求助:单光纤多IP问题
本帖最后由 vbufan 于 2009-11-22 23:13 编辑单位有条100M光纤。电信给了2个IP地址
A
IP:116.122.215.178 网关:116.122.215.177 子掩码 :255.255.255.252
B
IP:218.22.216.254 网关:218.22.216.253 子掩码:255.255.255.252
现在供我们访问互联网的IP是A地址 WEB服务器用的是B地址
WEB服务器连接在现在使用的这个路由器的LAN口上。且WEB服务器 网卡设的就是B的地址 和网关 。
因为现在这个路由器的功能太差想换ROUTEROS作为路由。求教在ROUTEROS下该这样设置。
以下为旧路由器(锐捷NBR1200)的配置。请注意看第43行
NBR1200>en
NBR1200#show run
Building configuration...
Current configuration : 1993 bytes
!
version 9.0 (building 8) for NBR
!
!
!
!
!
!
access-list 3198 deny tcp any any eq 135
access-list 3198 deny tcp any any eq 445
access-list 3198 permit ip any any
access-list 3199 deny icmp any any echo
access-list 3199 deny tcp any any eq 135
access-list 3199 deny tcp any any eq 445
access-list 3199 permit ip any any
access-list 2 permit 192.168.0.0 0.0.0.255
access-list 99 permit any
dialer-list 1 protocol ip permit
!
!
!
service sequence-numbers
service timestamps debug datetime
service timestamps log datetime
no service password-encryption
!
!
!
!
interface FastEthernet 0/0
ip nat inside
ip access-group 3198 in
no ip redirects
no ip mask-reply
no ip proxy-arp
ip address 192.168.0.1 255.255.255.0
ip address 218.22.216.253 255.255.255.252 secondary
!
interface FastEthernet 1/0
ip nat outside
ip access-group 3199 in
no ip redirects
no ip mask-reply
no ip proxy-arp
ip address 116.122.215.178 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet 1/1
duplex auto
speed auto
shutdown
!
interface Null 0
!
!
ip nat pool nbr_setup_build_pool prefix-length 24
address 116.122.215.178 116.122.215.178 match interface FastEthernet 1/0
!
ip nat inside source list 2 pool nbr_setup_build_pool
ip nat translation max-entries 7000
ip nat translation per-user 0.0.0.0 350
ip nat translation udp-timeout 150
ip nat translation icmp-timeout 30
ip nat translation tcp-timeout 600
ip nat translation finrst-timeout 20
ip nat translation dns-timeout 30
security anti-wan-attack level high
security anti-lan-attack
!
ip route 0.0.0.0 0.0.0.0 FastEthernet 1/0 116.122.215.177
!
line con 0
line vty 0
login
password 7 034433005f695b
line vty 1
login
password 7 14154e15784573
line vty 2
login
password 7 0244472f415166
line vty 3
login
password 7 14154e15784573
line vty 4
login
password 7 051f02265a784d
!
!
end
NBR1200#
没人看? 人气不够呢??? 郁闷啊 因为根本不知道你在问什么...扔掉你的锐捷,直接说你的环境以及你的需求即可 我知道他的意思,就是内网里面的一个电脑使用的是外网的地址,不经过nat,不知道ros能做到吗?海蜘蛛可以,m0n0也可以。 首先,锐捷是垃圾。不是靠教育市场早塌了。
其次,比较好奇,你们那里电信怎么给你两个不同IP地址段的地址。
其三,其实有些东西并不一定要局限在路由器上。 可以做到,但是你需要ISP给你做路由,我就是这么做的 这个问题我也想知道,顶起! 大概看了下
楼主的问题貌似不复杂
ROS上 WAN配置:116.122.215.178/30
LAN 配置:192.168.0.1/24 和 218.22.216.253/30
默认路由配置: dst-address=0.0.0.0/0 gateway=116.122.215.177
NAT配置: masquerade chain=srcnat src-address=192.168.0.0/24
-----------------------------------
至于为何这样配置你可以问问电信, 正常情况下电信的路由上已经配置了 ip route 0.0.0.0 218.22.216.253/30116.122.215.178 这样的一条路由
-----------------------------------
锐捷能现.海之猪这类网络共享器都能实现的应用.
ROS是路由, 是肯定没问题的,关键是你会不会配置.毋庸怀疑其能不能实现. ...
晕,不就是个ip secondary么。。。看我的。
/ip address
add address=192.168.150.1/24 broadcast=192.168.150.255 comment="" disabled=no \
interface=FastEthernet0/1 network=192.168.150.0
add address=192.168.27.254/24 broadcast=192.168.27.255 comment="" disabled=no \
interface=LAN network=192.168.27.0
add address=172.16.0.1/24 broadcast=172.16.0.255 comment="" disabled=no interface=\
FastEthernet0/1 network=172.16.0.0
add address=172.16.1.1/24 broadcast=172.16.1.255 comment="" disabled=no interface=\
FastEthernet0/1 network=172.16.1.0
add address=172.16.2.1/24 broadcast=172.16.2.255 comment="" disabled=no interface=\
FastEthernet0/1 network=172.16.2.0
add address=172.16.3.1/24 broadcast=172.16.3.255 comment="" disabled=no interface=\
FastEthernet0/1 network=172.16.3.0
add address=172.16.4.1/24 broadcast=172.16.4.255 comment="" disabled=no interface=\
FastEthernet0/1 network=172.16.4.0
add address=172.16.5.1/24 broadcast=172.16.5.255 comment="" disabled=no interface=\
FastEthernet0/1 network=172.16.5.0ip third,fourth,fifth,sixth,seventh……够用不。 真是太感谢各位了。。。
页:
[1]