h3c防火墙的基本配置
h3c防火墙的基本配置
[F100-A]dis current-configuration
#
sysname F100-A
#
undo firewall packet-filter enable
firewall packet-filter default permit
#
undo insulate
#
undo connection-limit enable
connection-limit default deny
connection-limit default amount upper-limit 50 lower-limit 20
#
firewall statistic system enable
#
radius scheme system
server-type extended
#
domain system
#
local-user egb--aq
password cipher ]#R=WG;'I/ZGL^3L[[\1-A!!
service-type telnet
level 3
#
aspf-policy 1
detect http
detect smtp
detect ftp
detect tcp
detect udp
#
acl number 2000
rule 0 permit source 192.168.0.0 0.0.0.255
rule 1 deny
#
interface Virtual-Template1
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 192.168.0.1 255.255.255.0
#
interface Ethernet1/0
ip address 211.99.231.130 255.255.255.224
ip address 211.99.231.132 255.255.255.224 sub
ip address 211.99.231.133 255.255.255.224 sub
ip address 211.99.231.134 255.255.255.224 sub
ip address 211.99.231.135 255.255.255.224 sub
ip address 211.99.231.136 255.255.255.224 sub
ip address 211.99.231.137 255.255.255.224 sub
ip address 211.99.231.138 255.255.255.224 sub
ip address 211.99.231.139 255.255.255.224 sub
ip address 211.99.231.131 255.255.255.224 sub
nat outbound 2000
nat server protocol tcp global 211.99.231.136 3000 inside 192.168.0.6 3000
nat server protocol tcp global 211.99.231.136 6000 inside 192.168.0.6 6000
nat server protocol tcp global 211.99.231.132 ftp inside 192.168.0.3 ftp
nat server protocol tcp global 211.99.231.132 5631 inside 192.168.0.3 5631
nat server protocol tcp global 211.99.231.132 43958 inside 192.168.0.3 43958
nat server protocol tcp global 211.99.231.134 ftp inside 192.168.0.4 ftp
nat server protocol tcp global 211.99.231.134 www inside 192.168.0.4 www
nat server protocol tcp global 211.99.231.134 5631 inside 192.168.0.4 5631
nat server protocol tcp global 211.99.231.134 43958 inside 192.168.0.4 43958
nat server protocol tcp global 211.99.231.135 ftp inside 192.168.0.5 ftp
nat server protocol tcp global 211.99.231.135 58169 inside 192.168.0.5 58169
nat server protocol tcp global 211.99.231.135 www inside 192.168.0.5 www
nat server protocol tcp global 211.99.231.135 43958 inside 192.168.0.5 43958
nat server protocol tcp global 211.99.231.136 ftp inside 192.168.0.6 ftp
nat server protocol tcp global 211.99.231.136 smtp inside 192.168.0.6 smtp
nat server protocol tcp global 211.99.231.136 www inside 192.168.0.6 www
nat server protocol tcp global 211.99.231.136 81 inside 192.168.0.6 81
nat server protocol tcp global 211.99.231.136 82 inside 192.168.0.6 82
nat server protocol tcp global 211.99.231.136 83 inside 192.168.0.6 83
nat server protocol tcp global 211.99.231.136 84 inside 192.168.0.6 84
nat server protocol tcp global 211.99.231.136 pop3 inside 192.168.0.6 pop3
nat server protocol tcp global 211.99.231.136 1433 inside 192.168.
0.6 1433
nat server protocol tcp global 211.99.231.136 5150 inside 192.168.0.6 5150
nat server protocol tcp global 211.99.231.136 5631 inside 192.168.0.6 5631
nat server protocol tcp global 211.99.231.136 58169 inside 192.168.0.6 58169
nat server protocol tcp global 211.99.231.136 8080 inside 192.168.0.6 8080
nat server protocol tcp global 211.99.231.136 43958 inside 192.168.0.6 43958
nat server protocol tcp global 211.99.231.138 smtp inside 192.168.0.8 smtp
nat server protocol tcp global 211.99.231.138 www inside 192.168.0.8 www
nat server protocol tcp global 211.99.231.138 pop3 inside 192.168.0.8 pop3
nat server protocol tcp global 211.99.231.138 5631 inside 192.168.0.8 5631
nat server protocol tcp global 211.99.231.138 58169 inside 192.168.0.8 58169
nat server protocol tcp global 211.99.231.137 ftp inside 192.168.0.9 ftp
nat server protocol tcp global 211.99.231.137 www inside 192.168.0.9 www
nat server protocol tcp global 211.99.231.132 www inside 192.168.0.3 www
nat server protocol tcp global 211.99.231.137 81 inside 192.168.0.9 81
nat server protocol tcp global 211.99.231.137 82 inside 192.168.0.9 82
nat server protocol tcp global 211.99.231.137 83 inside 192.168.0.9 83
nat server protocol tcp global 211.99.231.137 1433 inside 192.168.0.9 1433
nat server protocol tcp global 211.99.231.137 5631 inside 192.168.0.9 5631
nat server protocol tcp global 211.99.231.137 43958 inside 192.168.0.9 43958
nat server protocol tcp global 211.99.231.137 58169 inside 192.168.0.9 58169
nat server protocol tcp global 211.99.231.136 88 inside 192.168.0.6 88
nat server protocol tcp global 211.99.231.137 84 inside 192.168.0.9 84
nat server protocol tcp global 211.99.231.137 85 inside 192.168.0.9 85
nat server protocol tcp global 211.99.231.137 86 inside 192.168.0.9 86
nat server protocol tcp global 211.99.231.137 87 inside 192.168.0.9 87
nat server protocol tcp global 211.99.231.137 88 inside 192.168.0.9 88
nat server protocol tcp global 211.99.231.137 smtp inside 192.168.0.9 smtp
nat server protocol tcp global 211.99.231.137 8080 inside 192.168.0.9 8080
nat server protocol tcp global 211.99.231.137 5080 inside 192.168.0.9 5080
nat server protocol tcp global 211.99.231.137 1935 inside 192.168.0.9 1935
nat server protocol udp global 211.99.231.137 5555 inside 192.168.0.9 5555
nat server protocol tcp global 211.99.231.132 58169 inside 192.168.0.3 58169
nat server protocol tcp global 211.99.231.134 58169 inside 192.168.0.4 58169
nat server protocol tcp global 211.99.231.135 5631 inside 192.168.0.5 5631
nat server protocol tcp global 211.99.231.136 6100 inside 192.168.0.6 6100
nat server protocol tcp global 211.99.231.139 www inside 192.168.0.12 www
nat server protocol tcp global 211.99.231.139 58169 inside 192.168.0.12 58169
nat server protocol tcp global 211.99.231.139 58189 inside 192.168.0.12 58189
nat server protocol tcp global 211.99.231.139 5631 inside 192.168.0.12 5631
nat server
protocol tcp global 211.99.231.137 89 inside 192.168.0.9 89
nat server protocol tcp global 211.99.231.134 58269 inside 192.168.0.4 58269
nat server protocol udp global 211.99.231.134 58269 inside 192.168.0.4 58269
nat server protocol tcp global 211.99.231.133 www inside 192.168.0.13 www
nat server protocol tcp global 211.99.231.135 1935 inside 192.168.0.5 1935
nat server protocol tcp global 211.99.231.135 5080 inside 192.168.0.5 5080
nat server protocol tcp global 211.99.231.132 1755 inside 192.168.0.3 1755
nat server protocol tcp global 211.99.231.137 1755 inside 192.168.0.9 1755
nat server protocol tcp global 211.99.231.137 554 inside 192.168.0.9 554
nat server protocol tcp global 211.99.231.135 5551 inside 192.168.0.5 5551
nat server protocol tcp global 211.99.231.131 www inside 192.168.0.204 www
nat server protocol tcp global 211.99.231.134 81 inside 192.168.0.4 81
nat server protocol tcp global 211.99.231.136 1935 inside 192.168.0.6 1935
nat server protocol tcp global 211.99.231.140 www inside 192.168.0.10 www
nat server protocol udp global 211.99.231.137 dns inside 192.168.0.9 dns
nat server protocol tcp global 211.99.231.135 58189 inside 192.168.0.5 58189
nat server protocol tcp global 211.99.231.141 www inside 192.168.0.11 www
#
interface Ethernet1/1
#
interface Ethernet1/2
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
set priority 85
statistic enable ip inzone
statistic enable ip outzone
#
firewall zone untrust
add interface Ethernet1/0
add interface Ethernet1/1
add interface Ethernet1/2
set priority 5
statistic enable ip inzone
statistic enable ip outzone
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
undo info-center enable
#
FTP server enable
#
ip route-static 0.0.0.0 0.0.0.0 211.99.231.129 preference 1
#
firewall defend ip-spoofing
firewall defend land
firewall defend smurf
firewall defend fraggle
firewall defend winnuke
firewall defend icmp-redirect
firewall defend icmp-unreachable
firewall defend source-route
firewall defend route-record
firewall defend tracert
firewall defend ping-of-death
firewall defend tcp-flag
firewall defend ip-fragment
firewall defend large-icmp
firewall defend teardrop
firewall defend ip-sweep
firewall defend port-scan
firewall defend arp-spoofing
firewall defend arp-reverse-query
firewall defend arp-flood
firewall defend frag-flood
firewall defend syn-flood enable
firewall defend udp-flood enable
firewall defend icmp-flood enable
firewall defend syn-flood zone trust
firewall defend udp-flood zone trust
firewall defend syn-flood zone untrust
firewall defend udp-flood zone untrust
#
user-interface con 0
authenticat
ion-mode password
set authentication password cipher XB-'KG=+=J^UJ;&DL'U46Q!!
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
- H3C防火墙配置实例
- 华三防火墙H3CF100基本配置说明资料
- H3C_SecPath系列防火墙基本上网配置
- h3cf100-配置实例
- H3C防火墙配置实例
- H3C_防火墙典型配置案例集(V7)-6W100-H3C_防火墙IPsec典型配置案例(V7) - 副本
- H3C防火墙配置
- H3C防火墙配置说明
- H3C防火墙配置说明(务实运用)
- H3C防火墙配置实例
- H3CSecPath系列防火墙基本上网配置
- H3C防火墙配置实例
- H3C防火墙_简单上网配置
- H3C防火墙配置手册全集
- H3C防火墙管理
- H3C SecPath F100系列防火墙配置教程
- H3C 防火墙配置详解
- H3C_SecPath系列防火墙基本上网配置
- H3C防火墙配置实例
- H3C防火墙配置实例