H3C防火墙接入互联网方式:第一种是固定IP地址上网,第二种是拨号上网配置

=============固定ip=====================
1、配置防火墙包过滤模式
<h3c>sys 进入系统视图
[h3c]firewall packet-filter enable
[h3c]firewall packet-filter default permit
2、配置web用户和telnet用户登录
[h3c]local-user admin
[h3c-luser-admin]password simple admin
[h3c-luser-admin]service-type telnet
[h3c-luser-admin]level 3
[h3c-luser-admin]quit

[h3c]user-interface vty 0 4 实现telnet

[h3c-ui-vty0-4]authentication-mode scheme

[h3c-ui-vty0-4]quit

3、配置ip地址,地址请以实际为准
[h3c]interface Ethernet0/0 ----------- 配置外网口地址
[h3c-Ethernet0/0]ip address 10.28.43.2 255.255.255.0 这个地址请以运用商给的为准
[h3c]interface Ethernet0/1 ------------配置内网口地址
[h3c-Ethernet0/0]ip address 192.168.1.1 255.255.255.0

4、配置安全域并把端口加入域
[h3c-zone]firewall zone trust 内网口加入trust
[h3c-zone-trust]add interface Ethernet0/1

[h3c-zone-trust]quit
[h3c-zone]firewall zone untrust 外网口加入untrust
[h3c-zone-untrust]add interface Ethernet0/0

[h3c-zone-untrust]quit

5、配置nat在外网接口,如果不是配置在外网出口,不需要配置这一步
[h3c]acl number 2000
[h3c-acl-basic-2000]rule permit 
[h3c-acl-basic-2000]quit


[h3c]interface Ethernet0/0
[h3c-Ethernet0/0]nat outbound 2000

6、配置默认路由出外网

[h3c]ip route-static 0.0.0.0 0.0.0.0 10.28.43.1 这个地址请根据运营商提供的外网网关为准

7DHCP 服务器配置(选配)
[h3c]dhcp enable
[h3c] dhcp server forbidden-ip 192.168.1.1 dhcp不分配192.168.1.1这个地址,有其他不分配的地址一样配置
[h3c]dhcp server ip-pool 1 创建地址池,分配192.168.1.0网段地址
[h3c-dhcp-1]network 192.168.1.0 mask 255.255.255.0
[h3c-dhcp-1]gateway-list 192.168.1.1 分配网关
[h3c-dhcp-1]dns-list 8.8.8.8 分配dns,这个地址请以运营商提供为准

======================拨号==================================

1、配置防火墙包过滤模式
<h3c>sys 进入系统视图
[h3c] firewall packet-filter enable
[h3c] firewall packet-filter default permit

2、配置用于natacl
[h3c]acl number 2000
[h3c-acl-basic-2000]rule permit 
[h3c-acl-basic-2000]quit

3、配置dialer拨号口
[H3C]dialer-rule 1 ip permit
[H3C]interface dialer 1
[H3C-Dialer1]dialer user username 用户名
[H3C-Dialer1]dialer-group 1
[H3C-Dialer1]dialer bundle 1
[H3C-Dialer1]ip address ppp-negotiate
[H3C-Dialer1]ppp pap local-user username password simple pwd 密码
[H3C-Dialer1]ppp chap user username 用户名
[H3C-Dialer1]ppp chap password simple pwd 密码
[H3C-Dialer1]nat outbound 2000
[H3C-Dialer1]quit

4、把dialer绑定到外网物理端口
[H3C] interface Ethernet0/0
[H3C-Ethernet0/0]pppoe-client dial-bundle-number 1
[H3C-Ethernet0/0]nat outbound 2000
[H3C-Ethernet0/0]quit

5、配置web用户和telnet用户登录
[H3C]local-user admin
[H3C-luser-admin]password simple admin
[H3C-luser-admin]service-type telnet
[H3C-luser-admin]level 3
[H3C-luser-admin]quit

[H3C]user-interface vty 0 4 实现telnet
[H3C-ui-vty0-4]authentication-mode scheme 
[H3C-ui-vty0-4]quit

6、配置内网ip地址,地址请以实际为准

[H3C]interface Ethernet0/1 ------------配置内网口地址
[H3C-Ethernet0/0]ip address 192.168.1.1 255.255.255.0

7、配置安全域并把端口加入域
[H3C-zone]firewall zone trust 内网口加入trust
[H3C-zone-trust]add interface Ethernet0/1
[H3C-zone-trust]quit
[H3C-zone]firewall zone untrust 外网口加入untrust
[H3C-zone-untrust]add interface Ethernet0/0
[H3C-zone-untrust]add interface Dialer 1
[H3C-zone-untrust]quit


8、配置默认路由出外网
[H3C]ip route-static 0.0.0.0 0.0.0.0 Dialer 1

9DHCP 服务器配置(选配)
[H3C]dhcp enable
[H3C] dhcp server forbidden-ip 192.168.1.1 dhcp不分配192.168.1.1这个地址,有其他不分配的地址一样配置
[H3C]dhcp server ip-pool 1 创建地址池,分配192.168.1.0网段地址
[H3C-dhcp-1]network 192.168.1.0 mask 255.255.255.0
[H3C-dhcp-1]gateway-list 192.168.1.1 分配网关
[H3C-dhcp-1]dns-list 8.8.8.8 分配dns,这个地址请以运营商提供为准