3、测试LAN2到LAN1的连通性
我们在位于LAN2的Client1上进行测试,Ping位于LAN1的Server1,并访问运行在其之上的FTP服务。
/* 在Client1上进行测试*/
C:Documents and Settingsxxipconfig
Windows IP Configuration
Ethernet adapter Loopback:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.2.8
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
/* Ping自己的网关(ISA防火墙的LAN2接口)*/
C:Documents and Settingsxxping 192.168.2.1 -n 2
Pinging 192.168.2.1 with 32 bytes of data:
Reply from 192.168.2.1: bytes=32 time=6ms TTL=128
Reply from 192.168.2.1: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.2.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 6ms, Average = 3ms
/* Ping ISA防火墙的LAN1接口*/
C:Documents and Settingsxxping 192.168.0.254 -n 2
Pinging 192.168.0.254 with 3
2 bytes of data:
Reply from 192.168.0.254: bytes=32 time=1ms TTL=128
Reply from 192.168.0.254: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.0.254:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
/* Ping LAN1中的Server1*/
C:Documents and Settingsxxping 192.168.0.1 -n 2
Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time=2ms TTL=127
Reply from 192.168.0.1: bytes=32 time<1ms TTL=127
Ping statistics for 192.168.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 2ms, Average = 1ms
/*访问Server1上的ftp服务*/
C:Documents and Settingsxxftp 192.168.0.1
Connected to 192.168.0.1.
220 External ftp server ready...
User (192.168.0.1:(none)): anonymous
331 User name okay, please send complete E-mail address as password.
Password:
230 User logged in, proceed.
ftp dir
200 PORT Command successful.
150 Opening ASCII mode data connection for /bin/ls.
drw-rw-rw- 1 user group 0 Jul 29 17:58 .
drw-rw-rw- 1 user group 0 Jul 29 17:58 ..
drw-rw-rw- 1 user group 0 Jul 29 17:58 AdminScripts
drw-rw-rw- 1 user group 0 Jul 29 17:58 ftproot
drw-rw-rw- 1 user group 0 Jul 29 17:58 wwwroot
226 Transfer complete.
ftp: 收到 314 字节,用时 0.00Seconds 314000.00Kbytes/sec.
ftp
此时,我们在Server1上的ftp管理控制台中看看
注意看客户的IP地址,这是ISA防火墙的LAN1接口的IP。Why?不需要我回答吧。
Okay,这个测试就成功结束了。
4、配置内部到外部使用路由方式
现在我们来修改网络规则,配置内部到外部使用路由方式试试。
点开配置下的网络,在右边的网络规则中双击Internet访问,然后在弹出的属性对话框中,点击网络关系标签,修改为路由。修改后如下图所示:
然后点击应用保存修改和更新防火墙策略。
5、测试LAN2到LAN1的连通性二
/* 在Client1上进行测试*/
C:Documents and Settingsxxipconfig
Windows IP Configuration
Ethernet adapter Loopback:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . .
. . . : 192.168.2.8
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
/* Ping自己的网关(ISA防火墙的LAN2接口)*/
C:Documents and Settingsxxping 192.168.2.1 -n 2
Pinging 192.168.2.1 with 32 bytes of data:
Reply from 192.168.2.1: bytes=32 time=6ms TTL=128
Reply from 192.168.2.1: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.2.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 6ms, Average = 3ms
/* Ping ISA防火墙的LAN1接口*/
C:Documents and Settingsxxping 192.168.0.254 -n 2
Pinging 192.168.0.254 with 32 bytes of data:
Reply from 192.168.0.254: bytes=32 time=1ms TTL=128
Reply from 192.168.0.254: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.0.254:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
/* Ping LAN1中的Server1*/
C:Documents and Settingsxxping 192.168.0.1 -n 2
Pinging 192.168.0.1 with 32 bytes of data:
Request timed out.
Request timed out.
Ping statistics for 192.168.0.1:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Ping不通了?Why?相信你应该可以从上面的TCP/IP配置说明中分析出这一点。
我们再在LAN1中的Server1上进行测试:
/* 在Server1上进行测试*/
C:Documents and SettingsAdministratoripconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Sydney
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 21140-Based PCI Fast Ethernet Adapter (Generic)
Physical Address. . . . . . . . . : 00-03-FF-FF-36-DB
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
/* Ping ISA防火墙的LAN1接口*/
C:Documents and SettingsAdministratorping 192.168.0.254
Pinging 192.168.0.254 with 32 bytes of data:
Reply from 192.168.0.254: bytes=32 time<1ms TTL=128
Reply from 192.168.0.254: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.0.254:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-C
^C
/* Ping ISA防火墙的LAN2接口*/
C:Documents and SettingsAdministratorping 192.168.2.1
Pinging 192.168.2.1 with 32 bytes of data:
Request timed out.
Request timed out.
Ping statistics for 192.168.2.1:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Control-C
^C
/* Ping 位于LAN2的Client1*/
C:Documents and SettingsAdministratorping 192.168.2.8
Pinging 192.168.2.8 with 32 bytes of data:
Request timed out.
Ping statistics for 192.168.2.8:
Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
Control-C
^C
位于LAN2的接口都Ping不通,Why?很简单,在Server1上没有到LAN2的路由。我们看看Server1的路由表:
C:Documents and SettingsAdministratorroute print
IPv4 Route Table
==============================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 03 ff ff 36 db ...... Intel 21140-Based PCI Fast Ethernet Ad