双线网络发布服务器以及客户端上网介绍

2024.04.19

    实验要求：
    1、公司想将自己的服务器双线发布出去。
    2、员工可以访问电信和网通的WEB服务器。
    配置思路：
    1、事先指明公司和电信网通路由器的NAT的内部和外部端口。配置NAT路由器的默认路由。
    2、实现公网网络互通。
    3、公司配置：
    配置访问控制列表
    access-list 100 permit ip any 电信非直连网段 (允许电信网段)
    access-list100 deny ip any 电信非直连网段 (拒绝电信网段)
    access-list 100 permit ip any any (允许所有网段通信)
    配置PAT ip nat inside source list 100 电信wan口 overload
    ipnat inside source list 101 网通wan口 overload
    发布网站 ip nat inside source static tcp 服务器私网地址 80 电信公网地址 80
    ip nat inside source static tcp 服务器私网地址 80 网通公网地址 80
    4.电信和网通配置
    配置访问列表 access-list 1 permit公司内网网段
    配置PAT ip nat inside sourcelist 1 interface FastEthernet0/0 overload
    发布网站 ip nat inside source statictcp 192.168.5.3 80 192.168.4.100 80
    实验配置如下：
    router0：(公司路由器)
    interfaceFastEthernet0/0
    ip address 192.168.3.1 255.255.255.0
    ip nat outside
    duplex auto
    speed auto
    !
    interfaceFastEthernet0/1
    ip address 192.168.6.1 255.255.255.0
    ip nat outside
    duplex auto
    speed auto
    !
    interfaceFastEthernet1/0
    ip address 192.168.1.1 255.255.255.0
    ip nat inside
    duplex auto
    speed auto
    !
    interfaceFastEthernet1/1
    ip address 192.168.2.1 255.255.255.0
    ip nat inside
    duplex auto
    speed auto
    !
    interfaceVlan1
    no ip address
    shutdown
    !
    ipnat inside source list 100 interface FastEthernet0/0 overload
    ipnat inside source list 101 interface FastEthernet0/1 overload
    ipnat inside source static tcp 192.168.2.3 80 192.168.3.101 80
    ipnat inside source static tcp 192.168.2.2 80 192.168.3.100 80
    ipnat inside source static tcp 192.168.2.3 80 192.168.6.101 80
    ipnat inside source static tcp 192.168.2.2 80 192.168.6.100 80
    ipclassless
    iproute 192.168.4.0 255.255.255.0 FastEthernet0/0
    iproute 192.168.7.0 255.255.255.0 FastEthernet0/1
    !
    !
    access-list100 permit ip any 192.168.4.0 0.0.0.255
    access-list101 deny ip any 192.168.4.0 0.0.0.255
    access-list101 permit ip any any
    router1:(公网路由器)
    interfaceFastEthernet0/0
    ip address 192.168.3.2 255.255.255.0
    duplex auto
    speed auto
    !
    interfaceFastEthernet0/1
    ip address 192.168.4.1 255.255.255.0
    duplex auto
    speed auto
    router2:(公网路由器)
    interface FastEthernet0/0
    ip address192.168.6.2 255.255.255.0
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    ip address192.168.7.1 255.255.255.0
    duplex auto
    speed auto
    router3:(电信路由器)
    interface FastEthernet0/0
    ipaddress 192.168.4.2 255.255.255.0
    ip natoutside
    duplexauto
    speedauto
    !
    interface FastEthernet0/1
    ipaddress 192.168.5.1 255.255.255.0
    ip natinside
    duplexauto
    speedauto
    !
    interface Vlan1
    no ipaddress
    shutdown
    !
    ip nat inside source list 1 interfaceFastEthernet0/0 overload
    ip nat inside source static tcp 192.168.5.380 192.168.4.100 80
    ip classless
    ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
    !
    !
    access-list 1 permit 192.168.5.0 0.0.0.255
    !
    !
    router4:(网通路由器)
    interface FastEthernet0/0
    ipaddress 192.168.7.2 255.255.255.0
    ip natoutside
    duplexauto
    speedauto
    !
    interface FastEthernet0/1
    ipaddress 192.168.8.1 255.255.255.0
    ip natinside
    duplexauto
    speedauto
    !
    interface Vlan1
    no ipaddress
    shutdown
    !
    ip nat inside source list 1 interfaceFastEthernet0/0 overload
    ip nat inside source static tcp 192.168.8.380 192.168.7.100 80
    ip classless
    ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
    !
    !
    access-list 1 permit 192.168.8.0 0.0.0.255
    !
    !