ROS域名问题
/ip firewall filter add chain=forward src-address=192.168.1.1 dst-address= 98.126.147.250 protocol=tcp dst-port=80 action=accept comment="" disabled=no/ip firewall filter add chain=forward src-address=192.168.1.1 protocol=tcp dst-port=80 action=drop comment="" disabled=no
dst-address=98.126.147.250允许访问网站IP
请教:以上为固定IP 只能访问固定的网站。现在有些网站限制了ip登录,只能用域名,ROS下如何设置内网固定IP访问指定的域名
补充内容 (2012-8-17 17:00):
/ip firewall filter
add action=add-dst-to-address-list address-list=e-learning \
address-list-timeout=30m5s chain=forward comment="e-learning " content=\
网址 disabled=no
add action=accept chain=forward comment=e-learning disabled=no \
dst-address-list=e-learning dst-port=80 protocol=tcp src-address=\
192.168.0.0/16
add action=drop chain=forward comment=\
"\BD\FB\D6\B9QQ\C5\C5\C1\D0\CB\B3\D0\F2\B2\BB\C4\DC\B1\E4" disabled=no \
dst-port=8000 protocol=udp src-address=192.168.0.0/16 src-port=4000-4009
add action=drop chain=forward comment="" disabled=no layer7-protocol=QQ \
src-address=192.168.0.0/16
add action=drop chain=forward comment="" disabled=no layer7-protocol=QQ2011 \
src-address=192.168.0.0/16
add action=drop chain=forward comment="" disabled=no layer7-protocol=qqfarm \
src-address=192.168.0.0/16
add action=drop chain=forward comment="" disabled=no layer7-protocol=webQQ \
src-address=192.168.0.0/16
add action=add-dst-to-address-list address-list=gooddoctor \
address-list-timeout=30m5s chain=forward comment=\
"\D3\CA\BC\FE\B5\D8\D6\" content=网址 disabled=no
add action=accept chain=forward comment=\
"\D6\BB\C4\DC\D3\CA\BC\FE\D3\C3\BB\A7" disabled=no dst-address-list=\
gooddoctor dst-port=80 protocol=tcp src-address=192.168.0.0/16
add action=drop chain=forward comment="" disabled=no protocol=tcp \
src-address=192.168.0.0/16
要求:LAN用户只能登录指定的网站(该网站限制IP登录只能用域名方式) ,查阅相关资料后用此方法应该可行,同时限制QQ登录 求助高手求助高手 域名也是有IP的。限制用IP登陆也可以允许网站所在IP。。或网站所在IP群 /ip firewall filter
add action=add-dst-to-address-list address-list=e-learning \
address-list-timeout=30m5s chain=forward comment="e-learning " content=\
网址 disabled=no
add action=accept chain=forward comment=e-learning disabled=no \
dst-address-list=e-learning dst-port=80 protocol=tcp src-address=\
192.168.0.0/16
add action=drop chain=forward comment=\
"\BD\FB\D6\B9QQ\C5\C5\C1\D0\CB\B3\D0\F2\B2\BB\C4\DC\B1\E4" disabled=no \
dst-port=8000 protocol=udp src-address=192.168.0.0/16 src-port=4000-4009
add action=drop chain=forward comment="" disabled=no layer7-protocol=QQ \
src-address=192.168.0.0/16
add action=drop chain=forward comment="" disabled=no layer7-protocol=QQ2011 \
src-address=192.168.0.0/16
add action=drop chain=forward comment="" disabled=no layer7-protocol=qqfarm \
src-address=192.168.0.0/16
add action=drop chain=forward comment="" disabled=no layer7-protocol=webQQ \
src-address=192.168.0.0/16
add action=add-dst-to-address-list address-list=gooddoctor \
address-list-timeout=30m5s chain=forward comment=\
"\D3\CA\BC\FE\B5\D8\D6\" content=网址 disabled=no
add action=accept chain=forward comment=\
"\D6\BB\C4\DC\D3\CA\BC\FE\D3\C3\BB\A7" disabled=no dst-address-list=\
gooddoctor dst-port=80 protocol=tcp src-address=192.168.0.0/16
add action=drop chain=forward comment="" disabled=no protocol=tcp \
src-address=192.168.0.0/16
要求:LAN用户只能登录指定的网站(该网站限制IP登录只能用域名方式) ,查阅相关资料后用此方法应该可行,同时限制QQ登录 本帖最后由 huangfen 于 2012-8-17 17:17 编辑
看不懂这玩意。用window2003起个DNS服务吧。有那么难么?
如果实在没有资源,那就虚拟机跑。 不要以为ROS,可以解决一切。专业的事,交给专业的东西去干。
如图:新建的计费域名:
ping域名,可以解析:
radius设置:
我这里起了DNS的HA群集
HA的网络设置:
上面,没看清你的要求,理解错了。
这样的话,就做个ACL吧。permit ip source 你允许的固定IP地止dest ip 你允许访问的IP地址,deny all。
你查一下在ROS下,怎么实现吧。这是华为中的命令。。。 谢谢 你的指导我试一下
页:
[1]