一、实验拓扑:
二、PC的配置#
sysname PC
dhcp enable
dns resolve
dns server 8.8.8.8
#
interface GigabitEthernet0/0/0
ip address dhcp-alloc
三、网关路由器的配置
#
sysname GW
#
dhcp enable
dns resolve
dns server 8.8.8.8
#
acl number 3000
rule 5 permit ip source 192.168.10.0 0.0.0.255
acl number 3001
rule 5 deny icmp icmp-type echo
rule 10 permit ip
#
firewall zone trust
priority 10
#
firewall zone untrust
priority 5
#
firewall zone Local
priority 15
#
firewall interzone trust untrust
firewall enable
packet-filter 3001 inbound
detect aspf ftp
detect aspf sip
detect aspf rtsp
detect aspf http
detect aspf http java-blocking
detect aspf http activex-blocking
#
interface GigabitEthernet0/0/0
ip address 192.168.10.1 255.255.255.0
zone trust
dhcp select interface
dhcp server dns-list 8.8.8.8
#
interface GigabitEthernet0/0/1
ip address 211.1.1.2 255.255.255.0
nat outbound 3000
zone untrust
#
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1 211.1.1.1
#
user-interface vty 0 4
authentication-mode password
set authentication password cipher huawei
user privilege level 3
四、公网路由器的配置
#
sysname INTERNET
#
ip host www.baidu.com 100.100.100.100
ip host www.google.com 200.200.200.200
#
dns resolve
dns server 8.8.8.8
dns proxy enable
#
interface GigabitEthernet0/0/0
ip address 211.1.1.1 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 100.100.100.100 255.255.255.0
#
interface LoopBack1
ip address 200.200.200.200 255.255.255.0
#
interface LoopBack100
ip address 8.8.8.8 255.255.255.0
#
user-interface vty 0 4
authentication-mode password
set authentication password cipher huawei
user privilege level 3
#
五、测试PC上网<C>ping www.google.com
PING www.google.com: 56 data bytes, press CTRL_C to break
Reply from 200.200.200.200: bytes=56 Sequence=1 ttl=254 time=20 ms
Reply from 200.200.200.200: bytes=56 Sequence=2 ttl=254 time=20 ms
Reply from 200.200.200.200: bytes=56 Sequence=3 ttl=254 time=10 ms
Reply from 200.200.200.200: bytes=56 Sequence=4 ttl=254 time=10 ms
Reply from 200.200.200.200: bytes=56 Sequence=5 ttl=254 time=30 ms
--- www.google.com ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/18/30 ms
<C>telnet www.baidu.com
Press CTRL_] to quit telnet mode
Trying 100.100.100.100 ...
Connected to 100.100.100.100 ...
Login authentication
Password:huawei
<INTERNET>dis access-user
Info: No online user.
<INTERNET>dis ip inter bri
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 211.1.1.1/24 up up
GigabitEthernet0/0/1 unassigned down down
LoopBack0 100.100.100.100/24 up up(s)
LoopBack1 200.200.200.200/24 up up(s)
LoopBack100 8.8.8.8/24 up up(s)
NULL0 unassigned up up(s)
<INTERNET>
六、测试网关的状态[GW]dis nat session all
NAT Session Table Information:
Protocol : ICMP(1)
SrcAddr Vpn : 192.168.10.254
DestAddr Vpn : 200.200.200.200
Type Code IcmpId : 0 8 43997
NAT-Info
New SrcAddr : 211.1.1.2
New DestAddr : ----
New IcmpId : 10255
Protocol : TCP(6)
SrcAddr Port Vpn : 192.168.10.254 46273
DestAddr Port Vpn : 100.100.100.100 5888
NAT-Info
New SrcAddr : 211.1.1.2
New SrcPort : 10253
New DestAddr : ----
New DestPort : ----
Protocol : UDP(17)
SrcAddr Port Vpn : 192.168.10.254 7109
DestAddr Port Vpn : 8.8.8.8 13568
NAT-Info
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2014-2-19 13:54:26
C>ping 
置顶卡
喧嚣卡
变色卡
千斤顶
发表于 2014-3-6 22:37:24
