思科pix路由设置DMZ区(邮件服务器)
网络已经配置好,pc机已经可以正常上网,公司需要加一台mail服务器。PIX配置如下:
nameif e2 dmz security 50
ip address dmz 172.100.80.1 255.255.255.0
nat (dmz) 1 0.0.0.0 0.0.0.0 0 0
global (outside) 1 外网iP
static (dmz,outside) 外网iP 172.100.80.2 net 255.255.255.255 0 0 --//172.100.80.2为mail IP
access-list acl_dmz permit icmp any any
access-group acl_dmz in interface dmz
access-list 100 permit tcp any host 外网ip eq www
access-group 100 in interface outside
允许内网ip从dmz口进入
access-list no-nat permit ip 172.100.0.0 255.255.255.0 172.100.80.0 255.255.255.0
nat (inside) 0 access-list no-nat
允许mail对外收发邮件
access-list acl_dmz permit tcp host 172.100.80.2 any eq 80
access-list acl_dmz permit tcp host 172.100.80.2 any eq 53
access-list acl_dmz permit udp host 172.100.80.2 any eq 53
版权声明:本文为博主原创文章,未经博主允许不得转载。
页:
[1]