您好,登錄后才能下訂單哦!
三臺主機(jī),一臺路由器
win10 -1 :綁定VMnet1網(wǎng)卡
win10-2:綁定VMnet2網(wǎng)卡
linux:綁定VMnet8網(wǎng)卡作為測試
f0/0:192.168.1.1/24
f1/0:192.168.2.1/24
f10/1:192.168.100.1/242.配置linux服務(wù)器,安裝兩個服務(wù)VSFTPD,HTTPD
[root@localhost ~]# yum install vsftpd -y
已加載插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* extras: mirrors.cn99.com
* updates: mirrors.cn99.com
正在解決依賴關(guān)系
--> 正在檢查事務(wù)
---> 軟件包 vsftpd.x86_64.0.3.0.2-25.el7 將被 安裝
--> 解決依賴關(guān)系完成
[root@localhost ~]# yum install httpd -y
已加載插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* extras: mirrors.cn99.com
* updates: mirrors.cn99.com
正在解決依賴關(guān)系
--> 正在檢查事務(wù)
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=849aa04e-1874-490f-8cb0-b2fde4b9a6f8
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.100
NETMASK=255.255.255.0
GATEWAY=192.168.100.1
[root@localhost ~]# systemctl restart network
重啟linux服務(wù)器
R1#conf t
R1(config)#int f0/0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#int f0/1
R1(config-if)#ip add 192.168.100.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#int f1/0
R1(config-if)#ip add 192.168.2.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#ex
R1(config)#do show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.1.0/24 is directly connected, FastEthernet0/0
C 192.168.2.0/24 is directly connected, FastEthernet1/0
C 192.168.100.0/24 is directly connected, FastEthernet0/1
C:\Users\CHEN>ping 192.168.1.2
正在 Ping 192.168.1.2 具有 32 字節(jié)的數(shù)據(jù):
來自 192.168.1.2 的回復(fù): 字節(jié)=32 時間=19ms TTL=127
來自 192.168.1.2 的回復(fù): 字節(jié)=32 時間=18ms TTL=127
來自 192.168.1.2 的回復(fù): 字節(jié)=32 時間=14ms TTL=127
來自 192.168.1.2 的回復(fù): 字節(jié)=32 時間=15ms TTL=127
root@localhost chen]# systemctl stop firewalld.service
root@localhost chen]# setenforce 0
[root@localhost chen]# cd /var/www/html
[root@localhost html]# vim index.html
<h2>this is test web</h2>
[root@localhost html]# ls
index.html
[root@localhost html]# systemctl start httpd
[root@localhost html]# systemctl start vsftpd
[root@localhost html]# cd /var/ftp
[root@localhost ftp]# ls
pub
[root@localhost ftp]# echo "this is ftp" > ftp.txt
[root@localhost ftp]# ls
ftp.txt pub
[root@localhost html]# netstat -nuap | egrep '(21|80)'
udp 0 0 192.168.122.1:53 0.0.0.0:* 1380/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 1380/dnsmasq
R1#conf t
R1(config)#access-list 100 permit tcp host 192.168.1.2 host 192.168.100.100 eq www
//擴(kuò)展的序列號100-199,允許tcp協(xié)議,固定地址192.168.1.2去訪問
192.168.100.100 后面跟端口號80也可以是名字
R1(config)#do show access-list //查看訪問控制列表
Extended IP access list 100
10 permit tcp host 192.168.1.2 host 192.168.100.100 eq www
R1(config)#access-list 100 deny ip host 192.168.1.2 host 192.168.100.100
R1(config)#do show access-list
Extended IP access list 100
10 permit tcp host 192.168.1.2 host 192.168.100.100 eq www
20 deny ip host 192.168.1.2 host 192.168.100.100
R1(config)#access-list 100 permit ip host 192.168.1.2 192.168.2.0 0.0.0.255
R1(config)#do show access-list
Extended IP access list 100
10 permit tcp host 192.168.1.2 host 192.168.100.100 eq www
20 deny ip host 192.168.1.2 host 192.168.100.100
30 permit ip host 192.168.1.2 192.168.2.0 0.0.0.255
R1(config-if)#ip access-group 100 in //應(yīng)用在接口,離限制方最近的端口,是入口方向。
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報,并提供相關(guān)證據(jù),一經(jīng)查實,將立刻刪除涉嫌侵權(quán)內(nèi)容。