最近买了个H3C的防火墙替下旧的H3C路由,装上后发现内网上不了,检查了很久没发现具体问题在哪
发布网友
发布时间:2022-04-25 02:50
共2个回答
热心网友
时间:2023-10-22 03:27
你下边连了3层交换机,我估计原因为以下几点。
1. nat address-group 0 202.107.125.163 202.107.125.165
nat地址池修改成从163-165 最好将162空余出来,因为你做映*,不余出来也没什么。
2.回指路由也做了,但是三层上也是要做默认路由到192.168.254.1的。
3.再有就是三层交换机的设置问题。
热心网友
时间:2023-10-22 03:27
字数*。。这是后面的配置
#
interface Ethernet1/1
#
interface Ethernet1/2
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
set priority 85
#
firewall zone untrust
add interface Ethernet1/0
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
undo info-center enable
#
ip route-static 0.0.0.0 0.0.0.0 202.107.125.161 preference 60
ip route-static 192.168.0.0 255.255.0.0 192.168.254.2 preference 60
#
firewall defend ip-spoofing
firewall defend land
firewall defend smurf
firewall defend fraggle
firewall defend winnuke
firewall defend icmp-redirect
firewall defend icmp-unreachable
firewall defend source-route
firewall defend route-record
firewall defend tracert
firewall defend ping-of-death
firewall defend tcp-flag
firewall defend ip-fragment
firewall defend large-icmp
firewall defend teardrop
firewall defend ip-sweep
firewall defend port-scan
firewall defend arp-spoofing
firewall defend arp-flood
firewall defend frag-flood
firewall defend syn-flood enable
firewall defend udp-flood enable
firewall defend icmp-flood enable
#
user-interface con 0
authentication-mode password
set authentication password simple 416546
user-interface aux 0
user-interface vty 0 4
user privilege level 3
set authentication password cipher 9G\-G^S]N9O.:IR=E+&9/A!!
protocol inbound telnet
#
return
