Refined proxy router settings

The steps for configuring the proxy router are described. Are more practical methods. Due to the rapid development of network technology, there are more and more ways for local networks in enterprises and institutions to access Internet and share resources. In most cases, ddnleased lines have become a widely used method with stable performance and good scalability, DDN connection is simple in terms of hardware requirements. You only need a router (router) and a proxy server (proxy server, however, system configuration is a tough issue for many network administrators. The following describes how to use a CISCO router as an example:

Configure a router to access INTERNET Resources

◆ Proxy router setting steps, overall ideas and device Connection Methods

Generally, the LAN in the organization uses the reserved IP address 10.0.0.0/. 0.0.0 ~ on the INTERNET ~ 10.20.255.255 172.16.0.0/12: 172.16.0.0 ~ 172.31.255.255 192.168.0.0/16: 192.168.0.0 ~ 192.168.255.255.

Under normal circumstances, when a workstation inside the Organization directly uses a route for external access, it will be filtered out by the router because the workstation uses a reserved address on the Internet, as a result, Internet resources cannot be accessed. The solution to this problem is to use the NATNetwork Address Translation function provided by the routing operating system to convert private addresses on the Intranet to valid addresses on the Internet, this allows users with invalid IP addresses to access the Internet through NAT. in this way, you do not need to configure a proxy server to reduce investment, save valid IP addresses, and improve the security of the internal network. NAT has two types: Single mode and global mode.

The NAT single mode maps many local LAN hosts into an Internet address just like its name. All hosts in the LAN are regarded as Internet users for External Internet networks. The host in the local LAN continues to use the local address.

In the global mode of NAT, the router interface maps many local LAN hosts into an IP address pool with a certain Internet address range ). When the local host port is connected to a host on the Internet, an IP address in the IP address pool is automatically assigned to the local host. After the connection is interrupted, the dynamically assigned IP address is released, the released IP address can be used by other local hosts.

The following uses the network environment of our Organization as an example to list the configuration methods and processes for your reference. Our company uses China Unicom Optical Cable V.35) to access the INTERNET. The router is CISCO2610 and the LAN uses the INTEL550 MB switch. China Unicom provides us with the following four IP addresses: 211.90.137.2520.255.255.252) for local routers, the WAN port 211.90.137.26, 255.255.255.255.252) for the other party's Unicom) Port 211.90.139.41255.255.255.252) for your own control.

◆ Configuration of the proxy Router

En config t ip nat pool c2610 211.90.139.41 211.90.139.42 netmask 255.255.255.252 defines an address pool c2601, which contains two valid idle ip addresses for NAT translation) int e0/0 ip address 192.168.0.3 255.255.255.0 ip nat inside exit set the Ethernet ip address and set it as the port connecting to the Intranet) interface s0/0 ip address 211.90.137.25 255.255.255.252 ip nat outside exit: Set the ip address of the WAN port and set it as the port connecting to the external network.) ip route 0.0.0.0 0.0.0.0 211.90.137.26 sets a dynamic route) access-list 2 permit 192.168.0.1 0.0 . 0.255 create an access control list )! Dynamic NAT! Ip nat inside source list 2 pool c2610 overload create dynamic address translation) line console 0 exec-timeout 0! Line vty 0 4 end wr Save the settings ).

◆ Proxy router configuration steps and workstation configuration

Static IP addresses are required. You must set the IP address in the TCP/IP attribute and the Ethernet IP address of the 192.168.0.3 router, no special settings are required in Web browsers and other online tools.

Configure INTERNET resource access through Proxy Server

◆ Proxy router setting steps, overall ideas and device Connection Methods

The proxy server can be used to access INTERNET resources. The advantage is that the CACHE service provided by the proxy server can be used to improve INTERNET access speed and efficiency. It is suitable for use in units with a large number of workstations. The disadvantage is that a dedicated computer is needed as the proxy server, which increases the investment cost. In addition, the first method requires two more valid IP addresses, and the network security is not high.

This solution is used to access the Internet. The device connection method is as follows: install two NICs on the proxy server, one is connected to the Intranet, and the other is connected to the Ethernet port of the router, set the valid IP address allocated by China Unicom 211.90.139.42) and set its gateway to 211.90.139.41 vro Ethernet port) The vro Ethernet port also sets the valid IP address 211.90.139.41 allocated by China Unicom. After the device is connected, install the agent software on the proxy server and set a proxy on the workstation to access the INTERNET.

Configure en config t int e0/0 ip address 211.90.139.41 255.255.255.255.252 exit to set the Ethernet ip address) interface s0/0 ip address 211.90.137.25 255.255.255.252 exit to set the ip address of the WAN port) ip route 0.0.0.0 0.0.0.0 211.90.137.26 ip routing sets a dynamic route and activates the route.) end wr saves the settings)

◆ Proxy router configuration steps and Proxy Server Settings

The proxy server must be installed with two NICs, one for connecting to the internal LAN and setting the IP address as the internal private address, for example, 192.168.0.4 netmask 255.255.255.0. No gateway is required. The other one is used to connect to the vro. It sets the valid address 211.90.139.42 netmask 255.255.255.252) and the gateway is 211.90.139.41 ). After setting the NIC according to the above method, install a set of agent software. For example, ms proxy server 2.0 and WINGATE. For agent software installation and debugging methods, see other materials)

◆ Proxy router configuration steps and workstation settings

Internet explorer settings, tool menu-> internet Options-> connection-> LAN Settings-> use proxy server-> address: 192.168.0.4 port: 80-> OK, for other software settings, see the software description.

Configuration for coexistence of direct access and proxy access

◆ Proxy router setting steps, overall ideas and device Connection Methods

The two methods described above can achieve smooth INTERNET access. However, each method has advantages and some disadvantages, and the advantages of the two methods are complementary. How can we combine the advantages of the two methods into one? method 3 is a solution that can be used simultaneously by both the fish and the bear's paw. It integrates the advantages of the first and second methods, that is, it saves IP addresses and Improves INTERNET access efficiency through the CACHE provided by the proxy server.

This solution is used to access the Internet. The device connection method is as follows: two NICs are installed on the proxy server, and both NICs are connected to the vswitch. When setting the IP address, both NICs are set with internal private addresses, but these two addresses should not belong to one network, that is, the network address of the IP address is different), one is used to communicate with the Intranet Nic 1 ), one is used to communicate with the router Nic 2), otherwise the proxy will not be able to implement it.

Do not install the NETBEUI protocol on the proxy server. Only the TCP/IP protocol is installed. Note: This step must be done. Otherwise, the proxy server NETBIOS computer name conflict will be caused by redundant connection lines between the proxy server and the switch, thus affecting normal communication) the vro Ethernet port also sets an internal private address, because the address is in the same network as the IP address of Network Card 2, that is, the network address of the IP address is the same as that of Network Card 2)

Configure en config t ip nat pool c2610 211.90.139.41 211.90.139.42 netmask 255.255.255.252 defines an address pool c2601, which contains two valid idle ip addresses for NAT translation) int e0/0 ip address 192.168.1.1 255.255.255.0 ip nat inside exit sets the Ethernet ip address and sets it as the port connecting to the Intranet) interface s0/0 ip address 211.90.137.25 255.255.255.252 ip nat outside exit: Set the ip address of the WAN port and set it as the port connecting to the external network.) ip route 0.0.0.0 0.0.0.0 211.90.137.26 sets a dynamic route) access-list 2 permit 192.168. 0.1 0.0.0.255 create an access control list )! Dynamic NAT! Ip nat inside source list 2 pool c2610 overload create dynamic address translation) line console 0 exec-timeout 0! Line vty 0 4 end wr Save settings)

◆ Proxy router configuration steps and Proxy Server Settings

Two NICs are installed on the proxy server. Both NICs are connected to the vswitch. Nic 1 is set to 192.168.0.4 without a gateway. Nic 2 is set to 192.168.1.2, set the gateway to the Ethernet port of the 192.168.1.1 router ). After setting the NIC according to the above method, install a set of agent software. For example: ms proxy server 2.0, WINGATE, etc., agent software installation and debugging methods see other materials) Note: When installing agent software in MS-PROXY 2.0 for example), when specifying the LAT table, the IP address range 192.168.0.0-192.168.255.255 should be excluded; otherwise, the proxy will not work properly.

◆ Proxy router configuration steps and workstation settings

In this configuration, the workstation can either set a proxy or set a gateway to directly access the internet. If you only access the Internet through proxy, the setting method is the same as method 2. If you only access the Internet through the gateway, you must set a static IP address for the workstation. The IP address should be 192.168.1.X, which is in the same network segment as the Ethernet port of the router, and set the gateway to 192.168.1.1, set the DNS address as the access provider.

Proxy router setting steps: If you want to use both methods, you need to set two static IP addresses in TCP/IP: 192.168.0.X and 192.168.1.X, and set the gateway to 192.168.1.1, the address provided by DNS for the access provider. You only need to enable or disable proxy settings in a browser or other software to switch between the proxy and gateway.