一个常规的网络,几种路由器的设置对比,网络模型如下:

   160406150.gif



局域网内几个客户端和一台服务器地址为80,对应的网段为192.168.0.*,路由在局域网中地址为192.168.0.254,网关为110.110.110.100,DNS为202.96.134.133,202.96.128.86,下面分别用ros、juniper、cisco作相应配置。


ros的配置:

1确认内外网网口正常,作相应标识为lan和wan;

2配置lan口ip为192.168.0.254,配置wan口ip为110.110.110.100;

3配置默认路由0.0.0.0/0 gateway wan;

4配置dns地址202.96.134.133 202.96.128.86;

5做nat转换;srcnat masquarde;

6做端口映射:dstnat 110.110.110.100:80 dstnat 192.168.0.80:80;


juniper的配置:

1设置内网口:trust ip 192.168.0.254;设置外网口:untrust ip 110.110.110.100;

2设置缺省路由:0.0.0.0/0 gateway wan interface ip 110.110.110.100;

3做策略:trust ---- untrust police: source any port any des any port any permit;

4端口映射:vip:wan ip:110.110.110.100 map: vip 110.110.110.100:80 mapip 192.168.0.80:80

police:src any dst wan interface permit


cisco的配置:

内网假定f0/0;外网假定f0/1;

1配置内网地址f0/0 ip 192.168.0.254;配置外网地址f0/1 ip 110.110.110.100;

2配置默认路由 ip route 0.0.0.0 0.0.0.0 f0/1

3配置dns地址:ip name-server 202.96.134.133 202.96.128.86;

4做nat转换和端口映射: f0/0 ip nat inside f0/1 ip nat outside;access-list 1 permit any;

ip nat inside source list 1 interface f0/1 over

ip nat inside source tcp 192.168.0.80 80 110.110.110.10 80

经过对比以上配置思路大体相同。