公告

文章

评论

留言

连接

信息

登陆

搜索

2008-8-6 16:30:44
OSPF nat


开始给R1 R2 R3 全部配了ospf, 在R2上做了pat, R1作为inside R3作为outside,

但是很快发现这样做没有意义,因为R3上有R1的全部路由,虽然在R2上网络地址做了转换,但是R1并没有被很好的隐藏起来,然后给区域1配置了完全stub区域,这仅仅是减少了stub区域内路由器减少了路由条目,起不到保护内部的作用,

最后吧R1 的ospf去掉,R1R2间改用静态路由,于是R1对于R3做到了完全应藏,而同时又可以R1ping通R3,R3不能pingR1。如果是小型公司,用这样完全可以上网,

现在卖一百多元的soho路由器实现的就是这个功能。

Router(config)#host R1

R1(config)#no ip do lo

R1(config)#ip su

R1(config)#ip subnet-zero

R1(config)#line con 0

R1(config-line)#logg syn

R1(config-line)#no exec-t

 

 

R2(config)#ip nat inside source list 1 interface s2/2 overload

R2(config)#access-list 1 permit 1.1.0.0 0.0.255.255

 

 

R2#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

 

Gateway of last resort is not set

 

     1.0.0.0/32 is subnetted, 4 subnets

O       1.1.4.4 [110/65] via 12.0.0.1, 00:00:17, Serial2/1

O       1.1.3.3 [110/65] via 12.0.0.1, 00:00:17, Serial2/1

O       1.1.2.2 [110/65] via 12.0.0.1, 00:00:17, Serial2/1

O       1.1.1.1 [110/65] via 12.0.0.1, 00:00:17, Serial2/1

     2.0.0.0/24 is subnetted, 1 subnets

C       2.2.2.0 is directly connected, Loopback0

     3.0.0.0/32 is subnetted, 1 subnets

O       3.3.3.3 [110/65] via 23.0.0.3, 00:14:56, Serial2/2

     23.0.0.0/24 is subnetted, 1 subnets

C       23.0.0.0 is directly connected, Serial2/2

     12.0.0.0/24 is subnetted, 1 subnets

C       12.0.0.0 is directly connected, Serial2/1

 

 

R1#ping 3.3.3.3 source 1.1.2.2

 

R2#

*Aug  6 15:52:11.615: NAT: s=1.1.2.2->23.0.0.2, d=3.3.3.3 [20]

*Aug  6 15:52:11.799: NAT*: s=3.3.3.3, d=23.0.0.2->1.1.2.2 [20]

*Aug  6 15:52:11.911: NAT*: s=1.1.2.2->23.0.0.2, d=3.3.3.3 [21]

*Aug  6 15:52:11.935: NAT*: s=3.3.3.3, d=23.0.0.2->1.1.2.2 [21]

*Aug  6 15:52:11.999: NAT*: s=1.1.2.2->23.0.0.2, d=3.3.3.3 [22]

*Aug  6 15:52:12.043: NAT*: s=3.3.3.3, d=23.0.0.2->1.1.2.2 [22]

*Aug  6 15:52:12.119: NAT*: s=1.1.2.2->23.0.0.2, d=3.3.3.3 [23]

*Aug  6 15:52:12.167: NAT*: s=3.3.3.3, d=23.0.0.2->1.1.2.2 [23]

*Aug  6 15:52:12.183: NAT*: s=1.1.2.2->23.0.0.2, d=3.3.3.3 [24]

*Aug  6 15:52:12.239: NAT*: s=3.3.3.3, d=23.0.0.2->1.1.2.2 [24]

 

 

R1#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

 

Gateway of last resort is not set

 

     1.0.0.0/24 is subnetted, 4 subnets

C       1.1.1.0 is directly connected, Loopback0

C       1.1.2.0 is directly connected, Loopback2

C       1.1.3.0 is directly connected, Loopback3

C       1.1.4.0 is directly connected, Loopback4

     2.0.0.0/32 is subnetted, 1 subnets

O       2.2.2.2 [110/65] via 12.0.0.2, 00:03:26, Serial2/1

     3.0.0.0/32 is subnetted, 1 subnets

O IA    3.3.3.3 [110/129] via 12.0.0.2, 00:03:26, Serial2/1

     23.0.0.0/24 is subnetted, 1 subnets

O IA    23.0.0.0 [110/128] via 12.0.0.2, 00:03:26, Serial2/1

     12.0.0.0/24 is subnetted, 1 subnets

C       12.0.0.0 is directly connected, Serial2/1

 

R3#ping 1.1.3.3

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.3.3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 36/146/212 ms

R3#

*Aug  6 15:55:10.015: ICMP: echo reply rcvd, src 23.0.0.2, dst 23.0.0.3

*Aug  6 15:55:10.215: ICMP: echo reply rcvd, src 23.0.0.2, dst 23.0.0.3

*Aug  6 15:55:10.255: ICMP: echo reply rcvd, src 23.0.0.2, dst 23.0.0.3

*Aug  6 15:55:10.471: ICMP: echo reply rcvd, src 23.0.0.2, dst 23.0.0.3

*Aug  6 15:55:10.583: ICMP: echo reply rcvd, src 23.0.0.2, dst 23.0.0.3

 

R3#telnet 12.0.0.1

Trying 12.0.0.1 ... Open

 

 

User Access Verification

 

Password:

R1>en

Password:

R1#

 

R2(config-router)#area 1 stub no-summary

 

R2(config-router)#area 1 stub no-summary

 

R1(config-router)#do show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

 

Gateway of last resort is 12.0.0.2 to network 0.0.0.0

 

     1.0.0.0/24 is subnetted, 4 subnets

C       1.1.1.0 is directly connected, Loopback0

C       1.1.2.0 is directly connected, Loopback2

C       1.1.3.0 is directly connected, Loopback3

C       1.1.4.0 is directly connected, Loopback4

     2.0.0.0/32 is subnetted, 1 subnets

O       2.2.2.2 [110/65] via 12.0.0.2, 00:00:43, Serial2/1

     12.0.0.0/24 is subnetted, 1 subnets

C       12.0.0.0 is directly connected, Serial2/1

O*IA 0.0.0.0/0 [110/65] via 12.0.0.2, 00:00:01, Serial2/1

R1(config-router)#

 

R1(config)#do show ip route                

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

 

Gateway of last resort is 12.0.0.2 to network 0.0.0.0

 

     1.0.0.0/24 is subnetted, 4 subnets

C       1.1.1.0 is directly connected, Loopback0

C       1.1.2.0 is directly connected, Loopback2

C       1.1.3.0 is directly connected, Loopback3

C       1.1.4.0 is directly connected, Loopback4

     12.0.0.0/24 is subnetted, 1 subnets

C       12.0.0.0 is directly connected, Serial2/1

S*   0.0.0.0/0 [1/0] via 12.0.0.2

 

R3#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

 

Gateway of last resort is not set

 

     2.0.0.0/32 is subnetted, 1 subnets

O IA    2.2.2.2 [110/65] via 23.0.0.2, 00:54:57, Serial2/1

     3.0.0.0/24 is subnetted, 1 subnets

C       3.3.3.0 is directly connected, Loopback0

     23.0.0.0/24 is subnetted, 1 subnets

C       23.0.0.0 is directly connected, Serial2/1

     12.0.0.0/24 is subnetted, 1 subnets

O IA    12.0.0.0 [110/128] via 23.0.0.2, 00:54:57, Serial2/1

 


阅读全文 | 回复(0) | 引用通告 | 编辑

发表评论:

    昵称:
    密码:
    主页:
    标题:
Powered by Oblog.