 |
Cisco PIX 端口影射 |
|
|
| Cisco PIX 端口影射 |
|
| 作者:佚名 文章来源:不详 点击数: 更新时间:2007-1-23 21:27:17 |
|
原来的配置可以正常使用,但外部对所有端口都映射都被 nat 到 192.168.1.1 ,现根据领导要求要建立 ftp 服务和 bbs ,所以想让外部对相关的端口的访问被 nat 到另外一台机器,如 192.168.1.2 ,大家不要问为什么, web 服务器的负担够重的了,我用的是初能防火墙 pix506E
原来配置如下:
PIX Version 6.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pix
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
access-list aa permit tcp any host 10.3.0.226 eq 2025
access-list aa permit tcp any host 10.3.0.226 eq 8080
access-list aa permit tcp any host 10.3.0.226 eq 3101
access-list aa permit tcp any host 10.3.0.226 eq 3121
access-list aa permit tcp any host 10.3.0.226 eq
access-list aa permit tcp any host 10.3.0.226 eq 3122
access-list aa permit tcp any host 10.3.0.226 eq 1041
access-list aa permit tcp any host 10.3.0.226 eq 1042
access-list aa permit tcp any host 10.3.0.226 eq 1043
access-list aa permit tcp any host 10.3.0.226 eq 1044
access-list aa permit tcp any host 10.3.0.226 eq 1045
access-list aa permit tcp any host 10.3.0.226 eq 1046
access-list aa permit tcp any host 10.3.0.226 eq 1047
access-list aa permit tcp any host 10.3.0.226 eq 1048
access-list aa permit tcp any h
pager lines 24
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 10.3.0.228 255.255.255.248
ip address inside 192.168.1.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 10.3.0.229
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 10.3.0.226 192.168.1.1 netmask 255.255.255.255 0 0
static (inside,outside) 10.3.0.227 192.168.1.2 netmask 255.255.255.255 0 0
access-group aa in interface outside
route outside 0.0.0.0 0.0.0.0 10.3.0.225 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 5
ssh timeout 5
terminal width 80
Cryptochecksum:4006d253c29a8aad68ab75ae619234bf
: end
[OK] 【转自世纪安全网 http://www.21safe.com】
|
|
| 文章录入:admin 责任编辑:admin |
|
|
上一篇文章: Cisco PIX 的特点、管理和配置
下一篇文章: Cisco PIX 的配置和安装流程 |
|
|
| 【字体:小 大】【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口】 |
|
|
 网友评论:(只显示最新10条。评论内容只代表网友观点,与本站立场无关!) |
|
|
|
|
|
