上一次写了如何让防火墙“通”,这一次写写如何控制上网主要用到了access-list和access-group了。
命令如下了:
access-list 101 extended permit ip host 192.168.0.103 any // 允许上网的IP
access-group 101 in interface inside // 绑定acl到inside影射端口命令如下:
access-list 110 extended permit tcp any any // 加一条acl允许tcp通过
access-group 110 in interface outside // 绑定acl到端口
static (inside,outside) tcp interface www 192.168.0.200 www netmask 255.255.255.255 // 端口影射
命令如下了:
access-list 101 extended permit ip host 192.168.0.103 any // 允许上网的IPaccess-group 101 in interface inside // 绑定acl到insideaccess-list 110 extended permit tcp any any // 加一条acl允许tcp通过access-group 110 in interface outside // 绑定acl到端口static (inside,outside) tcp interface www 192.168.0.200 www netmask 255.255.255.255 // 端口影射
