Re: NAT and access-lists problem
Отправлено: Valek on September 28, 1999 at 10:58:13:
В ответ на: Re: NAT and access-lists problem posted by Konstantin Gribakh on September 28, 1999 at 09:49:56:
> Для начала, хорошо бы посмотреть на существующую конфигурацию.
Ugu...
Mne ne nravitsja "established" v 13 stroke, Olga ne soglasna... ip nat translation timeout 10000
ip nat pool user-guard 195.xxx.xxx.xxx 195.xxx.xxx.yyy netmask 255.255.255.240
ip nat inside source list 1 pool user-guard overload interface Ethernet0
ip address 192.168.xxx.xxx 255.255.255.0
ip nat inside interface Serial0.1
ip address 195.aaa.bbb.ccc 255.255.255.252
ip access-group 101 in
ip nat outside access-list 101 deny ip 192.168.0.0 0.0.255.255 any log
access-list 101 deny ip 172.16.0.0 0.15.255.255 any log
access-list 101 deny ip 10.0.0.0 0.255.255.255 any log
access-list 101 deny ip any 192.168.0.0 0.0.255.255 log
access-list 101 deny ip any 172.16.0.0 0.15.255.255 log
access-list 101 deny ip any 10.0.0.0 0.255.255.255 log
access-list 101 deny ip 127.0.0.0 0.255.255.255 any log
access-list 101 deny ip 255.0.0.0 0.255.255.255 any log
access-list 101 deny ip 224.0.0.0 15.255.255.255 any log
access-list 101 deny ip host 0.0.0.0 any log
access-list 101 deny ip 195.xxx.xxx.xxx 0.0.0.15 any log
access-list 101 deny ip host 195.aaa.bbb.ccc any log
access-list 101 permit tcp any 195.xxx.xxx.xxx 0.0.0.15 gt 1023 established
access-list 101 permit udp any eq 4000 195.xxx.xxx.xxx 0.0.0.15 gt 1023
access-list 101 deny tcp any any range 2000 2003 log
access-list 101 deny tcp any any range 6000 6003 log
access-list 101 deny tcp any any eq 2049
access-list 101 deny udp any any eq 204
access-list 101 permit udp any eq domain 195.xxx.xxx.xxx 0.0.0.15 gt 1023
access-list 101 permit tcp any eq ftp-data any gt 1023
access-list 101 permit icmp any any
access-list 101 deny ip any any log
Отклики:
Написать ответ
| 
