〈H3C〉system-view
開啟防火墻功能,並默認允許所有數據包通過
[H3C]firewall packet-filter enable
[H3C]firewall packet-filter default permit
分配端口區域(untrust外網,trust內網;端口號請參照實際情況)
[H3C] firewall zone untrust
[H3C-zone-untrust] add interface Ethernet0/0
[H3C] firewall zone trust
[H3C-zone-trust] add interface Ethernet0/1
工作模式,默認為路由模式
[H3C] firewall mode route
開啟所有防範功能
[H3C] firewall defend all
配置內網LAN口IP(內網IP地址請參考實際情況)
[H3C] interface Ethernet0/1
[H3C-interface] ip address 192.168.1.1 255.255.255.0
配置外網IP(也就是電信給妳們的IP和子網掩碼)
[H3C] interface Ethernet0/0
[H3C-interface] ip address X.X.X.X X.X.X.X.X
配置NAT地址池(填寫電信給妳們的IP地址,填寫兩次)
[H3C]nat address-group 1 X.X.X.X X.X.X.X.X
配置默認路由(出外網的路由,字母代表的是電信分配妳們的外網網關地址,不知道就問電信)
[H3C]ip route-static 0.0.0.0 0.0.0.0 Y.Y.Y.Y preference 60
配置訪問控制列表(上網必須配置)
[H3C]acl number 2001
[H3C-ACL]rule 1 permit source 192.168.1.0 0.0.0.255
應用訪問控制列表到端口,並開啟NAT上網功能
[H3C]interface Ethernet1/0
[H3C-interface]nat outbound 2001 address-group 1
配置DHCP
[H3C] dhcp enable
[H3C-dhcp] dhcp server ip-pool 0
[H3C-dhcp] network 192.1681.0 mask 255.255.255.0
[H3C-dhcp] gateway-list 192.168.1.1
[H3C-dhcp] dns-list X.X.X.X(配置妳們這裏的DNS服務器地址)
其它配置:
允許網頁配置
[H3C] undo ip
[H3C-luser-admin] level 3
配置telnet遠程登錄
[H3C-vty] user-interface vty 0 4
[H3C-vty] authentication-mode schem/password
[H3C-vty] user privilage 3
完成某項配置之後要回到[H3C] 提示符下面請按q再回車
如果還是不明白就打H3C 800電話吧,希望能夠幫到妳。