紧急求救，ros和港湾m262能否互联，付费等！

zhuzhj

我的网吧使用ros2.9.7版本，电信上网，有一个单位使用港湾路由器m262,

同时连接电信和网通，我想通过m262上网通，不知道ROS和m262能不能相通！

付费求解！

[ 本帖最后由 zhuzhj 于 2007-9-11 23:45 编辑 ]

zhuzhj

请回答，我的qq:79286929

txwwy

L2TP路由器做LNS的配置。
m242_dygs# sho run

! Current configuration:
!
hostname m242_dygs
enable password 0 dygs110
!
access-list 1 permit any
access-list 110 deny tcp any any eq 4444
access-list 110 deny tcp any any eq 135
access-list 110 deny udp any any eq 135
access-list 110 deny tcp any any eq 139
access-list 110 deny udp any any eq 139
access-list 110 deny tcp any any eq 445
access-list 110 deny udp any any eq 445
access-list 110 deny tcp any any eq 593
access-list 110 deny udp any any eq 593
access-list 110 deny udp any any eq 1434
access-list 110 deny udp any any eq 137
access-list 110 deny udp any any eq 138
access-list 110 deny tcp any any eq 138
access-list 110 deny tcp any any eq 128
access-list 110 deny udp any any eq 128
access-list 110 deny tcp any any eq 136
access-list 110 deny tcp any any eq 11831
access-list 110 deny tcp any any eq 29559
access-list 110 deny tcp any any eq 1033
access-list 110 deny tcp any any eq 2001
access-list 110 deny tcp any any eq 4590
access-list 110 deny tcp any any eq 4950
access-list 110 deny tcp any any eq 65000
access-list 110 deny tcp any any eq 5554
access-list 110 deny tcp any any eq 9996
access-list 110 permit ip any any
ip inspect on
ip inspect per-host-flows 150
ipsec on
aaa-enable
aaa authentication ppp default local
username test10 privilege 15 password 7 @$Yr=C%^13n
username test9 privilege 15 password 7 @#l#f$O%v$'$A&wb
username test8 privilege 15 password 7 @x&u&s!DN=="O
username test7 privilege 15 password 7 @$C%N#@\-GEz
username test6 privilege 15 password 7 @5"18#b%LKU#r
username test5 privilege 15 password 7 @#r&{%|"C"O")&W!2
username test4 privilege 15 password 7 @t$G!@D#`&u%rB
username test3 privilege 15 password 7 @$gnM=p"=q!<
username test2 privilege 15 password 7 @4X&s#n$wX"C%~
username test1 privilege 15 password 7 @#hqGF&G$_"/<
username test privilege 15 password 7 @S#V&g,W&a@#~
username yb privilege 1 password 7 @[Z";%Vn%T#le
username bbbb privilege 1 password 7 @"3$G&K%jFK!N~
username wh privilege 15 password 0 wh
ip local pool bbbb 172.16.0.10 172.16.0.200
vpdn enable
service ip dhcp
!
interface eth0/0
ip address 221.237.207.145/27
ip access-group 110 in
ip access-group 110 out
ip nat outside
!
interface eth0/1
!
interface eth1/0
ip address 172.16.1.1/29
ip access-group 110 in
ip access-group 110 out
ip nat inside
!
interface serial0/0
!
interface serial0/1
!
interface async0/0
!
interface virtual-template0
ip address 172.16.0.1/24
ip nat inside
ppp authentication chap default
peer default ip address pool bbbb
!

!
!
!
no logging on
!
ip route 0.0.0.0/0 221.237.207.129
ip route 192.168.0.0/16 172.16.1.2
ip nat on
ip nat inside source list 1 interface eth0/0
ip nat inside source static tcp 192.168.0.5 80 interface eth0/0 80
ip nat inside source static tcp 192.168.0.6 8080 interface eth0/0 8080
ip nat inside source static tcp 192.168.0.6 1433 interface eth0/0 1433
ip nat inside source static tcp 192.168.0.6 1338 interface eth0/0 1338
ip nat inside source static tcp 172.16.1.2 161 interface eth0/0 161
!
line console 0
line aux 0
line vty 0
password 0 dygs110
line vty 1 4
password 7 @a6202a7e6f28d623423f97ace505fd7
line vty 5 9
!
vpdn-group 1
! Default L2TP VPDN group
accept dialin l2tp virtual-template 0
no l2tp tunnel authentication
!
!end

puding

1.在你的ROS上电信IP和Harbour的电信接口上做个tunnel，ROS上好象叫IPIP吧。
2.在ROS上将去CNC的流量通过建立的隧道连接送到Harbour。
3.在Harbour上做策略路由，匹配你网吧的源地址的将下一跳设置为CNC的接口去。

zhuzhj

不行呀，三楼的办法，我在m262上增加了，然后在ros上面不知道怎么配制，现在我按照我的理解配置了l2tp客户端，可是连他自己都ping不通.



我采用四楼的办法，增加了ipip连接，按照下面办法增加


第一、Interfaces——ip tunnel 建立ros的IPIP虚拟通道

输入本端和对端ip地址   
       
第二、IP——address，为你的B机（单线）IPIP虚拟网卡添加一个IP地址，要与上面A机（双线）的IPIP地址(192.168.2.1)在一个网段里
这里我们设置192.168.3.2

这个时候我ping不通192.168.3.1

请各位高手再帮助一下！


配置如下：

test# sh run

! Current configuration:
!
hostname test
!
access-list 1 permit 219.146.0.0/16
access-list 1 permit 222.175.0.0/19
access-list 1 permit 10.10.10.0/24
access-list 1 permit 122.7.0.0/16
access-list 1 permit 192.168.3.0/24
access-list 1 permit 192.168.28.0/24
access-list 100 deny icmp any any
access-list 100 deny tcp any any eq 4444
access-list 100 deny tcp any any eq 69
access-list 100 deny tcp any any eq 135
access-list 100 deny udp any any eq 135
access-list 100 deny tcp any any eq 139
access-list 100 deny udp any any eq 139
access-list 100 deny tcp any any eq 445
access-list 100 deny udp any any eq 445
access-list 100 deny tcp any any eq 593
access-list 100 deny udp any any eq 593
access-list 100 deny udp any any eq 1434
access-list 100 permit ip any any
access-list 101 deny ip any 219.146.0.0/16
access-list 101 permit ip any any
ip filter on
crypto isakmp key admin address 0.0.0.0/0
aaa-enable
aaa authentication ppp default local
username admin privilege 1 nopassword
ip local pool VPN-CLIENT 10.10.10.2 10.10.10.254
vpdn enable
service ip dhcp
!
interface eth0/0
ip address 219.146.219.211/30
ip nat inside
!
interface eth0/1
ip address 218.56.111.111/27
ip access-group 100 in
ip nat outside
!
interface serial0/0
!
interface serial0/1
!
interface async0/0
!
interface virtual-template0
ip address 10.10.10.1/24
ip nat inside
ppp authentication chap default
peer default ip address pool VPN-CLIENT
!
interface tunnel0
ip address 192.168.3.1/24
tunnel source 219.146.219.211
tunnel destination 222.175.11.133
!

crypto isakmp policy 1
authentication pre-share
!
!
!
!
gateway
!
no logging on
!
ip route 0.0.0.0/0 218.56.1.193
ip route 122.7.0.0/16 219.146.219.233
ip route 192.168.28.0/24 192.168.3.2
ip route 219.146.216.0/21 219.146.219.233
ip route 222.175.0.0/16 219.146.219.233
ip nat on
ip nat inside source list 1 interface eth0/1
!
vpdn-group 1
! Default L2TP VPDN group
accept dialin l2tp virtual-template 0
no l2tp tunnel authentication
!
!end

zhuzhj

按照三楼的做法已经好了！

另外在ros中一定要采用用户名加口令的方式，否则上不去！