华为防火墙设置.doc

doc,华为,设置,防火墙,材料设备
文档页数:11
文档大小:28KB
文档格式:doc
文档分类:材料设备
上传会员:
上传日期:
最后更新:

具体外网IP和内网ARP绑定信息已经用“x”替代,请根据实际情况更换.

”/ /”后面的部分是我导出配置后添加的注释.

防火墙型号为华为Eudemon200,E0/0/0 墙,略加改动也可适用于华为AR系列路由器.

# sysnameEudemon //设置主机名 # superpasswordlevel3simplexxxxxx //Super密码为 XXXXXXXX # firewall packet-filter default permit interzone local trust direction inbound firewallpacket-filter default permit interzonelocal trust direction outbound firewallpacket-filter default permit interzonelocal untrust direction inbound firewall packet-filter default permit interzone local untrust direction outbound firewall packet-filter default permit interzone local dmz direction inbound firewall packet-filter default permit interzone local dmz direction outbound firewall packet-filter default permit interzone trust untrust direction inbound
firewallpacket-filter default permit interzone trust untrust direction outbound firewall packet-filter default permit interzone trust dmz direction inbound firewall packet-filter default permit interzone trust dmz direction outbound firewall packet-filter default permit interzone dmzuntrust direction inbound firewallpacket-filter default permit interzone dmzuntrust direction outbound //设置默认允许数据包通过 # nat address-group 1 x.x.x.x x.x.x.x //将ISP分配的公网I P加入地址池1 nat server global x.x.x.x inside 172.16.20.4 nat server global x.x.x.x inside 172.16.20.3 nat server global x.x.x.x inside 172.16.20.2 nat server global x.x.x.x inside 172.16.20.5 nat server global x.x.x.x inside 172.16.20.35 //将几个公网IP地址映射 到内部服务器 nat alg enableftp
nat alg enable dns nat alg enableicmp nat alg enable netbios undo nat alg enable h323 undo nat alg enable hwcc undo nat alg enable ils undo nat alg enable pptp undo nat alg enable qq undo nat alg enable msn undo nat alg enable user-define undo nat alg enable rtsp firewall permit sub-ip # firewall statisticsystem enable
interface Auxo asyncmodeflow link-protocol ppp # interfaceEtherneto/0/0 ip address x.x.x.x 255.255.255.248 //设置外网端口IP地址,此处 为网通分配的内部私有IP,10.x.x.x # interface Etherneto/0/1 ip address 172.16.20.1 255.255.255.0 //设置内网IP地址,采用 172.16.20.0/24网络地址 interfaceNULLO # acl number 2000 rule 0 permit source 172.16.20.0 0.0.0.255 //ACL2000,目的是只允许 172.16.20.0/24的IP地址NAT出外网
rule1deny # aclnumber3001 rule 0 deny udp destination-port eq 445 rule 1 deny udp destination-port eq netbios-ns rule 2 deny udp destination-port eq netbios-dgm rule 3 deny udp destination-port eq netbios-ssn rule 4 deny udp destination-port eq 1434 rule 5 deny tcp destination-port eq 135 rule 6 deny tcp destination-port eq 139 rule7 deny tcp destination-port eq389 rule 8 deny tcp destination-port eq 445 rule 9 deny tcp destination-port eq 636 rule 10 deny tcp destination-port eq 1025 rule 11 deny tcp destination-port eq 1503

资源链接请先登录(扫码可直接登录、免注册)
①本文档内容版权归属内容提供方。如果您对本资料有版权申诉,请及时联系我方进行处理(联系方式详见页脚)。
②由于网络或浏览器兼容性等问题导致下载失败,请加客服微信处理(详见下载弹窗提示),感谢理解。
③本资料由其他用户上传,本站不保证质量、数量等令人满意,若存在资料虚假不完整,请及时联系客服投诉处理。

投稿会员:匿名用户
我的头像

您必须才能评论!

手机扫码、免注册、直接登录

 注意:QQ登录支持手机端浏览器一键登录及扫码登录
微信仅支持手机扫码一键登录

账号密码登录(仅适用于原老用户)