[H3C]dis cu
#
sysname H3C
#
firewall packet-filter enable
firewall packet-filter default permit
#
insulate
#
firewall statistic system enable
#
radius scheme system
server-type extended
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
#
acl number 2000
rule 1 permit source 192.168.2.0 0.0.0.24
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 192.168.0.1 255.255.255.0
#
interface Ethernet0/1
ip address 192.168.2.1 255.255.255.0
#
interface Ethernet0/2
#
interface Ethernet0/3
#
interface Ethernet0/4
ip address 192.168.1.2 255.255.255.0
nat outbound 2000
#
interface Encrypt1/0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
add interface Ethernet0/1
add interface Ethernet0/4
set priority 85
#
firewall zone untrust
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
FTP server enable
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
外网地址:192.168.1.2
网关地址:192.168.1.1
子网掩码:255.255.255.0
内网网段为:192.168.2.0
内网网关地址:192.168.2.1
子网掩码:255.255.255.0
防火墙LAN1口为内网接口
LAN4口为外网接口
为什么我按照上面的配置 ,不能上网,与外网不能,这是为什么啊?请高手指教,谢谢!我防火墙是接在路由器下面的。
H3C SecPath F100-C配置问题
答案:2 悬赏:10 手机版
解决时间 2021-02-07 22:40
- 提问者网友:做自己de王妃
- 2021-02-07 12:40
最佳答案
- 五星知识达人网友:十鸦
- 2021-02-07 13:47
acl number 2000
rule 1 permit source 192.168.2.0 0.0.0.24
这里错了
acl num 2000
undo rule 1
rule 1 permit source 192.168.2.0 0.0.0.255
如上命令,先删掉你之前配置的rule 1 在创建一个 反掩码为0.0.0.255
rule 1 permit source 192.168.2.0 0.0.0.24
这里错了
acl num 2000
undo rule 1
rule 1 permit source 192.168.2.0 0.0.0.255
如上命令,先删掉你之前配置的rule 1 在创建一个 反掩码为0.0.0.255
全部回答
- 1楼网友:夜风逐马
- 2021-02-07 15:05
我给你一个配置模板吧。
dis cur
#
sysname secpath_f100-c
#
firewall packet-filter enable
#
undo connection-limit enable
connection-limit default deny
connection-limit default amount upper-limit 50 lower-limit 20
#
firewall statistic system enable
#
radius scheme system
server-type extended
#
domain system
#
acl number 2000
rule 1 permit source 192.168.1.0 0.0.0.255
rule 10 deny
#
interface ethernet1/0
mtu 1450
tcp mss 1024
ip address 192.168.1.1 255.255.255.0
#
interface ethernet2/0
speed 10
duplex full
mtu 1450
tcp mss 1024
ip address 100.1.1.2 255.255.255.0
nat outbound 2000
#
interface null0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface ethernet1/0
set priority 85
#
firewall zone untrust
add interface ethernet2/0
set priority 5
#
firewall zone dmz
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local dmz
#
firewall interzone trust untrust
#
firewall interzone trust dmz
#
firewall interzone dmz untrust
#
ftp server enable
#
dhcp server forbidden-ip 192.168.1.1
#
ip route-static 0.0.0.0 0.0.0.0 100.1.1.1 preference 60
#
user-interface con 0
user-interface vty 0
#
return
=========
基本的配置就是这样。
嘿嘿。
我要举报
如以上问答信息为低俗、色情、不良、暴力、侵权、涉及违法等信息,可以点下面链接进行举报!
大家都在看
推荐资讯