lab environment
- A Linux server systems do
- Two pc-
Linux: 192.168.100.100
win10: 192.168.1.2
win10-2: 192.168.2.2
Experimental demand
- Win10 Linux allow access to web services
- Win10 Linux prohibit access other services
- Allow access win10-2 host win10
Experimental topology
1. Open a Linux server, install the two services http and vsftp
[root@localhost ~]# yum install vsftpd -y ##安装vsftp服务
[root@localhost ~]# yum install httpd -y ##安装http服务
2, modify the network card information Linux servers, fixed Ip is 192.168.100.100, and restart the network card
[root@localhost~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
##修改网卡信息
[root@localhost ~]# service network restart ##重启网卡
3, Linux and win10 are connected on two three card vmnet
Linux server
win10
win10-2
4, respectively, to configure a win10 and win10-2 fixed IP address and gateway
win10 fixed ip and gateway configuration
ip and gateway configuration fixed win10-2
5, open the Linux server edit website content and open the http service
[root@localhost ~]# cd /var/www/html/ ##切换到网站的站点中
[root@localhost html]# vim index.html ##编辑网站信息
[root@localhost html]# systemctl start httpd ##开启网站服务
[root@localhost html]# systemctl stop firewalld.service ##关闭防火墙
[root@localhost html]# setenforce 0 ##关闭增强型功能
[root@localhost html]# systemctl start vsftpd ##开启vsftp服务
[root@localhost html]# cd /var/ftp ##切换到ftp站点目录下
[root@localhost ftp]# echo "this is test ftp" > ftp.txt ##创建一个测试文件
[root@localhost html]# netstat -ntap | egrep '(21|80)'
##查看两个服务的端口,看服务服务有没有正常启动
6, R1 router configuration, test pc machine can access the Linux server
R1#conf t ##全局模式
R1(config)#int f0/0 ##进入接口f0/0
R1(config-if)#ip add 192.168.1.1 255.255.255.0 ##配置网关
R1(config-if)#no shut ##开启接口
R1(config-if)#int f0/1
R1(config-if)#ip add 192.168.100.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#int f1/0
R1(config-if)#ip add 192.168.2.1 255.255.255.0
R1(config-if)#no shut
Access Linux service with win10
7, open the R1 router configuration extended access control lists
R1(config)#access-list 100 permit tcp host 192.168.1.2 host 192.168.100.100 eq www
##允许win10访问Linux服务器的网站服务
R1(config)#access-list 100 deny ip host 192.168.1.2 host 192.168.100.100
##禁止win10访问Linux服务
R1(config)#access-list 100 permit ip host 192.168.1.2 192.168.2.0 0.0.0.255
##允许win10访问2.0网段的机器
R1(config)#do show access-li ##查看控制访问列表
R1(config)#int f0/0 ##进入f0/0接口
R1(config-if)#ip access-group 100 in 应用于接口
8, test win10 Linux can access web service, you can not access the network segment 2.0
访问Linux服务器的web服务
访问Linux服务的ftp服务
访问2.0网段的主机