Two-interface Router With NAT-mysql教程-PHP中文網

首頁

資料庫

mysql教程

Two-interface Router With NAT

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 07, 2016 pm 03:04 PM

natrouterwith

2514 Router
　　Current configuration:
　　!
　　version 12.0
　　service timestamps debug uptime
　　service timestamps log uptime
　　no service password-encryption
　　!
　　hostname horton
　　!
　　enable secret 5 $1$GwRz$YS/82LXSYcgD1d5Nua9Ob1
　　enable password ww
　　!
　　ip subnet-zero
　　!
　　ip inspect name ethernetin cuseeme timeout 3600
　　ip inspect name ethernetin ftp timeout 3600
　　ip inspect name ethernetin h323 timeout 3600
　　ip inspect name ethernetin http timeout 3600
　　ip inspect name ethernetin rcmd timeout 3600
　　ip inspect name ethernetin realaudio timeout 3600
　　ip inspect name ethernetin smtp timeout 3600
　　ip inspect name ethernetin sqlnet timeout 3600
　　ip inspect name ethernetin streamworks timeout 3600
　　ip inspect name ethernetin tcp timeout 3600
　　ip inspect name ethernetin tftp timeout 30
　　ip inspect name ethernetin udp timeout 15
　　ip inspect name ethernetin vdolive timeout 3600
　　
　　!
　　interface Ethernet0
　　ip address 20.20.20.2 255.255.255.0
　　ip access-group 101 in
　　no ip directed-broadcast
　　ip nat inside
　　ip inspect ethernetin in
　　!
　　interface Ethernet1
　　no ip address
　　no ip directed-broadcast
　　shutdown
　　!
　　interface Serial0
　　ip address 150.150.150.1 255.255.255.0
　　ip access-group 112 in
　　no ip directed-broadcast
　　ip nat outside
　　clockrate 4000000
　　!
　　interface Serial1
　　no ip address
　　no ip directed-broadcast
　　shutdown
　　!
　　ip nat pool serialzero 150.150.150.3 150.150.150.255 netmask 255.255.255.0
　　ip nat inside source list 1 pool serialzero
　　ip classless
　　ip route 0.0.0.0 0.0.0.0 150.150.150.2
　　ip route 20.30.30.0 255.255.255.0 20.20.20.1
　　!
　　access-list 1 permit 20.0.0.0 0.255.255.255
　　access-list 101 permit tcp 20.0.0.0 0.255.255.255 any
　　access-list 101 permit udp 20.0.0.0 0.255.255.255 any
　　access-list 101 permit icmp 20.0.0.0 0.255.255.255 any
　　access-list 112 permit icmp any 150.150.150.0 0.0.0.255 unreachable
　　access-list 112 permit icmp any 150.150.150.0 0.0.0.255 echo-reply
　　access-list 112 permit icmp any 150.150.150.0 0.0.0.255 packet-too-big
　　access-list 112 permit icmp any 150.150.150.0 0.0.0.255 time-exceeded
　　access-list 112 permit icmp any 150.150.150.0 0.0.0.255 traceroute
　　access-list 112 permit icmp any 150.150.150.0 0.0.0.255 administratively-prohibited
　　access-list 112 permit icmp any 150.150.150.0 0.0.0.255 echo
　　access-list 112 permit tcp host 150.150.150.2 host 150.150.150.1 eq telnet
　　access-list 112 deny ip 127.0.0.0 0.255.255.255 any
　　access-list 112 deny ip any any
　　!
　　line con 0
　　transport input none
　　line aux 0
　　line vty 0 4
　　password ww
　　login
　　!
　　end
　　
　　
　　关于ip inspect name
　　if you deny SMTP mail on the external ACL, no external SMTP servers will ever be able to make a connection to the internal SMTP server.
　　
　　CBAC is totally independent of access lists - CBAC is associated with ACLs because one function of CBAC is to ensure return traffic of a
　　session is permitted back to the source - however don't confuse CBAC by thinking ACLs are required. If you apply an inspect list to an interface, inspection takes place, no matter what ACLs are or are not in place. However, remember that ACLs are processed first, so the ACL must allow through the appropriate traffic to be passed thru to the inspection list.
　　
　　I'm guessing your config would look something like this:
　　
　　! Internal Interface
　　Interface e0 ip inspect WEB inbound
　　
　　! External Interface
　　Interface e1 ip access-group 100 in
　　ip inspect SMTP inbound
　　
　　access-list 100 permit tcp any host x.x.x.x eq smtp
　　access-list 100 deny ip any any
　　
　　ip inspect name WEB http
　　ip inspect name WEB ftp
　　ip inspect name WEB smtp
　　ip inspect name WEB tcp
　　ip inspect name WEB udp
　　
　　ip inspect name SMTP smtp
　　
　　On your external ACL, you must have an opening to allow SMTP in - there is no way CBAC can automatically do this for you as traffic is first processed by the ACL and must pass. So once the SMTP traffic is allowed
　　in, it is passed to the inspection list SMTP, which applys SMTP protocol-based inspection (and opens up any ACLs if necessary - in this
　　example this function is not required).
　　
　　Note that in this example you could place the SMTP inspection list on the internal interface in the outbound direction as well. This is a better placement option if you had say a DMZ interface that was also
　　receiving SMTP mail for the internal SMTP server, as you would only require a single inspection point (outbound on the internal interface)
　　rather than inbound on the external and DMZ interfaces.
　　

陳述

本文內容由網友自願投稿，版權歸原作者所有。本站不承擔相應的法律責任。如發現涉嫌抄襲或侵權的內容，請聯絡admin@php.cn

MySQL如何處理數據複製？Apr 28, 2025 am 12:25 AM

MySQL通過異步、半同步和組複製三種模式處理數據複製。 1）異步複製性能高但可能丟失數據。 2）半同步複製提高數據安全性但增加延遲。 3）組複製支持多主複製和故障轉移，適用於高可用性需求。

您如何使用解釋性語句分析查詢性能？Apr 28, 2025 am 12:24 AM

EXPLAIN語句可用於分析和提升SQL查詢性能。 1.執行EXPLAIN語句查看查詢計劃。 2.分析輸出結果，關注訪問類型、索引使用情況和JOIN順序。 3.根據分析結果，創建或調整索引，優化JOIN操作，避免全表掃描，以提升查詢效率。

您如何備份並還原MySQL數據庫？Apr 28, 2025 am 12:23 AM

使用mysqldump進行邏輯備份和MySQLEnterpriseBackup進行熱備份是備份MySQL數據庫的有效方法。 1.使用mysqldump備份數據庫：mysqldump-uroot-pmydatabase>mydatabase_backup.sql。 2.使用MySQLEnterpriseBackup進行熱備份：mysqlbackup--user=root--password=password--backup-dir=/path/to/backupbackup。恢復時，使用相應的命

MySQL中慢速查詢的常見原因是什麼？Apr 28, 2025 am 12:18 AM

MySQL慢查詢的主要原因包括索引缺失或不當使用、查詢複雜度、數據量過大和硬件資源不足。優化建議包括：1.創建合適的索引；2.優化查詢語句；3.使用分錶分區技術；4.適當升級硬件。

MySQL中有什麼看法？Apr 28, 2025 am 12:04 AM

MySQL視圖是基於SQL查詢結果的虛擬表，不存儲數據。 1)視圖簡化複雜查詢，2)增強數據安全性，3)維護數據一致性。視圖是數據庫中的存儲查詢，可像表一樣使用，但數據動態生成。

MySQL和其他SQL方言之間的語法有什麼區別？Apr 27, 2025 am 12:26 AM

mysqldiffersfromothersqldialectsinsyntaxforlimit，自動啟動，弦樂範圍，子征服和表面上分析。 1）MySqluessLipslimit，whilesqlserverusestopopandoraclesrontersrontsrontsrontsronnum.2）

什麼是mysql分區？Apr 27, 2025 am 12:23 AM

MySQL分區能提升性能和簡化維護。 1）通過按特定標準（如日期範圍）將大表分成小塊，2）物理上將數據分成獨立文件，3）查詢時MySQL可專注於相關分區，4）查詢優化器可跳過不相關分區，5）選擇合適的分區策略並定期維護是關鍵。

您如何在MySQL中授予和撤銷特權？Apr 27, 2025 am 12:21 AM

在MySQL中，如何授予和撤銷權限？ 1.使用GRANT語句授予權限，如GRANTALLPRIVILEGESONdatabase_name.TO'username'@'host'；2.使用REVOKE語句撤銷權限，如REVOKEALLPRIVILEGESONdatabase_name.FROM'username'@'host'，確保及時溝通權限變更。

See all articles