Proxy server and router configuration case in LAN

The rapid development of network technology, so that enterprises and institutions local area network access to the Internet to share resources more and more, for the most part, DDN dedicated line with its stable performance, the advantages of good expansion into a common way, DDN way of connection in the hardware requirements is simple, Only one router (router) and proxy server (proxy server) is required, but the configuration of the system is a tricky issue for many network administrators. The following is an example of a Cisco router: First, the configuration of Internet resources accessed directly through the Router 1. General idea and device connection method in general, the local area network within the unit uses a reserved address on the Internet: 10.0.0.0/8:10.0.0.0~10.255.255.255 172.16.0.0/ 12:172.16.0.0~172.31.255.255 192.168.0.0/16:192.168.0.0~192.168.255.255 in the normal case, the workstation inside the unit in the direct use of routing external access, It is filtered by the router because the workstation is using a reserved address on the Internet, which leads to the inability to access Internet resources. The solution to this problem is to convert the private address of the intranet into a legitimate address on the Internet, using the NAT (receptacle address translation) translation function provided by the routing operating system. Enables users who do not have a legitimate IP address to access the external Internet via NAT. The benefit of this is the need to have a proxy server, reduce investment, save legitimate IP addresses, and improve the security of your internal network. There are two types of NAT: Single and Global. Use the single mode of NAT, just like its name, to map numerous local area network hosts to an Internet address. All hosts within a local area network are considered an Internet user for external Internet networks. Hosts on the local LAN continue to use local addresses. With the NAT global mode, the router's interface maps numerous local LAN hosts to a certain range of Internet addresses (IP address pools). When a local host port is connected to a host on the Internet, an IP address in the IP address pool is automatically assigned to the local host, and the IP address that is dynamically assigned after the connection is interrupted is freed and the IP address released is available to other local hosts. The following is my unit's network environment as an example, the configuration method and process listed for your reference. My unit uses the Unicom optical cable (v.35) to connect to the Internet, the router is CISCO2610, the LAN uses is the INTEL550 hundred trillion switch, the Unicom has provided the nextColumn four IP addresses: 211.90.137.25 (255.255.255.252) for the local router's WAN Port 211.90.137.26 (255.255.255.252) for each other (Unicom) port 211.90.139.41 (255.255.255.252) for the control of the 211.90.139.42 (255.255.255.252) for their own 2. Router configuration en config t ip nat pool c2610 211.90.139.41 211.90.139.42 netmask 255.255.255.252 (defines an address pool c2601 containing two free legitimate IP addresses for n at conversion use) int e0/0 IP address 192.168.0.3 255.255.255.0 IP nat inside exit (sets the IP addresses of the Ethernet port and sets it to the port on which the intranet is connected) interface s0/0 IP add ress 211.90.137.25 255.255.255.252 ip Nat òoutsideó exit (sets the IP address of the WAN port and sets its port to connect to the external network) IP route 0.0.0.0 0.0.0.0 211.90.137.26 (set dynamic routing) Access-list 2 permit 192.168.0.1 0.0.0.255 (Establish access control list)! Dynamic NAT! IP nat inside source List 2 pool c2610 overload (create dynamic address translation) Line console 0 exec-timeout 0 0! Line vty 0 4-End WR (Save Settings) 3. Workstation configuration requires the use of static IP address, set in TCP/IP properties, and set off the network as 192.168.0.3 (router Ethernet port IP address), set DNS for the access provider's address, browser and other Internet tools do not need to make any special settings. Configuration of Internet resources through Proxy server 1. The general idea and device connection method use Proxy server to access Internet resources, the advantage is that the cache service provided by proxy server can improve the speed and efficiency of Internet access. More suitable for workstations more units to use. The disadvantage is the need for a dedicated computer as a proxy server, increasing the cost of investment, and the first legalAlso need to occupy two more legal IP address, network security is not high. Using this scheme to access the Internet, the device connection method is as follows: The proxy server installs two network cards, one connects the internal network, sets up the internal private address, the other connects the router Ethernet port, Set up the legal address of Unicom Assignment (211.90.139.42), and set its gateway to 211.90.139.41 (Router Ethernet port) router Ethernet port also set up Unicom assigned legal IP address (211.90.139.41) so that after the device is connected, The agent software is installed on the proxy server, and the agent is set up on the workstation to access the Internet. 2. Router configuration en config t int e0/0 IP address 211.90.139.41 255.255.255.252 exit (set Ethernet port IP addresses) interface s0/0 IP addressing 211.90.137 255.255.255.252 exit (sets the IP address of the WAN port) IP route 0.0.0.0 0.0.0.0 211.90.137.26 IP Routing (set dynamic routing and activate routing) end WR (Save the settings you made) 3. Proxy server settings proxy server must be installed two network card, a piece for connecting the internal LAN, set IP address for internal private address (such as: 192.168.0.4 netmask 255.255.255.0) without the need to set a gateway. Another piece is used to connect the router, set up the legal address of the Unicom assignment (211.90.139.42 netmask 255.255.255.252), and set its gateway as: 211.90.139.41 (Router Ethernet port). Follow the above method to set up a good NIC, then install a set of agent software. (such as: MS proxy SERVER 2.0, Wingate, etc., Agent software installation and debugging methods see other information) 4. Workstation settings (1) INTERNET Explorer Settings Tools menu->internet options-> connection-> LAN settings-> using Proxy server-> address: 192.168.0.4 Port:80-> Determine (2) Other software settings refer to the software description. Third, direct access and proxy access coexist with the configuration 1. The general idea and the device connection method are configured through the two methods described above, all can achieve the Internet access smoothly, but each method has advantages and disadvantages, and the advantages of the two methods are complementary. There is no way to combine the advantages of two methods.Be able to get the plan. Integration of the advantages of the one or two two methods, that is, to save the IP address, but also through the cache provided by the proxy server to improve the access efficiency of the Internet. Using this program to access the Internet, the device connection method is as follows: The proxy server installs two network cards, two network cards are connected on the switch, when sets the IP address, two network cards all set the internal private address, but these two addresses should not belong to one network (namely IP address different network address), One is used to communicate with the intranet (NIC 1), one for communication with the router (NIC 2), otherwise the agent cannot be implemented. Do not install the NetBEUI protocol on the proxy server, only the TCP/IP protocol. (Note: This step must be done, otherwise the proxy server NetBIOS computer name conflicts due to the connection between the proxy server and the switch will affect normal communication) the router Ethernet port also sets an internal private address. This address is in the same network as the network card 2 address (that is, the IP address is the same as the net address and Nic 2) 2. Router settings en config t ip nat pool c2610 211.90.139.41 211.90.139.42 netmask 255.255.255.252 (defines an address pool c2601 containing two free legitimate IP addresses for n at conversion use) int e0/0 IP address 192.168.1.1 255.255.255.0 IP nat inside exit (sets the IP addresses of the Ethernet port and sets it to the port on which the intranet is connected) interface s0/0 IP add ress 211.90.137.25 255.255.255.252 ip Nat òoutsideó exit (sets the IP address of the WAN port and sets its port to connect to the external network) IP route 0.0.0.0 0.0.0.0 211.90.137.26 (set dynamic routing) Access-list 2 permit 192.168.0.1 0.0.0.255 (Establish access control list)! Dynamic NAT! IP nat inside source List 2 pool c2610 overload (create dynamic address translation) Line console 0 exec-timeout 0 0! Line vty 0 4-End WR (Save Settings) 3. Proxy server Set up proxy Server installed two network card, two network cards are connected to the switch, network card 1 set IP address: 192.168.0.4, no gateway; network Card 2 Set IP Address: 192.168.1.2, set its gateway to 192.168.1.1 (Router Ethernet port). Follow the above method to set up a good NIC, then install a set of agent software. (such as: MS proxy SERVER 2.0, Wingate, etc., Agent software installation and debugging methods see other information) Note: When you install the Agent software (in Ms-proxy 2.0 for example), when you specify the LAT table, The address range 192.168.0.0-192.168.255.255 should be excluded, or the agent will not function properly. 4. Workstation settings in this configuration, the workstation can either set up a proxy for the Internet, or by setting the gateway directly to the Internet. If only through the Internet proxy, set method and method two exactly the same. If only through the gateway to the Internet, the workstation must set a static IP address, IP address should be set to 192.168.1.X, and the router Ethernet port in the same network segment, and set the gateway as: 192.168.1.1, set DNS for the access provider's address. If you want both methods to coexist, you need to set up two static IP addresses in TCP/IP: 192.168.0.X and 192.168.1.X, and set the gateway to: 192.168.1.1, the address provided by DNS for the access provider. You can switch between agents and gateways by simply turning on or off proxy settings in software such as browsers.