A-A+
H3C路由器之NAT+端口映射实战
实践环境就一台H3C路由器外网接Internet,新联通的静态IP接入。内网直联非网管交换机。
具体的配置命令行如下:
- [RouterGate]display current-configuration
- #
- sysname RouterGate //路由器的名字
- cpu-usage cycle 1min
- #
- radius scheme system
- #
- domain system
- #
- local-user root //远程登录的用户名 www.xiaoxiongboke.com
- password simple xxxxxx //远程登录的明文密码
- service-type telnet terminal
- level 3 //远程登录的权限等级(0-3)3是最高权限
- #
- acl number 2001 //定义ACL2001(2000-2999是基本ACL)
- rule 0 permit source 192.168.1.0 0.0.0.255 //ACL的0号规则允许源地址的网段访问
- #
- interface Aux0
- async mode flow
- #
- interface Ethernet0/0
- description LAN
- ip address 192.168.1.1 255.255.255.0
- #
- interface Ethernet0/1
- description ISP
- ip address 218.xx.yy.34 255.255.255.252 //xx和yy处是为此公司地址保密
- nat outbound 2001 // 绑定的ACL2001可以访问出去
- nat server protocol tcp global 218.xx.yy.34 www inside 192.168.1.4 www //开启端口映
- nat server protocol tcp global 218.xx.yy.34 ftp inside 192.168.1.4 ftp //射到.4服务器
- #
- interface NULL0
- #
- FTP server enable
- #
- ip route-static 0.0.0.0 0.0.0.0 218.xx.yy.33 preference 60 //默认路由
- user-interface con 0
- user-interface aux 0
- user-interface vty 0 4 //设置vty登录
- authentication-mode scheme
- user privilege level 3 //用户权限
- set authentication password simple xxxxxx //明文密码
- #
- return