防火墙配置2实验报告

实验名称防火墙配置2班级:计科计科计科11-111-211-2学号111010103011101010391110101055实验人员（班级、学号、姓名）一.实验内容和要求外网只能访问内网中主机的服务

1.

3.0O1telnet外网只能通内网中主机

2.ping

3.

0.

0.2内网能访问外网中任意主机的服务

3.telnet内网能通外网任意主机

4.ping二.实验设备

1.基本设备（设备类型、数量）台计算机，台交换机，台路由器

2222.设备配置参数（地址、子网掩码、默认网关等）IP三个网段的网络地址分别为、、掩码均为

1.

0.

0.

02.

0.

0.

03.

0.

0.0,

255.

0.

0.0的接口地址分别为、R

21.

0.

0.

2542.

0.

0.1的接口地址分另为、R3U

2.

0.

0.

23.

0.

0.254外网主机地址为L

0.

0.1内网主机地址为

3.

0013.网络结构（画图表示）j20012002一，口］J17•W L._/EO1/300254///，/////、服务；Qcfaid I5001i i/////—c上］内、EO O/1J1002ME00100254//2002Mr■务tdnt外10011Gell・服务服tdnd务20011001三.实验原理、过程及结果.实验原理1防火墙技术实质是报文过滤技术,就是根据一定的规则决定某些报文报文可以通过，而某些报文不可以通过配置地址、路由，开启服务（略）

1.IP telnet

2.测试网络访问情况Pingtelnet（内外网能互访）开启防火墙

3.R3firewall enablefirewalldefault deny

4.为R3配置高级ACLacl number3000match-order autorule1permit tcpdestination

3.

0.

0.10destination-port eptelnetrule2permit tcpsource

3.

0.

0.10source-port eptelnetrule3permit icmpdestination

3.

0.

0.20icmp-type echorule4permit icmpsource

3.

0.

0.20icmp-type echo-replyrule5permit tcpsource

3.

0.

0.

00.

255.

255.255destination-port eptelnetrule6permit tcpdestination

3.

0.

0.

00.

255.

255.255source-port eptelnetrule7permit icmpsource

3.

0.

0.

00.

255.

255.255icmp-type echorule8permit icmpdestination

3.

0.

0.

00.

255.

255.255icmp-type echo-reply将ACL应用于R3的串行接口

5.interface serial3/0firewall packet-filter3000inboudfirewall packet-filter3000outboud

6.再次测试网络访问情况.过程2Ping telnet（受限访问）结果

4.TftlnatIS.Proto FECost NnxtHnpIntnrf

3.

0.

0.0/0Direct0e

3.

0.

6.254Eth0/

13.

0.

0.254/32Direct FlR

127.R.A.1InLonfriA

127.M.W.M/H DirectH M

127.M.L

1.1InLoopll

127.

0.

0.1/32Direct0e

12.e.

0.i InLoop^IH21彳Apr22eG1210K82014R2IFNITz-VUrDOMNiProtocol PPPfPCP orethvinterface SeriAll/flic UP1H2Idipl«iyip ruutin|-i:ahIeRoutingtables PublicDoctinationv-8Boutec28Destin-Ation/tUsk ProtoPre CostNextHop interface

1.M.M.N/K StaLicAHM

2.M.N.181/M

2.

0.

0.0/8Direct

002.

0.

8.2$i/e

2.

0.

0.1/32Direct0g

2.B.

0.1sizeZ.M.W.2/32Direct M M1Z

7.B.B.

13.

0.

0.0/9Direct0e

3.

0.e.2S4Eth0/

13.

0.

0.254/32Direct

00127.

0.

0.1InLoopO

127.H.W.M/R DUMM

127.R.H.11IILUII|4i

127.

0.

0.1/32Direct日

012.

0.

13.1InLoopHIH2122UG lSMl Se22014H2DRUMSG/l/DHUIUC Ether«ietU/*B changeitacuttod bun而「22mU1S N642M14H2DRUNRG^I/DHUrtSG EUIKEZUI/1d”*twl.aixtn«1n unpApr220G150G5C52014R2IFWT/4^tirD0WW!Linnpriiliicii1IMIl.miI.HFFHCMFHIHHviMtR/dixDOMN22Ub lSbl S*/V2b14H2DH»niG/l/DHUmG EtheroctU/l:change公tdtu公to uP^|ir225792c14R21FNTT/4Z1IPD0WH Lineprotocolon theInterfacefcthci*netld/lIs UFP2]f ipeuallenable□z___________________________________________________________________________一一H3C_Eth»rfietA/0JMC Ethernet0/0JquitH3Clcy5r»0fw»B2IH2lifiterFac«:21/11R2Serill/^Jipaddress

2.

0.

0.22SS.

0.

0.0卜Errors TheIPAddrescyouinnterod ov«rla^withanother interfacet

2.

0.

0.

2255.

0.

8.❷R2linterlace e0/0P2-Ethern«t0/0hrndo ip4iddrnc€1M2-El.hKriHit.M/M1Lftpr2206®91S$72014R21PNII/WPD0WI Lineprotocolon theinterface Ethernet/0isDOMH1H2—Ef.lwsriiMl.W/HIqtiitJI2interfacesi/®R2-Seriall/9]ipaddrecc

2.

0.

8.

2255.

0.

0.01H2-M.•-i.«11/W1inK.Mi-f.«i:1:MBH2-/1Ethernct0/1Jlp address

3.tf.

0.2S4AZ Iiia:tnt|ilHl.MciivmanilFtitmil Hl.八■|aix i ta«iai.B2-EthernctH/l Jip0ddres

3.tJ.

8.2G

4299.

0.

0.0卜Umin®Addrocc】raady exi«tsfIH2-Fl-hwriiH I.R/1Iqn iLR2Jdi^play iprout infy-colle Houtir9Tablets PublicDKX

1.in»«l ativix•4RIIIILMX•4DesCination/Hash ProtoPre CostNoxtHop Interfacea.M.tf.lt/li DirectM U

3.U.H.2S4EthM/i

3.

0.

0.254/32Dir«ct

00127.

0.

0.1lnLoop

6127.A.A.n/H DimctR R

127.A.R.1ln1ni4«RI

27.M.tf.i/32Direct WU

127.M.M.1inLooptfIH2lip ic

1.R.R.R2S

5.

0.R.

02.R.R.1I HZJdiplav iprout iniy-table RoutineIAblesPublicDnctirai9t ion94Rcutci%4Descination/Hask ProtoPre CostNextHop Interface

3.M.M.M/K DirectMM

3.tt.N.2!4EthM/i

3.

0.

0.2S4/32Direct

00127.

6.

0.1InLoop^

127.R.A.0/8Direct0G

127.

6.

0.1InLoopA

127.U.K.1/32DirectM M

127.H.U.1InLoopHB2zll|ir22M6l2iM1feX2M1-1H21FNFT/4zUPD0K»1:Protocol PPPIPCP ontheinceWaceSeTall/Qis UPB2Idicplayip routing-t-abloHuiatiiiji TAblA2；Ptibl ieDestinClons8Routes8DMMC iaiaetiiMi/V14«k FrtituPE CUHLNUMI.HU|I

1.

0.

0.0Z8Static

6002.

0.

0.1Sl/0Z.M.M.N/R DirwctMH

2.H.H.2si/n

2.

0.

0.1/32Direct

002.

0.

0.1$1/

0.

0.

0.2/32Direct0e

127.

0.B.1JTwInHlIfia.n.fi kiet-acl adv-2Wldlrule1pernittcp destination

3.

8.

0.18destin-ation porteptelAXUrtMiu pttruakxtttrfuumt at|Ma ititin.[R2-«cl adv-3000Irule1pernittcp deatInacion

3.

0.

6.18destinAtion portepte]notxUrong parameterfoundat position.[H2-«cl_aclv_38001rule1pernit tcpdoctinntion

3.

8.

0.10destin-ation porteqto■IML[A2-Cl-«dv-3MUJruLe2pernit J12tcp3oui*ce

3.

8.

0.08source-port eqtelnet icnpdestination

3.

6.

0.2❷icnpt^ipoecho U:t«|i x«iairi H

3.acl adv-3W0rule3pemit IR2-ai:1—IniM.M.2H ii:••»xiHin M-|iiirt.HI|tep source

3.

0.

0.0IM4|»t IM«it2-ac l-adv-3tW«Jrule2I.M llIHl

8.25G.2G aource-port eqpernitcelnelX Urnii^jjuamticr fiiiaiail“t.,JHIX itiam.LR2-acl-Adv-3t«U1eq Celnetv3M0]rule4pemit icnpcource

3.

0.

0.20icnp typeechoreplyon porFrrnrJslM1i tr^ii IK,MFIHII fiHLch^HrilneixHIILIIlK2-acl-adv-3lMU Jrule2pci*nlttep aouree

3.tf.U.U*.

255.2，aource-po^t e«telnci[R2acl adv3MO[1-3RAAIm1H7|HiI i:ra|i K«iair«K

3.A.H.A

0.

255.

255.2SSiLy|iM Mnhi*1ho-rcplyv-JIfliMJruleH pcmlticnpdestination

3.H.ld.klU.ZSb.2SS.2SSienp-typeR2ACI闻3MO1-4IIW-3RAA1int.mrf»•!•«xwri«11/RIK2-Kcrlall/llJiircuallpacliet-Fliter3IML1luboudXllsEcsgsizorl cnwumtlFcaiml,八pnv itiin.LR2-lcri^11ZU Jiircwallpacket-Fl Iter3IMM inboundR2Seri-all/BJIireMll packetfliter3M0outbound四.实验体会知道了静态路由的配置方法，掌握了简单防火墙的配置技术。