zokii
Slavan
- Učlanjen(a)
- 26.05.2006
- Poruke
- 124
- Poena
- 319
treba mi mala pomoć naime, iz config fajla rutera sam izvukao podatke koje bi trebalo da "prevedem", odnosno da napišem u obliku "ta-i-ta-linija-radi-to-i-to"... pa evo
Ovde imamo NAT-ovanje
ovde je u pitanju ACL... ono kako ja treba da "prevedem" izgleda ovako: u pitanju je tip IP Named ACL, odnosno imenovane IP liste proširenog tipa koja radi-to-i-to, linija ta-i-ta dopušta/odbija to-i-to.... kapirate valjda
drugi ACL koji bi trebalo "prevesti" izgleda ovako
dakleM, moli se neka dobra duša koja će mi pomoću u ovome ASAP!
Ovde imamo NAT-ovanje
ip nat pool nat-10 10.1.1.8 10.1.1.15 netmask 255.255.255.248
ip nat inside source list 10 pool nat-10
ip nat inside source list 11 interface Ethernet1/0 overload
ip nat inside source static 172.27.1.2 10.1.1.3
ovde je u pitanju ACL... ono kako ja treba da "prevedem" izgleda ovako: u pitanju je tip IP Named ACL, odnosno imenovane IP liste proširenog tipa koja radi-to-i-to, linija ta-i-ta dopušta/odbija to-i-to.... kapirate valjda
ip access-list extended inboundfilters
deny ip any 172.27.1.0 0.0.0.255
permit ip any any
deny ip any any
access-list 10 remark ACL for Dynamic NAT 172.27.1.8/29
access-list 10 permit 172.27.1.8 0.0.0.3
access-list 11 remark ACL for Static NAT 172.27.1.2
access-list 11 permit 172.27.1.50
drugi ACL koji bi trebalo "prevesti" izgleda ovako
ip access-list extended inboundfilters
remark ** Allow 10.1.1.0/24 to e0/0 for ssh/telnet to login, get run config,
remark ** or initiate dynamic ACL to 10.2.2.2
permit tcp 10.1.1.0 0.0.0.255 host 10.1.1.25 eq telnet
remark ** Dynamic ACL for IP to 10.2.2.2
remark ** username = dynamicuser
dynamic dynalist timeout 15 permit ip 10.1.1.0 0.0.0.255 host 10.2.2.2
remark ** Allow ICMP echo-replies ... hopefully from ICMP echo-request that went outbound before
permit icmp 10.1.1.0 0.0.0.255 any echo-reply
remark ** Evaluate TCP traffic from Dynamic ACL tcptraffic (e.g. established)
evaluate tcptraffic
remark ** Deny all rule for visible accounting
deny ip any any
ip access-list extended outboundfilters
remark ** Allow router e0/0 out to any
permit ip host 10.1.1.1 any
remark ** Allow ICMP traffic from 10.2.2.0/24 out to any
permit icmp 10.2.2.0 0.0.0.255 any
remark ** Allow tcp traffic out for dynamic ACL
permit tcp 10.2.2.0 0.0.0.255 any reflect tcptraffic
remark ** Deny all rule for visible accounting
deny ip any any
dakleM, moli se neka dobra duša koja će mi pomoću u ovome ASAP!