一丝不挂 2007-10-27 10:28
发一个瑞捷路由器的配置。
希望大家帮助解释一下
[quote]
Building configuration...
Current configuration : 2510 bytes
!
version 9.10 (building 11) for NBR
enable secret 5 $1$yhN3$E940ys91EuFpp148
no co-operate enable
!
!
!
!
!
!
access-list 3198 deny tcp any any eq 135
access-list 3198 deny tcp any any eq 445
access-list 3198 permit ip any any
access-list 3199 deny icmp any any echo
access-list 3199 deny tcp any any eq 135
access-list 3199 deny tcp any any eq 445
access-list 3199 permit ip any any
access-list 99 permit any
dialer-list 1 protocol ip permit
!
!
!
service sequence-numbers
service timestamps debug datetime
service timestamps log datetime
no service password-encryption
!
!
!
!
interface FastEthernet 0/2
no arp trust-monitor enable
duplex auto
speed auto
shutdown
!
interface Null 0
!
interface GigabitEthernet 0/0
ip nat inside
ip access-group 3198 in
no ip redirects
no ip mask-reply
no ip proxy-arp
mac-ip bind
arp gratuitous-send interval 1 5
arp trust-monitor enable
duplex auto
speed auto
!
interface GigabitEthernet 0/0.1
encapsulation dot1Q 2
ip nat inside
ip address 192.168.1.1 255.255.255.0
arp trust-monitor enable
!
interface GigabitEthernet 0/0.2
encapsulation dot1Q 3
ip nat inside
ip address 192.168.2.1 255.255.255.0
arp trust-monitor enable
!
interface GigabitEthernet 0/1
ip nat outside
ip access-group 3199 in
no ip redirects
no ip mask-reply
no ip proxy-arp
ip address 218.7.41.70 255.255.255.252
no arp trust-monitor enable
duplex auto
speed auto
bandwidth 100000
!
!
ip nat pool nbr_setup_build_pool prefix-length 24
address 218.7.41.70 218.7.41.70 match interface GigabitEthernet 0/1
!
ip nat inside source list 99 pool nbr_setup_build_pool
ip nat application qq 1024
ip nat translation per-ip 0.0.0.0 800
ip nat translation rate-limit iprange 192.168.2.50 192.168.2.250 inbound 3000 outbound 3000
ip nat translation rate-limit iprange 192.168.1.3 192.168.1.253 inbound 3000 outbound 3000
ip nat translation udp-timeout 150
ip nat translation icmp-timeout 30
ip nat translation tcp-timeout 600
ip nat translation finrst-timeout 20
ip nat translation dns-timeout 30
arp attacker-detect enable
security anti-wan-attack level high
security anti-lan-attack drop
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet 0/1 218.7.41.69
!
line con 0
line vty 0
login
password 7 01334157310951665a
line vty 1
login
password 7 1316105e0b30457375
line vty 2
login
password 7 1401481927037c745c
line vty 3 4
login
password 7 06153c172904457f5c
!
!
end
[/quote]
luodi815 2007-12-10 14:53
好
好好好好好好好好好好好好好好好好
shi173125 2007-12-13 22:53
看了看 呵呵 你自己做的吗
10011981 2008-3-9 11:27
这个地方不懂。
ip nat inside source list 99 pool nbr_setup_build_pool
ip nat application qq 1024
ip nat translation per-ip 0.0.0.0 800
ip nat translation rate-limit iprange 192.168.2.50 192.168.2.250 inbound 3000 outbound 3000
ip nat translation rate-limit iprange 192.168.1.3 192.168.1.253 inbound 3000 outbound 3000
ip nat translation udp-timeout 150
ip nat translation icmp-timeout 30
ip nat translation tcp-timeout 600
ip nat translation finrst-timeout 20
ip nat translation dns-timeout 30
arp attacker-detect enable
security anti-wan-attack level high
security anti-lan-attack drop
