标签:路由器 协议 h3c 策略 互联网服务 微软雅黑 客户端访问 int ever
华为H3C第六章Nat
实验需求:
步骤:
[USG6000V1]firewall zone trust
[USG6000V1-zone-trust]add interface g1/0/0
[USG6000V1-zone-trust]add interface g1/0/2
[USG6000V1-zone-trust]quit
[USG6000V1]firewall zone untrust
[USG6000V1-zone-untrust]add interface g1/0/1
[USG6000V1-zone-trust]quit
3. 配置内网访问外网安全策略、追加一条默认路由
[USG6000V1]security-policy
[USG6000V1-policy-security]rule name nei_wai
[USG6000V1-policy-security-rule-nei_wai]source-zone trust
[USG6000V1-policy-security-rule-nei_wai]destination-zone untrust
[USG6000V1-policy-security-rule-nei_wai]action permit
[USG6000V1-zone-trust]quit
[USG6000V1]ip route-static 0.0.0.0 0.0.0.0 202.96.1.2
4. 配置源Nat策略,实现内网访问外网
[USG6000V1]nat-policy
[USG6000V1-policy-nat]rule name natpolicy
[USG6000V1-policy-nat-rule-natpolicy]source-zone trust
[USG6000V1-policy-nat-rule-natpolicy]destination-zone untrust
[USG6000V1-policy-nat-rule-natpolicy]action nat easy-ip
[USG6000V1-policy-nat-rule-natpolicy]quit
[USG6000V1-policy-nat]quit
验证内网_外网nat转换:
内网客户端ping 202.96.2.2
内网服务器ping 202.96.2.2
5. 配置安全策略策略,允许外网访问内网的ftp协议
[USG6000V1]security-policy
[USG6000V1-policy-security]rule name wai_nei_ftp
[USG6000V1-policy-security-rule-wai_nei_ftp]source-zone untrust
[USG6000V1-policy-security-rule-wai_nei_ftp]destination-zone trust
[USG6000V1-policy-security-rule-wai_nei_ftp]destination-address 192.168.1.0 24
[USG6000V1-policy-security-rule-wai_nei_ftp]service ftp
[USG6000V1-policy-security-rule-wai_nei_ftp]action permit
[USG6000V1-policy-security-rule-wai_nei_ftp]quit
[USG6000V1-policy-security]quit
6. 配置Nat server
[USG6000V1]nat server natserver_ftp protocol tcp global 202.96.1.100 21 inside 192.168.1.1 21 no-reverse
7. 配置黑洞路由
[USG6000V1]ip route-static 202.96.10.100 32 NULL 0
8. 外网客户端访问202.96.1.100的ftp服务器验证
标签:路由器 协议 h3c 策略 互联网服务 微软雅黑 客户端访问 int ever
原文地址:https://www.cnblogs.com/ccshi/p/13140270.html
