- 论坛徽章:
- 0
|
路由器:cisco2600
interface FastEthernet0/0
ip address 218.12.35.178 255.255.255.248
ip access-group 188 in
no ip directed-broadcast
ip nat outside
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.10.1.254 255.255.255.0 secondary
ip address 192.168.0.254 255.255.255.0
ip access-group 101 in
no ip directed-broadcast
ip nat inside
shutdown
duplex auto
speed auto
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 218.12.35.177
no ip http server
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 10.10.1.0 0.0.0.255
access-list 90 permit 218.12.50.1
access-list 90 permit 218.12.35.112 0.0.0.15
access-list 90 permit 192.168.0.0 0.0.0.255
access-list 101 deny tcp any any eq 135
access-list 101 deny tcp any any eq 445
access-list 101 deny tcp any any eq 1434
access-list 101 deny tcp any any eq 139
access-list 101 deny tcp any any eq 138
access-list 101 deny tcp any any eq 1433
access-list 101 deny tcp any any eq 1025
access-list 101 deny tcp any any eq 3127
access-list 101 deny tcp any any eq 6129
access-list 101 deny tcp any any eq 2745
access-list 101 permit ip any any
access-list 188 permit tcp any host 218.12.35.179 eq www
access-list 188 permit tcp any host 218.12.35.179 eq ftp
access-list 188 permit tcp any host 218.12.35.179 eq ftp-data
access-list 188 deny ip any host 218.12.38.179
access-list 188 permit ip any any
!
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/22713/showart_171504.html |
|
免费注册
发表于 2006-09-15 10:17