wKiom1QlCUDym4itAAE18JY2lEM187.jpg






2、配置要求 
1)防火墙的E0/2接口为TRUST区域,ip地址是:192.168.254.1/29; 
2)防火墙的E1/2接口为UNTRUST区域,ip地址是:202.111.0.1/27; 
3)内网服务器对外网做一对一的地址映射,192.168.254.2、192.168.254.3分别映射为202.111.0.2、202.111.0.3; 
4)内网服务器访问外网不做限制,外网访问内网只放通公网地址211.101.5.49访问192.168.254.2的1433端口和192.168.254.3的80端口。 

3、防火墙的配置脚本如下 
<H3CF100A>dis cur 

sysname H3CF100A 

super password level 3 cipher 6aQ>Q57-$.I)0;4:\(I41!!! 

firewall packet-filter enable 
firewall packet-filter default permit 

insulate 

nat static inside ip 192.168.254.2 global ip 202.111.0.2 
nat static inside ip 192.168.254.3 global ip 202.111.0.3 

firewall statistic system enable