『壹』 現在有一台華為的防火牆(F500)需要接入網路,公網IP暫定(如10.10.10.8)。怎麼樣配置接入網路能ping 通
防火牆配置命令:
切換為中文模式 language-mode chinese
設置防火牆的名稱 sysname sysname
配置防火牆系統IP 地址 firewall system-ip system-ip-address [ address-mask ]
設置標准時間 clock datetime time date
設置所在的時區 clock timezone time-zone-name { add | minus } time取消時區設置 undo clock timezone
配置切換用戶級別的口令 super password [ level user-level ] { simple | cipher }
telnet命令配置:
[H3C] local-user admin
[H3C-luser-admin] password simple admin
[H3C-luser-admin] service-type telnet
[H3C-luser-admin] level 3
interface vlan 1
ip address 192.168.0.1
實現上網
firewall packet-filter default permit
H3C] interface GigabitEthernet0/0
[H3C-GigabitEthernet0/0] ip address 192.168.0.1 255.255.255.0
[H3C-GigabitEthernet0/0] quit
[H3C] firewall zone trust
[H3C-zone-trust] add interface GigabitEthernet0/0
[H3C] interface ethernet0/0/0
[H3C-Ethernet0/0/0] ip address 1.1.1.1 255.0.0.0
[H3C-Ethernet0/0/0] nat outbound 2000
[H3C-Ethernet0/0/0] nat server protocol tcp global 1.1.1.1 www inside 10.0.0.2www
[H3C-Ethernet0/0/0] nat server protocol tcp global 1.1.1.1 ftp inside 10.0.0.3ftp
[H3C-Ethernet0/0/0] quit
# 配置訪問控制列表,允許10.0.0.0/8 網段訪問Internet。
[H3C] acl number 2000[H3C-acl-basic-2000] rule 0 permit source 10.0.0.0 0.0.0.255[H3C-acl-basic-2000] rule 1 deny# 配置ethernet1/0/0。[H3C] interface ethernet1/0/0[H3C-Ethernet1/0/0] ip address 10.0.0.1 255.0.0.0