关于防火墙该如何配置

1209665102 · 发表于 2011-5-24 22:10:58

如下图是我课程设计核心层路由器，pc1-pc5仅为测试用，R1-R4为核心层路由器，R5作为防火墙（由于模拟器是Boson NetSim只能用路由器代替防火墙），拓扑图如下：

其中R1、R2和R3配置命令大体相同，配置命令如下：
interface Serial1/0
      ip address 10.1.4.1 255.255.255.0
no ip directed-broadcast
!
interface Serial1/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/2
ip address 10.1.2.1 255.255.255.0
no ip directed-broadcast
!
interface Serial1/3
ip address 10.1.3.1 255.255.255.0
no ip directed-broadcast
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
no ip directed-broadcast
ip ospf cost 1
!
router ospf 1
network 10.1.2.0 0.0.0.255 area 0
network 10.1.3.0 0.0.0.255 area 0
      network 10.1.4.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
R1路由表：
Gateway of last resort is not set
   10.0.0.0/24 is subnetted, 7 subnets
C    10.1.4.0 is directly connected, Serial1/0
C    10.1.2.0 is directly connected, Serial1/2
C    10.1.3.0 is directly connected, Serial1/3
O    10.2.3.0 [110/64] via 10.2.3.1, 00:35:00, Serial1/2
O    10.2.4.0 [110/64] via 10.2.4.1, 00:35:00, Serial1/2
O    10.4.5.0 [110/64] via 10.1.4.2, 00:35:00, Serial1/0
O    10.3.4.0 [110/64] via 10.3.4.2, 00:35:00, Serial1/0
C 192.168.1.0 is directly connected, FastEthernet0/0
O 192.168.2.0 [110/64] via 192.168.2.1, 00:35:00, Serial1/2
O 192.168.4.0 [110/64] via 192.168.4.1, 00:35:00, Serial1/0
O 192.168.3.0 [110/64] via 192.168.3.1, 00:35:00, Serial1/3
R1邻居表：
R1#sho cdp n
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S -Switch, H - Host, i - IGMP, r - Repeater
Device ID       Local Intrfce    Holdtme Capability  Platform  Port ID
R2                Ser1/2       174       R       4500    Ser 1/1
R3                Ser1/3       174       R       4500    Ser 1/1
R4                Ser1/0       174       R       4500    Ser 1/1
R2路由表：
Gateway of last resort is not set
   10.0.0.0/24 is subnetted, 7 subnets
C    10.2.4.0 is directly connected, Serial1/0
C    10.1.2.0 is directly connected, Serial1/1
C    10.2.3.0 is directly connected, Serial1/3
O    10.4.5.0 [110/192] via 10.1.2.1, 00:36:55, Serial1/1
O    10.1.4.0 [110/192] via 10.1.2.1, 00:36:55, Serial1/1
O    10.3.4.0 [110/64] via 10.3.4.2, 00:36:55, Serial1/0
O    10.1.3.0 [110/64] via 10.2.3.2, 00:36:55, Serial1/3
C 192.168.2.0 is directly connected, FastEthernet0/0
O 192.168.4.0 [110/64] via 192.168.4.1, 00:36:55, Serial1/0
O 192.168.3.0 [110/64] via 192.168.3.1, 00:36:55, Serial1/3
O 192.168.1.0 [110/64] via 192.168.1.1, 00:36:35, Serial1/1
R2邻居表：
R2#sho cdp n
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S -Switch, H - Host, i - IGMP, r - Repeater
Device ID       Local Intrfce    Holdtme Capability  Platform  Port ID
R1                Ser1/1       161       R       4500    Ser 1/2
R3                Ser1/3       161       R       4500    Ser 1/2
R4                Ser1/0       161       R       4500    Ser 1/2
R3路由表：
Gateway of last resort is not set
   10.0.0.0/24 is subnetted, 7 subnets
C    10.3.4.0 is directly connected, Serial1/0
C    10.1.3.0 is directly connected, Serial1/1
C    10.2.3.0 is directly connected, Serial1/2
O    10.4.5.0 [110/192] via 10.1.3.1, 00:37:45, Serial1/1
O    10.1.4.0 [110/192] via 10.1.3.1, 00:37:45, Serial1/1
O    10.2.4.0 [110/320] via 10.1.3.1, 00:37:45, Serial1/1
O    10.1.2.0 [110/64] via 10.1.3.1, 00:37:35, Serial1/1
C 192.168.3.0 is directly connected, FastEthernet0/0
O 192.168.4.0 [110/64] via 192.168.4.1, 00:37:45, Serial1/0
O 192.168.1.0 [110/64] via 192.168.1.1, 00:37:35, Serial1/1
O 192.168.2.0 [110/64] via 192.168.2.1, 00:37:35, Serial1/2
R3邻居表：
R3#sho cdp n
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S -Switch, H - Host, i - IGMP, r - Repeater
Device ID       Local Intrfce    Holdtme Capability  Platform  Port ID
R1                Ser1/1       171       R       4500    Ser 1/3
R2                Ser1/2       171       R       4500    Ser 1/3
R4                Ser1/0       171       R       4500    Ser 1/3
R4配置命令：
interface Serial1/0
      ip address 10.4.5.1 255.255.255.0
no ip directed-broadcast
!
interface Serial1/1
ip address 10.1.4.2 255.255.255.0
no ip directed-broadcast
!
interface Serial1/2
ip address 10.2.4.2 255.255.255.0
no ip directed-broadcast
!
interface Serial1/3
ip address 10.3.4.2 255.255.255.0
no ip directed-broadcast
!
interface FastEthernet0/0
ip address 192.168.4.1 255.255.255.0
no ip directed-broadcast
ip ospf cost 1
!
router ospf 1
network 10.1.4.0 0.0.0.255 area 0
network 10.2.4.0 0.0.0.255 area 0
network 10.3.4.0 0.0.0.255 area 0
      network 10.4.5.0 0.0.0.255 area 0
network 192.168.4.0 0.0.0.255 area 0
R4路由表：
Gateway of last resort is not set
   10.0.0.0/24 is subnetted, 7 subnets
C    10.4.5.0 is directly connected, Serial1/0
C    10.1.4.0 is directly connected, Serial1/1
C    10.2.4.0 is directly connected, Serial1/2
C    10.3.4.0 is directly connected, Serial1/3
O    10.1.2.0 [110/64] via 10.1.2.1, 00:38:28, Serial1/1
O    10.1.3.0 [110/64] via 10.1.3.1, 00:38:28, Serial1/1
O    10.2.3.0 [110/64] via 10.2.3.1, 00:38:28, Serial1/2
C 192.168.4.0 is directly connected, FastEthernet0/0
O 192.168.5.0 [110/64] via 192.168.5.1, 00:39:38, Serial1/0
O 192.168.1.0 [110/64] via 192.168.1.1, 00:38:28, Serial1/1
O 192.168.2.0 [110/64] via 192.168.2.1, 00:38:28, Serial1/2
O 192.168.3.0 [110/64] via 192.168.3.1, 00:31:07, Serial1/3
R4邻居：
R4#sho cdp n
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S -Switch, H - Host, i - IGMP, r - Repeater
Device ID       Local Intrfce    Holdtme Capability  Platform  Port ID
R1                Ser1/1       169       R       4500    Ser 1/0
R5                Ser1/0       169       R       4500    Ser 1/0
R2                Ser1/2       169       R       4500    Ser 1/0
R3                Ser1/3       169       R       4500    Ser 1/0

R5我想作为防火墙该如何设置呢？采用什么协议？我现在是如下配置的
R5配置命令：
interface Serial1/0
      ip address 10.4.5.2 255.255.255.0
no ip directed-broadcast
!
interface Serial1/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/2
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/3
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet0/0
ip address 192.168.5.1 255.255.255.0
no ip directed-broadcast
ip ospf cost 1
!
router ospf 1
      network 10.4.5.0 0.0.0.255 area 0
network 192.168.5.0 0.0.0.255 area 0
！
R5路由表：
Gateway of last resort is not set
   10.0.0.0/24 is subnetted, 4 subnets
C    10.4.5.0 is directly connected, Serial1/0
O    10.1.4.0 [110/64] via 10.1.4.2, 00:41:18, Serial1/0
O    10.2.4.0 [110/64] via 10.2.4.2, 00:41:18, Serial1/0
O    10.3.4.0 [110/192] via 10.4.5.1, 00:41:18, Serial1/0
C 192.168.5.0 is directly connected, FastEthernet0/0
O 192.168.4.0 [110/64] via 192.168.4.1, 00:41:18, Serial1/0
R5邻居表：
R5#sho cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S -Switch, H - Host, i - IGMP, r - Repeater
Device ID       Local Intrfce    Holdtme Capability  Platform  Port ID
R4                Ser1/0       169       R       4500    Ser 1/0

我这么配置发现问题是，192.168.0.0 网段所有pc都不能访问 pc5  192.168.5.2 ，我应该怎么配置防火墙（R5）？
作为核心层这样配置路由器可以么？麻烦各位啦！

王晓强 · 发表于 2011-5-24 22:46:59

描述问题，本身也是一种很重要的呈现～
不然别人不容易帮到你～
也容易浪费别人的时间～
提升看贴子的效率～
从别人看的角度来发问～
看到模拟器是Boson NetSim，建议使用GNS3来模拟，防止出现不可预知的bug。
关于GNS3如何使用的视频，论坛里很多，可以找下。

1209665102 · 发表于 2011-5-24 22:50:08

回复 2 # andersen 的帖子

哦谢谢我知道了我会改正的

王晓强 · 发表于 2011-5-24 23:02:41

回复 3 # 1209665102 的帖子

我现在有在线，你把问题描述清楚些，我给你解答下。
and，防火墙可以使用GNS3来模拟，或者使用Vmware来模拟。

duozhi · 发表于 2011-5-25 03:20:31

很全面的分析啊~

亮晶晶 · 发表于 2011-5-25 10:59:13

虽然技术我不大懂，但是一定要顶。

账号		自动登录	找回密码
密码			立即注册

[讨论/求助] 关于防火墙该如何配置

本帖子中包含更多资源