Content summary:
In this article, we will discuss how to deploy a smoothwall proxy server in a typical campus network environment.
The main discussion on the problem of static routing in multiple VLANs (because others such as Chineseization, update, port mirroring, reflow, etc.
The end of love has been demonstrated very clearly)
The topology diagram of the school campus network is shown in the figure
Smoothwall configuration:
Internet
ip: 202.98.30.69
mask: 255.255.255.224
DG: 202.98.56.94
DNS: 61.128.128.68
LAN:
ip:172.16.200.1
mask: 255.255.255.0
Core switch configuration: (20 vlans are divided) [size=4][/size]
[color=darkred][/color]interface "tech"
ip address 172.16.6.1 255.255.255.0
ip vlan name "vlan6"
!
interface "server"
ip address 172.16.7.1 255.255.255.0
ip vlan name "vlan7"
!
interface "zonghe"
ip address 172.16.8.1 255.255.255.0
ip vlan name "vlan8"
!
interface "lib"
ip address 172.16.9.1 255.255.255.0
ip vlan name "vlan9"
!
interface "yijiao"
ip address 172.16.12.1 255.255.255.0
ip vlan name "vlan12"
!
interface "sanjiao"
ip address 172.16.11.1 255.255.255.0
ip vlan name "vlan11"
!
interface "2jiao"
ip address 172.16.13.1 255.255.255.0
ip vlan name "vlan13"
!
interface "jifang-5"
ip address 172.16.14.1 255.255.255.0
ip vlan name "vlan14"
!
interface "art"
ip address 172.16.15.1 255.255.255.0
ip vlan name "vlan15"
!
interface "vlan2"
ip address 172.16.2.1 255.255.255.0
ip vlan name "vlan2"
!
interface "vlan3"
ip address 172.16.3.1 255.255.255.0
ip vlan name "vlan3"
!
interface "vlan4"
ip address 172.16.4.1 255.255.255.0
ip vlan name "vlan4"
!
interface "vlan5"
ip address 172.16.5.1 255.255.255.0
ip vlan name "vlan5"
!
interface "vlan16"
ip address 172.16.16.1 255.255.255.0
ip vlan name "vlan16"
!
interface "vlan17"
ip address 172.16.17.1 255.255.255.0
ip vlan name "vlan17"
!
interface "vlan18"
ip address 172.16.18.1 255.255.255.0
ip vlan name "vlan18"
!
interface "vlan19"
ip address 172.16.19.1 255.255.255.0
ip vlan name "vlan19"
!
interface "vlan20"
ip address 172.16.20.1 255.255.255.0
ip vlan name "vlan20"
!
interface "upload"
ip address 172.16.200.2 255.255.255.0
ip vlan name "upload"
!
interface "vlan10"
ip address 172.16.10.1 255.255.255.0
ip vlan name "vlan10"
!
ip route 0.0.0.0 0.0.0.0 172.16.200.1 1 low (default route)
A is configured as follows for a host in vlan 7:
ip: 172.16.7.5
mask: 255.255.255.0
DG: 172.16.7.1
DNS: 61.128.128.68
We can simply summarize this network as follows:
A---Core Switch----Proxy Server----Internet
We assume that the data packets in A ping Chongqing Telecom's DNS 61.128.128.68 are analyzed
a INSERT ICMP packet First arrive at the gateway of the machine 172.16.7.1. Check that the target address is not the address of this network segment, so forward it
Finally, it reaches 172.16.7.200.2, and the core switch then sends the packet to 172.16.200.1 according to the default route
SW forwards the packet outward to 61.128.128.68 via NAT. Through this analysis, we found that by default configuration,
The sent packet can successfully reach the destination address.
So what about the returned packet? Through analysis, we know that the returned data packet can reach 172.16.200.1 smoothly. Is that
He said he could also return to 172.16.7.5 smoothly.
Let's log in to the root interface of sw to see
#route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
202.98.30.69 0.0.0.0 255.255.255.224 U 0 0 0 eth1
172.16.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 202.98.56.94 0.0.0.0 UG 0 0 0 eth1
From this routing table, we can clearly know that there are only three routes, and the returned packet will be placed at 172.16.200.1.
The packet is discarded and cannot be returned.
Here we can solve this problem by manually adding static routes in root login sw
After the extinction of love and the guidance of flying stars outside the sky, we learned this command:
route add -net 172.16.2.0 netmask 255.255.255.0 gw 172.16.200.2
route add -net 172.16.3.0 netmask 255.255.255.0 gw 172.16.200.2
route add -net 172.16.4.0 netmask 255.255.255.0 gw 172.16.200.2
route add -net 172.16.5.0 netmask 255.255.255.0 gw 172.16.200.2
route add -net 172.16.6.0 netmask 255.255.255.0 gw 172.16.200.2
route add -net 172.16.7.0 netmask 255.255.255.0 gw 172.16.200.2
route add -net 172.16.8.0 netmask 255.255.255.0 gw 172.16.200.2
route add -net 172.16.8.0 netmask 255.255.255.0 gw 172.16.200.2
route add -net 172.16.10.0 netmask 255.255.255.0 gw 172.16.200.2
route add -net 172.16.11.0 netmask 255.255.255.0 gw 172.16.200.2
route add -net 172.16.12.0 netmask 255.255.255.0 gw 172.16.200.2
route add -net 172.16.13.0 netmask 255.255.255.0 gw 172.16.200.2
route add -net 172.16.14.0 netmask 255.255.255.0 gw 172.16.200.2
route add -net 172.16.15.0 netmask 255.255.255.0 gw 172.16.200.2
route add -net 172.16.16.0 netmask 255.255.255.0 gw 172.16.200.2
route add -net 172.16.17.0 netmask 255.255.255.0 gw 172.16.200.2
route add -net 172.16.18.0 netmask 255.255.255.0 gw 172.16.200.2
route add -net 172.16.19.0 netmask 255.255.255.0 gw 172.16.200.2
route add -net 172.16.20.0 netmask 255.255.255.0 gw 172.16.200.2
These routing information tells us sw if the destination address of the returned packet is 172.16.7.0/24, send the data
Give it to 172.16.200.2 (switch), when you arrive at the switch data packet, you can find your corresponding machine according to the vlan in it.
。
In this way, every computer in our school can access the Internet.
I found a p4 1.6 + 256M + 40G hard drive + 2 8139 network cards to serve more than 500 computers in our school to surf the Internet (at the same time online)
Usually 300 units), everyone felt it was so fast that I was so happy.
When we restart sw, we will find that the routing information is lost. How to solve this problem?
Actually, it's the same solution to reflow, but the script is different. I'll continue writing next time