disp ver
Huawei Versatile Routing Platform Software
VRP (R) Software, Version 3.1 RELEASE 007
Copyright(c) 2002-2003 HUAWEI TECH CO., LTD.
Quidway E200 Firewall uptime is 0 week(s), 0 day(s), 0 hour(s), 1 minute(s)
Rpu's version information:
Huawei Versatile Routing Platform Software
256M bytes SDRAM
32M bytes FLASH
512K bytes NVRAM
Pcb Version : RTM1RPUA.1
RPE Logic Version : RPE3.4
SBG Logic Version : 011
Small BootROM Version : 1.07
Big BootROM Version : 1.07
Software Version : VRP(tm) software, Version 3.1 8060-007
disp cur
#
sysname Eudemon200
#
tcp window 8
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone local DMZ direction inbound
firewall packet-filter default permit interzone local DMZ direction outbound
firewall packet-filter default permit interzone trust untrust direction inbound
firewall packet-filter default permit interzone trust untrust direction outbound
firewall packet-filter default permit interzone trust DMZ direction inbound
firewall packet-filter default permit interzone trust DMZ direction outbound
firewall packet-filter default permit interzone DMZ untrust direction inbound
firewall packet-filter default permit interzone DMZ untrust direction outbound
#
firewall mode transparent
firewall system-ip 192.168.0.236 255.255.255.240
#
firewall statistics system enable
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Ethernet0/0/0
description link to WAN
firewall transparent-mode fast-forwarding inbound
firewall transparent-mode fast-forwarding outbound
#
interface Ethernet0/0/1
description link to local lan
firewall transparent-mode fast-forwarding inbound
firewall transparent-mode fast-forwarding outbound
#
interface NULL0
#
interface LoopBack0
#
acl name mang basic
rule 0 permit source 192.168.0.60 0
rule 1 deny
#
firewall zone local
add interface InLoopBack0
add interface LoopBack0
set priority 100
#
firewall zone trust
add interface Ethernet0/0/1
set priority 85
#
firewall zone untrust
add interface Ethernet0/0/0
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
packet-filter mang inbound
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
ip route-static 0.0.0.0 0.0.0.0 192.168.0.237
ip route-static 172.16.0.0 255.255.255.0 192.168.0.237
ip route-static 192.168.0.0 255.255.255.224 192.168.0.238
ip route-static 192.168.0.32 255.255.255.224 192.168.0.238
ip route-static 192.168.0.64 255.255.255.224 192.168.0.238
ip route-static 192.168.0.96 255.255.255.224 192.168.0.238
ip route-static 192.168.0.128 255.255.255.224 192.168.0.238
ip route-static 192.168.0.160 255.255.255.224 192.168.0.238
ip route-static 192.168.0.192 255.255.255.224 192.168.0.238
ip route-static 192.168.0.240 255.255.255.240 192.168.0.238
ip route-static 192.168.1.0 255.255.255.0 192.168.0.237
ip route-static 192.168.5.0 255.255.255.0 192.168.0.237
ip route-static 192.168.10.0 255.255.255.0 192.168.0.237
ip route-static 192.168.20.0 255.255.255.0 192.168.0.237
ip route-static 192.168.30.0 255.255.255.0 192.168.0.237
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
user privilege level 3
#
return
下面这段是缺省全部打开的配置吧,调试的时候用,使用的时候要把这些配置去掉啊 #
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone local DMZ direction inbound
firewall packet-filter default permit interzone local DMZ direction outbound
firewall packet-filter default permit interzone trust untrust direction inbound
firewall packet-filter default permit interzone trust untrust direction outbound
firewall packet-filter default permit interzone trust DMZ direction inbound
firewall packet-filter default permit interzone trust DMZ direction outbound
firewall packet-filter default permit interzone DMZ untrust direction inbound
firewall packet-filter default permit interzone DMZ untrust direction outbound
更鲜的E200的配置
采用混合模式
而且版本是vrp 3.10-010
#
sysname Eudemon
#
super password level 3 simple huawei
#
tcp window 8
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone local DMZ direction outbound
firewall packet-filter default permit interzone local other direction outbound
firewall packet-filter default permit interzone trust untrust direction outbound
firewall packet-filter default permit interzone trust DMZ direction inbound
firewall packet-filter default permit interzone trust DMZ direction outbound
firewall packet-filter default permit interzone trust other direction inbound
firewall packet-filter default permit interzone trust other direction outbound
firewall packet-filter default permit interzone DMZ untrust direction outbound
firewall packet-filter default permit interzone other untrust direction outbound
firewall packet-filter default permit interzone DMZ other direction outbound
#
nat address-group 0 ×××.××.28.218 ×××.××.28.221
nat server protocol tcp global ×××.××.28.222 www inside 10.197.200.200 www
nat server protocol tcp global ×××.××.28.222 ftp inside 10.197.200.200 ftp
nat alg enable ftp
nat alg enable icmp
#
firewall mode composite
firewall system-ip 10.197.1.252 255.255.255.0
#
firewall statistic system enable
#
undo multicast igmp-all-enable
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Ethernet0/0/0
description trust
#
interface Ethernet0/0/1
description untrust
ip address ×××.××.28.218 255.255.255.248
#
interface Ethernet1/0/0
ip address 10.197.200.252 255.255.255.0
#
interface Ethernet1/0/1
#
interface NULL0
#
interface LoopBack0
#
acl number 1 match-order auto
rule 1 permit source 10.197.1.17 0
rule 2 permit source 10.197.1.251 0
rule 0 deny
acl number 2 match-order auto
rule 1 permit source 10.197.1.3 0
rule 0 deny
#
acl name dmz-server advanced match-order auto
rule 0 permit tcp destination 10.197.200.200 0
rule 1 permit tcp destination 10.197.200.201 0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0/0
set priority 85
#
firewall zone untrust
add interface Ethernet0/0/1
set priority 5
#
firewall zone DMZ
add interface Ethernet1/0/0
set priority 50
#
firewall zone name other
add interface Ethernet1/0/1
set priority 15
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone local other
#
firewall interzone trust untrust
nat outbound 1 address-group 0
#
firewall interzone trust DMZ
#
firewall interzone trust other
#
firewall interzone DMZ untrust
packet-filter dmz-server inbound
#
firewall interzone other untrust
nat outbound 2 address-group 0
#
firewall interzone DMZ other
packet-filter dmz-server inbound
#
ip route-static 0.0.0.0 0.0.0.0 ×××.××.28.217
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
set authentication password simple huawei
#
return
