h3c secpath f1000 s怎么配置
答案:2 悬赏:20 手机版
解决时间 2021-03-09 02:45
- 提问者网友:咪咪
- 2021-03-08 08:49
h3c secpath f1000 s怎么配置
最佳答案
- 五星知识达人网友:西风乍起
- 2021-03-08 09:03
现在已经修改了,不是这样的命令了 [F1000]dis sa # sysname F1000 # firewall packet-filter enable firewall packet-filter default permit # bridge enable bridge 1 enable # firewall statistic system enable # radius scheme system server-type extended # domain system # local-user admin password simple pass service-type telnet level 3 # interface Aux0 async mode flow # interface GigabitEthernet0/0 # interface GigabitEthernet0/1 # interface GigabitEthernet1/0 promiscuous bridge-set 1 bridge-set fast-forwarding inbound bridge-set fast-forwarding outbound bridge vlanid-transparent-transmit enable # interface GigabitEthernet1/1 promiscuous bridge-set 1 bridge-set fast-forwarding inbound bridge-set fast-forwarding outbound bridge vlanid-transparent-transmit enable # interface Encrypt2/0 # interface Bridge-template1 ip address 172.17.0.5 255.255.255.0 # interface NULL0 # firewall zone local set priority 100 # firewall ...
现在已经修改了,不是这样的命令了 [F1000]dis sa # sysname F1000 # firewall packet-filter enable firewall packet-filter default permit # bridge enable bridge 1 enable # firewall statistic system enable # radius scheme system server-type extended # domain system # local-user admin password simple pass service-type telnet level 3 # interface Aux0 async mode flow # interface GigabitEthernet0/0 # interface GigabitEthernet0/1 # interface GigabitEthernet1/0 promiscuous bridge-set 1 bridge-set fast-forwarding inbound bridge-set fast-forwarding outbound bridge vlanid-transparent-transmit enable # interface GigabitEthernet1/1 promiscuous bridge-set 1 bridge-set fast-forwarding inbound bridge-set fast-forwarding outbound bridge vlanid-transparent-transmit enable # interface Encrypt2/0 # interface Bridge-template1 ip address 172.17.0.5 255.255.255.0 # interface NULL0 # firewall zone local set priority 100 # firewall zone trust add interface GigabitEthernet1/0 add interface GigabitEthernet1/1 set priority 85 # firewall zone untrust set priority 5 # firewall zone DMZ set priority 50 # firewall interzone local trust # firewall interzone local untrust # firewall interzone local DMZ # firewall interzone trust untrust # firewall interzone trust DMZ # firewall interzone DMZ untrust # firewall defend ip-spoofing firewall defend land firewall defend smurf firewall defend fraggle firewall defend winnuke firewall defend icmp-redirect firewall defend icmp-unreachable firewall defend source-route firewall defend route-record firewall defend tracert firewall defend ping-of-death firewall defend tcp-flag firewall defend ip-fragment firewall defend large-icmp firewall defend teardrop firewall defend ip-sweep firewall defend port-scan firewall defend arp-spoofing firewall defend arp-flood firewall defend frag-flood firewall defend syn-flood enable firewall defend udp-flood enable firewall defend icmp-flood enable # user-interface con 0 user-interface aux 0 user-interface vty 0 4 authentication-mode scheme # return
现在已经修改了,不是这样的命令了 [F1000]dis sa # sysname F1000 # firewall packet-filter enable firewall packet-filter default permit # bridge enable bridge 1 enable # firewall statistic system enable # radius scheme system server-type extended # domain system # local-user admin password simple pass service-type telnet level 3 # interface Aux0 async mode flow # interface GigabitEthernet0/0 # interface GigabitEthernet0/1 # interface GigabitEthernet1/0 promiscuous bridge-set 1 bridge-set fast-forwarding inbound bridge-set fast-forwarding outbound bridge vlanid-transparent-transmit enable # interface GigabitEthernet1/1 promiscuous bridge-set 1 bridge-set fast-forwarding inbound bridge-set fast-forwarding outbound bridge vlanid-transparent-transmit enable # interface Encrypt2/0 # interface Bridge-template1 ip address 172.17.0.5 255.255.255.0 # interface NULL0 # firewall zone local set priority 100 # firewall zone trust add interface GigabitEthernet1/0 add interface GigabitEthernet1/1 set priority 85 # firewall zone untrust set priority 5 # firewall zone DMZ set priority 50 # firewall interzone local trust # firewall interzone local untrust # firewall interzone local DMZ # firewall interzone trust untrust # firewall interzone trust DMZ # firewall interzone DMZ untrust # firewall defend ip-spoofing firewall defend land firewall defend smurf firewall defend fraggle firewall defend winnuke firewall defend icmp-redirect firewall defend icmp-unreachable firewall defend source-route firewall defend route-record firewall defend tracert firewall defend ping-of-death firewall defend tcp-flag firewall defend ip-fragment firewall defend large-icmp firewall defend teardrop firewall defend ip-sweep firewall defend port-scan firewall defend arp-spoofing firewall defend arp-flood firewall defend frag-flood firewall defend syn-flood enable firewall defend udp-flood enable firewall defend icmp-flood enable # user-interface con 0 user-interface aux 0 user-interface vty 0 4 authentication-mode scheme # return
全部回答
- 1楼网友:玩世
- 2021-03-08 10:34
不用使用这个命令。还有一种方法
在内网的接口上使用nat ser 命令将外网接口上发布的命令重新写一遍。也就是说端口映射的信息在内外网接口都有,且一模一样。
之后写一条acl
acl num 3005
rule per ip sou 192.168.1.0 0.0.0.255 de 192.168.1.100 0
写一条规则,内网所有ip地址到内网的服务器ip。
之后在内网接口上
nat out 3005
将acl3005做nat out转换
这样2个步骤能够解决内网使用公网ip或者域名访问内网的服务器。原理是将数据流在防火墙上内部回流。。
我要举报
如以上问答信息为低俗、色情、不良、暴力、侵权、涉及违法等信息,可以点下面链接进行举报!
大家都在看
推荐资讯