Http://www.ccw.com.cn Li Guoqing Zhu Jianwei network technology rapid development, more and more ways of entering the Internet share resources, most of them, DDN lines are stable and expanded Sexual advantages become universally adopted, DDN mode connection is simple in hardware, only one router, proxy server, but in the configuration of the system Network managers are a more tricky problem. The following is a Cisco router as an example. The author will introduce several successful configuration methods for peers to learn from: 1. Configuration of Internet resources directly through the router. Overall idea and equipment connection method Under normal circumstances, local area networks in units use retention address on the Internet: 10.0.0.0.0.0.0.255 172.16.0.0.0.255 17.0.0~172.31.255.255 192.168. 0.0 / 16: 192.168.0.0 ~ 192.168.255.255 In conventional circumstances, the workstation within the unit is directly used by the route external access, and is filtered out by the router due to the retention address on the Internet, resulting in unavailability Internet resources. The way to solve this problem is to use the NAT (Network Address Translation) address translation function provided by the routing operating system to convert the private address of the internal network to the legitimate address on the Internet, so that users who do not have legal IP addresses can be accessed through NAT. External Internet. The benefits of doing this are no need to be equipped with a proxy server, reduce investment, and save legitimate IP addresses, and improve the security of internal networks. NAT has two types: Single mode and Global mode. Using NAT's Single mode, just like its name, you can map numerous local LANs to an Internet address. All hosts in the LAN have been regarded as an Internet user for external Internet networks. The host in the local LAN continues to use the local address. With NAT's Global mode, the interface of the router will map a large local LAN host to a certain Internet address range (IP address pool). When the local host port is connected to the host connection on the Internet, an IP address in the IP address pool is automatically assigned to the local host. The dynamically allocated IP address of the connection interrupt will be released, and the release IP address can be subject to other local hosts. use. The following is an example of the network environment of our unit, and the configuration method and process are listed for your reference.
Our unit uses Unicom cable (V.35) to access the Internet, the router is Cisco2610, the local area network is an Intel550 100M switch, China Unicom provides us with the following four IP addresses: 211.90.137.25 (25555.255.252) for local WAN port 211.90.137.26 (255.255.255.252) for the other party (China Unicom) 2 (2555.255.252) for its own disposal 2 2. Router Configuration (1) Network Connection Schematic: Description: All workstations in the school are connected to the switch, the router also connects to the internal switch via the Ethernet switch, and the internal private address is used on the router, and the two ends of the fiber use Unicom allocation. Two valid IP addresses. In this connection method, as long as the NAT is set inside the router, all workstations inside can be accessed by all workstations. Simply set the gateway to the router's Ethernet port (192.168.0.3) on each workstation, no need It is agency and saves two valid IP addresses to freely dominate (such as establishing units of Web and E-Mail servers). But there is also a disadvantage: you cannot enjoy the Cache service provided by the proxy server to improve access speed. Therefore, this configuration scheme is suitable for units with fewer number of workstations, and two methods described later can be used for the case where the number of internal workstations within the unit is more. The router is configured as follows: (2) Configuration of the router en config T IP NAT POOL C2610 211.90.139.41 211.90.139.42 Netmask 255.255.255.252 (Define an address pool C2601, including two idle legal IP addresses for NAT Time to use) INT E0 / 0 IP Address 192.168.0.3 255.255.255.0 IP NAT INSIDE EXIT (Set the IP address of the Ethernet, and set the port to connect the internal network) Interface S0 / 0 IP Address 211.90.137.25 255.255.255.252 IP Nat Outside EXIT (Set the IP address of the WANG port, and set it to connect the external network) IP Route 0.0.0.0 0.0.0.0 211.90.137.26 (Setup Dynamic Routing) Access-List 2 permit 192.168.0.1 0.0.0.255 ( Establish an access control list)! Dynamic Nat! IP NAT INSIDE SOURCE LIST 2 POOL C2610 OVERLOAD (Establish Dynamic Address Translation) LINE Console 0 Exec-Timeout 0 0 0! Line Vty 0 4 End WR (Save the settings) 3. The configuration requirements of the workstation use the static IP address, set in the TCP / IP property, and set the network to 192.168.0.3 (router Ethernet IP address), set DNS to the address provided by the accessor, browser and other Internet tools No need for any special settings.
Second, access the Internet resource through the proxy server 1. The overall idea and device connection method uses the proxy server to access the Internet resources, the advantage is that the Cache service provided by the proxy server can use the Cache service provided by the proxy server to improve the access speed and efficiency of the Internet. Compare a unit that is suitable for more workstations. The disadvantage is that there is a need to be equipped with a computer as a proxy server, increasing investment costs; and more than two legal IP addresses are needed more than the first law, network security is not high. With this scheme to access the Internet, the device connection method is as follows: The proxy server is installed on the proxy server, a piece of connection internal network, set internal private address; another connection router Ethernet, set the legal address of Unicom allocation (211.90.139.42), And set its gateway to 211.90.139.41 (Router Ethernet) Router Ethernet Ethernet also set the legal IP address of Unicom allocation (211.90.139.41), after connecting the device, install the agent software on the proxy server, and set on the workstation Agent can access the Internet. 2. Router Configuration (1) Network Connection Schematic: Description: In the above figure, all computers in the unit directly communicate directly with the internal network card (192.168.0.4) on the proxy server, then under the control of the proxy service software Router Access the Internet. (2) Configuration of the router EN Config T INT E0 / 0 IP Address 211.90.139.41 255.255.255.252 EXIT (Setting the IP address of the Ethernet) Interface S0 / 0 IP Address 211.90.137.25 255.255.255.252 EXIT (Set the IP address of the WAN port IP Route 0.0.0.0 0.0.0.0 211.90.137.26 IP Routing (Setting Dynamic Routing, and Activating Routing) End WR (Save the settings) 3. The setup proxy server of the proxy server must press two network cards, one for connecting the internal local area network, setting an IP address as an internal private address (eg 192.168.0.4 Netmask 255.255.255.0) No need to set up a gateway. Another piece is used to connect the router, the legitimate address of Unicom allocation (211.90.139.42 NetMask 255.255.255.252), and set its gateway to: 211.90.139.41 (router Ethernet). After setting up the NIC followed by the above method, install a set of proxy software. (Such as: MS Proxy Server 2.0, Wingate, etc., please refer to other information) 4. Workstation settings (1) Internet Explorer Settings Tools Menu -> Internet Options -> Connection -> LAN Settings -> Using Proxy Server -> Address: 192.168.0.4 Port: 80-> Determine (2) For other software settings, please refer to the software Description. Third, directly access the configuration of the proxy access to the proxy 1. The overall idea and equipment connection method can be configured smoothly through the two methods described above, but the Internet access, but each method is advantageous, and there is a certain disadvantage, and the advantages of the two methods are complementary. Can I combine the advantages of two methods to be one, the method is a plan for fish and bear's paws.
Integrated one or two methods, the IP address, and can improve the Internet access efficiency by the Cache provided by the proxy server. With this scheme to access the Internet, the device connection method is as follows: The two network cards are installed on the proxy server. When the two network cards are connected, when setting the IP address, both network cards set internal private addresses, but these two addresses You should not belong to a network (which is different from the network address of the IP address), one for communication with internal network (NIC 1), one piece for communication with router (NIC 2), otherwise the agent cannot be implemented. Do not install the NetBeui protocol on the proxy server, just install the TCP / IP protocol. (Note: This step must be done, otherwise it will cause a proxy server NetBIOS computer name conflict between the proxy server and the switch to affect the normal communication) The router Ethernet also sets an internal private address, which is related to the network card. 2 The address is in the same network (that is, the network address of the IP address is identical) 2. Router Settings (1) Network connection diagram (2) Configuration of the router EN Config T IP NAT POOL C2610 211.90.139.41 211.90.139.42 Netmask 255.255.255.252 (Define an address pool C2601, including two idle legal IP addresses For NAT conversion, use) INT E0 / 0 IP address 192.168.1.1 255.255.255.0 IP NAT Inside EXIT (set the IP address of the Ethernet, and set the port to connect the internal network) Interface S0 / 0 IP Address 211.90.137.25 255.255.255.252 IP Nat Outside EXIT (Set the IP address of the WANG port, and set it to connect the external network) IP Route 0.0.0.0 0.0.0.0 211.90.137.26 (Setup Dynamic Routing) Access-List 2 permit 192.168.0.1 0.0 .0.255 (establish an access control list)! Dynamic Nat! IP NAT INSIDE SOURCE LIST 2 POOL C2610 OVERLOAD (Establishing Dynamic Address Translation) LINE Console 0 Exec-Timeout 0 0 0 0! Line Vty 0 4 End WR (Save the settings) 2. The two-piece network card is installed on the setup proxy server. The two network cards are connected to the switch. The network card 1 has an IP address as: 192.168.0.4, no gateway; NIC 2 set IP address as: 192.168.1.2, set it gateway It is 192.168.1.1 (router Ethernet). After setting up the NIC followed by the above method, install a set of proxy software. (Such as MS Proxy Server 2.0, Wingate, etc., please refer to other information) Note: When installing the agent software (as an example of MS-Proxy 2.0), the address range 192.168 should be used when specifying the LAT table. .0.0-192.168.255.255 Exclude, otherwise the agent does not work properly. 3. The settings of the workstation are under this configuration, and the workstation can be accessed by setting the agency, or the gateway can also be accessed directly.
