1,打開60的cacti找到甘肅鐵通電信2如下圖所示:
![](https://img.laitimes.com/img/9ZDMuAjOiMmIsIjOiQnIsIiZpdmLyV2YhB3cvw1coRXYwNWaw91dfB3LcRHb1FmZlR2LcNXZtVGa09CX19CXl9CXt92Yu8GdjFTNuc2bsJ2Lc9CX6MHc0RHaiojIsJye.gif)
2,打開220cacti找到NC3560如下列圖示:
![](https://img.laitimes.com/img/9ZDMuAjOiMmIsIjOiQnIsIiZpdmLyV2YhB3cvw1coRXYwNWaw91dfB3LcRHb1FmZlR2LcNXZtVGa09CX19CXl9CXt92Yu8GdjFTNuc2bsJ2Lc9CX6MHc0RHaiojIsJye.gif)
![](https://img.laitimes.com/img/9ZDMuAjOiMmIsIjOiQnIsIiZpdmLyV2YhB3cvw1coRXYwNWaw91dfB3LcRHb1FmZlR2LcNXZtVGa09CX19CXl9CXt92Yu8GdjFTNuc2bsJ2Lc9CX6MHc0RHaiojIsJye.gif)
![](https://img.laitimes.com/img/9ZDMuAjOiMmIsIjOiQnIsIiZpdmLyV2YhB3cvw1coRXYwNWaw91dfB3LcRHb1FmZlR2LcNXZtVGa09CX19CXl9CXt92Yu8GdjFTNuc2bsJ2Lc9CX6MHc0RHaiojIsJye.gif)
![](https://img.laitimes.com/img/9ZDMuAjOiMmIsIjOiQnIsIiZpdmLyV2YhB3cvw1coRXYwNWaw91dfB3LcRHb1FmZlR2LcNXZtVGa09CX19CXl9CXt92Yu8GdjFTNuc2bsJ2Lc9CX6MHc0RHaiojIsJye.gif)
![](https://img.laitimes.com/img/9ZDMuAjOiMmIsIjOiQnIsIiZpdmLyV2YhB3cvw1coRXYwNWaw91dfB3LcRHb1FmZlR2LcNXZtVGa09CX19CXl9CXt92Yu8GdjFTNuc2bsJ2Lc9CX6MHc0RHaiojIsJye.gif)
![](https://img.laitimes.com/img/9ZDMuAjOiMmIsIjOiQnIsIiZpdmLyV2YhB3cvw1coRXYwNWaw91dfB3LcRHb1FmZlR2LcNXZtVGa09CX19CXl9CXt92Yu8GdjFTNuc2bsJ2Lc9CX6MHc0RHaiojIsJye.gif)
3,通過以上資訊畫出使用者甘肅鐵通電信2拓撲圖如下:
![](https://img.laitimes.com/img/9ZDMuAjOiMmIsIjOiQnIsIiZpdmLyV2YhB3cvw1coRXYwNWaw91dfB3LcRHb1FmZlR2LcNXZtVGa09CX19CXl9CXt92Yu8GdjFTNuc2bsJ2Lc9CX6MHc0RHaiojIsJye.gif)
4,登陸220伺服器—>登陸nc3560這台交換機
[root@SERV89 www]# telnet nc3560
Pwd:ctcnc
Jiangxi_Gansu_B01>enable
Password:ctcnc
5,檢視該交換機運作着的配置資訊
Jiangxi_Gansu_B01#showrunning-config
interface GigabitEthernet0/5
//該口連接配接的是正在使用的NAT伺服器:192.168.138.2的eth1口
description To GSCTT_SER eth1
switchport access vlan 101
switchport mode access
load-interval 30
!
interface GigabitEthernet0/6
//該口連接配接的是正在使用的NAT伺服器:192.168.138.2的eth0口
description To GSCTT_SER eth0 ip:192.168.138.2
no switchport
ip address 192.168.138.1 255.255.255.0
//G0/6的IP位址
interfaceGigabitEthernet0/7
//該口連接配接的是備用是NAT伺服器:192.168.139.2的eth0口
description To backup-SER eth0 ip:192.168.139.2
switchport access vlan 140
switchport trunk encapsulation dot1q
switchport trunk native vlan 140
switchport trunk allowed vlan 138-140
switchport mode trunk
duplex full
speed 1000
interface GigabitEthernet0/8
//該口連接配接的是備用是NAT伺服器:192.168.139.2的eth1口
description To backup-SER eth1
switchport trunk native vlan 100
switchport trunk allowed vlan 100,101
shutdown
interface GigabitEthernet0/25
//該口連接配接的是叫江西電信的資源,資源連接配接網際網路
//電信和聯通是資源,鐵通移動屬于使用者
ip address 59.63.255.50 255.255.255.252 secondary
ip address 59.53.48.114 255.255.255.252
interface GigabitEthernet0/26
//該口連接配接的是叫甘肅鐵通的使用者。屬于vlan101
description To GSCTT
speed nonegotiate
ip classless
ip route 0.0.0.0 0.0.0.0 59.63.255.49
ip route 1.19.8.0 255.255.248.0 Null0
ip route 1.92.0.0 255.255.240.0 Null0
ip route 59.53.52.0 255.255.252.0 Null0
ip route 59.53.52.0 255.255.255.0 Null0
ip route 59.53.53.0 255.255.255.0 Null0
ip route 59.53.54.0 255.255.255.0192.168.139.2
ip route 59.53.54.128 255.255.255.128192.168.138.2
ip route 59.53.55.0 255.255.255.0192.168.138.2
ip route 59.63.160.0 255.255.224.0 Null0name JiangxiTele02
ip route 59.63.192.0 255.255.192.0 Null0name JiangxiTele03
ip route 59.63.224.0 255.255.224.0 Null0name NNGuangD_pool
ip route 219.234.80.220 255.255.255.25559.63.255.49
ip route 219.238.159.162 255.255.255.25559.63.255.49
ip route 219.238.159.180 255.255.255.25559.63.255.49
6,檢視甘肅鐵通使用者連接配接的G0/26口的資訊屬于vlan101
Jiangxi_Gansu_B01#show running-configinterface g0/26
Building configuration...
Current configuration : 148 bytes
interface GigabitEthernet0/26
end
7,登陸圖示有流量的伺服器01:192.168.138.2
Jiangxi_Gansu_B01#telnet 192.168.138.2
login: admin
Password:admin
[admin@GansuBnat01 ~]$ su - root
Password: admin
7,檢視192.168.138.2網卡資訊
[root@GansuBnat01 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr00:30:48:33:DD:52
inet addr:192.168.138.2 Bcast:192.168.138.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3845735717 errors:0 dropped:39173111 overruns:0 frame:0
TX packets:4252478377 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:701526308 (669.0 MiB) TXbytes:3804799767 (3.5 GiB)
Memory:d8000000-d8020000
eth1 Link encap:Ethernet HWaddr00:30:48:33:DD:53
inet addr:59.53.52.1 Bcast:59.53.52.3 Mask:255.255.255.252
RX packets:4136813440 errors:0 dropped:21164896 overruns:0 frame:0
TX packets:2281977231 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3272692444 (3.0 GiB) TXbytes:665651294 (634.8 MiB)
Memory:d8020000-d8040000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1842 errors:0 dropped:0 overruns:0 frame:0
TX packets:1842 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:266151 (259.9 KiB) TXbytes:266151 (259.9 KiB)
8,檢視192.168.139.2NAT資訊
[root@GansuBnat01 ~]# iptables -t nat-nvL
Chain PREROUTING (policy ACCEPT 9565Mpackets, 891G bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 101packets, 6116 bytes)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * eth0 116.245.254.0/24 0.0.0.0/0
4099M 306G SNAT all -- * eth0 0.0.0.0/0 0.0.0.0/0 to:59.53.54.128-59.53.54.253(位址池)
0 0 SNAT all -- * eth0 0.0.0.0/0 0.0.0.0/0 to:59.53.55.6-59.53.55.254
Chain OUTPUT (policy ACCEPT 25118packets, 1620K bytes)
9,檢視192.168.139.2 網卡接口資訊
[root@GansuBnat01 ~]# ip address ls
1: lo: <LOOPBACK,UP,LOWER_UP> mtu16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet 59.53.54.128/32 scope global lo
inet 59.53.54.129/32 scope global lo
2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:30:48:33:dd:52 brd ff:ff:ff:ff:ff:ff
inet 192.168.138.2/24 brd 192.168.138.255 scope global eth0
3: eth1:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:30:48:33:dd:53 brd ff:ff:ff:ff:ff:ff
inet 59.53.52.1/30 brd 59.53.52.3 scope global eth1
10,通過伺服器IP位址計算使用者IP位址
使用者甘肅鐵通和交換機的0/26,0/5,以及NAT伺服器的eth1同屬于一個叫vlan101的VLAN
由于NAT伺服器的接使用者的屬于vlan101的eth1的IP是59.53.52.1/30,是以使用者甘肅鐵通的IP位址一定是59.53.52.2/30
11,這個IP是怎麼樣計算的呢???
從59.53.52.1/30可以看出來該網段有4個位址可以用。因為30代表網絡位占用了30位,主機位隻剩下2位啦!!2位有4台主機。而在主機位0-3,4-7,8-11中,下列主機位是不能用的:0,3,4,7,8,11。可用的剩下:1,2,5,6,9,10。
12,查使用者甘肅鐵通的回程路由
[root@GansuBnat01 ~]#ip route ls | grep 59.53.52.2
123.81.1.96/30via 59.53.52.2 dev eth1 proto zebraequalize
123.81.160.0/19via 59.53.52.2 dev eth1 proto zebraequalize
123.81.0.0/16via 59.53.52.2 dev eth1 proto zebraequalize
13,潛規則