您的位置:360文档中心› DNAT负载均衡功能配置案例

DNAT负载均衡功能配置案例

合集下载
相关主题
  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。

DNAT负载均衡功能配置案例

DNAT负载均衡功能配置案例(设置内网服务器对互联网提供服务)

拓扑图如附件所示。

需求说明:内网有三台http服务器(192.168.2.2/3/4)要对外提供服务,使用的外网口地址是192.168.0.2,需对外提供负载均衡的功能。后续准备还要增加邮件、ftp等服务器。同时,允许这些服务器能够方便在家休息时的网管人员能管理远程的服务器。

具体配置如下:

address "cluster1"

range 192.168.2.2 192.168.2.4

host "192.168.2.2"

host "192.168.2.3"

host "192.168.2.4"

exit

service "rdp"

tcp dst-port 3389 timeout 1800

exit

interface vswitchif1

zone "trust"

ip address 192.168.2.1 255.255.255.0

manage ssh

manage ping

manage http

manage https

exit

interface ethernet0/1

zone "untrust"

ip address 192.168.0.21 255.255.255.0 manage ssh

manage ping

manage https

exit

ip vrouter trust-vr

ip route 0.0.0.0/0 192.168.0.1

exit

policy from "trust" to "untrust"

rule id 2

action permit

src-addr "Any"

dst-addr "Any"

service "Any"

exit

exit

policy from "untrust" to "trust"

rule id 3

action permit

src-addr "Any"

dst-addr "Any"

service "HTTP"

service "FTP"

service "POP3"

service "PING"

service "SMTP"

service "rdp"

service "ICMP"

exit

policy from "l2-trust" to "l2-trust"

rule id 4

action permit

src-addr "Any"

dst-addr "Any"

service "Any"

exit

nat

snatrule id 1 from "cluster1" to "Any" eif ethernet0/1 trans-to address-book "192.168.0.20" mode dynamicport sticky

exit

nat

snatrule id 2 from "Any" to "Any" eif ethernet0/1 trans-to eif-ip mode dynamicport sticky

exit

nat

dnatrule id 2 from "Any" to "192.168.0.20" service "PING" trans-to "192.168.2.3" load-balance track-ping

exit

nat

dnatrule id 1 from "Any" to "192.168.0.20" service "HTTP" trans-to "192.168.2.3" load-balance track-ping

exit

nat

dnatrule id 4 from "Any" to "192.168.0.20" service "rdp" trans-to "192.168.2.3" load-balance track-ping

exit

nat

dnatrule id 3 from "Any" to "192.168.0.20" service "PING" trans-to "192.168.2.4" load-balance track-ping

exit

nat

dnatrule id 5 from "Any" to "192.168.0.20" service "HTTP" trans-to "192.168.2.4" load-balance track-ping

exit

nat

dnatrule id 6 from "Any" to "192.168.0.20" service "rdp" trans-to "192.168.2.4" load-balance track-ping

exit

nat

dnatrule id 7 from "Any" to "192.168.0.20" service "PING" trans-to "192.168.2.2" load-balance track-ping

exit

nat

dnatrule id 8 from "Any" to "192.168.0.20" service "HTTP" trans-to "192.168.2.2" load-balance track-ping

exit

nat

dnatrule id 9 from "Any" to "192.168.0.20" service "rdp" trans-to "192.168.2.2" load-balance track-ping

exit

相关文档
最新文档