先说刚刚上电后的初始化配置
sys
firewall packet-filter enable
firewall packet-filter default permit
区域配置
firewall zone trust
add interface ethernet 1/0
quit
firewall zone untrust
add interface ethernet 2/0
quit
接口配置
int e2/0
ip address 10.0.0.1 255.255.255.0
duplex full
speed 10
int e1/0
ip add 172.20.0.1 255.255.0.0
duplex full
speed 10
允许网页配置
undo ip http shutdown
配置用户登陆
local user huawei
password simple huawei
service type telnet
level 3
配置telnet远程登录
user-interface vty 0 4
authentication-mode schem/password
user privilage 3
开启防范功能
firewall defend all
save
reboot
配置dhcp
dhcp enable
dhcp server ip-pool 0
network 172.20.0.0 mask 255.255.0.0
gateway-list 172.20.0.1
dns-list 172.20.0.1
配置nat
nat static 172.20.0.2 10.0.0.2
nat address-group 0 10.0.0.3 10.0.0.100
acl number 2000
rule permit source 172.20.0.0 0.0.255.255
int e2/0
nat outbound static //一对一
// nat oubound 2000 多对一 外网ip即wan接口地址 easy nat
nat outbound 2000 address-group 0 //多对多 nopat
nat server protocal tcp global 10.0.0.111 www inside 172.20.0.2 www
转载于:https://blog.51cto.com/singlegod/514726