UTM 실습

PC1
ip 10.10.10.1 255.255.255.0 10.10.10.254
PC2
ip 10.10.10.1 255.255.255.0 10.10.10.254
PC3
ip 10.10.10.1 255.255.255.0 10.10.10.254

R1
conf t
int fa 0/0
no shu
int fa 0/0.10
ip addr 10.10.10.254 255.255.255.0
encapsulation dot1q 10
ip nat inside
int fa 0/0.20
ip addr 20.20.20.254 255.255.255.0
encapsulation dot1q 20
ip nat inside
int fa 0/1
ip addr 30.30.30.1 255.255.255.0
ip addr 30.30.30.100 255.255.255.0 secondary
ip nat outside
no shu
ip route 0.0.0.0 0.0.0.0 30.30.30.3
access-list 1 permit 10.10.10.0 0.0.0.255
ip nat inside source list 1 int fa 0/1
ip nat inside source static 20.20.20.1 30.30.30.100

R2
conf t
int fa 0/0
no shu
int fa 0/0.10
ip addr 10.10.10.254 255.255.255.0
encapsulation dot1q 10
ip nat inside
int fa 0/0.20
ip addr 20.20.20.254 255.255.255.0
encapsulation dot1q 20
ip nat inside
int fa 0/1
ip addr 40.40.40.2 255.255.255.0
ip addr 40.40.40.100 255.255.255.0 secondary
ip nat outside
no shu
ip route 0.0.0.0 0.0.0.0 40.40.40.3
access-list 1 permit 10.10.10.0 0.0.0.255
ip nat inside source list 1 int fa 0/1
ip nat inside source static 20.20.20.1 40.40.40.100

R3
int fa 0/0
ip addr 30.30.30.3 255.255.255.0
no shu
int fa 0/1
ip addr 40.40.40.3 255.255.255.0
no shu
int fa 1/0
ip addr 50.50.50.3 255.255.255.0
no shu
int fa 2/0
ip addr 100.100.100.3 255.255.255.0
no shu
ip route 0.0.0.0 0.0.0.0 100.100.100.254

R4
conf t
int fa 0/0
no shu
int fa 0/0.10
ip addr 10.10.10.254 255.255.255.0
encapsulation dot1q 10
ip nat inside
int fa 0/0.20
ip addr 20.20.20.254 255.255.255.0
encapsulation dot1q 20
ip nat inside
int fa 0/1
ip addr 50.50.50.4 255.255.255.0
ip addr 50.50.50.100 255.255.255.0 secondary
ip nat outside
no shu
ip route 0.0.0.0 0.0.0.0 50.50.50.3
access-list 1 permit 10.10.10.0 0.0.0.255
ip nat inside source list 1 int fa 0/1
ip nat inside source static 20.20.20.1 50.50.50.100

R5
conf t
vlan 10
name v10
vlan 20
name v20
exit
int fa 3/0
switchport mode access
switchport access vlan 10
int fa 3/1
switchport mode access
switchport access vlan 20
int fa 3/15
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,1002-1005

R6
conf t
vlan 10
name v10
vlan 20
name v20
exit
int fa 3/0
switchport mode access
switchport access vlan 10
int fa 3/1
switchport mode access
switchport access vlan 20
int fa 3/15
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,1002-1005

R7
conf t
vlan 10
name v10
vlan 20
name v20
exit
int fa 3/0
switchport mode access
switchport access vlan 10
int fa 3/1
switchport mode access
switchport access vlan 20
int fa 3/15
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,1002-1005

UTM
인터페이스 설정
추가주소1
인터페이스 : external
주소 : 192.168.50.51
추가주소2
인터페이스 : external
주소 : 192.168.50.52
추가주소3
인터페이스 : external
주소 : 192.168.50.53

정적 라우팅
게이트웨이 라우트1
네트워크 : 30.30.30.0/24
게이트웨이 : 100.100.100.3
게이트웨이 라우트2
네트워크 : 40.40.40.0/24
게이트웨이 : 100.100.100.3
게이트웨이 라우트3
네트워크 : 50.50.50.0/24
게이트웨이 : 100.100.100.3

NAT
DNAT1
조건
출발지 : 192.168.50.1
서비스 : HTTP(tcp/80)
목적지 : 192.168.50.51(external)
동작
목적지 : 30.30.30.100
서비스 : HTTP(tcp/80) 
자동 방화벽 정책 추가 체크
DNAT2
조건
출발지 : 192.168.50.1
서비스 : HTTP(tcp/80)
목적지 : 192.168.50.52(external)
동작
목적지 : 40.40.40.100
서비스 : HTTP(tcp/80)
자동 방화벽 정책 추가 체크
DNAT3
조건
출발지 : 192.168.50.1
서비스 : HTTP(tcp/80)
목적지 : 192.168.50.53(external)
동작
목적지 : 50.50.50.100
서비스 : HTTP(tcp/80)
자동 방화벽 정책 추가 체크

테스트
PC1 -> WEB1
ping 20.20.20.1
PC1 -> WEB2
ping 40.40.40.100
PC1 -> WEB3
ping 50.50.50.100

PC2 -> WEB1
ping 30.30.30.100
PC2 -> WEB2
ping 20.20.20.1
PC2 -> WEB3
ping 50.50.50.100

PC3 -> WEB1
ping 30.30.30.100
PC3 -> WEB2
ping 40.40.40.100
PC3 -> WEB3
ping 20.20.20.1

win10 -> WEB1
URL 입력: 192.168.50.51
win10 -> WEB2
URL 입력: 192.168.50.52
win10 -> WEB3
URL 입력: 192.168.50.53
저작자표시 비영리 변경금지 (새창열림)
'WEB' 카테고리의 다른 글

보안 이론 (web, pam, selinux등) (3)	2025.07.15
web session hijacking (0)	2025.06.26
web hacking (0)	2025.06.26
web -파일 file (0)	2025.06.24
web-게시판 만들기 (0)	2025.06.23
'WEB' 카테고리의 다른 글

티스토리툴바
