超短裤美女视频,日本美女后入式视频,性感美女啪啪视频一千部

Centos 5.6 NAT服務(wù)器總結(jié)

2015.11.20

備工作：

1.核心交換機H3C S5500 vlan劃分10,20,30,40,50,60,70 七個vlan

2.安裝centos 5.6服務(wù)器配置ip地址為外網(wǎng)eth0地址為192.168.200.9 子網(wǎng)掩碼為255.255.255.0 網(wǎng)關(guān)為192.168.200.96 dns為202.101.172.46，eth1內(nèi)網(wǎng)地址無。

3.外網(wǎng)為eth0，內(nèi)網(wǎng)為eth1,物理連接eth1連接交換機的 trunk口。

1.首先配置H3C S5500核心交換機劃分7個VLAN，利用SecureCRT連接交換機器如圖所示：

<H3C>dis cu //進入交換機首先查看默認配置如下：

#
version 5.20, Release 2202P19
#
sysname H3C
#
domain default enable system
#
telnet server enable
#
undo ip ttl-expires
#
vlan 1
#
radius scheme system
server-type extended
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
#
interface NULL0
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
#
interface GigabitEthernet1/0/12
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
#
interface GigabitEthernet1/0/16
#
interface GigabitEthernet1/0/17
#
interface GigabitEthernet1/0/18
#
interface GigabitEthernet1/0/19
#
interface GigabitEthernet1/0/20
#
interface GigabitEthernet1/0/21
#
interface GigabitEthernet1/0/22
#
interface GigabitEthernet1/0/23
#
interface GigabitEthernet1/0/24
#
interface GigabitEthernet1/0/25
shutdown
#
interface GigabitEthernet1/0/26
shutdown
#
interface GigabitEthernet1/0/27
shutdown
#
interface GigabitEthernet1/0/28
shutdown
#
user-interface aux 0
user-interface vty 0 4
#
return

<H3C>system-view //進入視圖模式創(chuàng)建vlan 10,20,30,40,50,60,70 每個vlan成員端口為2個。
System View: return to User View with Ctrl+Z.

[H3C]vlan 10//創(chuàng)建vlan10和直接進入vlan10視圖模式
[H3C-vlan10]port GigabitEthernet 1/0/1 to GigabitEthernet 1/0/2 //把1-2端口加入vlan10

[H3C-vlan10]vlan 20
[H3C-vlan20]port GigabitEthernet 1/0/3 to GigabitEthernet 1/0/4

[H3C-vlan20]vlan 30
[H3C-vlan30]port GigabitEthernet 1/0/5 to GigabitEthernet 1/0/6

[H3C-vlan30]vlan 40
[H3C-vlan40]port GigabitEthernet 1/0/7 to GigabitEthernet 1/0/8

[H3C-vlan40]vlan 50
[H3C-vlan50]port GigabitEthernet 1/0/9 to GigabitEthernet 1/0/10

[H3C-vlan50]vlan 60
[H3C-vlan60]port GigabitEthernet 1/0/11 to GigabitEthernet 1/0/12

[H3C-vlan60]VLAN 70
[H3C-vlan70]port GigabitEthernet 1/0/13 to GigabitEthernet 1/0/14

[H3C]interface GigabitEthernet 1/0/15 //進入1/0/15以太網(wǎng)端口視圖

[H3C-GigabitEthernet1/0/15]port link-type trunk //設(shè)置15端口為trunk模式

[H3C-GigabitEthernet1/0/15]port trunk permit vlan all //設(shè)置15端口所有vlan都能通過
Please wait........................................... Done.

2.配置vlan的ip地址

[H3C]system-view//進入視圖模式

[H3C]interface vlan 1//進入vlan 1接口模式

[H3C-Vlan-interface1]ip address 192.168.10.10 255.255.0.0//設(shè)置ip地址和子網(wǎng)掩碼

[H3C-Vlan-interface1]quit

[H3C]ip route-static 0.0.0.0 0.0.0.0 192.168.20.254

3.配置web用戶

[H3C] local-user admin //添加用戶admin

[H3C-luser-admin] service-type telnet //服務(wù)類型為telnet

[H3C-luser-admin] password simple admin //設(shè)置密碼為admin

[H3C-luser-admin] authorization-attribute level 3 //設(shè)置認證級別為3,0到3數(shù)字越小級別越低

4.telnet配置

<H3C> system-view//進入視圖模式

[H3C-ui-vty0-4] user-interface vty 0 4 //進入虛擬終端 0 4

[H3C-ui-vty0-4] authentication-mode password //設(shè)置認證方式為密碼驗證方式為password

[H3C-ui-vty0-4] set authentication password simple 123456 設(shè)置登陸驗證的password為明文密碼”123456”也可以用cipher加密模式

[H3C-ui-vty0-4] user privilege level 3 配置登陸用戶的級別為最高級別3(缺省為級別1)

[H3C] save //最后別忘記save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
Validating file. Please wait...........
Configuration is saved to device successfully.

Centos5.6服務(wù)器配置

1.[root@localhost zhh]# rpm -q vconfig //查看vconfig軟件包是否存在不存在用yum -y install vconfig來安裝即可。
vconfig-1.9-3

2.[root@localhost zhh]# yum -y install dhcp//安裝dhcp服務(wù)

[root@localhost zhh]# chkconfig dhcpd off //關(guān)閉啟動服務(wù)首先要先啟動腳本vlan.sh，如果反過來dhpcd啟動就會失敗。

3.[root@localhost zhh]# cat vlan.sh //查看vlan.sh的腳本也就是添加vlan 10,20.30.40.50.60.70段vid一定要和你交換機創(chuàng)建的vlan名字一樣
#!/bin/sh

vconfig add eth1 10
vconfig add eth1 20
vconfig add eth1 30
vconfig add eth1 40
vconfig add eth1 50
vconfig add eth1 60
vconfig add eth1 70
ifconfig eth1.10 192.168.10.254 netmask 255.255.255.0
ifconfig eth1.20 192.168.20.254 netmask 255.255.255.0
ifconfig eth1.30 192.168.30.254 netmask 255.255.255.0
ifconfig eth1.40 192.168.40.254 netmask 255.255.255.0
ifconfig eth1.50 192.168.50.254 netmask 255.255.255.0
ifconfig eth1.60 192.168.60.254 netmask 255.255.255.0
ifconfig eth1.70 192.168.70.254 netmask 255.255.255.0

/etc/rc.d/init.d/dhcpd stop
/etc/rc.d/init.d/dhcpd start
sh /root/zhh/iptables

4.[root@localhost zhh]# cat /etc/dhcpd.conf //dhcpd.conf配置文件如下：

# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.sample
#
ddns-update-style interim;
ignore client-updates;

#//192.168.10.* //設(shè)置10段網(wǎng)絡(luò)的ip地址池
subnet 192.168.10.0 netmask 255.255.255.0 { //subnet一個子網(wǎng)中的客戶端，動態(tài)地指定ip地址，則在此subnet聲明中，必須包含一組ip地址范圍。
option routers 192.168.10.254; //網(wǎng)關(guān)地址
option subnet-mask 255.255.255.0; //子網(wǎng)掩碼
option broadcast-address 192.168.10.255; //廣播地址
option domain-name-servers 202.101.172.35;//dns ip地址
range dynamic-bootp 192.168.10.100 192.168.10.200; //地址池pool范圍地址
default-lease-time 21600; //默認的ip租用時間期限單位為秒
max-lease-time 43200; //ip租用最長的期限單位為秒
}
#//

#//192.168.20.*
subnet 192.168.20.0 netmask 255.255.255.0 {
option routers 192.168.20.254;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.20.255;
option domain-name-servers 202.101.172.35;
range dynamic-bootp 192.168.20.100 192.168.20.210;
default-lease-time 21600;
max-lease-time 43200;
}
#//
#//192.168.30.*
subnet 192.168.30.0 netmask 255.255.255.0 {
option routers 192.168.30.254;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.30.255;
option domain-name-servers 202.101.172.35;
range dynamic-bootp 192.168.30.100 192.168.30.250;
default-lease-time 21600;
max-lease-time 43200;
}
#//
#//192.168.40.*
subnet 192.168.40.0 netmask 255.255.255.0 {
option routers 192.168.40.254;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.40.255;
option domain-name-servers 202.101.172.35;
range dynamic-bootp 192.168.40.100 192.168.40.180;
default-lease-time 21600;
max-lease-time 43200;
}
#//
#//192.168.50.*
subnet 192.168.50.0 netmask 255.255.255.0 {
option routers 192.168.50.254;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.50.255;
option domain-name-servers 202.101.172.35;
range dynamic-bootp 192.168.50.100 192.168.50.180;
default-lease-time 21600;
max-lease-time 43200;
}
#//
#//192.168.60.*
subnet 192.168.60.0 netmask 255.255.255.0 {
option routers 192.168.60.254;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.60.255;
option domain-name-servers 202.101.172.35;
range dynamic-bootp 192.168.60.100 192.168.60.140;
default-lease-time 21600;
max-lease-time 43200;
}
#//
#//192.168.70.*
subnet 192.168.70.0 netmask 255.255.255.0 {
option routers 192.168.70.254;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.70.255;
option domain-name-servers 202.101.172.35;
range dynamic-bootp 192.168.70.100 192.168.70.150;
default-lease-time 21600;
max-lease-time 43200;
}
#//

5.配置iptables NAT腳本如下：

[root@localhost zhh]# cat iptables
#!/bin/sh

MODPROBE=/sbin/modprobe //加載模塊
IPTABLES=/sbin/iptables

#modprobe
$MODPROBE ip_tables > /dev/null 2>&1
$MODPROBE iptable_nat > /dev/null 2>&1
$MODPROBE ip_nat_ftp > /dev/null 2>&1
$MODPROBE ip_nat_irc > /dev/null 2>&1
$MODPROBE ip_conntrack > /dev/null 2>&1
$MODPROBE ip_conntrack_ftp > /dev/null 2>&1
$MODPROBE ip_conntrack_irc > /dev/null 2>&1

#clear old rules//清理原規(guī)則
$IPTABLES -F
$IPTABLES -X
$IPTABLES -Z
$IPTABLES -F -t nat
$IPTABLES -X -t nat
$IPTABLES -Z -t nat
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD DROP
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
iptables -I INPUT -p gre -j ACCEPT

# Open ip_forwad//打開轉(zhuǎn)發(fā)功能
echo "1" > /proc/sys/net/ipv4/ip_forward

$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#$IPTABLES -A FORWARD -p udp -j ACCEPT

# Lan//局域網(wǎng)
for LAN in 192.168.0.0/16
do
$IPTABLES -A INPUT -p udp -s $LAN -m multiport --destination-ports 22 -j ACCEPT
$IPTABLES -A FORWARD -p udp -s $LAN -m multiport --destination-ports 5000,1701,1723,8001,7001,53,1755,8005,801,873 -j ACCEPT
$IPTABLES -A FORWARD -p udp -s $LAN -m multiport --destination-ports 5060,5063,10000,10001,12000,12001,20000,20001,22000,22001 -j ACCEPT
$IPTABLES -A FORWARD -p udp -s $LAN -m multiport --destination-ports 30000,30001,32000,32001,3388,7708 -j ACCEPT

$IPTABLES -A FORWARD -p icmp -s $LAN -j ACCEPT

$IPTABLES -A FORWARD -p tcp -s $LAN -m multiport  --destination-ports 110,80,123,1701,2095,8001,3389,8181,2121,8005,801,1723 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $LAN -m multiport  --destination-ports 21,22,25,81,82,8080,443,1433,3214,1503,3128,3388,5632,5631 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $LAN -m multiport  --destination-ports 5050,7708 -j ACCEPT

$IPTABLES -t nat -A POSTROUTING -s $LAN -o eth0 -j SNAT --to 192.168.200.9 //啟動NAT功能，192.168.200.9為進線地址如果電信給的靜態(tài)ip就寫電信給的靜態(tài)ip即可.
done

6.[root@localhost zhh]# echo "sh /root/zhh/vlan.sh">>/etc/rc.local //把vlan.sh腳本放進/etc/rc.local讓系統(tǒng)開機啟動執(zhí)行。
[root@localhost zhh]# cat /etc/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local

sh /root/zhh/vlan.sh

7.管理NAT服務(wù)器

[root@localhost ~]# iptables -L -n //查看iptables input,output,forward策略
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     47   --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  192.168.30.60        0.0.0.0/0
ACCEPT     udp  --  192.168.10.10        0.0.0.0/0
ACCEPT     all  --  192.168.0.0/16       0.0.0.0/0
ACCEPT     udp  --  192.168.0.0/16       0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  192.168.0.0/16       0.0.0.0/0           multiport dports 22

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     udp  --  192.168.30.60        0.0.0.0/0
ACCEPT     udp  --  192.168.10.10        0.0.0.0/0
ACCEPT     all  --  192.168.0.0/16       0.0.0.0/0
ACCEPT     udp  --  192.168.0.0/16       0.0.0.0/0           multiport dports 5000,1701,1723,8001,7001,53,1755,8005,801,873
ACCEPT     udp  --  192.168.0.0/16       0.0.0.0/0           multiport dports 5060,5063,10000,10001,12000,12001,20000,20001,22000,22001
ACCEPT     udp  --  192.168.0.0/16       0.0.0.0/0           multiport dports 30000,30001,32000,32001,3388,7708
ACCEPT     icmp --  192.168.0.0/16       0.0.0.0/0
ACCEPT     tcp  --  192.168.0.0/16       0.0.0.0/0           multiport dports 110,80,123,1701,2095,8001,3389,8181,2121,8005,801,1723
ACCEPT     tcp  --  192.168.0.0/16       0.0.0.0/0           multiport dports 21,22,25,81,82,8080,443,1433,3214,1503,3128,3388,5632,5631
ACCEPT     tcp  --  192.168.0.0/16       0.0.0.0/0           multiport dports 5050,7708

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

[root@localhost ~]# iptables -L -t nat //查看nat表POSTROUTING，以下已經(jīng)說明客戶端可以上網(wǎng)了。
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 192.168.0.0/16 anywhere to:192.168.200.9

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

[root@localhost ~]# yum -y install iptraf //安裝iptraf流量監(jiān)控軟件然后執(zhí)行iptraf如下所示菜單

IP traffic monitor
General interface statistics
Detailed interface statistics
Statistical breakdowns..
LAN station monitor
Filters...
Configure...
Exit

本站僅提供存儲服務(wù)，所有內(nèi)容均由用戶發(fā)布，如發(fā)現(xiàn)有害或侵權(quán)內(nèi)容，請點擊舉報。

打開APP，閱讀全文并永久保存查看更多類似文章

將你的Archlinux打造成路由器

macvlan 網(wǎng)絡(luò)隔離和連通

微妙的vlan技術(shù)你知道嗎？

H3C S5500三層交換機劃分Vlan與H3C路由組網(wǎng)

華為交換機三種劃分vlan的方法

vyatta 6.4 的設(shè)置

更多類似文章 >>

国产一级a片免费看高清,亚洲熟女中文字幕在线视频,黄三级高清在线播放,免费黄色视频在线看