‘壹’ 现在有一台华为的防火墙(F500)需要接入网络,公网IP暂定(如10.10.10.8)。怎么样配置接入网络能ping 通
防火墙配置命令:
切换为中文模式 language-mode chinese
设置防火墙的名称 sysname sysname
配置防火墙系统IP 地址 firewall system-ip system-ip-address [ address-mask ]
设置标准时间 clock datetime time date
设置所在的时区 clock timezone time-zone-name { add | minus } time取消时区设置 undo clock timezone
配置切换用户级别的口令 super password [ level user-level ] { simple | cipher }
telnet命令配置:
[H3C] local-user admin
[H3C-luser-admin] password simple admin
[H3C-luser-admin] service-type telnet
[H3C-luser-admin] level 3
interface vlan 1
ip address 192.168.0.1
实现上网
firewall packet-filter default permit
H3C] interface GigabitEthernet0/0
[H3C-GigabitEthernet0/0] ip address 192.168.0.1 255.255.255.0
[H3C-GigabitEthernet0/0] quit
[H3C] firewall zone trust
[H3C-zone-trust] add interface GigabitEthernet0/0
[H3C] interface ethernet0/0/0
[H3C-Ethernet0/0/0] ip address 1.1.1.1 255.0.0.0
[H3C-Ethernet0/0/0] nat outbound 2000
[H3C-Ethernet0/0/0] nat server protocol tcp global 1.1.1.1 www inside 10.0.0.2www
[H3C-Ethernet0/0/0] nat server protocol tcp global 1.1.1.1 ftp inside 10.0.0.3ftp
[H3C-Ethernet0/0/0] quit
# 配置访问控制列表,允许10.0.0.0/8 网段访问Internet。
[H3C] acl number 2000[H3C-acl-basic-2000] rule 0 permit source 10.0.0.0 0.0.0.255[H3C-acl-basic-2000] rule 1 deny# 配置ethernet1/0/0。[H3C] interface ethernet1/0/0[H3C-Ethernet1/0/0] ip address 10.0.0.1 255.0.0.0