实验五 路由器模拟防火墙实验

实验五路由器模拟防火墙实验一、 实验原理：利用路由器本身对分组的解析，以访问控制表方式实现对分组的过滤。二、 实验目的：（1） 用路由器实现包过滤防火墙功能；（2） 了解和熟悉防火墙的包过滤功能；（3） 体会包过滤功能在网络安全中的重要性；（4） 了解防火墙在网络安全中的重要性。三、 实验内容：本次实验有三台PC机和两台路由器，网络拓扑图如下所示。PC1不能ping通routerl，但PC0能ping通routerl。通过密码远程登录Routerl。192.168.1.2PC-PTPCO192.168.2.2flPC-PT

PCIfal/0192.168.1.1J192192.168.1.2PC-PTPCO192.168.2.2flPC-PT

PCIfal/0192.168.1.1J192—*1"尹Rotter-PTyRouterO£a0/0192.168.2.1er2/0.168.3.Ser2/0192.168.3.2FPRAuter-PT^^Routerl*£aJ0/O192.168.4.1192.168.4.2□r 山PC-PTPC2四、代码及截图：Router0的基本配置命令：Router>enable 进入特权模式Router#configt 进入全局配置模式Enterconfigurationcommands,oneperline.EndwithCNTL/Z.Router(config)#interfacefa1/0进入端口配置模式Router(config-if)#ipaddress192.168.1.1255.255.255.0配置fa1/0的ipRouter(config-if)#noshutdown启用%LINK-5-CHANGED:InterfaceFastEthernet1/0,changedstatetoup%LINEPROTO-5-UPDOWN:LineprotocolonInterfaceFastEthernet1/0,changedstatetoupRouter(config-if)#exit 退出端口配置模式Router(config)#intfa0/0 进入端口配置模式Router(config-if)#ipaddress192.168.2.1255.255.255.0配置fa0/0的ipRouter(config-if)#noshutdown启用%LINK-5-CHANGED:InterfaceFastEthernet0/0,changedstatetoup%LINEPROTO-5-UPDOWN:LineprotocolonInterfaceFastEthernet0/0,changedstatetoupRouter(config-if)#exit 退出端口配置模式Router(config)#ints2/0 进入端口配置模式Router(config-if)#ipaddress192.168.3.1%Incompletecommand.Router(config-if)#ipaddress192.168.3.1255.255.255.0配置ser2/0的ipRouter(config-if)#noshutdown启用%LINK-5-CHANGED:InterfaceSerial2/0,changedstatetoupRouter(config-if)#exit退出端口配置模式Router(config)#routerrip配置动态路由Router(config-router)#verRouter(config-router)#version2版本号Router(config-router)#network192.168.1.0 相连网段Router(config-router)#network192.168.2.0 相连网段Router(config-router)#network192.168.3.0 相连网段Router(config-router)#exit退出路由配置模式Router(config)#ints2/0 进入端口配置模式Router(config-if)#clockrate64000时钟Router(config-if)#exitRouter(config)#%LINEPROTO-5-UPDOWN:LineprotocolonInterfaceSerial2/0,changedstatetoupRouter(config)#%SYS-5-CONFIG_I:ConfiguredfromconsolebyconsoleRouter#Routerl的基本配置命令：Router>enable进入特权模式Router#configt 进入全局配置模式Enterconfigurationcommands,oneperline.EndwithCNTL/Z.Router(config)#intfa0/0 进入端口配置模式Router(config-if)#ipaddress192.168.4.1255.255.255.0配置fa0/0的ipRouter(config-if)#noshutdown启用%LINK-5-CHANGED:InterfaceFastEthernet0/0,changedstatetoup%LINEPROTO-5-UPDOWN:LineprotocolonInterfaceFastEthernet0/0,changedstatetoupRouter(config-if)#exit退出端口配置模式Router(config)#ints2/0 进入端口配置模式Router(config-if)#ipaddress192.168.3.2255.255.255.0配置ser2/0的ipRouter(config-if)#noshutdown%LINK-5-CHANGED:InterfaceSerial2/0,changedstatetodownRouter(config-if)#noshutdownRouter(config-if)#

%LINK-5-CHANGED:InterfaceSerial2/0,changedstatetoupRouter(config-if)#exitRouter(config)#routerrip配置动态路由Router(config-router)#verRouter(config-router)#version2版本号Router(config-router)#network192.168.3.0 相连网段Router(config-router)#network192.168.4.0 相连网段Router(config-router)#exit退出路由配置模式Router(config)#%LINEPROTO-5-UPDOWN:LineprotocolonInterfaceSerial2/0,changedstatetoup未设置ping的控制条件时，PC机之间能够相互ping通。截图如下:PC0pingPC2能够ping通POping192.16S.4.2Pinging192.168.4.2with32bytesofdat-a:ReplyReplyReplyReplyfromfromfromfrom192.16S.4.2:19Z.168.4.Z:192.16S.4.Z:192.16S.4.Z:bytes=32bytes=3Zhytes=3Zbytes=32tim.e=103mstim.e=117mstim.e=13ZmEtim.e=126msTTL=1Z6ReplyReplyReplyReplyfromfromfromfrom192.16S.4.2:19Z.168.4.Z:192.16S.4.Z:192.16S.4.Z:bytes=32bytes=3Zhytes=3Zbytes=32tim.e=103mstim.e=117mstim.e=13ZmEtim.e=126msTTL=1Z6TTL=1Z6TTL=1Z6TTL=1Z6Pingstatisticsfor192.168.4.2:Packets:Sent=4FReceived11口TT.UReplyReplyReplyReplyfromfromfromfrom192.168.4.2:192.16S.4.2:Pingstatisticsfor192.168.4.2:Packets:Sent=4FReceived11口TT.UReplyReplyReplyReplyfromfromfromfrom192.168.4.2:192.16S.4.2:19Z.168.4.Z:192.168.4.Z:hytes=32bytes=32bytes=3Zbytes=3Ztime=107mstime=11Omstime=118dietime=10SmsTTL=126TTL=126TTL=1Z6TTL=126Pingstatisticsfor19Z.16S.4.Z:Packets:Sent4fReceived=4,LostApproximateroundtriptimesinmiHi-seconds:Hpinmuio=lCiE攻石*MpiTg^通=llSms,Average0(0%loss),110ms0(0%loss),PC1r□pingtmC^imH能*i够i^g通inmilli-EecondE:MoPOping192.168.4.2Pinging19Z.16S.4.Zwith3Zbytesofdata:POping192.168.1.ZPinging192.168.1.Zwith3Zbytesofdata:ReplyReplyReplyReplyfromfromfromfrom19Z.168.1.Z:192.16S.1.2:192.16S.1.2:192.16S.1.2:bytes=3Zbytes=32bytes=32bytes=32time=lZ8niEReplyReplyReplyReplyfromfromfromfrom19Z.168.1.Z:192.16S.1.2:192.16S.1.2:192.16S.1.2:bytes=3Zbytes=32bytes=32bytes=32time=lZ8niEtime=113mstime=116msTTL=1Z6TTL=126TTL=126time=92msTTL=126Pingstatisticsfor192.16S.1.2:Pingstatisticsfor192.16S.1.2:Packets:Sent4,Received=4,Lost=0(0%loss),Approximateroundtript-imesinmi11i-seconds:Minimum=92ms,Maximuia=128ms,Average=112ms

PC2pingPC1能够ping通Pinging19Z.16S.Z.Zwith3Zbytesofdata:ReplyReplyReplyReplyReplyReplyReplyReplyfrom19Z.168.Z.Z:bytes=3Zfrom19Z.16S.Z.Z:bytes=3Zfrom19Z.16S.Z.Z:bytes=3Zfrom19Z.16S.Z.Z:bytes=3Ztime=136mstime=lZSmstime=lllmstime=117msTTL=1Z6TTL=1Z6TTL=1Z6TTL=1Z6Pin).在rPin).在r.：iuter1上配1置pqigm控制:erucotf：)#ac=4-listi1ed=4*!st七=访问孕iamEroundtriptinesinnilli-seconds:Himmuiti=lllmsFMaximuia=136msFAverage=lZ3ms绝192.168.2.2Router(con±ig)#access-listTperm^an^^允许其他的都能访^Router(config)#ints2/0进入端口配置模式Router(config-if)#ipaccess-group1in将规则1应用于过滤从串口接收上来的报文Router(config-if)#exit 退出端口配置模式Router(config)#PC0pingPC2能够ping通POping19Z.16S.4.ZPinging19Z.16S.4.Zwith3Zbytesofdata:Replyfrom.Replyfrom.ReplyfromReplyfrom.Replyfrom.ReplyfromReplyfrom.192.168.4.Z:19Z.16S.4.2:19Z.16S.4.Z:192.168.4.Z:byteE=3Ztime=lZOiaETTL=1Z6bytes=3Ztime=106msTTL=1Z6bytes=3Ztime=109msTTL=1Z6byteE=3Ztime=13ZiaETTL=1Z6心g*Soi"f的2/0一M心g*Soi"f的2/0一M能够塑Packets:Sent=4,Received=4尸Lost=0(0%loss),POping192.16S.3.1Pinging19Z.168.3.1with3Zbytesofdata:Replyfrom19Z.16S.3.1:bytes=3Ztime=71msTTL=Z55Replyfrom19Z.16S.3.1:bytes=3Ztime=37msTTL=Z55Replyfrom19Z.16S.3.1:bytes=3Ztime=4ZmsTTL=Z55Replyfrom19Z.16S.3.1:bytes=3Ztime=43msTTL=Z55Pingstatisticsfor19Z.16S.3.1:Packets:Sent=4,Received=4,Lost=0(0%loss)FPC"gingEoutrnl的ip0dme超时milli-seconds:Hinimma=37ms,Maximum=71ms,Average=4SmsPOping19Z.16S.3.ZPinging19Z.168.3.2with32bytesofdata:Requesttimedout.Requesttimedout.Requesttimedout.Requesttimedout.PingstatisticeforPackets:Sent=19Z.16S.3.Z:4,Received=0FLost4(100%loss),PC2pingPC0能够ping通POping19Z.16S.1.ZPinging192.16S.1.2with32bytesofdata:ReplyReplyReplyReplyfromfromfromfrom192.168.1.2:19Z.16S.1.Z:192.16S.1.2:192.168.1.2:bytes=32time=137msbytes=3Ztime=133mEbytes=3Ztime=116msbytes=32time=127msTTL=126TTL=1Z6TTL=126TTL=126Pingstatisticsfor19Z.16S.1.Z:Packets:SentReceived0(0%loss)fjiC2KC?p：j.mat^cbgH超时Ptimesinmilli-seconds:TTTmiim=11EmwTTswimiam=1 A^rpraptaPOping19Z.168.Z.ZPinging192.16S.2.2with32bytesofdata:Requesttimedout.Requesttimedout.Requesttimedout.Requesttimedout.Pingstatisticsfor19Z.163.Z.Z:Packets:Sent.=4_.Received=0,Lost=4(100%loss),POping19Z.16S.Z.1Pinging19Z.16S.2.1with3Zbytesofdata:ReplyReplyReplyPC2pingPC0能够ping通POping19Z.16S.1.ZPinging192.16S.1.2with32bytesofdata:ReplyReplyReplyReplyfromfromfromfrom192.168.1.2:19Z.16S.1.Z:192.16S.1.2:192.168.1.2:bytes=32time=137msbytes=3Ztime=133mEbytes=3Ztime=116msbytes=32time=127msTTL=126TTL=1Z6TTL=126TTL=126Pingstatisticsfor19Z.16S.1.Z:Packets:SentReceived0(0%loss)fjiC2KC?p：j.mat^cbgH超时Ptimesinmilli-seconds:TTTmiim=11EmwTTswimiam=1 A^rpraptaPOping19Z.168.Z.ZPinging192.16S.2.2with32bytesofdata:Requesttimedout.Requesttimedout.Requesttimedout.Requesttimedout.Pingstatisticsfor19Z.163.Z.Z:Packets:Sent.=4_.Received=0,Lost=4(100%loss),POping19Z.16S.Z.1Pinging19Z.16S.2.1with3Zbytesofdata:ReplyReplyReplyReplyfromfromfromfrom19Z.16S.Z.1:192.16S.Z.1:192.16S.2.1:bytes=3Zbytes=3Zbytes=3Zbytes=3Ztim.e=7Zinstim.e=SOinstim.e=70mstim.e=S7m£TTL=ZE4TTL=ZE4TTL=ZE4TTL=Z54Pingstatisticsfor192.168.Z.1:Packets:Sent=4尸Received=4,Lost=0(0%loss),Approximateroundtriptimesinmilli-seconds:MPnnag=0口m5能够ximum=S7ms,Average=77mmPOping19Z.16S.Z.1Pinging19Z.16S.Z.1with3Zbytesofdata:ReplyReplyReplyReplyfromfromfromfrom19Z.16S.Z.1:19Z.168.Z.1:192.16S.2.1:19Z.168.Z.1:bytes=3Zhytes=3Zbytes=3Zhytes=3Ztime=9ZmsTTL=Z54time=101msTTL=Z54time=72msTTL=254time=69msTTL=Z54Pingstatisticsfor19Z.168.Z.1:式可对telnetPackets:Sent=4fReceived=4,Lost=0(0%loss),Ap#kc?*iRoutr1\uiH七*程登录录的建设土:置milli-seconds式可对telnetMiMofa=#li.neMtyMium=1进ms虚拟线*程沱功能进行配置设置密码123Router(config-line)#password123

设置密码123Router(config-line)#login启用口令检查Router(config-line)#exit退出虚拟线程模式POtelnet19Z.168.3.ZTrying192.168.3.2一一一UserAccessVerificationPOtelnet19Z.168.3.ZTrying192.168.3.2一一一UserAccessVerificationPassword:Router>|PC1telnetRouter1：POtelnet19Z.16S.3.ZTrying19Z.16S.3.Z...UserAccessVerificationPassword:P.outer>|POtelnet192.168.3.ZTrying19Z.16S.3.Z.