ENSP2.0模拟NAT+Firewall+DNS+DHCP功能(最新整理)

1、一、实验拓扑：二、pc 的配置#sysname pc dhcp enable dns resolvedns server #interface gigabitethernet0/0/0 ip address dhcp-alloc三、网关路由器的配置#sysname gw #dhcp enable dns resolvedns server #acl number 3000rule 5 permit ip source 55acl number 3001rule 5 deny icmp icmp-type echorule

2、10 permit ip #firewall zone trust priority 10#firewall zone untrust priority 5#firewall zone local priority 15#firewall interzone trust untrust firewall enablepacket-filter 3001 inbound detect aspf ftpdetect aspf sip detect aspf rtsp detect aspf httpdetect aspf http java-blocking detect aspf http ac

3、tivex-blocking #interface gigabitethernet0/0/0ip address zone trustdhcp select interfacedhcp server dns-list #interface gigabitethernet0/0/1ip address nat outbound 3000 zone untrust#ip route-static gigabitethernet0/0/1 211.1.1.

4、1 #user-interface vty 0 4 authentication-mode passwordset authentication password cipher huawei user privilege level 3四、公网路由器的配置#sysname internet #ip host 00 ip host 00 #dns resolvedns server dns proxy enable #interface gigabitethernet0/

5、0/0ip address #interface null0 #interface loopback0ip address 00 #interface loopback1ip address 00 #interface loopback100ip address #user-interface vty 0 4 authentication-mode passwordset authenticati

6、on password cipher huawei user privilege level 3#五、测试 pc 上网ping ping : 56 data bytes, press ctrl_c to breakreply from 00: bytes=56 sequence=1 ttl=254 time=20 ms reply from 00: bytes=56 sequence=2 ttl=254 time=20 ms reply from 00: byt

7、es=56 sequence=3 ttl=254 time=10 ms reply from 00: bytes=56 sequence=4 ttl=254 time=10 ms reply from 00: bytes=56 sequence=5 ttl=254 time=30 ms- ping statistics - 5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 10/18/30 ms

8、telnet press ctrl_ to quit telnet mode trying 00 .connected to 00 . login authenticationpassword:huaweidis access-user info: no online user.dis ip inter bri*down: administratively downdown: standby (l): loopback (s): spoofingthe number of interface that is up i

9、n physical is 5 the number of interface that is down in physical is 1 the number of interface that is up in protocol is 5 the number of interface that is down in protocol is 1interfaceip address/maskphysical protocol gigabitethernet0/0/0/24upup gigabitethernet0/0/1unassigneddowndown loopbac

10、k000/24 upup(s)loopback100/24 upup(s)loopback100/24upup(s) null0unassignedupup(s)六、测试网关的状态gwdis nat session allnat session table information: protocol: icmp(1)srcaddr vpn: 54 destaddr vpn: 00type code icmpid : 0 8 43997 nat-infonew srcaddr: 2

11、new destaddr: -new icmpid10255protocol: tcp(6)srcaddr port vpn : 54 46273destaddr port vpn : 00 5888 nat-infonew srcaddr: new srcport10253new destaddr: -new destport: -protocol: udp(17)srcaddr port vpn : 54 7109destaddr port vpn : 13568na

12、t-infogwdis firewall session allfirewall session table information: protocol: tcp(6)srcaddr port vpn : 54 46273destaddr port vpn : 00 5888 firewall-infoinzone: trustoutzone: untrustprotocol: udp(17)srcaddr port vpn : 54 7109destaddr port vpn : 13568firewal

13、l-infoinzone: trustoutzone: untrustprotocol: udp(17)srcaddr port vpn : 54 2245destaddr port vpn : 13568firewall-infoinzone: trustoutzone: untrustprotocol: udp(17)srcaddr port vpn : 54 33990destaddr port vpn : 13568firewall-infoinzone: trustoutzone: untrustprotoc

14、ol: udp(17)srcaddr port vpn : 54 4806destaddr port vpn : 13568firewall-infoinzone: trustoutzone: untrustprotocol: udp(17)srcaddr port vpn : 54 4038destaddr portfirewall-info inzonevpn : : trust13568outzoneprotocol: untrust: tcp(6)srcaddr port vpn : 5

15、4 21700destaddr port vpn : 00 5888 firewall-info“”“”at the end, xiao bian gives you a passage. minand once said, people who learn to learn are very happy people. in every wonderful life, learning is an eternal theme. as a professional clerical and teaching position, i understand the importance of continuous learning, life is diligent, nothing can be gained, only continuous learning can achieve better self. only by constantly learning and mastering the latest relevant knowledge, can employees from all w