址
14 个 
3# 发表于 2008-6-14 14:23 只看该作者
谢谢楼上的配置,已经搞定了。
不过想在NAT的基础上还可以做些其它的策略吗?
比如部分地限制\封杀迅雷、BT、QQ等软件,

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题