H3C SecPath F100-C-EI防火牆設置一例
#
sysname H3C
#
firewall packet-filter enable
firewall packet-filter default permit
#
insulate
#
nat address-group 0 222.92.223.107 222.92.223.108 //ISP分配的固定IP地址池
#
firewall statistic system enable
#
DNS server 61.177.7.1 //ISP DNS
#
radius scheme system
server-type extended
#
domain system
authentication none
authorization none
accounting none
#
local-user admin
password simple admin0fnoah
service-type telnet terminal
level 3
service-type ftp
#
acl number 2001
rule 0 permit source 192.168.50.0 0.0.0.255
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 192.168.50.254 255.255.255.0 //內網口IP cnwan.com.cn
#
interface Ethernet0/1
#
interface Ethernet0/2
#
interface Ethernet0/3
#
interface Ethernet0/4
ip address 222.92.223.110 255.255.255.248 //公網口IP
nat outbound 2001 address-group 0 //啓用NAT
nat server protocol tcp global 222.92.223.107 www inside 192.168.50.11 www //端口映射
nat server protocol tcp global 222.92.223.107 8080 inside 192.168.50.11 8080
nat server protocol tcp global 222.92.223.107 3389 inside 192.168.50.11 3389
nat server protocol tcp global 222.92.223.108 www inside 192.168.50.10 www
nat server protocol tcp global 222.92.223.108 8080 inside 192.168.50.10 8080
nat server protocol tcp global 222.92.223.108 3389 inside 192.168.50.10 3389
#
interface Encrypt1/0
#
interface NULL0html
菜鳥技術網安全
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0 //內網口加入安全域
set priority 85
#
firewall zone untrust
add interface Ethernet0/4
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
FTP server enable
#
ip route-static 0.0.0.0 0.0.0.0 222.92.223.105 preference 60 //路由
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return cnwan.com.cn
本文來自: 菜鳥技術網(www.cnwan.com.cn) 詳細出處參考:http://www.cnwan.com.cn/a/firewall/yingjianfanghuoqiang/2010/1126/1075.htmldom
- 1. H3C SecPath F1000-C-G2防火牆評測
- 2. H3C SecPath 防火牆設置之端口映射
- 3. H3C SecPath 防火牆設置之端口映射(命令)
- 4. H3C SecPath F100-C 防火牆配置說明
- 5. H3C防火牆配置
- 6. 【防火牆】防火牆iptables 設置
- 7. H3C防火牆基礎配置操做
- 8. H3C防火牆 l2tp 的配置
- 9. H3C防火牆基礎配置操作
- 10. 詳解SecPath防火牆體系結構 | 必讀!
- 更多相關文章...
- • 使用TCP協議檢測防火牆 - TCP/IP教程
- • MySQL AS:設置別名 - MySQL教程
- • IntelliJ IDEA代碼格式化設置
- • RxJava操作符(一)Creating Observables
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. 字節跳動21屆秋招運營兩輪面試經驗分享
- 2. Java 3 年,25K 多嗎?
- 3. mysql安裝部署
- 4. web前端開發中父鏈和子鏈方式實現通信
- 5. 3.1.6 spark體系之分佈式計算-scala編程-scala中trait特性
- 6. dataframe2
- 7. ThinkFree在線
- 8. 在線畫圖
- 9. devtools熱部署
- 10. 編譯和鏈接