USG2130配置nat策略路由
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了USG2130配置nat策略路由相关的知识,希望对你有一定的参考价值。
<USG2130> dis cu
#
sysname USG2130
#
web-manager enable
#
info-center source default channel 4 log level notifications
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone local dmz direction outbound
//放行到外部流量
firewall packet-filter default permit interzone trust untrust direction outbound
firewall packet-filter default permit interzone trust dmz direction outbound
firewall packet-filter default permit interzone dmz untrust direction outbound
#
firewall permit sub-ip
#
dhcp enable
#
firewall mode route
#
dialer-rule 1 ip permit
#
firewall statistic system enable
#
set runmode firewall
#
interface Cellular5/0/0
link-protocol ppp
#
vlan 1
#
vlan 2
#
interface Vlanif1
ip address 192.168.0.1 255.255.255.0
dhcp select interface
#
interface Vlanif2
ip address 172.17.254.254 255.255.255.0
#
interface Ethernet0/0/0
ip address 172.16.105.245 255.255.255.0
#
interface Ethernet1/0/0
interface Ethernet1/0/1
port access vlan 2
#
interface Ethernet1/0/2
#
interface Ethernet1/0/3
#
interface Ethernet1/0/4
#
interface Ethernet1/0/5
#
interface Ethernet1/0/6
#
interface Ethernet1/0/7
#
interface NULL0
#
right-manager server-group
#//装换相应的源地址
acl number 2000
rule 5 permit source 10.0.0.0 0.0.0.255
rule 10 permit source 172.16.0.0 0.0.255.255
rule 15 permit source 172.17.0.0 0.0.255.255
#
acl number 3000
rule 5 permit ip
#
cwmp
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface Vlanif2
#
firewall zone untrust
set priority 5
add interface Ethernet0/0/0
#
firewall zone dmz
set priority 50
#
firewall interzone local trust
firewall interzone local untrust
#
firewall interzone local dmz
//加进相应区域
firewall interzone trust untrust
packet-filter 3000 outbound
nat outbound 2000 interface Ethernet0/0/0
detect ftp
#
firewall interzone trust dmz
#
firewall interzone dmz untrust
#
aaa
local-user maintainadmin password simple maintainadmin
local-user maintainadmin level 3
local-user admin password cipher ]MQ;4]B+4Z,YWX*NZ55OA!!
local-user admin service-type web telnet ssh
local-user admin level 3
local-user admin ftp-directory flash:/
authentication-scheme default
authentication-scheme aaa
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
slb
#//到外部路由、到内部的路由
ip route-static 0.0.0.0 0.0.0.0 172.16.105.254
ip route-static 10.0.0.0 255.0.0.0 172.17.254.1
ip route-static 172.16.0.0 255.255.0.0 172.17.254.1
#
user-interface con 0
user-interface tty 81
authentication-mode none
modem both
user-interface vty 0 4
authentication-mode aaa
#
common
update auto time 0:03
update server domain sec.huawei.com
#
surfbehavior
#
ips
#
protocol
#
mailfilter
#
return
14:10:09 09-07-2018
**<USG2130> ping 114.114.114.114 //测试上网
PING 114.114.114.114: 56 data bytes, press CTRL+C to break
Reply from 114.114.114.114: bytes=56 Sequence=1 ttl=78 time=16 ms
Reply from 114.114.114.114: bytes=56 Sequence=2 ttl=59 time=17 ms
Reply from 114.114.114.114: bytes=56 Sequence=3 ttl=71 time=17 ms
Reply from 114.114.114.114: bytes=56 Sequence=4 ttl=60 time=33 ms
Reply from 114.114.114.114: bytes=56 Sequence=5 ttl=70 time=17 ms
--- 114.114.114.114 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 16/20/33 ms
14:10:15 09-07-2018
**
以上是关于USG2130配置nat策略路由的主要内容,如果未能解决你的问题,请参考以下文章