CISCO2600 NAT+ACL简单配置

interface FastEthernet0/0
ip address 218.12.35.178 255.255.255.248
ip access-group 188 in
no ip directed-broadcast
ip nat outside
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.10.1.254 255.255.255.0 secondary
ip address 192.168.0.254 255.255.255.0
ip access-group 101 in
no ip directed-broadcast
ip nat inside
shutdown
duplex auto
speed auto
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 218.12.35.177
no ip http server
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 10.10.1.0 0.0.0.255
access-list 90 permit 218.12.50.1
access-list 90 permit 218.12.35.112 0.0.0.15
access-list 90 permit 192.168.0.0 0.0.0.255
access-list 101 deny tcp any any eq 135
access-list 101 deny tcp any any eq 445
access-list 101 deny tcp any any eq 1434
access-list 101 deny tcp any any eq 139
access-list 101 deny tcp any any eq 138
access-list 101 deny tcp any any eq 1433
access-list 101 deny tcp any any eq 1025
access-list 101 deny tcp any any eq 3127
access-list 101 deny tcp any any eq 6129
access-list 101 deny tcp any any eq 2745
access-list 101 permit ip any any
access-list 188 permit tcp any host 218.12.35.179 eq www
access-list 188 permit tcp any host 218.12.35.179 eq ftp
access-list 188 permit tcp any host 218.12.35.179 eq ftp-data
access-list 188 deny ip any host 218.12.38.179
access-list 188 permit ip any any
!

 

阅读(546) | 评论(0) | 转发(0) |

0

上一篇：Cisco访问控制列表详解（ACL）

下一篇：网络层访问权限控制技术－ACL详解

相关热门文章

• 承接自动化测试培训、外包、实...
• Solaris PowerTOP 1.0 发布
• For STKMonitor
• busybox的httpd使用CGI脚本(Bu...
• 项目小体会

• 请教想查12个月的数据条数,看...
• new/delete 和malloc/free 有...
• ubuntu下hadoop环境的搭建...
• 求助：如何用Linux架设ISATAP...
• redhat图形界面不出先登录界面...

给主人留下些什么吧！~~

评论热议