Commit 57b7ae6f authored by Theo Maillart's avatar Theo Maillart

Filtering & NAT & PAT

parent caa9e60c
......@@ -43,14 +43,59 @@ exit
write memory
# filtering
access-list 101 permit tcp any host 10.0.81.1 eq 22
## allow icmp/http/ssh/ftp to outside
access-list 101 permit icmp 10.0.83.0 0.0.0.255 any echo
access-list 102 permit tcp any any eq 80
access-list 103 permit tcp any any eq 22
access-list 104 permit tcp any any eq 21
access-list 105 deny ip any any log
access-list 106 permit tcp any any established
access-list 107 permit udp any any established
access-list 108 permit icmp any any echo-reply
int vlan 83
ip access-group 101 out
ip access-group 102 out
ip access-group 103 out
ip access-group 104 out
ip access-group 105 out
ip access-group 106 in
ip access-group 107 in
ip access-group 108 in
ip access-group 105 in
## ACL for vlan_pers
access-list 111 permit icmp 10.0.83.0 0.0.0.255 10.0.82.0 0.0.0.255 echo
access-list 112 permit tcp any 10.0.82.3 0.0.0.255 eq 80
access-list 113 permit tcp any 10.0.82.3 0.0.0.255 eq 22
access-list 114 permit tcp any 10.0.82.3 0.0.0.255 eq 21
access-list 116 permit tcp any any established
access-list 117 permit udp any any established
access-list 118 permit icmp any any echo-reply
int vlan 82
ip access-group 101 in
ip access-group 111 in
ip access-group 112 in
ip access-group 113 in
ip access-group 114 in
ip access-group 105 in
ip access-group 116 out
ip access-group 117 out
ip access-group 118 out
ip access-group 105 out
# NAT inside = priv outside =target
interface vlan 85
interface vlan 83
ip nat inside
interface vlan 86
interface vlan 82
ip nat outside
ip nat pool ovrld 10.0.16.1 10.0.16.1 prefix 24
ip nat inside source list 9 pool ovrld overloadaccess-list 9 permit 10.0.15.0 0.0.0.255
ip nat pool ovrld 10.0.82.1 10.0.82.1 prefix 24
ip nat inside source list 9 pool ovrld overload
access-list 9 permit 10.0.83.0 0.0.0.255
# PAT
ip nat inside source static tcp 10.0.83.1 3128 10.0.82.3 80
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment