F100cg防火墙配置，请各位看看哪里有问题。

现在防火墙自身ping，拨号都正常，但是电脑上不了网。以下是具体配置：

# version 5.20, Release 5142P02 

# sysname H3C 

# undo voice vlan mac-address 00e0-bb00-0000 

# interzone policy default by-priority 

# domain default enable system 

# dns resolve 

# telnet server enable 

# port-security enable 

# ip http port xxxx 

# undo alg dns undo alg rtsp 

 undo alg h323 undo alg sip 

 undo alg sqlnet undo alg pptp 

 undo alg ils 

 undo alg nbt 

 undo alg msn 

 undo alg qq 

 undo alg tftp 

 undo alg sccp 

 undo alg gtp 

# session synchronization enable 

# password-recovery enable

 # acl number 2000 

 rule 0 permit 

 # vlan 1 

# domain system 

 access-limit disable 

 state active idle-cut disable 

 self-service-url disable 

 # pki domain default crl check disable 

# dhcp server ip-pool 0 

 network 192.168.2.0 mask 255.255.255.0 

 gateway-list 192.168.2.2 

 dns-list xxxxxx 

 # dhcp server ip-pool 10 

 network 192.168.10.0 mask 255.255.255.0 

 gateway-list 192.168.10.10 

 dns-list 218.2.135.1 61.147.37.1 

 # user-group system 

 group-attribute allow-guest 

# local-user admin

 password cipher $c$3$IzvqVsD07tluutv1XuFxdXT5VDuqWck0 

 authorization-attribute level 3 

 service-type telnet 

 service-type web

 # cwmp 

 undo cwmp enable 

# interface Dialer20 

 nat outbound 

 link-protocol ppp 

 ppp chap user xxxxxx

 ppp chap password cipher $c$3$X8nTDDeqOsHOcrIkVumSGtLgq7hyWn9DQg== 

ppp pap local-userxxxxxx 

password cipher $c$3$GkBny+zOjP746TQzVRStZWzZz+f2BvF7gw== 

 ppp ipcp dns request 

 ip address ppp-negotiate 

 dialer user pppoeclient 

 dialer-group 20 

 dialer bundle 20 

# interface NULL0 

# interface GigabitEthernet0/0 

 port link-mode route

 ip address 192.168.2.2 255.255.255.0 

 # interface GigabitEthernet0/1 

 port link-mode route 

 ip address 192.168.10.10 255.255.255.0 

 # interface GigabitEthernet0/2 

 port link-mode route

 ip address 192.168.1.1 255.255.255.0 

 undo dhcp select server global-pool 

# interface GigabitEthernet0/3 

 port link-mode route 

 ip address 10.201.15.30 255.255.255.0 

 undo dhcp select server global-pool 

# interface GigabitEthernet0/4 

 port link-mode route 

 pppoe-client dial-bundle-number 20 

 # vd Root id 1 

# zone name Management id 0

 priority 100 

zone name Local id 1 

 priority 100 

zone name Trust id 2 

 priority 85 

 import interface GigabitEthernet0/0 

 import interface GigabitEthernet0/1 

 import interface GigabitEthernet0/2

 import interface GigabitEthernet0/3 

zone name DMZ id 3 

 priority 50 zone name Untrust id 4 

 priority 5 

 import interface Dialer20 

 import interface GigabitEthernet0/4 

switchto vd Root 

 zone name Management id 0 

 ip virtual-reassembly 

 zone name Local id 1 

 ip virtual-reassembly 

 zone name Trust id 2 

 ip virtual-reassembly 

 zone name DMZ id 3 

 ip virtual-reassembly 

 zone name Untrust id 4 

 ip virtual-reassembly 

 interzone source Trust destination Untrust 

 rule 0 permit source-ip any_address 

 destination-ip any_address 

 service any_service

 rule enable 

 interzone source Untrust destination Trust 

 rule 0 permit 

 source-ip any_address 

 destination-ip any_address 

 service any_service 

 rule enable 

# ip route-static 0.0.0.0 0.0.0.0 Dialer20 

# dhcp server forbidden-ip 192.168.0.188 

 dhcp server forbidden-ip 192.168.10.10 192.168.10.100 

 dhcp server forbidden-ip 192.168.2.230 192.168.2.255 

# dhcp enable 

 # dialer-rule 20 ip permit 

# load xml-configuration

 # load tr069-configuration 

# user-interface con 0 

user-interface vty 0 4 

 authentication-mode scheme 

# return