2514 Router Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname horton ! enable secret 5 $1$GwRz$YS/82LXSYcgD1d5Nua9Ob1 enable password ww ! ip subne
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname horton
!
enable secret 5 $1$GwRz$YS/82LXSYcgD1d5Nua9Ob1
enable password ww
!
ip subnet-zero
!
ip inspect name ethernetin cuseeme timeout 3600
ip inspect name ethernetin ftp timeout 3600
ip inspect name ethernetin h323 timeout 3600
ip inspect name ethernetin http timeout 3600
ip inspect name ethernetin rcmd timeout 3600
ip inspect name ethernetin realaudio timeout 3600
ip inspect name ethernetin smtp timeout 3600
ip inspect name ethernetin sqlnet timeout 3600
ip inspect name ethernetin streamworks timeout 3600
ip inspect name ethernetin tcp timeout 3600
ip inspect name ethernetin tftp timeout 30
ip inspect name ethernetin udp timeout 15
ip inspect name ethernetin vdolive timeout 3600
!
interface Ethernet0
ip address 20.20.20.2 255.255.255.0
ip access-group 101 in
no ip directed-broadcast
ip nat inside
ip inspect ethernetin in
!
interface Ethernet1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial0
ip address 150.150.150.1 255.255.255.0
ip access-group 112 in
no ip directed-broadcast
ip nat outside
clockrate 4000000
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
ip nat pool serialzero 150.150.150.3 150.150.150.255 netmask 255.255.255.0
ip nat inside source list 1 pool serialzero
ip classless
ip route 0.0.0.0 0.0.0.0 150.150.150.2
ip route 20.30.30.0 255.255.255.0 20.20.20.1
!
access-list 1 permit 20.0.0.0 0.255.255.255
access-list 101 permit tcp 20.0.0.0 0.255.255.255 any
access-list 101 permit udp 20.0.0.0 0.255.255.255 any
access-list 101 permit icmp 20.0.0.0 0.255.255.255 any
access-list 112 permit icmp any 150.150.150.0 0.0.0.255 unreachable
access-list 112 permit icmp any 150.150.150.0 0.0.0.255 echo-reply
access-list 112 permit icmp any 150.150.150.0 0.0.0.255 packet-too-big
access-list 112 permit icmp any 150.150.150.0 0.0.0.255 time-exceeded
access-list 112 permit icmp any 150.150.150.0 0.0.0.255 traceroute
access-list 112 permit icmp any 150.150.150.0 0.0.0.255 administratively-prohibited
access-list 112 permit icmp any 150.150.150.0 0.0.0.255 echo
access-list 112 permit tcp host 150.150.150.2 host 150.150.150.1 eq telnet
access-list 112 deny ip 127.0.0.0 0.255.255.255 any
access-list 112 deny ip any any
!
line con 0
transport input none
line aux 0
line vty 0 4
password ww
login
!
end
关于ip inspect name
if you deny SMTP mail on the external ACL, no external SMTP servers will ever be able to make a connection to the internal SMTP server.
CBAC is totally independent of access lists - CBAC is associated with ACLs because one function of CBAC is to ensure return traffic of a
session is permitted back to the source - however don't confuse CBAC by thinking ACLs are required. If you apply an inspect list to an interface, inspection takes place, no matter what ACLs are or are not in place. However, remember that ACLs are processed first, so the ACL must allow through the appropriate traffic to be passed thru to the inspection list.
I'm guessing your config would look something like this:
! Internal Interface
Interface e0 ip inspect WEB inbound
! External Interface
Interface e1 ip access-group 100 in
ip inspect SMTP inbound
access-list 100 permit tcp any host x.x.x.x eq smtp
access-list 100 deny ip any any
ip inspect name WEB http
ip inspect name WEB ftp
ip inspect name WEB smtp
ip inspect name WEB tcp
ip inspect name WEB udp
ip inspect name SMTP smtp
On your external ACL, you must have an opening to allow SMTP in - there is no way CBAC can automatically do this for you as traffic is first processed by the ACL and must pass. So once the SMTP traffic is allowed
in, it is passed to the inspection list SMTP, which applys SMTP protocol-based inspection (and opens up any ACLs if necessary - in this
example this function is not required).
Note that in this example you could place the SMTP inspection list on the internal interface in the outbound direction as well. This is a better placement option if you had say a DMZ interface that was also
receiving SMTP mail for the internal SMTP server, as you would only require a single inspection point (outbound on the internal interface)
rather than inbound on the external and DMZ interfaces.
NAT Boost与游戏的Qos;哪个更好?Feb 19, 2024 pm 07:00 PM在当下几乎所有游戏都在线的情况下,忽视家庭网络的优化是不可取的。几乎所有路由器都配备了NATBoost和QoS功能,旨在提升用户的游戏体验。本文将探讨NATBoost和QoS的定义、优势和劣势。NATBoost与游戏的Qos;哪个更好?NATBoost,又称网络地址转换Boost,是一种内置于路由器的功能,可提升其性能。对于游戏而言尤为重要,因为它有助于减少网络延迟,即游戏设备和服务器之间数据传输的时间。通过优化路由器内的数据处理方式,NATBoost实现了更快的数据处理速度和更低的延迟,从而改
React Router使用指南:如何实现前端路由控制Sep 29, 2023 pm 05:45 PMReactRouter使用指南:如何实现前端路由控制随着单页应用的流行,前端路由成为了一个不可忽视的重要部分。ReactRouter作为React生态系统中最受欢迎的路由库,提供了丰富的功能和易用的API,使得前端路由的实现变得非常简单和灵活。本文将介绍ReactRouter的使用方法,并提供一些具体的代码示例。安装ReactRouter首先,我们需
揭秘 Python 中的 with 关键字Apr 14, 2023 am 11:31 AM我们中的许多人在 Python 代码中一遍又一遍地看到这个代码片段:with open('Hi.text', 'w') as f: f.write("Hello, there") 但是,我们中的一些人不知道 with 有什么用,以及为什么我们需要在这里使用它。在此阅读中,您将找到关于 with 可解决的几乎所有问题。让我们开始吧!首先,让我们考虑一下如果不使用 with 关键字我们需要做什么。在这种情况下,我们需要先打开文件并尝试执行 write。不管成功与否,我们最好在
Vue Router Lazy-Loading路由的独特优势,如何优化页面性能?Sep 15, 2023 am 10:36 AMVueRouter是Vue.js官方提供的路由管理插件,它可以帮助我们在Vue应用程序中实现页面导航和路由切换。其中的Lazy-Loading特性是VueRouter的一个独特优势,它可以极大地优化页面性能。在本文中,我们将介绍VueRouter的Lazy-Loading路由特性,并提供一些优化页面性能的实际代码示例。Lazy-Loading是指在需要
react router 不显示怎么办Dec 30, 2022 am 09:30 AMreact router不显示的解决办法:1、在父路由组件中加入browserRouter把router都包起来;2、使用“this.props.history.go()”进行组件刷新;3、在browserrouter参数里加上“forcerefresh={true}”;4、在“<Route>”里面写钩子函数,并在离开或进入此路由时调用即可。
如何实现防火墙NAT控制分析May 28, 2023 pm 01:04 PM一。NAT分类NATNo-pat:类似于Cisco的动态转换,只转化源IP地址,网络地址,不转化端口,属于多对多转换,不能节约公网IP地址,使用较少NAPT:(网络地址和端口转换)类似与Cisco的PAT转换,NAPT即转换报文的源地址,又转换源端口,出接口地址:(Easy-IP)转换方式简单,和NAPT一样,即转换源地址又转换源端口,属于多对一转换SmartNAT(智能转换):通过预留一个公网地址进行NAPT转换三元组NAT:与源IP地址,源du端口和协议类型有关的一种转换二,黑洞路由源地址转
如何实现虚拟机NAT模式上网May 20, 2023 pm 03:22 PM当使用vmware虚拟机学习linux的时候,通常遇到的问题就是宿主机不能正常通信,虚拟机不能正常上网,现在特写个详细配置,以后方便查阅当安装完vmware软件之后,要使用NAT模式必须有虚拟网卡VMnet8,这里以win10为例回到虚拟机设置:要使用nat模式,这里的vmnet8网卡必须连接使用上,两个灰色的勾勾都必须勾上,这里只需要确认是否启用了NAT模式,然后linux的网络配置如下:[root@zabbix~]#cat/etc/sysconfig/network-scripts/ifcf
设置VMware中CentOS系统的NAT网络连接的步骤Dec 30, 2023 pm 06:49 PMCentos6的Minimal下,网卡默认onboot="no",并且设置了依赖NetworkManager的选项,NM_CONTROLLED="yes",因为minimal的情况下并没有安装系统默认提供的网络管理工具NetworkManger。所以我们需要修改为:ONBOOT="yes"MM_Controlled="no"。手工编辑网卡的配置文件(vi/etc/sysconfig/network-script/ifcfg-e
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
SublimeText3 English version
Recommended: Win version, supports code prompts!
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
WebStorm Mac version
Useful JavaScript development tools
SublimeText3 Linux new version
SublimeText3 Linux latest version
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
