業務拓撲分析

1,打開60的cacti找到甘肅鐵通電信2如下圖所示：

2，打開220cacti找到NC3560如下列圖示：

3，通過以上資訊畫出使用者甘肅鐵通電信2拓撲圖如下：

4，登陸220伺服器—>登陸nc3560這台交換機

[root@SERV89 www]# telnet nc3560

Pwd:ctcnc

Jiangxi_Gansu_B01>enable

Password:ctcnc

5，檢視該交換機運作着的配置資訊

Jiangxi_Gansu_B01#showrunning-config    

interface GigabitEthernet0/5

//該口連接配接的是正在使用的NAT伺服器：192.168.138.2的eth1口

description To GSCTT_SER eth1

switchport access vlan 101

switchport mode access

load-interval 30

!

interface GigabitEthernet0/6

//該口連接配接的是正在使用的NAT伺服器：192.168.138.2的eth0口

description To GSCTT_SER eth0 ip:192.168.138.2

no switchport

ip address 192.168.138.1 255.255.255.0

//G0/6的IP位址

interfaceGigabitEthernet0/7

//該口連接配接的是備用是NAT伺服器：192.168.139.2的eth0口

description To backup-SER eth0 ip:192.168.139.2

switchport access vlan 140

switchport trunk encapsulation dot1q

switchport trunk native vlan 140

switchport trunk allowed vlan 138-140

switchport mode trunk

duplex full

speed 1000

interface GigabitEthernet0/8

//該口連接配接的是備用是NAT伺服器：192.168.139.2的eth1口

description To backup-SER eth1

switchport trunk native vlan 100

switchport trunk allowed vlan 100,101

shutdown

interface GigabitEthernet0/25

//該口連接配接的是叫江西電信的資源，資源連接配接網際網路

//電信和聯通是資源，鐵通移動屬于使用者

ip address 59.63.255.50 255.255.255.252 secondary

ip address 59.53.48.114 255.255.255.252

interface GigabitEthernet0/26

//該口連接配接的是叫甘肅鐵通的使用者。屬于vlan101

description To GSCTT

speed nonegotiate

ip classless

ip route 0.0.0.0 0.0.0.0 59.63.255.49

ip route 1.19.8.0 255.255.248.0 Null0

ip route 1.92.0.0 255.255.240.0 Null0

ip route 59.53.52.0 255.255.252.0 Null0

ip route 59.53.52.0 255.255.255.0 Null0

ip route 59.53.53.0 255.255.255.0 Null0

ip route 59.53.54.0 255.255.255.0192.168.139.2

ip route 59.53.54.128 255.255.255.128192.168.138.2

ip route 59.53.55.0 255.255.255.0192.168.138.2

ip route 59.63.160.0 255.255.224.0 Null0name JiangxiTele02

ip route 59.63.192.0 255.255.192.0 Null0name JiangxiTele03

ip route 59.63.224.0 255.255.224.0 Null0name NNGuangD_pool

ip route 219.234.80.220 255.255.255.25559.63.255.49

ip route 219.238.159.162 255.255.255.25559.63.255.49

ip route 219.238.159.180 255.255.255.25559.63.255.49

6,檢視甘肅鐵通使用者連接配接的G0/26口的資訊屬于vlan101

Jiangxi_Gansu_B01#show running-configinterface g0/26

Building configuration...

Current configuration : 148 bytes

interface GigabitEthernet0/26

end

7，登陸圖示有流量的伺服器01：192.168.138.2

Jiangxi_Gansu_B01#telnet 192.168.138.2

login: admin

Password:admin

[admin@GansuBnat01 ~]$ su - root

Password: admin

7,檢視192.168.138.2網卡資訊

[root@GansuBnat01 ~]# ifconfig

eth0     Link encap:Ethernet  HWaddr00:30:48:33:DD:52  

        inet addr:192.168.138.2  Bcast:192.168.138.255  Mask:255.255.255.0

        UP BROADCAST RUNNING MULTICAST MTU:1500  Metric:1

        RX packets:3845735717 errors:0 dropped:39173111 overruns:0 frame:0

        TX packets:4252478377 errors:0 dropped:0 overruns:0 carrier:0

         collisions:0 txqueuelen:1000

        RX bytes:701526308 (669.0 MiB)  TXbytes:3804799767 (3.5 GiB)

        Memory:d8000000-d8020000

eth1     Link encap:Ethernet  HWaddr00:30:48:33:DD:53  

        inet addr:59.53.52.1  Bcast:59.53.52.3  Mask:255.255.255.252

        RX packets:4136813440 errors:0 dropped:21164896 overruns:0 frame:0

        TX packets:2281977231 errors:0 dropped:0 overruns:0 carrier:0

        collisions:0 txqueuelen:1000

        RX bytes:3272692444 (3.0 GiB)  TXbytes:665651294 (634.8 MiB)

        Memory:d8020000-d8040000

lo       Link encap:Local Loopback  

        inet addr:127.0.0.1 Mask:255.0.0.0

        UP LOOPBACK RUNNING MTU:16436  Metric:1

        RX packets:1842 errors:0 dropped:0 overruns:0 frame:0

        TX packets:1842 errors:0 dropped:0 overruns:0 carrier:0

        collisions:0 txqueuelen:0

        RX bytes:266151 (259.9 KiB)  TXbytes:266151 (259.9 KiB)

8,檢視192.168.139.2NAT資訊

[root@GansuBnat01 ~]# iptables -t nat-nvL

Chain PREROUTING (policy ACCEPT 9565Mpackets, 891G bytes)

pkts bytes target     prot opt in     out    source              destination        

Chain POSTROUTING (policy ACCEPT 101packets, 6116 bytes)

pkts bytes target     prot opt in     out    source               destination        

  0     0 RETURN     all --  *      eth0   116.245.254.0/24    0.0.0.0/0          

4099M 306G SNAT       all  -- *      eth0    0.0.0.0/0            0.0.0.0/0           to:59.53.54.128-59.53.54.253（位址池）

  0     0 SNAT       all --  *      eth0   0.0.0.0/0           0.0.0.0/0          to:59.53.55.6-59.53.55.254

Chain OUTPUT (policy ACCEPT 25118packets, 1620K bytes)

9，檢視192.168.139.2  網卡接口資訊

[root@GansuBnat01 ~]# ip address ls

1: lo: <LOOPBACK,UP,LOWER_UP> mtu16436 qdisc noqueue

  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

  inet 127.0.0.1/8 scope host lo

  inet 59.53.54.128/32 scope global lo

  inet 59.53.54.129/32 scope global lo

2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000

  link/ether 00:30:48:33:dd:52 brd ff:ff:ff:ff:ff:ff

  inet 192.168.138.2/24 brd 192.168.138.255 scope global eth0

3: eth1:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000

  link/ether 00:30:48:33:dd:53 brd ff:ff:ff:ff:ff:ff

  inet 59.53.52.1/30 brd 59.53.52.3 scope global eth1

10，通過伺服器IP位址計算使用者IP位址

使用者甘肅鐵通和交換機的0/26，0/5，以及NAT伺服器的eth1同屬于一個叫vlan101的VLAN

由于NAT伺服器的接使用者的屬于vlan101的eth1的IP是59.53.52.1/30，是以使用者甘肅鐵通的IP位址一定是59.53.52.2/30

11，這個IP是怎麼樣計算的呢？？？

從59.53.52.1/30可以看出來該網段有4個位址可以用。因為30代表網絡位占用了30位，主機位隻剩下2位啦！！2位有4台主機。而在主機位0-3,4-7,8-11中，下列主機位是不能用的：0，3,4,7,8,11。可用的剩下：1,2,5,6,9,10。

12，查使用者甘肅鐵通的回程路由

[root@GansuBnat01 ~]#ip route ls | grep 59.53.52.2

123.81.1.96/30via 59.53.52.2 dev eth1  proto zebraequalize

123.81.160.0/19via 59.53.52.2 dev eth1  proto zebraequalize

123.81.0.0/16via 59.53.52.2 dev eth1  proto zebraequalize

13，潛規則