求连接路由器的H3C硬件防火墙配置说明
发布网友
共3个回答
热心网友
配置很简单的。
不过,是adsl要配置拨号,比固定ip要麻烦些的。
acl number 3000
rule 1 permit ip source 192.168.1.0 0.0.255.255
rule 10 deny ip
#
interface Dialer1
link-protocol ppp
ppp pap local-user xxx password cipher yyyy
mtu 1450
tcp mss 1024
ip address ppp-negotiate
dialer user xxx
dialer-group 1
dialer bundle 1
nat outbound 3000
#
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
#
interface Ethernet1/0
pppoe-client dial-bundle-number 1
tcp mss 1024
#
interface Ethernet1/1
#
interface Ethernet1/2
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
set priority 85
#
firewall zone untrust
add interface Ethernet1/1
add interface Dialer1
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
ip route-static 0.0.0.0 0.0.0.0 Dialer 1 preference 60
热心网友
要用过超级终端才能进去啊
热心网友
这个就有点难了,不知道你要防的规则是什么,而且要配置的话还要要求你懂得配置命令.你是不是要配置VPN啊?如果不是的话也就没必要了
热心网友
配置很简单的。
不过,是adsl要配置拨号,比固定ip要麻烦些的。
acl number 3000
rule 1 permit ip source 192.168.1.0 0.0.255.255
rule 10 deny ip
#
interface Dialer1
link-protocol ppp
ppp pap local-user xxx password cipher yyyy
mtu 1450
tcp mss 1024
ip address ppp-negotiate
dialer user xxx
dialer-group 1
dialer bundle 1
nat outbound 3000
#
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
#
interface Ethernet1/0
pppoe-client dial-bundle-number 1
tcp mss 1024
#
interface Ethernet1/1
#
interface Ethernet1/2
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
set priority 85
#
firewall zone untrust
add interface Ethernet1/1
add interface Dialer1
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
ip route-static 0.0.0.0 0.0.0.0 Dialer 1 preference 60
热心网友
要用过超级终端才能进去啊
热心网友
这个就有点难了,不知道你要防的规则是什么,而且要配置的话还要要求你懂得配置命令.你是不是要配置VPN啊?如果不是的话也就没必要了
热心网友
配置很简单的。
不过,是adsl要配置拨号,比固定ip要麻烦些的。
acl number 3000
rule 1 permit ip source 192.168.1.0 0.0.255.255
rule 10 deny ip
#
interface Dialer1
link-protocol ppp
ppp pap local-user xxx password cipher yyyy
mtu 1450
tcp mss 1024
ip address ppp-negotiate
dialer user xxx
dialer-group 1
dialer bundle 1
nat outbound 3000
#
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
#
interface Ethernet1/0
pppoe-client dial-bundle-number 1
tcp mss 1024
#
interface Ethernet1/1
#
interface Ethernet1/2
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
set priority 85
#
firewall zone untrust
add interface Ethernet1/1
add interface Dialer1
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
ip route-static 0.0.0.0 0.0.0.0 Dialer 1 preference 60
热心网友
要用过超级终端才能进去啊
热心网友
这个就有点难了,不知道你要防的规则是什么,而且要配置的话还要要求你懂得配置命令.你是不是要配置VPN啊?如果不是的话也就没必要了
热心网友
配置很简单的。
不过,是adsl要配置拨号,比固定ip要麻烦些的。
acl number 3000
rule 1 permit ip source 192.168.1.0 0.0.255.255
rule 10 deny ip
#
interface Dialer1
link-protocol ppp
ppp pap local-user xxx password cipher yyyy
mtu 1450
tcp mss 1024
ip address ppp-negotiate
dialer user xxx
dialer-group 1
dialer bundle 1
nat outbound 3000
#
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
#
interface Ethernet1/0
pppoe-client dial-bundle-number 1
tcp mss 1024
#
interface Ethernet1/1
#
interface Ethernet1/2
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
set priority 85
#
firewall zone untrust
add interface Ethernet1/1
add interface Dialer1
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
ip route-static 0.0.0.0 0.0.0.0 Dialer 1 preference 60
热心网友
要用过超级终端才能进去啊
热心网友
这个就有点难了,不知道你要防的规则是什么,而且要配置的话还要要求你懂得配置命令.你是不是要配置VPN啊?如果不是的话也就没必要了
