初始化配置
〈H3C〉system-view
开启防火墙功能,并默认允许所有数据包通过
[H3C]firewall packet-filter enable
[H3C]firewall packet-filter default permit
分配端口区域(untrust外网,trust内网;端口号请参照实际情况)
[H3C] firewall zone untrust
[H3C-zone-untrust] add interface Ethernet0/0
[H3C] firewall zone trust
[H3C-zone-trust] add interface Ethernet0/1
工作模式,默认为路由模式
[H3C] firewall mode route
开启所有防范功能
[H3C] firewall defend all
配置内网LAN口IP(内网IP地址请参考实际情况)
[H3C] interface Ethernet0/1
[H3C-interface] ip address 192.168.1.1 255.255.255.0
配置外网IP(也就是电信给你们的IP和子网掩码)
[H3C] interface Ethernet0/0
[H3C-interface] ip address X.X.X.X X.X.X.X.X
配置NAT地址池(填写电信给你们的IP地址,填写两次)
[H3C]nat address-group 1 X.X.X.X X.X.X.X.X
配置默认路由(出外网的路由,字母代表的是电信分配你们的外网网关地址,不知道就问电信)
[H3C]ip route-static 0.0.0.0 0.0.0.0 Y.Y.Y.Y preference 60
配置访问控制列表(上网必须配置)
[H3C]acl number 2001
[H3C-ACL]rule 1 permit source 192.168.1.0 0.0.0.255
应用访问控制列表到端口,并开启NAT上网功能
[H3C]interface Ethernet1/0
[H3C-interface]nat outbound 2001 address-group 1
配置DHCP
[H3C] dhcp enable
[H3C-dhcp] dhcp server ip-pool 0
[H3C-dhcp] network 192.1681.0 mask 255.255.255.0
[H3C-dhcp] gateway-list 192.168.1.1
[H3C-dhcp] dns-list X.X.X.X(配置你们这里的DNS服务器地址)
其它配置:
允许网页配置
[H3C] undo ip http shutdown
添加WEB用户
[H3C] local-user admin
[H3C-luser-admin] password simple admin
[H3C-luser-admin] service-type telnet
[H3C-luser-admin] level 3
配置telnet远程登录
[H3C-vty] user-interface vty 0 4
[H3C-vty] authentication-mode schem/password
[H3C-vty] user privilage 3
完成某项配置之后要回到[H3C] 提示符下面请按q再回车
如果还是不明白就打 400电话吧
暂无评论